General
-
Target
885d65249f0289d8b7c88ff90907d94a
-
Size
240KB
-
Sample
201026-dkfegag8cx
-
MD5
885d65249f0289d8b7c88ff90907d94a
-
SHA1
153c9c416ff2b8edc88b67cedede0ed4b13d2c6d
-
SHA256
a44a932f0ae375fab03a7098806bec205b2692bd50fdb533c39c0eb94797feae
-
SHA512
f883760537eceb32595ee52eb1268efe22d86ed99c4f6489be191a153dcebd60f239488ff68eb41aee1b6541a8570a424be93c9da05b22385d5059fe2776215d
Static task
static1
Behavioral task
behavioral1
Sample
885d65249f0289d8b7c88ff90907d94a.exe
Resource
win7
Behavioral task
behavioral2
Sample
885d65249f0289d8b7c88ff90907d94a.exe
Resource
win10
Malware Config
Extracted
\??\c:\_R_E_A_D___T_H_I_S___LAIE25L_.txt
cerber
http://qfjhpgbefuhenjp7.onion/021A-E3DC-AE57-009E-DAC0
http://qfjhpgbefuhenjp7.13iuvw.top/021A-E3DC-AE57-009E-DAC0
http://qfjhpgbefuhenjp7.158ugp.top/021A-E3DC-AE57-009E-DAC0
http://qfjhpgbefuhenjp7.1fcfjn.top/021A-E3DC-AE57-009E-DAC0
http://qfjhpgbefuhenjp7.1225wj.top/021A-E3DC-AE57-009E-DAC0
http://qfjhpgbefuhenjp7.1a2jzy.top/021A-E3DC-AE57-009E-DAC0
Extracted
C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___T2EM4PTN_.hta
http://qfjhpgbefuhenjp7.13iuvw.top/021A-E3DC-AE57-009E-DAC0http://qfjhpgbefuhenjp7.158ugp.top/021A-E3DC-AE57-009E-DAC0http://qfjhpgbefuhenjp7.1fcfjn.top/021A-E3DC-AE57-009E-DAC0http://qfjhpgbefuhenjp7.1225wj.top/021A-E3DC-AE57-009E-DAC0http://qfjhpgbefuhenjp7.1a2jzy.top/021A-E3DC-AE57-009E-DAC0
http://qfjhpgbefuhenjp7.onion/021A-E3DC-AE57-009E-DAC0
https://www.baidu.com
Extracted
\??\c:\_R_E_A_D___T_H_I_S___IP28_.txt
cerber
http://qfjhpgbefuhenjp7.onion/459A-FB14-5045-009E-DF9C
http://qfjhpgbefuhenjp7.13iuvw.top/459A-FB14-5045-009E-DF9C
http://qfjhpgbefuhenjp7.158ugp.top/459A-FB14-5045-009E-DF9C
http://qfjhpgbefuhenjp7.1fcfjn.top/459A-FB14-5045-009E-DF9C
http://qfjhpgbefuhenjp7.1225wj.top/459A-FB14-5045-009E-DF9C
http://qfjhpgbefuhenjp7.1a2jzy.top/459A-FB14-5045-009E-DF9C
Extracted
C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___XPYQQ_.hta
http://qfjhpgbefuhenjp7.13iuvw.top/459A-FB14-5045-009E-DF9Chttp://qfjhpgbefuhenjp7.158ugp.top/459A-FB14-5045-009E-DF9Chttp://qfjhpgbefuhenjp7.1fcfjn.top/459A-FB14-5045-009E-DF9Chttp://qfjhpgbefuhenjp7.1225wj.top/459A-FB14-5045-009E-DF9Chttp://qfjhpgbefuhenjp7.1a2jzy.top/459A-FB14-5045-009E-DF9C
http://qfjhpgbefuhenjp7.onion/459A-FB14-5045-009E-DF9C
https://www.baidu.com
Targets
-
-
Target
885d65249f0289d8b7c88ff90907d94a
-
Size
240KB
-
MD5
885d65249f0289d8b7c88ff90907d94a
-
SHA1
153c9c416ff2b8edc88b67cedede0ed4b13d2c6d
-
SHA256
a44a932f0ae375fab03a7098806bec205b2692bd50fdb533c39c0eb94797feae
-
SHA512
f883760537eceb32595ee52eb1268efe22d86ed99c4f6489be191a153dcebd60f239488ff68eb41aee1b6541a8570a424be93c9da05b22385d5059fe2776215d
Score10/10-
Blacklisted process makes network request
-
Modifies Windows Firewall
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-