General
-
Target
e5348cbab8d7d3b245db81c6db8bdf6102db8afd231a8b6836d985d3d0878e64
-
Size
196KB
-
Sample
201108-41q3g31xv6
-
MD5
ceada28708266200c8559e458dcf4e4f
-
SHA1
a22db44de483f2619876ccf1eb7d0125c034dac3
-
SHA256
e5348cbab8d7d3b245db81c6db8bdf6102db8afd231a8b6836d985d3d0878e64
-
SHA512
6a349cc39a3f0474822b0f75a61a1b840af7b4d3a1b3ea6233bd30445a979537d1f3faef7943af4556413500ebc5396fc009cf2629aaa1acdfc90c3c98ebdb28
Static task
static1
Behavioral task
behavioral1
Sample
e5348cbab8d7d3b245db81c6db8bdf6102db8afd231a8b6836d985d3d0878e64.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
e5348cbab8d7d3b245db81c6db8bdf6102db8afd231a8b6836d985d3d0878e64.exe
Resource
win10v20201028
Malware Config
Extracted
\??\c:\_R_E_A_D___T_H_I_S___FTTAS_.txt
cerber
http://xpcx6erilkjced3j.onion/A76D-2F6A-8CF8-0006-40A0
http://xpcx6erilkjced3j.tor2web.org/A76D-2F6A-8CF8-0006-40A0
http://xpcx6erilkjced3j.onion.link/A76D-2F6A-8CF8-0006-40A0
http://xpcx6erilkjced3j.onion.nu/A76D-2F6A-8CF8-0006-40A0
http://xpcx6erilkjced3j.onion.cab/A76D-2F6A-8CF8-0006-40A0
http://xpcx6erilkjced3j.onion.to/A76D-2F6A-8CF8-0006-40A0
Extracted
C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___AUXF39RL_.hta
http://xpcx6erilkjced3j.tor2web.org/A76D-2F6A-8CF8-0006-40A0http://xpcx6erilkjced3j.onion.link/A76D-2F6A-8CF8-0006-40A0http://xpcx6erilkjced3j.onion.nu/A76D-2F6A-8CF8-0006-40A0http://xpcx6erilkjced3j.onion.cab/A76D-2F6A-8CF8-0006-40A0http://xpcx6erilkjced3j.onion.to/A76D-2F6A-8CF8-0006-40A0
http://xpcx6erilkjced3j.onion/A76D-2F6A-8CF8-0006-40A0
https://www.baidu.com
Extracted
\??\c:\_R_E_A_D___T_H_I_S___XMLK_.txt
cerber
http://xpcx6erilkjced3j.onion/635E-FDE6-4DDF-0006-49B7
http://xpcx6erilkjced3j.tor2web.org/635E-FDE6-4DDF-0006-49B7
http://xpcx6erilkjced3j.onion.link/635E-FDE6-4DDF-0006-49B7
http://xpcx6erilkjced3j.onion.nu/635E-FDE6-4DDF-0006-49B7
http://xpcx6erilkjced3j.onion.cab/635E-FDE6-4DDF-0006-49B7
http://xpcx6erilkjced3j.onion.to/635E-FDE6-4DDF-0006-49B7
Extracted
C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___8GRBUW_.hta
http://xpcx6erilkjced3j.tor2web.org/635E-FDE6-4DDF-0006-49B7http://xpcx6erilkjced3j.onion.link/635E-FDE6-4DDF-0006-49B7http://xpcx6erilkjced3j.onion.nu/635E-FDE6-4DDF-0006-49B7http://xpcx6erilkjced3j.onion.cab/635E-FDE6-4DDF-0006-49B7http://xpcx6erilkjced3j.onion.to/635E-FDE6-4DDF-0006-49B7
http://xpcx6erilkjced3j.onion/635E-FDE6-4DDF-0006-49B7
https://www.baidu.com
Targets
-
-
Target
e5348cbab8d7d3b245db81c6db8bdf6102db8afd231a8b6836d985d3d0878e64
-
Size
196KB
-
MD5
ceada28708266200c8559e458dcf4e4f
-
SHA1
a22db44de483f2619876ccf1eb7d0125c034dac3
-
SHA256
e5348cbab8d7d3b245db81c6db8bdf6102db8afd231a8b6836d985d3d0878e64
-
SHA512
6a349cc39a3f0474822b0f75a61a1b840af7b4d3a1b3ea6233bd30445a979537d1f3faef7943af4556413500ebc5396fc009cf2629aaa1acdfc90c3c98ebdb28
Score10/10-
Blacklisted process makes network request
-
Modifies Windows Firewall
-
Deletes itself
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-