Downloads.rar

Target

Downloads.rar

Size

139MB

Sample

201118-cv5nmgp86e

Score

10 ^/10

MD5

f69be0b5e5b4b203013e7504fd24751e

SHA1

ccb9cedd5ad3f880f9aa8754c0661ae69eed210e

SHA256

e446bd97230671b6e38682ec9f3da7527c18dbd555efc7f27a52d144cf54edcc

SHA512

3615aebd1cdd1eab2adee010210cc0f1f198bcd79d75d0d5c216acd17fefac121cff984c82aa1c580971ce49ffac0e77f54abf8d57622d065b4f38ce857dd7af

Extracted

Family	formbook
C2	http://www.worstig.com/w9z/ http://www.joomlas123.com/i0qi/ http://www.norjax.com/app/ http://www.worstig.com/w9z/ http://www.joomlas123.com/i0qi/ http://www.norjax.com/app/
Decoy	crazzysex.com hanferd.com gteesrd.com bayfrontbabyplace.com jicuiquan.net relationshiplink.net ohchacyberphoto.com kauegimenes.com powerful-seldom.com ketotoken.com make-money-online-success.com redgoldcollection.com hannan-football.com hamptondc.com vllii.com aa8520.com platform35markethall.com larozeimmo.com oligopoly.net llhak.info fisioservice.com tesla-magnumopus.com cocodrilodigital.com pinegrovesg.com traveladventureswithme.com hebitaixin.com golphysi.com gayjeans.com quickhire.expert randomviews1.com eatatnobu.com topmabati.com mediaupside.com spillerakademi.com thebowtie.store sensomaticloadcell.com turismodemadrid.net yuhe89.com wernerkrug.com cdpogo.net dannynhois.com realestatestructureddata.com matewhereareyou.net laimeibei.ltd sw328.com lmwworks.net xtremefish.com tonerias.com dsooneclinicianexpert.com 281clara.com smmcommunity.net dreamneeds.info twocraft.com yasasiite.salon advk8qi.top drabist.com europartnersplus.com saltbgone.com teslaoceanic.info bestmedicationstore.com buynewcartab.live prospect.money viebrocks.com transportationhappy.com crazzysex.com hanferd.com gteesrd.com bayfrontbabyplace.com jicuiquan.net relationshiplink.net ohchacyberphoto.com kauegimenes.com powerful-seldom.com ketotoken.com make-money-online-success.com redgoldcollection.com hannan-football.com hamptondc.com vllii.com aa8520.com platform35markethall.com larozeimmo.com oligopoly.net llhak.info fisioservice.com tesla-magnumopus.com cocodrilodigital.com pinegrovesg.com traveladventureswithme.com hebitaixin.com golphysi.com gayjeans.com quickhire.expert randomviews1.com eatatnobu.com topmabati.com mediaupside.com spillerakademi.com thebowtie.store sensomaticloadcell.com turismodemadrid.net yuhe89.com wernerkrug.com cdpogo.net dannynhois.com realestatestructureddata.com matewhereareyou.net laimeibei.ltd sw328.com lmwworks.net xtremefish.com tonerias.com dsooneclinicianexpert.com 281clara.com smmcommunity.net dreamneeds.info twocraft.com yasasiite.salon advk8qi.top drabist.com europartnersplus.com saltbgone.com teslaoceanic.info bestmedicationstore.com buynewcartab.live prospect.money viebrocks.com transportationhappy.com

Extracted

Family	danabot
C2	92.204.160.54 2.56.213.179 45.153.186.47 93.115.21.29 185.45.193.50 193.34.166.247 92.204.160.54 2.56.213.179 45.153.186.47 93.115.21.29 185.45.193.50 193.34.166.247
rsa_pubkey.plain

Extracted

Family	smokeloader
Version	2019
C2	http://advertserv25.world/logstatx77/ http://mailstatm74.club/logstatx77/ http://kxservx7zx.club/logstatx77/ http://dsmail977sx.xyz/logstatx77/ http://fdmail709.club/logstatx77/ http://servicestar751.club/logstatx77/ http://staradvert9075.club/logstatx77/ http://staradvert1883.club/logstatx77/ http://advertserv25.world/logstatx77/ http://mailstatm74.club/logstatx77/ http://kxservx7zx.club/logstatx77/ http://dsmail977sx.xyz/logstatx77/ http://fdmail709.club/logstatx77/ http://servicestar751.club/logstatx77/ http://staradvert9075.club/logstatx77/ http://staradvert1883.club/logstatx77/
rc4.i32
rc4.i32

Extracted

Family	smokeloader
Version	2017
C2	http://92.53.105.14/ http://92.53.105.14/

Extracted

Language	ps1
Source
URLs	http://bit.do/fqhHT http://bit.do/fqhHT ps1.dropper http://bit.do/fqhHT exe.dropper http://bit.do/fqhHT

Extracted

Language	ps1
Source
URLs	http://zxvbcrt.ug/zxcvb.exe http://zxvbcrt.ug/zxcvb.exe ps1.dropper http://zxvbcrt.ug/zxcvb.exe exe.dropper http://zxvbcrt.ug/zxcvb.exe

Extracted

Language	ps1
Source
URLs	http://bit.do/fqhJv http://bit.do/fqhJv ps1.dropper http://bit.do/fqhJv exe.dropper http://bit.do/fqhJv

Extracted

Language	ps1
Source
URLs	http://pdshcjvnv.ug/zxcvb.exe http://pdshcjvnv.ug/zxcvb.exe ps1.dropper http://pdshcjvnv.ug/zxcvb.exe exe.dropper http://pdshcjvnv.ug/zxcvb.exe

Extracted

Language	ps1
Source
URLs	http://bit.do/fqhJD http://bit.do/fqhJD ps1.dropper http://bit.do/fqhJD exe.dropper http://bit.do/fqhJD

Extracted

Language	ps1
Source
URLs	http://rbcxvnb.ug/zxcvb.exe http://rbcxvnb.ug/zxcvb.exe ps1.dropper http://rbcxvnb.ug/zxcvb.exe exe.dropper http://rbcxvnb.ug/zxcvb.exe

Extracted

Family	azorult
C2	http://195.245.112.115/index.php http://195.245.112.115/index.php

Extracted

Family	asyncrat
Version	0.5.7B
C2	agentttt.ac.ug:6970 agentpurple.ac.ug:6970 agentttt.ac.ug:6970 agentpurple.ac.ug:6970
Attributes	aes_key 16dw6EDbQkYZp5BTs7cmLUicVtOA4UQr anti_detection false autorun false bdos false delay Default host agentttt.ac.ug,agentpurple.ac.ug hwid 3 install_file install_folder %AppData% mutex AsyncMutex_6SI8OkPnk pastebin_config null port 6970 version 0.5.7B
aes.plain

Extracted

Protocol	ftp
Host	109.248.203.81
Port	21
Username	alex
Password	easypassword

Target

1.bin/1.bin

MD5

af8e86c5d4198549f6375df9378f983c

Filesize

12MB

Score

10 ^/10

SHA1

7ab5ed449b891bd4899fba62d027a2cc26a05e6f

SHA256

7570a7a6830ade05dcf862d5862f12f12445dbd3c0ad7433d90872849e11c267

SHA512

137f5a281aa15802e300872fdf93b9ee014d2077c29d30e5a029664eb0991af2afbe1e5c53a9d7bff8f0508393a8b7641c5a97b4b0e0061befb79a93506c94e1

Tags

formbook persistence rat spyware stealer trojan agenttesla danabot agilenet banker botnet coreentity cryptone keylogger packer rezer0

Related Tasks

behavioral1 behavioral2

Target

2019-09-02_22-41-10.exe

MD5

924aa6c26f6f43e0893a40728eac3b32

Filesize

251KB

Score

10 ^/10

SHA1

baa9b4c895b09d315ed747b3bd087f4583aa84fc

SHA256

30f9db1f5838abb6c1580fdfb7f5dcfd7c2ac8cfac50c2edd0c8415d66212c95

SHA512

3cb6fd659aff46eaa62b0e647ccebeecb070ba0bb27e1cc037b33caf23c417e75f476e1c08e1b5f3b232c4640995ae5afa43bfd09252d318fe5eec0d18de830a

Tags

smokeloader backdoor trojan

Related Tasks

behavioral3 behavioral4

Target

31.exe

MD5

af8e86c5d4198549f6375df9378f983c

Filesize

12MB

Score

10 ^/10

SHA1

7ab5ed449b891bd4899fba62d027a2cc26a05e6f

SHA256

7570a7a6830ade05dcf862d5862f12f12445dbd3c0ad7433d90872849e11c267

SHA512

137f5a281aa15802e300872fdf93b9ee014d2077c29d30e5a029664eb0991af2afbe1e5c53a9d7bff8f0508393a8b7641c5a97b4b0e0061befb79a93506c94e1

Tags

agenttesla danabot formbook agilenet banker botnet coreentity cryptone keylogger packer rat rezer0 spyware stealer trojan

Related Tasks

behavioral5 behavioral6

Target

3DMark 11 Advanced Edition.exe

MD5

236d7524027dbce337c671906c9fe10b

Filesize

11MB

Score

1 ^/10

SHA1

7d345aa201b50273176ae0ec7324739d882da32e

SHA256

400b64f8c61623ead9f579b99735b1b0d9febe7c829e8bdafc9b3a3269bbe21c

SHA512

e5c2f87923b3331719261101b2f606298fb66442e56a49708199d8472c1ac4a72130612d3a9c344310f36fcb3cf39e4637f7dd8fb3841c61b01b95bb3794610a

Related Tasks

behavioral7 behavioral8

Target

5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18

MD5

ead18f3a909685922d7213714ea9a183

Filesize

669KB

Score

8 ^/10

SHA1

1270bd7fd62acc00447b30f066bb23f4745869bf

SHA256

5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18

SHA512

6e532d9c3d186e4dac38823ae9152056346e283613f0caf088b21a1b3e5f4f6cf3bad8c407168b1072895a386e3be0b8c11ad1cb326d3d3ff0eb8562052def91

Tags

discovery persistence upx

Related Tasks

behavioral9 behavioral10

Target

Archive.zip__ccacaxs2tbz2t6ob3e.exe

MD5

a3cab1a43ff58b41f61f8ea32319386b

Filesize

430KB

Score

9 ^/10

SHA1

94689e1a9e1503f1082b23e6d5984d4587f3b9ec

SHA256

005d3b2b78fa134092a43e53112e5c8518f14cf66e57e6a3cc723219120baba6

SHA512

8f084a866c608833c3bf95b528927d9c05e8d4afcd8a52c3434d45c8ba8220c25d2f09e00aade708bbbc83b4edea60baf826750c529e8e9e05b1242c56d0198d

Tags

discovery persistence spyware

Related Tasks

behavioral11 behavioral12

Target

CVE-2018-15982_PoC.swf

MD5

82fe94beb621a4368e76aa4a51998c00

Filesize

12KB

Score

1 ^/10

SHA1

b7c79b8f05c3d998e21d01b07b9ba157160581a9

SHA256

c61dd1b37cbf2d72e3670e3c8dff28959683e6d85b8507cda25efe1dffc04bdb

SHA512

055677c2194ff132dc3c50ef900a36a0e4b8e5b85d176047fdefdec049aff4d5e2db1ccffefaf65575b4ca41e81fd24beb3c7cfd2fce6275642638d0cf624d27

Related Tasks

behavioral13 behavioral14

Target

CVWSHSetup[1].bin/WSHSetup[1].exe

MD5

cb2b4cd74c7b57a12bd822a168e4e608

Filesize

898KB

Score

3 ^/10

SHA1

f2182062719f0537071545b77ca75f39c2922bf5

SHA256

5987a6e42c3412086b7c9067dc25f1aaa659b2b123581899e9df92cb7907a3ed

SHA512

7a38be8c1270b1224be4975ad442a964b2523c849f748e5356156cdce39e494c64ca80b0d99c1d989d77f072902de8972e0b113894c9791fb0cabf856dbba348

Related Tasks

behavioral15 behavioral16

Target

DiskInternals_Uneraser_v5_keygen.exe

MD5

17c4b227deaa34d22dd0addfb0034e04

Filesize

12MB

Score

1 ^/10

SHA1

0cf926384df162bc88ae7c97d1b1b9523ac6b88c

SHA256

a64f6d4168bbb66930b32482a88193c45d8aae6af883714d6688ed407e176a6e

SHA512

691751cf5930563fc33aa269df87284ef5d69ae332faed3a142529babd988c54ec86a3517ea2e71373491bbb39962e801feb731e1d564c7294ae517b754ffc0c

Related Tasks

behavioral17 behavioral18

Target

ForceOp 2.8.7 - By RaiSence.exe

MD5

0a88ebdd3ae5ab0b006d4eaa2f5bc4b2

Filesize

1MB

Score

10 ^/10

SHA1

6bf1215ac7b1fde54442a9d075c84544b6e80d50

SHA256

26509645fe956ff1b7c540b935f88817281b65413c62da67e597eaefb2406680

SHA512

54c8cde607bd33264c61dbe750a34f8dd190dfa400fc063b61efcd4426f0635c8de42bc3daf8befb14835856b4477fec3bdc8806c555e49684528ff67dd45f37

Related Tasks

behavioral19 behavioral20

Target

HYDRA.exe

MD5

c52bc39684c52886712971a92f339b23

Filesize

2MB

Score

10 ^/10

SHA1

c5cb39850affb7ed322bfb0a4900e17c54f95a11

SHA256

f8c17cb375e8ccad5b0e33dae65694a1bd628f91cac6cf65dd11f50e91130c2d

SHA512

2d50c1aa6ca237b9dbe97f000a082a223618f2164c8ab42ace9f4e142c318b2fc53e91a476dbe9c2dd459942b61507df5c551bd5c692a2b2a2037e4f6bd2a12b

Tags

smokeloader backdoor persistence trojan

Related Tasks

behavioral21 behavioral22

Target

Keygen.exe

MD5

dbde61502c5c0e17ebc6919f361c32b9

Filesize

849KB

Score

10 ^/10

SHA1

189749cf0b66a9f560b68861f98c22cdbcafc566

SHA256

88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b

SHA512

d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb

Tags

asyncrat azorult modiloader oski raccoon discovery evasion infostealer persistence rat spyware stealer trojan

Related Tasks

behavioral23 behavioral24

Target

Lonelyscreen.1.2.9.keygen.by.Paradox/Lonelyscreen.1.2.9.keygen.by.Paradox.exe

MD5

48c356e14b98fb905a36164e28277ae5

Filesize

13MB

Score

1 ^/10

SHA1

d7630bd683af02de03aebc8314862c512acd5656

SHA256

b2f43148c08f4fe2a0902873813fd7bbb9b513920089939c220826097480396c

SHA512

278ae5723544691844aae917938c7ab835f5da9c01c59472497112ca9f5d326a2586fa0bc79fbd0d907aab972b3f855c0087656c5e10504adc760b756ada221b

Related Tasks

behavioral25 behavioral26

Target

LtHv0O2KZDK4M637.exe

MD5

5e25abc3a3ad181d2213e47fa36c4a37

Filesize

10MB

Score

10 ^/10

SHA1

ba365097003860c8fb9d332f377e2f8103d220e0

SHA256

3e385633fc19035dadecf79176a763fe675429b611dac5af2775dd3edca23ab9

SHA512

676596d21cab10389f47a3153d53bbd36b161c77875a4e4aa976032770cb4ec7653c521aaeda98ab4da7777e49f426f4019298d5fc4ed8be2f257e9d0868d681

Tags

azorult aspackv2 discovery evasion infostealer persistence spyware trojan upx

Related Tasks

behavioral27 behavioral28

Target

Magic_File_v3_keygen_by_KeygenNinja.exe

MD5

80e5a163c5396401b58a3b24f2e00d38

Filesize

8MB

Score

1 ^/10

SHA1

589accaeeca95b8d69fa7bc14f402925dd338a6a

SHA256

72fae9a9d8cfd546975fd86222bc1f7f70133d0845798a683569bb8119ffa3b1

SHA512

cc0ede6416032035943522e5249ac378da4ba58ab836d13b53907567a65f0c296aa7263523ca23f1843fb86a88d123864e9385f4b97bac870a110f6fd2ddf1e6

Related Tasks

behavioral29 behavioral30

Target

OnlineInstaller.exe

MD5

4b042bfd9c11ab6a3fb78fa5c34f55d0

Filesize

3MB

Score

8 ^/10

SHA1

b0f506640c205d3fbcfe90bde81e49934b870eab

SHA256

59c662a5207c6806046205348b22ee45da3f685fe022556716dbbd6643e61834

SHA512

dae5957c8eee5ae7dd106346f7ea349771b693598f3d4d54abb39940c3d1a0b5731c8d4e07c29377838988a1e93dcd8c2946ce0515af87de61bca6de450409d3

Related Tasks

behavioral31 behavioral32

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Discovery

Execution

Command-Line Interface

Exfiltration

Impact

Service Stop

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Bypass User Account Control

static1

upx

8^/10

behavioral1

formbook persistence rat spyware stealer trojan

10^/10

behavioral2

agenttesla danabot formbook agilenet banker botnet coreentity cryptone keylogger packer rat rezer0 spyware stealer trojan

10^/10

behavioral3

smokeloader backdoor trojan

10^/10

behavioral4

smokeloader backdoor trojan

10^/10

behavioral5

agenttesla danabot formbook agilenet banker botnet coreentity cryptone keylogger packer rat rezer0 spyware stealer trojan

10^/10

behavioral6

agenttesla danabot formbook agilenet banker botnet coreentity cryptone keylogger packer rat rezer0 spyware stealer trojan

10^/10

behavioral7

1^/10

behavioral8

1^/10

behavioral9

discovery persistence upx

8^/10

behavioral10

discovery persistence upx

8^/10

behavioral11

discovery persistence spyware

9^/10

behavioral12

discovery persistence spyware

9^/10

behavioral13

1^/10

behavioral14

1^/10

behavioral15

3^/10

behavioral16

3^/10

behavioral17

1^/10

behavioral18

1^/10

behavioral19

8^/10

behavioral20

10^/10

behavioral21

smokeloader backdoor persistence trojan

10^/10

behavioral22

smokeloader backdoor persistence trojan

10^/10

behavioral23

asyncrat azorult modiloader oski raccoon discovery evasion infostealer persistence rat spyware stealer trojan

10^/10

behavioral24

asyncrat azorult modiloader oski raccoon discovery evasion infostealer rat spyware stealer trojan

10^/10

behavioral25

1^/10

behavioral26

1^/10

behavioral27

azorult aspackv2 discovery evasion infostealer persistence spyware trojan upx

10^/10

behavioral28

azorult aspackv2 discovery evasion infostealer persistence spyware trojan upx

10^/10

behavioral29

1^/10

behavioral30

1^/10

behavioral31

8^/10

behavioral32

8^/10