4ds.zip

General
Target

4ds.zip

Size

221MB

Sample

201122-hr1cc24nk2

Score
10 /10
MD5

0c1df79aedd19bad104f962cfa9495a2

SHA1

62f9b3c0e8d3f29663c2bafde2602d7cda044fcc

SHA256

4abc4e174beea2d801bab1f52a202a1adcdc372443e25a2f1875b90f112ff56d

SHA512

b1f89e94914584186da5f6cd2755b35c134402f66f1c0d6dea22feafe84fe5b96f6e46460edce3c1c5a8ce0d0f766f6921b8c196e97172fcdbeeb0057b6f36db

Malware Config

Extracted

Family zloader
Botnet main
Campaign 26.02.2020
C2

https://airnaa.org/sound.php

https://banog.org/sound.php

https://rayonch.org/sound.php

rc4.plain

Extracted

Family revengerat
Botnet XDSDDD
C2

84.91.119.105:333

Extracted

Family revengerat
Botnet Victime
C2

cocohack.dtdns.net:84

Extracted

Family zloader
Botnet 25/03
C2

https://wgyvjbse.pw/milagrecf.php

https://botiq.xyz/milagrecf.php

rc4.plain

Extracted

Family revengerat
Botnet samay
C2

shnf-47787.portmap.io:47787

Extracted

Family zloader
Botnet 09/04
C2

https://eoieowo.casa/wp-config.php

https://dcgljuzrb.pw/wp-config.php

rc4.plain

Extracted

Family zloader
Botnet 07/04
C2

https://xyajbocpggsr.site/wp-config.php

https://ooygvpxrb.pw/wp-config.php

rc4.plain

Extracted

Family revengerat
Botnet INSERT-COIN
C2

3.tcp.ngrok.io:24041

Extracted

Family revengerat
Botnet YT
C2

yukselofficial.duckdns.org:5552

Extracted

Family revengerat
Botnet system
C2

yj233.e1.luyouxia.net:20645

Extracted

Family revengerat
Botnet Guest
C2

178.17.174.71:3310

Extracted

Protocol smtp
Host smtp.yandex.com
Port 587
Username mor440ney@yandex.com
Password castor123@

Extracted

Family hawkeye_reborn
Version 10.1.2.2
Attributes
fields
map[_AntiDebugger:false _AntiVirusKiller:false _BotKiller:false _ClipboardLogger:true _Delivery:0 _DisableCommandPrompt:false _DisableRegEdit:false _DisableTaskManager:false _Disablers:false _EmailPassword:castor123@ _EmailPort:587 _EmailSSL:true _EmailServer:smtp.yandex.com _EmailUsername:mor440ney@yandex.com _ExecutionDelay:10 _FTPPort:0 _FTPSFTP:false _FakeMessageIcon:0 _FakeMessageShow:false _FileBinder:false _HideFile:false _HistoryCleaner:false _Install:false _InstallLocation:0 _InstallStartup:false _InstallStartupPersistance:false _KeyStrokeLogger:true _LogInterval:10 _MeltFile:false _Mutex:245f77ec-c812-48df-870b-886d22992db6 _PasswordStealer:true _ProcessElevation:false _ProcessProtection:false _ScreenshotLogger:false _SystemInfo:false _Version:10.1.2.2 _WebCamLogger:false _WebsiteBlocker:false _WebsiteVisitor:false _WebsiteVisitorVisible:false _ZoneID:false]
name
HawkEye Keylogger - RebornX, Version=10.1.2.2, Culture=neutral, PublicKeyToken=null
Targets
Target

bootstrap.min.js

MD5

55093a3d1ac85ac5734e104d4f2de030

Filesize

36KB

Score
8 /10
SHA1

7d6acbbe3b1589d11873954e95e674f178cbaaf7

SHA256

abbb8724a9c69848de604e65aad7a5f6ae3fd7ef2c071b84b41b9cabfabbf2a4

SHA512

373ae6189df34c585a26e1662026b131352327c08ae7ae1ab5c108ac94deecacd89afa2e3b955682f03caf097eb909edb82118fe73013f32b18878ee7ada9ace

Tags

Signatures

  • Modifies WinLogon to allow AutoLogon

    Description

    Enables rebooting of the machine without requiring login credentials.

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry

Related Tasks

Target

cd9ccf8681ed1a5380f8a27cd6dc927ab719b04baa6c6583a0c793a6dc00d5f7.exe

MD5

82b5c0acec3a7946f002c9e555a7125f

Filesize

1MB

Score
10 /10
SHA1

f48992935c658b5685fedc7c8d5ee4b12c19ba6a

SHA256

cd9ccf8681ed1a5380f8a27cd6dc927ab719b04baa6c6583a0c793a6dc00d5f7

SHA512

e802adf79040570783e77643b4b75853c61e583272aaafc85f7df29fc9b1b42d37753e172a6865082701fde423ce2aa3f19ab3e346126bf0ffb1fae3b360bbd0

Tags

Signatures

  • RevengeRAT

    Description

    Remote-access trojan with a wide range of capabilities.

    Tags

  • RevengeRat Executable

    Tags

  • Drops startup file

  • Suspicious use of SetThreadContext

Related Tasks

Target

ch/index.html

MD5

f2ee9a40cf33ebf2319b55311777aea1

Filesize

57KB

Score
8 /10
SHA1

200e696b1e4b8cacf5e87eee2d7c1072b015b53c

SHA256

61aff9ecf65c84242a4fce680ebc80ec15c3f56472d22ca2d83be9cac95c64c2

SHA512

d8794362aa53ce35fc20fc395e76ecf78c371595029efd73909db446148fa251a70fdcd34ab67bdd0f1e0ac08e08651306bd15224d44755ed86e32cb4f003a3f

Tags

Signatures

  • Modifies WinLogon to allow AutoLogon

    Description

    Enables rebooting of the machine without requiring login credentials.

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry

Related Tasks

Target

ch/jquery-1.js

MD5

00f66eada2c54b64a3f632747ce1fe2d

Filesize

93KB

Score
8 /10
SHA1

a4837154098ac13ccd72e08fd25d7bcf76826986

SHA256

100a135d8e7d5ebf1fe83b0b16da1d8d8b2321acdc4d5c24a1f9a7df53b23cf1

SHA512

11220e328a367f1086d0369686d09206badfd2cce18cdbc7420b4aca9785054ad7576f156b6039444f762f6a46a58ac7cefdc0f2bf031f215f59a8d6ae8e254d

Tags

Signatures

  • Modifies WinLogon to allow AutoLogon

    Description

    Enables rebooting of the machine without requiring login credentials.

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry

Related Tasks

Target

ch/retreaver.js

MD5

68ec33788ed08f7c0fdd73cbd52c2050

Filesize

15KB

Score
8 /10
SHA1

8e05b9eb9954164dd41b115dfe9f1d57a2860fc8

SHA256

71a861100e206eeee88876cd5313553e0fdc07046cce33a1a96b96d9485070e1

SHA512

2bfd61e5aa56d37f7778be5db6bbcec88dd3683cc364317b058fac3ae4c018ba156b16344a6fbe94b41933b42ce059d53afa82aa6656540574f45dff3e24e0a3

Tags

Signatures

  • Modifies WinLogon to allow AutoLogon

    Description

    Enables rebooting of the machine without requiring login credentials.

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files

Related Tasks

Target

chrome-assests/a.html

MD5

420b6966af9d8dfd4095737a873509a2

Filesize

350B

Score
8 /10
SHA1

ef780ca200a3405e866d685ec9284c009219508a

SHA256

e6a8fd43ffc04efccf17110152db69265190e18c9484de4cb82fd5e63cf264c3

SHA512

3484c523ee19961dde0f89ebf5f3d99c8b000d63c68d82919fb1563c81f5959f6ef69b37d3ec952b40007b27d2ab436058fe4138ff784e254e267cc1de587033

Tags

Signatures

  • Modifies WinLogon to allow AutoLogon

    Description

    Enables rebooting of the machine without requiring login credentials.

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry

Related Tasks

Target

chrome-assests/ie10-viewport-bug-workaround.html

MD5

f1eb316adbfa88081b8f3b840c852ace

Filesize

377B

Score
8 /10
SHA1

459bd301af4d287e87985dea4870115fafa07d9c

SHA256

a48aca6a9cd0818f3c3705fb1669f476e3641d32d2f526f6b7ced6af4c37d1b2

SHA512

b4a48cef527e182b18de977af2a617dbebc8333f7ea39c7f0066e6bad31ea8f380a54f5f7b61e42aae0e40f432f8040673179e5a566f474da39179a0e083c847

Tags

Signatures

  • Modifies WinLogon to allow AutoLogon

    Description

    Enables rebooting of the machine without requiring login credentials.

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry

Related Tasks

Target

chrome-assests/iframe.js

MD5

51f2059c15e716929279d6228e840e63

Filesize

756B

Score
1 /10
SHA1

edeafad8f89b9d5bc581eeacdc3df1b35f25abe3

SHA256

ce1ccd32bbc00409aa9be94095994d43b6cefd8ae38764bac0a355ed3b313b67

SHA512

3b3a95cc742f0d72a7ca1dc636fd6bbdd942df5d177ec4fb9f175c4cf94ec08c835084d0fbeaf0d65a3440dd4600e52ce2fbec6a019ef34b978074e058b67cc6

Related Tasks

Target

chrome-assests/img-1.svg

MD5

12af80dc28ea71eb770848a8e1ff0128

Filesize

592B

Score
8 /10
SHA1

51c66b1d86ac47d15f927b8c98b6500846ba00c1

SHA256

436689aed9f4d6744d69ab3df2b9e34ab6279d7a38f0e5adcc266f6cb5fc53f0

SHA512

7ac6acff383eeadb5fb033a8162ec80e05b03a17611d8e6636f0c855b41bccadc4b122d30abf82fa16aa00eb436edf084a3d16849246fc929e565ded47e3fb22

Tags

Signatures

  • Modifies WinLogon to allow AutoLogon

    Description

    Enables rebooting of the machine without requiring login credentials.

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry

Related Tasks

Target

chrome-assests/img-11.svg

MD5

3241bc7d3efc81ef70052993a80bf49d

Filesize

910B

Score
8 /10
SHA1

7f88961516a4198cbb11b216667c2dae94dfc103

SHA256

7443a8aab83f372ce9993ca88a2dd189d915016b7c89649e0f36e44d00d3e865

SHA512

48b343a36b895e1aad7fad68f3e1916f62cd68214b2d65985010d8fb9e6849b0221122b59d037cc9909cade4a549327e99b4c0b545446e83abccc42f67c4a0b2

Tags

Signatures

  • Modifies WinLogon to allow AutoLogon

    Description

    Enables rebooting of the machine without requiring login credentials.

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry

Related Tasks

Target

chrome-assests/img-12.svg

MD5

60b657fb273d057aa8a5b0c3babf1f5d

Filesize

592B

Score
8 /10
SHA1

a6e3a06223c7a32545641c4ed7601aa1e9439e34

SHA256

88e74b30174f5005ac34d11b3e575e73377c75e9b787932d0be05cb215db80e9

SHA512

b1db14eea14f5474a7ef24accce61559343aa5b5123ffc24db1545d4489858cabf7fe8726fa30bef23f9b4f21f97bb5b83ee8f3e78f49338ddb5a92abd8f3e5a

Tags

Signatures

  • Modifies WinLogon to allow AutoLogon

    Description

    Enables rebooting of the machine without requiring login credentials.

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry

Related Tasks

Target

chrome-assests/img-2.svg

MD5

e4709b0fd98d81c7e39a378bdd289033

Filesize

583B

Score
8 /10
SHA1

ef561f46ae3ed3e4597f1a95d464b7549af163f9

SHA256

3897a8ee5fcd4f6bb05756c5e46862ad6b0a62607ab1972ad6db60cedf0b3be6

SHA512

731baee4bf2134fe18f5e783a12005cea1edf0916009560b2875a7104717c295ffd02d5d62a9afd6ac0d99c416c565bc2121e8b64cbc5e97a89a7320224e5be1

Tags

Signatures

  • Modifies WinLogon to allow AutoLogon

    Description

    Enables rebooting of the machine without requiring login credentials.

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry

Related Tasks

Target

chrome-assests/img-3.svg

MD5

b70fff9713e620fe6d13a4e232d4fd7a

Filesize

2KB

Score
8 /10
SHA1

e0a80e09216267ab5b92f68fc1b6348dfeb48223

SHA256

0ebc28a19f72eb6c0265e2277ba4fa154b3b94d5be0c5128a474b8eb7982c7a6

SHA512

c08bb14948fd377e4091f1ef508abb6456eca7a1feefb4870a0760c44b8c5f4037688c103e2a15b432cd39efcdbf2f220d93a504b0cdc787ff45e537d9d7209c

Tags

Signatures

  • Modifies WinLogon to allow AutoLogon

    Description

    Enables rebooting of the machine without requiring login credentials.

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry

Related Tasks

Target

chrome-assests/img-4.svg

MD5

77fd42086aef0f6ac1629be6f939a17f

Filesize

666B

Score
8 /10
SHA1

86ac79b75c39e85da4598785e4394102cfda60e2

SHA256

da1d9c7852bb6ffd74973e6ea5c0a80d117289233a96f5572a19b6d7b7d1c9cd

SHA512

a13b08e9ee4a269b147ad9f3bc2687898482d88dac664e9bf256cfa3e3e055bdf3b4428e2762ea5844fffc1761f88c4089a0fa7b00c613ca360ce70310992015

Tags

Signatures

  • Modifies WinLogon to allow AutoLogon

    Description

    Enables rebooting of the machine without requiring login credentials.

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry

Related Tasks

Target

hyundai steel-pipe- job 8010(1).exe

MD5

0999a03694a1c97a43ac0de89cbf355e

Filesize

721KB

Score
10 /10
SHA1

0c8fdd4c3b40c4827662baa0c89b5b50d8f0cf1d

SHA256

8a9bcb387cd155170986cd1938beb317ee1ee511bcb6175a6d292bd976cca15b

SHA512

6515a13d561d2adb08fd53dba80ecd7ee264b66080848e0c845f63313eb9a828c6be8014d6db47f8ac910e24848dd74c57aae00a92ebe9b4efd97676e0365fe9

Tags

Signatures

  • HawkEye Reborn

    Description

    HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    Tags

  • M00nd3v_Logger

    Description

    M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    Tags

  • M00nD3v Logger Payload

    Description

    Detects M00nD3v Logger payload in memory.

  • Modifies WinLogon to allow AutoLogon

    Description

    Enables rebooting of the machine without requiring login credentials.

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

Target

hyundai steel-pipe- job 8010.exe

MD5

0999a03694a1c97a43ac0de89cbf355e

Filesize

721KB

Score
10 /10
SHA1

0c8fdd4c3b40c4827662baa0c89b5b50d8f0cf1d

SHA256

8a9bcb387cd155170986cd1938beb317ee1ee511bcb6175a6d292bd976cca15b

SHA512

6515a13d561d2adb08fd53dba80ecd7ee264b66080848e0c845f63313eb9a828c6be8014d6db47f8ac910e24848dd74c57aae00a92ebe9b4efd97676e0365fe9

Tags

Signatures

  • HawkEye Reborn

    Description

    HawkEye Reborn is an enhanced version of the HawkEye malware kit.

    Tags

  • M00nd3v_Logger

    Description

    M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    Tags

  • M00nD3v Logger Payload

    Description

    Detects M00nD3v Logger payload in memory.

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

Target

ie.svg

MD5

aab795251934d2063ba9df1c539706db

Filesize

769B

Score
8 /10
SHA1

3fd39edb2aa407eb4e10dc08f899f1e41690291c

SHA256

a1cef33ec4d98a1bf01a70ebb04e7ebc695910ba9c258aca0bb5214bf9af98d3

SHA512

80de8f68c8f15f523b78c50ed4fb053eccca8d2c78db7fa99a8b16650f7ca0aed698fce13629f6ac24cdad536d6c4dedb3be37b7ecbec064feeb0c2d911b98b8

Tags

Signatures

  • Modifies WinLogon to allow AutoLogon

    Description

    Enables rebooting of the machine without requiring login credentials.

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry

Related Tasks

Target

index(1).html

MD5

7bee8e169793eb18193d767b4e16c720

Filesize

5KB

Score
8 /10
SHA1

ab952de835bffe6ba978cf99c55a700e479608f6

SHA256

d19aebcffd70663042c75c24fec8c2a308d8e199e568cf22fc47a95690637da3

SHA512

0d0116931641173d582c29fa72eff02ab7b4f788fedc75cc9a10b34ce2eba942f23f3b83c7907afdc43688e41f87240b186623c9b3980699c2599b54f68f4e3a

Tags

Signatures

  • Modifies WinLogon to allow AutoLogon

    Description

    Enables rebooting of the machine without requiring login credentials.

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry

Related Tasks

Target

index(10).html

MD5

565cf6557ee64a77fe15385373ac3d83

Filesize

7KB

Score
1 /10
SHA1

0739b5e23e7e30649139421b11b6d289cd2510e7

SHA256

60b111c927851655d541894649f04e4723e1f16b200b14c4b0c08700745c4e91

SHA512

510b5eddd1f7b4ced204e1b26f4cd852d7e5c1a508a808c688dc91fc1b0ea4e52f54d8108c8d550369397af37a65dbd6ed05ff8005ece2b0e0902491cd376168

Related Tasks

Target

index(11).html

MD5

8c322ed467ef41c0e709fb02f5b72c82

Filesize

98KB

Score
8 /10
SHA1

9d370ead145f80c04e2a53a6683103a972d34ee0

SHA256

8b0b9ed969fc04412fe395bc3291074fc25f2efa7b1254143c57f0763d568e0e

SHA512

cb73796263bfd29e82465785bfdf9ff200bc7a691825ee8da92496e41c18435cb72ad9f9dbb9733186f162e901f7210ba9feead4eb6436a1d8aa40b19d657186

Tags

Signatures

  • Modifies WinLogon to allow AutoLogon

    Description

    Enables rebooting of the machine without requiring login credentials.

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry

Related Tasks

Target

index(2).html

MD5

6ab776dc484b17397ad580be04b00a54

Filesize

6KB

Score
1 /10
SHA1

f3058f8c46c45af5baa46ee09dd3979c100fffe7

SHA256

e8be9982165aa8f2b44c3bc3ac6fce1faa03266fee0a0a223433e18f18cc60cc

SHA512

8259e1848fabcd0dcbe114021d1033faf766607f1955e9bd5f5b70c791bb8b2347db73dfd7672ea3c68ff490674b971424cbc5ea5bc77b243f2ed59ae22e2f6d

Related Tasks

Target

index(3).html

MD5

053da040bef6c226a3e84c49b61cbf60

Filesize

1KB

Score
8 /10
SHA1

84f6a1d2f4e2190e5d28c5110fe96443b64b4873

SHA256

6ea3e8640831be999b747818d9826a36de14beafb316a1b418afb04a2d092e58

SHA512

fcea9322dd7963362c96b98aa927a24607eb987a15948cfb9aa7c4e36b3bbc4a7eae371558d888c3bd8523d93809d65c95f4b9587d923b7f616c67a65c30abe2

Tags

Signatures

  • Executes dropped EXE

  • Modifies WinLogon to allow AutoLogon

    Description

    Enables rebooting of the machine without requiring login credentials.

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry
  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Drops Chrome extension

  • JavaScript code in executable

Related Tasks

Target

index(4).html

MD5

3e9329e1be2081bc1ecc6adf86960061

Filesize

5KB

Score
8 /10
SHA1

224f65f5cbfaedc6ab89246e066d4f97480c2669

SHA256

0f8adf2edf0af48f148f10ee467a51a078cf1535e638b970baf6854fed1df019

SHA512

b287a49e56c4548b8e898a855646a94809fc4ddfb062d8467ad3814850e7722928bc9b0ee49fab508f0ebbe2777155e8ea8cc3a0effa001ba3c45c521261e254

Tags

Signatures

  • Modifies WinLogon to allow AutoLogon

    Description

    Enables rebooting of the machine without requiring login credentials.

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry

Related Tasks

Target

index(5).html

MD5

a04ac97f975fbea37a2e385ae4a48c3d

Filesize

14KB

Score
1 /10
SHA1

565214f80be60a73779880381991fae1f18872ca

SHA256

003e59cb295e42f6ea30a7576edb2ad902d82fee3f066eb59785a430f38a50d7

SHA512

7039ec15ba0782d757874a3301c6d82982bca25ff11affae170c3a75df5cc02ac1e516d37bbc1fbb0ee190b31f970d71a4ee8a025203f8743ca01e19cec5ceb6

Related Tasks

Target

index(6).html

MD5

8435cb7423ad89ef010d40d96b05ac41

Filesize

9KB

Score
8 /10
SHA1

4b444901c98b3d88184ba6fcecb4cf5401db54ad

SHA256

027385f41fb1dac83bfd4c6ae4339bae6e7c8318d85b51892e3073cbe7fbde58

SHA512

dc4880ec617069cce4c185551ca958a5f1b99358dfa54c2d21f2fba20732db74ab44966a6189e245ffa177706f7cb56de1d3ef0529246a4ca1714722c64fbca3

Tags

Signatures

  • Modifies WinLogon to allow AutoLogon

    Description

    Enables rebooting of the machine without requiring login credentials.

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry

Related Tasks

Target

index(7).html

MD5

4a52683398cac1b4c47b335ea2779654

Filesize

18KB

Score
1 /10
SHA1

14ee7fcd212bb624887dfa746aabe49bc4eef357

SHA256

b9af37f8b2660e4b3b1f4bd42d7dd376d841d0dd854c1600384ed0ec8026ef37

SHA512

761e25ffd4bb6b9af253401a9f2acbc8bb5f34bac5959a82527ddca30e5277ec2e577ff7ad8883fd4201249ca2ab1df89850b73cae547b65902d41a8d53af1a5

Related Tasks

Target

index(8).html

MD5

7dfcda08bd2ab04f3e68be1d645867ec

Filesize

67KB

Score
1 /10
SHA1

09b3db25987716cdd64a175f3e9b7488413e7bd7

SHA256

4a4991f9bfeade5b923b48cda32c9d81e61dc38cf37c9fba1273287c4d5b7415

SHA512

595573d32fc3313493bab38d528c9e1112135b726c4dc15b343f3f88f0e61ea83b656505eb0c662f6ff58bc1ffa79fc336cb305d89b591b721dfb00e5a1f3c88

Related Tasks

Target

index(9).html

MD5

33b72c6dc00dd802f5e2d53cbe5c613a

Filesize

119KB

Score
1 /10
SHA1

450ed8acb15133ed843576e735cc171e77c6fe53

SHA256

027bb852118f95abe8945905a2ceb945b2051c14418f0f47cb9db097ccd97a36

SHA512

fb734e720d5043f887e0a8d66b01cae4a3c5028712a28452406cf0d1d629e2c4205d623286f8aa193b5d269ae8f545d860ae0a65cebedf77e6a887dff7163370

Related Tasks

Target

index.html

MD5

3e198c8b972a962aabf0a2bbe26c1029

Filesize

26KB

Score
1 /10
SHA1

236dd9eadccb3aff18f910867d4231b38f8b77c8

SHA256

13ac02b44e2c48890c00ea16afe1d2e2918fa9cd9f20ae2782efb8c1c0c61425

SHA512

7ba8f027e23edac3e51f5e5a8f18431d03086582d034e09321ae2c539011639805463766ee520c9c8bef7b89e004c2c03c7178c0b7a953850a763aa39046d240

Related Tasks

Target

index2.html

MD5

a81d96c7ec17e2508e1516ced7f8d52a

Filesize

6KB

Score
1 /10
SHA1

88ecb602f5badab8cda2ba2307c74eae9532b411

SHA256

9ac684e2d75d94e79155f364c62af51055c2475fe9f9672b302aa9bd4651d695

SHA512

7d22f5530fa4c810e892f4de84a563979664f97e70fd2a8b42ad9fb5581247f05e8529cda617af7cee26fd3d9d78498795bc745569b04c626b3500b84a6e3ffe

Related Tasks

Target

infected dot net installer.exe

MD5

6eb2b081d12ad12c2ce50da34438651d

Filesize

1MB

Score
8 /10
SHA1

2092c0733ec3a3c514568b6009ee53b9d2ad8dc4

SHA256

1371b24900cbd474a6bc2804f0e79dbd7b0429368be6190f276db912d73eb104

SHA512

881d14d87a7f254292f962181eee79137f612d13994ff4da0eb3d86b0217bcbac39e04778c66d1e4c3df8a5b934cbb6130b43c0d4f3915d5e8471e9314d82c1b

Tags

Signatures

  • Executes dropped EXE

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query Registry System Information Discovery
  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

Target

inps_979.xls

MD5

56fc044937a072471fdd8d63b874e04a

Filesize

228KB

Score
1 /10
SHA1

738552f8db33ac0271aa860775815f3d1b291980

SHA256

59afe59cdbebf60434bd78270826ca9689c3765264dfcace312b89c606c0a962

SHA512

dbaf2e36ec17d474c829d847705de796bea153b784c8e894d4ff7bebb3bfcdf01447d97f217d9303e0eed5aa9b39046b75b2581331be28771582af2ea48c960b

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                behavioral1

                8/10

                behavioral2

                10/10

                behavioral3

                8/10

                behavioral4

                8/10

                behavioral5

                8/10

                behavioral6

                8/10

                behavioral7

                8/10

                behavioral8

                1/10

                behavioral9

                8/10

                behavioral10

                8/10

                behavioral11

                8/10

                behavioral12

                8/10

                behavioral13

                8/10

                behavioral14

                8/10

                behavioral17

                8/10

                behavioral18

                8/10

                behavioral19

                1/10

                behavioral20

                8/10

                behavioral21

                1/10

                behavioral23

                8/10

                behavioral24

                1/10

                behavioral25

                8/10

                behavioral26

                1/10

                behavioral27

                1/10

                behavioral28

                1/10

                behavioral29

                1/10

                behavioral30

                1/10

                behavioral31

                8/10

                behavioral32

                1/10