Overview
overview
10Static
static
10ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
8ฺฺฺK...ฺฺ
windows10_x64
1General
-
Target
4ds.zip
-
Size
221.1MB
-
Sample
201122-hr1cc24nk2
-
MD5
0c1df79aedd19bad104f962cfa9495a2
-
SHA1
62f9b3c0e8d3f29663c2bafde2602d7cda044fcc
-
SHA256
4abc4e174beea2d801bab1f52a202a1adcdc372443e25a2f1875b90f112ff56d
-
SHA512
b1f89e94914584186da5f6cd2755b35c134402f66f1c0d6dea22feafe84fe5b96f6e46460edce3c1c5a8ce0d0f766f6921b8c196e97172fcdbeeb0057b6f36db
Static task
static1
Behavioral task
behavioral1
Sample
bootstrap.min.js
Resource
win10v20201028
Behavioral task
behavioral2
Sample
cd9ccf8681ed1a5380f8a27cd6dc927ab719b04baa6c6583a0c793a6dc00d5f7.exe
Resource
win10v20201028
Behavioral task
behavioral3
Sample
ch/index.html
Resource
win10v20201028
Behavioral task
behavioral4
Sample
ch/jquery-1.js
Resource
win10v20201028
Behavioral task
behavioral5
Sample
ch/retreaver.js
Resource
win10v20201028
Behavioral task
behavioral6
Sample
chrome-assests/a.html
Resource
win10v20201028
Behavioral task
behavioral7
Sample
chrome-assests/ie10-viewport-bug-workaround.html
Resource
win10v20201028
Behavioral task
behavioral8
Sample
chrome-assests/iframe.js
Resource
win10v20201028
Behavioral task
behavioral9
Sample
chrome-assests/img-1.svg.xml
Resource
win10v20201028
Behavioral task
behavioral10
Sample
chrome-assests/img-11.svg.xml
Resource
win10v20201028
Behavioral task
behavioral11
Sample
chrome-assests/img-12.svg.xml
Resource
win10v20201028
Behavioral task
behavioral12
Sample
chrome-assests/img-2.svg.xml
Resource
win10v20201028
Behavioral task
behavioral13
Sample
chrome-assests/img-3.svg.xml
Resource
win10v20201028
Behavioral task
behavioral14
Sample
chrome-assests/img-4.svg.xml
Resource
win10v20201028
Behavioral task
behavioral15
Sample
hyundai steel-pipe- job 8010(1).exe
Resource
win10v20201028
Behavioral task
behavioral16
Sample
hyundai steel-pipe- job 8010.exe
Resource
win10v20201028
Behavioral task
behavioral17
Sample
ie.svg.xml
Resource
win10v20201028
Behavioral task
behavioral18
Sample
index(1).html
Resource
win10v20201028
Behavioral task
behavioral19
Sample
index(10).html
Resource
win10v20201028
Behavioral task
behavioral20
Sample
index(11).html
Resource
win10v20201028
Behavioral task
behavioral21
Sample
index(2).html
Resource
win10v20201028
Behavioral task
behavioral22
Sample
index(3).html
Resource
win10v20201028
Behavioral task
behavioral23
Sample
index(4).html
Resource
win10v20201028
Behavioral task
behavioral24
Sample
index(5).html
Resource
win10v20201028
Behavioral task
behavioral25
Sample
index(6).html
Resource
win10v20201028
Behavioral task
behavioral26
Sample
index(7).html
Resource
win10v20201028
Behavioral task
behavioral27
Sample
index(8).html
Resource
win10v20201028
Behavioral task
behavioral28
Sample
index(9).html
Resource
win10v20201028
Behavioral task
behavioral29
Sample
index.html
Resource
win10v20201028
Behavioral task
behavioral30
Sample
index2.html
Resource
win10v20201028
Behavioral task
behavioral31
Sample
infected dot net installer.exe
Resource
win10v20201028
Behavioral task
behavioral32
Sample
inps_979.xls
Resource
win10v20201028
Malware Config
Extracted
zloader
main
26.02.2020
https://airnaa.org/sound.php
https://banog.org/sound.php
https://rayonch.org/sound.php
Extracted
revengerat
XDSDDD
84.91.119.105:333
RV_MUTEX-wtZlNApdygPh
Extracted
revengerat
Victime
cocohack.dtdns.net:84
RV_MUTEX-OKuSAtYBxGgZHx
Extracted
zloader
25/03
https://wgyvjbse.pw/milagrecf.php
https://botiq.xyz/milagrecf.php
Extracted
revengerat
samay
shnf-47787.portmap.io:47787
RV_MUTEX
Extracted
zloader
09/04
https://eoieowo.casa/wp-config.php
https://dcgljuzrb.pw/wp-config.php
Extracted
zloader
07/04
https://xyajbocpggsr.site/wp-config.php
https://ooygvpxrb.pw/wp-config.php
Extracted
revengerat
INSERT-COIN
3.tcp.ngrok.io:24041
RV_MUTEX
Extracted
revengerat
YT
yukselofficial.duckdns.org:5552
RV_MUTEX-WlgZblRvZwfRtNH
Extracted
revengerat
system
yj233.e1.luyouxia.net:20645
RV_MUTEX-GeVqDyMpzZJHO
Extracted
revengerat
Guest
178.17.174.71:3310
RV_MUTEX-HxdYuaWVCGnhp
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
mor440ney@yandex.com - Password:
castor123@
Extracted
hawkeye_reborn
10.1.2.2
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
mor440ney@yandex.com - Password:
castor123@
245f77ec-c812-48df-870b-886d22992db6
-
fields
map[_AntiDebugger:false _AntiVirusKiller:false _BotKiller:false _ClipboardLogger:true _Delivery:0 _DisableCommandPrompt:false _DisableRegEdit:false _DisableTaskManager:false _Disablers:false _EmailPassword:castor123@ _EmailPort:587 _EmailSSL:true _EmailServer:smtp.yandex.com _EmailUsername:mor440ney@yandex.com _ExecutionDelay:10 _FTPPort:0 _FTPSFTP:false _FakeMessageIcon:0 _FakeMessageShow:false _FileBinder:false _HideFile:false _HistoryCleaner:false _Install:false _InstallLocation:0 _InstallStartup:false _InstallStartupPersistance:false _KeyStrokeLogger:true _LogInterval:10 _MeltFile:false _Mutex:245f77ec-c812-48df-870b-886d22992db6 _PasswordStealer:true _ProcessElevation:false _ProcessProtection:false _ScreenshotLogger:false _SystemInfo:false _Version:10.1.2.2 _WebCamLogger:false _WebsiteBlocker:false _WebsiteVisitor:false _WebsiteVisitorVisible:false _ZoneID:false]
-
name
HawkEye Keylogger - RebornX, Version=10.1.2.2, Culture=neutral, PublicKeyToken=null
Targets
-
-
Target
bootstrap.min.js
-
Size
36KB
-
MD5
55093a3d1ac85ac5734e104d4f2de030
-
SHA1
7d6acbbe3b1589d11873954e95e674f178cbaaf7
-
SHA256
abbb8724a9c69848de604e65aad7a5f6ae3fd7ef2c071b84b41b9cabfabbf2a4
-
SHA512
373ae6189df34c585a26e1662026b131352327c08ae7ae1ab5c108ac94deecacd89afa2e3b955682f03caf097eb909edb82118fe73013f32b18878ee7ada9ace
Score8/10-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
-
-
Target
cd9ccf8681ed1a5380f8a27cd6dc927ab719b04baa6c6583a0c793a6dc00d5f7.exe
-
Size
1.1MB
-
MD5
82b5c0acec3a7946f002c9e555a7125f
-
SHA1
f48992935c658b5685fedc7c8d5ee4b12c19ba6a
-
SHA256
cd9ccf8681ed1a5380f8a27cd6dc927ab719b04baa6c6583a0c793a6dc00d5f7
-
SHA512
e802adf79040570783e77643b4b75853c61e583272aaafc85f7df29fc9b1b42d37753e172a6865082701fde423ce2aa3f19ab3e346126bf0ffb1fae3b360bbd0
Score10/10-
RevengeRat Executable
-
Drops startup file
-
Suspicious use of SetThreadContext
-
-
-
Target
ch/index.html
-
Size
57KB
-
MD5
f2ee9a40cf33ebf2319b55311777aea1
-
SHA1
200e696b1e4b8cacf5e87eee2d7c1072b015b53c
-
SHA256
61aff9ecf65c84242a4fce680ebc80ec15c3f56472d22ca2d83be9cac95c64c2
-
SHA512
d8794362aa53ce35fc20fc395e76ecf78c371595029efd73909db446148fa251a70fdcd34ab67bdd0f1e0ac08e08651306bd15224d44755ed86e32cb4f003a3f
Score8/10-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
-
-
Target
ch/jquery-1.js
-
Size
93KB
-
MD5
00f66eada2c54b64a3f632747ce1fe2d
-
SHA1
a4837154098ac13ccd72e08fd25d7bcf76826986
-
SHA256
100a135d8e7d5ebf1fe83b0b16da1d8d8b2321acdc4d5c24a1f9a7df53b23cf1
-
SHA512
11220e328a367f1086d0369686d09206badfd2cce18cdbc7420b4aca9785054ad7576f156b6039444f762f6a46a58ac7cefdc0f2bf031f215f59a8d6ae8e254d
Score8/10-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
-
-
Target
ch/retreaver.js
-
Size
15KB
-
MD5
68ec33788ed08f7c0fdd73cbd52c2050
-
SHA1
8e05b9eb9954164dd41b115dfe9f1d57a2860fc8
-
SHA256
71a861100e206eeee88876cd5313553e0fdc07046cce33a1a96b96d9485070e1
-
SHA512
2bfd61e5aa56d37f7778be5db6bbcec88dd3683cc364317b058fac3ae4c018ba156b16344a6fbe94b41933b42ce059d53afa82aa6656540574f45dff3e24e0a3
Score8/10-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
-
-
Target
chrome-assests/a.html
-
Size
350B
-
MD5
420b6966af9d8dfd4095737a873509a2
-
SHA1
ef780ca200a3405e866d685ec9284c009219508a
-
SHA256
e6a8fd43ffc04efccf17110152db69265190e18c9484de4cb82fd5e63cf264c3
-
SHA512
3484c523ee19961dde0f89ebf5f3d99c8b000d63c68d82919fb1563c81f5959f6ef69b37d3ec952b40007b27d2ab436058fe4138ff784e254e267cc1de587033
Score8/10-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
-
-
Target
chrome-assests/ie10-viewport-bug-workaround.html
-
Size
377B
-
MD5
f1eb316adbfa88081b8f3b840c852ace
-
SHA1
459bd301af4d287e87985dea4870115fafa07d9c
-
SHA256
a48aca6a9cd0818f3c3705fb1669f476e3641d32d2f526f6b7ced6af4c37d1b2
-
SHA512
b4a48cef527e182b18de977af2a617dbebc8333f7ea39c7f0066e6bad31ea8f380a54f5f7b61e42aae0e40f432f8040673179e5a566f474da39179a0e083c847
Score8/10-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
-
-
Target
chrome-assests/iframe.js
-
Size
756B
-
MD5
51f2059c15e716929279d6228e840e63
-
SHA1
edeafad8f89b9d5bc581eeacdc3df1b35f25abe3
-
SHA256
ce1ccd32bbc00409aa9be94095994d43b6cefd8ae38764bac0a355ed3b313b67
-
SHA512
3b3a95cc742f0d72a7ca1dc636fd6bbdd942df5d177ec4fb9f175c4cf94ec08c835084d0fbeaf0d65a3440dd4600e52ce2fbec6a019ef34b978074e058b67cc6
Score1/10 -
-
-
Target
chrome-assests/img-1.svg
-
Size
592B
-
MD5
12af80dc28ea71eb770848a8e1ff0128
-
SHA1
51c66b1d86ac47d15f927b8c98b6500846ba00c1
-
SHA256
436689aed9f4d6744d69ab3df2b9e34ab6279d7a38f0e5adcc266f6cb5fc53f0
-
SHA512
7ac6acff383eeadb5fb033a8162ec80e05b03a17611d8e6636f0c855b41bccadc4b122d30abf82fa16aa00eb436edf084a3d16849246fc929e565ded47e3fb22
Score8/10-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
-
-
Target
chrome-assests/img-11.svg
-
Size
910B
-
MD5
3241bc7d3efc81ef70052993a80bf49d
-
SHA1
7f88961516a4198cbb11b216667c2dae94dfc103
-
SHA256
7443a8aab83f372ce9993ca88a2dd189d915016b7c89649e0f36e44d00d3e865
-
SHA512
48b343a36b895e1aad7fad68f3e1916f62cd68214b2d65985010d8fb9e6849b0221122b59d037cc9909cade4a549327e99b4c0b545446e83abccc42f67c4a0b2
Score8/10-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
-
-
Target
chrome-assests/img-12.svg
-
Size
592B
-
MD5
60b657fb273d057aa8a5b0c3babf1f5d
-
SHA1
a6e3a06223c7a32545641c4ed7601aa1e9439e34
-
SHA256
88e74b30174f5005ac34d11b3e575e73377c75e9b787932d0be05cb215db80e9
-
SHA512
b1db14eea14f5474a7ef24accce61559343aa5b5123ffc24db1545d4489858cabf7fe8726fa30bef23f9b4f21f97bb5b83ee8f3e78f49338ddb5a92abd8f3e5a
Score8/10-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
-
-
Target
chrome-assests/img-2.svg
-
Size
583B
-
MD5
e4709b0fd98d81c7e39a378bdd289033
-
SHA1
ef561f46ae3ed3e4597f1a95d464b7549af163f9
-
SHA256
3897a8ee5fcd4f6bb05756c5e46862ad6b0a62607ab1972ad6db60cedf0b3be6
-
SHA512
731baee4bf2134fe18f5e783a12005cea1edf0916009560b2875a7104717c295ffd02d5d62a9afd6ac0d99c416c565bc2121e8b64cbc5e97a89a7320224e5be1
Score8/10-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
-
-
Target
chrome-assests/img-3.svg
-
Size
2KB
-
MD5
b70fff9713e620fe6d13a4e232d4fd7a
-
SHA1
e0a80e09216267ab5b92f68fc1b6348dfeb48223
-
SHA256
0ebc28a19f72eb6c0265e2277ba4fa154b3b94d5be0c5128a474b8eb7982c7a6
-
SHA512
c08bb14948fd377e4091f1ef508abb6456eca7a1feefb4870a0760c44b8c5f4037688c103e2a15b432cd39efcdbf2f220d93a504b0cdc787ff45e537d9d7209c
Score8/10-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
-
-
Target
chrome-assests/img-4.svg
-
Size
666B
-
MD5
77fd42086aef0f6ac1629be6f939a17f
-
SHA1
86ac79b75c39e85da4598785e4394102cfda60e2
-
SHA256
da1d9c7852bb6ffd74973e6ea5c0a80d117289233a96f5572a19b6d7b7d1c9cd
-
SHA512
a13b08e9ee4a269b147ad9f3bc2687898482d88dac664e9bf256cfa3e3e055bdf3b4428e2762ea5844fffc1761f88c4089a0fa7b00c613ca360ce70310992015
Score8/10-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
-
-
Target
hyundai steel-pipe- job 8010(1).exe
-
Size
721KB
-
MD5
0999a03694a1c97a43ac0de89cbf355e
-
SHA1
0c8fdd4c3b40c4827662baa0c89b5b50d8f0cf1d
-
SHA256
8a9bcb387cd155170986cd1938beb317ee1ee511bcb6175a6d292bd976cca15b
-
SHA512
6515a13d561d2adb08fd53dba80ecd7ee264b66080848e0c845f63313eb9a828c6be8014d6db47f8ac910e24848dd74c57aae00a92ebe9b4efd97676e0365fe9
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
M00nD3v Logger Payload
Detects M00nD3v Logger payload in memory.
-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
hyundai steel-pipe- job 8010.exe
-
Size
721KB
-
MD5
0999a03694a1c97a43ac0de89cbf355e
-
SHA1
0c8fdd4c3b40c4827662baa0c89b5b50d8f0cf1d
-
SHA256
8a9bcb387cd155170986cd1938beb317ee1ee511bcb6175a6d292bd976cca15b
-
SHA512
6515a13d561d2adb08fd53dba80ecd7ee264b66080848e0c845f63313eb9a828c6be8014d6db47f8ac910e24848dd74c57aae00a92ebe9b4efd97676e0365fe9
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
M00nD3v Logger Payload
Detects M00nD3v Logger payload in memory.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
ie.svg
-
Size
769B
-
MD5
aab795251934d2063ba9df1c539706db
-
SHA1
3fd39edb2aa407eb4e10dc08f899f1e41690291c
-
SHA256
a1cef33ec4d98a1bf01a70ebb04e7ebc695910ba9c258aca0bb5214bf9af98d3
-
SHA512
80de8f68c8f15f523b78c50ed4fb053eccca8d2c78db7fa99a8b16650f7ca0aed698fce13629f6ac24cdad536d6c4dedb3be37b7ecbec064feeb0c2d911b98b8
Score8/10-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
-
-
Target
index(1).html
-
Size
5KB
-
MD5
7bee8e169793eb18193d767b4e16c720
-
SHA1
ab952de835bffe6ba978cf99c55a700e479608f6
-
SHA256
d19aebcffd70663042c75c24fec8c2a308d8e199e568cf22fc47a95690637da3
-
SHA512
0d0116931641173d582c29fa72eff02ab7b4f788fedc75cc9a10b34ce2eba942f23f3b83c7907afdc43688e41f87240b186623c9b3980699c2599b54f68f4e3a
Score8/10-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
-
-
Target
index(10).html
-
Size
7KB
-
MD5
565cf6557ee64a77fe15385373ac3d83
-
SHA1
0739b5e23e7e30649139421b11b6d289cd2510e7
-
SHA256
60b111c927851655d541894649f04e4723e1f16b200b14c4b0c08700745c4e91
-
SHA512
510b5eddd1f7b4ced204e1b26f4cd852d7e5c1a508a808c688dc91fc1b0ea4e52f54d8108c8d550369397af37a65dbd6ed05ff8005ece2b0e0902491cd376168
Score1/10 -
-
-
Target
index(11).html
-
Size
98KB
-
MD5
8c322ed467ef41c0e709fb02f5b72c82
-
SHA1
9d370ead145f80c04e2a53a6683103a972d34ee0
-
SHA256
8b0b9ed969fc04412fe395bc3291074fc25f2efa7b1254143c57f0763d568e0e
-
SHA512
cb73796263bfd29e82465785bfdf9ff200bc7a691825ee8da92496e41c18435cb72ad9f9dbb9733186f162e901f7210ba9feead4eb6436a1d8aa40b19d657186
Score8/10-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
-
-
Target
index(2).html
-
Size
6KB
-
MD5
6ab776dc484b17397ad580be04b00a54
-
SHA1
f3058f8c46c45af5baa46ee09dd3979c100fffe7
-
SHA256
e8be9982165aa8f2b44c3bc3ac6fce1faa03266fee0a0a223433e18f18cc60cc
-
SHA512
8259e1848fabcd0dcbe114021d1033faf766607f1955e9bd5f5b70c791bb8b2347db73dfd7672ea3c68ff490674b971424cbc5ea5bc77b243f2ed59ae22e2f6d
Score1/10 -
-
-
Target
index(3).html
-
Size
1KB
-
MD5
053da040bef6c226a3e84c49b61cbf60
-
SHA1
84f6a1d2f4e2190e5d28c5110fe96443b64b4873
-
SHA256
6ea3e8640831be999b747818d9826a36de14beafb316a1b418afb04a2d092e58
-
SHA512
fcea9322dd7963362c96b98aa927a24607eb987a15948cfb9aa7c4e36b3bbc4a7eae371558d888c3bd8523d93809d65c95f4b9587d923b7f616c67a65c30abe2
Score8/10-
Executes dropped EXE
-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
JavaScript code in executable
-
-
-
Target
index(4).html
-
Size
5KB
-
MD5
3e9329e1be2081bc1ecc6adf86960061
-
SHA1
224f65f5cbfaedc6ab89246e066d4f97480c2669
-
SHA256
0f8adf2edf0af48f148f10ee467a51a078cf1535e638b970baf6854fed1df019
-
SHA512
b287a49e56c4548b8e898a855646a94809fc4ddfb062d8467ad3814850e7722928bc9b0ee49fab508f0ebbe2777155e8ea8cc3a0effa001ba3c45c521261e254
Score8/10-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
-
-
Target
index(5).html
-
Size
14KB
-
MD5
a04ac97f975fbea37a2e385ae4a48c3d
-
SHA1
565214f80be60a73779880381991fae1f18872ca
-
SHA256
003e59cb295e42f6ea30a7576edb2ad902d82fee3f066eb59785a430f38a50d7
-
SHA512
7039ec15ba0782d757874a3301c6d82982bca25ff11affae170c3a75df5cc02ac1e516d37bbc1fbb0ee190b31f970d71a4ee8a025203f8743ca01e19cec5ceb6
Score1/10 -
-
-
Target
index(6).html
-
Size
9KB
-
MD5
8435cb7423ad89ef010d40d96b05ac41
-
SHA1
4b444901c98b3d88184ba6fcecb4cf5401db54ad
-
SHA256
027385f41fb1dac83bfd4c6ae4339bae6e7c8318d85b51892e3073cbe7fbde58
-
SHA512
dc4880ec617069cce4c185551ca958a5f1b99358dfa54c2d21f2fba20732db74ab44966a6189e245ffa177706f7cb56de1d3ef0529246a4ca1714722c64fbca3
Score8/10-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
-
-
Target
index(7).html
-
Size
18KB
-
MD5
4a52683398cac1b4c47b335ea2779654
-
SHA1
14ee7fcd212bb624887dfa746aabe49bc4eef357
-
SHA256
b9af37f8b2660e4b3b1f4bd42d7dd376d841d0dd854c1600384ed0ec8026ef37
-
SHA512
761e25ffd4bb6b9af253401a9f2acbc8bb5f34bac5959a82527ddca30e5277ec2e577ff7ad8883fd4201249ca2ab1df89850b73cae547b65902d41a8d53af1a5
Score1/10 -
-
-
Target
index(8).html
-
Size
67KB
-
MD5
7dfcda08bd2ab04f3e68be1d645867ec
-
SHA1
09b3db25987716cdd64a175f3e9b7488413e7bd7
-
SHA256
4a4991f9bfeade5b923b48cda32c9d81e61dc38cf37c9fba1273287c4d5b7415
-
SHA512
595573d32fc3313493bab38d528c9e1112135b726c4dc15b343f3f88f0e61ea83b656505eb0c662f6ff58bc1ffa79fc336cb305d89b591b721dfb00e5a1f3c88
Score1/10 -
-
-
Target
index(9).html
-
Size
119KB
-
MD5
33b72c6dc00dd802f5e2d53cbe5c613a
-
SHA1
450ed8acb15133ed843576e735cc171e77c6fe53
-
SHA256
027bb852118f95abe8945905a2ceb945b2051c14418f0f47cb9db097ccd97a36
-
SHA512
fb734e720d5043f887e0a8d66b01cae4a3c5028712a28452406cf0d1d629e2c4205d623286f8aa193b5d269ae8f545d860ae0a65cebedf77e6a887dff7163370
Score1/10 -
-
-
Target
index.html
-
Size
26KB
-
MD5
3e198c8b972a962aabf0a2bbe26c1029
-
SHA1
236dd9eadccb3aff18f910867d4231b38f8b77c8
-
SHA256
13ac02b44e2c48890c00ea16afe1d2e2918fa9cd9f20ae2782efb8c1c0c61425
-
SHA512
7ba8f027e23edac3e51f5e5a8f18431d03086582d034e09321ae2c539011639805463766ee520c9c8bef7b89e004c2c03c7178c0b7a953850a763aa39046d240
Score1/10 -
-
-
Target
index2.html
-
Size
6KB
-
MD5
a81d96c7ec17e2508e1516ced7f8d52a
-
SHA1
88ecb602f5badab8cda2ba2307c74eae9532b411
-
SHA256
9ac684e2d75d94e79155f364c62af51055c2475fe9f9672b302aa9bd4651d695
-
SHA512
7d22f5530fa4c810e892f4de84a563979664f97e70fd2a8b42ad9fb5581247f05e8529cda617af7cee26fd3d9d78498795bc745569b04c626b3500b84a6e3ffe
Score1/10 -
-
-
Target
infected dot net installer.exe
-
Size
1.7MB
-
MD5
6eb2b081d12ad12c2ce50da34438651d
-
SHA1
2092c0733ec3a3c514568b6009ee53b9d2ad8dc4
-
SHA256
1371b24900cbd474a6bc2804f0e79dbd7b0429368be6190f276db912d73eb104
-
SHA512
881d14d87a7f254292f962181eee79137f612d13994ff4da0eb3d86b0217bcbac39e04778c66d1e4c3df8a5b934cbb6130b43c0d4f3915d5e8471e9314d82c1b
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
inps_979.xls
-
Size
228KB
-
MD5
56fc044937a072471fdd8d63b874e04a
-
SHA1
738552f8db33ac0271aa860775815f3d1b291980
-
SHA256
59afe59cdbebf60434bd78270826ca9689c3765264dfcace312b89c606c0a962
-
SHA512
dbaf2e36ec17d474c829d847705de796bea153b784c8e894d4ff7bebb3bfcdf01447d97f217d9303e0eed5aa9b39046b75b2581331be28771582af2ea48c960b
Score1/10 -