General
-
Target
albertu97@hotmail.com.zip
-
Size
939KB
-
Sample
201129-447yaeqfye
-
MD5
21e4d394be054c7ef90299d7343a1e44
-
SHA1
1bfb8a41e67b5af9d7283731d8673b553f92639c
-
SHA256
aa50e7bee9ebdb20bdd11b89d996c8fa080337c25a01fdb3d1559cddbe901356
-
SHA512
fc5b47501b0ccbbbe91174b1494c5f810bbbe083ca694a39f0cae2ca890d88c0c91661d6be950548f3d76cb9e85f67cabb4fc4e1d93055021ccd792af0f1adb7
Static task
static1
Behavioral task
behavioral1
Sample
22VVBN0D55D8GF7000DS1S4S8A5.vbs
Resource
win10v20201028
Behavioral task
behavioral2
Sample
~.exe
Resource
win10v20201028
Behavioral task
behavioral3
Sample
22VVBN0D55D8GF7000DS1S4S8A5.vbs
Resource
win7v20201028
Behavioral task
behavioral4
Sample
~.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
22VVBN0D55D8GF7000DS1S4S8A5.vbs
-
Size
10KB
-
MD5
3afcab8426cc193a450542c88832c31c
-
SHA1
3181367d7da126100194a1c59a90ac836dbfa433
-
SHA256
93d93845a8dbf73bbfe91eead4b4b17e6a4255d4c4a9dd8b8ae990a721d99069
-
SHA512
71275e28d80976dd214387fc432225727b8d0229ce8687e5d673fba182c647717640b3a1b207102403e49871567fb2e8877941eea75977accee51360e20b8fed
Score8/10-
Blocklisted process makes network request
-
-
-
Target
~
-
Size
2.0MB
-
MD5
ebe3aa6a70fac4e32a072f4ad21cff3d
-
SHA1
e1a41eed4f49e43f098e15b7620bf7af1c025a93
-
SHA256
df0a4fbebae6d6ae7150d70c96024a55712b6ce0aec82fa2fe23ea85b95a973d
-
SHA512
6f01d6f4fac7bc18f7cdff31717b2d2faa3b4dbddb2938bec507672f32693a6620bf21ac0f8310fb162b60c0f50364e3c7f7b8c770bf0c03269a4d5c3e546418
Score10/10-
Registers COM server for autorun
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-