General
-
Target
SRBPolaris_v3.5.zip
-
Size
3.3MB
-
Sample
210117-2davxblewj
-
MD5
99716c2ef573eb00f2f55883e94fe2d3
-
SHA1
2167fdc3db9fa3f144a20632c34f6a995132680f
-
SHA256
a536ca892e6b48659abdb48d6f6ec76c9fb193daa18916dac5514944dc777722
-
SHA512
85a1a668cbfbcf5c0bc22d366bd8d38ee16e4271138ded89fa98b435b6015d5a51549d9ad57bc10fbb1063ddae8e64c6e0aa0923fb4e5dc2ade2e1d52c9ba604
Static task
static1
Behavioral task
behavioral1
Sample
SRBPolaris/SRBPolaris.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SRBPolaris/SRBPolaris.exe
Resource
win10v20201028
Behavioral task
behavioral3
Sample
SRBPolaris/start_miner.bat
Resource
win7v20201028
Behavioral task
behavioral4
Sample
SRBPolaris/start_miner.bat
Resource
win10v20201028
Malware Config
Extracted
https://raw.githubusercontent.com/7gds/f/main/bild.exe
https://raw.githubusercontent.com/7gds/f/main/SRBPolaris.exe
Targets
-
-
Target
SRBPolaris/SRBPolaris.exe
-
Size
3.2MB
-
MD5
c2e30b1c29bdb7f359de31d71abd7e63
-
SHA1
93ffd64ef5585a857fd8d2a5bf1a3ce22ea12308
-
SHA256
93afc8c4e97831db9df15f6055ade3086bb560f6eb0b2d246a2e99560fcae288
-
SHA512
231faa7b0459b4a221eb7b6884be73c8b41849e26e16892a4f9cf078ff3840fb13a3688e0d3dab9065ebf748df0d71621cbb460777d92d45620ee8c0a6acd4c7
Score10/10-
Executes dropped EXE
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
SRBPolaris/start_miner.bat
-
Size
507B
-
MD5
729053729653980b816e7d7ef9ad113f
-
SHA1
8ecca7abb1813841cee61c9b9c1012a5afe8602f
-
SHA256
5e35af7f3a18ed0e8b1cd548fa0df1ed0e61ca8e4630833b35bbff29fc91a112
-
SHA512
7004259566b90156f058470433a26f877433b8c44ab7b73a1f5cab559a1db82decf80f5441170889dd1ddcaeb3bf70b0946ba6213f64a97d0b0297dc09e95870
Score1/10 -