General
Static task
static1
URLScan task
urlscan1
Sample
https://anonfiles.com/R1G9Zc79qe/Malware_Testing_rar
Malware Config
Extracted
metasploit
windows/download_exec
http://172.98.192.214:443/cSVlo1FeFAInvJDJkZ9P99GLwSTqIGUF
Extracted
lokibot
http://becharnise.ir/fb2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
http://pitr0s.com/DJ/luck/fre.php
Extracted
systembc
fb01ddd.com:4039
fb01ddd.xyz:4039
Extracted
snakekeylogger
Protocol: smtp- Host:
server255.web-hosting.com - Port:
587 - Username:
dakbooks@janrytwo.xyz - Password:
rK(gSd%NWaQ@
Targets
-
-
Target
https://anonfiles.com/R1G9Zc79qe/Malware_Testing_rar
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Snake Keylogger Payload
-
XMRig Miner Payload
-
Dave packer
Detects executable using a packer named 'Dave' by the community, based on a string at the end.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Stops running service(s)
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-