Overview
overview
9Static
static
8080540b15c...f5.exe
windows7_x64
8080540b15c...f5.exe
windows10_x64
816937c50e9...9a.exe
windows7_x64
916937c50e9...9a.exe
windows10_x64
92fc4602468...5b.exe
windows7_x64
82fc4602468...5b.exe
windows10_x64
32fd826bdb8...14.exe
windows7_x64
82fd826bdb8...14.exe
windows10_x64
8cool summer.exe
windows7_x64
3cool summer.exe
windows10_x64
3iext3.fne.dll
windows7_x64
1iext3.fne.dll
windows10_x64
1krnln.fnr.dll
windows7_x64
1krnln.fnr.dll
windows10_x64
1xplib.fne.dll
windows7_x64
1xplib.fne.dll
windows10_x64
14373d18b2b...83.exe
windows7_x64
84373d18b2b...83.exe
windows10_x64
8485e37b429...f9.exe
windows7_x64
1485e37b429...f9.exe
windows10_x64
159c049de6d...14.exe
windows7_x64
859c049de6d...14.exe
windows10_x64
8641da56f29...fc.exe
windows7_x64
9641da56f29...fc.exe
windows10_x64
964b4fe7baf...60.exe
windows7_x64
164b4fe7baf...60.exe
windows10_x64
174368a064e...e0.exe
windows7_x64
874368a064e...e0.exe
windows10_x64
8c087a84574...ce.exe
windows7_x64
7c087a84574...ce.exe
windows10_x64
390eca63d6a...52.exe
windows7_x64
890eca63d6a...52.exe
windows10_x64
3General
-
Target
6064699289141248.zip
-
Size
9.9MB
-
Sample
210315-zmnfx2rcqx
-
MD5
8d072a859ec10c7eb02a3c4ff24ea2bb
-
SHA1
69a9d0eefc5b101fca7c29023c9b7beadc97e3e4
-
SHA256
253de8145c186c3d3ff60304eab1f23f4fdd50eb38a212c94847578226af433c
-
SHA512
939105292ce45123c91b533d65dd0fd228841f3da64d59a99074994b5502c759cb6ff15f7b322b45cb69ad12db2078d02f2e2360e3b98cab8e11083315f718d6
Behavioral task
behavioral1
Sample
080540b15c90a082697cfa8fa08e0d31ab4e8d12035b69df52a71da41f5e7bf5.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
080540b15c90a082697cfa8fa08e0d31ab4e8d12035b69df52a71da41f5e7bf5.exe
Resource
win10v20201028
Behavioral task
behavioral3
Sample
16937c50e9597e6d3ce66dc15632eee53ad10c32bb077d53baf0c4368b8a359a.exe
Resource
win7v20201028
Behavioral task
behavioral4
Sample
16937c50e9597e6d3ce66dc15632eee53ad10c32bb077d53baf0c4368b8a359a.exe
Resource
win10v20201028
Behavioral task
behavioral5
Sample
2fc4602468f243f742b496683ee9bd6ff22c4c85b56567eff3df2bf7ef5c495b.exe
Resource
win7v20201028
Behavioral task
behavioral6
Sample
2fc4602468f243f742b496683ee9bd6ff22c4c85b56567eff3df2bf7ef5c495b.exe
Resource
win10v20201028
Behavioral task
behavioral7
Sample
2fd826bdb83c394de8e5c660cb4af4885e071c96db236e80503b3c4ef048b414.exe
Resource
win7v20201028
Behavioral task
behavioral8
Sample
2fd826bdb83c394de8e5c660cb4af4885e071c96db236e80503b3c4ef048b414.exe
Resource
win10v20201028
Behavioral task
behavioral9
Sample
cool summer.exe
Resource
win7v20201028
Behavioral task
behavioral10
Sample
cool summer.exe
Resource
win10v20201028
Behavioral task
behavioral11
Sample
iext3.fne.dll
Resource
win7v20201028
Behavioral task
behavioral12
Sample
iext3.fne.dll
Resource
win10v20201028
Behavioral task
behavioral13
Sample
krnln.fnr.dll
Resource
win7v20201028
Behavioral task
behavioral14
Sample
krnln.fnr.dll
Resource
win10v20201028
Behavioral task
behavioral15
Sample
xplib.fne.dll
Resource
win7v20201028
Behavioral task
behavioral16
Sample
xplib.fne.dll
Resource
win10v20201028
Behavioral task
behavioral17
Sample
4373d18b2bf09478387fc4e762cf29d6a9ba886e2f39dd4353fb6e8b33fee083.exe
Resource
win7v20201028
Behavioral task
behavioral18
Sample
4373d18b2bf09478387fc4e762cf29d6a9ba886e2f39dd4353fb6e8b33fee083.exe
Resource
win10v20201028
Behavioral task
behavioral19
Sample
485e37b429bee1807d1cc52afa3de654928bd2a17f71b028abe71b1abac7e3f9.exe
Resource
win7v20201028
Behavioral task
behavioral20
Sample
485e37b429bee1807d1cc52afa3de654928bd2a17f71b028abe71b1abac7e3f9.exe
Resource
win10v20201028
Behavioral task
behavioral21
Sample
59c049de6d7f42e5739b586fe1fe0dff6318328555f82a71080d03763d08d314.exe
Resource
win7v20201028
Behavioral task
behavioral22
Sample
59c049de6d7f42e5739b586fe1fe0dff6318328555f82a71080d03763d08d314.exe
Resource
win10v20201028
Behavioral task
behavioral23
Sample
641da56f29c645a544f19c88f54c1dfcf3a7f52711c5b0ff8826cf36bbaef3fc.exe
Resource
win7v20201028
Behavioral task
behavioral24
Sample
641da56f29c645a544f19c88f54c1dfcf3a7f52711c5b0ff8826cf36bbaef3fc.exe
Resource
win10v20201028
Behavioral task
behavioral25
Sample
64b4fe7baf53d40ac6ab1fd13bdcedb48f38b37c76d792b93da00bc3ba195260.exe
Resource
win7v20201028
Behavioral task
behavioral26
Sample
64b4fe7baf53d40ac6ab1fd13bdcedb48f38b37c76d792b93da00bc3ba195260.exe
Resource
win10v20201028
Behavioral task
behavioral27
Sample
74368a064edba03fecd56aeb572127318861fc9b9d14851cd46029cd5a270ee0.exe
Resource
win7v20201028
Behavioral task
behavioral28
Sample
74368a064edba03fecd56aeb572127318861fc9b9d14851cd46029cd5a270ee0.exe
Resource
win10v20201028
Behavioral task
behavioral29
Sample
c087a84574092eba9510c17f425853ce.exe
Resource
win7v20201028
Behavioral task
behavioral30
Sample
c087a84574092eba9510c17f425853ce.exe
Resource
win10v20201028
Behavioral task
behavioral31
Sample
90eca63d6ac05c375af58247435cea9fa724335f946e4576986a25a553dcb852.exe
Resource
win7v20201028
Behavioral task
behavioral32
Sample
90eca63d6ac05c375af58247435cea9fa724335f946e4576986a25a553dcb852.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
080540b15c90a082697cfa8fa08e0d31ab4e8d12035b69df52a71da41f5e7bf5
-
Size
1005KB
-
MD5
9c7795073fe543136748180a9d22abec
-
SHA1
3b1ffb90e59e01d33444ca5516321cebd55a2e7c
-
SHA256
080540b15c90a082697cfa8fa08e0d31ab4e8d12035b69df52a71da41f5e7bf5
-
SHA512
363dd2f8775b766fcf14f5aa629dbb36e169d45bf0091814ad3ed0f5d0a787a3eb35758eef3bfd55325eabcf7576f3bd009e7408d17b4569d1ea92d3db9a746f
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
16937c50e9597e6d3ce66dc15632eee53ad10c32bb077d53baf0c4368b8a359a
-
Size
4.3MB
-
MD5
a9db364c68ce56a448ead48291fa0cd3
-
SHA1
1550491d8a926cbabbd5dc963a4f41dd3b5b6826
-
SHA256
16937c50e9597e6d3ce66dc15632eee53ad10c32bb077d53baf0c4368b8a359a
-
SHA512
84b46388ffbe733c0ad9472ed0d811db1affa7ec3b6b218cf0f90a9685d2dfe55e7bf37194af147ae555315c5fa6ee00fcc98a8dad5cfd80120e178433e5db1f
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
2fc4602468f243f742b496683ee9bd6ff22c4c85b56567eff3df2bf7ef5c495b
-
Size
100KB
-
MD5
ab3bfa9ef77a888353ed05d0bed7e931
-
SHA1
71c44b922b3de2db1e6c63a846e92850973526fc
-
SHA256
2fc4602468f243f742b496683ee9bd6ff22c4c85b56567eff3df2bf7ef5c495b
-
SHA512
4e48b0f765a8a9af0dfe035b98c9ea2b3928a802111e04f12b82d8f7222b9565006e6c282451a26ee33ea0b581502ca5c475e76ebfc001cb16d4b93d02e24b81
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
2fd826bdb83c394de8e5c660cb4af4885e071c96db236e80503b3c4ef048b414
-
Size
57KB
-
MD5
def91e622f9982c57fbf135737169d09
-
SHA1
323469e58973010b1f382584806f5969bb1bf13e
-
SHA256
2fd826bdb83c394de8e5c660cb4af4885e071c96db236e80503b3c4ef048b414
-
SHA512
a3c0ffe74f1b32c521b7b659a235aa10a49478f2ed750d656fae580b7ae89b3a42d00535b4bc14336d1d6dbc829b0dc1b32635a7d076178c15372fd6986023bc
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
cool summer.exe
-
Size
26KB
-
MD5
652aecdc55ed88c7ddccda09adda2df1
-
SHA1
2edf5f1ec2124c94d95e2ccc35146e356d164c31
-
SHA256
7b77c970b908b1581fcc73f94d99b1c24a0945016448993712d322d1937a5318
-
SHA512
70a19d30f1a1452c79873a95392f62bc8eaf81545292be6f28f51d8b1060ac35be5d4fc431c4238c7b3fbb3ffa274fce7955c5a4424365a070777a98a41eac63
Score3/10 -
-
-
Target
iext3.fne
-
Size
380KB
-
MD5
07f0db2727c8288cd2cf7c4cf352708d
-
SHA1
caf2d1b631c785c1f6f01189cf841fc2661666ed
-
SHA256
3c18183857979a2b5664d3f852f74e3f31f0626720654914453e964938e18f5e
-
SHA512
b81029a2968663a180feca2e3e47f4736f87a7cc73e6a9153aa227b91d963e077f44c5a289b9f64d6b481b7bd5ccb4bcb762048a4f29810c1f4fd4e6106cb0d3
Score1/10 -
-
-
Target
krnln.fnr
-
Size
1.1MB
-
MD5
638e737b2293cf7b1f14c0b4fb1f3289
-
SHA1
f8e2223348433b992a8c42c4a7a9fb4b5c1158bc
-
SHA256
baad4798c3ab24dec8f0ac3cde48e2fee2e2dffa60d2b2497cd295cd6319fd5b
-
SHA512
4d714a0980238c49af10376ff26ec9e6415e7057925b32ec1c24780c3671047ac5b5670e46c1c6cf9f160519be8f37e1e57f05c30c6c4bda3b275b143aa0bf12
Score1/10 -
-
-
Target
xplib.fne
-
Size
48KB
-
MD5
37a58e1c5ce48e401ee8dd1d1da54814
-
SHA1
a87d00d78838c2d968b72330ee6f21f69b2caae5
-
SHA256
1c426928fb90bedb31fcffa0f3fbe7bdbca4259f93f5abdefed6a9a089f2982c
-
SHA512
e85052fc305040bdcaf47262e0ce6eef0848b319baac72a076dc94e7d20ea7ad8fbdd7d5381606a3154ab84fe81429bb339123ac1cd94551b1dc9cecfb7a08bf
Score1/10 -
-
-
Target
4373d18b2bf09478387fc4e762cf29d6a9ba886e2f39dd4353fb6e8b33fee083
-
Size
25KB
-
MD5
cd4cc1545d329de2398ff457e712edb2
-
SHA1
969b04cf87e367ad0c29ffc8c039cdde63196637
-
SHA256
4373d18b2bf09478387fc4e762cf29d6a9ba886e2f39dd4353fb6e8b33fee083
-
SHA512
4ed085bfc53b63c2d25fff05d919731d3dd151759803062b964275f3881f16e3ac77c415e1ad3a94ed46dcc889d1b3eb9932372e81dbcb384339c913500f2fa9
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
485e37b429bee1807d1cc52afa3de654928bd2a17f71b028abe71b1abac7e3f9
-
Size
81KB
-
MD5
41d039d3633ffa1f70c61ae96fe2b8e8
-
SHA1
c6e67978244671733cb48fad28e5a1c15944c921
-
SHA256
485e37b429bee1807d1cc52afa3de654928bd2a17f71b028abe71b1abac7e3f9
-
SHA512
9a202a59cb98e95208af5c9f7a2e71b5bbc9508ec9797f0450c62c3e2ab1dad0eb47b182a3cdc5c4d23179a3e03ca664e1923460911443227ac116698f90b4b9
Score1/10 -
-
-
Target
59c049de6d7f42e5739b586fe1fe0dff6318328555f82a71080d03763d08d314
-
Size
951KB
-
MD5
9fb6c6868de1100fc5b93f867a774587
-
SHA1
80974a833e924742924c267c2b3c5067fd863dbb
-
SHA256
59c049de6d7f42e5739b586fe1fe0dff6318328555f82a71080d03763d08d314
-
SHA512
4078beb194448b2951cc2b4b9ea374b0d2bd267d096c40954b8b76fbc4ddd66392614789f33e561492d2d1440fba631e887fab495addc5583b0b1dc4c2cd3c43
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
641da56f29c645a544f19c88f54c1dfcf3a7f52711c5b0ff8826cf36bbaef3fc
-
Size
731KB
-
MD5
0e1f62103ac0bc7ea1264470601c72ab
-
SHA1
c8880427dfdb0dbf1bbe637a9c342c29a165dacd
-
SHA256
641da56f29c645a544f19c88f54c1dfcf3a7f52711c5b0ff8826cf36bbaef3fc
-
SHA512
8fd68e87bc607fb962709b9ef0bcfdec39976c6f2d5d80acee826d99427f01df8b20e912a86c63a6a0d73968049a1d4ac28107aa29c5edbd73aa1b26a0b9a9ac
Score9/10-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Enumerates VirtualBox registry keys
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
64b4fe7baf53d40ac6ab1fd13bdcedb48f38b37c76d792b93da00bc3ba195260
-
Size
81KB
-
MD5
9d603f0329d9004c719c4effdb7f1830
-
SHA1
94cbbeba0f283da589464ab9c087caf8c3bf7b02
-
SHA256
64b4fe7baf53d40ac6ab1fd13bdcedb48f38b37c76d792b93da00bc3ba195260
-
SHA512
eafc2f35b54335d3ab6a2ab5472127c93c46c8097900eb01ecdbf7b9903c560a63fe43d9adb9c6588308cefe8f31e391f7865f39bd0ad98e018e260d8a1ab64a
Score1/10 -
-
-
Target
74368a064edba03fecd56aeb572127318861fc9b9d14851cd46029cd5a270ee0
-
Size
939KB
-
MD5
9a8a41462d8c437a1861304151333084
-
SHA1
4de7438431f5fd3e2545e5ab77ac02032b01e923
-
SHA256
74368a064edba03fecd56aeb572127318861fc9b9d14851cd46029cd5a270ee0
-
SHA512
1cdf4e800310359e490284d364228631333499a3019e5a84fbd6f3c63780f38899fcdfd77510892fc5d0f000d822b5b33f6e1eb5a25a85c255360422db341458
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
c087a84574092eba9510c17f425853ce
-
Size
128KB
-
MD5
c087a84574092eba9510c17f425853ce
-
SHA1
015a499f638d2c3bbb453ca98b31a3ac6203b2b7
-
SHA256
2a56e792c187c3b59f0f62b58dcd92d8137581ad83eeff0b86c120e78c3bba13
-
SHA512
68df03dc8ccc6d386f4c00c2491c0ce0e337af3f46c89bb586894901215280ec171a032b6913fe6201f92324c1cdc049f0515e9b65170352957cf0d19eec21ce
Score7/10-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
90eca63d6ac05c375af58247435cea9fa724335f946e4576986a25a553dcb852
-
Size
59KB
-
MD5
dc014e9681ed57207d64443cb2bbe34c
-
SHA1
e56f420bfb14a01b042563e1bdf6380c1a45a76c
-
SHA256
90eca63d6ac05c375af58247435cea9fa724335f946e4576986a25a553dcb852
-
SHA512
347113544311ce154da6c1755e7a5b9ebac00c9b4fa9d91e58ef81bf886da0b3faef453fe12e965b003f59890644742786ae14b2671196443914fc3a8c7bac1f
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-