General
-
Target
Gvc.2008.5.keygen.by.FUTURiTY.zip
-
Size
4.8MB
-
Sample
210323-hbnw5y81ds
-
MD5
5597b9d5f6ddda029e464d9380e20aad
-
SHA1
7c5733bb53e534d6e2c128022f1eff981ee2e759
-
SHA256
273294e2d44ae721670c7ccea8a49109f57b2aca9d91b871de5cef61bfb530ee
-
SHA512
8b864f833ad4e5cf5cf946d626147c96845a9c8f3c908af7458a26e23f998692c71224a0be6004eb313cc83356e0b117a6c2212f84d86fadefcd59804d239c73
Static task
static1
Behavioral task
behavioral1
Sample
Gvc.2008.5.keygen.by.FUTURiTY.exe
Resource
win10v20201028
Behavioral task
behavioral2
Sample
Gvc.2008.5.keygen.by.FUTURiTY.exe
Resource
win10v20201028
Behavioral task
behavioral3
Sample
Gvc.2008.5.keygen.by.FUTURiTY.exe
Resource
win10v20201028
Behavioral task
behavioral4
Sample
Gvc.2008.5.keygen.by.FUTURiTY.exe
Resource
win10v20201028
Malware Config
Extracted
azorult
http://kvaka.li/1210776429.php
Extracted
fickerstealer
lukkeze.club:80
Extracted
icedid
1336056381
fsikiolker.uno
Extracted
http://labsclub.com/welcome
Extracted
raccoon
c46f13f8aadc028907d65c627fd9163161661f6c
-
url4cnc
https://telete.in/capibar
Extracted
cryptbot
baatf22.top
morqfh02.top
-
payload_url
http://akqdw02.top/download.php?file=lv.exe
Extracted
redline
white
whitegarden.top:80
Extracted
metasploit
windows/single_exec
Extracted
smokeloader
2020
http://xsss99.icu/upload/
http://bingooodsg.icu/upload/
http://junntd.xyz/upload/
http://ginessa11.xyz/upload/
http://overplayninsx.xyz/upload/
http://bananinze.com/upload/
http://daunimlas.com/upload/
Extracted
redline
86.107.197.64:40355
Extracted
smokeloader
2019
http://10022020newfolder1002002131-service1002.space/
http://10022020newfolder1002002231-service1002.space/
http://10022020newfolder3100231-service1002.space/
http://10022020newfolder1002002431-service1002.space/
http://10022020newfolder1002002531-service1002.space/
http://10022020newfolder33417-01242510022020.space/
http://10022020test125831-service1002012510022020.space/
http://10022020test136831-service1002012510022020.space/
http://10022020test147831-service1002012510022020.space/
http://10022020test146831-service1002012510022020.space/
http://10022020test134831-service1002012510022020.space/
http://10022020est213531-service100201242510022020.ru/
http://10022020yes1t3481-service1002012510022020.ru/
http://10022020test13561-service1002012510022020.su/
http://10022020test14781-service1002012510022020.info/
http://10022020test13461-service1002012510022020.net/
http://10022020test15671-service1002012510022020.tech/
http://10022020test12671-service1002012510022020.online/
http://10022020utest1341-service1002012510022020.ru/
http://10022020uest71-service100201dom2510022020.ru/
http://10022020test61-service1002012510022020.website/
http://10022020test51-service1002012510022020.xyz/
http://10022020test41-service100201pro2510022020.ru/
http://10022020yest31-service100201rus2510022020.ru/
http://10022020rest21-service1002012510022020.eu/
http://10022020test11-service1002012510022020.press/
http://10022020newfolder4561-service1002012510022020.ru/
http://10022020rustest213-service1002012510022020.ru/
http://10022020test281-service1002012510022020.ru/
http://10022020test261-service1002012510022020.space/
http://10022020yomtest251-service1002012510022020.ru/
http://10022020yirtest231-service1002012510022020.ru/
Extracted
raccoon
afefd33a49c7cbd55d417545269920f24c85aa37
-
url4cnc
https://telete.in/jagressor_kz
Extracted
redline
btc
107.178.108.138:40355
Extracted
redline
sirus us
149.28.124.193:60944
Extracted
redline
USA_U
86.107.197.8:31099
Extracted
redline
123456
185.153.198.36:10202
Extracted
redline
USA TOP EU
ichynkara.xyz:80
Extracted
redline
lilal
ichynkara.xyz:80
Targets
-
-
Target
Gvc.2008.5.keygen.by.FUTURiTY.exe
-
Size
4.9MB
-
MD5
abfee826007268337905584a4094c3b4
-
SHA1
749db5d0293abe1aecb70416abe8a77e5b2a2102
-
SHA256
69b1caf2b943df7820f2ded63e6f16fab5aac9307bfc71dd7a7bdc1ec8131af7
-
SHA512
7988a5d6308a513b7eadcec6b912423076bcb94e94f4af269464dabf278e9cc46b2c785492607bb2f75eb3fa718534f5b59832f10a72088a4e7101b89d1312f8
Score10/10azorultfickerstealericedid1336056381bankerinfostealerloaderpersistencetrojancryptbotgluptebametasploitraccoonredlinesmokeloadervidarxmrigc46f13f8aadc028907d65c627fd9163161661f6cwhitebackdoordiscoverydropperevasionminerspywarestealerthemidaupx123456afefd33a49c7cbd55d417545269920f24c85aa37btclilalsirus ususa top euusa_u-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
CryptBot Payload
-
Glupteba Payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
IcedID First Stage Loader
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Modifies boot configuration data using bcdedit
-
XMRig Miner Payload
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Modify Existing Service
1Hidden Files and Directories
2Registry Run Keys / Startup Folder
2Scheduled Task
1Defense Evasion
Virtualization/Sandbox Evasion
2Impair Defenses
1Hidden Files and Directories
2Modify Registry
4File Permissions Modification
1Install Root Certificate
1