General
-
Target
DBF.Viewer.Pro.3.11.crack.by.F4CG.zip
-
Size
4.7MB
-
Sample
210326-j9w3qw1y3j
-
MD5
651bcfdcc5d0d27e322b26bb24cb0b78
-
SHA1
b43e29e73bfcc06a21fe096233193b1c3e878f33
-
SHA256
e4bae62404e608d4b92d65c3958a3e1d0255521e457400f87e1e7bfd9e9ace59
-
SHA512
997ca7725160ad95fc3f10c896745c462687bda61da7ad42a45d07932ccff1063f2e601d7cc22c170ff44f0f555a2321547e01df597257cfbeb5fa0c3511f4b8
Static task
static1
Behavioral task
behavioral1
Sample
DBF.Viewer.Pro.3.11.crack.by.F4CG.exe
Resource
win10v20201028
Behavioral task
behavioral2
Sample
DBF.Viewer.Pro.3.11.crack.by.F4CG.exe
Resource
win10v20201028
Behavioral task
behavioral3
Sample
DBF.Viewer.Pro.3.11.crack.by.F4CG.exe
Resource
win10v20201028
Behavioral task
behavioral4
Sample
DBF.Viewer.Pro.3.11.crack.by.F4CG.exe
Resource
win10v20201028
Malware Config
Extracted
azorult
http://kvaka.li/1210776429.php
Extracted
redline
newone
91.214.124.106:80
Extracted
metasploit
windows/single_exec
Extracted
redline
19test200
erherst.tk:80
Extracted
smokeloader
2019
http://10022020newfolder1002002131-service1002.space/
http://10022020newfolder1002002231-service1002.space/
http://10022020newfolder3100231-service1002.space/
http://10022020newfolder1002002431-service1002.space/
http://10022020newfolder1002002531-service1002.space/
http://10022020newfolder33417-01242510022020.space/
http://10022020test125831-service1002012510022020.space/
http://10022020test136831-service1002012510022020.space/
http://10022020test147831-service1002012510022020.space/
http://10022020test146831-service1002012510022020.space/
http://10022020test134831-service1002012510022020.space/
http://10022020est213531-service100201242510022020.ru/
http://10022020yes1t3481-service1002012510022020.ru/
http://10022020test13561-service1002012510022020.su/
http://10022020test14781-service1002012510022020.info/
http://10022020test13461-service1002012510022020.net/
http://10022020test15671-service1002012510022020.tech/
http://10022020test12671-service1002012510022020.online/
http://10022020utest1341-service1002012510022020.ru/
http://10022020uest71-service100201dom2510022020.ru/
http://10022020test61-service1002012510022020.website/
http://10022020test51-service1002012510022020.xyz/
http://10022020test41-service100201pro2510022020.ru/
http://10022020yest31-service100201rus2510022020.ru/
http://10022020rest21-service1002012510022020.eu/
http://10022020test11-service1002012510022020.press/
http://10022020newfolder4561-service1002012510022020.ru/
http://10022020rustest213-service1002012510022020.ru/
http://10022020test281-service1002012510022020.ru/
http://10022020test261-service1002012510022020.space/
http://10022020yomtest251-service1002012510022020.ru/
http://10022020yirtest231-service1002012510022020.ru/
Extracted
smokeloader
2020
http://xsss99.icu/upload/
http://bingooodsg.icu/upload/
http://junntd.xyz/upload/
http://ginessa11.xyz/upload/
http://overplayninsx.xyz/upload/
http://bananinze.com/upload/
http://daunimlas.com/upload/
Extracted
raccoon
afefd33a49c7cbd55d417545269920f24c85aa37
-
url4cnc
https://telete.in/jagressor_kz
Extracted
raccoon
dd478ff8ed48e4864892644c2a5502e502f6869c
-
url4cnc
https://telete.in/iodmarius
Extracted
redline
BANK SHALLON
86.106.181.231:3214
Extracted
http://labsclub.com/welcome
Extracted
icedid
shturmann.space
Extracted
redline
9898
86.106.181.42:40355
Targets
-
-
Target
DBF.Viewer.Pro.3.11.crack.by.F4CG.exe
-
Size
4.8MB
-
MD5
98e0552e7c661d3f84c5ca691bb58b60
-
SHA1
f8747cbd9256e9587e45b1feeded6b082b098e5d
-
SHA256
23e30d6f1d505e6a0cf1672ec7420d28af81975a9832f1af2eae8a3233a09eb4
-
SHA512
d767b09e6d24ce96ce95e7cbcb248b93373f7dcbad3a96ba249a3c54df9511567c4ff2bfd8393492a0f90ae8bf5ab37c1cf71f75092ad81dde7a7a7a5f7e76da
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Glupteba Payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
IcedID First Stage Loader
-
XMRig Miner Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Registry Run Keys / Startup Folder
1Scheduled Task
1Hidden Files and Directories
1Defense Evasion
File Permissions Modification
1Modify Registry
3Install Root Certificate
1Hidden Files and Directories
1