General
-
Target
Sirus_Pass_123 (4).zip
-
Size
1.1MB
-
Sample
210419-dsnbak5cvn
-
MD5
4d93f53ac18d894a6d909d6bb13391c9
-
SHA1
58c7280967d22ae38a7e6570addce23fe4903089
-
SHA256
31b38210c42a2d3aee184beca7d5b2995e293387b88f07b86db587ed91a70eb8
-
SHA512
0fb743bc8421947431d4435f54e22680fe68423856c291199c73bb1dd52c676ded28a96a36a255c29e871e7de69b934f009481e49ab83c90529125018384b2c9
Static task
static1
Behavioral task
behavioral1
Sample
Sirus.exe
Resource
win10v20210408
Behavioral task
behavioral2
Sample
Sirus.exe
Resource
win10v20210410
Malware Config
Extracted
raccoon
1a329a10c40d1d7de968ac01620072546be15062
-
url4cnc
https://tttttt.me/jrrand0mer
Targets
-
-
Target
Sirus.exe
-
Size
1.6MB
-
MD5
bc56db19b52ed6319e02a3aff17e8ccb
-
SHA1
ef9cd9d631d5d8f384b22debdf520d6f9b06e1ff
-
SHA256
a0edc967ba879922c1ed23b608445e025aa7ef48291146c4a963a6d5546c8f6c
-
SHA512
dc05f4351a00e55db70154d0650a8fdddd63aa5cd8741645ad5b3397bbdc67f10cef521d9a8a2f7a2c64dd80a048a7e0a484982e1bfcdc7c360ba771cbe03017
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-