Overview

overview

8

Static

static

8

Win32.Pega...15.xls

windows10_x64

1

Win32.Pega...15.xls

windows10_x64

1

Win32.Pega...?).doc

windows10_x64

1

Win32.Pega...15.doc

windows10_x64

1

Win32.Pega...min.js

windows10_x64

1

Win32.Pega...min.js

windows10_x64

1

Win32.Pega...ain.js

windows10_x64

1

Win32.Pega...ble.js

windows10_x64

1

Win32.Pega...min.js

windows10_x64

1

Win32.Pega...min.js

windows10_x64

1

Win32.Pega...min.js

windows10_x64

1

Win32.Pega...x.html

windows10_x64

1

Win32.Pega...vg.xml

windows10_x64

Win32.Pega...min.js

windows10_x64

1

Win32.Pega...hp.vbs

windows10_x64

1

Win32.Pega...hp.vbs

windows10_x64

1

Win32.Pega...hp.vbs

windows10_x64

1

Win32.Pega...php.js

windows10_x64

1

Win32.Pega...ol.exe

windows10_x64

1

Win32.Pega...gs.bat

windows10_x64

1

Win32.Pega...ct.bat

windows10_x64

1

Win32.Pega...es.bat

windows10_x64

1

Win32.Pega...re.bat

windows10_x64

1

Win32.Pega...er.bat

windows10_x64

1

Win32.Pega...er.bat

windows10_x64

1

Win32.Pega...hp.ps1

windows10_x64

Win32.Pega...RS.BAT

windows10_x64

1

Win32.Pega...ck.exe

windows10_x64

1

Win32.Pega...pp.vbs

windows10_x64

1

Win32.Pega...pp.vbs

windows10_x64

1

Win32.Pega...pp.vbs

windows10_x64

1

Win32.Pega...pp.vbs

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2894c5979087388c4d4601f543f4be0a8383e0a3492f63fc104ebf99bcf83bf2

  • Size

    22.5MB

  • Sample

    210723-hxg6qy25k2

  • MD5

    77e2d676864b24462e456581774e5e8d

  • SHA1

    c8e2b9c194ea67be4b3aa77bbd95087705d3f4c4

  • SHA256

    2894c5979087388c4d4601f543f4be0a8383e0a3492f63fc104ebf99bcf83bf2

  • SHA512

    c39f2e97682598612a6de6f142efbcd490669358841b0bcdbbe353cba360d950623e8744cb523840dfaf62385d186a2cef9c72a91e1e27a45946e8c5f67ba4dd

Score
8/10
macroxlm

Malware Config

Targets

    • Target

      Win32.Pegasus/Pegasus/mod_KBRI/kbriList.cpp

    • Size

      2KB

    • MD5

      b02f7eeb59774d3b5383c41eae80cace

    • SHA1

      4866eece5bc2bf1a7b772fd22e93c79a32b157f7

    • SHA256

      d72ddd204f4142548ecc509df28305d868fb2ce95d342d4e5e7ebeea8c44f3ed

    • SHA512

      2ad2d4bf36cecd9a13b9ca96237f17dda2b497143710414f5ecae60f20cda2549880c81d5dfb002dcb997f9d83eb18a8115b94c491643f49e5f427e8e2474ab2

    Score
    1/10
    behavioral1

    • Target

      Win32.Pegasus/Pegasus/mod_KBRI/kbriTargetAccManager.cpp

    • Size

      18KB

    • MD5

      cef88126ece0d9257c3bfdb8e5d4e8f8

    • SHA1

      1580842e389666e5e1d69cf461ce13f38fa4e1d4

    • SHA256

      2becfd1286dab62a1dbbc2b17638c7edbe8264c404f86b1874bcd9caf883f1bb

    • SHA512

      d2760cf521b9928a9cba3ef35958e14cfb72c4ee6215467dc5fc8a186bba85e54f2a5ebb3f06107082df66d9be7e618f405aa2f1a464236c53a19e89e6b23a38

    Score
    1/10
    behavioral2

    • Target

      Win32.Pegasus/Pegasus/mod_NetworkConnectivity/transport_Generic.cpp

    • Size

      37KB

    • MD5

      b862e7bc753fd616a7bb3e27e7c3dcf0

    • SHA1

      5cf3661921d27cde2055b60347d941e2f2314d54

    • SHA256

      809fa9456996624e2f321c1586b7f924d6470f30463c6f358d062b055304bc93

    • SHA512

      b5e08b135a8cf3f82d6807c61064123363b984a7608815e34d0f12a3d0b08cf5337feb639aee5d977274b57954e5fd7d1d550072029a5526743bf24fce44bfb9

    Score
    1/10
    behavioral3

    • Target

      Win32.Pegasus/Pegasus/shared/CommStructures.cpp

    • Size

      5KB

    • MD5

      50f9739036606a020c64cc9d7997dd2d

    • SHA1

      d608bad6274a89cb511e985f4260bed87fbb5573

    • SHA256

      5fccf797fb76faf0ace8220744e8a6500e63478b4696794555810a6ff5f52487

    • SHA512

      782f7271c3a0add0117076f90e997ca521848d26da847e835374aa7ebc52ffbbf432c0b918e029e62a572116ba0a7477c7e351750fec185c7a5e40303b718c96

    Score
    1/10
    behavioral4

    • Target

      Win32.Pegasus/Pegasus/tools/LZ4_pack.exe

    • Size

      7KB

    • MD5

      6ca2c8f9aac1683294ac1a81f540c586

    • SHA1

      5f0e18fde7d22d71f8f5ccb447c49b6563dfc2d1

    • SHA256

      8fc07f388fa4eb53869d2e10dd64ff2e38a7581384f8b32c17a22f6a90c10f27

    • SHA512

      3d27a0d19528193e5c9fc1c20d668f53c0e45e3a814e52c8c19d1d4fcfc90611a1f693abd37a9e5eede90930a351a194e95cc1e0ec6d6fa99ce771b82d8d12ee

    Score
    1/10
    behavioral5

    • Target

      Win32.Pegasus/Pegasus/tools/MAKE_INSTALLERS.BAT

    • Size

      811B

    • MD5

      402a8101a00b7b680ae44fc78119e43b

    • SHA1

      dc0fd4a687e0441255d8d209e8aa7e411ab87108

    • SHA256

      2047d6f1f51041b3e7484360ab13a447e1a068f33c74217d24ef205810f88371

    • SHA512

      50e23b0e142369ccf7c06cd45f08a3e6af3a20c375be95f545a5b7c41473a5bec900c5c3661cb0489f93db42dc9d3662738071bdbcfb622621cd3e93361f2c19

    Score
    1/10
    behavioral6

    • Target

      Win32.Pegasus/Pegasus/tools/make_binpack.php

    • Size

      24KB

    • MD5

      46b2969776ff8519d68ce9737d409de6

    • SHA1

      7695963bbc897de7fbc6292988f919b6bbf9d05d

    • SHA256

      19163de1f886236461718295d6571575e92d578ab1158eb1dc27db23887bcc61

    • SHA512

      4dad23a50c6f89d40eb9cc60dae3d4ee5613ebffde454f224ffb11d25b93c323c36d9712d25b0ad85cb1ef616018265f72f6cf8376d1b1bb8a9bcf07f284894c

    Score
    1/10
    behavioral7

    • Target

      Win32.Pegasus/Pegasus/tools/postbuild_installer.bat

    • Size

      714B

    • MD5

      659b07f9a62aebeec1b3842f1c5f152e

    • SHA1

      100b99408ced8355d3e35f270c160d554e5fac14

    • SHA256

      31edc588f38a86cac3d82054f5112fc7e25b7b5234df6ee33d4c26e301e7c1ce

    • SHA512

      a00ce684abf37e3e1dd3c9808fd784e49e6193cc437e41909414c805c255ad342db7e212b4ef183ea762bd93a7f293142f0b06652fcf54f5b13f1d23b574005b

    Score
    1/10
    behavioral8

    • Target

      Win32.Pegasus/Pegasus/tools/prebuild_installer.bat

    • Size

      764B

    • MD5

      0fa10f41a2f62c8bbc4813a71e3c85a9

    • SHA1

      1e4ed6b9ed657fcd029c8f5f27ed8c1387b986a5

    • SHA256

      742e4790ab65c03cc76ae0dd817562050e88607367253e2106c9918e04d3a205

    • SHA512

      3e242ac295b79ae0515076720eebd1baa42c5176191fae988358b37d25d9b7e0e01072e790fd180efd5cee4db91e95eecd0e86fea2cb61df4d205d9873d43bb3

    Score
    1/10
    behavioral9

    • Target

      Win32.Pegasus/Pegasus/tools/rebuild_core.bat

    • Size

      1KB

    • MD5

      8235bcd6cf9045e8ef8bd3dc00ba8f9d

    • SHA1

      0b6ce5b4eb23ca3ea789c3db526be693646ebd48

    • SHA256

      a2eece4327fcbbfa4c3614ac20cac011c52d16e5a39365cfee82697bd4552850

    • SHA512

      4fcb036b695091b8a1aaf65958e0e72f685cc16474b0d4a2a08b53253cd92d14641b4ed764c453f3aab62254fa267796fd25639a0676b3c94fc21b4edcaf0b82

    Score
    1/10
    behavioral10

    • Target

      Win32.Pegasus/Pegasus/tools/rebuild_modules.bat

    • Size

      1KB

    • MD5

      b0c0d018e7a2ddd3b3c00f9dac13fba7

    • SHA1

      a048d50c8389e9f4acb107a8ce461c9642c5defa

    • SHA256

      78ca5c1bcf90007fcd80d939db1e3c73b9814a5c37d233b0d8f167cc77c5d491

    • SHA512

      594929eec10cada548693210393cadf17bf54185c36c8884ae1ef0caeb81312eb166b685e7e63fb32761cfcaeb783eb6524077b8d761d681ef707e573fa6c26c

    Score
    1/10
    behavioral11

    • Target

      Win32.Pegasus/Pegasus/tools/rebuild_project.bat

    • Size

      1KB

    • MD5

      d002280de4163efce928e6cc365139d9

    • SHA1

      175b04108e8020b59e8ade1f9a476515bbdb0f34

    • SHA256

      5bc0378b3140c0f46dfaead21a68142928b7f5af6b2b0e142639fb3d28b1008b

    • SHA512

      5c8a0f71418c20093c39e2c222a4fec993739f32702dbf05758eaabb9f984be65d607d5eb0216c43652b957bfb6dc274b3d748a3f4d1d023a6ec25f50f20d1c9

    Score
    1/10
    behavioral12

    • Target

      Win32.Pegasus/Pegasus/tools/recrypt_strings.bat

    • Size

      311B

    • MD5

      bdae4b53a8f2c2ca56e44c8e2416ce3c

    • SHA1

      bcdb9c0901b87863895aef3db5ec1d8455ef94ae

    • SHA256

      178c773e570550ab7a18fdb62aa4a16f503a1b69620b9e3286e9ab12ce39a748

    • SHA512

      6bfa32cc05f1d8f30712e1bcdd14fbb1f6e63edfe2b84ada89769c2b080800cd7fa90f32e43b269a31da1b921bff45b52336bcf251641d7316ffa24314c87fee

    Score
    1/10
    behavioral13

    • Target

      Win32.Pegasus/Pegasus/tools/signtool.exe

    • Size

      231KB

    • MD5

      6581581a1f2eda52d49dc1fb0619ff82

    • SHA1

      c1fee5c60f43ccfcb1d9f0a72d914446e02bb5e3

    • SHA256

      f91d5e8cc6f208e56660292b80ac3837787100306c786b9feba8f0152e1eb1a5

    • SHA512

      dacd128a9195eabd9d8980064adaf28ac9740281d63e78b663d0ce43dd6c45fd3df5e041c325074f89af6cc9f8940dd5bc7a571e913bc27cf7bd696c086be81a

    Score
    1/10
    behavioral14

    • Target

      Win32.Pegasus/Pegasus/web-adminpart/inc/ip2location.class.php

    • Size

      36KB

    • MD5

      8d17c05765cad6093da711d69d26e3d6

    • SHA1

      d1e7ed092a0c821c230b9b7c3230e46f22c778c8

    • SHA256

      e1ede3f0f1147a29b0d448baf11a31073d1b6c4698a04b378c8deab7968dd568

    • SHA512

      3857cdd06402ef586c152ff3986c7c0d395101b57843076cfaf93252daa8cd17fd27b9bd032a01d317a0505d7f261cd2167a9f7dd2b4cc449b0e0c666d41d403

    Score
    1/10
    behavioral15

    • Target

      Win32.Pegasus/Pegasus/web-adminpart/inc/mod_ajax_mcreds.php

    • Size

      1KB

    • MD5

      d9c6cd0653a33f6628b664daffa23ef6

    • SHA1

      d402f19fe9a419c30fbd08830b837de1c6b063ce

    • SHA256

      cb0c988d8d692941025afe53e1bfce435427b191293c88fe7ec14c775d42d33f

    • SHA512

      8c1b38125d5b79dac8bd1a2681f1288bcbb3ba79b2918d05dcea05d36616859713b185e904f1b0308523185c645e3a26e44dab8cacc55f316b2a51573c154147

    Score
    1/10
    behavioral16

    • Target

      Win32.Pegasus/Pegasus/web-adminpart/inc/mod_ajax_mjobs.php

    • Size

      15KB

    • MD5

      f808b331374e0c2509c3fc24d35083c8

    • SHA1

      312c21c43cd226895d20d721c33e9009769ab02c

    • SHA256

      5cd05b8f24027033c63cfd60e0e0f9febfa228f643724af2a603a5ed62968177

    • SHA512

      4e0f5ac99d899fd1b0f9723313c407c364ad3ec5406cb2c9729aee4fc2631ca4007835099d7fe307673ea8bb5389e627e1ab9e5fe2cea61b562550830d0ab30d

    Score
    1/10
    behavioral17

    • Target

      Win32.Pegasus/Pegasus/web-adminpart/inc/mod_auth.php

    • Size

      1KB

    • MD5

      e866c1f864a1a2d3489bc959960fbe2a

    • SHA1

      0bdf4407301a16cada934f7fdbf44bcbfa3aef25

    • SHA256

      d55af829fff3735dc9311c08c8850848c9ce152f50848604557bda8aea7373af

    • SHA512

      c820946de9a61077c5853581e0ee8d8d118bece377cdcc73e4f812765476eedc0fe7e05dac0da7a519e8523e8d8c8ceec22c1151194614262ef24f5ef7cf2e36

    Score
    1/10
    behavioral18

    • Target

      Win32.Pegasus/Pegasus/web-adminpart/res/bootstrap.min.js

    • Size

      34KB

    • MD5

      046ba2b5f4cff7d2eaaa1af55caa9fd8

    • SHA1

      b3f2ef9f985e7906c9360756b73cd64bf7733647

    • SHA256

      c8eeec83fe8bf655eeeda291466d268770436dde4e3e40416a85d05d3893e892

    • SHA512

      02d866a0e7ae7cf36dd5a34e318887a291102a74fbcb5e48786d1c7e860f143eefaef08640820cbf628767e9f7991410487d83d64d42e7c6e7047e32c0dbec75

    Score
    1/10
    behavioral19

    • Target

      Win32.Pegasus/Pegasus/web-adminpart/res/glyphicons-halflings-regular.svg

    • Size

      106KB

    • MD5

      89889688147bd7575d6327160d64e760

    • SHA1

      de51a8494180a6db074af2dee2383f0a363c5b08

    • SHA256

      42f60659d265c1a3c30f9fa42abcbb56bd4a53af4d83d316d6dd7a36903c43e5

    • SHA512

      c2e77eab327af1469097c31bc0daf820c066b0222059d8ff0ecebca974b62b7535e96f1f356643b2b62763a924d040e4ac9b2097e1de2c22226411fde8723743

    Score
    1/10
    behavioral20

    • Target

      Win32.Pegasus/Pegasus/web-adminpart/res/index.html

    • Size

      6KB

    • MD5

      b2bca01c0889dc77378fc6dce84f6923

    • SHA1

      fbcb68071316ab6d4da5b662a17c952f24d12fd8

    • SHA256

      00b2eca7d1302e6f12877bc6237f2eacdd876394ad875573ca518dae802f6127

    • SHA512

      604f96513870454cff37f523a8f0b9358f33aee001d8437f84bb198b80ca3d3767cacdddb595762c56438f343d6987eea3548dbc63cfc9c19438ede34f4eace8

    Score
    1/10
    behavioral21

    • Target

      Win32.Pegasus/Pegasus/web-adminpart/res/jquery-1.11.2.min.js

    • Size

      93KB

    • MD5

      5790ead7ad3ba27397aedfa3d263b867

    • SHA1

      8130544c215fe5d1ec081d83461bf4a711e74882

    • SHA256

      2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

    • SHA512

      781acedc99de4ce8d53d9b43a158c645eab1b23dfdfd6b57b3c442b11acc4a344e0d5b0067d4b78bb173abbded75fb91c410f2b5a58f71d438aa6266d048d98a

    Score
    1/10
    behavioral22

    • Target

      Win32.Pegasus/Pegasus/web-adminpart/res/jquery-ui.min.js

    • Size

      234KB

    • MD5

      d935d506ae9c8dd9e0f96706fbb91f65

    • SHA1

      7f650ee30c6a4d3eea04032039b20ff72997559b

    • SHA256

      c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c

    • SHA512

      0470c258bb5da745e900571c3f63627c26c97d8a1886c45264e50cdca9c0c72d9bfc0cb7067f757ebb9dfb703de5bac0e300d6577c84399ac9aa057c69945751

    Score
    1/10
    behavioral23

    • Target

      Win32.Pegasus/Pegasus/web-adminpart/res/jquery.form.min.js

    • Size

      14KB

    • MD5

      f448c593c242d134e9733a84c7a4d26c

    • SHA1

      374aa1f8db17575b0e35eabc46ad82062e09106c

    • SHA256

      c90f0e501d2948fbc2b61bffd654fa4ab64741fd48923782419eeb14d3816fb8

    • SHA512

      de133f9ff911db26dd8df4adbe2528fe80722397082b5880cb9d4d930872d71168c4e0a5e95f04b1b5b88da558fe5f04d2f83a649a791ecfaf87d751c6335e2b

    Score
    1/10
    behavioral24

    • Target

      Win32.Pegasus/Pegasus/web-adminpart/res/jquery.jeditable.js

    • Size

      24KB

    • MD5

      46c67f6174ad64ea23ba436d153574d3

    • SHA1

      41bb7f7b90045dee2228731a45684ce6c79c31cf

    • SHA256

      d21cd1548f5af651cb6d4bfd43ed75f759e621a7d83787708256a863196d170f

    • SHA512

      83ae544696a15475ff153b6701b71d4612b0d8abe74762975d5fab3e9228f04037f8eb18dbfbedfd3060869b585b63c7cccf11145f09dece2e927721d72999d7

    Score
    1/10
    behavioral25

    • Target

      Win32.Pegasus/Pegasus/web-adminpart/res/main.js

    • Size

      25KB

    • MD5

      c77b0b50c93d0916ab0edc71677ae2db

    • SHA1

      c87f3f09a18d6d211376b273f18143d18bd504b9

    • SHA256

      b8d3524c9cb08e2c39b75455e8dd294cafb4b6a348fc24be1b3a1ae9a22ab34b

    • SHA512

      af87d9495d590d02c28191bad599c0c5f4587f06d906aa0c1ef5bdfa5645206f66fdae148d37a1e14c97f75a96b7a5d6b9d23d6c936bd9dd45644c9febf6aa2a

    Score
    1/10
    behavioral26

    • Target

      Win32.Pegasus/Pegasus/web-adminpart/res/messi.min.js

    • Size

      5KB

    • MD5

      2b87dda3d7f878f59cc16387f9a5853e

    • SHA1

      f164174be77771dd2dc83d6f4e349fdf9c3deeb3

    • SHA256

      58e8947361f829b23d8047ce4ea55c2be532c7cc75efd2ee99fcf3fa54f19781

    • SHA512

      a7787a3acdd6ae3e45b25942a8e1797bafd474f64df3a41da57a425de1b34f4c1102bab30dc8b92913253b04e6f792f65d0f198f84d7c5b0071cfab49c64f98a

    Score
    1/10
    behavioral27

    • Target

      Win32.Pegasus/Pegasus/web-adminpart/res/pnotify.custom.min.js

    • Size

      16KB

    • MD5

      59f6dc4261b11586cecfd5bc22515793

    • SHA1

      8e2e2cfa3881976dcf38a066ca7d633c5b204ef0

    • SHA256

      4ab229e92e97f3d12aa85f8bcd2dc8cc276856960b0434702225323cf1a0c3f7

    • SHA512

      6c7fe656b13de7f8c5d67cd83f9a34ac00ba8f357d757bf582f831e4d421c3355d77b4ff87431d4e270db710e9023b4ec1a831b66cf1e87193b91f81bb0b46ed

    Score
    1/10
    behavioral28

    • Target

      Win32.Pegasus/cvs_banks/?? ?????? ?? 17.11.2015.doc

    • Size

      121KB

    • MD5

      45797040b257240a392357994f6cf923

    • SHA1

      2f9bd33c258ae7d7f2c106ac98271e7f3e7171b3

    • SHA256

      940b7862969683eeaf6b32bd7685e4501cf78bc1afb27fd3892124be115922bf

    • SHA512

      859483bb57d5eb302061a8e81066320fca59dc541627c11043be07ae3738aab52f736573510f3b3ff274d357ce0da04dc15cad082eadd54684a45228841ff0d4

    Score
    1/10
    behavioral29

    • Target

      Win32.Pegasus/cvs_banks/?????? ?? ?????? ?. ???????? ?? 13.02.2013 (?? ??????? ????????).doc

    • Size

      303KB

    • MD5

      f6148dd98047b697eb1a69d5c19f0f85

    • SHA1

      6aff9ace4b23b33dfa76b29f2c9560fd53e79ed0

    • SHA256

      a963582c6eeebd471bc883a4c6c5aea0c258bf29c5c1f09cb931b4a8d2276282

    • SHA512

      67de1faabe58433e1dfc3485fa0ea2ff94e2be05c8c99f888989e78a4399f387373498dae3e78c0bb6baf70500d65543a4106a8af72f73add9512c4d471f33a2

    Score
    1/10
    behavioral30

    • Target

      Win32.Pegasus/cvs_banks/????????? (485) 24 08 2015.xls

    • Size

      698KB

    • MD5

      b8cb37e8197d98516bbe7dc88aabe19c

    • SHA1

      ef327704efa94057fec10a5c26547f606ad06508

    • SHA256

      1f19299101b3e391bc12879140b009a3792492b672e18706bb0c022ff5f73330

    • SHA512

      37a8f33cc41ac0745658595d454d35280d352252f16de0105c492bc044f9929e6b288a8d64c040bd09904c7629d9be90d1c855376228a009a886fb740d296a61

    Score
    1/10
    behavioral31

    • Target

      Win32.Pegasus/cvs_banks/????????? (500) 30 06 2015.xls

    • Size

      728KB

    • MD5

      70a522656967d3b087e89cce095e2566

    • SHA1

      dd0273081f91eea5cc0e7515e560bde667aabf78

    • SHA256

      1e7cf28d1354121974a4bd3f6630d4473798836e73437905ed692f92e4cea67e

    • SHA512

      ce9dfba7abe0f01a68a1e56e9c1dd3000eaa3f10f032aee404ce39a4c47e4ef8691835bee5bbfe400e182a93043264ea3fc8a16f12d33e81de4a1b8a802ecc72

    Score
    1/10
    behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

8
T1012

System Information Discovery

8
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks