Resubmissions
17-04-2024 14:56
240417-sbg1madb74 1017-04-2024 14:56
240417-sbaljsdb64 1017-04-2024 14:56
240417-sbaasadb62 1017-04-2024 14:56
240417-sa9n9aef2v 1017-04-2024 14:56
240417-sa9dgsdb59 1006-04-2024 14:44
240406-r4b5eadc29 1006-04-2024 14:43
240406-r3xpqadb95 1006-04-2024 14:42
240406-r29b5ace9x 1006-04-2024 14:41
240406-r2spdace8x 10General
-
Target
01b654c15c38a907d9966a5c1515fa201472ef1e3b831062d283e6cec2763e38.sample
-
Size
1.1MB
-
Sample
210726-hrgmhctsnj
-
MD5
1fc2e4c5ff5844410fc7b78c6987cddf
-
SHA1
52f676fcbfda7f0929385da963df25eb4638d4a4
-
SHA256
01b654c15c38a907d9966a5c1515fa201472ef1e3b831062d283e6cec2763e38
-
SHA512
31efba9acfe4b4bfab315a8d2d15b1b7a5ef83f26fc5de17ec37044bb6b61269f291ddb9e20ad90f2e91fff5221360b34bcf1e36e447d369e0d5333de42681fe
Static task
static1
Behavioral task
behavioral1
Sample
01b654c15c38a907d9966a5c1515fa201472ef1e3b831062d283e6cec2763e38.sample.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
01b654c15c38a907d9966a5c1515fa201472ef1e3b831062d283e6cec2763e38.sample.exe
Resource
win10v20210410
Malware Config
Extracted
C:\README1.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README2.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README3.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README4.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README5.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README6.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README7.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README8.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README9.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Extracted
C:\README10.txt
pilotpilot088@gmail.com
http://cryptsen7fo43rr6.onion/
http://cryptsen7fo43rr6.onion.to/
http://cryptsen7fo43rr6.onion.cab/
Targets
-
-
Target
01b654c15c38a907d9966a5c1515fa201472ef1e3b831062d283e6cec2763e38.sample
-
Size
1.1MB
-
MD5
1fc2e4c5ff5844410fc7b78c6987cddf
-
SHA1
52f676fcbfda7f0929385da963df25eb4638d4a4
-
SHA256
01b654c15c38a907d9966a5c1515fa201472ef1e3b831062d283e6cec2763e38
-
SHA512
31efba9acfe4b4bfab315a8d2d15b1b7a5ef83f26fc5de17ec37044bb6b61269f291ddb9e20ad90f2e91fff5221360b34bcf1e36e447d369e0d5333de42681fe
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-