Overview
overview
10Static
static
1000c50c96fd...9a.exe
windows7_x64
1000c50c96fd...9a.exe
windows10_x64
10024bf5f591...e8.elf
linux_amd64
024bf5f591...e8.elf
linux_mipsel
024bf5f591...e8.elf
linux_mips
05a6f0219a...37.exe
windows7_x64
105a6f0219a...37.exe
windows10_x64
1007a5d8fbad...32.elf
linux_mipsel
07f22e9c1e...09.elf
linux_amd64
07f22e9c1e...09.elf
linux_mipsel
07f22e9c1e...09.elf
linux_mips
083428863c...74.elf
linux_amd64
083428863c...74.elf
linux_mipsel
083428863c...74.elf
linux_mips
08f364a8ac...b0.elf
linux_amd64
08f364a8ac...b0.elf
linux_mipsel
08f364a8ac...b0.elf
linux_mips
0a52f644a5...0d.elf
linux_amd64
0a52f644a5...0d.elf
linux_mipsel
0a52f644a5...0d.elf
linux_mips
0a9ff0b461...ab.exe
windows7_x64
100a9ff0b461...ab.exe
windows10_x64
100b85f1a068...9d.elf
linux_amd64
0b85f1a068...9d.elf
linux_mipsel
0b85f1a068...9d.elf
linux_mips
0c16b31325...3d.exe
windows7_x64
100c16b31325...3d.exe
windows10_x64
100cff428e96...6f.exe
windows7_x64
100cff428e96...6f.exe
windows10_x64
100fc2088b8c...73.exe
windows7_x64
100fc2088b8c...73.exe
windows10_x64
10103578df44...c8.elf
linux_amd64
General
-
Target
2021-07-25.zip
-
Size
90.2MB
-
Sample
210812-lfwqlzmgsn
-
MD5
a39f8cc07a7b3c6db1cfaad3e4b3383e
-
SHA1
8e7aeba56e32a4301bd1eb633ee1514e9d26a711
-
SHA256
bbdfbae01162597428b8a4538245e09cb393945a54bea8cea69d6307ab60fe43
-
SHA512
93186a07eb3aae69a12763a2e52212472ed42ad1110018ee6110e6be0b9d2312508e80c4f9383f0adc1a0c9c0eef1b99a2cf51ee81de8edbb74e3c89864b175d
Behavioral task
behavioral1
Sample
00c50c96fd2b57f718d98eb68cbcfa47c01f585a05babdf1b2cbf8c6491cd39a.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
00c50c96fd2b57f718d98eb68cbcfa47c01f585a05babdf1b2cbf8c6491cd39a.exe
Resource
win10v20210408
Behavioral task
behavioral3
Sample
024bf5f59189e5578dabdef60f55f1675f6563ba9f3cc028397596c0b3a58ce8.elf
Resource
ubuntu-amd64
Behavioral task
behavioral4
Sample
024bf5f59189e5578dabdef60f55f1675f6563ba9f3cc028397596c0b3a58ce8.elf
Resource
debian9-mipsel
Behavioral task
behavioral5
Sample
024bf5f59189e5578dabdef60f55f1675f6563ba9f3cc028397596c0b3a58ce8.elf
Resource
debian9-mipsbe
Behavioral task
behavioral6
Sample
05a6f0219a5a1d798e6765a35d9e6c03160fb0153dcedec3b090e8237a1f8937.exe
Resource
win7v20210408
Behavioral task
behavioral7
Sample
05a6f0219a5a1d798e6765a35d9e6c03160fb0153dcedec3b090e8237a1f8937.exe
Resource
win10v20210408
Behavioral task
behavioral8
Sample
07a5d8fbad6ee496b8ff07c1e8085a92a892b2788c5fa2a5d7e599080b6fd532.elf
Resource
debian9-mipsel
Behavioral task
behavioral9
Sample
07f22e9c1e4b0a1fadcbc9c8e5fd33f396f4415fe88901bab89756521d765809.elf
Resource
ubuntu-amd64
Behavioral task
behavioral10
Sample
07f22e9c1e4b0a1fadcbc9c8e5fd33f396f4415fe88901bab89756521d765809.elf
Resource
debian9-mipsel
Behavioral task
behavioral11
Sample
07f22e9c1e4b0a1fadcbc9c8e5fd33f396f4415fe88901bab89756521d765809.elf
Resource
debian9-mipsbe
Behavioral task
behavioral12
Sample
083428863c14a04d4a179a3e0b21e9349805585226f971fc43c4784842271f74.elf
Resource
ubuntu-amd64
Behavioral task
behavioral13
Sample
083428863c14a04d4a179a3e0b21e9349805585226f971fc43c4784842271f74.elf
Resource
debian9-mipsel
Behavioral task
behavioral14
Sample
083428863c14a04d4a179a3e0b21e9349805585226f971fc43c4784842271f74.elf
Resource
debian9-mipsbe
Behavioral task
behavioral15
Sample
08f364a8accfbfc972aeca76586e11ab3367a663dd31e6d046cb9973b6da88b0.elf
Resource
ubuntu-amd64
Behavioral task
behavioral16
Sample
08f364a8accfbfc972aeca76586e11ab3367a663dd31e6d046cb9973b6da88b0.elf
Resource
debian9-mipsel
Behavioral task
behavioral17
Sample
08f364a8accfbfc972aeca76586e11ab3367a663dd31e6d046cb9973b6da88b0.elf
Resource
debian9-mipsbe
Behavioral task
behavioral18
Sample
0a52f644a577430406569d01e8257e9d30917fa2e535a789b42e019fd132f30d.elf
Resource
ubuntu-amd64
Behavioral task
behavioral19
Sample
0a52f644a577430406569d01e8257e9d30917fa2e535a789b42e019fd132f30d.elf
Resource
debian9-mipsel
Behavioral task
behavioral20
Sample
0a52f644a577430406569d01e8257e9d30917fa2e535a789b42e019fd132f30d.elf
Resource
debian9-mipsbe
Behavioral task
behavioral21
Sample
0a9ff0b46182a441c0f9c021722817984ec884266c123d2fd6257f9c70d322ab.exe
Resource
win7v20210410
Behavioral task
behavioral22
Sample
0a9ff0b46182a441c0f9c021722817984ec884266c123d2fd6257f9c70d322ab.exe
Resource
win10v20210408
Behavioral task
behavioral23
Sample
0b85f1a068b41f2529481734b5385e394f87d9da47c333327b23462b6e4ea29d.elf
Resource
ubuntu-amd64
Behavioral task
behavioral24
Sample
0b85f1a068b41f2529481734b5385e394f87d9da47c333327b23462b6e4ea29d.elf
Resource
debian9-mipsel
Behavioral task
behavioral25
Sample
0b85f1a068b41f2529481734b5385e394f87d9da47c333327b23462b6e4ea29d.elf
Resource
debian9-mipsbe
Behavioral task
behavioral26
Sample
0c16b313253259d25a77c5019df1985e6c356c56f4ce19f8119829efec7db43d.exe
Resource
win7v20210410
Behavioral task
behavioral27
Sample
0c16b313253259d25a77c5019df1985e6c356c56f4ce19f8119829efec7db43d.exe
Resource
win10v20210408
Behavioral task
behavioral28
Sample
0cff428e9607d1819a4da397dafba7380734315daaace0ea129144755cc5706f.exe
Resource
win7v20210410
Behavioral task
behavioral29
Sample
0cff428e9607d1819a4da397dafba7380734315daaace0ea129144755cc5706f.exe
Resource
win10v20210408
Behavioral task
behavioral30
Sample
0fc2088b8cb286ca22b3b753c133cca59414c6a1298fb76af5d54ddb6c61a873.exe
Resource
win7v20210410
Behavioral task
behavioral31
Sample
0fc2088b8cb286ca22b3b753c133cca59414c6a1298fb76af5d54ddb6c61a873.exe
Resource
win10v20210410
Behavioral task
behavioral32
Sample
103578df44dbe6a55c4298130df5c3dca804ce8ae84c692396b89fc84ddf71c8.elf
Resource
ubuntu-amd64
Malware Config
Extracted
pony
http://afobal.cl/mine/gate.php
-
payload_url
http://myp0nysite.ru/shit.exe
Extracted
oski
aegismd.ca/cgi/
Extracted
agenttesla
Protocol: smtp- Host:
webmail.ombakparadise.com - Port:
587 - Username:
[email protected] - Password:
ce$%^mirah
Extracted
raccoon
e593428d572f64087cbbaacf2f970ff1f26a86b7
-
url4cnc
https://telete.in/opa4kiprivatem
Extracted
lokibot
http://rnofinancial.com.au/wp01/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Extracted
redline
193.56.146.60:51431
Extracted
redline
26.07
185.215.113.15:61506
Extracted
redline
SewPalpadin
185.215.113.114:8887
Targets
-
-
Target
00c50c96fd2b57f718d98eb68cbcfa47c01f585a05babdf1b2cbf8c6491cd39a.exe
-
Size
492KB
-
MD5
b53b50b3e0463aa12561ed9bbe79d0c7
-
SHA1
a841c492247ed3c9f74a71f319954e2a6da33a90
-
SHA256
00c50c96fd2b57f718d98eb68cbcfa47c01f585a05babdf1b2cbf8c6491cd39a
-
SHA512
47037e1e022b14a92ffdaf5a78a5c271276f2916d67bc77818c61b7c291a74f832240fe328a4c1663fc8295a0ed7027597e19c766af772bafb73e14c381bfcfb
-
Raccoon Stealer Payload
-
-
-
Target
024bf5f59189e5578dabdef60f55f1675f6563ba9f3cc028397596c0b3a58ce8.elf
-
Size
82KB
-
MD5
4ca737c5620dd9cbbcb53d2d9dfa83b2
-
SHA1
1c0623ae4e0c5bd95107934e1939b60ab097a216
-
SHA256
024bf5f59189e5578dabdef60f55f1675f6563ba9f3cc028397596c0b3a58ce8
-
SHA512
7b2795fe42bf1b484084fe9f27658abd6cf7ec4aacb14a2da6163e97715ae22f06277fb237a2c65c92916e81a363f8274c22699db6ae7e93d47b753791bf45b5
Score1/10 -
-
-
Target
05a6f0219a5a1d798e6765a35d9e6c03160fb0153dcedec3b090e8237a1f8937.exe
-
Size
992KB
-
MD5
22b3832571cf3a8d67d972e318c3b30c
-
SHA1
3beeef7f246cbc69844de14fb737a0cc10708881
-
SHA256
05a6f0219a5a1d798e6765a35d9e6c03160fb0153dcedec3b090e8237a1f8937
-
SHA512
241a44c324eb547e72aef055f82074f0d0cb118e45514efb532ae45a90f99025d9f6a6e21a36fbd1ff6b974f43abb10aaafd990d4c97fceda8a3570492380bb6
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Suspicious use of SetThreadContext
-
-
-
Target
07a5d8fbad6ee496b8ff07c1e8085a92a892b2788c5fa2a5d7e599080b6fd532.elf
-
Size
89KB
-
MD5
b6cc1d875a376de217f1d8f3f8e9ae4e
-
SHA1
d9b3ac59fe91b10619ece637287d61f8d3257946
-
SHA256
07a5d8fbad6ee496b8ff07c1e8085a92a892b2788c5fa2a5d7e599080b6fd532
-
SHA512
eb1daa441d99122b7a91cd82e8500b2d9443ed56456525f80db255f037162becf556c5e858e213f3554fb365885ad6a1bb8077ac178133424ee76b24777f87d1
Score1/10 -
-
-
Target
07f22e9c1e4b0a1fadcbc9c8e5fd33f396f4415fe88901bab89756521d765809.elf
-
Size
66KB
-
MD5
fadd45ac0861382c0451c23160a9eb40
-
SHA1
a1dd02367ea66751e6e94a557400304ae565833a
-
SHA256
07f22e9c1e4b0a1fadcbc9c8e5fd33f396f4415fe88901bab89756521d765809
-
SHA512
7fb705266db977a61f096de56218e1b6f00974fad28bea7abe0ad360c6ce506aa86a3a244e6a75b4d84e3c468a6a71f111d9adeb5f67e51fd86d5ab78109954c
Score1/10 -
-
-
Target
083428863c14a04d4a179a3e0b21e9349805585226f971fc43c4784842271f74.elf
-
Size
43KB
-
MD5
70504e546caa3236769026e43226f444
-
SHA1
09f054c8ce8f655d8b6e1d075ffdf404b09f3378
-
SHA256
083428863c14a04d4a179a3e0b21e9349805585226f971fc43c4784842271f74
-
SHA512
b0adf569522f9e6f946ba5df5f3a42cc631f414a71e926ea8b65674f04af6ae3535600a2c8003dc83e777d1a1167e1bf98aa0fca20a3da4284c0860f6ed1613d
Score1/10 -
-
-
Target
08f364a8accfbfc972aeca76586e11ab3367a663dd31e6d046cb9973b6da88b0.elf
-
Size
64KB
-
MD5
97878b01745d44d58b6d2a22e850fd35
-
SHA1
8d1ce62daa26d72c0af27481e1e3d10a4d65ee80
-
SHA256
08f364a8accfbfc972aeca76586e11ab3367a663dd31e6d046cb9973b6da88b0
-
SHA512
d310403b527b546f5fca71420cd8ad13ce206dfda5d5555c7ea1dacc9e34511a5cc5e5189692fb944c843c35090d0f4d1f02d3c80f4f2a21f6ff9cfc7006fabb
Score1/10 -
-
-
Target
0a52f644a577430406569d01e8257e9d30917fa2e535a789b42e019fd132f30d.elf
-
Size
114KB
-
MD5
7bd98317b305d563ca8f0a939e2a1fc9
-
SHA1
684f6e5d876624311d1c5379f7820a6ed345efe5
-
SHA256
0a52f644a577430406569d01e8257e9d30917fa2e535a789b42e019fd132f30d
-
SHA512
d55ebfa4ffab192e3bd26d204f1b02579518eb1437541e1438344dd3b20c6459d14c4cced21bcb01edeafdbed7645e38d5ff1ff83519b91b235e554f3fa212eb
Score1/10 -
-
-
Target
0a9ff0b46182a441c0f9c021722817984ec884266c123d2fd6257f9c70d322ab.exe
-
Size
395KB
-
MD5
97e8e525e2fc27c2634da7d235f5ff5c
-
SHA1
63e628501bd54422ebfc6857039d50fd97cbe55d
-
SHA256
0a9ff0b46182a441c0f9c021722817984ec884266c123d2fd6257f9c70d322ab
-
SHA512
4cf5470c485449c02f48fface72e7e729916854399ca41f8fb2a701b73bed4b78a46233b9f0f79efda95874789b4d3953f4640272275fa823339eb970614fdb9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
0b85f1a068b41f2529481734b5385e394f87d9da47c333327b23462b6e4ea29d.elf
-
Size
36KB
-
MD5
7481ff2091954fd2ab2fb4975488d789
-
SHA1
8cbbf87c2a2878bd72343afcd30d884f34268939
-
SHA256
0b85f1a068b41f2529481734b5385e394f87d9da47c333327b23462b6e4ea29d
-
SHA512
ebb90412d612c00eaf178deaa3a30e080209ac2f6d9938b4e81beeda8da42bef95fc359350fee4388e0d1a8dc0873f4b1fac4dd13628322ed3af54b6726ce75b
Score1/10 -
-
-
Target
0c16b313253259d25a77c5019df1985e6c356c56f4ce19f8119829efec7db43d.exe
-
Size
387KB
-
MD5
25b64c0bad59caa2bb89de749ce69e2b
-
SHA1
26bd53222cdce89e0ab183db7fa9df6dd489982b
-
SHA256
0c16b313253259d25a77c5019df1985e6c356c56f4ce19f8119829efec7db43d
-
SHA512
930569743201567d74d32e34361ad13b801c6ef492543d805a1ba1553a4aa037738214e4b8e3546a69187b72478072c78ee526e77ebb77d1113e463ea6e0e173
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
0cff428e9607d1819a4da397dafba7380734315daaace0ea129144755cc5706f.exe
-
Size
239KB
-
MD5
e9f323a2cf1fff2fd364f6bb8f7764d7
-
SHA1
4f2b7d3df800b97bda3b3bb303b85b30bda99180
-
SHA256
0cff428e9607d1819a4da397dafba7380734315daaace0ea129144755cc5706f
-
SHA512
cc606d6b055a89ebe3e1a1e0cd77f894c20e3e67b75028e58dce02ba191ddd2e4c1fbe140e4068fd4f86140efb84b32f8ff50dca3b926bc77d0d3ac38bbadafa
Score10/10-
suricata: ET MALWARE Generic Password Stealer User Agent Detected (RookIE)
suricata: ET MALWARE Generic Password Stealer User Agent Detected (RookIE)
-
suricata: ET MALWARE Potential Dridex.Maldoc Minimal Executable Request
suricata: ET MALWARE Potential Dridex.Maldoc Minimal Executable Request
-
Nirsoft
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
0fc2088b8cb286ca22b3b753c133cca59414c6a1298fb76af5d54ddb6c61a873.exe
-
Size
303KB
-
MD5
a5c4f315da3e205c9f3af915ebb19668
-
SHA1
504f2125ca265d93e281f69a3e7e547fc7118f64
-
SHA256
0fc2088b8cb286ca22b3b753c133cca59414c6a1298fb76af5d54ddb6c61a873
-
SHA512
c954588ddf724f1df77a1988bb8e2ed5fdec1c5f7538c7fe0882eb52b33b46223046b3d2361f83893ae84fc30fbe7be39a90d6535d9ccf240e55f3f2d3d25d08
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
103578df44dbe6a55c4298130df5c3dca804ce8ae84c692396b89fc84ddf71c8.elf
-
Size
67KB
-
MD5
b905bf6e2c0c5fb8596c6ff3944dcb14
-
SHA1
1be588c84eb35458d15af2b4264ea545daf5c352
-
SHA256
103578df44dbe6a55c4298130df5c3dca804ce8ae84c692396b89fc84ddf71c8
-
SHA512
cb17f1cc88c0382f30419ae17372c55bad1defb2cb15054369c3fc84c23586e8bdf9589a3fe2720d234e9e794f29a7cb156151563a83866531a787a83be033f7
Score1/10 -