Overview

overview

10

Static

static

8

07a66d269e...aa.exe

windows7_x64

8

07a66d269e...aa.exe

windows10_x64

8

0829ef5ac4...cb.exe

windows7_x64

8

0829ef5ac4...cb.exe

windows10_x64

10

0a6621f3e6...0b.exe

windows7_x64

8

0a6621f3e6...0b.exe

windows10_x64

8

0bcadf9e23...a4.exe

windows7_x64

1

0bcadf9e23...a4.exe

windows10_x64

1

10c410851b...78.exe

windows7_x64

1

10c410851b...78.exe

windows10_x64

1

15b40c27e6...fa.exe

windows7_x64

8

15b40c27e6...fa.exe

windows10_x64

8

18d74af2b4...9f.exe

windows7_x64

10

18d74af2b4...9f.exe

windows10_x64

10

Bat-To-Exe...er-x64

linux_amd64

Bat-To-Exe...er-x86

linux_amd64

25ac59efdf...c7.exe

windows7_x64

10

25ac59efdf...c7.exe

windows10_x64

8

3523671dc7...2a.exe

windows7_x64

8

3523671dc7...2a.exe

windows10_x64

8

3cb01d4470...1c.exe

windows7_x64

10

3cb01d4470...1c.exe

windows10_x64

10

4a32ef4d91...8a.exe

windows7_x64

8

4a32ef4d91...8a.exe

windows10_x64

8

678938a9ce...25.exe

windows7_x64

1

678938a9ce...25.exe

windows10_x64

1

6f081f8143...3b.exe

windows7_x64

10

6f081f8143...3b.exe

windows10_x64

10

701cab0774...45.exe

windows7_x64

1

701cab0774...45.exe

windows10_x64

1

79b2065107...61.exe

windows7_x64

8

79b2065107...61.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6344597309652992.zip

  • Size

    21.6MB

  • Sample

    210924-mvv4psgfhl

  • MD5

    a3059a1a6fa33e008a1253b598d892b3

  • SHA1

    311214480ef64c78a475b99a67538f58e396a25f

  • SHA256

    1bd4fe07daaeb321a120cfbd1d02fdfefc2dae30b4dfa50adff0f85939d88792

  • SHA512

    d62dabef1eee9a0eb88bfcdb6d58c35a14737443af33684f9a5b1b761f3d3082ee48bd994199ed52499dc8d59dc10dfee9d259877569d1c84e6f8c7eb5ca8161

Score
10/10
linuxpyinstallersuricataupx

Malware Config

Targets

    • Target

      07a66d269e4abee565d66a243e76739404bb80cd5ed7a4694ee727b358deb5aa

    • Size

      326KB

    • MD5

      4f5b1760dd6b8b4a7dabcdf1373bcb2f

    • SHA1

      0ef151ab81d32c2248607fd3329635dc6bbff7d7

    • SHA256

      07a66d269e4abee565d66a243e76739404bb80cd5ed7a4694ee727b358deb5aa

    • SHA512

      a87400b2ae3439d28b345df266354667c5a36bee0f2ce3572971fff4e78b66c163b415c7a9e7185b4b5006411f1a420a8c6abd606d66c9e8952f469217266cb6

    Score
    8/10

    • Downloads MZ/PE file

    behavioral1behavioral2

    • Target

      0829ef5ac4288be2415215ad1ac9ef1536ff1782b4973eb63f72ebc3a040a8cb

    • Size

      2.3MB

    • MD5

      dab522fa11b013af657807094974d4c9

    • SHA1

      b0f4b920e75fda1ef90e3aa4f79250061dd227e5

    • SHA256

      0829ef5ac4288be2415215ad1ac9ef1536ff1782b4973eb63f72ebc3a040a8cb

    • SHA512

      8b8639ab8279edda09402b519b951a6e0e801bdd105b03ba867cbf1be70795541a3e1b265908f200742fabb965133f026895e5a37483a21118d05a3ad35b299d

    Score
    10/10
    pyinstallersuricata

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral3behavioral4

    • Target

      0a6621f3e6ec098a36a29cca7119d03e1783b25248caf3e019b77005304c0f0b

    • Size

      138KB

    • MD5

      7aaf6dd320e7e7b2e46a2b3f0e3576ed

    • SHA1

      2e02ac3c1f3490c234c678715f5213e6843e912a

    • SHA256

      0a6621f3e6ec098a36a29cca7119d03e1783b25248caf3e019b77005304c0f0b

    • SHA512

      f8b156bc75c518b812f6f7954d11f1da2a2573e9a3e90180da302033fe98c260ec2a7e3157bdef5a0ac53dcbf4f91acf5658507495a97ba2734b30deee48a464

    Score
    8/10

    • Downloads MZ/PE file

    behavioral5behavioral6

    • Target

      0bcadf9e2311c2190cd4ec93559259f81a03c02db5b29489c2b27ed86d40fca4

    • Size

      331KB

    • MD5

      067d2f2867be72d1c61323128f7d729e

    • SHA1

      1cc249a3076bbdd53191108d0983daacd9f375ca

    • SHA256

      0bcadf9e2311c2190cd4ec93559259f81a03c02db5b29489c2b27ed86d40fca4

    • SHA512

      c164e6faa19294f23b901bd0360cbe5cf9a23573b00e5cfefac4e6d2e02e567d24ac1b9a7f4621a101dcc1e3464af90b9278b5a80943a9a6c3a7564a946f35ed

    Score
    1/10
    behavioral7behavioral8

    • Target

      10c410851b47490eea158797046a2be886dbf7f7da4f47a7fa4e8081af6f2f78

    • Size

      116KB

    • MD5

      9827b55d3943fc7e2afc7e83c4cbb29f

    • SHA1

      1748cb84b91b1cdf9421ffe392ba506aaf8e0ea2

    • SHA256

      10c410851b47490eea158797046a2be886dbf7f7da4f47a7fa4e8081af6f2f78

    • SHA512

      6a5448b443905a36d8334a46c9708b8ab3c9cfaf12b7e88126135affde7ebdd82d0f948c4328c386589489ba4adf3560dfb373c9b00176bd1f4d8010bf821851

    Score
    1/10
    behavioral9behavioral10

    • Target

      15b40c27e6cf4c0912a9bd1208ba4f08ff11c2d3f7ece28835dd56c96f666cfa

    • Size

      231KB

    • MD5

      6f6b0600d2fca1a17cc0e61ee301a9e6

    • SHA1

      99694f7203ecde238810f545388e8ab38c690e9d

    • SHA256

      15b40c27e6cf4c0912a9bd1208ba4f08ff11c2d3f7ece28835dd56c96f666cfa

    • SHA512

      967002cd9f11d61bdacd1c46b9fc5b8150d660160345c97bbdd7547090aa2582a0a11041632e148e0137615756f60c3a940daf95bd86a9a59da275f0ad686389

    Score
    8/10

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral11behavioral12

    • Target

      18d74af2b48fff6dd29d0b76041c4bbb4e4e53224d4ffce1a082487bf2796d9f

    • Size

      851KB

    • MD5

      b71f09335d95cfbb563e3b2f428e08c1

    • SHA1

      8d536d2fa34037054e4ed128fd30210f638b32d7

    • SHA256

      18d74af2b48fff6dd29d0b76041c4bbb4e4e53224d4ffce1a082487bf2796d9f

    • SHA512

      0a63b7310c100879dba88ee53aba76a172c3c9472c01e467d719a7550e4af6312c82d58df6dc431aecf951f836015faff6ef940da5ab7c1df601dae6f4c0796a

    Score
    10/10
    pyinstallersuricata

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral13behavioral14

    • Target

      Bat-To-Exe-Converter-Downloader-master/Linux/downloader-x64

    • Size

      52KB

    • MD5

      5a3ca18a7c1d6d449d203d6b171237f1

    • SHA1

      840d3ceae42550baf0a975a29f7e620786d7db3e

    • SHA256

      50c4662159bc18f59f9c800cca3080f2968fe92a2588af7dcfdb522b1cbbf8fd

    • SHA512

      cb26fcd6d0ef6c4f270ab5d6117557a5a08cba86101ceb5fcaf47fe616bc6812cadef5151c3283882698d4d9396e358d38b9d8b276b394cc9400f8a22b626e95

    Score
    1/10
    behavioral15

    • Target

      Bat-To-Exe-Converter-Downloader-master/Linux/downloader-x86

    • Size

      52KB

    • MD5

      3a81a5a3bac88998a065a7b7cbe03ed6

    • SHA1

      eb1b536b12a6f806971b82b8775fb0fee9b77307

    • SHA256

      a281ff46491c6519b63ab52b149f73d094256c8dcdd488bfd2819bf90894ba22

    • SHA512

      fba32221fc9dc404069abdacb01e28235f53089154e3e3ccff6c9ca86e7e1b25ce6337fd5e75610ff4aeade386590bd78ddda8c8de3f2f888c7043634a96b37b

    Score
    1/10
    behavioral16

    • Target

      25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7

    • Size

      2.3MB

    • MD5

      102a230cc900e7fc9f1a58be6f976cb3

    • SHA1

      8e3facc711322eb7ebaa16e5c2e92696f1fc1ce8

    • SHA256

      25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7

    • SHA512

      925003fe0f6ff00824f42b00a26edf9805691037e09a212a6b5bf3a0e44a1072d457a1aa1fe19500a074fe92c46e08d86c985287af838492a6d1d2210928f0cf

    Score
    10/10
    pyinstallersuricata

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral17behavioral18

    • Target

      3523671dc78bc32e8caf574110eb09023588eb0a9edb91eb7f6afc7c762d332a

    • Size

      425KB

    • MD5

      c50f9125f9bb1a4e5a93e23b577ff25c

    • SHA1

      fa129772bf1201dac210fb1f54dbf949a02e4afd

    • SHA256

      3523671dc78bc32e8caf574110eb09023588eb0a9edb91eb7f6afc7c762d332a

    • SHA512

      2b6419057f66d4231acb25395596e36c3ebb1ba42e7bf7e723867dd9cdb4087bb3316ad2f35c9bcb2f3ac4b29197d516b88b7ead9b5cd062ab6afed9989c2ba1

    Score
    8/10

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral19behavioral20

    • Target

      3cb01d4470bd82701dc1879cee898d7331ea17df13472d311b55b1ecd4546e1c

    • Size

      2.0MB

    • MD5

      18b8ceb513bf65ab8247b72db430f19a

    • SHA1

      558333e3f128a05d75a2ad77af0bb5bbb7848c88

    • SHA256

      3cb01d4470bd82701dc1879cee898d7331ea17df13472d311b55b1ecd4546e1c

    • SHA512

      e56eb94bf9ea21b52c84b71ce77c6c372a8b54e7a2bb61d5f8903bd6dbb549b6038fd9c02e25886e580dfbcf63e30894fcdac65e1219fe59a83e567ab8d1e16b

    Score
    10/10
    pyinstallersuricata

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral21behavioral22

    • Target

      4a32ef4d911a823aaeac64664a8f9e28890bbd20da689580802e23d571d0f68a

    • Size

      362KB

    • MD5

      d410cd964d3976d87860acc4f35a01c8

    • SHA1

      8bd1bced5b6abc8e6802f1ddee328898d7dbdf65

    • SHA256

      4a32ef4d911a823aaeac64664a8f9e28890bbd20da689580802e23d571d0f68a

    • SHA512

      394740c4ab964d3d6b667c54a54c8ae4411a4359a3ee2b68979486b38133c4e609e3554b01815aa9a27785d860adb3e50e84dc8dabf48a5150ac28e35bd13786

    Score
    8/10

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral23behavioral24

    • Target

      678938a9ce9ab7ee37d1c94ee7beadf4cd243c027c268cb412d3aff0b1b83b25

    • Size

      145KB

    • MD5

      fa7304666e1541a17bf540ce97fbfead

    • SHA1

      089d91565cbc90e5f28aae88eb416cdfecc8cc06

    • SHA256

      678938a9ce9ab7ee37d1c94ee7beadf4cd243c027c268cb412d3aff0b1b83b25

    • SHA512

      41b6ac371bef556d10ed9e4de14f4d8752670885d482bc625522273efddf4eb87a8cfbf2e7263421766751b891a7cb3d880ecb9ea125aacdcd47c73674ca5008

    Score
    1/10
    behavioral25behavioral26

    • Target

      6f081f814358d615469a82cab0569fbf3c98a3e152bcfb2a9dd348b2d881b93b

    • Size

      3.9MB

    • MD5

      2eb84e2162837a70e8bdc6c24e8958c5

    • SHA1

      86a02a7b5a277df238fcea0af5c0294d8449c43e

    • SHA256

      6f081f814358d615469a82cab0569fbf3c98a3e152bcfb2a9dd348b2d881b93b

    • SHA512

      b49f6112cb55f947d88eb72bbdad1923f66589daafd218b49e9d0a4665b2aac4fae563f28f556d6b33bdbeba4542bfd87f9c45c968229892d08c54d8f2d06777

    Score
    10/10
    pyinstallersuricata

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral27behavioral28

    • Target

      701cab0774c16dfca12691ab7786e4b024c8951264998e8dbcbc9b16c34d2245

    • Size

      387KB

    • MD5

      c540398fdc1940d836b91365e188ad91

    • SHA1

      3a323b4bdcc7f576057552f4f9ce15d2cedf5474

    • SHA256

      701cab0774c16dfca12691ab7786e4b024c8951264998e8dbcbc9b16c34d2245

    • SHA512

      64fe9ad5e41cc845c4d5ba8e74113a29a192592683dfef2880f85f797a0605bd30d1697e73c7a4e1ae7f896ab53b94e1fbefa3f251f9fa34f971b85884f23420

    Score
    1/10
    behavioral29behavioral30

    • Target

      79b2065107cb362001a2f8a8cd8e2e20678b2eb2c0372ef760495d9fff407361

    • Size

      851KB

    • MD5

      d711578ec74c9394de520aedae7effb5

    • SHA1

      42d8823cb39ace83f004c73971fd435b786b9f5b

    • SHA256

      79b2065107cb362001a2f8a8cd8e2e20678b2eb2c0372ef760495d9fff407361

    • SHA512

      af8f03c93f5beec894091d429cb0c6df33101eab96e6ef0fde527307206267de2644f479cef5c3e7354791bb12dd7418bfcdeaea9beb509c92a6bff195e2f06a

    Score
    10/10
    pyinstallersuricata

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

7
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

upx
Score
8/10

behavioral1

Score
8/10

behavioral2

Score
8/10

behavioral3

pyinstaller
Score
8/10

behavioral4

pyinstallersuricata
Score
10/10

behavioral5

Score
8/10

behavioral6

Score
8/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
8/10

behavioral12

Score
8/10

behavioral13

pyinstallersuricata
Score
10/10

behavioral14

pyinstallersuricata
Score
10/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

pyinstallersuricata
Score
10/10

behavioral18

pyinstaller
Score
8/10

behavioral19

Score
8/10

behavioral20

Score
8/10

behavioral21

pyinstallersuricata
Score
10/10

behavioral22

pyinstallersuricata
Score
10/10

behavioral23

Score
8/10

behavioral24

Score
8/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

pyinstallersuricata
Score
10/10

behavioral28

pyinstallersuricata
Score
10/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
8/10

behavioral32

pyinstallersuricata
Score
10/10