Overview
overview
10Static
static
Woxy 3.0 [...to.dll
windows7_x64
1Woxy 3.0 [...to.dll
windows10_x64
1Woxy 3.0 [...le.dll
windows7_x64
1Woxy 3.0 [...le.dll
windows10_x64
1Woxy 3.0 [...es.dll
windows7_x64
1Woxy 3.0 [...es.dll
windows10_x64
1Woxy 3.0 [...it.dll
windows7_x64
1Woxy 3.0 [...it.dll
windows10_x64
1Woxy 3.0 [...it.dll
windows7_x64
1Woxy 3.0 [...it.dll
windows10_x64
1Woxy 3.0 [...on.dll
windows7_x64
1Woxy 3.0 [...on.dll
windows10_x64
1Woxy 3.0 [...x].exe
windows7_x64
10Woxy 3.0 [...x].exe
windows10_x64
10General
-
Target
523bad27ca697be3062f3b686fbc340c
-
Size
11.9MB
-
Sample
211018-l1tbmaecej
-
MD5
523bad27ca697be3062f3b686fbc340c
-
SHA1
c5c543b9d3caac64410ac4809e27edab70578383
-
SHA256
b2d9069b544272c99bd52e194839a3fe38c721ea5629d52e1c05fdfdba1e1dd5
-
SHA512
08812018a2c1807cdd14aa238e44665629f97bd7deb7aeb74d1688accb1efe7597c456987ac0fe3abfd79eebc280fe0e01b0556ff04aafbd634f93a158b2e2cb
Static task
static1
Behavioral task
behavioral1
Sample
Woxy 3.0 [Crack.sx]/BouncyCastle.Crypto.dll
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Woxy 3.0 [Crack.sx]/BouncyCastle.Crypto.dll
Resource
win10-en-20210920
Behavioral task
behavioral3
Sample
Woxy 3.0 [Crack.sx]/Colorful.Console.dll
Resource
win7-en-20211014
Behavioral task
behavioral4
Sample
Woxy 3.0 [Crack.sx]/Colorful.Console.dll
Resource
win10-en-20210920
Behavioral task
behavioral5
Sample
Woxy 3.0 [Crack.sx]/ConsoleTables.dll
Resource
win7-en-20211014
Behavioral task
behavioral6
Sample
Woxy 3.0 [Crack.sx]/ConsoleTables.dll
Resource
win10-en-20210920
Behavioral task
behavioral7
Sample
Woxy 3.0 [Crack.sx]/MailKit.dll
Resource
win7-en-20211014
Behavioral task
behavioral8
Sample
Woxy 3.0 [Crack.sx]/MailKit.dll
Resource
win10-en-20210920
Behavioral task
behavioral9
Sample
Woxy 3.0 [Crack.sx]/MimeKit.dll
Resource
win7-en-20210920
Behavioral task
behavioral10
Sample
Woxy 3.0 [Crack.sx]/MimeKit.dll
Resource
win10-en-20211014
Behavioral task
behavioral11
Sample
Woxy 3.0 [Crack.sx]/Newtonsoft.Json.dll
Resource
win7-en-20210920
Behavioral task
behavioral12
Sample
Woxy 3.0 [Crack.sx]/Newtonsoft.Json.dll
Resource
win10-en-20211014
Behavioral task
behavioral13
Sample
Woxy 3.0 [Crack.sx]/Woxy 3.0 [Crack.sx].exe
Resource
win7-en-20210920
Malware Config
Extracted
njrat
Carbonblack2102
batvoi
1368.vnh.wtf:5552
0de45b5c6627a3e65a4b2a1e68ec841b
-
reg_key
0de45b5c6627a3e65a4b2a1e68ec841b
-
splitter
|'|'|
Targets
-
-
Target
Woxy 3.0 [Crack.sx]/BouncyCastle.Crypto.dll
-
Size
2.4MB
-
MD5
40396d1498c1ab6354ae47a03a24b21c
-
SHA1
97cbbcc6888f6b4ddfea49fe558f7cd7ec71298d
-
SHA256
83ba441c5572bba81381427c18ae36eeb9c8b831e51edd449a54a31838a5577d
-
SHA512
13c39a95ed84ea646da28332bd10cc58cf02f09a507665f039d3b3f45e5efc590bbeb123ec70cac4856948001d6b7a6ccd57f45e917a9dfaab3e9151640ede89
Score1/10 -
-
-
Target
Woxy 3.0 [Crack.sx]/Colorful.Console.dll
-
Size
88KB
-
MD5
0717e2914548b3c78dfd6e91a8d3e1a4
-
SHA1
9f51e80be3f5dbedb58b399543eb906bea52504e
-
SHA256
9103509d436d1c77e8a6784f3d6a7af43645e48bf626f2ecb324c586ce504b23
-
SHA512
e6aa4362bb168cb3711cc5214d370ee2cd05d0b80efc50d1969697bfedec76d7fd898a60dde544511a669c9eed418ef5898908de94cfde5e319cf3e1a3772e5a
Score1/10 -
-
-
Target
Woxy 3.0 [Crack.sx]/ConsoleTables.dll
-
Size
12KB
-
MD5
6b5b52221bbfc30dea0b48509e485296
-
SHA1
eacb77666504811bded7c25cee3e22b34170a311
-
SHA256
d6c254ce7d8d87cfe293bc045adc66955a363285a1ae0bc4344558bc67821116
-
SHA512
7d6d76fa9e9652fed10d56a8771505398c25cc5ddd83c7cf389703037bf37f3ef08546c51f42770e9876f8c791dfa97792bd983f6dd68819fcc5eddce11f6bca
Score1/10 -
-
-
Target
Woxy 3.0 [Crack.sx]/MailKit.dll
-
Size
686KB
-
MD5
38e5ee317e78f6a1c623d68272993e16
-
SHA1
7021bef88134f2b3e8423dd9ceb852003345cdb5
-
SHA256
66dc850d221b41e5b8976d028673c643dd430e06ba89c2ce3b5ae9a37c2c070f
-
SHA512
339008ae5a9318492bb239eb8981360288f0f00b4059adb7293f0c4242edaf05d9bf2f902405da24ead05516289af9c2b726fd8d2c6fe2694c1b58805296900e
Score1/10 -
-
-
Target
Woxy 3.0 [Crack.sx]/MimeKit.dll
-
Size
880KB
-
MD5
4eef3bd07be47625ec71487dd9fc3b10
-
SHA1
7ad70ea1f75167625f32c45fbbdd9aa3e237de1b
-
SHA256
9aa3f96fb6e71d609f77cc529efad99de83b65753704ba2b6993ca88f7f7c185
-
SHA512
d0889678949f563ecd16c47db841dcc5d225cf1feeda98ea7d87d5168f5a01450b45f7b4b91a3cb577a677d75f7dcb3e69b68b7656846d2092b6c2b300df198b
Score1/10 -
-
-
Target
Woxy 3.0 [Crack.sx]/Newtonsoft.Json.dll
-
Size
659KB
-
MD5
d827dd8a8c4b2a2cfa23c7f90f3cce95
-
SHA1
26c78dad612aff904f216f19f49089f84cc77eb8
-
SHA256
b66749b81e1489fcd8d754b2ad39ebe0db681344e392a3f49dc9235643bdbd06
-
SHA512
9ce24c4497fe614b78b3f2f985cafb817d52f21d090aa23fd87f1a3478135abe95e0abe3557dd3f12a5b3f4c9a09e8337169988314c12c51b4951317e0569787
Score1/10 -
-
-
Target
Woxy 3.0 [Crack.sx]/Woxy 3.0 [Crack.sx].exe
-
Size
776KB
-
MD5
5afd70d54cc4af7f236894d674842493
-
SHA1
6565657adebd3063ba85886e551e551b0bbd6fdb
-
SHA256
8b79e79f75578ab62d83e89b6bfaf5404fa868041b880995579f3cd6ae6f995e
-
SHA512
6fa7daafcd661d873bae7e092fab5c89f8a56978003d31b3b91eabc735e50ecc01b8e90f90fbcec193c0656f134b6ce69c98825cfbaeaa07a536ddc5eea641fa
-
Taurus Stealer Payload
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-