Overview
overview
10Static
static
Microsoft....NI.dll
windows11_x64
10Microsoft....NI.dll
windows10_x64
3Microsoft....NI.dll
windows11_x64
8Microsoft....NI.dll
windows10_x64
1TestConsoleApp.dll
windows11_x64
1TestConsoleApp.dll
windows10_x64
1TestConsoleApp.exe
windows11_x64
8TestConsoleApp.exe
windows10_x64
1General
-
Target
test app.rar
-
Size
6.2MB
-
Sample
211022-qtlenabfg4
-
MD5
98df29493c6aef30c6eb80e37bb8b5da
-
SHA1
88ffcfb4d519b822968703314245387790e5d647
-
SHA256
86738054740a62a605183fc15ab4ab5b832229ed8cfb71219eba2b3e726846ad
-
SHA512
7377a72b1af08faaa9df6d89db2a78deb1aaa098b6679ba036b3eec491e0d5d339ed03f840077a39f77b43fb29090ca51ffec7bfd99fd724356740949abdabd2
Static task
static1
Behavioral task
behavioral1
Sample
Microsoft.Data.SqlClient.SNI.dll
Resource
win11
Behavioral task
behavioral2
Sample
Microsoft.Data.SqlClient.SNI.dll
Resource
win10-en-20210920
Behavioral task
behavioral3
Sample
Microsoft.Data.SqlClient1.SNI.dll
Resource
win11
Behavioral task
behavioral4
Sample
Microsoft.Data.SqlClient1.SNI.dll
Resource
win10-en-20211014
Behavioral task
behavioral5
Sample
TestConsoleApp.dll
Resource
win11
Behavioral task
behavioral6
Sample
TestConsoleApp.dll
Resource
win10-en-20211014
Behavioral task
behavioral7
Sample
TestConsoleApp.exe
Resource
win11
Behavioral task
behavioral8
Sample
TestConsoleApp.exe
Resource
win10-en-20211014
Malware Config
Extracted
Protocol: smtp- Host:
mail.ICGROUP.ge - Port:
25 - Username:
donotreply@euroins.ge - Password:
k9y5DnUX
Targets
-
-
Target
Microsoft.Data.SqlClient.SNI.dll
-
Size
485KB
-
MD5
ba17b0cb8cfc07450b57985eb653472e
-
SHA1
3715c61710107e1017aae39575215ab627a3b3c0
-
SHA256
e4e54af0a161691ca9f0cd13fcc1ebd00f9dc87e3954a7ecae3d77acc1559e41
-
SHA512
60e29abc651025936b1343c98f1b1d9eae70e8de42b68aba57eb13cb9256e5ea8f0729439f169f34d12fb83db9d2d29b5fbb3d87621d7e938ad9c164d67aae94
Score10/10-
Registers COM server for autorun
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Sets file execution options in registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
-
-
Target
Microsoft.Data.SqlClient1.SNI.dll
-
Size
675KB
-
MD5
dfde64f838d2028f7815c43b01585288
-
SHA1
9ce0141a1964b98f1c9374279cd013c37ba0a221
-
SHA256
308a74ac7806a1d91f88d7f026364883127c6d38f925bb462f368db8b13da9f6
-
SHA512
983b0215f4fcefe6cbb9e1e7ec84dc2549521a313b6b08a0eee8860d51e634909558e95e62f39ea8c907a360d7481e1cc3f4484cee7ea77083d5688175b963d2
Score8/10-
Sets service image path in registry
-
-
-
Target
TestConsoleApp.dll
-
Size
14KB
-
MD5
7a58b082b28f6e64bd489fd9f35d31f8
-
SHA1
f4b199ede47447669c30903795bf7a34e88aae79
-
SHA256
73e3e9038a92b84cb9c960b59d523815c12305f0195c02befdd3464cc138a2aa
-
SHA512
a6a448ebdb14f3f91b28e06f56db8ab6430fce049e48cce9ebfd7d6284ed5d6f8a1f284028a9d33c5530a758ba9b8aa9ff50bfddadd6b255316ca413b99aa584
Score1/10 -
-
-
Target
TestConsoleApp.exe
-
Size
18.2MB
-
MD5
4aeb4fe28b6d716e649dbae4ae97c6af
-
SHA1
7554105c37c957dda0dffee52bdfef126f0dd1f0
-
SHA256
998e33e7aef697081a142af6497b4044765522c470cc67d57ed294a3c7e15637
-
SHA512
51e46cc5b9932a888f6efa6d02acccd50ee0ea398c63cb00b3688feac86b6083123f3b4a94aad486149fe1f788882c57707af69eeaed08c3c2b5af329aac9909
Score8/10-
Sets service image path in registry
-