General
-
Target
temp.zip
-
Size
4.2MB
-
Sample
211025-2vmjwshegj
-
MD5
2214066342a88ecbf92ad3486f7c6836
-
SHA1
e3aed7bf6bb76973c7e13033d4f3cc7d0785ee13
-
SHA256
0c386b61b2fd8ca2baa9da1efc2510632d7f064905ae736db8cd4d43b0684488
-
SHA512
bf246a0cc5020b2d80d929ed31c80a57752171751ad5564d2e5e5c9a9ebb58ced79f61bdf3f79c2e3f4de4ccbe60c80e304d76489dba8b134b0d3266d012d84f
Static task
static1
Behavioral task
behavioral1
Sample
driver.sys.exe
Resource
win11
Behavioral task
behavioral2
Sample
driver.sys.exe
Resource
win10-en-20211014
Behavioral task
behavioral3
Sample
SplitBot.exe
Resource
win11
Behavioral task
behavioral4
Sample
SplitBot.exe
Resource
win10-en-20211014
Malware Config
Targets
-
-
Target
SplitBot.exe
-
Size
4.3MB
-
MD5
4e2835daca8a52e01540a596b5b57763
-
SHA1
bf9c98fb338e332081a6324d882f4769956b3cd8
-
SHA256
7c3c10637adb941c20d60062422812830a040172ad939c5d8ad24f6a18f6b34d
-
SHA512
633bd6eb1c117c772de389be8cc86766c56577375bdf8d954a3b8a878e354cc9328b02e414bcc1443694547bae91b3003ea8b0c8274c74e6ec0b683584933c16
Score1/10 -
-
-
Target
driver.sys
-
Size
8KB
-
MD5
19afd57d491ffa9437f934191aaab452
-
SHA1
02bdd12ea02890b667e23defbc7fbb8a8eab73d0
-
SHA256
ff9a7656d32450b73b24db00a36b25f6ac960ef9d70ad6ce0335bf4d821f89d6
-
SHA512
596f55714aacccb31c35f7d0416550e62e91908da4795ed2534cd723dc700278a0c382f00cb46628c573eea5b886217695782f3a308db01bc7c06a8f6214e01e
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Sets service image path in registry
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-