Overview
overview
10Static
static
8107fjr24.exe
windows7_x64
3107fjr24.exe
windows10_x64
3109fjr24.exe
windows7_x64
3109fjr24.exe
windows10_x64
3121fjr24.exe
windows7_x64
3121fjr24.exe
windows10_x64
3127fjr24.exe
windows7_x64
3127fjr24.exe
windows10_x64
385fjr24.exe
windows7_x64
385fjr24.exe
windows10_x64
3DDos
linux_mips
Rat.exe
windows7_x64
10Rat.exe
windows10_x64
10SB360.exe
windows7_x64
9SB360.exe
windows10_x64
9Server.exe
windows7_x64
9Server.exe
windows10_x64
9Servor.exe
windows7_x64
9Servor.exe
windows10_x64
9Sesrver.exe
windows7_x64
1Sesrver.exe
windows10_x64
1assvkl.exe
windows7_x64
1assvkl.exe
windows10_x64
1bm.exe
windows7_x64
8bm.exe
windows10_x64
3cafe.exe
windows7_x64
8cafe.exe
windows10_x64
8dqfjr24.exe
windows7_x64
3dqfjr24.exe
windows10_x64
3knmbr.exe
windows7_x64
1knmbr.exe
windows10_x64
1muzzo.exe
windows7_x64
10General
-
Target
cbc15bace96277a9115ee0c21b19c14b180b3bc947185c73201487ce7cced200
-
Size
8.2MB
-
Sample
220122-aybs1sfehm
-
MD5
6552314fdf9aa5b941a11bc0c8c2871f
-
SHA1
4a2ec182e522207ee3106facda220669713ec8e9
-
SHA256
cbc15bace96277a9115ee0c21b19c14b180b3bc947185c73201487ce7cced200
-
SHA512
dacd45a29fae72875b70cc3db38fe402c7365c0c4ff9e0cf3521b62c4f6d163b46a876b0cb004a4f1b2ad75a21f8ea63420d33e1dbe3570e12c6f9e4dc31ec64
Static task
static1
Behavioral task
behavioral1
Sample
107fjr24.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
107fjr24.exe
Resource
win10-en-20211208
Behavioral task
behavioral3
Sample
109fjr24.exe
Resource
win7-en-20211208
Behavioral task
behavioral4
Sample
109fjr24.exe
Resource
win10-en-20211208
Behavioral task
behavioral5
Sample
121fjr24.exe
Resource
win7-en-20211208
Behavioral task
behavioral6
Sample
121fjr24.exe
Resource
win10-en-20211208
Behavioral task
behavioral7
Sample
127fjr24.exe
Resource
win7-en-20211208
Behavioral task
behavioral8
Sample
127fjr24.exe
Resource
win10-en-20211208
Behavioral task
behavioral9
Sample
85fjr24.exe
Resource
win7-en-20211208
Behavioral task
behavioral10
Sample
85fjr24.exe
Resource
win10-en-20211208
Behavioral task
behavioral11
Sample
DDos
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral12
Sample
Rat.exe
Resource
win7-en-20211208
Behavioral task
behavioral13
Sample
Rat.exe
Resource
win10-en-20211208
Behavioral task
behavioral14
Sample
SB360.exe
Resource
win7-en-20211208
Behavioral task
behavioral15
Sample
SB360.exe
Resource
win10-en-20211208
Behavioral task
behavioral16
Sample
Server.exe
Resource
win7-en-20211208
Behavioral task
behavioral17
Sample
Server.exe
Resource
win10-en-20211208
Behavioral task
behavioral18
Sample
Servor.exe
Resource
win7-en-20211208
Behavioral task
behavioral19
Sample
Servor.exe
Resource
win10-en-20211208
Behavioral task
behavioral20
Sample
Sesrver.exe
Resource
win7-en-20211208
Behavioral task
behavioral21
Sample
Sesrver.exe
Resource
win10-en-20211208
Behavioral task
behavioral22
Sample
assvkl.exe
Resource
win7-en-20211208
Behavioral task
behavioral23
Sample
assvkl.exe
Resource
win10-en-20211208
Behavioral task
behavioral24
Sample
bm.exe
Resource
win7-en-20211208
Behavioral task
behavioral25
Sample
bm.exe
Resource
win10-en-20211208
Behavioral task
behavioral26
Sample
cafe.exe
Resource
win7-en-20211208
Behavioral task
behavioral27
Sample
cafe.exe
Resource
win10-en-20211208
Behavioral task
behavioral28
Sample
dqfjr24.exe
Resource
win7-en-20211208
Behavioral task
behavioral29
Sample
dqfjr24.exe
Resource
win10-en-20211208
Behavioral task
behavioral30
Sample
knmbr.exe
Resource
win7-en-20211208
Behavioral task
behavioral31
Sample
knmbr.exe
Resource
win10-en-20211208
Malware Config
Extracted
darkcomet
Guest16
aqo.x64.me:1912
DC_MUTEX-7AAHHXB
-
gencode
6v5t2aHeiJcR
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
107fjr24.exe
-
Size
141KB
-
MD5
ab6db3d9ebb1560c9081c9f7b2f0fa27
-
SHA1
c2327018bba4cec35be4aad1a16b98b369939808
-
SHA256
d52054e01b1fe26ec947917ad40ad763203750b5bb83018eddf41cc1bb505704
-
SHA512
cc3190da2ecc61afbe9c871e3039a4e9f7c87c5531c0e778b4c4ae3339cbe44f8d367e10df302b224b69778bff90a3a387994eab44ef78311cd1171dcaab2c56
Score3/10 -
-
-
Target
109fjr24.exe
-
Size
141KB
-
MD5
e1245adae6e6bd15e954aefbc2e37547
-
SHA1
691ab418cfaf9174c04862074b720071a23e4894
-
SHA256
42642db8fb7d975839368992ee229b6a76fad98840122e8bd12c1d517014708f
-
SHA512
a8f8d958aef81c87c4bc854d9ab4afdcb4cf4444db0f9aa6d77449946b4e98e7d336cb4011e17293d02c21c86c859ad0916e232f5c0c055827e7791d61ed6488
Score3/10 -
-
-
Target
121fjr24.exe
-
Size
141KB
-
MD5
96ef5bf4508b298d0c3be338e6578482
-
SHA1
6c69382beb07e2a55a71e2ae8960e1e0839cad8f
-
SHA256
04774a86cde968bcde830d2871d41341129a696f67a3bc99395cf08b29bb6cca
-
SHA512
c4a7e948a35a4ca7df81784aa090c140f287c837e897c94f8b6f8946ba7c4a04f8917de1249070cb207dad07b3fe9a821231bbf05feb6c222c5a0c2dea00e404
Score3/10 -
-
-
Target
127fjr24.exe
-
Size
141KB
-
MD5
d1f772c90546cc3c8e47c1a74764051a
-
SHA1
1e6a2666cdd92ec8a1e8b783f2984123f6a848dc
-
SHA256
038419e02a6147a3c698ddec8d69d1a88f518a79ab16917e82955245fbd1af9b
-
SHA512
167c0f8b29b622eefa4ec038fb988b460a8b811f48767e303b27f40bd8010cc6d4623e32a5a2f60990ce3d30c1fb88abc2ccac8397de009cf6d098616d5a4f2e
Score3/10 -
-
-
Target
85fjr24.exe
-
Size
141KB
-
MD5
cc4cd5cb397650e5c5c940c048934dc8
-
SHA1
8cad5d0aa2211199eedb325232c360cf35580cca
-
SHA256
34e2f9b95470a8225a9466affd102de9347416fc405c721e5715c12cb47c8d1d
-
SHA512
31c28a6064489288f22393826cf09bb99720440104c02604bc79457ff422b726b52b0f2fcdc893e5e5304cde1ceeac17306fa9be45297d58c131fede90021770
Score3/10 -
-
-
Target
DDos
-
Size
745KB
-
MD5
faa401dd97651b9b6dde523d2efa212e
-
SHA1
629c216585567eaf856e6cc0402a975330ebe345
-
SHA256
3fc2a0bee426bc54e4f3261331ec9ea9a3b5c1ad27094734bc828211f9fdf293
-
SHA512
ab48201e65c45cd77e3460f52af5bbbf0467826dde1039fc6b910db136726c4c47eb311e4b2ac03de348ced8d6c0691d27bcc485399ca7e63851a11a5211687e
Score1/10 -
-
-
Target
Rat.exe
-
Size
204KB
-
MD5
334449566ae89a91a04910a55ce78331
-
SHA1
4e3a77b0145eccdfceaf5a425c5b75acf8a8093d
-
SHA256
3245305f1e0c6a580cfcc5e613fbe9731045b53152c093ed579b4f0336f37b6b
-
SHA512
f3ba014520903b315f73ee95912b8f286a502a20968f99efb6c80df1523ddd236acc1317797f62956085e777c789d6bdcf2d4d248bffea4b7053a7eea282ce21
-
Modifies firewall policy service
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
suricata: ET MALWARE Known Hostile Domain ant.trenz .pl Lookup
suricata: ET MALWARE Known Hostile Domain ant.trenz .pl Lookup
-
suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
SB360.exe
-
Size
221KB
-
MD5
db914865093d68e43ba373505e181bed
-
SHA1
362d30835a783ffc02d4873b4e9fccb2a1013aa1
-
SHA256
fd247afce88192a9ec92665f78dc85f557be4d729357bf7988da2625b39e46d0
-
SHA512
261763b65e6da76f3a8b3334bc56933548d60f8de25c70cbda41a5eeb51c33c4554ee3c3c9b2bd6d425665aae16dcb4819e4394f4beb148cdaa413911fdf6124
Score9/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
Server.exe
-
Size
221KB
-
MD5
636f9d819e55f630488e24dc30284ff2
-
SHA1
037c01050b62b2eb491d34f801a89304152fe729
-
SHA256
5be8cc124d72d465883fddc0a4284bd9d7c54fc4ad4c8a56b6cdb36014c09eb6
-
SHA512
ab74c6912aecbb0f2b50e9647fe3d6efd1734596153ae746e914afae3521bc5791a8decedcea5f20c4cd5729ca4dfa91a6bc5dbbcd7fa99192b1544299611c84
Score9/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
Servor.exe
-
Size
221KB
-
MD5
b4e396953987d7db9bd1b7d863d3054c
-
SHA1
063a776a286abc9b53d471cec30afbd47defb7a3
-
SHA256
c7815a92a415aca590bfec64b7358100919942587a7e1e7ea564294744136b96
-
SHA512
dab472268f2f6ea55adf9d81ca6b3a3cb23c9a8f50af49bb5d80604a704bb0df0bed8ea3b749eabe26c1f0a9e14cad10d0deebafa297bb06238881ff04fcead4
Score9/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
Sesrver.exe
-
Size
88KB
-
MD5
c29fc5fb044cdb3420b93992651ec7bf
-
SHA1
d7005a3a1a36eba87650e47d75ac43987b14daed
-
SHA256
0ebf734c0f1593866d283e862290549cf62ce5dc23fc1a32a3cc1dc3e0c6141e
-
SHA512
7dca2050546a05eda4432c295e85f3dfde67bf470b845d153373e38a8ba0255463afe262cd61b5aea33c5737096745b38a59930c5b3af725ba8d83797cda9fb7
Score1/10 -
-
-
Target
assvkl.exe
-
Size
152KB
-
MD5
bd149a73a8acf2189c9617ac91ce6f6f
-
SHA1
bfc23fe8b90ef007efa95a3692d12a3bb3272e48
-
SHA256
e1ede2abf3e94412564ff62aa01956572995a04778071dbdafe5924448e7a43a
-
SHA512
ae5b27ddc65d5aaf1b424b28b945eee42e1bd97422be7f24598fae90e2ebfb6f21322bea924d0f8f702e5284281f519e1920619cad95a9da9e6f8aefd69b61bf
Score1/10 -
-
-
Target
bm.exe
-
Size
444KB
-
MD5
140ded32fdbf6686dc9dc191ac3259c7
-
SHA1
8942a1f7e907f8c086d91a4e9008b4eb596d6eb6
-
SHA256
b8fe3399840229b96834203706e300ba1d5bce01b84d9f56febb1b95a5817321
-
SHA512
7efaafbb24d1be3f87758f1a50dee17a1d20e5985993c35bb64d9024b6b816328065e01af26e40fcd420b435ba141de1df696080983ab59af28454c8d28011c5
Score8/10 -
-
-
Target
cafe.exe
-
Size
201KB
-
MD5
9bc7781b7d0e6f75afd3175be87a7faa
-
SHA1
c9a2aac50085912f663758f99952012acddaf7ee
-
SHA256
6e67d3deb135464cc43679d886625fcc71dbd90d8f669e625a1bf5e6d5ccd094
-
SHA512
84c84e8b8b1714011bc5c5af9d85c1a21937ee26b7e9a27532163c1b1336fa7fe109a2416158ef4aae260f7ab1d6ba482901d5a42513d9d8253e8dd0c43747b3
Score8/10-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
-
-
Target
dqfjr24.exe
-
Size
141KB
-
MD5
79c01b6869911c263c593c9b4dd239db
-
SHA1
d6a826434b6bcb720591c067923b069f3b86e817
-
SHA256
2283703bbcb74562c72f19d5a33040766a68b015d1e567dabe306fb6f7f6098f
-
SHA512
19bff90c2aa5428abf0f4a23d15e182c827aed2827701a1c63b24c3f4d18a1382b6b29d5c1a77bc7d793fe07a789cb87e4f063b69c1b6439404f958ddeb38511
Score3/10 -
-
-
Target
knmbr.exe
-
Size
48KB
-
MD5
0948f2d2dcbce2b419dea831ca795879
-
SHA1
81b61a57222ecbd41c932fbd10582ad0e4dd7f1c
-
SHA256
dfc637012a04a153c7838ba5dd3903da41e64e972305b95aba8a58632494d890
-
SHA512
062dff0e28b6da3da2c0a0574563e32f7447439bdf362b5000d584c1b1eafbd6cb29b9768a5bcf0413e0f6843efcdcc11cc72f422a313b0d6d25a0a9a139a929
Score1/10 -
-
-
Target
muzzo.exe
-
Size
759KB
-
MD5
ed4ada0fbf4da07b39942baadd5dfe64
-
SHA1
3194017d920eb49a50958aab91101e598423bed3
-
SHA256
95c4c2fc868d338f9b9aa3b3432f076499eb41ad308de0abe11187f790577c37
-
SHA512
9fba4200e6dee41ef526b588363b829dfa4c66f51662c3c0c7832c8317b6a75e4ddb6b7d9a953d615162a6beab62140ab21fd49a8a70315a035ee0000dc2f24b
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-