Overview
overview
10Static
static
7Brute.exe
windows7_x64
10Brute.exe
windows10_x64
10Brute.exe
windows10-2004_x64
10Leaf.xNet.dll
windows7_x64
1Leaf.xNet.dll
windows10_x64
6Leaf.xNet.dll
windows10-2004_x64
10Newtonsoft.Json.dll
windows7_x64
1Newtonsoft.Json.dll
windows10_x64
6Newtonsoft.Json.dll
windows10-2004_x64
10General
-
Target
Brute_Paypal.rar
-
Size
3.8MB
-
Sample
220211-jvpedaeadr
-
MD5
589617b0d2003a64e96b5b97bbe3d6aa
-
SHA1
a25351038ce19bcc9c69f4f21307121a4bea17ec
-
SHA256
74bec14e77146923dae84d4aeb0ca036182b967f4ee69818c972d1c19906eede
-
SHA512
da52a70d61e861afe7979e8cb615e7da8ef5072a88b74f047544eb9423aa308620bce4b57abdbc16e658fece05b77fbd80d056c54f1f307c864ea4a55be86f6c
Static task
static1
Behavioral task
behavioral1
Sample
Brute.exe
Resource
win7-ja-20211208
Behavioral task
behavioral2
Sample
Brute.exe
Resource
win10-ja-20211208
Behavioral task
behavioral3
Sample
Brute.exe
Resource
win10v2004-ja-20220113
Behavioral task
behavioral4
Sample
Leaf.xNet.dll
Resource
win7-ja-20211208
Behavioral task
behavioral5
Sample
Leaf.xNet.dll
Resource
win10-ja-20211208
Behavioral task
behavioral6
Sample
Leaf.xNet.dll
Resource
win10v2004-ja-20220113
Behavioral task
behavioral7
Sample
Newtonsoft.Json.dll
Resource
win7-ja-20211208
Behavioral task
behavioral8
Sample
Newtonsoft.Json.dll
Resource
win10-ja-20211208
Behavioral task
behavioral9
Sample
Newtonsoft.Json.dll
Resource
win10v2004-ja-20220112
Malware Config
Targets
-
-
Target
Brute.exe
-
Size
3.6MB
-
MD5
a96e9cb0519ef7a3ab1fa9c1f52e8cbd
-
SHA1
5e2169ceaf3e28289bc6c5ec4ac1b469d17f5ba8
-
SHA256
c2e3de80d6a602cd08cba211d41af12236fb7faa63ed046eff261bdc4408e63c
-
SHA512
d333cf02075e1f23b54edc0e44112df1fc71519f2b2a3dfad2d27b253e90c80dc265a1e6f2f340fb76395e00307e7bd12f563faeae589331d73918de8c26cde1
Score10/10-
Registers COM server for autorun
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Leaf.xNet.dll
-
Size
129KB
-
MD5
ea87f37e78fb9af4bf805f6e958f68f4
-
SHA1
89662fed195d7b9d65ab7ba8605a3cd953f2b06a
-
SHA256
de9aea105f31f3541cbc5c460b0160d0689a2872d80748ca1456e6e223f0a4aa
-
SHA512
c56bd03142258c6dcb712d1352d2548a055fbb726ee200949d847cb2d23d9c52442b1435be0df0bf355701a2c1a3c47cd05b96972501f457d2d401501d33d83a
Score10/10-
Registers COM server for autorun
-
Executes dropped EXE
-
Sets file execution options in registry
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
Newtonsoft.Json.dll
-
Size
685KB
-
MD5
081d9558bbb7adce142da153b2d5577a
-
SHA1
7d0ad03fbda1c24f883116b940717e596073ae96
-
SHA256
b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3
-
SHA512
2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511
Score10/10-
Registers COM server for autorun
-
Executes dropped EXE
-
Sets file execution options in registry
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-