Resubmissions
28-03-2022 02:35
220328-c3bd6acaaj 10General
-
Target
4725830711934976.zip
-
Size
66.6MB
-
Sample
220328-c3bd6acaaj
-
MD5
594b589fa809085c792dc65f26b749be
-
SHA1
8cd6370d80d84182a55af37f39c663bd71950d82
-
SHA256
98b6f22370f59fd9482bf2f6c622c2afc92a441917328b2337d4b4780ab7201a
-
SHA512
58491b741882b2da20690c52935cd58b153283136749ad8caf7075bc1730f14b00dec41f8614793a4f9fbb9e6f8babcede8da929aef4a8d27fb2a5626015815b
Malware Config
Targets
-
-
Target
03bf25deb99486e193a91bbcab909accc31ed63a23541944a1129dbacbade4f2
-
Size
1.6MB
-
MD5
0d8a65ef4a62211c1f7b8b06405017bb
-
SHA1
74254903e5200f49db8374a9238af2807b42af28
-
SHA256
03bf25deb99486e193a91bbcab909accc31ed63a23541944a1129dbacbade4f2
-
SHA512
b9786144771e4b8823a29cdcf55f80b84c7ee827a16e26482d644fe904a9699dba50ea22827242dc3d0f461318f8eceb75f60620ffd866f70cbc9af2fe8f7842
Score1/10 -
-
-
Target
??????V17.0.exe
-
Size
1.7MB
-
MD5
ef7807c1dd5119374a57942042feec3a
-
SHA1
0f6bb215f40a6b9b2a4995feb397599a75f4e9f3
-
SHA256
10f6750074bea056d42958846b8de840c0cc58c765ecefc684b0cf5797ed27e1
-
SHA512
bd6be98dbfb3ba62ca1260519a239fe99856e1396710a0aee347e0629b27bc271a755dc216bb146b41f0063afcd9e90fd7d0f687c7f53d096c98acfe50ee1283
Score3/10 -
-
-
Target
0a4b3a05f79c66c047d02874b75208964d1930b5983a19e5365a6e4fe286f6e0
-
Size
7.5MB
-
MD5
64d091595378cb68b6485f24282c4026
-
SHA1
7d6e8f00857849e3f3e4a89b5431d399ba743d8c
-
SHA256
0a4b3a05f79c66c047d02874b75208964d1930b5983a19e5365a6e4fe286f6e0
-
SHA512
b7f1c32b529923a582b75b4316cb2f063efdf516705611d28a365c1b7a5e7d619ee9118ac797ec551451e05673fe49a3ee37766b30c24ecf6b8ee51617eb198d
Score9/10-
Nirsoft
-
Executes dropped EXE
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
-
-
Target
1286783ba7602d5456c62fd69fd73bea63c739230352d54e962b03e8d4a6a3da
-
Size
7.3MB
-
MD5
133bc66ee8274210ca0e39cdc3a5dc7e
-
SHA1
f868d0a9d27d27dadf742b278045bb347fd589f5
-
SHA256
1286783ba7602d5456c62fd69fd73bea63c739230352d54e962b03e8d4a6a3da
-
SHA512
f9846452d200b1adfb69bad84f1b289017cc6ef3a8446fdb0b8f8cb1131a7cff68cba34cc85b41b768b50ef3352d8e431519e8b5f756e5e992b93798a44cd5a4
Score9/10-
Nirsoft
-
Executes dropped EXE
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
-
-
Target
2129e7015548f74908e22b4270a483d3f2c4a9e6335739c26c4c901fa86b77a9
-
Size
1.1MB
-
MD5
f67582c40fd92e25f8392e6d3d7c3942
-
SHA1
df09a317d1cea0ed16f8d4a5de096d7169b7bce5
-
SHA256
2129e7015548f74908e22b4270a483d3f2c4a9e6335739c26c4c901fa86b77a9
-
SHA512
49e9b1f6d1df035ec97eac473e3194d69269ce63f34d1e3c99a7a7785189d5e35750d7538695cc8aba374c9a3b58109fe56364f033e4b8a7d150369c68f125d1
Score3/10 -
-
-
Target
29cc23f49938a7cd221e161b2ebb6ee9d8399aa031869ee011a059d9bf5ff831
-
Size
4.1MB
-
MD5
2db2ba00c9744a61de32bb7d999204dd
-
SHA1
6406306919d844a2626f3e927bb08b985bb834b8
-
SHA256
29cc23f49938a7cd221e161b2ebb6ee9d8399aa031869ee011a059d9bf5ff831
-
SHA512
8e277063b91c4cb17fdcf217530165f565228bd67e0e37082cc6182620a548c450564c12c0e24fffe6b592323cc4d24f6ca588e85799f03e61851ec65c6135dc
Score1/10 -
-
-
Target
3536ff0652b3dc66e28dd0700e28829f8d57713d43b92dc5445fe988e7795d5a
-
Size
46KB
-
MD5
23ce25dc885f1f20734d73a0fc9677c2
-
SHA1
d44130065be419813af757d813714a7ba7765124
-
SHA256
3536ff0652b3dc66e28dd0700e28829f8d57713d43b92dc5445fe988e7795d5a
-
SHA512
4ab26c54dd2035e68091f9dca936f4f30c79fc6d2a7978bec8dd80a0a56c302c5af7ec77ec788df1b441c6fd097ae5bf70b6e9408ba504842def20e63b1291c0
Score1/10 -
-
-
Target
3e6c4e569c9254a2d8e3d8ceccba13dc8b0e65b2172c2e9e1d3bf1a1b18e56f0
-
Size
306KB
-
MD5
6d0e581f0ea82c4b097563c9dcb4f133
-
SHA1
19bf6dab6a1c0e2122dd16fe6d72e12083cb0d2b
-
SHA256
3e6c4e569c9254a2d8e3d8ceccba13dc8b0e65b2172c2e9e1d3bf1a1b18e56f0
-
SHA512
90f53a0838ca3a1f32d79ecc765f7866b6683bc0407920f67596779b8f423098d0b03926e190ad42bd51c101f898ccd8dfcafafe71b723796363e105c54de610
Score1/10 -
-
-
Target
54c7b993776472802f7a61d243eb7684a48dfaec1d3fdbabbcde8fef84a5d894
-
Size
4.1MB
-
MD5
0b55818c3602569b983c9d23e2507aa6
-
SHA1
f503a853f4c92652c0c728ccdf8fc996534a7c0d
-
SHA256
54c7b993776472802f7a61d243eb7684a48dfaec1d3fdbabbcde8fef84a5d894
-
SHA512
ec80279d82dc8637ff35d6f0caace15d9a25c34a0a7cc425858e2f0ba84a8e31440a0416ebd88c70a8e558e1318ea6d2546c1507c68bd8e14b8b05820af6d4df
Score1/10 -
-
-
Target
595aa6288029577e27ccbcf265aa654ef600d3b058b06ad441ebfd37371bc50a
-
Size
899KB
-
MD5
82231c2b964bf431993bdbbd8dbcac57
-
SHA1
13874974452524cc0ece542db90ba7c8ab507202
-
SHA256
595aa6288029577e27ccbcf265aa654ef600d3b058b06ad441ebfd37371bc50a
-
SHA512
db4e7f1209ec1292eabc557676e8814bb5fdba2b981f0071d5b2dde9b275c6d763a8fbc4fe12df3906fc15fc65c99e40cdc693e1c73af14280be094068edd911
Score3/10 -
-
-
Target
61eb576454a7fd7435fc0469b86b9b8285d14daf7e172281ade900cef3dda7c7
-
Size
1.6MB
-
MD5
9204fade0448dfb3d010f292e4542b0d
-
SHA1
ce5e1f636174fde5527ddddde71d12f49aecd924
-
SHA256
61eb576454a7fd7435fc0469b86b9b8285d14daf7e172281ade900cef3dda7c7
-
SHA512
1827ab8bc2a162fd6d40f17b30263e62a863b9617d493ed7dcaa4e691eeb41620e2bd449affcbe6e6d61422f04324e54187b63187943a01c8be67926d6760423
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
721fd781881c0cda7dc52ff2d24b4a9dabe9854317098bb863f8e591c773cb27
-
Size
4.1MB
-
MD5
35d6bd44d2e4c643aacd363f54e439ab
-
SHA1
fb5ca4e17c42f831af4e6aa8a56ea5b43de53693
-
SHA256
721fd781881c0cda7dc52ff2d24b4a9dabe9854317098bb863f8e591c773cb27
-
SHA512
8efbd614af05187f66ffd1be270927d40d4d0995b5e84b59e3cc33fe0bf8b9540dc540a629cbf83da3c09a8fae445c6a0f49bc4654b8684baae9332c197709c4
Score1/10 -
-
-
Target
7a6bc0ae4129f80c321dd2500a974a6b1e77829f76fddb57f36cbb886e6c295f
-
Size
1.1MB
-
MD5
8f36a9e4d7a4e51ac41cfa85e01a4294
-
SHA1
bd54421ecf16a660f8a81f1abef27d29d125885e
-
SHA256
7a6bc0ae4129f80c321dd2500a974a6b1e77829f76fddb57f36cbb886e6c295f
-
SHA512
852a9f4aecaf4af1bf18478e1fb752f777d2189ec48a819d35adb9ca5191dd4aa6629f9f1441c1e3e31fbce515d36ddad0c96a320b494cd040c10366c513e580
Score3/10 -
-
-
Target
7c0fdee3670cc53a22844d691307570a21ae3be3ce4b66e46bb6d9baad1774b8
-
Size
679KB
-
MD5
2e832d488bf522cd733eee08f24b649b
-
SHA1
87959413ece381dc38269f491b692ff024bbe9d3
-
SHA256
7c0fdee3670cc53a22844d691307570a21ae3be3ce4b66e46bb6d9baad1774b8
-
SHA512
08da7050bbcf045e367f20b6e6fb15ecae88aa38cb0c1d3111f901b237b7176eec9eb0ee00ba8c7f51c89d9d51c8316b612e2eedf4fa4564635d811bee552ac5
Score1/10 -
-
-
Target
7e489f1f72cac9f1c88bdc6be554c78b5a14197d63d1bae7e41de638e903af21
-
Size
628KB
-
MD5
d2ffdb6c788f07c45cfd1441f6da9e47
-
SHA1
928f56d1329d2b1ccbaf1ecef5f0cea348bd0595
-
SHA256
7e489f1f72cac9f1c88bdc6be554c78b5a14197d63d1bae7e41de638e903af21
-
SHA512
e11d99a1f9652da6163535bcb122b86bc1e502a132090819b229d6068069c4ea05e2f7f637cee8cf69499cfc3d18e1af2a377ace0eba7f261f6e38c63eb45866
Score1/10 -
-
-
Target
8a3a5aa3a0b6366f18192afa46ae0bec911941359e488c25587b19bc55600f20
-
Size
2.3MB
-
MD5
a817a789f0169b248c38588d876cd1ed
-
SHA1
cc5ff4d0f50b755e71d8e2a22e500c810c14a432
-
SHA256
8a3a5aa3a0b6366f18192afa46ae0bec911941359e488c25587b19bc55600f20
-
SHA512
495740133368fed62c781212ceb168fb0ec0ac3eea4938e7d200030fd3335322646e180c092474a2777f085c0016b001e0183e3cb49770a27e7227f7bb6eefcf
Score8/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets file execution options in registry
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-
-
-
Target
8bec56724443b4142ceea109f5179fe34f2c6ab51a0996b822b928e818201e2e
-
Size
378KB
-
MD5
20bfbd02d5adc2d6fc29f3aa1630ffc5
-
SHA1
19a7bc7acf042ab53d04994bfbd29776008e8fc7
-
SHA256
8bec56724443b4142ceea109f5179fe34f2c6ab51a0996b822b928e818201e2e
-
SHA512
852fd8d0a09d87f8e4acee5606c7f7bf8f48beb83b89c2f0571036c099ceed835682ffbcaa6c2c377df8839da80f5915156e68b36eea85955c0c9bc98d8fe0dd
Score7/10-
Loads dropped DLL
-
-
-
Target
91e956fd598ecef4c04bc0d4b5852ac91aa260d7252a2020ddf1ce15d0d10521
-
Size
1.7MB
-
MD5
2dc01b462fec64646263786706d2a686
-
SHA1
a2b8a7302032b349a76d00ccf86f3ad7732608ca
-
SHA256
91e956fd598ecef4c04bc0d4b5852ac91aa260d7252a2020ddf1ce15d0d10521
-
SHA512
98e371a2e4833c8271133d73b6c6615330ba7583f42d15d463addeb373134c83cd62225280876d5548d7dbe4c771543f0fc9465688776ce56c671d6afd063720
Score1/10 -
-
-
Target
94fe30df66ffa19efb5d4d95f11212273c008788410c6e59e251589ce1cea5ff
-
Size
4.2MB
-
MD5
be67e31b7773601efa2095b71471aa7a
-
SHA1
9d4dcc899df653e48e6becb3b4001bf6d91f44be
-
SHA256
94fe30df66ffa19efb5d4d95f11212273c008788410c6e59e251589ce1cea5ff
-
SHA512
2e125ba0b54b2745e4288b1fb2e4040b2228ad022d9d661400781ca837bd864f5a1eee4c360f2e3fd2dcd35f91d0009ca5d8da7275b9e60aa054ad86432fdb33
Score10/10-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
-
-
Target
a0262556d45bb84c1e5d907fe3c7071793d39ba2bb8f5a1f775ec3fea35a0fa3
-
Size
4.9MB
-
MD5
a3b38d87f03b7f90c61402ece21f5049
-
SHA1
0c8159fcced6eb0f29b6b2996b2d9149e1b68387
-
SHA256
a0262556d45bb84c1e5d907fe3c7071793d39ba2bb8f5a1f775ec3fea35a0fa3
-
SHA512
f80af02b0c97b0cbb3ac9f5cac541de421b7e79a562dfc67c1843a5aef8a78c257aff06c016c93c924f85d72701faf2940cb2b9d1033c514a84a4d9abad65e78
Score1/10 -
-
-
Target
heukms/HEU_KMS_Activator_v19.5.1.exe
-
Size
4.8MB
-
MD5
7cd8b711be93ff8858b7dc753c4065ca
-
SHA1
358ead5466fd6f67545cd77d87d541235449558f
-
SHA256
4159ba56c793d9a4ea76a1f364534e9af97ba28e750104697c10d6d97f6c2cfa
-
SHA512
99a03912de71e832de24f16f225c38325ad4d5358f31286fe9e27e8face8590aac2ac29abe3d49833154e02ef4612e6dcf6444d7e397baeae3d43d9e6ff6b897
Score8/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
-
-
Target
a355a148d687d4d2c03c63f9d142fb3eb423700d46668345c17bfc83ece7100b
-
Size
1.8MB
-
MD5
f7a312246c24032738a403e8cbeeb60e
-
SHA1
fa2deea341f2320e4168e8ad26669fe4c904aa75
-
SHA256
a355a148d687d4d2c03c63f9d142fb3eb423700d46668345c17bfc83ece7100b
-
SHA512
6a4c9b4367535bbfd2d7c7d4b28edbeacd597b1da9d747e3a27898fea9de3143f73d610a34a2643c5dd8c4d3fd02652a044e88c5f274d0d56f6389953dff2005
Score1/10 -
-
-
Target
b00ffa55cc974a66746bf571818810ec123ad541dc8dd8a967d644f7a65bf085
-
Size
1.1MB
-
MD5
6185516bf6ba747388bcc0a208b20b0d
-
SHA1
f7fc9e0dc8c16f642518fb0c67b5e6e770736d46
-
SHA256
b00ffa55cc974a66746bf571818810ec123ad541dc8dd8a967d644f7a65bf085
-
SHA512
5ffc2a24e9e282e32c57e0021fbc5f56b329784c1d52e40ee5416d36f592d172f7a66b00a2c6594befd6e1e478f84b1c35f25eb0b948a3b1a19439bd1b1e5444
Score3/10 -
-
-
Target
dca66d16eeb26f3805ae66bac53c261c2c274c88b7ea364d9b155b39a26e2e1e
-
Size
1003KB
-
MD5
0fe6faac19f3bdba8cefad141ced2698
-
SHA1
39ec535165be3bcfd96bfc54773df16a07f5078a
-
SHA256
dca66d16eeb26f3805ae66bac53c261c2c274c88b7ea364d9b155b39a26e2e1e
-
SHA512
8165a8bb7cfa653634d6314bb51bc2f874d38999bdde86e29e753b3945f8aa9d3cccbe169b80ca737fbeca523bef933ae84c167d3b0cbe3e694b766f5e9b2fbd
Score3/10 -
-
-
Target
mini-KMS_Activator_v1.3_Office2010_VL_ENG.exe
-
Size
1018KB
-
MD5
be7563a984dc5168ce14181b90432859
-
SHA1
b98280f7310095da26de3e448beb489998f74c54
-
SHA256
e9045c4012cdfd4f2911db303478527e2006aa3b148dfdbacae85b4ee3b52e5e
-
SHA512
363339b8c932c69473ae34daad38fb0f86979a6173a2ca570b28a767251299af97c81376a2b1c41f2eeabe86e6933a332f9c891d9eb2ba4893910fee1c6d3f12
Score9/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
-
-
Target
eb54cd2d61507b9e98712de99834437224b1cef31a81544a47d93e470b8613fc
-
Size
747KB
-
MD5
f2fdac648a9fdb5a0cf7bfdbe969f9cf
-
SHA1
fb381f2fd1e0ed38884458c6efa4b5ee8624920e
-
SHA256
eb54cd2d61507b9e98712de99834437224b1cef31a81544a47d93e470b8613fc
-
SHA512
7bdb8d9cfcdd9c4ac0a0cc6576b90577625476620877c9c598d58b469087930b94f3a99520998a0b7846c19043eda744765017267f5c1fbcca0433606f76bbfd
Score1/10 -
-
-
Target
eb83ccd27c799b395ceb8c2d812f816d86a5688eee9b9145c11bbb9d37b5e43b
-
Size
140KB
-
MD5
2f50717c67ea1d0954964d73d039c674
-
SHA1
b18f5472728f0f1a2f4d55563a44512ea99abaa6
-
SHA256
eb83ccd27c799b395ceb8c2d812f816d86a5688eee9b9145c11bbb9d37b5e43b
-
SHA512
963e3c70a2a0e0b30f6b0d1fda3db2d95a0f2f0af3fb88d1d4f3cb0274006d5342c9f86127853e78cdf4cf2fdcff643ff6a53171cb307df0e30a1880e95a4ea9
Score10/10-
Modifies visibility of file extensions in Explorer
-
-
-
Target
eb87a4c70b7ef88575c4f1fd1ac47361d20a738ba95d05b91a018a313fdea003
-
Size
1.1MB
-
MD5
33ae8b0074cad80ed1580cef57e84085
-
SHA1
8087a7c156f97be81201c712e2ad91214ecf9d6b
-
SHA256
eb87a4c70b7ef88575c4f1fd1ac47361d20a738ba95d05b91a018a313fdea003
-
SHA512
c9c98d532cfe900e846b5c1fbc9bd2db118fe3ada60d5545f42eadea9e292d9d445d43d069d86484332b0ab8db298724d42aac6debc503fc17e6ecd081fb7422
Score3/10 -
-
-
Target
f05119aa888842e9e2f48040c766ced23ea40f89d9c0160cafef0c7d5c96f5eb
-
Size
1.2MB
-
MD5
a04b117357ed889fa4bfc570c8985f10
-
SHA1
648cb607d4b79b8084fe49b18a5c54e3e6e535ca
-
SHA256
f05119aa888842e9e2f48040c766ced23ea40f89d9c0160cafef0c7d5c96f5eb
-
SHA512
da891878d60cf559b4f2593a1c185867d3dd8336c68053f6706eff114bab6b72a2e4066e03fc88c8d51d30f648872fede4f136ca69d9ca508bb253c691165298
Score1/10 -
-
-
Target
fb01b16f033d19e5533c9e0846c510649eaa5c21321d1a5b9b284ab2655424ca
-
Size
903KB
-
MD5
47a35e4624d24bba8993655afa885e9c
-
SHA1
fc18dd5e016ceb291b33565d4f5457a983a04b11
-
SHA256
fb01b16f033d19e5533c9e0846c510649eaa5c21321d1a5b9b284ab2655424ca
-
SHA512
c57f9bb18257487641b75979e2b251b21552cdc58541ba1968f6ed91cd5ad8445da65eaf347983a92bf5fea9a57b4f14368c3b079f547ff069cde7ed5aa0b9b8
Score3/10 -
-
-
Target
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
-
Size
55KB
-
MD5
ff5e1f27193ce51eec318714ef038bef
-
SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
-
SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
-
SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
Score10/10-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
fe9e92957e22f009fd22fba305caa0172d5dcdd11010b848dc75913e640473ca
-
Size
4.6MB
-
MD5
92f16f34cabd29b2c587dd3a06e35afb
-
SHA1
b9eacfe86a6e6b2ba8fb3b706007f5d375242a55
-
SHA256
fe9e92957e22f009fd22fba305caa0172d5dcdd11010b848dc75913e640473ca
-
SHA512
4804b6f82dbfc716ae5b763eb80383f5c919244a380e3f73a7c7d224fe73ab884ee6dddd1fb6a5522c3547da292056f0796bcf11b97a29cba2fa5622510ea323
Score8/10-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v6
Persistence
Bootkit
1Browser Extensions
1Change Default File Association
1Hidden Files and Directories
1Modify Existing Service
1Registry Run Keys / Startup Folder
4Defense Evasion
File and Directory Permissions Modification
1Hidden Files and Directories
1Install Root Certificate
1Modify Registry
11Virtualization/Sandbox Evasion
1