Overview
overview
10Static
static
1078769e4085...7e.zip
windows7_x64
178769e4085...7e.zip
windows10-2004_x64
malware-an...er.pdf
windows7_x64
1malware-an...er.pdf
windows10-2004_x64
1malware-an...is.pdf
windows7_x64
1malware-an...is.pdf
windows10-2004_x64
1malware-an...ypt.py
linux_amd64
malware-an...ypt.py
linux_armhf
malware-an...ypt.py
linux_mips
malware-an...ypt.py
linux_mipsel
malware-an...ons.py
windows7_x64
3malware-an...ons.py
windows10-2004_x64
3malware-an...is.pdf
windows7_x64
1malware-an...is.pdf
windows10-2004_x64
malware-an...tt.ps1
windows7_x64
10malware-an...tt.ps1
windows10-2004_x64
8malware-an...tt.vbs
windows7_x64
malware-an...tt.vbs
windows10-2004_x64
7malware-an...er.ps1
windows7_x64
1malware-an...er.ps1
windows10-2004_x64
malware-an...od.ps1
windows7_x64
malware-an...od.ps1
windows10-2004_x64
10malware-an...44.exe
windows7_x64
10malware-an...44.exe
windows10-2004_x64
malware-an...55.dll
windows7_x64
1malware-an...55.dll
windows10-2004_x64
malware-an...xes.py
linux_amd64
malware-an...xes.py
linux_armhf
malware-an...xes.py
linux_mips
malware-an...xes.py
linux_mipsel
malware-an...dra.py
windows7_x64
malware-an...dra.py
windows10-2004_x64
3Analysis
-
max time kernel
38s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
21-05-2022 11:11
Static task
static1
Behavioral task
behavioral1
Sample
78769e4085312f21cc67e77bfdd136f9a30d34e2d2a5d8870f2ebbeb7c3a8f7e.zip
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
78769e4085312f21cc67e77bfdd136f9a30d34e2d2a5d8870f2ebbeb7c3a8f7e.zip
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
malware-analysis-writeups-master/agent-tesla-loader/agentTeslaLoader.pdf
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
malware-analysis-writeups-master/agent-tesla-loader/agentTeslaLoader.pdf
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
malware-analysis-writeups-master/ava-maria-rat/AvaMariaAnalysis.pdf
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
malware-analysis-writeups-master/ava-maria-rat/AvaMariaAnalysis.pdf
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
malware-analysis-writeups-master/ava-maria-rat/helperScripts/buerBeaconDecrypt.py
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral8
Sample
malware-analysis-writeups-master/ava-maria-rat/helperScripts/buerBeaconDecrypt.py
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral9
Sample
malware-analysis-writeups-master/ava-maria-rat/helperScripts/buerBeaconDecrypt.py
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral10
Sample
malware-analysis-writeups-master/ava-maria-rat/helperScripts/buerBeaconDecrypt.py
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral11
Sample
malware-analysis-writeups-master/ava-maria-rat/helperScripts/buerCatchBeacons.py
Resource
win7-20220414-en
Behavioral task
behavioral12
Sample
malware-analysis-writeups-master/ava-maria-rat/helperScripts/buerCatchBeacons.py
Resource
win10v2004-20220414-en
Behavioral task
behavioral13
Sample
malware-analysis-writeups-master/bashar-bachir-chain/bashar-bachir-analysis.pdf
Resource
win7-20220414-en
Behavioral task
behavioral14
Sample
malware-analysis-writeups-master/bashar-bachir-chain/bashar-bachir-analysis.pdf
Resource
win10v2004-20220414-en
Behavioral task
behavioral15
Sample
malware-analysis-writeups-master/bashar-bachir-chain/files/avastt.ps1
Resource
win7-20220414-en
Behavioral task
behavioral16
Sample
malware-analysis-writeups-master/bashar-bachir-chain/files/avastt.ps1
Resource
win10v2004-20220414-en
Behavioral task
behavioral17
Sample
malware-analysis-writeups-master/bashar-bachir-chain/files/avastt.vbs
Resource
win7-20220414-en
Behavioral task
behavioral18
Sample
malware-analysis-writeups-master/bashar-bachir-chain/files/avastt.vbs
Resource
win10v2004-20220414-en
Behavioral task
behavioral19
Sample
malware-analysis-writeups-master/bashar-bachir-chain/files/downloader.ps1
Resource
win7-20220414-en
Behavioral task
behavioral20
Sample
malware-analysis-writeups-master/bashar-bachir-chain/files/downloader.ps1
Resource
win10v2004-20220414-en
Behavioral task
behavioral21
Sample
malware-analysis-writeups-master/bashar-bachir-chain/files/nod.ps1
Resource
win7-20220414-en
Behavioral task
behavioral22
Sample
malware-analysis-writeups-master/bashar-bachir-chain/files/nod.ps1
Resource
win10v2004-20220414-en
Behavioral task
behavioral23
Sample
malware-analysis-writeups-master/bashar-bachir-chain/files/nod_Cli444.exe
Resource
win7-20220414-en
Behavioral task
behavioral24
Sample
malware-analysis-writeups-master/bashar-bachir-chain/files/nod_Cli444.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral25
Sample
malware-analysis-writeups-master/bashar-bachir-chain/files/nod_Cli555.dll
Resource
win7-20220414-en
Behavioral task
behavioral26
Sample
malware-analysis-writeups-master/bashar-bachir-chain/files/nod_Cli555.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral27
Sample
malware-analysis-writeups-master/bashar-bachir-chain/helperScripts/extractNodExes.py
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral28
Sample
malware-analysis-writeups-master/bashar-bachir-chain/helperScripts/extractNodExes.py
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral29
Sample
malware-analysis-writeups-master/bashar-bachir-chain/helperScripts/extractNodExes.py
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral30
Sample
malware-analysis-writeups-master/bashar-bachir-chain/helperScripts/extractNodExes.py
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral31
Sample
malware-analysis-writeups-master/razy-variant/razyVariantDecryptStackStrings_ghidra.py
Resource
win7-20220414-en
Behavioral task
behavioral32
Sample
malware-analysis-writeups-master/razy-variant/razyVariantDecryptStackStrings_ghidra.py
Resource
win10v2004-20220414-en
General
-
Target
malware-analysis-writeups-master/bashar-bachir-chain/files/downloader.ps1
-
Size
996B
-
MD5
c40333c90f34d4cbbc45c7ed4e1cd7bf
-
SHA1
3bce9f938bb194b2c780899348459d501cc9ee2e
-
SHA256
4e20f10918cfec989ae62dcbaa53aa2135ccfbf54a40c00c90519b7724d0e3da
-
SHA512
b79bd0d50484fe309e8b7808f6d6f256ad5edf7bca386b02d632d2b27739c045e89aea9867dd93c5cc4f7ea0233ee57e29ef7c21a6675015a610878c714562d5
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
powershell.exepid process 1444 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 1444 powershell.exe
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\malware-analysis-writeups-master\bashar-bachir-chain\files\downloader.ps11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1444-54-0x000007FEFBCC1000-0x000007FEFBCC3000-memory.dmpFilesize
8KB
-
memory/1444-56-0x0000000002410000-0x0000000002490000-memory.dmpFilesize
512KB
-
memory/1444-55-0x000007FEF34F0000-0x000007FEF404D000-memory.dmpFilesize
11.4MB
-
memory/1444-57-0x000000001B760000-0x000000001BA5F000-memory.dmpFilesize
3.0MB