General
-
Target
414d68f1148a3b596cef9291ebd25582017349216f259819c4d7c6c66dc4384d
-
Size
560KB
-
Sample
220708-gxe8dacfdj
-
MD5
8a50fcc6c2105975cb4c1a9d9c093011
-
SHA1
f2dfc211c94cc29752e72a9501205da3b8043a32
-
SHA256
414d68f1148a3b596cef9291ebd25582017349216f259819c4d7c6c66dc4384d
-
SHA512
3e15e35f58330a77f7c52fb59ab57ea4521d1e40952efd009eb5dba8adac28aaef334f8b2d9c4413acb40c16d697386266a3890734e872fb25011789307007d7
Malware Config
Targets
-
-
Target
??????.url
-
Size
219B
-
MD5
122e953f3a92541c27cc62db2d9bb0f7
-
SHA1
5c85d98b4bce0daac9631297ddb00b005161d131
-
SHA256
5bf9390d32df4da5ddb91425fc5002768a85305964a8e0cb8eda391b4b6511dd
-
SHA512
77240964186d2e9c9c73ed6bf13edccaeb40c0d8cbf477080c9a40a76d044964330e97421e4b45818bfbb2688e6bfaf6720a52f2efdd3b944f3624b1b5767583
Score6/10-
Adds Run key to start application
-
Checks whether UAC is enabled
-
-
-
Target
QQ??????.exe
-
Size
260KB
-
MD5
cd257896979746de99a8e34af8825d10
-
SHA1
7db16bedc1b75bd396e12fa004de64c0d9071ada
-
SHA256
d18362ea9358a4beebf80b5f138cb244a63d08e617d1704cce08561dde42a96f
-
SHA512
0937b714d4f4cf47e8a30ab82b92637321b636f724db42da687c2a758c1e2269de3005876897a64cde9552738cf9d78a4486e1290c1285720bcbd9b6ce305c96
Score1/10 -
-
-
Target
UnRAR.exe
-
Size
343KB
-
MD5
61719f5c7a2b004e5eeeb736432259cc
-
SHA1
ed6c92d8888d90b881f503129059eab6afadaae2
-
SHA256
c3c986d91d89bb66a99e6de6f19b1590a4e56534724c0a453b482c8f68886c94
-
SHA512
68b2947708523005c29e2d8cf9614f78ae39dd745acd15d0279bc6193dd20cc1051956dcd4660eeac843cadef1ece30ae1af576de9da2503cb9730f2bdda66ee
Score10/10-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
-
-
Target
data.exe
-
Size
121KB
-
MD5
ecffbccad6aecd736cbc7e9ba525a00a
-
SHA1
195636cf0307fd7e56c4254bba6a500c5421b934
-
SHA256
313ee6496bf01e9b17d76081ebe76efd04c6fc056ff9749cfff960a00fe36299
-
SHA512
d7d3f7c60b3045fe109b40b5d18a3348eb25da2f7dc2832dc7855e66de714b1c40963e3a9b138df3aabfd3fc4ddac5731221037c171e5b85634ed7d847e23de5
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Adds Run key to start application
-