erbium | jeammah5_beget_tech[.]bin[.]dll

Resubmissions

22-09-2022 16:56

220922-vfw2fsbhg6 10

22-09-2022 16:47

220922-vaqbqabhf5 8

09-09-2022 00:00

220909-aab4wagbf3 8

Sharing

Copy URL

Twitter E-mail

General

Target

jeammah5_beget_tech.bin.dll
Size

2.7MB
MD5

252d06bd87a3287e88b25b5686820dc5
SHA1

85c2ec0d59900331c61731fec723004544ce6796
SHA256

ec3888e4031b443d7eed51bb3bd9d51207acc90cc60c49270e43724b059b7f63
SHA512

ccec9571a08eefc7e611458635cb5aec47c8f74e914b9661002611dbb20a96a16a3442793472a7f95672353f36b215f90b658ae60184779af50fe5ac99468e0a
SSDEEP

49152:Jzl1rpbUrqvv0v2rQVt8nqwI7lOOYce2ek:P1Kqvv07noI7lOOYcK

Score

10^/10

erbium

Malware Config

Extracted

Family

erbium

http://77.73.133.53/cloud/index.php

Signatures

Erbium family
erbium

Files

jeammah5_beget_tech.bin.dll
.dll windows x86

c0d46b7ff0e53996feb53e4ba78f033e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
LocalFree
LockFileEx
GetFileSize
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
HeapSize
GetPrivateProfileStringA
K32GetModuleFileNameExA
TerminateProcess
OpenProcess
Process32First
FindFirstFileA
DeviceIoControl
FindNextFileA
GetVolumeInformationA
GetModuleHandleA
CreateToolhelp32Snapshot
GlobalSize
GlobalAlloc
HeapReAlloc
GetNativeSystemInfo
GlobalLock
GlobalMemoryStatusEx
GlobalUnlock
VirtualProtect
K32GetModuleInformation
CreateThread
HeapValidate
UnmapViewOfFile
GetCurrentThreadId
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
SetEndOfFile
GetFullPathNameA
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
EnterCriticalSection
HeapFree
HeapCreate
TryEnterCriticalSection
ReadFile
AreFileApisANSI
LoadLibraryA
GetTickCount
Sleep
GetTempPathA
Process32Next
MultiByteToWideChar
lstrcmpiW
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
FlushFileBuffers
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetFileInformationByHandle
SetFileInformationByHandle
SetFilePointerEx
CopyFileW
MoveFileExW
GetFileInformationByHandleEx
GetExitCodeThread
QueryPerformanceFrequency
GetStringTypeW
LCMapStringEx
EncodePointer
GetModuleHandleW
CompareStringEx
GetCPInfo
IsDebuggerPresent
SetLastError
SleepEx
GetSystemDirectoryW
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoW
GetFileSizeEx
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetModuleFileNameW
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
SetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
InitializeCriticalSectionEx

user32

ReleaseDC
GetDC
EnumDisplayDevicesA
GetSystemMetrics
GetDesktopWindow

gdi32

StretchBlt
SetStretchBltMode
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetCurrentObject
GetDIBits
DeleteDC
GetObjectW

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
CryptGetHashParam
CryptCreateHash
RegQueryValueExA
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
RegOpenKeyExA
GetUserNameA
RegGetValueA
RegCloseKey

shell32

ShellExecuteA

ole32

GetHGlobalFromStream
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity
CLSIDFromString

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CryptUnprotectData
CertOpenStore
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

iphlpapi

GetAdaptersInfo

gdiplus

GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipSaveImageToStream

urlmon

URLDownloadToFileA

ws2_32

getsockopt
htons
getpeername
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
__WSAFDIsSet
select
accept
htonl
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
ioctlsocket
gethostname
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockname
ntohs

wldap32

ord167
ord301
ord147
ord133
ord127
ord27
ord26
ord117
ord41
ord208
ord73
ord216
ord14
ord46
ord219
ord145
ord79
ord142

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

c0d46b7ff0e53996feb53e4ba78f033e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

crypt32

iphlpapi

gdiplus

urlmon

ws2_32

wldap32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 316KB - Virtual size: 315KB

.data Size: 27KB - Virtual size: 38KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 87KB - Virtual size: 87KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 316KB - Virtual size: 315KB

.data
Size: 27KB - Virtual size: 38KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 87KB - Virtual size: 87KB