Overview

overview

10

Static

static

10

demo/¼...ion.py

windows7-x64

3

demo/¼...ion.py

windows10-2004-x64

3

demo/¼...dex.py

ubuntu-18.04-amd64

demo/¼...dex.py

debian-9-armhf

demo/¼...dex.py

debian-9-mips

demo/¼...dex.py

debian-9-mipsel

demo/¼...y.html

windows7-x64

1

demo/¼...y.html

windows10-2004-x64

1

demo/¼...ll.vbs

windows7-x64

1

demo/¼...ll.vbs

windows10-2004-x64

1

demo/¼...ig.vbs

windows7-x64

1

demo/¼...ig.vbs

windows10-2004-x64

1

demo/¼...x.html

windows7-x64

1

demo/¼...x.html

windows10-2004-x64

1

demo/¼...d5.vbs

windows7-x64

1

demo/¼...d5.vbs

windows10-2004-x64

1

demo/¼...rl.vbs

windows7-x64

1

demo/¼...rl.vbs

windows10-2004-x64

1

demo/¼...ay.vbs

windows7-x64

1

demo/¼...ay.vbs

windows10-2004-x64

1

demo/¼...ck.asp

windows7-x64

3

demo/¼...ck.asp

windows10-2004-x64

3

demo/¼...ex.asp

windows7-x64

3

demo/¼...ex.asp

windows10-2004-x64

3

demo/¼...fy.asp

windows7-x64

3

demo/¼...fy.asp

windows10-2004-x64

3

demo/¼...ay.asp

windows7-x64

3

demo/¼...ay.asp

windows10-2004-x64

3

demo/¼...il.asp

windows7-x64

3

demo/¼...il.asp

windows10-2004-x64

3

demo/¼...ex.ps1

windows7-x64

1

demo/¼...ex.ps1

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    d44c2be563583afb70f3bbcfd87b038e32f6cee8bd2a516470a0770ee38f55ae

  • Size

    78KB

  • MD5

    549def85b88587b006e2d7acc53f4589

  • SHA1

    9ad20a6ba8aeff741fcd74b1bd645266ab6644d7

  • SHA256

    d44c2be563583afb70f3bbcfd87b038e32f6cee8bd2a516470a0770ee38f55ae

  • SHA512

    c1b055b0eb55ba470eeb75ba9e75cd1331d3c3c9ef07b5577a23bcc4dd7404772ca1653c895ef363ee352d9ce033551fe3e68a6dbafe21af1b2878dd9b4a1b87

  • SSDEEP

    1536:k6bgJ6T85qD2bOBETXpqzcZsOYjCuXlvTHnWOYNk6qu+N3Me7za:79cqCbOBETZqgZsO8XNHW/uCK9na

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://www.yourdomain.com/demo/server.php
exe.dropper

http://www.yourdomain.com/demo/page.php
exe.dropper

http://www.yourdomain.com/Pay_Index.html

Signatures

Files

  • d44c2be563583afb70f3bbcfd87b038e32f6cee8bd2a516470a0770ee38f55ae
    .zip
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/Python demo/commFunction.py
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/Python demo/index.py
    .py .sh linux
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/Python demo/pay.html
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/asp demo/call.asp
    .vbs
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/asp demo/config.asp
    .vbs
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/asp demo/index.asp
    .html
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/asp demo/md5.asp
    .vbs
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/asp demo/notifyurl.asp
    .vbs
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/asp demo/pay.asp
    .vbs
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/java demo/callback.jsp
    .asp
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/java demo/index.jsp
    .asp
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/java demo/md5.jsp
    .asp .js
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/java demo/notify.jsp
    .asp
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/java demo/pay.jsp
    .asp
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/java demo/payutil.jsp
    .asp
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/php demo/index.php
    .ps1
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/php demo/page.php
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/php demo/server.php
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/֧¼վԽAPI֧ӿ˵ĵ.docx
    .docx office2007
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/demo/df.css
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/demo/df.php
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/demo/df_query.php
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/demo/dodf.php
    .ps1
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/demo/dodf_query.php
    .ps1
  • demo/¼վԽAPI֧ӿ˵ĵԼDemo/¼վAPIӿ˵.docx
    .docx office2007