D6[.]zip | Triage

Resubmissions

04-11-2022 15:53

221104-tby5ksgeg4 10

04-11-2022 15:29

221104-swwphsgdc4 3

04-11-2022 14:47

221104-r52rfsgbc2 10

Sharing

Copy URL

Twitter E-mail

General

Target

D6.zip
Size

438KB
MD5

8ba3564843f1ad7f3b3a9740076d7306
SHA1

540d05eb64cb8507c9d654342d10f7dafca63128
SHA256

ba7dcbf926cdfa0bb93992ac5a03d178c41ed9532f3b16f6e6534e02a8d247a2
SHA512

3de27541f416376843c46f4c85787481711060ec7d1c574ce3c3b79e8c7f36823415e24ec895d7ceaa1748b14b2f6067dc56cc11ff20366b9f8c166ac956cb8d
SSDEEP

6144:chITo+0nZF+V/VaIS2MRaCQ4EPQEqpjBK3Vk7nljfbV7jZkLElZC6MGWlqrJNe8:g+0S/AXxsQrq3VinlNlZfPS4j

Score

N/A

Malware Config

Signatures

Files

D6.zip
.zip

Password: BV1
SS2998.zip
.zip

Password: BV1
SS2998.iso
.iso

Password: BV1
SS.lnk
.lnk
pressurization/barmaid.txt
pressurization/dissecting.bat
.bat .vbs
pressurization/exasperater.cmd
.cmd .vbs
pressurization/lineal.dat
.dll windows x86

Password: BV1

Code Sign

38:62:e8:5a:2b:2e:d4:bc:49:e1:6e:73:c6:94:83:2e
Certificate

Issuer

CN=GQBYGZODBTJDAOAUEE

Not Before

02-11-2022 14:15

Not After

31-12-2039 23:59

Subject

CN=GQBYGZODBTJDAOAUEE

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

82:b5:ab:8b:4f:0f:99:de:37:53:23:69:d3:a3:b8:82:68:71:ca:e6
Signer

Actual PE Digest

82:b5:ab:8b:4f:0f:99:de:37:53:23:69:d3:a3:b8:82:68:71:ca:e6

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=GQBYGZODBTJDAOAUEE

04-11-2022 15:41
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 483KB - Virtual size: 482KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pressurization/nosebags.png
.png

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: BV1

Password: BV1

Password: BV1

Password: BV1

Code Sign

38:62:e8:5a:2b:2e:d4:bc:49:e1:6e:73:c6:94:83:2eCertificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

82:b5:ab:8b:4f:0f:99:de:37:53:23:69:d3:a3:b8:82:68:71:ca:e6Signer

Signature Validations

Verification

04-11-2022 15:41 Valid: false

Headers

File Characteristics

Sections

CODE Size: 483KB - Virtual size: 482KB

DATA Size: 7KB - Virtual size: 7KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 8KB

.reloc Size: 38KB - Virtual size: 37KB

.rsrc Size: 211KB - Virtual size: 211KB

38:62:e8:5a:2b:2e:d4:bc:49:e1:6e:73:c6:94:83:2e
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

82:b5:ab:8b:4f:0f:99:de:37:53:23:69:d3:a3:b8:82:68:71:ca:e6
Signer

04-11-2022 15:41
Valid: false

CODE
Size: 483KB - Virtual size: 482KB

DATA
Size: 7KB - Virtual size: 7KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 8KB

.reloc
Size: 38KB - Virtual size: 37KB

.rsrc
Size: 211KB - Virtual size: 211KB