B610[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

B610.zip
Size

535KB
MD5

33f54fb190da3fc1137e87c2cb55b786
SHA1

58d6ed905fd6d623662460c767bebc0eee42a581
SHA256

9d53fdbc3ba9a8512ab3aca60edeaaf891c90940894c0deb4840131b7197ecf6
SHA512

ceb2f276c0c7ecd49d84c3ad0c8edaa0d886fd06f4df4ac64d81bec047e793bf5c64504cf9f40b25b2d9ced77784c2164d50afe00cb07f2e4cc05763dcd46c2f
SSDEEP

12288:r498Z7wjePoH+/0IvVo8LzblxE+FLO1wp5Cnopct5XQp:c81wjAocqCNZiOGrAp

Score

N/A

Malware Config

Signatures

Files

B610.zip
.zip

Password: VX21
B610.iso
.iso .vbs

Password: VX21
XS.vbs
.vbs
data.txt
gray/bolshevik.temp
.dll regsvr32 windows x86

Password: VX21

858d98e9403552f4a390bbb07f519247

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:67:35:ed:30:e5:0e:3e:05:53:98:6d:80:6b:fc:54
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

26-10-2022 00:00

Not After

26-10-2023 23:59

Subject

CN=FISH ACCOUNTING & TRANSLATING LIMITED,O=FISH ACCOUNTING & TRANSLATING LIMITED,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

96:bd:17:cb:eb:30:0f:20:4e:43:1d:32:7f:9d:a1:6e:bb:ee:d6:b0:00:f5:f9:a7:dc:8d:d8:0c:19:d2:6d:9b
Signer

Actual PE Digest

96:bd:17:cb:eb:30:0f:20:4e:43:1d:32:7f:9d:a1:6e:bb:ee:d6:b0:00:f5:f9:a7:dc:8d:d8:0c:19:d2:6d:9b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=FISH ACCOUNTING & TRANSLATING LIMITED,O=FISH ACCOUNTING & TRANSLATING LIMITED,ST=Cambridgeshire,C=GB

17-11-2022 13:18
Valid: true

Chain 1

CN=FISH ACCOUNTING & TRANSLATING LIMITED,O=FISH ACCOUNTING & TRANSLATING LIMITED,ST=Cambridgeshire,C=GB

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetStdHandle
GetCommandLineA
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CompareFileTime
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
FindFirstFileA
FindFirstFileW
GetDriveTypeA
GetDriveTypeW
GetFileAttributesA
GetFileAttributesW
GetFullPathNameW
GetFullPathNameA
GetLogicalDriveStringsW
SetFileAttributesW
SetUnhandledExceptionFilter
SetErrorMode
ConnectNamedPipe
WaitNamedPipeW
QueryPerformanceCounter
DeviceIoControl
LeaveCriticalSection
ReleaseSemaphore
ReleaseMutex
OpenMutexW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsFree
FlushInstructionCache
GetSystemInfo
GetVersion
GetTickCount
GetSystemDirectoryA
GetSystemDirectoryW
GetWindowsDirectoryA
GetWindowsDirectoryW
VirtualProtect
CreateFileMappingW
MapViewOfFileEx
VirtualLock
VirtualUnlock
FindResourceExW
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
LoadResource
FindResourceW
LoadLibraryA
LoadLibraryW
GlobalAlloc
LocalAlloc
SetHandleCount
lstrcmpA
lstrcmpiA
lstrlenA
lstrlenW
CreateFileMappingA
GetStdHandle
GlobalAddAtomW
MoveFileW
IsBadWritePtr
GetComputerNameA
GetComputerNameW
SystemTimeToFileTime
GetConsoleCP
GetConsoleOutputCP
WriteConsoleA
WriteConsoleW
SetConsoleCtrlHandler
SetFilePointerEx
GetConsoleMode
WriteFile
FlushFileBuffers
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
CloseHandle
DecodePointer
MoveFileExW
LCMapStringW
MultiByteToWideChar
HeapAlloc
HeapFree
GetModuleFileNameW
GetModuleHandleExW
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsSetValue
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
EncodePointer
SetLastError
GetLastError
InterlockedFlushSList
RtlUnwind
RaiseException
VirtualAllocEx
VirtualAlloc
GetTickCount64
CreateThread
ExitThread
WaitForSingleObjectEx
FindResourceA
ExitProcess
TerminateProcess
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent

user32

IsWindowVisible
DialogBoxParamA
EndDialog
SetTimer
SystemParametersInfoW
LoadIconW
LoadBitmapW
SetWindowsHookExW
GetWindow
GetWindowThreadProcessId
GetTopWindow
FindWindowW
GetDesktopWindow
EqualRect
IntersectRect
SetRect
GetSysColor
ScreenToClient
GetCursorPos
MessageBeep
MessageBoxW
MessageBoxA
GetWindowTextLengthA
GetPropA
SetPropA
RedrawWindow
GetDC
SetForegroundWindow
SetActiveWindow
GetMenuItemID
GetSystemMetrics
GetAsyncKeyState
GetFocus
GetActiveWindow
RegisterClipboardFormatW
RegisterClipboardFormatA
GetClipboardData
SetClipboardData
OpenClipboard
GetDlgCtrlID
GetNextDlgTabItem
CheckDlgButton
GetDlgItemTextA
SetDlgItemInt
BringWindowToTop
UnregisterClassW
UnregisterClassA
SendMessageTimeoutA
RegisterHotKey
GetProcessWindowStation
FindWindowA
GetKeyState

gdi32

CreateSolidBrush
CreatePatternBrush
CreateFontIndirectW
GetStockObject

advapi32

RegCloseKey
DeleteService

ole32

CoCreateGuid
CoGetClassObject
CoInitializeEx

shlwapi

PathGetDriveNumberA
PathFindSuffixArrayA
PathFileExistsA
ord155
StrToIntA
PathFindOnPathA

Exports

Exports

DllRegisterServer
DllUnregisterServer
undawned

Sections

.text
Size: 517KB - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 155KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gray/polyhedral.txt

Sharing

General

Malware Config

Signatures

Files

Password: VX21

Password: VX21

Password: VX21

858d98e9403552f4a390bbb07f519247

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

62:67:35:ed:30:e5:0e:3e:05:53:98:6d:80:6b:fc:54Certificate

Extended Key Usages

Key Usages

96:bd:17:cb:eb:30:0f:20:4e:43:1d:32:7f:9d:a1:6e:bb:ee:d6:b0:00:f5:f9:a7:dc:8d:d8:0c:19:d2:6d:9bSigner

Signature Validations

Verification

17-11-2022 13:18 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 517KB - Virtual size: 517KB

.rdata Size: 221KB - Virtual size: 221KB

.data Size: 155KB - Virtual size: 158KB

.rsrc Size: 120KB - Virtual size: 119KB

.reloc Size: 39KB - Virtual size: 38KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

62:67:35:ed:30:e5:0e:3e:05:53:98:6d:80:6b:fc:54
Certificate

96:bd:17:cb:eb:30:0f:20:4e:43:1d:32:7f:9d:a1:6e:bb:ee:d6:b0:00:f5:f9:a7:dc:8d:d8:0c:19:d2:6d:9b
Signer

17-11-2022 13:18
Valid: true

.text
Size: 517KB - Virtual size: 517KB

.rdata
Size: 221KB - Virtual size: 221KB

.data
Size: 155KB - Virtual size: 158KB

.rsrc
Size: 120KB - Virtual size: 119KB

.reloc
Size: 39KB - Virtual size: 38KB