Overview
overview
10Static
static
0.9.4/scri...de.pyc
windows7-x64
30.9.4/scri...de.pyc
windows10-2004-x64
30.9.4/scri...ax.pyc
windows7-x64
30.9.4/scri...ax.pyc
windows10-2004-x64
30.9.4/scri...__.pyc
windows7-x64
30.9.4/scri...__.pyc
windows10-2004-x64
30.9.4/scri...ne.pyc
windows7-x64
30.9.4/scri...ne.pyc
windows10-2004-x64
30.9.4/scri...ot.pyc
windows7-x64
30.9.4/scri...ot.pyc
windows10-2004-x64
3StartVanga.exe
windows7-x64
10StartVanga.exe
windows10-2004-x64
10General
-
Target
653af810e58a75f899673f51607fa6e3377a34cf677ab48a13a54762bbd5f8c4
-
Size
142KB
-
Sample
221125-awfzysdb6v
-
MD5
0031adbe0dfd249e6045deb72c4ba61d
-
SHA1
db951fa45e6334cd2e0b5f10f784c42a4c3e4036
-
SHA256
653af810e58a75f899673f51607fa6e3377a34cf677ab48a13a54762bbd5f8c4
-
SHA512
1277b460e1098ed5eb695b160dc30aced52c67dd5c6d292ae3851384d5a7776a8d2e67148c0def5c22b4aa54ee8571c29ce1c3b4df875e4973399a4a4af48701
-
SSDEEP
3072:pdAy2JBMnKIhSd84iUtlK2fGueaCyZ+uIuXFORdA1Sko0:cy2nMnKIYC4iUS2OueeZ+u51wiSY
Static task
static1
Behavioral task
behavioral1
Sample
0.9.4/scripts/client/CameraNode.pyc
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0.9.4/scripts/client/CameraNode.pyc
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
0.9.4/scripts/client/mods/Zaraza_LsdMax.pyc
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
0.9.4/scripts/client/mods/Zaraza_LsdMax.pyc
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
0.9.4/scripts/client/mods/__init__.pyc
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
0.9.4/scripts/client/mods/__init__.pyc
Resource
win10v2004-20220901-en
Behavioral task
behavioral7
Sample
0.9.4/scripts/client/mods/lsdmax/lsdmaxEngine.pyc
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
0.9.4/scripts/client/mods/lsdmax/lsdmaxEngine.pyc
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
0.9.4/scripts/client/mods/lsdmax/mods/lsdmax_Aimbot.pyc
Resource
win7-20220901-en
Behavioral task
behavioral10
Sample
0.9.4/scripts/client/mods/lsdmax/mods/lsdmax_Aimbot.pyc
Resource
win10v2004-20220812-en
Behavioral task
behavioral11
Sample
StartVanga.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://comixalex.freeiz.com/alx/gate.php
Targets
-
-
Target
0.9.4/scripts/client/CameraNode.pyc
-
Size
1KB
-
MD5
9abd6201841976af945d1a8b329b40ee
-
SHA1
90b66fa4226f8656d27c26043d6889a68477edd1
-
SHA256
9ce052a6de9ad7acc6a5769610fcf168b667773d9298421ea152ad1600157387
-
SHA512
08b22e1b308637e55ca40347ab3ea188a7094df62756be1e8ce81207c2c4a0fd385addaefa1513e9e2515d74a581563fee58685f2fe21049e811793a9c30f588
Score3/10 -
-
-
Target
0.9.4/scripts/client/mods/Zaraza_LsdMax.pyc
-
Size
4KB
-
MD5
07d08375ed5b7c9d8a9de8a48f69c1c5
-
SHA1
3e1a2b334839b85fd3705d021ca25ae1644dda33
-
SHA256
92a586628ab952be3c4d72873f2f28c751710cb9513905ec111e55729b5d3baf
-
SHA512
99822bae6ed98e6f42487a8b3d71512b19d27742da3eb55bfe2a123c6b08b98185102d9c4dc2516322720432111e4f97c7258f3dbee878f3a3c34476c2fd942d
-
SSDEEP
96:w/OIL4xgXLUayRAiCsYflhpRFku9ukAM4hz7IjjLsgp7bU:oO44xgUTb7iFkSArhOLnVg
Score3/10 -
-
-
Target
0.9.4/scripts/client/mods/__init__.pyc
-
Size
98B
-
MD5
f3641bc6bf6b632f3dba37ac0a4c0dca
-
SHA1
9fa03902e41a4b1ae3365b36a68cc82252a4d2ac
-
SHA256
71163b357e3ba8a8ca48888bb2b4ad70c475538f8bd7daa121cdcafe754ad15a
-
SHA512
8fa3fe27fca3e0e10129a4feb08d5d116cd85cf6a4682ff7e74c3c0b2ca3012b6b4d065bb6036f906867f9a53547b8eedf45d8ab7f7ea07f87f7dd7c3ebd7daf
Score3/10 -
-
-
Target
0.9.4/scripts/client/mods/lsdmax/lsdmaxEngine.pyc
-
Size
20KB
-
MD5
5e980c6f1e78cee396a3a0536c9000a9
-
SHA1
548f5943b8b7ea67c4b6563bdc4190e4bdd94557
-
SHA256
f9d91637ac93c1e10c5b7a7278c6512e51d8876ccf44a9bf603a127d3c089298
-
SHA512
c5a16dbabb6b78acb92b999b1f1c59bd2d5c82d08849f616bc02dd0bed3846d4ae96c1ae34ce44db74981b72cef7b16a29d3b6a04bc1387c7fe264a83d897e72
-
SSDEEP
384:TEZk1NvJorGM1YoA2gkwjyXI80lM86NG47S5CSxzdGNEq2I:TO5rG1ouVjyXIZS8mG470xIEPI
Score3/10 -
-
-
Target
0.9.4/scripts/client/mods/lsdmax/mods/lsdmax_Aimbot.pyc
-
Size
24KB
-
MD5
6686d052f11dc00412c1fe246eab4f53
-
SHA1
23930063dfe7778fd5d8e7c3288e546f9d90066d
-
SHA256
6bf90f98ca272bb1f7b52b7a42a9eea12fd6a1b7e366ee0b0e99d140e41bede5
-
SHA512
623ad10c1499453d66fb534c07f96149faf245284e62aef052e972d452d28eadb3a2e5bbc86f353eff3890efd6a7aae8f36afdb1433d8aeb07ca42ebdee39cb4
-
SSDEEP
384:osAubsmF74P4Fk52+utVQeIekK6Ke2kEn8Hj5ZcC9PsPHnaf4nnwqV7Bl1q2D0+W:Z0ak52jSxeL6Ke2kEiPCnafGFl1nD0j
Score3/10 -
-
-
Target
StartVanga.exe
-
Size
128KB
-
MD5
bf3bed02c44f045d89f6cf081d621788
-
SHA1
b787ae94ee14d72feee21638c88cc400a69b9887
-
SHA256
f79ee7729c1390ad330d23112d7bebafa1241d966d23d1bf935c0967ab94301d
-
SHA512
adbec4b8addfff66d0d045aace090b4533bfff38ddf8b3883b5acca35763487a000c866dca19b779a639d7b66d347e7ee26ed96f34e8ab26420651e6a84e4812
-
SSDEEP
1536:mY46WcKMhgGpsQvGM1BkeLUpDl9oisgi1NQ40Qqh2r24YeYVGsmmyxAnLlUz:D4hahgGpsQ/tLUFtsgiUtlK2TezhJ2+
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-