Overview
overview
10Static
static
8©ɱ...08.exe
windows7-x64
1©ɱ...08.exe
windows10-2004-x64
1©ɱ...17.exe
windows7-x64
5©ɱ...17.exe
windows10-2004-x64
3©ɱ...20.exe
windows7-x64
3©ɱ...20.exe
windows10-2004-x64
1©ɱ...22.exe
windows7-x64
6©ɱ...22.exe
windows10-2004-x64
6©ɱ...40.exe
windows7-x64
5©ɱ...40.exe
windows10-2004-x64
5©ɱ...46.exe
windows7-x64
3©ɱ...46.exe
windows10-2004-x64
4©ɱ...53.exe
windows7-x64
6©ɱ...53.exe
windows10-2004-x64
6©ɱ...58.exe
windows7-x64
1©ɱ...58.exe
windows10-2004-x64
1©ɱ...77.exe
windows7-x64
3©ɱ...77.exe
windows10-2004-x64
3©ɱ...80.exe
windows7-x64
10©ɱ...80.exe
windows10-2004-x64
10©ɱ...83.exe
windows7-x64
8©ɱ...83.exe
windows10-2004-x64
8©ɱ...89.exe
windows7-x64
10©ɱ...89.exe
windows10-2004-x64
6©ɱ...93.exe
windows7-x64
1©ɱ...93.exe
windows10-2004-x64
1©ɱ...95.exe
windows7-x64
3©ɱ...95.exe
windows10-2004-x64
4©ɱ...98.exe
windows7-x64
10©ɱ...98.exe
windows10-2004-x64
6General
-
Target
504aba9ffc85b963c92b2725c54b2f16e8dca913b5dbe2b7d75786eee3692a38
-
Size
1.1MB
-
Sample
221126-k35l1afh32
-
MD5
c65300475e74c5fe298994ac8a1cd613
-
SHA1
11fabd6bbaf50545583abeea4eb8781ab4b20e1e
-
SHA256
504aba9ffc85b963c92b2725c54b2f16e8dca913b5dbe2b7d75786eee3692a38
-
SHA512
1c09b7ae1f15d90afa6e363df253afee0e606e6436b82145fb6e436c65bc289c6e6ae265a6aef15adda50e30c3aa711ede2a5ce28717f2a74506e11fb75afa31
-
SSDEEP
24576:RcwRCjvCLnTSjF/46nqO1H/uIiLxeasBkpn+r:6k7TWasqO1H2jLopky
Behavioral task
behavioral1
Sample
©ɱ/008.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
©ɱ/008.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
©ɱ/017.exe
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
©ɱ/017.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
©ɱ/020.exe
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
©ɱ/020.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral7
Sample
©ɱ/022.exe
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
©ɱ/022.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral9
Sample
©ɱ/040.exe
Resource
win7-20221111-en
Behavioral task
behavioral10
Sample
©ɱ/040.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral11
Sample
©ɱ/046.exe
Resource
win7-20221111-en
Behavioral task
behavioral12
Sample
©ɱ/046.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral13
Sample
©ɱ/053.exe
Resource
win7-20221111-en
Behavioral task
behavioral14
Sample
©ɱ/053.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral15
Sample
©ɱ/058.exe
Resource
win7-20220901-en
Behavioral task
behavioral16
Sample
©ɱ/058.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral17
Sample
©ɱ/077.exe
Resource
win7-20220812-en
Behavioral task
behavioral18
Sample
©ɱ/077.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral19
Sample
©ɱ/080.exe
Resource
win7-20220812-en
Behavioral task
behavioral20
Sample
©ɱ/080.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral21
Sample
©ɱ/083.exe
Resource
win7-20220901-en
Behavioral task
behavioral22
Sample
©ɱ/083.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral23
Sample
©ɱ/089.exe
Resource
win7-20220812-en
Behavioral task
behavioral24
Sample
©ɱ/089.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral25
Sample
©ɱ/093.exe
Resource
win7-20220812-en
Behavioral task
behavioral26
Sample
©ɱ/093.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral27
Sample
©ɱ/095.exe
Resource
win7-20221111-en
Behavioral task
behavioral28
Sample
©ɱ/095.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral29
Sample
©ɱ/098.exe
Resource
win7-20220901-en
Behavioral task
behavioral30
Sample
©ɱ/098.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
©ɱ/008.vir
-
Size
112KB
-
MD5
1a8c35075498ddf7f324a7df406acc10
-
SHA1
a70c4113d218af4581b942b92736d49cd6e8203d
-
SHA256
7bf6a7fc84399b21b3345707212b9011097f9958906e1678e7285006c18cde4a
-
SHA512
e972cedaec84f39b720477e33d9f10cea3f3d20f95d5ae3cf4b7c85ffb3eac0975e70dd3449791c9746b6dd987cdc35d5fc67443bcdc2f31160edb43880fcc0d
-
SSDEEP
1536:vmDqm1sOwNkYRMAEpQHljqHwisgc21+06Iygz7qfG5CffTpfHA/:vc1twfaAeQ4Hw9gc21+06IPkACxHA/
Score1/10 -
-
-
Target
©ɱ/017.vir
-
Size
76KB
-
MD5
1f925776bac8f82128ce4b41a701aad0
-
SHA1
0d5e8140a716e5d1a359a1987e65be5deee5babe
-
SHA256
febb76aced959da4cb40998f8044bb56fd5b960e70de31b550d1b1001fc767ec
-
SHA512
6e8412d116232266a0d8627d4f1ba341ce4e5eb8647eb3099c2ee08a4fb60ead1981d86ff17218a002fee495e335f2f2ca0ffa8f80e7cf751d25cae03d91b43c
-
SSDEEP
1536:pEJRYIcj8rqtnPoqTmfaD5DgnpyGgUF5cDYMv:pCcwrK3T+aDWpfgUov
Score5/10-
Suspicious use of SetThreadContext
-
-
-
Target
©ɱ/020.vir
-
Size
181KB
-
MD5
2cde52ed4027f6bd5a39ad40bbe366c0
-
SHA1
1320257c41931f5c8fa0b4d0fd44f07ff58c2ca2
-
SHA256
59088a923769e165908059a49c5f4f077c68905cfcd6495f0b6dce39262248a7
-
SHA512
957ed935104362f09963fa54a0f0ede3e94baed24ecf45fdaa2746e4aec89984c0dc5d4e223386207c2b19b08008723ca4a6500a3c945d3a2e3e7c30a4fa756c
-
SSDEEP
3072:GU9UzUsAcPhN3TkVC7xdrwFIS/OTaOB6IWatLeJKB5UtYwxp2bI602:CUuxiFmTaO9BqYIQm2
Score3/10 -
-
-
Target
©ɱ/022.vir
-
Size
88KB
-
MD5
2e58cd312465b9872ec1f8332358a650
-
SHA1
403af6c9fb6d7330c1e7e133b3edf1833469261c
-
SHA256
9d869c4f8ce9f38043d0171d15c7f78beee6f17098723059a2612fe6f2ec43f2
-
SHA512
34674d7486c76b5aea299831fc454af7af46d98a033302cc64c6c49929e52fdca2d2a6a60358cbeda255d6712aba9d6c4816442bebfc4a7d623c90e74f1f04f7
-
SSDEEP
768:s/4n0RuteIhW7WCP4j++Oua9diAbpToDtPZWga7LqEXcIVWTj3jo7H5xcgu5:Xn0kt/YiAbKPWga7LxcIizo1xcgu5
Score6/10-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
©ɱ/040.vir
-
Size
135KB
-
MD5
4fe84fc378421449ce4796ae6662aa50
-
SHA1
7e5522d49418c237e1c06f6794875fa32a1fa3c7
-
SHA256
439f331f1193005bab42f18faed822b2b9345762a7a81ca501063d6e655ccae2
-
SHA512
4aa1337443548533e45e6d92d2b3d1e55bf263eb5c0854623a91602fca561a5303ff62d8905cff86ae02920f16ebef827e8fae0ab9e1c799acd0757482fa5895
-
SSDEEP
1536:4/yPJze2vZcTmW44YM6HsYYpQjXscm+ZNfycqNOMPCHSHuQH9ORVsvdj17dlK+Gq:4/YxeHTmucYgcdyxUIMPCcH9K6jHlKZE
Score5/10-
Suspicious use of SetThreadContext
-
-
-
Target
©ɱ/046.vir
-
Size
63KB
-
MD5
5f9a1da20708e95e8ad4d6ef213b1e00
-
SHA1
8bf22d7882f392d7240a0f2a481f3e9ac9b02184
-
SHA256
ff926bf561b7686bc9a0ce7d2df800b8de463b841627bad4edcbdaed2bd0058c
-
SHA512
71d61a54209e1ce0e6713b59e42658f96b9a040d71d599a3faa3c1e9d01d47eea6e4a82aa643515241c9c18f1e3546defa18b73704213f5bafa609345c685a8f
-
SSDEEP
1536:nV9Clq6VZeD7AD4THuk+VoULlklI5PvYYslpd7:nV9oOAD4THxbULlkl8PgYsR
Score4/10 -
-
-
Target
©ɱ/053.vir
-
Size
22KB
-
MD5
6b59283f1f10b7666ebdf66f322a1b50
-
SHA1
ffdaccc613492489b39982dec36183d080d60932
-
SHA256
5d87d8462de63ab0344faf12151b24c50e73a92776a435cd9eaf2685a6ebac74
-
SHA512
82f1e2dbb5c7bfa44353191603b19711e168b030980293bfb683efd0ef9d90503236e2dd87f1387bf0bed304d37a8f24d9868b6036cf0e1152d224bd47900d5d
-
SSDEEP
384:/v3BWbim/O47iybh61qnFT34cAxwr6+e9Pfqbn1:BW2mG2V8CFToPx3ha5
Score6/10-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
©ɱ/058.vir
-
Size
96KB
-
MD5
7a2f9859651ce3b4a26832d9d64deea0
-
SHA1
e5c1d9423c99d175fa56ea9f9e704947bb5cee28
-
SHA256
323051b35b7e7bc333e4685fd0e6762b4c34ccde67a8b981460f46b8e7191995
-
SHA512
fe557ca5c3aeadf301b79f94c04bf190f933c420031e39768814628d80e32edad9e6d4e526e20137e273960f2a90fddd58b2deed191004c237a8953884bef71a
-
SSDEEP
1536:2o6AFLFfFJLHQNF0DYHVulE04xiHEVD0MeAMOXGIKBz+F/N7:ZFZLHQNF0DQulE0e4EVfdeBz+7
Score1/10 -
-
-
Target
©ɱ/077.vir
-
Size
110KB
-
MD5
21d8ecd57783294141cf648361b6e170
-
SHA1
61ddd9abf3a2985ce57e7ba164f35be7acfa0d60
-
SHA256
45aa4f7c452193b44964e1c6d5fd9219f69a9c2d031db3a9620b059247831615
-
SHA512
6f5d83619bf173305fe66ae1c88c69c6c892ba70b12dc5be4cfeb7518ddbe6f1a3f4773bf179aee2d74a71578bf9b83216367212883dfa105f5f4951d1b2dc5f
-
SSDEEP
1536:B+VbfAE8hMRhkzM0r+A7EjbXUlfu4C8WIBI+rDfiv4lqXJSLwjw/tJFAZtqg:IVb4EUMszMsjHbWIFrDnqZc/tJFAZz
Score3/10 -
-
-
Target
©ɱ/080.vir
-
Size
665KB
-
MD5
35b4961fe8a00f6c51df70beab8cf460
-
SHA1
b8e5f78380f066b4a1987f05afaef6a08f7e8990
-
SHA256
8cdccffd533f4d54596a5a686f48322d2f9a995acb2b9bfcc175c62915b1c948
-
SHA512
f2f75cea9ece39671e4ad266198bbbf0c27ea407e4e3fa5c2325003ea8baaf7a7cb5d239fbe14ec25d2354e06cde6f0d29bb2aa8ee7c2661816fea1bee3a7776
-
SSDEEP
12288:fhkDgouVA2nxKkozvdRgQriDwOIQmxiZnYQE7PJcD4anJVC:lRmJk8oQricOIvxiZY15anTC
Score10/10-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
©ɱ/083.vir
-
Size
47KB
-
MD5
43ece23bc3643cb8f9f00236be372d10
-
SHA1
f4dff3deea262093342630d9cb9a1b6559e0b61b
-
SHA256
ce221ef17253fea274d68f688f401b4887bc8b5c516fa73601d08d0cb21850b3
-
SHA512
781d0f7fe3a33880c15098fed1d6abf57a875e8d3825fad690fe72dc78f31b04132bb4e18661e682bf33409db3240181ce2198decd1754ddde2868c127d822bd
-
SSDEEP
384:D2ciGXkW059C8YpAx7r6+e9Pfqbn12S3B/qiIpQYemv/I9Ve3WxSTfS7UIn:q7n3C8YaxCha52Sx/l00tSu4
Score8/10 -
-
-
Target
©ɱ/089.vir
-
Size
92KB
-
MD5
51c7d3f4106b5557f9bdfaab4267be80
-
SHA1
b5fc281eb69f928836b87a368c75a463d0e98c32
-
SHA256
9e8daaef763f7ba248c473550d75ec675fa789ed61ac8796dd5357d928fcccad
-
SHA512
c800da51283853f39c1a2498e9d6395c38afe81dedfd0fdb25e33cba8ef50b4897e084924ae7b6a2f864c4cb4456c470c372e01f2333d80336ac3fa9491a35c8
-
SSDEEP
768:PpOOOgbxjhv+ZddsrCnDXn2tPIlnXOREbGnFkHjbGyrIMWG5ErjS:PpOOOiGZHkCDG1SmF2jbxWGq6
Score10/10-
Modifies WinLogon for persistence
-
Adds Run key to start application
-
-
-
Target
©ɱ/093.vir
-
Size
46KB
-
MD5
51ca495cbdd58cbdbba7bbc99cbc0c80
-
SHA1
2a26f1df3bdca11698acdd33d6093504da0e4832
-
SHA256
d8d68faba2ef3b401c98b34ab5154a49698194c8befbfd15cb00673ab8ff2159
-
SHA512
bc05d2aff2bdeb110e2cff03f9bb8bdb2032ed1dd85ee9c01eaf56bc372327cdd473af409a17a07497c75404149f710daa1da9075130598f5fd374b43b4301c0
-
SSDEEP
768:tAEEN9Cf4XEGZXDuT+pxvPDgAiXKZC2p2ng4nGwcsiOi+:tODZXcCvfA2p2nNWsiW
Score1/10 -
-
-
Target
©ɱ/095.vir
-
Size
91KB
-
MD5
51cb4dfc2b2f5a5ffbd8f7cf2da9fe00
-
SHA1
f8575340416ba08ec070eba09d92f5be43a0cfbf
-
SHA256
a7fd4c347e3050e9727276234da1d12684680932ec16354e78559cfcfa2cd2b8
-
SHA512
0a065447a6596f3d94c1b7a522a178f638305a87c053e589c9887e1c858f9689553a9ae9d3820025dfde6b518efdbe1281f05b349b9d20a55859e56937a3478f
-
SSDEEP
1536:JqYBPvt0g3D88rW+NdySd6o2C9yZkHEXE9mWx7XRD+9T8cBfdqmGFL1M7zvU/9ol:JqYBPlF3Is9dAagZkkXE97FvWfdqmGFu
Score4/10 -
-
-
Target
©ɱ/098.vir
-
Size
128KB
-
MD5
51ce35af2290923c37c62e124ed09950
-
SHA1
8d5eb3e768111d6eb27d4677dd6178672b9f7b23
-
SHA256
70983b6aef6f0cb1e34133876f3410534756219e0c2644fe3a91fc89a47d31e6
-
SHA512
d39c4b1e3cab4c6ddd7a98b33b18b285b84135e8d5387abb0051d8ee21eb27c0f85a82256633c160b49ea3ecdf4304fcd2ef94470231f42800814f4a640b0f60
-
SSDEEP
3072:ly72UA+oBj8JUiTWGO6K5+HAa/lzimsvZcwEfmS:liY98qytO66UYw
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Registry Run Keys / Startup Folder
5Winlogon Helper DLL
1Hidden Files and Directories
1Defense Evasion
Modify Registry
10Bypass User Account Control
1Disabling Security Tools
1Hidden Files and Directories
1