Overview

overview

10

Static

static

10

test3/08b0...8c.exe

windows7-x64

10

test3/08b0...8c.exe

windows10-2004-x64

10

test3/2e8b...6c.exe

windows7-x64

1

test3/2e8b...6c.exe

windows10-2004-x64

1

test3/5123...72.exe

windows7-x64

1

test3/5123...72.exe

windows10-2004-x64

1

test3/9208...80.exe

windows7-x64

1

test3/9208...80.exe

windows10-2004-x64

1

test3/c599...51.exe

windows7-x64

8

test3/c599...51.exe

windows10-2004-x64

8

test3/d1ee...9b.exe

windows7-x64

5

test3/d1ee...9b.exe

windows10-2004-x64

5

test3/d3a4...cd.exe

windows7-x64

1

test3/d3a4...cd.exe

windows10-2004-x64

1

test3/e0c7...46.exe

windows7-x64

10

test3/e0c7...46.exe

windows10-2004-x64

10

test3/f7ba...d1.exe

windows7-x64

1

test3/f7ba...d1.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    test3.zip

  • Size

    14.4MB

  • Sample

    230106-h1bj2afa38

  • MD5

    76b9f844ebcddec3043d60d59f872a7e

  • SHA1

    3d7a9dd34d01aaf57d1a17726daf04307c11372f

  • SHA256

    2f3e99a8bdb080cad97881bc33b88ab9084003b649909895c3a8c156e5b8b83f

  • SHA512

    51eb4c1ad218836c7fadcca23391783907ec8fc0fcfa2fe638a74b61e2ff0430172319fadc872cb781a44aafd34617993a2f07ddf88aaa95fcdc7be6272ae102

  • SSDEEP

    393216:I0UYukVJORHAB4FLcmSR1SQErzkxgCFCRU:nJVCgB4+ms1SQzgCIq

Score
10/10
emotetgh0stratbankerrattrojan

Malware Config

Targets

    • Target

      test3/08b0baa49485954e408eb2ddc02004b1aa7b451e6f704cf1c914d23f3ac0ee8c.bin

    • Size

      214KB

    • MD5

      736acf3822d3427fd6eb4655effdb265

    • SHA1

      1fb8256161d7e296a3e54fc85444f5ee970ef0e3

    • SHA256

      08b0baa49485954e408eb2ddc02004b1aa7b451e6f704cf1c914d23f3ac0ee8c

    • SHA512

      31bfc3077109f1b05e52bf11b92e5ff82f680164be36e6ead39dfe1679ac4b76003dac7d7d56435b596ce578586e737f2b46e0ff6f54d19dbda29a134b7f1bb0

    • SSDEEP

      6144:EQcM8WDqVJY3laxQwNgs/YPNha3EzEZCxgKqApdLg70CTTNLvzySzVFet+H9ikLB:n8WDqVJY3laxQwNgs/YPNha3EzEZCxgn

    Score
    10/10
    emotetbankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      test3/2e8bcfb94561e536ee0b378b7a879f1fa0763a309f0566c40772652f0b9ee76c.bin

    • Size

      40KB

    • MD5

      f0690466c665782487b39796072c433c

    • SHA1

      8335a14d84acf4844b0adaa1f020406bb427394d

    • SHA256

      2e8bcfb94561e536ee0b378b7a879f1fa0763a309f0566c40772652f0b9ee76c

    • SHA512

      4b20a51a1a2a71382381038befe4c254e1d96254420d62873193b035e3ea1abeac5c6b01736cb3c07bec18b5dcc4e29582490bf32ae530c94cdaeec1f89c986e

    • SSDEEP

      768:YabaSUqgaePETILW0xJnzSu2q4nhr5Ysnqv6Tc1Md7:FbacgtE+D7snh5YsgMd7

    Score
    1/10
    behavioral3behavioral4

    • Target

      test3/51239563ac4a295857c2712133b94de88d49a243329d93f643e6b6c8cc6c0d72.bin

    • Size

      128KB

    • MD5

      60edc646028b4f515fbdc1a17b6bf6a2

    • SHA1

      a7c179273445924f354d4ee64dd34310e1fbff1e

    • SHA256

      51239563ac4a295857c2712133b94de88d49a243329d93f643e6b6c8cc6c0d72

    • SHA512

      67e27083ae947d01e5b1d052b4f64037bba101c7060bd9673db43e66a4d73d82c057701218e557220443fcdb5bbab87d6e6ba85ce775f8f52720ca0d28e2b477

    • SSDEEP

      768:9lH3i1zJUvXRGx8PG1h33BLUjJMqpMTDdkgeSWX0BgO:9lHy1zYy8e1jLUjJNMTuRkBg

    Score
    1/10
    behavioral5behavioral6

    • Target

      test3/9208908b0dc676aa1d9f2db46321bd3da597234fbc33790851032bc4d057b280.bin

    • Size

      552KB

    • MD5

      7dc22861ebf656a466c4b604fa243ca5

    • SHA1

      c9526e607c83f2be3146dc8a967376e04fc60dab

    • SHA256

      9208908b0dc676aa1d9f2db46321bd3da597234fbc33790851032bc4d057b280

    • SHA512

      0c43f3af97311ee3a7d919109cd416f1bcb2489d676d35fcc85c51c67d767a80271bfcb792acee9b0d1bfefd63c9b3e4045c1c2ba322364a64bb4e783956cff0

    • SSDEEP

      12288:vvgl/URz7DtDUS77+GE/1lDcJEQvmuWcsPj:vvgl/U5FD37+GgDcJEQvmuXgj

    Score
    1/10
    behavioral7behavioral8

    • Target

      test3/c599af32f470f3853d837af004590fb94bd1b4a595b04dfde22f876f9a8ea851.bin

    • Size

      7.6MB

    • MD5

      02ebc4c231c8199a1204205d8d65eda7

    • SHA1

      9e57e50b01869a6c79c4aba02f540f2b783adca8

    • SHA256

      c599af32f470f3853d837af004590fb94bd1b4a595b04dfde22f876f9a8ea851

    • SHA512

      770f3397362bb812221c387240d9865b1a7b343d0cd32da30cbf64bbc7d0de0312e9dcada7427e51516dbffd574f88eda9d858d217d665af263b7111c163ee94

    • SSDEEP

      196608:Euww4mXtUHcjascJhSd94r5SyAAZ7pnWUFq3a:Euww4uTja1JMByLVWUw3

    Score
    8/10

    • Drops file in Drivers directory

    behavioral10behavioral9

    • Target

      test3/d1eeb2ad38249bd944d2dc659a84f7a394652c537f80b59fceb3a2c284c6919b.bin

    • Size

      5.9MB

    • MD5

      b4a3e38ecfd66f91fdcfd5992f62a813

    • SHA1

      db5f46269de2487792ba8117329478601d5b7b8a

    • SHA256

      d1eeb2ad38249bd944d2dc659a84f7a394652c537f80b59fceb3a2c284c6919b

    • SHA512

      aed45203c31306c33da0262330513c832763014014df96111c390e30bf05b97051ef03652e54d3a85a4bc7c9ebcc2e11878e290f3814a5fa0b6eb746ccfc142e

    • SSDEEP

      98304:+aY6mTW4JrVNwSoF5loDzEJ4B/QwP5qAtYiPyxiG/N33KA0LaRx01:+xNTW4tXwSA5YSxybtYiPGJKAsa6

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral11behavioral12

    • Target

      test3/d3a43a20d2b6c497160bf63fe0dec0e1edf2e4406c9bd0ed5d00ce663fddc4cd.bin

    • Size

      40KB

    • MD5

      29e6f5b2bdb942b558c9383af04346fa

    • SHA1

      5e331c5e2ab2072ce8347c2eef3f9cf8231a4044

    • SHA256

      d3a43a20d2b6c497160bf63fe0dec0e1edf2e4406c9bd0ed5d00ce663fddc4cd

    • SHA512

      922ec7bffcdca9e021f6cba3292d30211f78dba0dc783e054edfb3af7b97f47d831c611ffb4047c1e4c0f5bd3f4b044742c2676cd52bbd55d2366ca4147324d0

    • SSDEEP

      768:YabaSUqgaePETILW0xJnzSu2q4nhfxpnqv6Tc1Md7:FbacgtE+D7sn7pgMd7

    Score
    1/10
    behavioral13behavioral14

    • Target

      test3/e0c7e609e4fdcbe12daffb6c0517c4fde9644e8774a0d74139d940fd8ca7e146.bin

    • Size

      2.0MB

    • MD5

      13f76fa36fe0847e665d774a6b653348

    • SHA1

      303303383a59550e8585df05ebc8c88daf85bc0a

    • SHA256

      e0c7e609e4fdcbe12daffb6c0517c4fde9644e8774a0d74139d940fd8ca7e146

    • SHA512

      026d39d6dcb019573df2aa1accaa6411de326099b766ee86327befade7f2919a5ef9c98d5ee48959fca71fd9bc8f10704ae6677d61092f534eb55917daea621e

    • SSDEEP

      24576:WQC+u0n/0tyoWqGh+pFWYFJ+VQgY2AVSlOQicOc7MXYhmtaibiF674d1:WQRu0n/00qy+poYQYdD5cVL/B67u

    Score
    10/10
    gh0stratrat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral15behavioral16

    • Target

      test3/f7ba9ce7513a164ff2cbc3d41721d557a94e2441f22a97297f3308df6804ecd1.bin

    • Size

      40KB

    • MD5

      08fd72e10b6c1bedb21fb398718f895b

    • SHA1

      79e00c32c5fb07ec8c90864d5520d88ca6c16dab

    • SHA256

      f7ba9ce7513a164ff2cbc3d41721d557a94e2441f22a97297f3308df6804ecd1

    • SHA512

      e711c67b2bf87239dd16be6d71e3747e28bcfe4c74383da4964ac691d2870268125d04a21d4056c4944d73e4d545ed4bcd37258077d007376dfa331bec821f79

    • SSDEEP

      768:YabaSUqgaePETILW0xJnzSu2q4nhtnqv6Tc1Md7:FbacgtE+D7snHgMd7

    Score
    1/10
    behavioral17behavioral18

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.