General
-
Target
Updates.rar
-
Size
8.9MB
-
Sample
230107-kxtybadb72
-
MD5
3e2d598646aecb045e1af87d8ab42e66
-
SHA1
b09c564f2407892c21031513f49459ffb7246e47
-
SHA256
803246a15fd62e227e8e25a1b078e0c35833e942cab4db265e78fd7a52367af8
-
SHA512
3f4006d602977724743b7e62c10709e7d5cfcc6e71e3fc4ff6f794b57a9bce844232d37032e6ae7199c140b06d9b6215d65b50860c9638cfab1668752089a94a
-
SSDEEP
196608:NwF/WH3obvbltDvp98ga3cPSPn2DDDkQwblpkSfil32FgFRp3QJu:M44bDlxvpaga3r2TklpkVtTgu
Behavioral task
behavioral1
Sample
Resource.bin
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
Run.vbs
Resource
win10-20220812-en
Behavioral task
behavioral3
Sample
WindowsService.exe
Resource
win10-20220901-en
Behavioral task
behavioral4
Sample
import.reg
Resource
win10-20220812-en
Behavioral task
behavioral5
Sample
md5.txt
Resource
win10-20220812-en
Behavioral task
behavioral6
Sample
updatebackend.log
Resource
win10-20220812-en
Malware Config
Targets
-
-
Target
Resource.bin
-
Size
5.3MB
-
MD5
6a550314f437a3300472e002db233e71
-
SHA1
d647a8d2c5a6f5d37e232cc23988c59bd91fcae1
-
SHA256
0c84d842ddeffe9808ae2a861400307c899a4994a21e01aedd3baf27930b92ea
-
SHA512
47026ece08467a49679893179527930960f6d24cee5a7adfffb2254df5758b4c45b7a114b41faae2eed40492285584fc2fc747497885076dfc1f884ac5a685e7
-
SSDEEP
98304:9OsQJ4iwP6i1T67GroVbEDschBd0zSlsUrfcRmGpFC:0xJ4dSS67GEsRkzSuUTgtFC
Score3/10 -
-
-
Target
Run.vbs
-
Size
1015B
-
MD5
2945c117350c3403f73f6e6a32a30a77
-
SHA1
cbd5c7d85d7d2204000e79ba8b144e40ffcaf6b7
-
SHA256
5fd291193f2735fb5f3dcece48f542f897d56532b153b174455db19d183ea6a4
-
SHA512
3faec7d84284b3ec7b9e832b239bf51cb6a4300aa3d5763bd0dff0f929a3fa1964ecfd70e8c72955443bf24e62875d1ca241d8a7868e5e0e399fc7d81538e621
Score3/10 -
-
-
Target
WindowsService.exe
-
Size
5.3MB
-
MD5
1d7d93fa84ba7c5a5c8b1d62acbb048d
-
SHA1
d8048fc1e77eca832eab8b809181c3f07fc34cc5
-
SHA256
6d346056c766ed477967601425a4d162d15d429977910083c8a8bdd0d0c1c005
-
SHA512
f751d92782c230be153bd11431601f341cc5156dad1f99eb801e8ca0ad22513dfb8225d9fd7e3984b46749bf50a331d511072fe6c48bbac05da5cdf54128daa4
-
SSDEEP
98304:AW3PlQ/t+WURgaZKI2MSJCeUGHopP1B7OJyaEooPNkAFf9v:1Gl+mZJnosMFHDh
Score8/10-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
import.reg
-
Size
4KB
-
MD5
cd403a43119b0ad8aca8ad920f7758f8
-
SHA1
7cbaaaff573326c20ee531e64ad66001b61fef78
-
SHA256
0c53460dc124db6c337e75ac0cbbcaffd1d59df593a8e23d44d3bf69f92f3064
-
SHA512
eccac6834009c6e91a72857e15688ed32944a9c34d21fb666bc2cde365b2347abc62b44c11d08ee230de9970d8687cf71fb9756bb02cdc903fd1b75e50c29020
-
SSDEEP
96:PrcwgHarrZtxg+BfiCjWZQl/vKj0hMXmNZ0/ZIZmZ5aYhwHShnwHV:P/NjrlVOU
Score10/10-
Modifies security service
-
Adds Run key to start application
-
-
-
Target
md5.txt
-
Size
33B
-
MD5
e6dafa554d028b29ede71640522a9f36
-
SHA1
da48fb1ccd092ae8127c8ebb39170a1ba632498d
-
SHA256
6b094ceff79677700d45d9b8288fa2a317df6b36ca6ada7dfb1ddff195817b88
-
SHA512
b223144d3ba232f3eb905c234e813c8e034d34478829f2a8690ee6e99edd9f4598383d6e78c66fad924eb2a2e19f3ffd823c1961c326acb9452df6f056e44e81
Score1/10 -
-
-
Target
updatebackend.log
-
Size
4B
-
MD5
5a01f0597ac4bdf35c24846734ee9a76
-
SHA1
a385d9e8d3b9d07483e610819de992510883b36b
-
SHA256
b33ed571eded536f0f0bc2be4e4384055acd592fe6652a555320fdca4dbeb175
-
SHA512
42caf8b73b98f8cb1d9bfbf477b468414bc0fe9160d4e5151076ffe284b78d10227cac7b4f435a29f79768358a74406960e62a90222a0258b4a4662f2efa4008
Score1/10 -