Overview
overview
10Static
static
INV_Scan_Jan.lnk
windows7-x64
10INV_Scan_Jan.lnk
windows10-2004-x64
10Requirements.lnk
windows7-x64
3Requirements.lnk
windows10-2004-x64
7hublamjogk...yU.cmd
windows7-x64
1hublamjogk...yU.cmd
windows10-2004-x64
1hublamjogk...ng.dll
windows7-x64
1hublamjogk...ng.dll
windows10-2004-x64
1projectt.py
windows7-x64
3projectt.py
windows10-2004-x64
3python.exe
windows7-x64
1python.exe
windows10-2004-x64
1pythonw.exe
windows7-x64
1pythonw.exe
windows10-2004-x64
1General
-
Target
Desktop.zip
-
Size
279KB
-
Sample
230123-vc94xaec29
-
MD5
a61c9212dee90681555ed8fd863e24ec
-
SHA1
4149f301bfddbe736c15e45a24b8ef2cff70b74b
-
SHA256
022f4194976317beacd99827084d664a28c014a913e31dfda69df854bcdfcb2e
-
SHA512
a47d819d13d5295527efce89ad67e7a127f58fef88207270ef5e8b431b366481e791aad6de41713a3d527cc30dfcb727f8bf3c5911ee61890464c2d457330bc3
-
SSDEEP
6144:IWNnhqz04+YGvhGnexbuWmMeRYjUZhrcRuBlJ4kuDeu4JRX5nq:RNhK04+YGZlaXZRYKhrcRG4XJWq
Static task
static1
Behavioral task
behavioral1
Sample
INV_Scan_Jan.lnk
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
INV_Scan_Jan.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
Requirements.lnk
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
Requirements.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
hublamjogk/bowsaptoyU.cmd
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
hublamjogk/bowsaptoyU.cmd
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
hublamjogk/skysurfing.dll
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
hublamjogk/skysurfing.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral9
Sample
projectt.py
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
projectt.py
Resource
win10v2004-20221111-en
Behavioral task
behavioral11
Sample
python.exe
Resource
win7-20220812-en
Behavioral task
behavioral12
Sample
python.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral13
Sample
pythonw.exe
Resource
win7-20221111-en
Behavioral task
behavioral14
Sample
pythonw.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
icedid
886885680
umousteraton.com
Targets
-
-
Target
INV_Scan_Jan.lnk
-
Size
1KB
-
MD5
fadc02361419018e406c6260200fa66c
-
SHA1
699e8bd78feaa75fbf411535a2f232038dc7af09
-
SHA256
4fbda5d7ac20f4ecef665c9379ea86f7dcc2ac7816c97601223f12a51a3e3e68
-
SHA512
96b87b914130e5eb5d96594797af7aaa6dc908028afead3d79d02912f20a333df0703a5972e228f268decf0d3821f005a0d716b2c69e7767dbc8495e21a4bfef
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
-
-
Target
Requirements.lnk
-
Size
1KB
-
MD5
2157d05171e0a32c30a8c8350d25335a
-
SHA1
3af6b7bcd388b88d71ae09789b18a7a01e23b14b
-
SHA256
6e37e051433faa97a381fc8d8a51e8d0a5384d2fc7abc3dcf727d036bc196a74
-
SHA512
80585b023390d8adbb199e054cc1bfbf82b59c68965b1549f95ae45f33eb1b7f22fa448ff9ed134d6fb04d965216f4a884ed63a6bdbe743c7f5e5233e3b46e5d
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
hublamjogk/bowsaptoyU.cmd
-
Size
1KB
-
MD5
bc80fc8754faa57bc46358afa90ade4d
-
SHA1
428d9a8609a647e8d74a0c9017babfd1ad567635
-
SHA256
1fb4245d07a96f49c0444f3b8605ca16a830e0081002748be0aa581493135d45
-
SHA512
70ca03b05193e0a68fa5d693a2bb7c76e207ec5704e57f39ed1818c9438afa733b56614ccc3fc4f36ef7696626b026d5437bba0aaa6d549d77ccd0c2d90cf7a2
Score1/10 -
-
-
Target
hublamjogk/skysurfing.dat
-
Size
514KB
-
MD5
0b44756101b2f2a79341c08bfebbaf46
-
SHA1
a7eee2811565316f074f3b3e97eb56c4298eebb4
-
SHA256
ad174760985c5418b4a3c3a97cd8d7658e3bbb7030f72f2eff9ff97e57f200bd
-
SHA512
a1d2003a31b7cf15d7b7ab1c9bb86ce4eb4a5d510349972677b5fcdceaf7d106eacb87f946c95d756a892dc962e4144f2bb184a3376e11e97e80f8e05b4ff794
-
SSDEEP
6144:IuS8iJgEjHlmbG3Gt20CZPbPBtqdacYQ2MmU:Iu8JgfG3rLQfm
Score1/10 -
-
-
Target
projectt.py
-
Size
551B
-
MD5
bd4dab365285c2c3557af8335632b5af
-
SHA1
8c344c5b9559c029f519b65a7cf893bb4b15a6e9
-
SHA256
d712f823065d710535392c8c80b6c874da06f68b707c7e18306344eb99c5847c
-
SHA512
bf1910784a2319bce5ae45866fa66d27ac2e535b43fb5f7dea097dff41ee26562387d32737c2e5c9cd8f8bfa7645d30b22fd1b7e91d819c7fe76f37bcd3edced
Score3/10 -
-
-
Target
python.exe
-
Size
99KB
-
MD5
0d7e35d7b045ec9447aa18d064fcd9c8
-
SHA1
fc8abbafbcf3b8f959b3e9c956109da0218aa95c
-
SHA256
3093fcf263029ca1d799fea250a4e032d2c930a516f1513eeca688b343c836b3
-
SHA512
7e9d78959563fd416422b6e226b73ed4ed2da7905ad89d93571f93b113fbcc1ee7203f18bb53bd495b9f79d4d9b72bbc0b6aad5cc4ce4356e655e8e459997cac
-
SSDEEP
1536:NFVCKbuEYE+9z2wp+FavGmhMn+IhzZtz8/duRo7SyYPx:NFVCKbuAs0FNmhMn+IhN+/duRoyx
Score1/10 -
-
-
Target
pythonw.exe
-
Size
97KB
-
MD5
535dbfade17a856935667eae25acc166
-
SHA1
881db3c6ec9b8eee8c26c0b6c0278a3c8c3f301b
-
SHA256
61957119137f9492ab7cff41ed83619cdd398b8d47ceb4feeba5ed9bd0fcdc22
-
SHA512
8dc2fc6534a67b27bb65d65fc366cd9101ffd1a918924be7e1dfb253785cc0b57ce10621ea93af3769b1393cbde630cde92068689ef674c8c75e76a17bf49a09
-
SSDEEP
1536:bEqhuhIxHHWMpdPa5wiE21M8kJIGFvb1Cwb/x+sT7SyBPxs:YqISwMpdCq/IM8uIGfR/x+sT7xs
Score1/10 -