Overview
overview
8Static
static
1CmdLine.exe
windows7-x64
5CmdLine.exe
windows10-2004-x64
6Common.dll
windows7-x64
5Common.dll
windows10-2004-x64
5DropBoxExe.exe
windows7-x64
1DropBoxExe.exe
windows10-2004-x64
1StarBurn.dll
windows7-x64
3StarBurn.dll
windows10-2004-x64
3StuffIt14.url
windows7-x64
6StuffIt14.url
windows10-2004-x64
8StuffItConnect.dll
windows7-x64
3StuffItConnect.dll
windows10-2004-x64
3StuffItEngine.dll
windows7-x64
5StuffItEngine.dll
windows10-2004-x64
5General
-
Target
notificacao.zip
-
Size
28.9MB
-
Sample
230207-ckwblsha59
-
MD5
c2766d4a4f4d3f129c452838abef4f33
-
SHA1
878ee830651510030b68208340cc1c98774041e9
-
SHA256
6d5562256840a1856dd4e60b20f2d0a0edf8a0c18dbd779ffb501c209385ba9d
-
SHA512
b97299ebc5b5d386de73fffc74f978d1bfd9538e91d03ba1c7aaea851e9fa19750775684bc5f3cb7e5864fe9e3d3e775835c878e7a094bf6a124511062bb4f57
-
SSDEEP
786432:ZDwpcw8mLTUPe6WOwGeCjn+di0wK/+QC2g:dwpcVAoPBtwGTqdxwKU
Static task
static1
Behavioral task
behavioral1
Sample
CmdLine.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
CmdLine.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
Common.dll
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
Common.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
DropBoxExe.exe
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
DropBoxExe.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
StarBurn.dll
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
StarBurn.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral9
Sample
StuffIt14.url
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
StuffIt14.url
Resource
win10v2004-20220812-en
Behavioral task
behavioral11
Sample
StuffItConnect.dll
Resource
win7-20220812-en
Behavioral task
behavioral12
Sample
StuffItConnect.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral13
Sample
StuffItEngine.dll
Resource
win7-20221111-en
Behavioral task
behavioral14
Sample
StuffItEngine.dll
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
CmdLine.exe
-
Size
440KB
-
MD5
0bfe3087ca4ef73b868518af6caa4e6d
-
SHA1
af3fa5233a6dd4eb1bbd727175f7a5845323076c
-
SHA256
1beb42edf12f007c47b403049d10afbbf4db637d7053244c1b6972ea53847b76
-
SHA512
3e66dc57dc48699c118dd309c188760ef48e918da6c9aebd9073abe5f832857e82ce15b8104643c13d5b29397151f2e77fff5a8c5e6a9532b3bc1fe507a128d3
-
SSDEEP
6144:dvGW7g487Zp/O22OHe3vqt7+ScIk8taZuuzI9ujmOO6JFcJiWgd+4xN:dv3gJZ2OQvqt7+ScJ8tGuf9fv6JGJxq
Score6/10-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Common.dll
-
Size
897KB
-
MD5
40fd316520f0573077aacb60aff0fbc6
-
SHA1
4b1e23ba91a049fdc4c97caebc57cac15cb3e9b0
-
SHA256
0d757ca61be427e699d570364fdd5ec6f5fbeb7654dc67b34bb4b46c69466de5
-
SHA512
c5cad12ed7b9fc4b6af099a973438e07c0a994084cad893d34eadcc186559560d728a663054c9cfc49864fa52f88d38428088baae853fd887169be46bee8524c
-
SSDEEP
12288:E6CK1dk6NxNlea9vVBpKZZhYQ6hH6YcSoaZbVAIaJNO:J1d3NlxvVBkOQ6huSoaZbiS
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
DropBoxExe.exe
-
Size
107KB
-
MD5
a99079293307d2192a6e90e297e535ac
-
SHA1
13428dc44c2ecfac6046e7b04e361194d7de35bd
-
SHA256
128617558adca5aa6ecc2b858a188e44695103f48af936526e4c5d3e812851cc
-
SHA512
1d5e3c7e87988db0111e88fa1f1ae7542fb96b48d3f9ccf1f34389a7f297b666fcc52d353c1b9351bdfcf367f449368363dc662257e39e072c3554fd139066bc
-
SSDEEP
3072:4YOizsnLkHLgCJXjI5BYtZYaXDOYlvvvvVznRm/+:4YOAsnug0X4BYtZYaXDOY
Score1/10 -
-
-
Target
StarBurn.dll
-
Size
573KB
-
MD5
e86403ff6f01f2b50b9f95d8e536fbf1
-
SHA1
0546658f5e4ac1c0b8035dc9da5f0e389e79e38f
-
SHA256
34d51ea931e6b9de88b55f3d9f6921fbddaa40acb888e692f66f7e77c2b6f676
-
SHA512
4c8ffa89c8f40b9749db013a937cc6067c46e8698ff9dbadb9371ebe792d664e08e46e26d33e0833fdd037a947eed2683d1f51d619f8dd28d7f118345d6f308f
-
SSDEEP
6144:pO/y/giMzI+IOyLwjiwjD2S+HGN6TWjSp8Kl9xjp4cfSuHwQBGp88MRUssCR9CDR:Z/gzbn+GgTWjg8S4cfSn8GpsCD0FTQ
Score3/10 -
-
-
Target
StuffIt14.url
-
Size
48B
-
MD5
61892cf7d9596385f03af436a015b567
-
SHA1
5698a18a62a5178e0f34923d850f44644a28448c
-
SHA256
ea5f6725e5d61387e8da61e063a9b7baaf83b4e1d9d311ac0ea845e31c93756a
-
SHA512
9b4ba12f6f79f2cc47fdba6e12b0f1b72016d1f93685abc3ec54c72c030485be45470ead9b328adf84d4ce893b1072a582986a6ba4c30aaa6c38d27ff2e8a597
Score8/10-
Downloads MZ/PE file
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
-
-
Target
StuffItConnect.dll
-
Size
81KB
-
MD5
9f499cb83be4c828383e70b8b94a6479
-
SHA1
915a055b761e713d144edc7b7b94d8783f28d485
-
SHA256
a059228a9c6e656877adbb8d764523a02634ec8c95a8057c059b414e2a4c14e1
-
SHA512
4b6849f7e2f094f2d208f3dad823a86288970d500a827d31addd6eb81674d2e6be6ad1e75e488ad9b61c08db5d9351188e00d09363fc695e2f8534746a6bbbcc
-
SSDEEP
1536:EGmRhB/Qrnkz929g/QIZjvjfVJouxULhcLFV5IKebW9sG0OKU20Wz8MJH:pmRSAlBohcLFV5IKea9s1OKqWz8
Score3/10 -
-
-
Target
StuffItEngine.dll
-
Size
1012.9MB
-
MD5
ef2868fe1076f5b46db73953886ccd31
-
SHA1
9cd52d848938fe8059caf5bc34cd8be9b13db9fe
-
SHA256
2ec8631abe9bc1900ca64b997c53e861b04ec1a67fbef3778fe1f46ff125b98d
-
SHA512
aa61d2b84cc833a6862a0cb24e911bed0728a1d6e57b810658181105462deb63d00061c53dae9706ba9c139ff801279a8dc2a5011cc01f730b0f30b09fd55a70
-
SSDEEP
393216:n4wsmYMOqC+tpqrfr2ialtyZqmCB46NwtU5a8Ri36puC3e/cN+:4w8DbfrwYAjBstUa8U36oCOh
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-