General
-
Target
ItroublveTSC-6.0.zip
-
Size
6.7MB
-
Sample
230213-xvmgnsfd78
-
MD5
0c1027b2c9f7642c17fc918c5df30325
-
SHA1
8cf107d89e9184ee41328b9a6687cf56edf3e4b4
-
SHA256
7a03656ffc007b5b7cce9449727ef5d27e1315ed4f61fd9a8ad89681ec2ce5f0
-
SHA512
b5fb823c882c405741cf9ca5fb0374d361cd6c04f822cc4391514b82c56df5771a79337d283c73d3f8c57b2d7979b52b4887febf367e0a8bf039824e4fa257d6
-
SSDEEP
196608:I0SfUI3sx6hmIJ+P+vpgQKixeAHuCePimhsVMNyyhSN4hR5xcl:IZlHhmIJ4+qQKi0Cuth9NyyhU4hJcl
Malware Config
Targets
-
-
Target
ItroublveTSC.exe
-
Size
3.1MB
-
MD5
b1d5fd5b035a167b43f81974dbd3a985
-
SHA1
02cd3e37db9e2ad65fbd952f3e8aacd7c7fae809
-
SHA256
76267027ff50a34f1257b2b537262aa067eec6c3c4f88ef23349944200ef240b
-
SHA512
ad75e2cacf989470d8d3b43ce980307e0c3977a0a0e12e8442dece90afc4381b11e514f044c095ec9c2a97002e238f36c1cf1b52d7836f7c0493eaf1145964d4
-
SSDEEP
98304:UqXpy05Q0N1rsYSZ6BoXh1kkypSH3Oh5BemgOYUm:N405QYtsTEB08T8HehLvlm
Score9/10-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
bin/App.config
-
Size
184B
-
MD5
13ff21470b63470978e08e4933eb8e56
-
SHA1
3fa7077272c55e85141236d90d302975e3d14b2e
-
SHA256
16286566d54d81c3721f7ecf7f426d965de364e9be2f9e628d7363b684b6fe6a
-
SHA512
56d0e52874744df091ba8421eeda9c37854ece32a826bd251f74b88b6334df69736b8cd97104e6e7b2279ef01d2144fee100392744cc1afb7025ebbad5c307a8
Score1/10 -
-
-
Target
bin/Binaries/RtkBtManServ.exe
-
Size
2.8MB
-
MD5
88ab0bb59b0b20816a833ba91c1606d3
-
SHA1
72c09b7789a4bac8fee41227d101daed8437edeb
-
SHA256
f4fb42c8312a6002a8783e2a1ab4571eb89e92cd192b1a21e8c4582205c37312
-
SHA512
05cff2ca00ba940d9371c469bce6ffb4795c845d77525b8a1d4919f708296e66c0a6f3143c5964f5e963955e4f527a70624651113e72dc977f5ef40fa0276857
-
SSDEEP
49152:AsmhnqAs9pJc0dnKh+Q0N1rs+vIUSg+6+8ohnRh1Na1OKM6nYAKhFQpSH3Oh5gxr:6qXpy05Q0N1rsYSZ6BoXh1kkypSH3Ohs
Score9/10-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
-
-
Target
bin/Program.cs
-
Size
6KB
-
MD5
fb91a042af865080b1068f1e345ca124
-
SHA1
40ffd430fde179a103b19ef728a33d3da88d9c6f
-
SHA256
e13a25cc5f69e4e9747e577f60f73f33eca48899caa85331f5c61ecbd1b61910
-
SHA512
c12420afc7ddbc30f62a3e295939de0744dd50a8d78da0041eaabd378af1e2152cb363329efdeca70503d416c04642eb666bc1c4b983ea57639a7ac5bf189a6a
-
SSDEEP
96:JoUyFXO4DV0VJ0BnRjEK+MaCH+YetqXOg6SBqxdHboQqrARSYRBIhWHz5I+I0:opNfjEK+MDH+Yesv6Sgx5oQqrVeIw+Y
Score1/10 -
-
-
Target
bin/Properties/Resources.Designer.cs
-
Size
2KB
-
MD5
4b5b77878a69b99dfadac9397aa8abe6
-
SHA1
5ffbcc33ced8c2e4ad539970cebac4a8c0f26877
-
SHA256
a2c9f7982cc24f564ceb46be08dcd73985d490a249153700e0b5ecb1fa5c58c0
-
SHA512
70b3294ba2ea399967d818e723692787d77580fd6a4bbcd66e8e0051660ad1a2d76241a9520140f8f28fbde645ee42ea1c6e08e660ce64c3d0b6978355557d03
Score1/10 -
-
-
Target
bin/Properties/Resources.resx
-
Size
5KB
-
MD5
0cd8c971317d19bbed44757809bcb92b
-
SHA1
47b15748ecc8e952c5935170090db7c269ce4b4f
-
SHA256
66b5ebd1b0fc73f041ba669ce2184f6f471d5e3524efa34ca31233e9f5395262
-
SHA512
883dba84bf7daae3ea49f9d54c13dda4f125da82ba63f90eeba0900602896ad9492a0adf7b69b67d838034090af20926af5c2934797afaadb38aa069786c1fc6
-
SSDEEP
96:fijrkiK5k5LPXbac9m5Lv6FzSvd4gIRjETUT200qSdvabvDIwQBugqvA:KjrbLPD9sLvIzSvKgIqUEa2
Score1/10 -
-
-
Target
bin/obf/CLI.exe
-
Size
30KB
-
MD5
a6f83da2bfe041d92ff79b9c238ed72e
-
SHA1
ac12c6e8973f0f64d1395523fdcfcd0d73856128
-
SHA256
0b997165e348b17658bef1e869881c37c79c2a9bb26e132ac4141eefd5912652
-
SHA512
9ce5c2825848d360a07c9555bd940ceaf9c598dbf55f99fa783bbc47ca55dc375f562f29dc94e767ccd0f94120e37be90ad055ea22d353c283b0d3992df36e84
-
SSDEEP
384:AtQiJWE1r0K0vYzZBgB1P5AkWFq7UQweltaJVuTlVKMwW7nj8VtDVth7WAl9MWod:biJWE1QzvYz/K1yXqYQ8VuAwbfVogxq
Score1/10 -
-
-
Target
bin/obf/Confuser.Core.dll
-
Size
186KB
-
MD5
6f3e120baa644b4dc085a3dd3e183bcf
-
SHA1
3f7dbdd082447910be5b31cc80ca5cb64f6339c7
-
SHA256
4742104d8e47541ed998d22321717d288cd62682b56f56f4a69dc9bd99c9a6fb
-
SHA512
b42cc08f9e32f0e5ac760bc0af517d2b0e7bf469421faead3d33e7e07d24d538046ea912badc196f83badb5b1dc07b4f0141b8a09723dedf7c16628075963812
-
SSDEEP
3072:GZ9cy/5Jxj5XhlgUmSae1DxMRqXYjKO02cDTi+P1sR+Fna1R1RjYdfc:GZ9cyhJ95XhlgUmSaevwj1pcDH/uL
Score1/10 -
-
-
Target
bin/obf/Confuser.DynCipher.dll
-
Size
48KB
-
MD5
6ebc90e77623826e71ded623a296660b
-
SHA1
4fa7b0dc7582e03a7af6f41cba70b41f3aa5df15
-
SHA256
cdad0a76f0d3f3e73fcdc6e5e6d98b0e88adcc2353c54344375b80197a86fcf6
-
SHA512
a40dea9f56ce29c6d7c3022d6b09b164dfbc2c294b5ebf7869504cf9010d2dc844a371c6d753afe8851b1eb82e7373736bd68a1430a826ded3b74ca3628ccab2
-
SSDEEP
1536:yV4R9J9YnzpSx6dZV0c+NQJOwEhy8bb30aatJILhopNfmxr:yLnzpSx4ZV0c+NQJOwEhy8bb30rJuhoI
Score1/10 -
-
-
Target
bin/obf/Confuser.Protections.dll
-
Size
205KB
-
MD5
a23e80a09e14a6c1ffa3c89cd7af7229
-
SHA1
b1d45de9673e85b255096ec54e513a06212e4f15
-
SHA256
a5b10ee104e225fbcdfa9f8024701674d9a4556f4e59b90a90a972724ba15bb9
-
SHA512
0ba96fce7702829d44e7da9b9df3da0b0655098f719c0c25f683f7760ab4b819d079a2fff04fdb7cd5d8dfb7a571689b070a2a5358d9eee930a56c4c9605db44
-
SSDEEP
6144:xAF9fU+KCm9QQmNBCrCmnTH3/JopinC5:xS
Score1/10 -
-
-
Target
bin/obf/Confuser.Renamer.dll
-
Size
310KB
-
MD5
e1656b7bfd3b7c9634f72c4f9085d226
-
SHA1
46977837049a8009e18f096d2531ae2fed02ab42
-
SHA256
4ce9a9f15724b17da414c4aad7b7bfbba0fd1b80e3d0b8452551d5f79fd32b50
-
SHA512
f8c4aa1cbfb9bb78eaa35608815079216f88c7d74185112d76e0125946cf39d32ff7cd60796223764daca624b03d79febd90ac342dfc315579a1d57eea5d3687
-
SSDEEP
3072:89nS3lQOaZ1rk8g6t8ZSv05Wa59XVGcxnLa3+qnOw9n/La9pwtgSfHxE1thSv3Vk:89SijrhZLg1r12BOw9n/zJvNjL
Score1/10 -
-
-
Target
bin/obf/Confuser.Runtime.dll
-
Size
49KB
-
MD5
42e45fa8bb26246ed3b3c2760e782912
-
SHA1
fa49baf5f55cc5af7eed27b9547305780a7e4ddc
-
SHA256
c8bcbe8c706659824ed001caf0be23b8470a99c0391a23c419884ad93df3cce0
-
SHA512
f89c328bff75a25a636d0567f9dd0df00494c3156b24fe029677368a349367bea9b3bd0571a79eae94112e694161c1658fc8e8e25076a8b9cb7c4e539944fd21
-
SSDEEP
1536:E/XNRvuA5rTGZcIDEG3mmmmH/flJDnJod:YXDZYSGfLrJQ
Score1/10 -
-
-
Target
bin/obf/Teen.dll
-
Size
45KB
-
MD5
fb9d14387b89b30606d094ae8cd93ea0
-
SHA1
8f21ac1b24fe1072a9d9ad17eabc738bac23ef58
-
SHA256
68eac14ca256f9871cc85ffc77c86b1d6378e6c900dff34f8b697be07b77446a
-
SHA512
17e9af55a1967884645e5b30abed374b51c28e173160e369b422ef385a1de9bdb76ef38c740e905629932481421d213ac90589d1bc1c1901c312c3271c75a63e
-
SSDEEP
384:6bcg3oHfkx4rxym37Bg4X0HuViEIXPdzJQKDckw6NhU0Pe4oannzXgvijJFWMHJs:lLSDDzgvijTlHJxKbBCxPULcBVDDQ
Score1/10 -
-
-
Target
bin/obf/dnlib.dll
-
Size
1.1MB
-
MD5
e61bad0331819ed63ca3b0d537f7e1a1
-
SHA1
30c2b5c5e0a1564b88349fe952abdaf19f500c7d
-
SHA256
d8fc78217493febe82670c5a93feb85ab86fc6a0387abcb6e9165e0c0bb97000
-
SHA512
fba44931b1af1f23bb0bf011b73378a1a76cacecf53e6d48de5e027742961f5e76add9d5a11410a203b8ec6026cfaacab0dbd5f1bb91f58bb3447dacf6a24661
-
SSDEEP
12288:sUHb3PIKxNNhFNxxq6iNq3JaxOCDmuGnjlHesWnuRyKh0ZUvz/sPv7fIFZ:lKzkuWhHDWKMA/sPv7fI/
Score1/10 -
-
-
Target
bin/packages/System.IO.Compression.ZipFile.4.3.0/lib/net46/System.IO.Compression.ZipFile.dll
-
Size
24KB
-
MD5
dcda916372128f13ada8b07026c1b3e7
-
SHA1
99d6c187de8510206a93d2eed9c65e65e0c86e72
-
SHA256
b5c12e9099643e2eda9b49edd0d98bdaed153c72a7e8e6235d8e78714402d16a
-
SHA512
d66de5d61cf7090ce2e11ca8064723a44c2fdbd7ed937f1cf4198ebe13083037941b816ad9022d332bbb853666785600fa8b1faca94c498d2f82de73fe1e42f9
-
SSDEEP
384:dK8Y54xRiW3mWeW+mWE3rq0GftpBj52ERHRN7dldBopPI:dKfemqiuEBHoa
Score1/10 -
-
-
Target
bin/packages/System.IO.Compression.ZipFile.4.3.0/lib/netstandard1.3/System.IO.Compression.ZipFile.dll
-
Size
28KB
-
MD5
65306815825ea8652d0ee2163d123d14
-
SHA1
e8eaee6e9ae5fcdbd19b056856ba0d8424243e28
-
SHA256
db7cb3cf25d563e85a287a77d0c9addf6dbc1907475330a173f4cccc1ca0e6ed
-
SHA512
cd649101439099ce741d4c1a1334ce8bd9283d6531585047b64138b533e742808d1097e9419a3936e4939e1d4193488e0451291f4d56d70931e2d87a04239646
-
SSDEEP
384:Our1AxpitMy7y4eCgW3mWoQ7q0GftpBj3zDvERHRN7lX1l78oWCmtPa:xr183CziprEBRzek
Score1/10 -
-
-
Target
bin/packages/System.IO.Compression.ZipFile.4.3.0/ref/net46/System.IO.Compression.ZipFile.dll
-
Size
24KB
-
MD5
dcda916372128f13ada8b07026c1b3e7
-
SHA1
99d6c187de8510206a93d2eed9c65e65e0c86e72
-
SHA256
b5c12e9099643e2eda9b49edd0d98bdaed153c72a7e8e6235d8e78714402d16a
-
SHA512
d66de5d61cf7090ce2e11ca8064723a44c2fdbd7ed937f1cf4198ebe13083037941b816ad9022d332bbb853666785600fa8b1faca94c498d2f82de73fe1e42f9
-
SSDEEP
384:dK8Y54xRiW3mWeW+mWE3rq0GftpBj52ERHRN7dldBopPI:dKfemqiuEBHoa
Score1/10 -
-
-
Target
bin/packages/System.IO.Compression.ZipFile.4.3.0/ref/netstandard1.3/System.IO.Compression.ZipFile.dll
-
Size
21KB
-
MD5
05678aa09e0cdd844db58484d633d49a
-
SHA1
fac955a640f73930fd2228489079e4acda64d944
-
SHA256
21abf0c8a5c93fbc1b662e6a4ddb825fa9b3c5cae83c7f6913f5c1e89cee8906
-
SHA512
451e7eadcf7993fa9ecb04c6810cbec171f902c1c52b25d8244068452fe718d45d5911e09beeb9ae64d9cf20593b18e0a8a3069c1679b441a4b1119df2b7574e
-
SSDEEP
384:U6CYDzoEWPmWCMIA0GftpBj9VoERHRN7YlraGOl:Lc5qiBoEBCul
Score1/10 -