Overview
overview
10Static
static
10My2[1].exe
windows7-x64
10My2[1].exe
windows10-2004-x64
10NagTracking[1].htm
windows7-x64
1NagTracking[1].htm
windows10-2004-x64
1NagTracking[2].htm
windows7-x64
1NagTracking[2].htm
windows10-2004-x64
1NagTracking[3].htm
windows7-x64
1NagTracking[3].htm
windows10-2004-x64
1newsetup[1].exe
windows7-x64
7newsetup[1].exe
windows10-2004-x64
7General
-
Target
87c74248de50d081b467ac5b0200abd8.bin
-
Size
4.6MB
-
Sample
230216-bw94gafb46
-
MD5
87c74248de50d081b467ac5b0200abd8
-
SHA1
5536fffc545f00d6f2099c8aa574a464ba6e5893
-
SHA256
cefa5780c734c3c17e13a8c8d0d64190911b22679912be1517b3e93849842e05
-
SHA512
e66cbf986d0d3758ef014ddb468044cca2b6453fca6c18e818d5e95362350e5a9b9ee6827d31ffe4aebdc0f9b1fe9c95b7959b95dfd3e4afcdcff86d32396b03
-
SSDEEP
98304:cFTjm5AM2691zcaCxAnOyGnbDDq7g7oFZBYEUgJo55eEEFW4Wg4E/:cF3me2caCiOyaHWgwfRrEE9D4s
Behavioral task
behavioral1
Sample
My2[1].exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
My2[1].exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
NagTracking[1].htm
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
NagTracking[1].htm
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
NagTracking[2].htm
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
NagTracking[2].htm
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
NagTracking[3].htm
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
NagTracking[3].htm
Resource
win10v2004-20221111-en
Behavioral task
behavioral9
Sample
newsetup[1].exe
Resource
win7-20220901-en
Malware Config
Extracted
aurora
45.128.234.60:8081
Targets
-
-
Target
My2[1].exe
-
Size
3.6MB
-
MD5
391dd1dd7730cad9de95eea8d620c166
-
SHA1
f87b98f8f5df9b4505f0da4fbbfea47ef6e2be32
-
SHA256
4de8a124137d5b654de1cdbe4dfdc18102ed436ba703cbd2e44fa3670553c8ca
-
SHA512
be713688d994194d6d6b39eb2672bb57f93619bdf3b404254340b5db1cc3387b7c280285c7929a2126ff6a5f59aad6f62a993e1b88318bd3a4ffca977f22491c
-
SSDEEP
49152:Nme5lkVjplQ1w3gAfo/29XaNraf622vh4JJfsWactKmQXGbtlExqy5jnIAny7dfH:H8VplQ3A82RHp2KjaqOGBle5O7q7uhj
-
Modifies security service
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Drops file in Drivers directory
-
Stops running service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
NagTracking[1].htm
-
Size
178B
-
MD5
bd2695f4b079c71dbddde3436286fb9c
-
SHA1
733c05da132193d6cf1d8e242d12e2525c03bab4
-
SHA256
2e04a18ff185ba5b16f762a0538339bc4049aceaef9738edd43af77d2ceb788b
-
SHA512
5b73af24d095f7593026d3f211da6775d91c2efb5cdb0e0258ccca8edd3f8645cdf80d8338c863794d260f4bca08637233be3548d83e7225518dee2f47560798
Score1/10 -
-
-
Target
NagTracking[2].htm
-
Size
178B
-
MD5
bd2695f4b079c71dbddde3436286fb9c
-
SHA1
733c05da132193d6cf1d8e242d12e2525c03bab4
-
SHA256
2e04a18ff185ba5b16f762a0538339bc4049aceaef9738edd43af77d2ceb788b
-
SHA512
5b73af24d095f7593026d3f211da6775d91c2efb5cdb0e0258ccca8edd3f8645cdf80d8338c863794d260f4bca08637233be3548d83e7225518dee2f47560798
Score1/10 -
-
-
Target
NagTracking[3].htm
-
Size
178B
-
MD5
bd2695f4b079c71dbddde3436286fb9c
-
SHA1
733c05da132193d6cf1d8e242d12e2525c03bab4
-
SHA256
2e04a18ff185ba5b16f762a0538339bc4049aceaef9738edd43af77d2ceb788b
-
SHA512
5b73af24d095f7593026d3f211da6775d91c2efb5cdb0e0258ccca8edd3f8645cdf80d8338c863794d260f4bca08637233be3548d83e7225518dee2f47560798
Score1/10 -
-
-
Target
newsetup[1].exe
-
Size
3.0MB
-
MD5
9422fdf5908ef9676cd69664a3eeb758
-
SHA1
fca31d6375653988370f72dfc96cfdad4ec93662
-
SHA256
93b4f08668d889ae15de8052ff91674a7ba3032520864a08860a1c09210db4f5
-
SHA512
5068f84ea94523bc189d66d104e53e53fa96d4ac2f797068e98f717ebef5bf33e405a5aa938d5b828089f9e0f53be337372ad6e35962732611818ce66df1acf2
-
SSDEEP
49152:0DB3/EyMqY9pJKKMFC6oaisLFA842Lruk1s:q6q5FpLO84N
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-