Behavioral task
behavioral1
Sample
1ea570b62dc7c7fe52ff5655217ec452004d899b7a907b7838489869b7422867.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1ea570b62dc7c7fe52ff5655217ec452004d899b7a907b7838489869b7422867.dll
Resource
win10v2004-20230221-en
General
-
Target
1ea570b62dc7c7fe52ff5655217ec452004d899b7a907b7838489869b7422867.sample
-
Size
8.1MB
-
MD5
c572870e8a4063bab041896c19a60216
-
SHA1
995b43af8156390e7dd5922944accf29f5a06b4c
-
SHA256
1ea570b62dc7c7fe52ff5655217ec452004d899b7a907b7838489869b7422867
-
SHA512
0c291013be8454e536c1027532901477a1c3c0eeeefb2d8ce8c4af9b023e535ca5ca1d3e0f4843042c945718e03daf9ba287b77e7909a4f4303ebf68d778e2ad
-
SSDEEP
49152:cSFiqWJFY83N7qsH1Gsi2naMQTCBFYpNit4xkq7CqfaJDJka1E79y2zkl:ErJ1nVGOatTWCpN16A9DQl
Malware Config
Signatures
-
Amadey family
-
Processes:
resource yara_rule sample amadey_cred_module -
Detected Mount Locker ransomware 1 IoCs
Processes:
resource yara_rule sample RANSOM_mountlocker -
Detected SUNBURST backdoor 1 IoCs
SUNBURST is a backdoor for the SolarWinds Orion platform with extensive capabilities.
Processes:
resource yara_rule sample family_sunburst -
GandCrab payload 1 IoCs
Processes:
resource yara_rule sample family_gandcrab -
Gandcrab family
-
Mountlocker family
-
Sunburst family
-
XMRig Miner payload 1 IoCs
Processes:
resource yara_rule sample xmrig -
Xmrig family
Files
-
1ea570b62dc7c7fe52ff5655217ec452004d899b7a907b7838489869b7422867.sample.dll windows x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 104KB - Virtual size: 112KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5.9MB - Virtual size: 5.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 105KB - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ