Overview
overview
10Static
static
324192519fe...d9.exe
windows7-x64
124192519fe...d9.exe
windows10-2004-x64
74da95447ef...97.exe
windows7-x64
14da95447ef...97.exe
windows10-2004-x64
37d9ee189fe...2b.exe
windows7-x64
17d9ee189fe...2b.exe
windows10-2004-x64
3aa682ef8ad...47.exe
windows7-x64
7aa682ef8ad...47.exe
windows10-2004-x64
10df37a01547...a5.exe
windows7-x64
1df37a01547...a5.exe
windows10-2004-x64
7efe1804b12...e3.exe
windows7-x64
7efe1804b12...e3.exe
windows10-2004-x64
7General
-
Target
Sample.rar
-
Size
22.1MB
-
Sample
230323-ngs8mahb91
-
MD5
f4f6e3112f97d67605239c34bd18d139
-
SHA1
1580e38b13b3f21ff9753183549c690c2678e9fe
-
SHA256
bbf38b1880ee037302435376852431fa870f18b0fec8662a9d7739d1087381db
-
SHA512
16fcd6591321865a95bfee02eb475da82773d91746ac755569bd396f36bb45e40dfea996422346039a85b963f983e317b5aab142a266884b06e8a2f369976ff3
-
SSDEEP
393216:RbzCykUzkSGXGtY3pMDNPlotE6894Or9dnyk9yV1jww/KzOivwP96V:UfUcXVZMDNPlmE68ym9dys6mw/Gvu96V
Behavioral task
behavioral1
Sample
24192519fe48742134f892876e8754d9.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
24192519fe48742134f892876e8754d9.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
4da95447ef335d683699e9ba3f352797.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
4da95447ef335d683699e9ba3f352797.exe
Resource
win10v2004-20230221-en
Behavioral task
behavioral5
Sample
7d9ee189fe6bcd4d1dc07ba570684e2b.exe
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
7d9ee189fe6bcd4d1dc07ba570684e2b.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
aa682ef8adea6576fcbdd35c69c7be47.exe
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
aa682ef8adea6576fcbdd35c69c7be47.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
df37a01547bcba1097616ca2da4fd2a5.exe
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
df37a01547bcba1097616ca2da4fd2a5.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
efe1804b12286c2f920959073f6267e3.exe
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
efe1804b12286c2f920959073f6267e3.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
cobaltstrike
http://47.113.200.178:80/yv95
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BO1IE8_v1;ENUS)
Targets
-
-
Target
24192519fe48742134f892876e8754d9.exe.vir
-
Size
1.0MB
-
MD5
24192519fe48742134f892876e8754d9
-
SHA1
cbe590d7c8682dad2d05c759df8afaf0a4b9e8a5
-
SHA256
0516bfd184b5240a1c441d9035faf17272bdb01651ad4458b85c59e6c27988bc
-
SHA512
01c4c300fa2d9747eed1aa8d489f1d95fbe70b9166e16b2117173c35dcaa64c8c1737b367ff8f117940b40383c883b4f52edb743ec97ac6049f737ad76440cf5
-
SSDEEP
24576:75Ctn/z/eJUqr2RX5ICkmnhWmwHH3QJOLQs+U6k7xF:pxxF
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
-
-
Target
4da95447ef335d683699e9ba3f352797.exe.vir
-
Size
1.2MB
-
MD5
4da95447ef335d683699e9ba3f352797
-
SHA1
8e15f95f54e72f619859284f637dc8a5312aa2d7
-
SHA256
de36087644980290e7ee80cadc86705230536ff8ad143542323086d5f0338d52
-
SHA512
9cc91ba7ba111e48efab962e71f2e4f8f704fee707f5cebd89d07a4066b4e06aff031f62c38ca7d6cf44a3aeaef22f750b042b6f354dff3a631a971de4b106e0
-
SSDEEP
24576:LIky4/3X2JcF2jYAF5e2O+f4GC0Nnve511GAsu0Y09OJH:84PYOz3fJ
Score3/10 -
-
-
Target
7d9ee189fe6bcd4d1dc07ba570684e2b.exe.vir
-
Size
1.2MB
-
MD5
7d9ee189fe6bcd4d1dc07ba570684e2b
-
SHA1
6edf87ee5c05417cc6eff2959231120c3e1b6264
-
SHA256
5d1faea42a7bbcb40b0b2375becedbd9cfe5fe11c5497a76282d059553682dd3
-
SHA512
e7103b0804545be69a920015048853293904d289399fa0bb4509c63491a9968f4a225d944cc9b1453d4a4eb29d5184d7417a9f8ac2bd4f7ae9f6e4b8d38d0cba
-
SSDEEP
24576:FIky4/3X2JcF2jYAF5e2O+f4GC0Nnve511GAsu0Y09OJ+:G4PYOz3fJ
Score3/10 -
-
-
Target
aa682ef8adea6576fcbdd35c69c7be47.exe.vir
-
Size
15.2MB
-
MD5
aa682ef8adea6576fcbdd35c69c7be47
-
SHA1
36c772e7b51f2d77b7ba9215d191b1b01c7887be
-
SHA256
76d973c062232bdb6b91edff08abe9c679ecca79f70f7b342f5ecd71f6211824
-
SHA512
198a73090be9651cff508fedabdd9f2963405f9df6b36705141157a1587122390021411bc7ead6447590490499bc0d6023dcfebfbfe2ca3d8aef2896fd4343e4
-
SSDEEP
393216:iuia5HFFqZsR641Y4YpvbYoady6H5jGbF:bHFb6411kUPi
Score10/10-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
df37a01547bcba1097616ca2da4fd2a5.exe.vir
-
Size
1.0MB
-
MD5
df37a01547bcba1097616ca2da4fd2a5
-
SHA1
faf0fcfd48cd639c2d3bba52b0693fd3e6011bea
-
SHA256
a7e1b48391e14f6d4531435b17ff22f4b4d2f522ee1c95edba21bb331acb5194
-
SHA512
f649436c7a7b162f3d7744ff3309b2c6f13f65ce38d2286c9299458ae3e76337ad493e79d6e58d04dcc6da4ef7dc66c381443f7fa50231d3de64cb87fca9d44b
-
SSDEEP
24576:/5Ctn/z/eJUqr2RX5ICkmnhWmwHH3QJOLQs+U6k7x:1xx
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
-
-
Target
efe1804b12286c2f920959073f6267e3.exe.vir
-
Size
9.5MB
-
MD5
efe1804b12286c2f920959073f6267e3
-
SHA1
be5cb3907dd4db71baa9abb014e7e783ba65c6bb
-
SHA256
75eca04275d0d448a596141b167d76f750ad38c34d7e93a33745f2b70dadf8d7
-
SHA512
766d8a9819674e2184a1aa45ad4026719c9cb2c0d8a3ee62a74339ddf8eeba0c8288592a3588693ccbb773f1b8c28b821ae0ea5bc51e96355a6e65785d8ccb22
-
SSDEEP
196608:vNaRuVh7dQmRrdA6l7aycBIGpER/1q3+dgSDukTH0W8/La5qwLjmZ:YuVddQOl29uq3+d9Du+UW83Y8
Score7/10-
Loads dropped DLL
-