Overview

overview

7

Static

static

7

TokenPocketPro.apk

android-9-x86

7

hook.apk

android-9-x86

hook.apk

android-10-x64

hook.apk

android-11-x64

libexec.so

ubuntu-18.04-amd64

1

libexecmain.so

debian-9-armhf

1

hook_.apk

android-9-x86

hook_.apk

android-10-x64

hook_.apk

android-11-x64

libexec.so

ubuntu-18.04-amd64

1

libexecmain.so

ubuntu-18.04-amd64

1

libhook

ubuntu-18.04-amd64

libhook

debian-9-armhf

libhook

debian-9-mips

libhook

debian-9-mipsel

libhook_

ubuntu-18.04-amd64

libhook_

debian-9-armhf

libhook_

debian-9-mips

libhook_

debian-9-mipsel

mobile.v2.13.5.html

windows7-x64

1

mobile.v2.13.5.html

windows10-2004-x64

1

privacy.html

windows7-x64

1

privacy.html

windows10-2004-x64

1

privacy_en.html

windows7-x64

1

privacy_en.html

windows10-2004-x64

1

terms.html

windows7-x64

1

terms.html

windows10-2004-x64

1

terms_en.html

windows7-x64

1

terms_en.html

windows10-2004-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    24/05/2023, 11:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    privacy.html

  • Size

    18KB

  • MD5

    21d89229a66d5392d2d71a09a8cf4b1d

  • SHA1

    bf8b389e5c00c2b32c104b078a5360810f0d14a3

  • SHA256

    ed47fd38188f4252f9a1380d5dd68897118e0fe2e0f7ffdb9f80b1a2654d9dc0

  • SHA512

    c513ce8b397ade361ca953b327c46b2363da8a7ca8dd01992daa130b864991d953878a461380e1f340a8db52693c1179ba7b85e5c5de3019e3b739fb17134597

  • SSDEEP

    384:2LC5+9iaRZ/sOB9kCnp5Q8BZHACa1WkMOJnbArKmlOPmLkJG4snCz6oM:D5iLA31WBOJnbArKmMPmLkOnu67

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\privacy.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:580

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          62KB

          MD5

          3ac860860707baaf32469fa7cc7c0192

          SHA1

          c33c2acdaba0e6fa41fd2f00f186804722477639

          SHA256

          d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

          SHA512

          d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          62KB

          MD5

          b5fcc55cffd66f38d548e8b63206c5e6

          SHA1

          79db08ababfa33a4f644fa8fe337195b5aba44c7

          SHA256

          7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1

          SHA512

          aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          d9386cf352bad77784b5ce52e270691f

          SHA1

          4ad169dff4e1b44b8e3f96f9d142b5d6faf6e19a

          SHA256

          1db4e9212bba375a3377069432ae95efe1f768485cf4456f77702335075ac646

          SHA512

          4c4ad0f7864e9b68e1bbae017e5fd55705043de1b7f7b1f25866e3049fdbf8fe0ee50e8553bdf69e4efa92cd173036ffcd95e8a5817238badbc59f8e4e94e406

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          6de1dee19436c3234c7f5701278e659c

          SHA1

          50c15ef75711b068b5e2faae11258ea9cece0e9c

          SHA256

          5583553b9b9d3661af6d6696b92085d87809f56a02e0073e5b96c57c0648e3be

          SHA512

          ee71a4971c9fc8bec85f5914a1817908b7a81ecde643171d701d12a5758ad995b4138af7597adde41ef5368cc4c5222f4faeb0f2d6f551a0ebe488cf843c1ac1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          26daddaa8815c5d585c08eb0331d829f

          SHA1

          806b289e63955ce77f26f9c1d60337cf4af498be

          SHA256

          ea9b680135cc003263dad8532d2328c433ffdd2eb76be5cbc08718f89ac2898c

          SHA512

          23e9fe89bcf27043e23220f3d5ef75264b57a98c4a3b6f804a02376937dcb1df90e430d95256e13928bcee1f622ea09c39a846446ba078b221caca2ba0d8435f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          75420dac868f926fb1a6d4abe071b7a8

          SHA1

          e967ef93980999fcaed017c3eaff851acecf6fdc

          SHA256

          5e12e4ec1434265903c707dec67bd902f6778f1c37d8f72b4e6f6b9665e0615d

          SHA512

          60db4818ab33970b3272f9d19b8224545ad6b2fe97ecc499df8630b0818ab3fb94851075bcf1736e96e8bce4ec794f622533b5a1527e5fb1c0ef7334d6e7d9db

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          7a00e6359c58018ab8cabd310c293d64

          SHA1

          2a7de9376e580900fa04b1d9b4d8bb403b09ab0d

          SHA256

          8bd8a8a896447af5578d94cd25351e722718d10629fa429c99860bba285a78c7

          SHA512

          89cc4b6f8f882555f3306061edb598262c454fb51c840fdd5cfb73453983f113084f98a067d09708caa01ead045824b8b7bf7ee02f5c476777a898f9fdfb9124

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          fd253129b1862c98be9da2f93e35c7e4

          SHA1

          a268c467f5b7a44b7dce5a37bab1a37a6943eb4f

          SHA256

          1b682153bdc3077f168276ddf2cf52c653d046e2e0c5f6e9e9d96c8438f2ae91

          SHA512

          131d9a6f1f2c4929492a7da1feb799708ba6a4f98e2a68b0cee5733ab95ad4ffcec0637ac398ca97d034dc124e5c513e278d3103c863df4b0d44de970d7f997f

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFOBZ3YS\suggestions[1].en-US
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab4B55.tmp
          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar4B57.tmp
          Filesize

          161KB

          MD5

          73b4b714b42fc9a6aaefd0ae59adb009

          SHA1

          efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

          SHA256

          c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

          SHA512

          73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar4DBE.tmp
          Filesize

          164KB

          MD5

          4ff65ad929cd9a367680e0e5b1c08166

          SHA1

          c0af0d4396bd1f15c45f39d3b849ba444233b3a2

          SHA256

          c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

          SHA512

          f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\E7YM538Q.txt
          Filesize

          599B

          MD5

          8b4742a07ce4ae5ba3ec48494926f55a

          SHA1

          a3ab8b912044fde51226160c6a1e4fe182ea08bf

          SHA256

          02541692b2736f964c6db02429671878441f235ed4cd155d03867a1573e42861

          SHA512

          8e2d095bfce2933296b18bc5334ec095e8899e885d82835a07756efa9f7dcb05396c5cccfa81c47c5ad3f1963e3376d6ec11c69a1878798b9748ddc8b9c199c8

          Download Submit