15b8ea286ec25a55cfba25409a30533ce8026ba440eff6234b121f5b1fb37adb

Sharing

Copy URL

Twitter E-mail

General

Target

dsa.rar
Size

986KB
Sample

230527-xe35gsdb9x
MD5

e6a7c255ec041a8ddecf90a2ac5d1b38
SHA1

46f5025bf184654b34cfe1a3ebfdf07fba41fbe4
SHA256

15b8ea286ec25a55cfba25409a30533ce8026ba440eff6234b121f5b1fb37adb
SHA512

54ab7390e4fd9e79259744fdce733e686306b27f14b2acd44909b4be954ce91bdb2b782233f16a591de29116185edcd01c85f5e1c4802fde7ed7b05d7f1bf3b4
SSDEEP

24576:c4II3ayj2FZi73r4IIRF8gDiNwSH2RLuYiqmNlA0oVM0:cuayj2FG3rLgD6h+utFlA0IM0

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  dsa.rar
- Size
  
  986KB
- MD5
  
  e6a7c255ec041a8ddecf90a2ac5d1b38
- SHA1
  
  46f5025bf184654b34cfe1a3ebfdf07fba41fbe4
- SHA256
  
  15b8ea286ec25a55cfba25409a30533ce8026ba440eff6234b121f5b1fb37adb
- SHA512
  
  54ab7390e4fd9e79259744fdce733e686306b27f14b2acd44909b4be954ce91bdb2b782233f16a591de29116185edcd01c85f5e1c4802fde7ed7b05d7f1bf3b4
- SSDEEP
  
  24576:c4II3ayj2FZi73r4IIRF8gDiNwSH2RLuYiqmNlA0oVM0:cuayj2FG3rLgD6h+utFlA0IM0
Score

3^/10
behavioral1
- Target
  
  Best Instagram Bot 4.1/Application Files/98p.ico.deploy
- Size
  
  87KB
- MD5
  
  a098b32ebc940d092779e2e488036d68
- SHA1
  
  d4c85bbdc0b22e4013d7b46b79ce63234a29ee07
- SHA256
  
  4ac78ea8f26fcb0ce273e96be03018a73390efefe00a37480f9371712be072c3
- SHA512
  
  6dbd7507fa4bf5859b37f0a5b23dc93786251a42ce7cb41d8bb6d315cd364c6efa52a053c09fc7011042f23e77c2e6d8cb7672d47c1429d625325c7c2c4bc5e7
- SSDEEP
  
  1536:f+sskTN6tT58MkdHMAJy2haS1i+SbNIGjgnIbuI/kqy+p:WiSTxkNM8hahbNIG0It/kqyG
Score

3^/10
behavioral2
- Target
  
  Best Instagram Bot 4.1/Application Files/Best Instagram Bot 4.1.application
- Size
  
  5KB
- MD5
  
  3ae5c66ad2af2b9f6ef27763b0c2ddcd
- SHA1
  
  8bb98ba2348db443475bf01333f75998fc87e043
- SHA256
  
  dd7da4fa2830a6edad8c138b1c05fe246bf9f008d1deeb1005698658bb58d0a2
- SHA512
  
  5f186a860b9657f115df3afa73940ce6d3b92cab5c7a579393fcd1e612b74ddc96d6355cd0a8a85c1880e856c7e61dd722cdbd8ad8bd7d532804c700dcc62dfe
- SSDEEP
  
  96:xWtZcb1jZxACICbNT2BQSk3cglUFmO3MxajBEknFdLAaBDA:ogZ3cgiZjnX0cA
Score

1^/10
behavioral3
- Target
  
  Best Instagram Bot 4.1/Application Files/Best Instagram Bot 4.1.exe.deploy
- Size
  
  266KB
- MD5
  
  1e19ae66589289b2f70cb9577a00a734
- SHA1
  
  43b06267f315e6dd4cc43dd2d08d5f0e3a8b3da9
- SHA256
  
  79d4571372cf510fd73d489d776d82d0b5651a05e9032ca3da865f152f42bbdf
- SHA512
  
  37b6f054875b8e901c6b8232b17ee5954033e7bd07818389b3fa6bcdb1b88f5e185dd9c7cbd11de6d5b1cc362780f55202fa1d0fc575e0a7ba4fb3912a3c2076
- SSDEEP
  
  3072:wbXkRiSTxkNM8hahbNIG0It/kqyXJAb3QrhWaM+Xntrvtv10w3TL7W3wVDMFqsQ8:wbXsxkR+5C5r4JmNxkR+5S
Score

1^/10
behavioral4
- Target
  
  Best Instagram Bot 4.1/Application Files/Best Instagram Bot 4.1.exe.manifest
- Size
  
  7KB
- MD5
  
  b6c12a703d50ab80f2b73b1f897db3ff
- SHA1
  
  d8299cd39d8dea624647bf09b3311e46a159a13b
- SHA256
  
  6e292bb22f8edda3d73f6c87131497095fae25ac38c4844bcfee2543adf3ffbd
- SHA512
  
  1d0c127cde504ccb391ae680092d491dafd8877bbe7971c7e813e2228a8b8dc33175bc54acc04f0cc113b5f900de12c58763ad2bab4c69dbcc94325df7610860
- SSDEEP
  
  96:xWtyb1jh8Q/k0XO/1tYcAe3SydDxk2kPCOFmO1MQ+jBE2DFdLAaBDA:o2ArYcAeqnPlkLX0cA
Score

3^/10
behavioral5
- Target
  
  Best Instagram Bot 4.1/Setup.exe
- Size
  
  146KB
- MD5
  
  cd91dde96c3573347980bd0229c33bbe
- SHA1
  
  584b76e8a2e1defffc5767dd784999e7cdaf95ef
- SHA256
  
  afd7e5c6e6c32872c1d4a317758387ae70d725e9e2687f919e67f3a639b93545
- SHA512
  
  e92b964e2df99022d7a4dec5bda20bdfcf2da5352800e632f8ae5eab6f717b660f8fff51398af4dd216a16d3d1f77c002e5e03be96382f056fce03a2bea565a2
- SSDEEP
  
  1536:/X4lcePuVXdLXrnu2lAK/8n7cJCrHj899WZoZfKZKqK3YWPTnsxn0uIPE:/X4lc/LPlroHj8XWZ0fmK5IHxn8M
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral6
- Target
  
  Best Instagram Bot 4.1/usersys/Application Files/98p.ico.deploy
- Size
  
  87KB
- MD5
  
  a098b32ebc940d092779e2e488036d68
- SHA1
  
  d4c85bbdc0b22e4013d7b46b79ce63234a29ee07
- SHA256
  
  4ac78ea8f26fcb0ce273e96be03018a73390efefe00a37480f9371712be072c3
- SHA512
  
  6dbd7507fa4bf5859b37f0a5b23dc93786251a42ce7cb41d8bb6d315cd364c6efa52a053c09fc7011042f23e77c2e6d8cb7672d47c1429d625325c7c2c4bc5e7
- SSDEEP
  
  1536:f+sskTN6tT58MkdHMAJy2haS1i+SbNIGjgnIbuI/kqy+p:WiSTxkNM8hahbNIG0It/kqyG
Score

3^/10
behavioral7
- Target
  
  Best Instagram Bot 4.1/usersys/Application Files/Best Instagram Bot 4.1.application
- Size
  
  5KB
- MD5
  
  3ae5c66ad2af2b9f6ef27763b0c2ddcd
- SHA1
  
  8bb98ba2348db443475bf01333f75998fc87e043
- SHA256
  
  dd7da4fa2830a6edad8c138b1c05fe246bf9f008d1deeb1005698658bb58d0a2
- SHA512
  
  5f186a860b9657f115df3afa73940ce6d3b92cab5c7a579393fcd1e612b74ddc96d6355cd0a8a85c1880e856c7e61dd722cdbd8ad8bd7d532804c700dcc62dfe
- SSDEEP
  
  96:xWtZcb1jZxACICbNT2BQSk3cglUFmO3MxajBEknFdLAaBDA:ogZ3cgiZjnX0cA
Score

1^/10
behavioral8
- Target
  
  Best Instagram Bot 4.1/usersys/Application Files/Best Instagram Bot 4.1.exe.deploy
- Size
  
  266KB
- MD5
  
  1e19ae66589289b2f70cb9577a00a734
- SHA1
  
  43b06267f315e6dd4cc43dd2d08d5f0e3a8b3da9
- SHA256
  
  79d4571372cf510fd73d489d776d82d0b5651a05e9032ca3da865f152f42bbdf
- SHA512
  
  37b6f054875b8e901c6b8232b17ee5954033e7bd07818389b3fa6bcdb1b88f5e185dd9c7cbd11de6d5b1cc362780f55202fa1d0fc575e0a7ba4fb3912a3c2076
- SSDEEP
  
  3072:wbXkRiSTxkNM8hahbNIG0It/kqyXJAb3QrhWaM+Xntrvtv10w3TL7W3wVDMFqsQ8:wbXsxkR+5C5r4JmNxkR+5S
Score

1^/10
behavioral9
- Target
  
  Best Instagram Bot 4.1/usersys/Application Files/Best Instagram Bot 4.1.exe.manifest
- Size
  
  7KB
- MD5
  
  b6c12a703d50ab80f2b73b1f897db3ff
- SHA1
  
  d8299cd39d8dea624647bf09b3311e46a159a13b
- SHA256
  
  6e292bb22f8edda3d73f6c87131497095fae25ac38c4844bcfee2543adf3ffbd
- SHA512
  
  1d0c127cde504ccb391ae680092d491dafd8877bbe7971c7e813e2228a8b8dc33175bc54acc04f0cc113b5f900de12c58763ad2bab4c69dbcc94325df7610860
- SSDEEP
  
  96:xWtyb1jh8Q/k0XO/1tYcAe3SydDxk2kPCOFmO1MQ+jBE2DFdLAaBDA:o2ArYcAeqnPlkLX0cA
Score

3^/10
behavioral10
- Target
  
  Best Instagram Bot 4.1/usersys/Best Instagram Bot 4.1.application
- Size
  
  5KB
- MD5
  
  3ae5c66ad2af2b9f6ef27763b0c2ddcd
- SHA1
  
  8bb98ba2348db443475bf01333f75998fc87e043
- SHA256
  
  dd7da4fa2830a6edad8c138b1c05fe246bf9f008d1deeb1005698658bb58d0a2
- SHA512
  
  5f186a860b9657f115df3afa73940ce6d3b92cab5c7a579393fcd1e612b74ddc96d6355cd0a8a85c1880e856c7e61dd722cdbd8ad8bd7d532804c700dcc62dfe
- SSDEEP
  
  96:xWtZcb1jZxACICbNT2BQSk3cglUFmO3MxajBEknFdLAaBDA:ogZ3cgiZjnX0cA
Score

1^/10
behavioral11
- Target
  
  Best Instagram Bot 4.1/usersys/Ionic.Zip.dll
- Size
  
  480KB
- MD5
  
  f6933bf7cee0fd6c80cdf207ff15a523
- SHA1
  
  039eeb1169e1defe387c7d4ca4021bce9d11786d
- SHA256
  
  17bb0c9be45289a2be56a5f5a68ec9891d7792b886e0054bc86d57fe84d01c89
- SHA512
  
  88675512daa41e17ce4daf6ca764ccb17cd9633a7c2b7545875089cae60f6918909a947f3b1692d16ec5fa209e18e84bc0ff3594f72c3e677a6cca9f3a70b8d6
- SSDEEP
  
  6144:OhagC/Mq25o9sXGtSV41OJDsTDDVUMle6ZjxLV/kHu4Bht79I9:iagxWS4msNUCe65fkHdBf9
Score

1^/10
behavioral12
- Target
  
  Best Instagram Bot 4.1/usersys/LICENCE.dat
- Size
  
  75KB
- MD5
  
  43a46b3d4965c8e4fda4b5161c2dad5c
- SHA1
  
  54a0f7b3445cad938c630dcefe7acaa6adb4b4d5
- SHA256
  
  301ce5c90623271d88aa32eb0e3c3c988c26f08246981065df2e303f7ffb60a3
- SHA512
  
  b1a491fbffddc2426572c095bdaff6e8890a23bccd8c12b56e4289fa2987c86a2f615fc3fa902c775f4b1c8dd74b030f4bb57eb9d0c7b2ba51d4c48fa7530884
- SSDEEP
  
  1536:OYSwesLlp+wbcYzwqqv3WbNif12gZ5xDZpDmtNQL6fV3b/u:O6eEl8wtJcWRw2gZHirQmVu
Score

1^/10
behavioral13
- Target
  
  Best Instagram Bot 4.1/usersys/Launcher.exe
- Size
  
  53KB
- MD5
  
  c6d4c881112022eb30725978ecd7c6ec
- SHA1
  
  ba4f96dc374195d873b3eebdb28b633d9a1c5bf5
- SHA256
  
  0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32
- SHA512
  
  3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981
- SSDEEP
  
  768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral14
- Target
  
  Best Instagram Bot 4.1/usersys/st.exe
- Size
  
  418KB
- MD5
  
  40f8224c5960d8c0801bd7755202d73d
- SHA1
  
  3961046aeea837d41e0c78f10093634cb894dd24
- SHA256
  
  21eacaf07e639a88efc2ab36b30fb0948d14de4eacf4165b4cae1aaa58d0289e
- SHA512
  
  64a888c7fc29ecf55cbf2fe6953fa331a836b67a6115af0729fa814c77d9dd1906e5f2438976576b85fcdfe13bceafe0eeadd740357c2961e807f9e0170ec111
- SSDEEP
  
  6144:hqIpd/w8ylWKxavR+dJ1oMBClrbMAo+nhmuFfvY0SHZvuD3EojDuUlXneOF:h7IRWDvFa+nhmuF3Y0scEeDuUlXeo
Score

1^/10
behavioral15

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Drops startup file

Executes dropped EXE

Adds Run key to start application

Checks computer location settings

Drops startup file

Executes dropped EXE

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15