General
-
Target
curl-portable-master.zip
-
Size
2.5MB
-
Sample
230618-zszekahg25
-
MD5
201fc137368ce75803000fcab5e65ac1
-
SHA1
1697e50d019abd91b781bddfef4adf73ae3280fd
-
SHA256
62a715881a64abd95f48212abae468414b2083c67e2bf664d538413a38849971
-
SHA512
dfb007af71f225ccc06c29628fb9387f81dc0109d5c4a9028d23e694172f73c8f7cb9baf0576da6d30db2149e66c4f0d5b85ebcc88b48982de2552572d5af30d
-
SSDEEP
49152:loRwCeMa1hWJgBkjFAFwRWCSAh3dCIfYO6HtdCDrUAEIjsIQOr8e:loRxtqAqFYWc3MnNtcDrTsIQU
Static task
static1
Behavioral task
behavioral1
Sample
curl-portable-master.zip
Resource
win10-20230220-es
Behavioral task
behavioral2
Sample
curl-portable-master/LICENSE
Resource
win10-20230220-es
Behavioral task
behavioral3
Sample
curl-portable-master/README.md
Resource
win10-20230220-es
Behavioral task
behavioral4
Sample
curl-portable-master/curl-ca-bundle.crt
Resource
win10-20230220-es
Behavioral task
behavioral5
Sample
curl-portable-master/curl.exe
Resource
win10-20230220-es
Behavioral task
behavioral6
Sample
curl-portable-master/libcurl-x64.dll
Resource
win10-20230220-es
Malware Config
Targets
-
-
Target
curl-portable-master.zip
-
Size
2.5MB
-
MD5
201fc137368ce75803000fcab5e65ac1
-
SHA1
1697e50d019abd91b781bddfef4adf73ae3280fd
-
SHA256
62a715881a64abd95f48212abae468414b2083c67e2bf664d538413a38849971
-
SHA512
dfb007af71f225ccc06c29628fb9387f81dc0109d5c4a9028d23e694172f73c8f7cb9baf0576da6d30db2149e66c4f0d5b85ebcc88b48982de2552572d5af30d
-
SSDEEP
49152:loRwCeMa1hWJgBkjFAFwRWCSAh3dCIfYO6HtdCDrUAEIjsIQOr8e:loRxtqAqFYWc3MnNtcDrTsIQU
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
curl-portable-master/LICENSE
-
Size
34KB
-
MD5
1ebbd3e34237af26da5dc08a4e440464
-
SHA1
31a3d460bb3c7d98845187c716a30db81c44b615
-
SHA256
3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986
-
SHA512
d361e5e8201481c6346ee6a886592c51265112be550d5224f1a7a6e116255c2f1ab8788df579d9b8372ed7bfd19bac4b6e70e00b472642966ab5b319b99a2686
-
SSDEEP
768:Fo1acy3LTB2VsrHG/OfvMmnBCtLmJ9A7J:Fhcycsrfrnoum
Score1/10 -
-
-
Target
curl-portable-master/README.md
-
Size
56B
-
MD5
2cdcf8ad587347f0524cf295391cf7af
-
SHA1
71ee221795def68976717ad85f5edefb5f388e5d
-
SHA256
ff8daa524a538d938ad0c8265a89f04326b0c33de9df9b990b4cb82db9a3cf1f
-
SHA512
874375fe8f7c2e6a9d3ebe4279bc0ca432b4d93873f7076aa0e44c8fdb951b591786925579144631b08cf2f3428168944bb765564723e79181860f0af5013ec0
Score3/10 -
-
-
Target
curl-portable-master/curl-ca-bundle.crt
-
Size
216KB
-
MD5
5805059ab9e4646e4803ce1e007eb8ba
-
SHA1
aa004c87ac9d0cf2b148fe5424804386f55eb4c6
-
SHA256
5cd8052fcf548ba7e08899d8458a32942bf70450c9af67a0850b4c711804a2e4
-
SHA512
49778472e46ce3b86b3930f4df5731ac86daf4d8602d418af1c89dc35df5f98c4557aa6c6eb280558c61139ead4b96cbb457a259f72640452f28a2fecd4ccb89
-
SSDEEP
6144:XNc597qxzwd9aUaNR6dTd4tL2b02dTDkMgV:XNcf7M576f4tLe0mIMq
Score1/10 -
-
-
Target
curl-portable-master/curl.exe
-
Size
3.9MB
-
MD5
a3569bf06d73db9fbf4ab4fceb75b495
-
SHA1
ce86cdf772371603dabcc6059553acd1b1116161
-
SHA256
46728863a11d653b6c1ad6b0ca5c2f8a8212558da538c4c4a8d055871aa7304a
-
SHA512
2eef62d55ccd29a24b53ffdb71d89c10be42d663b9d29c078a561117be2246bae6f020e607ee68504ea5a9bc5621b6802fc1ab8f174bc0c0d0200fc5aa724c98
-
SSDEEP
98304:L6VqnUiTgItsIlV1Q1+0tBAJLv+lwfX/c2tj5d:AqnVcuv0kj5d
Score1/10 -
-
-
Target
curl-portable-master/libcurl-x64.dll
-
Size
1.0MB
-
MD5
a846592aa99fe94d7455097dceb05ff8
-
SHA1
03859b7af6e8c9950d3c221dfafb6c89cc0e2f66
-
SHA256
f46b5c8e3bd77e340af65ccb476f96fe803fa0a2a10e8f0f1a004a35076984ff
-
SHA512
73fc0929bb4e95e38caf5c323518f9ba97a8adf52983d1ff4c09b74c8400186b7cc6fbf0900efc26852495ee0f4fa19b68ce95f46948032c8629201a06bd8a39
-
SSDEEP
24576:q+9Y52OnulevAOXgX11qIxBnlikYWVgPaG9BQQfKsTnkTydARK:WcOWOwqIHnlikYWVtKB5TkTA
Score1/10 -