Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

• • Target

    [email protected]

  • Size

    618KB

  • MD5

    a50fc0da1d2b3c4aa8a6adaccf69a5de

  • SHA1

    e001f4043ab4be644ea10e0d65303d6e57b31ffe

  • SHA256

    cf6eb8377789e316629c0396a2dbb53c69b5fd67bbd0e7163b8d305aaa756e90

  • SHA512

    4bbc7676391ed4085f628d1f4e1f0af16f5cd6fd9efb8c61176bccdb6ee03b06896c6ddfba9fcf363b133ade3a8a1b8cd17ef92d8eb9adeec247f9bd41dbec2b

  • SSDEEP

    12288:EQIfqOiX9P/aazd1ctyDXHrJW2dGMToCRn5VxWRaqsrOkqgyQD:EQIydX/d1rTLRd/TvVUsrOkqFQD

  Score

  10^/10

  persistenceupx

  • Modifies WinLogon for persistence

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  behavioral1behavioral2

• • Target

    [email protected]

  • Size

    53KB

  • MD5

    6536b10e5a713803d034c607d2de19e3

  • SHA1

    a6000c05f565a36d2250bdab2ce78f505ca624b7

  • SHA256

    775ba68597507cf3c24663f5016d257446abeb66627f20f8f832c0860cad84de

  • SHA512

    61727cf0b150aad6965b4f118f33fd43600fb23dde5f0a3e780cc9998dfcc038b7542bfae9043ce28fb08d613c2a91ff9166f28a2a449d0e3253adc2cb110018

  • SSDEEP

    1536:ynqAKryDLrASOcRw52sjzIUK7RkYrJ2lrKX:SNdMT8Z8cX

  Score

  6^/10

  persistence

  • Adds Run key to start application

    persistence
  behavioral3behavioral4

• • Target

    [email protected]

  • Size

    484KB

  • MD5

    0a7b70efba0aa93d4bc0857b87ac2fcb

  • SHA1

    01a6c963b2f5f36ff21a1043587dcf921ae5f5cd

  • SHA256

    4f5bff64160044d9a769ab277ff85ba954e2a2e182c6da4d0672790cf1d48309

  • SHA512

    2033f9637b8d023242c93f54c140dd561592a3380a15a9fdc8ebfa33385ff4fc569d66c846a01b4ac005f0521b3c219e87f4b1ed2a83557f9d95fa066ad25e14

  • SSDEEP

    6144:lqHKx3YCgy8HmmjJpnVhvLqCO3bLinIz1wASx:lqHoyHNj/nVhvLcyII

  Score

  7^/10

  • Drops startup file

  behavioral5behavioral6

• • Target

    [email protected]

  • Size

    461KB

  • MD5

    c954b69e480950ad8f138bf8848c562c

  • SHA1

    207c3f932d8ac66bc10e090a97c02ac07dbb68fa

  • SHA256

    2f4bd27bffe3a5d1f541f1ee682d060316a0043312b35f18dfe5137efe8d7680

  • SHA512

    e8bbce74a647939337df72c3ab29c320aeef2b6f0214d68768bc7da8262a978e6ed54f7b1aefadb394abc85518757acf8e8633a145c39cb3f712adf8561aeaa9

  • SSDEEP

    12288:B3ITun1mejo8Hg+D3qn/SDoHD4TjuJZ8zmjlwFSH:yyn/0TOlGkOu2r

  Score

  1^/10
  behavioral7behavioral8

• • Target

    [email protected]

  • Size

    239KB

  • MD5

    2f8f6e90ca211d7ef5f6cf3c995a40e7

  • SHA1

    f8940f280c81273b11a20d4bfb43715155f6e122

  • SHA256

    1f5a26f24a2bfdd301008f0cc51a6c3762f41b926f974c814f1ecaa4cb28e5e6

  • SHA512

    2b38475550edee5519e33bd18fea510ad73345a27c20f6457710498d34e3d0cf05b0f96f32d018e7dc154a6f2232ea7e3145fd0ed5fb498f9e4702a4be1bb9c8

  • SSDEEP

    3072:r/3qftCdbSFtY8Zf8pOk0rHitNWIekbnfFPsr24Cv/Eng9m3ihlCeKH6Fb6aX3WA:WoI/rC0k7ar68nimCYHe3qZr0SlC

  Score

  1^/10
  behavioral10behavioral9

• • Target

    [email protected]

  • Size

    190KB

  • MD5

    248aadd395ffa7ffb1670392a9398454

  • SHA1

    c53c140bbdeb556fca33bc7f9b2e44e9061ea3e5

  • SHA256

    51290129cccca38c6e3b4444d0dfb8d848c8f3fc2e5291fc0d219fd642530adc

  • SHA512

    582b917864903252731c3d0dff536d7b1e44541ee866dc20e0341cbee5450f2f0ff4d82e1eee75f770e4dad9d8b9270ab5664ffedfe21d1ad2bd7fe6bc42cf0e

  • SSDEEP

    3072:15TDpNFVbxDSXJFFGhcBR1WLZ37p73G8Wn7GlDOg+ELqdSxo5XtIZjnvxRJgghaR:157TcfFPB6B3GL7g+me5aZjn5VlI9T/

  Score

  7^/10

  persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral11behavioral12

• • Target

    [email protected]

  • Size

    396KB

  • MD5

    13f4b868603cf0dd6c32702d1bd858c9

  • SHA1

    a595ab75e134f5616679be5f11deefdfaae1de15

  • SHA256

    cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7

  • SHA512

    e0d7a81c9cdd15a4ef7c8a9492fffb2c520b28cebc54a139e1bffa5c523cf17dfb9ffe57188cf8843d74479df402306f4f0ce9fc09d87c7cca92aea287e5ff24

  • SSDEEP

    12288:jANwRo+mv8QD4+0V16nkFkkk2kyW9EArjaccoH0qzh4:jAT8QE+kHW9EAr+fr4i

  Score

  7^/10

  discoverypersistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral13behavioral14

• • Target

    [email protected]

  • Size

    48KB

  • MD5

    21943d72b0f4c2b42f242ac2d3de784c

  • SHA1

    c887b9d92c026a69217ca550568909609eec1c39

  • SHA256

    2d047b0a46be4da59d375f71cfbd578ce1fbf77955d0bb149f6be5b9e4552180

  • SHA512

    04c9fa8358944d01b5fd0b6d5da2669df4c54fe79c58e7987c16bea56c114394173b6e8a6ac54cd4acd081fcbc66103ea6514c616363ba8d212db13b301034d8

  • SSDEEP

    768:xE09MOEzWGoOIx2qCZVZmj+Wg5VK2LDakrDZ5yS/wwHA49kszNAY1XKoJc4P1:t7w73bUNMMkrDry+6Ut

  Score

  7^/10

  persistenceupx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence
  behavioral15behavioral16

• • Target

    [email protected]

  • Size

    1.9MB

  • MD5

    cb02c0438f3f4ddabce36f8a26b0b961

  • SHA1

    48c4fcb17e93b74030415996c0ec5c57b830ea53

  • SHA256

    64677f7767d6e791341b2eac7b43df90d39d9bdf26d21358578d2d38037e2c32

  • SHA512

    373f91981832cd9a1ff0b8744b43c7574b72971b5b6b19ea1f4665b6c878f7a1c7834ac08b92e0eca299eb4b590bf10f48a0485350a77a5f85fc3d2dd6913db3

  • SSDEEP

    49152:p/VoMTzwF77l0VqmuTefhLTtk31XyXb9:ptoMTzwVmq3ettk31ob9

  Score

  1^/10
  behavioral17behavioral18

• • Target

    [email protected]

  • Size

    378KB

  • MD5

    c718a1cbf0e13674714c66694be02421

  • SHA1

    001d5370d3a7ee48db6caaecb1c213b5dfdf8e65

  • SHA256

    cde188d6c4d6e64d6abfdea1e113314f9cdf9417bca36eb7201e6b766e5f5a7f

  • SHA512

    ba0ddff47b618740dfcb63024435c36d895889dd3cf6b4559969283ba8100e8063f5c7767e56dfab67a2b5c96e4ae22e141e5b09e81be5cec9aa7ca7827b4b8a

  • SSDEEP

    1536:IM64RFcdoYicOWtlo4yJDsE4KmtZxq3/1d+DSaumOY6eeLnAGTpZspibfaSuOypE:IMJkoY9lpoaKm2vacPESu/wK3+

  Score

  10^/10

  evasiontrojan

  • UAC bypass

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks whether UAC is enabled

    evasiontrojan
  behavioral19behavioral20

• • Target

    [email protected]

  • Size

    6.1MB

  • MD5

    04155ed507699b4e37532e8371192c0b

  • SHA1

    a14107131237dbb0df750e74281c462a2ea61016

  • SHA256

    b6371644b93b9d3b9b32b2f13f8265f9c23ddecc1e9c5a0291bbf98aa0fc3b77

  • SHA512

    6de59ebbc9b96c8a19d530caa13aa8129531ebd14b3b6c6bbb758426b59ed5ab12483bfa232d853af2e661021231b4b3fcc6c53e187eeba38fa523f673115371

  • SSDEEP

    98304:hvOOFJ+Z8eAgy7SH9s76RSvyqJOBgECfMfYv+85JH0DVczt8A:hvOOFJ+ggr9s76R+wcMAv+IHCczt8

  Score

  10^/10

  bootkitdiscoveryevasionpersistencetrojanspywarestealer

  • UAC bypass

    evasiontrojan

  • Checks for common network interception software

    Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    evasion

  • Enumerates VirtualBox registry keys

    evasion

  • Blocks application from running via registry modification

    Adds application to list of disallowed applications.

    evasion

  • Drops file in Drivers directory

  • Sets file execution options in registry

    persistence

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Adds Run key to start application

    persistence

  • Checks for any installed AV software in registry

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  behavioral21behavioral22

• • Target

    [email protected]

  • Size

    762KB

  • MD5

    7734f0e56da17e9a5940fd782d739f9b

  • SHA1

    4dfae67e40be6c4c83191ea0cf8d1b28afba884c

  • SHA256

    8855299560183b57556d9714a2b958cdc6190fcdfb270633da2a47dfeee20015

  • SHA512

    53d07938bafbcb9524cdba6d25e09fcdae128a83718ab686374f0526730e2e6380f60e3bf951601e48f6f8e64563c484ddd8baf9be2878a5ad393817028a9632

  • SSDEEP

    12288:QFQBbdVT8tOkTAoJ/z4VXKSjUSQny+uuCj6rIuIenGgOqbzxpx+13tarWIp927q5:QOBbdVT8tOcJ/z4V5USQnypu26rweGgv

  Score

  1^/10
  behavioral23behavioral24

• • Target

    [email protected]

  • Size

    1.1MB

  • MD5

    2eb3ce80b26345bd139f7378330b19c1

  • SHA1

    10122bd8dd749e20c132d108d176794f140242b0

  • SHA256

    8abed3ea04d52c42bdd6c9169c59212a7d8c649c12006b8278eda5aa91154cd2

  • SHA512

    e3223cd07d59cd97893304a3632b3a66fd91635848160c33011c103cca2badbfe9b78fe258666b634e455872f3a98889ede5a425d8fae91cae6983da1ea1190a

  • SSDEEP

    24576:pXhZgPlmWcA4Te9+g6+lET/+xRXKRwFSmjTGIWrwg:xInpSe99pCkRXKRMdGIWrN

  Score

  7^/10

  persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral25behavioral26

• • Target

    [email protected]

  • Size

    414KB

  • MD5

    d0deb2644c9435ea701e88537787ea6e

  • SHA1

    866e47ecd80da89c4f56557659027a3aee897132

  • SHA256

    ad6cd46f373aadad85fab5ecdb4cb4ad7ebd0cbe44c84db5d2a2ee1b54eb5ec3

  • SHA512

    6faac2e1003290bb3a0613ee84d5c76d3c48a4524e97975e9174d6fcfb5a6a48d6648b06ed5a4c10c3349f70efffc6a08a185fdeb0824250ae044b96ef39fcdf

  • SSDEEP

    6144:BCoFAtv2DDWANPG4F0vwDsl6JEFiGUHzAB4lTa7tKzWNYRbvhLWxsqgyn:koOv2D60PLyvaJTT9Za7kziYD69g

  Score

  7^/10

  persistence

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral27behavioral28

• • Target

    Endermanch@NavaShield(1).exe

  • Size

    9.7MB

  • MD5

    1f13396fa59d38ebe76ccc587ccb11bb

  • SHA1

    867adb3076c0d335b9bfa64594ef37a7e2c951ff

  • SHA256

    83ecb875f87150a88f4c3d496eb3cb5388cd8bafdff4879884ececdbd1896e1d

  • SHA512

    82ca2c781bdaa6980f365d1eedb0af5ac5a80842f6edc28a23a5b9ea7b6feec5cd37d54bd08d9281c9ca534ed0047e1e234873b06c7d2b6fe23a7b88a4394fdc

  • SSDEEP

    196608:CtbTP1ErBwMQjd1YTHdmpCP2PVgP/acIE/xQ0zyZejVk+YzbRdTZ:C1E1+dYx6OP9hdyZwV4zd

  Score

  3^/10
  behavioral29behavioral30

• • Target

    [email protected]

  • Size

    9.7MB

  • MD5

    1f13396fa59d38ebe76ccc587ccb11bb

  • SHA1

    867adb3076c0d335b9bfa64594ef37a7e2c951ff

  • SHA256

    83ecb875f87150a88f4c3d496eb3cb5388cd8bafdff4879884ececdbd1896e1d

  • SHA512

    82ca2c781bdaa6980f365d1eedb0af5ac5a80842f6edc28a23a5b9ea7b6feec5cd37d54bd08d9281c9ca534ed0047e1e234873b06c7d2b6fe23a7b88a4394fdc

  • SSDEEP

    196608:CtbTP1ErBwMQjd1YTHdmpCP2PVgP/acIE/xQ0zyZejVk+YzbRdTZ:C1E1+dYx6OP9hdyZwV4zd

  Score

  3^/10
  behavioral31behavioral32