LONPC1001_2023-08-04_17_00_42[.]151[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

LONPC1001_2023-08-04_17_00_42.151.zip
Size

1.4MB
MD5

6d7302aa22aa1c315c0bbff49e2043ea
SHA1

fc5e75d9f838d39ffab4b62c521791c748c3cd9d
SHA256

8d916b4b7d274a76ce64923bf5bced786bca9d4297be22262f90ad80e24fdf06
SHA512

c90a962827d4c31ceffbe060c1bef830a66a43ff3d8d2706549c517bd09c3d35e46d3479f273c4da8dea515a6e76f00087ff2e6a64e640962fde4c5c3077d98b
SSDEEP

24576:JBBGTAvTA8LIvo6h0ScNy+unD7zL59RZB6T3H9fM99gJ+boHlvVpqFJWbF7+fa8X:JBBGTYJIQa6ylHL59Rz6T3H9ks9HlvL+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume4/PROGRAM FILES (X86)/OpenVPN Connect/agent_ovpnconnect_1687794739827.exe

Files

LONPC1001_2023-08-04_17_00_42.151.zip
.zip

Password: Infected123!
Device/HarddiskVolume4/PROGRAM FILES (X86)/OpenVPN Connect/agent_ovpnconnect_1687794739827.exe
.exe windows x86

Password: Infected123!

d9914740522c254d48426cf5520db06a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

fwpuclnt

FwpmFilterAdd0
FwpmEngineOpen0
FwpmEngineClose0
FwpmGetAppIdFromFileName0
FwpmFreeMemory0
FwpmSubLayerAdd0

ws2_32

htonl
bind
getpeername
getsockopt
closesocket
getservbyport
htons
socket
connect
send
recv
getservbyname
listen
gethostbyaddr
inet_ntoa
inet_addr
gethostbyname
select
inet_pton
WSAStringToAddressW
WSAAddressToStringW
WSASocketW
WSASend
WSARecv
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
shutdown
setsockopt
ntohs
ntohl
ioctlsocket

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

iphlpapi

ConvertInterfaceAliasToLuid
IpReleaseAddress
GetAdaptersInfo
FreeMibTable
GetBestInterfaceEx
GetInterfaceInfo
GetIpForwardTable
ConvertInterfaceIndexToLuid
FlushIpNetTable2
GetIpForwardTable2
GetBestRoute2
DeleteIpForwardEntry2
CreateIpForwardEntry2
GetIpInterfaceEntry
GetAdapterIndex
IpRenewAddress

user32

MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegCloseKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorA
StartServiceA
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
CloseServiceHandle
ChangeServiceConfig2A
RegGetValueA
RegDeleteTreeA
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegCreateKeyA
RegOpenCurrentUser
GetSecurityDescriptorDacl
GetUserNameA
FreeSid
EqualSid
DuplicateToken
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
SetThreadToken
ImpersonateNamedPipeClient
GetTokenInformation
ImpersonateLoggedOnUser
ImpersonateSelf
RevertToSelf
LookupPrivilegeValueA

wininet

InternetSetOptionA

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

rpcrt4

UuidCreate

wtsapi32

WTSQueryUserToken

setupapi

CM_Get_Device_Interface_List_SizeA
CM_Get_Device_Interface_ListA
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsExA

mswsock

GetAcceptExSockaddrs
AcceptEx

bcrypt

BCryptGenRandom

kernel32

LoadLibraryExW
GetModuleHandleExW
RtlUnwind
WriteConsoleW
CreateThread
ExitThread
FreeLibraryAndExitThread
SetConsoleCtrlHandler
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringW
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
SetFilePointerEx
GetFileSizeEx
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameW
FindFirstFileExW
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
SetEvent
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
DecodePointer
EncodePointer
VerSetConditionMask
CreateFileA
CreateFileW
ReadFile
SetFilePointer
WriteFile
CloseHandle
DuplicateHandle
SetHandleInformation
GetLastError
SetLastError
CreatePipe
ConnectNamedPipe
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
DeviceIoControl
CancelIoEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEndOfFile
WaitForSingleObject
SleepEx
CreateEventA
CreateEventW
SetWaitableTimer
Sleep
WaitForMultipleObjects
QueueUserAPC
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
OpenProcess
GetTickCount64
MapViewOfFile
UnmapViewOfFile
UnregisterWaitEx
GetModuleFileNameW
LocalFree
FormatMessageA
CreateWaitableTimerA
QueryFullProcessImageNameW
CreateNamedPipeA
GetNamedPipeClientProcessId
GetNamedPipeServerProcessId
RegisterWaitForSingleObject
VerifyVersionInfoA
VerifyVersionInfoW
WTSGetActiveConsoleSessionId
MultiByteToWideChar
WideCharToMultiByte
GetOEMCP
CreateToolhelp32Snapshot
Process32First
Process32Next
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
GetEnvironmentVariableW
GetACP
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualFree
GetStdHandle
GetFileType
GetModuleHandleW
FindClose
FindFirstFileW
FindNextFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
RaiseException
WaitForSingleObjectEx
GetExitCodeThread
InitializeCriticalSectionEx
TryEnterCriticalSection
GetStringTypeW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 614KB - Virtual size: 613KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: Infected123!

Password: Infected123!

d9914740522c254d48426cf5520db06a

Headers

DLL Characteristics

File Characteristics

Imports

fwpuclnt

ws2_32

crypt32

iphlpapi

user32

advapi32

wininet

shell32

ole32

rpcrt4

wtsapi32

setupapi

mswsock

bcrypt

kernel32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 614KB - Virtual size: 613KB

.data Size: 22KB - Virtual size: 32KB

.reloc Size: 107KB - Virtual size: 107KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 614KB - Virtual size: 613KB

.data
Size: 22KB - Virtual size: 32KB

.reloc
Size: 107KB - Virtual size: 107KB