amadey | dd54a92b38dfab67e6832962c6aef8a4272bf7989c97a554f438dd0e92f34b1f

Resubmissions

17-08-2023 05:42

230817-gd99eafd82 10

Sharing

Copy URL

Twitter E-mail

General

Target

2023-03-31.zip
Size

195.7MB
Sample

230817-gd99eafd82
MD5

79d6e199a0633af6b40ddc3beb286d42
SHA1

78478d850bb087d417d2e4e59f36f0041f5f4ffa
SHA256

dd54a92b38dfab67e6832962c6aef8a4272bf7989c97a554f438dd0e92f34b1f
SHA512

63adb14045d5f4c527c687662252ba535fe76fdbdb567ddec96ba85d0b48ea771c8cc1cce7cfea62f6f72d49c6da8747e14de21faba07bb715ef7cf37dfa0fda
SSDEEP

6291456:kITrRt5tiZLXrBTe1QTzYLtvB2t4fQfLK49:tfRn0lXBe1KgtvB2tAUuE

Score

10^/10

Malware Config

Extracted

Family

mirai

Botnet

WICKED

Extracted

Family

mirai

bruh123.hopto.org

Extracted

Family

njrat

Version

im523

Botnet

stray

eur-mambo.at.ply.gg:21834

Mutex

3f3b32067a957367c286d896ac802270

Attributes

reg_key
3f3b32067a957367c286d896ac802270
splitter
|'|'|

Extracted

Family

mirai

Botnet

WICKED

Extracted

Family

mirai

Botnet

WICKED

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

amadey

Version

3.69

193.233.20.29/games/category/index.php

Extracted

Family

socelars

https://hdbywe.s3.us-west-2.amazonaws.com/dfgg320/

Extracted

Family

asyncrat

Version

AsyncRAT

Botnet

New

websites.vpndns.net:112

Mutex

AsyncMutex_5552

Attributes

delay
3
install
true
install_file
svchost.exe
install_folder
%AppData%

aes.plain

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

bruh123.hopto.org

Extracted

Family

gafgyt

5.249.162.136:4258

161.35.25.184:9034

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

cisco5319.ddns.net:1177

Mutex

22d454c9d4a86e192f7a5423970a5c83

Attributes

reg_key
22d454c9d4a86e192f7a5423970a5c83
splitter
|'|'|

Extracted

Family

njrat

Version

0.7d

Botnet

CrossFire

audiodgx.hopto.org:5552

Mutex

19cb0d51f6ccd969c2d64e6b68b1fc01

Attributes

reg_key
19cb0d51f6ccd969c2d64e6b68b1fc01
splitter
|'|'|

Extracted

Family

mirai

bruh123.hopto.org

Extracted

Family

mirai

Botnet

BOTNET

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

study-silly.at.ply.gg:42876

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Extracted

Family

purecrypter

http://192.3.215.60/uo7/Zkbscbhcbcv.png

Extracted

Family

mirai

Botnet

WICKED

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

bruh123.hopto.org

Extracted

Family

mirai

Botnet

WICKED

Extracted

Family

mirai

Botnet

WICKED

Targets

- Target
  
  2023-03-31.zip
- Size
  
  195.7MB
- MD5
  
  79d6e199a0633af6b40ddc3beb286d42
- SHA1
  
  78478d850bb087d417d2e4e59f36f0041f5f4ffa
- SHA256
  
  dd54a92b38dfab67e6832962c6aef8a4272bf7989c97a554f438dd0e92f34b1f
- SHA512
  
  63adb14045d5f4c527c687662252ba535fe76fdbdb567ddec96ba85d0b48ea771c8cc1cce7cfea62f6f72d49c6da8747e14de21faba07bb715ef7cf37dfa0fda
- SSDEEP
  
  6291456:kITrRt5tiZLXrBTe1QTzYLtvB2t4fQfLK49:tfRn0lXBe1KgtvB2tAUuE
Score

6^/10
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

wickedratupxstraylzrdnewhackedcrossfirebotnetmiraidcratnjratamadeysocelarsasyncratgafgytpurecrypterneshta

Score

10^/10

behavioral1

Score

6^/10

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Process spawned suspicious child process

MITRE ATT&CK Matrix

Tasks

static1

behavioral1