payload[.]exe | Triage

Resubmissions

24-08-2023 06:56

230824-hqr42acb7y 1

Sharing

Copy URL

Twitter E-mail

General

Target

payload.exe
Size

35.5MB
MD5

21676a484b39ce5d89e4898b796127bb
SHA1

ac4c45c043da415fa78ef3e888fd4d29022fd62a
SHA256

e3bb8aaf159b8155e9dc65eda4e2c06b28d70d6e8f60434b22e168a50558d1f0
SHA512

7e4ba308a24872929e72c8bd31deac96b68651c8bc5e896c27dd5df4c89594248489055f8c9f189404212d76a26a59ec51d140f08bc2dca5cf84f1b8bf2e80bf
SSDEEP

49152:xMY6ocrwFLLPggmipn4JTO13CFisbGeif:+YMEFH7tpn247df

Score

1^/10

Malware Config

Signatures

Files

payload.exe
.exe windows x86

9e55a946dab1c6794f47311417c2ae11

Code Sign

10:f1:6d:27:fb:a3:4d:82:4d:e5:aa:91:56:7d:3d:4e
Certificate

Issuer

CN=Spotify Ltd.

Not Before

14-06-2023 18:23

Not After

14-06-2024 18:43

Subject

CN=Spotify Ltd.

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31-05-2021 06:43

Not After

17-09-2029 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28-07-2022 08:56

Not After

27-07-2033 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:f1:6d:27:fb:a3:4d:82:4d:e5:aa:91:56:7d:3d:4e
Certificate

Issuer

CN=Spotify Ltd.

Not Before

14-06-2023 18:23

Not After

14-06-2024 18:43

Subject

CN=Spotify Ltd.

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28-07-2022 08:56

Not After

27-07-2033 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31-05-2021 06:43

Not After

17-09-2029 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:42:26:70:57:c5:25:0a:50:2f:c2:52:da:d0:8e:8a:9a:8c:6a:f7:e9:33:16:a5:29:01:1f:0c:00:bc:d9:06
Signer

Actual PE Digest

3a:42:26:70:57:c5:25:0a:50:2f:c2:52:da:d0:8e:8a:9a:8c:6a:f7:e9:33:16:a5:29:01:1f:0c:00:bc:d9:06

Digest Algorithm

sha256

PE Digest Matches

true

cc:77:46:ec:ef:22:58:a8:25:43:97:4d:a6:0d:55:24:54:22:b5:5a
Signer

Actual PE Digest

cc:77:46:ec:ef:22:58:a8:25:43:97:4d:a6:0d:55:24:54:22:b5:5a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
VirtualAlloc
VirtualFree

user32

MessageBoxW

pdh

PdhCloseQuery

iphlpapi

FreeMibTable

netapi32

NetUserEnum

secur32

DeleteSecurityContext

shell32

ShellExecuteExW

advapi32

AllocateAndInitializeSid

ole32

CoUninitialize

ws2_32

WSASocketW

ntdll

RtlNtStatusToDosError

bcrypt

BCryptGenRandom

crypt32

CertEnumCertificatesInStore

powrprof

CallNtPowerInformation

oleaut32

SysAllocString

psapi

GetPerformanceInfo

Sections

BiGQXYwg
Size: - Virtual size: 844KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

8442yMVX
Size: - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0vhDQVX0
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

23yhFPUX
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

9e55a946dab1c6794f47311417c2ae11

Code Sign

10:f1:6d:27:fb:a3:4d:82:4d:e5:aa:91:56:7d:3d:4eCertificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

10:f1:6d:27:fb:a3:4d:82:4d:e5:aa:91:56:7d:3d:4eCertificate

Extended Key Usages

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

3a:42:26:70:57:c5:25:0a:50:2f:c2:52:da:d0:8e:8a:9a:8c:6a:f7:e9:33:16:a5:29:01:1f:0c:00:bc:d9:06Signer

cc:77:46:ec:ef:22:58:a8:25:43:97:4d:a6:0d:55:24:54:22:b5:5aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

pdh

iphlpapi

netapi32

secur32

shell32

advapi32

ole32

ws2_32

ntdll

bcrypt

crypt32

powrprof

oleaut32

psapi

Sections

BiGQXYwg Size: - Virtual size: 844KB

8442yMVX Size: - Virtual size: 420KB

0vhDQVX0 Size: 16KB - Virtual size: 20KB

23yhFPUX Size: 1.6MB - Virtual size: 1.6MB

10:f1:6d:27:fb:a3:4d:82:4d:e5:aa:91:56:7d:3d:4e
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

10:f1:6d:27:fb:a3:4d:82:4d:e5:aa:91:56:7d:3d:4e
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

3a:42:26:70:57:c5:25:0a:50:2f:c2:52:da:d0:8e:8a:9a:8c:6a:f7:e9:33:16:a5:29:01:1f:0c:00:bc:d9:06
Signer

cc:77:46:ec:ef:22:58:a8:25:43:97:4d:a6:0d:55:24:54:22:b5:5a
Signer

BiGQXYwg
Size: - Virtual size: 844KB

8442yMVX
Size: - Virtual size: 420KB

0vhDQVX0
Size: 16KB - Virtual size: 20KB

23yhFPUX
Size: 1.6MB - Virtual size: 1.6MB