General
-
Target
The-MALWARE-Repo-master (1).zip
-
Size
176.8MB
-
Sample
231111-qy2mfagh35
-
MD5
b31f3d38e268e0c03d630431a3d38801
-
SHA1
21d4f39a170884ce88365e63538f90c6a8b8c75e
-
SHA256
f98738570d8c66e4c87bdec0d6d9ccb5f7de0421cc734e1af55664e6bf446f46
-
SHA512
5a11c2eecaf02bd9beb1d84b29082b3313ff6e12653f0e3dc6017aab77416bf7dbe74fa1b6ff57d9e8aac2a9e3e7c7085bae566ecd3139de6544095f9ea295a7
-
SSDEEP
3145728:6Nl3J2s1Y0Sh2olHfuRS35ZyCQeDiilgJchdcL/RgChRQEa4Et9i+SRkex:6Nl3J2B2o9WS3LDiilbWLZgiEtknRjx
Malware Config
Extracted
njrat
0.7d
Geforce
startitit2-23969.portmap.host:1604
b9584a316aeb9ca9b31edd4db18381f5
-
reg_key
b9584a316aeb9ca9b31edd4db18381f5
-
splitter
Y262SUCZ4UJJ
Extracted
remcos
1.7 Pro
Host
nickman12-46565.portmap.io:46565
nickman12-46565.portmap.io:1735
-
audio_folder
audio
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
5
-
copy_file
Userdata.exe
-
copy_folder
Userdata
-
delete_file
true
-
hide_file
true
-
hide_keylog_file
true
-
install_flag
true
-
install_path
%WinDir%\System32
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%WinDir%\System32
-
mouse_option
false
-
mutex
remcos_vcexssuhap
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screens
-
screenshot_path
%AppData%
-
screenshot_time
1
-
startup_value
remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Extracted
revengerat
Guest
0.tcp.ngrok.io:19521
RV_MUTEX
Extracted
danabot
51.178.195.151
51.222.39.81
149.255.35.125
38.68.50.179
51.77.7.204
Extracted
https://erpoweredent.at/3/zte.dll
Targets
-
-
Target
The-MALWARE-Repo-master/Banking-Malware/DanaBot.exe
-
Size
2.7MB
-
MD5
48d8f7bbb500af66baa765279ce58045
-
SHA1
2cdb5fdeee4e9c7bd2e5f744150521963487eb71
-
SHA256
db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1
-
SHA512
aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd
-
SSDEEP
49152:bbevayZlMTWkygVy0nQZfVY2BtZzpPL4PuQ65+6Dv7m0KXTn:bbexZlMQcEVY2BtZzpPL4WQI9U
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
-
-
Target
The-MALWARE-Repo-master/Banking-Malware/Dridex/Dridex.JhiSharp.dll.9d75ff0e9447ceb89c90cca24a1dbec1
-
Size
148KB
-
MD5
9d75ff0e9447ceb89c90cca24a1dbec1
-
SHA1
ebae1054d69619e9e70c9b2e806edb9000d7feb9
-
SHA256
f2b33edb7efa853eb7f11cb8259243238e220fdc0bfc6987835ba1b12c4af1eb
-
SHA512
6df94dbe3681c1cb572d63e54a6753b3bae7075b86507f33f152795c6e61f1feac6742986d7c72a2834f28c85d0a1890bb31b5888b98b29754300dceb63e210d
-
SSDEEP
1536:t1hWmKdZ9WmQTt+6KK2Ml+dZyx6wVIWiwiuvro1d2C91q5nYaY4vV4KBmX:t1hYZQtTt+02G+dHgMuzWZ1qISVkX
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Deletes itself
-
-
-
Target
The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexDroppedVBS.925da3a10f7dde802c8d87047b14fda6
-
Size
140KB
-
MD5
925da3a10f7dde802c8d87047b14fda6
-
SHA1
1fc59fbf692f690b9fe82cfafc9dcbd5aac31a68
-
SHA256
c94fe7b646b681ac85756b4ce7f85f4745a7b505f1a2215ba8b58375238bad10
-
SHA512
82588188de13f34cd751da7409f780c4fc5814da780fe8cad1fa73370414fb24b9822fc56f1f162d0db4a5c27159c225bc4d4fb061a87cb3c0d89b067353a478
-
SSDEEP
3072:X9z9zjy6WEba5uuoLPhiVF3NT5nNpytoQE:X9J9gu0td5nN4
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Deletes itself
-
-
-
Target
The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexLoader.bin.exe.c26203af4b3e9c81a9e634178b603601
-
Size
212KB
-
MD5
c26203af4b3e9c81a9e634178b603601
-
SHA1
5e41cbc4d7a1afdf05f441086c2caf45a44bac9e
-
SHA256
7b8fc6e62ef39770587a056af9709cb38f052aad5d815f808346494b7a3d00c5
-
SHA512
bb5aeb995d7b9b2b532812be0da4644db5f3d22635c37d7154ba39691f3561da574597618e7359b9a45b3bb906ec0b8b0104cbc05689455c952e995759e188b6
-
SSDEEP
3072:Te8LOIa22GwayjbzJ4xgAW8NeN00w7Aoalm2HdTStgjuPaMe+H9tJA:iUOIa2sZjPJJQiw4igjAL
Score7/10-
Deletes itself
-
-
-
Target
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A. dbf96ab40b728c12951d317642fbd9da
-
Size
132KB
-
MD5
dbf96ab40b728c12951d317642fbd9da
-
SHA1
38687e06f4f66a6a661b94aaf4e73d0012dfb8e3
-
SHA256
daab430bb5771eaa7af0fbd3417604e8af5f4693099a6393a4dc3b440863bced
-
SHA512
a49cc96651d01da5d6cbb833df36b7987eafb4f09cc9c516c10d0d812002d06ae8edee4e7256c84e300dc2eadad90f7bb37c797bccdee4bad16fcaf88277b381
-
SSDEEP
3072:uItv1YJOQnVc2pEANuoUeyCx9CC5O86BJaoqsf:xrr2pEANuXCx9Jd6c
Score7/10-
Deletes itself
-
-
-
Target
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.6164228ed2cc0eceba9ce1828d87d827
-
Size
152KB
-
MD5
6164228ed2cc0eceba9ce1828d87d827
-
SHA1
cea5bc473c948a78ce565b6e195e6e25f029c0c6
-
SHA256
7fa83f0588f0f50d0635313918137c05cb59aa672d842f864073aebb72c66195
-
SHA512
b53ac27397ce5453fa008d1a2e98f9f66be7d7f08375b92c88007544c09ab844d6c8eeceb2221c988e0a0d6ffc2a8a290e49715e3062a74bcd2310d41bffcc37
-
SSDEEP
3072:VqD/ri6AM4odK4J663POAQgG8rYKvh+5Nl:V0xlIBwPOA+8Zhu
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Deletes itself
-
-
-
Target
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.97a26d9e3598fea2e1715c6c77b645c2
-
Size
628KB
-
MD5
97a26d9e3598fea2e1715c6c77b645c2
-
SHA1
c4bf3a00c9223201aa11178d0f0b53c761a551c4
-
SHA256
e5df93c0fedca105218296cbfc083bdc535ca99862f10d21a179213203d6794f
-
SHA512
acfec633714f72bd5c39f16f10e39e88b5c1cf0adab7154891a383912852f92d3415b0b2d874a8f8f3166879e63796a8ed25ee750c6e4be09a4dddd8c849920c
-
SSDEEP
12288:2oXYZawPO7urFw4HLLDOeLSwg4ULeHOuCqA8:2oXYFIuh5HjhSwiJ8
Score7/10-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
The-MALWARE-Repo-master/Banking-Malware/Zloader.xlsm
-
Size
93KB
-
MD5
b36a0543b28f4ad61d0f64b729b2511b
-
SHA1
bf62dc338b1dd50a3f7410371bc3f2206350ebea
-
SHA256
90c03a8ca35c33aad5e77488625598da6deeb08794e6efc9f1ddbe486df33e0c
-
SHA512
cf691e088f9852a3850ee458ef56406ead4aea539a46f8f90eb8e300bc06612a66dfa6c9dee8dcb801e7edf7fb4ed35226a5684f4164eaad073b9511189af037
-
SSDEEP
1536:0sqG3SkDNIVXnR8TeYSSkCXgN+Uu+j6XJaRqWD/0ACKNONUhfy:0sNrxWXnCjiubXKD/EQA
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859
-
Size
8.7MB
-
MD5
799c965e0a5a132ec2263d5fea0b0e1c
-
SHA1
a15c5a706122fabdef1989c893c72c6530fedcb4
-
SHA256
001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859
-
SHA512
6c481a855ee6f81dd388c8a4623e519bfbb9f496dada93672360f0a7476fb2b32fd261324156fd4729cef3cbe13f0a8b5862fe47b6db1860d0d67a77283b5ad8
-
SSDEEP
98304:VqGMOLT5E2Dy8Ji6LrDl3bTMsEplZ1GW5w+Aw:wGMOLTmaHjLXl3bTMsEpf1x5
Score8/10-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes itself
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/041bc20ca8ac3161098cbc976e67e3c0f1b672ad36ecbe22fd21cbd53bcaa742
-
Size
8.7MB
-
MD5
76fe4fdd628218f630ba50f91ceba852
-
SHA1
6e90f2fe619597115e5b8dd8b0d1fb0c8ad33fa4
-
SHA256
041bc20ca8ac3161098cbc976e67e3c0f1b672ad36ecbe22fd21cbd53bcaa742
-
SHA512
7956505ae0d8479a92ddf97bb09a757566ef526934ee06b4273f0fc450e4da9204808ffa4f4674f4e6e313eb718a7c65f258ef8d23b9769b8aa12d47610d8011
-
SSDEEP
98304:f27or8Dynb9c4EHv9/fW/NQXPvTCaedHuaJE3fSdCnKg27Xk:f27or8DyO4UnwQfvTCXdHua4No
Score1/10 -
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/0ab8836efcaa62c7daac314e0b7ab1679319b2901578fd9e95ec3476b4c1a732
-
Size
8.7MB
-
MD5
0263de27fd997a4904ee4a92f91ac733
-
SHA1
da090fd76b2d92320cf7e55666bb5bd8f50796c9
-
SHA256
0ab8836efcaa62c7daac314e0b7ab1679319b2901578fd9e95ec3476b4c1a732
-
SHA512
09ef02532eb7c3a968c1d04bf1f3aa9a4bf400f8485d3be596d7db3aed5f705fc1f85a1f6218397a70830ad747aa03c61b9c5b1cca24c2620cdbb3e5361db194
-
SSDEEP
98304:bKwGam/zeDrZCDcryHlc5Qp+FLk0h6u9SrS2D8t7Xk:bKwGam/z4C3FKQ8FLTh6u9S4
Score1/10 -
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046
-
Size
8.6MB
-
MD5
ae747bc7fff9bc23f06635ef60ea0e8d
-
SHA1
64315e834f67905ed4e47f36155362a78ac23462
-
SHA256
103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046
-
SHA512
e24914a58565a43883c27ae4a41061e8edd3d5eef7b86c1c0e9910d9fbe0eef3e78ed49136ac0c9378311e99901b1847bcfd926aa9a3ea44149a7478480f82b2
-
SSDEEP
98304:rDSceJ/GqDu6P0ypQ0Qv5knSTH20ejwBcHjI7Xk:rDSceJ/GqD18RZv5knS720e7s
Score8/10-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes itself
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/2378e76aba1ad6e0c937fb39989217bf0de616fdad4726c0f4233bf5414cde86
-
Size
8.7MB
-
MD5
9634c04c37f37122cb7b205d46f0b3f9
-
SHA1
ad07ccd67602fc0cce9d39cad59c5cf6ad596169
-
SHA256
021e2fc07fe81152d781bc07ab0131b76dd4d9ea2b7996e153d6d9dbdc0d78c9
-
SHA512
645c479c1b384feb41367a911cf204175aeb21c0d37e2fefec141dffead1e914ce7b5220a52a0487c4d9773fc3554db1dfa81c7a037e25737c1213406f71a36f
-
SSDEEP
98304:f/VrKprvLVtb8E0dD71puy219CZ2gTaRIinw+Aw:3VrKpjROndH1puy219CZ0qin
Score1/10 -
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/30c150419000d27dafcd5d00702411b2b23b0f5d7e4d0cc729a7d63b2e460a01
-
Size
8.6MB
-
MD5
7c8ee73802d78084413b092e7ac93170
-
SHA1
a0f87ffad4094b57a81b27eabbbb2e38059b8f15
-
SHA256
b92574b014cf56a5bd6438aa23366d536fb08317c39881552cd41db0a68fabbf
-
SHA512
b1288b49a76a3f964ef362c35d11ca779695f4f738cf44421252bfde0154103a6c585a550e1e701a25e82c670d631e7f86b8fbd2e1ed96b4a26ae63a476af77e
-
SSDEEP
98304:zhzrSexchXzhetD6nUFNwvR0AkWHe0IEvRihdF7XkW:dzrSexMzhetDWvRMWHe7E8zL
Score1/10 -
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/3205603282a636979a55aa1e1be518cd3adcbbe491745d996ceb4b5a4dece0c5
-
Size
8.7MB
-
MD5
8f0cb7af15afe40ed85f35e1b40b8f38
-
SHA1
525f97d6e7e3cbb611a1cf37e955c0656f4b3c06
-
SHA256
3205603282a636979a55aa1e1be518cd3adcbbe491745d996ceb4b5a4dece0c5
-
SHA512
bd9e97b4042d89e081eced5781149b0d8e28a6e9d35c2a449a21aee26765ed8eea560434ba5e9a897c4e4c89d7a2b8997e31ad4ac2202a940b8731a5f447170d
-
SSDEEP
98304:xFjhn+LznCFajBKs/Q1N4KGWISZOLor5lkFIGGw+Aw:Hjhn+HCS4s41N4KGWISZd5lrGG
Score8/10-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes itself
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619
-
Size
8.7MB
-
MD5
682ac123d740321e6ba04d82e8cc4ed8
-
SHA1
088a8c8c2b7f9db92ec0ae39e1dc77c8707d3895
-
SHA256
453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619
-
SHA512
26ddc0a1b91337de2314465f82f3a02ec478f32708fa91b7cdf75fc235eda7b3cf7c495616145dc29fc081ac4398cab5aac0d42978ea694fa183518533fcf4ad
-
SSDEEP
98304:i7ihKiuH4QpmHh/vN0SyDbQy5lZGJJRgOX5f4y+n47Xk:i7ihKiuH4QIha1PQaZGTRgOXxR
Score8/10-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes itself
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/5fb29fb0136978b9ccf60750af09cec74a257a0ca9c47159ca74dbba21fbcc59
-
Size
8.7MB
-
MD5
97cfb3c26a12e13792f7d1741309d767
-
SHA1
a010f85cdda9f83cbc738eb1b41cd621f3d6018e
-
SHA256
5fb29fb0136978b9ccf60750af09cec74a257a0ca9c47159ca74dbba21fbcc59
-
SHA512
162028b9e93bb4718427304a96767880da7094c99ae6145e61a562f09dae0ce6726b2dfac95782990f50fa9bfc9f82b1aacb9e7b12442094137872fa8a3f3379
-
SSDEEP
98304:yM1SkPCVk8rOmgYcGrr69gRQTI6xmiiLuSESStOAco7Xk:yM1SkPCVkIgcWAQ06xniLuSExR
Score1/10 -
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/6fe6808b9cfe654f526108ec61cb5211bb6601d28e192cadf06102073b54f69c
-
Size
8.7MB
-
MD5
3fe7b88a9ba6c5acee4faae760642b78
-
SHA1
bae245bc98c516604838c6ce5a233f066de44a50
-
SHA256
6fe6808b9cfe654f526108ec61cb5211bb6601d28e192cadf06102073b54f69c
-
SHA512
02abc8d4fe280306a9ac6a25d28cf174a8d51a43d98b6837bc129701d8c0ab486eebaeef11062b58c455627d4de7c8782b3828aa02891fe439ca1ca617038f95
-
SSDEEP
98304:g4K0/V2eKEDj+VK61qXXiQqwMwUa/f0OstejSUVv7Xk:g4K0/V2eKM+D4SQbMwX/f0Oskz
Score8/10-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes itself
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/7745b070943e910e8807e3521ac7b7a01401d131bf6c18a63433f8177ed539a6
-
Size
8.7MB
-
MD5
d4e533f9c11b5cc9e755d94c1315553a
-
SHA1
9e15020cd2688b537bae18e5f291ee8cbe9a85e7
-
SHA256
7745b070943e910e8807e3521ac7b7a01401d131bf6c18a63433f8177ed539a6
-
SHA512
149226355b2e5c3fac403289b5e66bd4164a7aee76d8dc8f1d698c509db7a081bad9d4172cc950bb0e6e6909e0073d551dcde82cbeaaf61a9c1b02c9ba48fb38
-
SSDEEP
98304:H27or8Dynb9c4EHv9/fW/NQXPvTCaedQuMBiHAUU4C7Xk:H27or8DyO4UnwQfvTCXdQuMoUj
Score8/10-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes itself
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/7f18e5b5b7645a80a0d44adf3fecdafcbf937bfe30a4cfb965a1421e034996dd
-
Size
8.7MB
-
MD5
592b229e691932b07067377fc10e1d69
-
SHA1
3c01012ff56ee1b13e921e8bc8f82b0ac23fd35c
-
SHA256
9d9e38e7e431d1fa80b46b76d1e4b06007dfd19e9a1fb6e3b053f71f61c01c94
-
SHA512
352da105a7222c086c70d15f0c0053b4e313ddc68d6e3a91531cc9cab04181a3065530353eb5c7d31053710e58963d98d21754111ef2605529b3cb220f2a9926
-
SSDEEP
98304:zbc+G4RTG1BxX7nvaGdfN0Iq4FehaOE3Ok7XkJ:zbc+G4RTCxXDSGdfN0Iq4FekjE
Score1/10 -
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/90b61cc77bb2d726219fd00ae2d0ecdf6f0fe7078529e87b7ec8e603008232d5
-
Size
8.7MB
-
MD5
100bff2f4ee4d88b005bb016daa04fe6
-
SHA1
36e5f8f70890601aa2adaffb203afd06516097f0
-
SHA256
90b61cc77bb2d726219fd00ae2d0ecdf6f0fe7078529e87b7ec8e603008232d5
-
SHA512
a1cb52bc6edaa7f8bb216d2a5f3deb0b8468c64b43931ef570c05e6a9872c63f00aff50d69686fdc2ea25d3d83da4bf9d78f5e6910643163570d0bd6279c6e16
-
SSDEEP
98304:wRINZeR9Zy031d3eDi2dZQT3/S1GVlOre53ziKZ7Xk:wRINZeR9Zx1CFDQD/SQVlOrKr
Score8/10-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes itself
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/9384b9e39334479194aacb53cb25ace289b6afe2e41bdc8619b2d2cae966b948
-
Size
8.6MB
-
MD5
4842d5cc29c97aa611fba5ca07b060a5
-
SHA1
f93772038406f28fa4ca1cfb23349193562414b2
-
SHA256
9384b9e39334479194aacb53cb25ace289b6afe2e41bdc8619b2d2cae966b948
-
SHA512
cf1cb3f0291f3e0c3b47ff3ee9074b624e2d9781f9637d14ede0628ebb4b8b0fe13e16583f6a933a3e20872ec084dc812237f021757efe2a6d527a0a1723b5c8
-
SSDEEP
98304:JcZJWD3qZL7I9lysBfU9OWQcIImfWoezuA+dTlwO0Fz7Xk:JcZJWTqZLGlHsHQl3fNezuAI5g
Score8/10-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes itself
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/985ffee662969825146d1b465d068ea4f5f01990d13827511415fd497cf9db86
-
Size
8.7MB
-
MD5
c947363b50231882723bd6b07bc291ca
-
SHA1
7b9a425f09da9be5dda5facff18c5fd15eed253a
-
SHA256
985ffee662969825146d1b465d068ea4f5f01990d13827511415fd497cf9db86
-
SHA512
45f511f6fe78bba853789f85549c8ac591b7812e2fc969a13148bbd1112fa356f6a1ee88a22a907e7f62ef79a0d14d75681eecd2a17f027d105afd381f161184
-
SSDEEP
98304:vM6uc5LRC1PApsX8mygFiQS8Mi0e6oIOPxOGdG20t7Xk:vM6uc5LRCepmPEQXMir6oIOPoCM
Score8/10-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes itself
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/d1e82d4a37959a9e6b661e31b8c8c6d2813c93ac92508a2771b2491b04ea2485
-
Size
8.7MB
-
MD5
aa55272ad8db954381a8eab889f087cf
-
SHA1
d7df26bf57530c0475247b0f3335e5d19d9cb30d
-
SHA256
d1e82d4a37959a9e6b661e31b8c8c6d2813c93ac92508a2771b2491b04ea2485
-
SHA512
5590c039eb50708fe8fe417a5b5adf1d9019db0590dee119d0907bb588114bcbeb980c5ec7f3f77e85aefcbba76c1560e8b81069434ef5774ca60b1e28dbac20
-
SSDEEP
98304:WjLz0rgRnuINVhcBSTDQaQqfViO7tauT8Xu4RM7Xk:WjLz0rgRXVzP5QkViitauT8Y
Score8/10-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes itself
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Modify Registry
2Virtualization/Sandbox Evasion
10Indicator Removal
10