poullight | [.]NET[.]zip

Resubmissions

11-11-2023 14:21

231111-rpa9kagf3y 10

Sharing

Copy URL

Twitter E-mail

General

Target

.NET.zip
Size

7.1MB
MD5

c8fc145dcca77a5a139dbbb146d5e190
SHA1

20d8c82f50d28c11c4ca0b54157902f1f95f8940
SHA256

65a2750dad8a55c376c995915dd75f6456b4aa6464d720d09726683f73ce800c
SHA512

72f236c04bbe5e7a0c410bdfb388db20dd577d159f50fc3fe7e45be46d47bdf521e2bf42ef9209d66c55806668b350d2d625f5fa1f2925add545d66742cc8940
SSDEEP

196608:Pu9jyp8BUGsqtC97PGhVbZwc7ChFKuqdIG9ZByzDGDhumZ:2yWqGfUPeV+cGhouqd99z6DGDhumZ

Score

10^/10

uts poullight redline sectoprat

Malware Config

Extracted

Family

redline

Botnet

UTS

45.9.20.20:13441

Signatures

Poullight Stealer payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack004/265cf03cb735b976fa1ad587bdc35f0bddfc00f92455c9b804f01468a7e51c66.exe	family_poullight

Poullight family
poullight

RedLine payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack005/2fe3f6fc8b9b9f4d1bddc0e97ddd64229da2a069cf199bcd435d14a3e27e4e19.exe	family_redline

Redline family
redline

SectopRAT payload 2 IoCs

Processes:

resource	yara_rule
static1/unpack005/2fe3f6fc8b9b9f4d1bddc0e97ddd64229da2a069cf199bcd435d14a3e27e4e19.exe	family_sectoprat
static1/unpack006/4409d2170aa9989c6a8dd32b617c51a7c3e328b3c86410813c016691b2bd7774.exe	family_sectoprat

Sectoprat family
sectoprat

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack002/148914b6c64c51130a42159e4100e6eb670852901418d88c1c0383bf0cd1e339.exe
unpack003/1e91735f8f9419790ccf0ab4776075980d9fa7c2bf514b9f99ba73e3d9f40f73.exe
unpack004/265cf03cb735b976fa1ad587bdc35f0bddfc00f92455c9b804f01468a7e51c66.exe
unpack005/2fe3f6fc8b9b9f4d1bddc0e97ddd64229da2a069cf199bcd435d14a3e27e4e19.exe
unpack006/4409d2170aa9989c6a8dd32b617c51a7c3e328b3c86410813c016691b2bd7774.exe
unpack008/Angebotsanfrage 05·10·2021·pdf.exe
unpack009/8e658e1eeabb5e965e8904d923584b710fa6d186ae4fb5b145a93e8c5f074c16.exe

Files

.NET.zip
.zip
.NET/148914b6c64c51130a42159e4100e6eb670852901418d88c1c0383bf0cd1e339.zip
.zip

Password: infected
148914b6c64c51130a42159e4100e6eb670852901418d88c1c0383bf0cd1e339.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.NET/1e91735f8f9419790ccf0ab4776075980d9fa7c2bf514b9f99ba73e3d9f40f73.zip
.zip

Password: infected
1e91735f8f9419790ccf0ab4776075980d9fa7c2bf514b9f99ba73e3d9f40f73.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.NET/265cf03cb735b976fa1ad587bdc35f0bddfc00f92455c9b804f01468a7e51c66.zip
.zip

Password: infected
265cf03cb735b976fa1ad587bdc35f0bddfc00f92455c9b804f01468a7e51c66.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.NET/2fe3f6fc8b9b9f4d1bddc0e97ddd64229da2a069cf199bcd435d14a3e27e4e19.zip
.zip

Password: infected
2fe3f6fc8b9b9f4d1bddc0e97ddd64229da2a069cf199bcd435d14a3e27e4e19.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.NET/4409d2170aa9989c6a8dd32b617c51a7c3e328b3c86410813c016691b2bd7774.zip
.zip

Password: infected
4409d2170aa9989c6a8dd32b617c51a7c3e328b3c86410813c016691b2bd7774.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.NET/745f4c8779d5d06a11961abfe988f02954f4d4484bd45b625a07773fc19dabe6.zip
.zip

Password: infected
745f4c8779d5d06a11961abfe988f02954f4d4484bd45b625a07773fc19dabe6.zip
.zip
Angebotsanfrage 05·10·2021·pdf.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.NET/8e658e1eeabb5e965e8904d923584b710fa6d186ae4fb5b145a93e8c5f074c16.zip
.zip

Password: infected
8e658e1eeabb5e965e8904d923584b710fa6d186ae4fb5b145a93e8c5f074c16.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.NET/97d4b97ab4f5880766783a88742969d0995cc86463e05a920486f390139667bc.zip
.zip
.NET/a37d3dec1c490190db45b046f4bc86671052e731ac153cf1a88c5b36e9c81bc5.zip
.zip
.NET/b41868a6a32a7e1167f4e76e2f3cf565b6c0875924f9d809d889eae9cb56a6ae.zip
.zip
.NET/b650ad6a13a697a3cc48bfcb8392d2f538dd39e23d21195b0f4a776a175999d2.zip
.zip
.NET/b7376049b73feb5bc677a02e4040f2ec7e7302456db9eac35c71072dd95557eb.zip
.zip
.NET/b8a3da8c60459974767732321a29b91dfea59ab5ad993caf832f2bb2484b5c96.zip
.zip
.NET/c0fee2c000f9caf6b49c73ebc6c84c9084ab1aec5d360b9b7dea6b3156f52acc.zip
.zip
.NET/c6cb722930bea7d2ea599fde36d8ab5c6f1ed25fc00ee9fa33c15404d962b89e.zip
.zip
.NET/df5944f9190614f04a8818a50438dfaf3339fa95289cdc0af54f8f239eb253fd.zip
.zip
.NET/e64ff6e23ce8911e74ee402d2cc1ed3d54998a56a6fb272b50c5a87363975305.zip
.zip

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 13KB - Virtual size: 13KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 94KB - Virtual size: 94KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 98KB - Virtual size: 98KB

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 512B - Virtual size: 12B

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 115KB - Virtual size: 115KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 64KB - Virtual size: 64KB

.rsrc Size: 126KB - Virtual size: 126KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 392KB - Virtual size: 392KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

.text
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 94KB - Virtual size: 94KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 98KB - Virtual size: 98KB

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 115KB - Virtual size: 115KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 64KB - Virtual size: 64KB

.rsrc
Size: 126KB - Virtual size: 126KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 392KB - Virtual size: 392KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B