BadUSB-FBI[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

BadUSB-FBI.zip
Size

641KB
MD5

e606980fb13ba7423df8b06eeda00c2d
SHA1

83f48a4416939ab21eed88e233fd5de7926a1f23
SHA256

3fa108ac543c47f85f5038fe5302b02b590dc08de312b32664c88fd0dd0acc3d
SHA512

84e6d6f6110428282426fc8e1d9840f4ed356f4a3a9fdb133ec4ef5e1f6e6313294096dd8c2e77e5883c460f4d46acb542ea9a8d887e2bd05f3aff9c6a26f82d
SSDEEP

12288:2l4FPGccgtfRBXKj4OYT4K0JZxiPU0kvG9O9cFr7tfGziYtn5TDbF:2lmeccgtfHKHYT4K+xcUYtfgbF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/BadUSB-FBI/.Recycle Bin/MacroCMD.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BadUSB-FBI/.Recycle Bin/MacroCMD.exe

Files

BadUSB-FBI.zip
.zip
BadUSB-FBI/.Recycle Bin/MacroCMD.exe
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 184KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BadUSB-FBI/.Recycle Bin/Record macro.bat
BadUSB-FBI/.Recycle Bin/brown-fox.payload
BadUSB-FBI/.Recycle Bin/copy.bat
BadUSB-FBI/.Recycle Bin/fake-update.payload
BadUSB-FBI/.Recycle Bin/fbi.bat
.bat .vbs
BadUSB-FBI/.Recycle Bin/payload.bat
BadUSB-FBI/.Recycle Bin/sound.vbs
.vbs
BadUSB-FBI/.Recycle Bin/speech.mp3
BadUSB-FBI/README.txt
BadUSB-FBI/Toggle visibility.bat
BadUSB-FBI/Virus.lnk
.lnk