Overview

overview

7

Static

static

7

Pkill.exe

windows7-x64

1

Pkill.exe

windows10-2004-x64

1

expA

ubuntu-18.04-amd64

expB

ubuntu-18.04-amd64

expC

ubuntu-18.04-amd64

expE

ubuntu-18.04-amd64

1

s.exe

windows7-x64

1

s.exe

windows10-2004-x64

1

sleep.exe

windows7-x64

7

sleep.exe

windows10-2004-x64

7

ssh+1.exe

windows7-x64

3

ssh+1.exe

windows10-2004-x64

3

ssh.exe

windows7-x64

3

ssh.exe

windows10-2004-x64

3

开始.bat

windows7-x64

1

开始.bat

windows10-2004-x64

1

插件.bat

windows7-x64

1

插件.bat

windows10-2004-x64

1

活跃IP�...��.bat

windows7-x64

1

活跃IP�...��.bat

windows10-2004-x64

1

活跃IP�...��.bat

windows7-x64

1

活跃IP�...��.bat

windows10-2004-x64

1

活跃IP�...��.bat

windows7-x64

1

活跃IP�...��.bat

windows10-2004-x64

1

活跃IP�...��.bat

windows7-x64

1

活跃IP�...��.bat

windows10-2004-x64

1

防卡监听.bat

windows7-x64

1

防卡监听.bat

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    60c488a82df94c6ecaf276063ff3df4c

  • Size

    2.0MB

  • MD5

    60c488a82df94c6ecaf276063ff3df4c

  • SHA1

    a5833e96c07bd013951144eda3ab06c2b92c9d18

  • SHA256

    6fc5f99ac2a731a0f6fa33c0af8d4811f2367bdaf526078177d0ef62c1b0dc69

  • SHA512

    f432905f8cdeeffc77f00800f9ddcd210c2b291d8f9b600f04cd07ba8901c237c3d8f00721a2c636ce58573a95a699db4ce53209c4f3defd9810d5051b84acf1

  • SSDEEP

    49152:rgXEJflmmLbFy5+wOoO3BjGHRB4185GX48A:rAEZLxy5+w1O5ERG0Uk

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 6 IoCs

    Checks for missing Authenticode signature.

Files

  • 60c488a82df94c6ecaf276063ff3df4c
    .rar
  • Pkill.dll
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • Port.ini
  • expA
    .elf linux x86
  • expB
    .elf linux x86
  • expC
    .elf linux x86
  • expD
  • expE
    .elf linux x64
  • ip.txt
  • pas.dic
  • s.dll
    .exe windows:4 windows x86 arch:x86

    9daa2077796c1e1eebb7432dbfbf9100


    Headers

    Imports

    Exports

    Sections

  • shell.txt
  • sleep.dll
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • ssh+1.exe
    .exe windows:5 windows x86 arch:x86

    3dc7a323ab0d18496598760e70f99079


    Headers

    Imports

    Sections

  • ssh.exe
    .exe windows:5 windows x86 arch:x86

    3dc7a323ab0d18496598760e70f99079


    Headers

    Imports

    Sections

  • 声明.txt
  • 开始.bat
  • 插件.bat
  • 活跃IP大段处理/IP.txt
  • 活跃IP大段处理/ips.txt
  • 活跃IP大段处理/使用说明.txt
  • 活跃IP大段处理/域名.txt
  • 活跃IP大段处理/完成.txt
  • 活跃IP大段处理/第一步域名处理.bat
  • 活跃IP大段处理/第三步ip生成.bat
  • 活跃IP大段处理/第二步ip整理.bat
  • 活跃IP大段处理/第四步去重复整理.bat
    .bat .vbs
  • 防卡监听.bat