Overview

overview

10

Static

static

10

Malware-ma...er.hta

windows7-x64

3

Malware-ma...er.hta

windows10-2004-x64

8

Malware-ma...075.js

windows7-x64

1

Malware-ma...075.js

windows10-2004-x64

1

Malware-ma...jan.js

windows7-x64

1

Malware-ma...jan.js

windows10-2004-x64

1

Malware-ma...Mozi.m

debian-9-armhf

9

Malware-ma...Mozi.a

debian-9-mips

8

Malware-ma...Mozi.m

debian-9-mipsel

1

Malware-ma...us.arm

debian-9-armhf

9

Malware-ma.../ELF/e

ubuntu-18.04-amd64

Malware-ma.../ELF/f

ubuntu-18.04-amd64

1

Malware-ma...rmfile

ubuntu-18.04-amd64

10

Malware-ma.../ELF/m

ubuntu-18.04-amd64

6

Malware-ma...ELF/m1

ubuntu-18.04-amd64

6

Malware-ma...F/m68k

ubuntu-18.04-amd64

Malware-ma...F/m68k

debian-9-armhf

Malware-ma...F/m68k

debian-9-mips

Malware-ma...F/m68k

debian-9-mipsel

Malware-ma...F/mips

debian-9-mips

9

Malware-ma...LF/ppc

ubuntu-18.04-amd64

Malware-ma...LF/ppc

debian-9-armhf

Malware-ma...LF/ppc

debian-9-mips

Malware-ma...LF/ppc

debian-9-mipsel

Malware-ma...LF/sh4

ubuntu-18.04-amd64

Malware-ma...LF/sh4

debian-9-armhf

Malware-ma...LF/sh4

debian-9-mips

Malware-ma...LF/sh4

debian-9-mipsel

Malware-ma...LF/x86

ubuntu-18.04-amd64

10

Malware-ma...oad.js

windows7-x64

1

Malware-ma...oad.js

windows10-2004-x64

1

Malware-ma...e64.js

windows7-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Malware-master.zip

  • Size

    18.3MB

  • MD5

    67f2f74a83633f2da3df8b0c77955884

  • SHA1

    d6b4f46d0688df2a090f8ed8a98b41f040ea32aa

  • SHA256

    418b34fe8f70f8449742f56607d810bc1d011b9ab4d32f3c2999334d7ddfe2b4

  • SHA512

    36e55bdd9ebbf21bfb49acb9b8a9dd02f200161e4c916d5ffa09ff99376abf3d3fef0a8c316184d70e09bb83e6292ae2b05478817a5b77d8ff7e6d6a1195b0f7

  • SSDEEP

    393216:K6fb3LZPdJrHsCaRxzcD2fyvLXYkWiod+vjqRAbs7X4+dQDgX:K6fDNlFHsCaRRc5uKQTDdQMX

Score
10/10
upxlzrdminerkytonpyinstallermiraixmrig

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

KYTON

Extracted

Family

mirai

Botnet

KYTON

Extracted

Family

mirai

C2

8.8.8.8

Extracted

Family

mirai

C2

o.do.do

Signatures

  • Mirai family
    mirai
  • XMRig Miner payload 2 IoCs
    miner
  • Xmrig family
    xmrig
  • Patched UPX-packed file 2 IoCs

    Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 14 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Detects Pyinstaller 1 IoCs
    pyinstaller
  • Unsigned PE 6 IoCs

    Checks for missing Authenticode signature.

Files

  • Malware-master.zip
    .zip

    Password: infected

  • Malware-master/Compressed archives/README.md
  • Malware-master/Compressed archives/Y1040-2+Y1048-2+(NZ) INV-PL (JAN-19-2022) - Revised 1.7z
    .7z

    Password: infected

  • Y1040-2+Y1048-2+(NZ) INV-PL (JAN-19-2022) - Revised 1.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Malware-master/Cyberwar Tools Ukraine - Russia/README.md
  • Malware-master/HTML,HTM, HTA Exploit/New Order.hta
    .hta .vbs polyglot
  • Malware-master/HTML,HTM, HTA Exploit/README.md
  • Malware-master/HTML,HTM, HTA Exploit/html-trojan-agent-37075
    .js
  • Malware-master/HTML,HTM, HTA Exploit/trojan.obfus-263
    .js
  • Malware-master/ISO/README.md
  • Malware-master/ISO/__2021120787568756,JPEG.iso
    .iso

    Password: infected

  • 支付2021120787568756,JPEG.zip
    .zip

    Password: infected

  • 支付2021120787568756,JPEG.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Malware-master/Linux/ELF/2021.04.20-Mozi.m
    .elf linux arm
  • Malware-master/Linux/ELF/2021.04.26-Mozi.a
    .elf linux mipsbe
  • Malware-master/Linux/ELF/Mozi.m
    .elf linux mipsel
  • Malware-master/Linux/ELF/README.md
  • Malware-master/Linux/ELF/Zeus.arm
    .elf linux arm
  • Malware-master/Linux/ELF/e
    .elf linux x86
  • Malware-master/Linux/ELF/f
    .elf linux x64
  • Malware-master/Linux/ELF/frmfile
    .elf linux x86
  • Malware-master/Linux/ELF/m
    .elf linux x64
  • Malware-master/Linux/ELF/m1
    .elf linux x86
  • Malware-master/Linux/ELF/m68k
    .elf linux
  • Malware-master/Linux/ELF/mips
    .elf linux mipsbe
  • Malware-master/Linux/ELF/ppc
    .elf linux ppc
  • Malware-master/Linux/ELF/sh4
    .elf linux sh
  • Malware-master/Linux/ELF/x86
    .elf linux x86
  • Malware-master/Linux/README.md
  • Malware-master/Linux/frp_0.38.0_linux_amd64.tar.gz
    .gz

    Password: infected

  • frp_0.38.0_linux_amd64.tar
    .tar

    Password: infected

  • frp_0.38.0_linux_amd64/LICENSE
  • frp_0.38.0_linux_amd64/frpc
    .elf linux x64
  • frp_0.38.0_linux_amd64/frpc.ini
  • frp_0.38.0_linux_amd64/frpc_full.ini
  • frp_0.38.0_linux_amd64/frps
    .elf linux x64
  • frp_0.38.0_linux_amd64/frps.ini
  • frp_0.38.0_linux_amd64/frps_full.ini
  • frp_0.38.0_linux_amd64/systemd/frpc.service
  • frp_0.38.0_linux_amd64/systemd/frpc@.service
  • frp_0.38.0_linux_amd64/systemd/frps.service
  • frp_0.38.0_linux_amd64/systemd/frps@.service
  • Malware-master/MacOS/Docs_20210620_73748678943.pdf.img
    .iso

    Password: infected

  • Docs_20210620_73748678943.pdf.exe
    .exe windows:4 windows x64 arch:x64


    Headers

    Sections

  • Malware-master/MacOS/README.md
  • Malware-master/Malicious-IPAddresses.md
  • Malware-master/PHP/123ds.php.suspected
  • Malware-master/PHP/Crypto miner/README.md
  • Malware-master/PHP/README.md
  • Malware-master/PHP/async-upload.php
    .js
  • Malware-master/PHP/class-IXR-base64.php
    .js
  • Malware-master/PHP/db2a52b3.ico
  • Malware-master/PHP/dclzougj.php
  • Malware-master/PHP/dlzxnqum.php
  • Malware-master/PHP/fsockopen.php
    .js
  • Malware-master/PHP/lwxqmufd.php
  • Malware-master/PHP/oqjykvqwdk.php
    .js
  • Malware-master/PHP/q89cq.php
  • Malware-master/PHP/wlstncyj.php
  • Malware-master/Phishing/README.md
  • Malware-master/Python/README.md
  • Malware-master/Python/drupal-web-scraper/README.md
  • Malware-master/Python/drupal-web-scraper/t.py
  • Malware-master/Python/obfuscated-ipflooder15.py
  • Malware-master/README.md
  • Malware-master/Script/Pemex.sh
    .sh linux
  • Malware-master/Script/README.md
  • Malware-master/Script/bin.sh
  • Malware-master/Windows/IPDetect.exe
    .exe windows:4 windows x86 arch:x86

    765a487dc2784fe8580c434e22a2a77e


    Headers

    Imports

    Sections

  • Malware-master/Windows/Office/Word/FM.docx
    .docx office2007
  • Malware-master/Windows/Office/Word/README.md
  • Malware-master/Windows/PowerShell/CVE-2021-1675.ps1
    .ps1
  • Malware-master/Windows/PowerShell/README.md
  • Malware-master/Windows/PowerShell/f22.svg
    .ps1
  • Malware-master/Windows/PowerShell/mm.ps1
    .ps1
  • Malware-master/Windows/README.md
  • Malware-master/Windows/dll/README.md
  • Malware-master/Windows/dll/htmlayout.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • Malware-master/Windows/重要通知附件-文件防泄密自查手册.doc.exe
    .exe windows:4 windows x64 arch:x64

    a2c1f4d5eeaf95bdec6a6d4cd9f09091


    Headers

    Imports

    Sections

  • Malware-master/dark/README.md
  • Malware-master/dark/dark.arm5
    .elf linux arm
  • Malware-master/dark/dark.arm6
    .elf linux arm
  • Malware-master/dark/dark.arm7
    .elf linux arm
  • Malware-master/dark/dark.m68k
    .elf linux
  • Malware-master/dark/dark.mips
    .elf linux mipsbe
  • Malware-master/dark/dark.mpsl
    .elf linux mipsel
  • Malware-master/dark/dark.ppc
    .elf linux ppc
  • Malware-master/dark/dark.sh4
    .elf linux sh
  • Malware-master/dark/dark.x86
    .elf linux x86
  • Malware-master/dark/lolol.sh
  • Malware-master/trojan.Xored-1
    .js