Extracted

Extracted

Extracted

Extracted

Extracted

• • Target

    samples5.zip

  • Size

    322KB

  • MD5

    ecd0abc33637ca50ea4c8aff149d0242

  • SHA1

    66d943b612513b34d06b0555b9e7136cf97e0d0a

  • SHA256

    5023ffe58f1945012086d05f637983928e3e7c16eb5487196096d43b39d151ef

  • SHA512

    7f6a3a919c023c77de66fade82a6ca2e8838c0fca29d804288281e8daa995e7faad81b42ac2efaae6356d65bd09d16abd12ae2143ce49df60ce46cc52518491e

  • SSDEEP

    6144:45dGX0EnlLStEnG5cETVfMewGtZW3ziNjdK6PfFBKWsWlwOBoWTq:45wEEnN2Y7EhMNGtZW3zihd1M7Wip

  Score

  1^/10
  behavioral1behavioral2

• • Target

    104b5623d8edd7e56d7e824d900ef57cc085ad7b2935c794af58de87d4f8c2d3

  • Size

    29KB

  • MD5

    fd9abbc53b247ccbbbfd22993cfa4b10

  • SHA1

    35d939c8bee3a1ddcbb7406825fb4454614f0fcb

  • SHA256

    104b5623d8edd7e56d7e824d900ef57cc085ad7b2935c794af58de87d4f8c2d3

  • SHA512

    3fb29c4276889b49b8956b03303585e2879b9363aca02bae17dc646098284219ceb2424f63e4eb4087a6f80bee9dcf74f761297845d7e1fce80a6466009ace6b

  • SSDEEP

    384:6Z567E+26NJn2WhF+EQV2FZ/bT3aoub+L/4IwPSkMozhzo80uNnokwAcJ78ywAt3:g6NJn2WhZxVPazx9npa8+zprEXa

  Score

  1^/10
  behavioral3behavioral4

• • Target

    160010289cc38de42f7b75fa817a6ef7931bfd8aa1370fb09559b2e035e05702

  • Size

    28KB

  • MD5

    9231cbdb8f3330e559c46b578490c0cc

  • SHA1

    fb3db5b7b9bc77582af3e02253b68d7ae2b50b83

  • SHA256

    160010289cc38de42f7b75fa817a6ef7931bfd8aa1370fb09559b2e035e05702

  • SHA512

    67f22d8496b03a34027c56365adfdb36d4b0726221849ac85305b3ead2d3c72c43de66068880456f5d64e9c789c312e44bd03c650586afbdb57b455625864463

  • SSDEEP

    384:M/OLs5ZZDiBhgpyFRR89aCCCCCCCCCCCCCCCCCCCCCCCCXCCCCCCCCCCXXXCCXC6:M/0OZDiPOu49LjoDbY6cA

  Score

  1^/10
  behavioral5behavioral6

• • Target

    1a757d4aa506d48a09ed5cf0c8f21b6d65a55f5e8aa736873a9e523c4278156f

  • Size

    25KB

  • MD5

    b49d13d507f35be47945b2eb53a5d54c

  • SHA1

    d4b4bf08f933b9c98df396055a64b329c896e6f9

  • SHA256

    1a757d4aa506d48a09ed5cf0c8f21b6d65a55f5e8aa736873a9e523c4278156f

  • SHA512

    4fd01904a11fd3a56007f47eb2664f51ecfb60dce90aee2605332c6e3733682b1b3986f8b6d3033f22716860daff26f0fecf2616168265c587b554bdcca9a6bb

  • SSDEEP

    768:eVKIbqbiu9UwDZ17CLX38t21XUkNypr3V:SqbiujDr7U3X1ELpr3V

  Score

  1^/10
  behavioral7behavioral8

• • Target

    21ff399e57cc306a1ae1daab6009ea40c8aa96c39296d0f8781626de6bd19256

  • Size

    25KB

  • MD5

    fd6f36f4679ad49fc90b8bd1d72dfefb

  • SHA1

    47547f710e25de4a2d7b7e4aaf6a4248690fe59f

  • SHA256

    21ff399e57cc306a1ae1daab6009ea40c8aa96c39296d0f8781626de6bd19256

  • SHA512

    aa595796be82762034fb20109b0b768c04d14b3f27c755be53348eef533389d055552ea080e483397dc6af64fae69167fa01fa8a14555014632b2f80060a6f21

  • SSDEEP

    384:8l0heVewkBlnNynpTQ0JV6f0PDkcfV82SbGQ+jDZ0cuB+86OVbujItUqA0N9KuW:87ewkBlUhb6UXpkG5md6soItUqA0auW

  Score

  1^/10
  behavioral10behavioral9

• • Target

    3c311150e20d76edd9274cec783068667637b6b5f3b6e1a5031a8605b895fabf

  • Size

    13KB

  • MD5

    9b6667a85111d6b38571dbd70dd402bb

  • SHA1

    d8a0058efc95fde81798e7c9228ca629ba2bdea6

  • SHA256

    3c311150e20d76edd9274cec783068667637b6b5f3b6e1a5031a8605b895fabf

  • SHA512

    f4be04961cb88e973af95e20148c0490b71010827994bc7266e84e93490142d2f8034ea59b13e4eed9c8acbf6bdbdbf0cf28cffc8f1492a68fe4bf02cb4f31ef

  • SSDEEP

    192:PC6XV89qHBGSVeZc3dqR8kl3v/bKyVET/qYCu/IT/qkQtRle:PCJsHBGSVeZ6dqR8W/HEjujWjl

  Score

  1^/10
  behavioral11behavioral12

• • Target

    3efe068c644c96fff2a25a7351da85bad86949878df3c7cad76d83ad2f2c340f

  • Size

    15KB

  • MD5

    750c2cc91b6ce697aa6a5fc86108401f

  • SHA1

    701833cce3ead46257a02a791942dc6a549597de

  • SHA256

    3efe068c644c96fff2a25a7351da85bad86949878df3c7cad76d83ad2f2c340f

  • SHA512

    67517571c0b797c6f45be127b929149d1f73b10b560583971568e67493d4cc48a0fa918e5c6e384d46ee653271b9c2e02bab7d10135e52a9e279c337752cf51d

  • SSDEEP

    192:xYl8avdNcuhJkByinqIhiYAqbX+4dujUDOWizDA0qCWeI8gDOB5j+JW2:x9a8uhAvfO40IwDzftvj+JW

  Score

  3^/10
  behavioral13behavioral14

• • Target

    403be0442e847aee7ca7553e19672112450f2e034180a1f57eb8a6d7d39b8d17

  • Size

    31KB

  • MD5

    408358751abe67dcf31de9a955253724

  • SHA1

    81c19445c96f0b4346ae6b4036ff18c8c44db0ed

  • SHA256

    403be0442e847aee7ca7553e19672112450f2e034180a1f57eb8a6d7d39b8d17

  • SHA512

    ffc1425bfca8e5e1b78a43bac829b8930ade14b017c12e0218c44e594f2d559ca9f2060b204eb07115f2bbd4111199ea061852f1742763cfdc80a9808e9bc8aa

  • SSDEEP

    384:bMBQl5CVzAW054SrIVuLRR0b3ZpUyXhVgeHy3jfSG+wKmOL1MCEdYdOiHNFx2khV:bMBQWVM6Srtlab7MC6wThw4

  Score

  10^/10

  ransomwarespywarestealer

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops file in System32 directory

  behavioral15behavioral16

• • Target

    49c96478e9d2b16219a7c86f031c5d8b241ae43550ce2fc2bea1d98fa90aa766

  • Size

    27KB

  • MD5

    b7d21692e21dca23c0db28e171100b4a

  • SHA1

    64e399cbeea2d60bbe9f18946f53c80c2bcddcc2

  • SHA256

    49c96478e9d2b16219a7c86f031c5d8b241ae43550ce2fc2bea1d98fa90aa766

  • SHA512

    e80c688724813aa27f7fc7c82928d20c18dc7dbcb9e69f5ca8810e4b18f7cecef91bb0bf94774b4c0f8185592dabde09a849615cb51459fe7eed7478dd868e9e

  • SSDEEP

    768:HXTI4qP+S0kZu7jlvWTHY+H60xZbZ88OGoRnPKzc5:HXTI49kZu6uaBnAf5

  Score

  6^/10

  discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery
  behavioral17behavioral18

• • Target

    5154914351d1abdc308c8a76474a19560a4624194feb98118d0710efb6804aa7

  • Size

    15KB

  • MD5

    cd2ed5f84359389bf98749f49881975f

  • SHA1

    45ccaa58ac662408b7679f143042c03dc4c648c1

  • SHA256

    5154914351d1abdc308c8a76474a19560a4624194feb98118d0710efb6804aa7

  • SHA512

    692f4a48a3fad65aaaea3ba55a450aa47d65ee0ff0816ab50a61a147be9c4f7ce7df790209a0bd48d23746015a79ecbc683946565bc461c7303a1858b20e29c8

  • SSDEEP

    384:q3+NoNJcVEFxYWS9FXEvPIrUgWb3xw71dmve/hCMLXSn8/WrfI:qoVEFxYWS9FXEvKexed7jfWc

  Score

  1^/10
  behavioral19behavioral20

• • Target

    616ea8ac34ae403d7094d53c0db11a24348f6e48eff80e254a93a1593f858437

  • Size

    10KB

  • MD5

    4a52a235c905d9d5d94e244fd7e351bf

  • SHA1

    bd2a7b8c3cf113f428c34d839ae2e2e54f216ebc

  • SHA256

    616ea8ac34ae403d7094d53c0db11a24348f6e48eff80e254a93a1593f858437

  • SHA512

    5cf43076a7e86546473946890474b6d804cac08400ed53399f4f2df59a7b2777187e82ac9e68ae8bb0e2855696fe8c3626d30f7f4204b74863ec9238846e6ba5

  • SSDEEP

    192:RO9MN8rITkgL2DDg7I+lm2MTgGI8dKYHeoiW7BKwP6v+aARLSD:k9MN/gk2QNlm2MTga4YHEW7BK0U+aARU

  Score

  1^/10
  behavioral21behavioral22

• • Target

    6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc

  • Size

    30KB

  • MD5

    c2f261985677515ab220983bccfc1bee

  • SHA1

    21e324d2c8bd664a080c8fecbcd118ee040bb628

  • SHA256

    6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc

  • SHA512

    62066d26fdf71cd69903855ee569ae75ae520976ade784eaeb100d98c74a6b965abe371b9f14fc41a09e1a28b803dca13533b989d643ef21939ba6366cb029b8

  • SSDEEP

    768:jpiSqw4KqMqwZU/Tf+5g51qWMg6FU2btWLVkn:jeZqoTfwg5HMxpRWLVkn

  Score

  10^/10

  ransomwarespywarestealer

  • Renames multiple (200) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral23behavioral24

• • Target

    759c06eedcadd60ebd2aa3790eefa40d505044080cea4e1477d845611f322b4c

  • Size

    38KB

  • MD5

    1f837affe14eeee652ae0271f0cb3804

  • SHA1

    5f55dad94a03100542c61777233f7846f9376625

  • SHA256

    759c06eedcadd60ebd2aa3790eefa40d505044080cea4e1477d845611f322b4c

  • SHA512

    a620bbb9b59fa93cff35d95c6c2000226361fcbcb869d4ec300caec97723802516a430d663e26c129b8c42f1ef9c27b90963896ac86207c7193513567850691b

  • SSDEEP

    768:FGcHvpu++E69ZxPGlISQAtxaYzUmFCL+4pO6Dzhc:Fju++E6XxPGlISR5UmoLTO2+

  Score

  10^/10

  magniberransomware

  • Detect magniber ransomware

  • Magniber Ransomware

    Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.

    ransomwaremagniber

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Renames multiple (84) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Suspicious use of SetThreadContext

  behavioral25behavioral26

• • Target

    85cad059cca352e70188c1744521100651a787ebabdaa8261badb0f3b6bb5020

  • Size

    8KB

  • MD5

    4ad89788afc7a6dcf87a39a87f8adb84

  • SHA1

    c3069d84feb07f44bae94b794e47751ea66b1f39

  • SHA256

    85cad059cca352e70188c1744521100651a787ebabdaa8261badb0f3b6bb5020

  • SHA512

    ba8a64f796be593c1c191b5a5f58879e301403110f4f81dddf74203dbdc911e031d15b7be1a6fb612519bf2039732cc362b69c770bd13753e87e91a256978db1

  • SSDEEP

    96:CihvmFYq5HHjt9kuLn4n0i0ep+xeTlu7xTVZDyQf4JwzCWyzNt:CFFl5HDt9kuLn40igCK/ZoJwzD0

  Score

  1^/10
  behavioral27behavioral28

• • Target

    8ca6b7929ece89d8d9050ae9f1e6c1b3dfa87217272e114e464160dce036463c

  • Size

    31KB

  • MD5

    310342183f3632361ced85fdf54b6370

  • SHA1

    5434cd3e67dd4b9bd06f2feb99a165dcf3535ae6

  • SHA256

    8ca6b7929ece89d8d9050ae9f1e6c1b3dfa87217272e114e464160dce036463c

  • SHA512

    e8f57e7fcb5a75b159e6c718d80d5354f1c4d8cffa17b06cf4b8c4367898520ac58405a42eb9119d04dece63dd5bbdeed2c876a59e8926d12d6a78a42790ccff

  • SSDEEP

    384:IU/nB6QSb+Pg+zb4UCmAGq9/KPCl+GVu8K8nZ0bzY3aysYenuJY9/oZqahhbRaAV:IU/nB6QSbcrCoEyClQESbWMccahhtaA

  Score

  10^/10

  ransomwarespywarestealer

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Renames multiple (1636) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral29behavioral30

• • Target

    90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777

  • Size

    44KB

  • MD5

    112b36f6f558870ac332c6a86c0a9d83

  • SHA1

    faadf24ab626dcf13889b053503b3587b34d3107

  • SHA256

    90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777

  • SHA512

    1b88a607322b0a82be045d98870ff075fc2a9fd531f9c4fba799adc893830e1c4a69e2b23f88bc8b30f7943e2b42942efb2c998eddc6fa3e42c458e42e75cc20

  • SSDEEP

    384:ooQ3deOtEwC31/SllHgu/zhD+wFNf1cshmmfHsMDRiegZRF5jpmRaaaS2W:WUuB5N1KjtB3W

  Score

  9^/10

  ransomwarespywarestealer

  • Renames multiple (172) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  behavioral31behavioral32