Overview

overview

10

Static

static

3

4cc2560de1...af.exe

windows7-x64

10

4cc2560de1...af.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    0s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-01-2024 23:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4cc2560de1b2a15d3c8b8580154154af.exe

  • Size

    2.4MB

  • MD5

    4cc2560de1b2a15d3c8b8580154154af

  • SHA1

    ae4ee80e9d7c315b66fc3e4f62d9ae1d25463ccc

  • SHA256

    2120d92e96ad3e11b8e35cd6cf867e95c31b64d4d4e43c661560b6ab281bd306

  • SHA512

    e4ffb1701a54884d053b5f17ce494a6e723ec3005a5fb967bbca021a3a6fe434e608b1a6e0f92e2b35b4f1624794b72147e339fe6ba2eecf384cf01bd469383a

  • SSDEEP

    49152:EgBNMZwos3cWf3pyjfoQbdBXPUKwXGEOBRT2Os3ch1MVje8bSO:JBNz7f3UxtsKc5soZe83

Score
10/10
nullmixersmokeloadervidar933pub5aspackv2backdoordropperstealertrojan

Malware Config

Extracted

Family

nullmixer

C2

http://razino.xyz/

Extracted

Family

smokeloader

Botnet

pub5

Extracted

Family

vidar

Version

39.6

Botnet

933

C2

https://sslamlssa1.tumblr.com/

Attributes
  • profile_id

    933

Extracted

Family

smokeloader

Version

2020

C2

http://conceitosseg.com/upload/

http://integrasidata.com/upload/

http://ozentekstil.com/upload/

http://finbelportal.com/upload/

http://telanganadigital.com/upload/
rc4.i32
rc4.i32

Signatures

  • NullMixer

    NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.

    droppernullmixer
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar Stealer 4 IoCs
    stealer
  • ASPack v2.12-2.42 4 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4cc2560de1b2a15d3c8b8580154154af.exe
    "C:\Users\Admin\AppData\Local\Temp\4cc2560de1b2a15d3c8b8580154154af.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"
      2⤵
      • Executes dropped EXE
      PID:4864
      • C:\Users\Admin\AppData\Local\Temp\7zS00380107\setup_install.exe
        "C:\Users\Admin\AppData\Local\Temp\7zS00380107\setup_install.exe"
        3⤵
          PID:3676
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c sahiba_7.exe
      1⤵
        PID:1128
      • C:\Users\Admin\AppData\Local\Temp\7zS00380107\sahiba_6.exe
        sahiba_6.exe
        1⤵
          PID:3628
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3676 -ip 3676
          1⤵
            PID:2076
          • C:\Users\Admin\AppData\Local\Temp\7zS00380107\sahiba_1.exe
            "C:\Users\Admin\AppData\Local\Temp\7zS00380107\sahiba_1.exe" -a
            1⤵
              PID:3504
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 560
              1⤵
              • Program crash
              PID:4376
            • C:\Windows\SysWOW64\rundll32.exe
              rUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main
              1⤵
                PID:2608
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 600
                  2⤵
                  • Program crash
                  PID:3152
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2608 -ip 2608
                1⤵
                  PID:3804
                • C:\Windows\system32\rUNdlL32.eXe
                  rUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main
                  1⤵
                    PID:4220
                  • C:\Users\Admin\AppData\Local\Temp\7zS00380107\sahiba_5.exe
                    sahiba_5.exe
                    1⤵
                      PID:2604
                    • C:\Users\Admin\AppData\Local\Temp\7zS00380107\sahiba_3.exe
                      sahiba_3.exe
                      1⤵
                        PID:1140
                        • C:\Windows\SysWOW64\WerFault.exe
                          C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 1060
                          2⤵
                          • Program crash
                          PID:1748
                      • C:\Users\Admin\AppData\Local\Temp\7zS00380107\sahiba_4.exe
                        sahiba_4.exe
                        1⤵
                          PID:3684
                        • C:\Users\Admin\AppData\Local\Temp\7zS00380107\sahiba_1.exe
                          sahiba_1.exe
                          1⤵
                            PID:4316
                          • C:\Users\Admin\AppData\Local\Temp\7zS00380107\sahiba_2.exe
                            sahiba_2.exe
                            1⤵
                              PID:2916
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 396
                                2⤵
                                • Program crash
                                PID:4252
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c sahiba_6.exe
                              1⤵
                                PID:1916
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c sahiba_5.exe
                                1⤵
                                  PID:2212
                                • C:\Windows\SysWOW64\cmd.exe
                                  C:\Windows\system32\cmd.exe /c sahiba_4.exe
                                  1⤵
                                    PID:3360
                                  • C:\Windows\SysWOW64\cmd.exe
                                    C:\Windows\system32\cmd.exe /c sahiba_3.exe
                                    1⤵
                                      PID:2588
                                    • C:\Windows\SysWOW64\cmd.exe
                                      C:\Windows\system32\cmd.exe /c sahiba_2.exe
                                      1⤵
                                        PID:4748
                                      • C:\Windows\SysWOW64\cmd.exe
                                        C:\Windows\system32\cmd.exe /c sahiba_1.exe
                                        1⤵
                                          PID:4688
                                        • C:\Windows\SysWOW64\WerFault.exe
                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2916 -ip 2916
                                          1⤵
                                            PID:4540
                                          • C:\Windows\SysWOW64\WerFault.exe
                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1140 -ip 1140
                                            1⤵
                                              PID:4220

                                            Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\Local\Temp\7zS00380107\libcurl.dll
                                              Filesize

                                              218KB

                                              MD5

                                              d09be1f47fd6b827c81a4812b4f7296f

                                              SHA1

                                              028ae3596c0790e6d7f9f2f3c8e9591527d267f7

                                              SHA256

                                              0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e

                                              SHA512

                                              857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Temp\7zS00380107\libcurlpp.dll
                                              Filesize

                                              54KB

                                              MD5

                                              e6e578373c2e416289a8da55f1dc5e8e

                                              SHA1

                                              b601a229b66ec3d19c2369b36216c6f6eb1c063e

                                              SHA256

                                              43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f

                                              SHA512

                                              9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Temp\7zS00380107\libgcc_s_dw2-1.dll
                                              Filesize

                                              113KB

                                              MD5

                                              9aec524b616618b0d3d00b27b6f51da1

                                              SHA1

                                              64264300801a353db324d11738ffed876550e1d3

                                              SHA256

                                              59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e

                                              SHA512

                                              0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Temp\7zS00380107\libgcc_s_dw2-1.dll
                                              Filesize

                                              92KB

                                              MD5

                                              3947561e2e1528a3936ed77810504e80

                                              SHA1

                                              3a6891b73e59bfd230d43791914750cb1a07e126

                                              SHA256

                                              2c6617cde9e29d37e2fe979df0458f0c62303bc233753370a28bef035b91a0dd

                                              SHA512

                                              4bb05f9e36b65a881721bdb7ea4b8249562eb49294999be72e9189dbcb8e8822dc566b21aa61c8773c22211a59d261056746b2c2638a35b3b73d2401505654bc

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Temp\7zS00380107\libstdc++-6.dll
                                              Filesize

                                              647KB

                                              MD5

                                              5e279950775baae5fea04d2cc4526bcc

                                              SHA1

                                              8aef1e10031c3629512c43dd8b0b5d9060878453

                                              SHA256

                                              97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87

                                              SHA512

                                              666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Temp\7zS00380107\libwinpthread-1.dll
                                              Filesize

                                              69KB

                                              MD5

                                              1e0d62c34ff2e649ebc5c372065732ee

                                              SHA1

                                              fcfaa36ba456159b26140a43e80fbd7e9d9af2de

                                              SHA256

                                              509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723

                                              SHA512

                                              3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Temp\7zS00380107\setup_install.exe
                                              Filesize

                                              287KB

                                              MD5

                                              41e1dc8e34109e4cb4ba39dd8e09c6b4

                                              SHA1

                                              08d717f63ce3e78cfa429baa6e69b3517ee043d2

                                              SHA256

                                              e398b7b89d19348afef5af9623d86cf79ae7799a13bedafe98d580bc6d8cc365

                                              SHA512

                                              defddc813d6b6a6345fa645356bed2e91321b86dfb4ca609cf1db8fa53891cc82d80a3688dc6dc31ffc732ada49a4cad3a014d4783aa67819160f4276cd4955f

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
                                              Filesize

                                              896KB

                                              MD5

                                              090c444600a33135b212aaa17458cd7a

                                              SHA1

                                              66d46cbbe7abfb6615b2df10de4bfe97c275017f

                                              SHA256

                                              24cad9d60e67ee439c8d98faa12d495682bef015d78e8160de6974d036ea5347

                                              SHA512

                                              b3186d8144086a45bd988d94faede3c8b5b37f11599e613ccf078fbb0acbe873bab15c4adefdd3e05d5e283a7fe97b10d44548d8abe59f13ba4e419f53816bea

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
                                              Filesize

                                              1.1MB

                                              MD5

                                              59ca02be239106d0f2d069ff65be83b7

                                              SHA1

                                              33fd4b29803f22ef73e68c907cc2814dea65429f

                                              SHA256

                                              39b69fcab1f7b7535c0898572b6655628719385df7a6179fedb3c78ae6dfaaa3

                                              SHA512

                                              afe5a5253586c19d2ffb173ce9a3f2ecc018806e829179469ff65d5ed2ef69adac383a987e25e561c995ee315d887a2705b6b9838ca423140152697e413e78b4

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
                                              Filesize

                                              664KB

                                              MD5

                                              f4c64baa14bd7d30a77101595e3217c9

                                              SHA1

                                              fdf7c5a51af8ace361549c924d5c17f2d47d658f

                                              SHA256

                                              0fac86ce81ea08795aabaea8f8b57476c08b64346f66f078da111f70d1af595a

                                              SHA512

                                              4f108df6a1286427a2e99af065ff98b8616884b9c05810ef7b36a6c07bb4398a190184c1821f6db614967ad78133256e83baf488ec76f342254c3ea15aca9dc5

                                              Download Submit

                                            • memory/1140-114-0x0000000002560000-0x00000000025FD000-memory.dmp

                                              Filesize

                                              628KB

                                              Download

                                            • memory/1140-116-0x0000000000400000-0x0000000000A04000-memory.dmp

                                              Filesize

                                              6.0MB

                                              Download

                                            • memory/1140-137-0x0000000002560000-0x00000000025FD000-memory.dmp

                                              Filesize

                                              628KB

                                              Download

                                            • memory/1140-112-0x0000000000CC0000-0x0000000000DC0000-memory.dmp

                                              Filesize

                                              1024KB

                                              Download

                                            • memory/1140-130-0x0000000000400000-0x0000000000A04000-memory.dmp

                                              Filesize

                                              6.0MB

                                              Download

                                            • memory/2916-106-0x0000000000400000-0x00000000009A9000-memory.dmp

                                              Filesize

                                              5.7MB

                                              Download

                                            • memory/2916-105-0x00000000025C0000-0x00000000025C9000-memory.dmp

                                              Filesize

                                              36KB

                                              Download

                                            • memory/2916-104-0x0000000000A80000-0x0000000000B80000-memory.dmp

                                              Filesize

                                              1024KB

                                              Download

                                            • memory/2916-129-0x0000000000400000-0x00000000009A9000-memory.dmp

                                              Filesize

                                              5.7MB

                                              Download

                                            • memory/3420-123-0x00000000027D0000-0x00000000027E5000-memory.dmp

                                              Filesize

                                              84KB

                                              Download

                                            • memory/3628-95-0x000001D69E310000-0x000001D69E380000-memory.dmp

                                              Filesize

                                              448KB

                                              Download

                                            • memory/3676-61-0x000000006B440000-0x000000006B4CF000-memory.dmp

                                              Filesize

                                              572KB

                                              Download

                                            • memory/3676-65-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                                              Filesize

                                              1.5MB

                                              Download

                                            • memory/3676-115-0x0000000000F70000-0x0000000000FFF000-memory.dmp

                                              Filesize

                                              572KB

                                              Download

                                            • memory/3676-110-0x000000006B440000-0x000000006B4CF000-memory.dmp

                                              Filesize

                                              572KB

                                              Download

                                            • memory/3676-42-0x0000000000400000-0x000000000051E000-memory.dmp

                                              Filesize

                                              1.1MB

                                              Download

                                            • memory/3676-58-0x000000006B440000-0x000000006B4CF000-memory.dmp

                                              Filesize

                                              572KB

                                              Download

                                            • memory/3676-75-0x0000000000400000-0x000000000051E000-memory.dmp

                                              Filesize

                                              1.1MB

                                              Download

                                            • memory/3676-74-0x0000000000400000-0x000000000051E000-memory.dmp

                                              Filesize

                                              1.1MB

                                              Download

                                            • memory/3676-73-0x0000000000400000-0x000000000051E000-memory.dmp

                                              Filesize

                                              1.1MB

                                              Download

                                            • memory/3676-72-0x0000000000400000-0x000000000051E000-memory.dmp

                                              Filesize

                                              1.1MB

                                              Download

                                            • memory/3676-71-0x0000000000400000-0x000000000051E000-memory.dmp

                                              Filesize

                                              1.1MB

                                              Download

                                            • memory/3676-69-0x000000006B280000-0x000000006B2A6000-memory.dmp

                                              Filesize

                                              152KB

                                              Download

                                            • memory/3676-68-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                                              Filesize

                                              1.5MB

                                              Download

                                            • memory/3676-67-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                                              Filesize

                                              1.5MB

                                              Download

                                            • memory/3676-66-0x0000000064940000-0x0000000064959000-memory.dmp

                                              Filesize

                                              100KB

                                              Download

                                            • memory/3676-113-0x000000006EB40000-0x000000006EB63000-memory.dmp

                                              Filesize

                                              140KB

                                              Download

                                            • memory/3676-64-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                                              Filesize

                                              1.5MB

                                              Download

                                            • memory/3676-62-0x0000000000F70000-0x0000000000FFF000-memory.dmp

                                              Filesize

                                              572KB

                                              Download

                                            • memory/3676-111-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                                              Filesize

                                              1.5MB

                                              Download

                                            • memory/3676-57-0x000000006B280000-0x000000006B2A6000-memory.dmp

                                              Filesize

                                              152KB

                                              Download

                                            • memory/3676-108-0x0000000064940000-0x0000000064959000-memory.dmp

                                              Filesize

                                              100KB

                                              Download

                                            • memory/3676-109-0x000000006B280000-0x000000006B2A6000-memory.dmp

                                              Filesize

                                              152KB

                                              Download

                                            • memory/3676-107-0x0000000000400000-0x000000000051E000-memory.dmp

                                              Filesize

                                              1.1MB

                                              Download

                                            • memory/3676-60-0x000000006B440000-0x000000006B4CF000-memory.dmp

                                              Filesize

                                              572KB

                                              Download

                                            • memory/3676-76-0x0000000000400000-0x000000000051E000-memory.dmp

                                              Filesize

                                              1.1MB

                                              Download

                                            • memory/3676-70-0x000000006B280000-0x000000006B2A6000-memory.dmp

                                              Filesize

                                              152KB

                                              Download

                                            • memory/3676-63-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                                              Filesize

                                              1.5MB

                                              Download

                                            • memory/3684-93-0x0000000002180000-0x0000000002190000-memory.dmp

                                              Filesize

                                              64KB

                                              Download

                                            • memory/3684-131-0x00007FF9FE780000-0x00007FF9FF241000-memory.dmp

                                              Filesize

                                              10.8MB

                                              Download

                                            • memory/3684-87-0x00000000000E0000-0x00000000000E8000-memory.dmp

                                              Filesize

                                              32KB

                                              Download

                                            • memory/3684-135-0x0000000002180000-0x0000000002190000-memory.dmp

                                              Filesize

                                              64KB

                                              Download

                                            • memory/3684-91-0x00007FF9FE780000-0x00007FF9FF241000-memory.dmp

                                              Filesize

                                              10.8MB

                                              Download