99dda908d9a3c3e697a9b2a42b765ca60ae5b404ffb651312ac8e2ddab9ef9fc

Sharing

Copy URL

Twitter E-mail

General

Target

Duqu.zip
Size

690KB
Sample

240119-qm63safdd5
MD5

33d59864adac062d7cad138434e7e251
SHA1

09ffc8b7da4039dacac2dd6cf0835effef602ca3
SHA256

99dda908d9a3c3e697a9b2a42b765ca60ae5b404ffb651312ac8e2ddab9ef9fc
SHA512

0202f0f864fd9ca7688cbe45ee9b18e440dac02095a435d3efc29e0f1664100f1a52abca6c9bfe59962a64dd604e1ba1a5b8759b10db345f550bdc4d240aea88
SSDEEP

12288:Rg2vKeIR40hFrrHmG1FrYFfkVQg6EjyMPjiNqU8HWabth3JOW6BqZd19EjX:R7vKeo4yN+cVQ/Ejyu3Wabr5EBm0X

Score

3^/10

Malware Config

Targets

- Target
  
  Duqu.zip
- Size
  
  690KB
- MD5
  
  33d59864adac062d7cad138434e7e251
- SHA1
  
  09ffc8b7da4039dacac2dd6cf0835effef602ca3
- SHA256
  
  99dda908d9a3c3e697a9b2a42b765ca60ae5b404ffb651312ac8e2ddab9ef9fc
- SHA512
  
  0202f0f864fd9ca7688cbe45ee9b18e440dac02095a435d3efc29e0f1664100f1a52abca6c9bfe59962a64dd604e1ba1a5b8759b10db345f550bdc4d240aea88
- SSDEEP
  
  12288:Rg2vKeIR40hFrrHmG1FrYFfkVQg6EjyMPjiNqU8HWabth3JOW6BqZd19EjX:R7vKeo4yN+cVQ/Ejyu3Wabr5EBm0X
Score

1^/10
behavioral1 behavioral2
- Target
  
  DRVS/DUQU_1
- Size
  
  309KB
- MD5
  
  9c743e911c129cee3e2daa1d82f4e6f8
- SHA1
  
  2f40150fda995f6aeffcecfe96b954c07c7c7ca5
- SHA256
  
  bfa430f69c12c926851aca4d9b70ceb925cbf2ec4f669210a24d769911995bc2
- SHA512
  
  2e11d349fe41c0f7d656f6af189758af7b191f6aa3b95313cb38276760bc2b87c9bb0d101c5efee122eaa85b7eb4fd1dccce392004c45335d629114815f579ed
- SSDEEP
  
  6144:Gh+GCf8RKTHe9Qn0zTxOTq4t5j4XRkMoS7LgZy4UATzZN7zyZn1A4k:m4xTH0QIARbj4BPfuzZ9mm
Score

1^/10
behavioral3 behavioral4
- Target
  
  DRVS/SYS_info.txt
- Size
  
  1KB
- MD5
  
  aa6b65569f873966b49a8a2faf430a7a
- SHA1
  
  fd5ee1661592218ca738f707013c2d542ead6a18
- SHA256
  
  d5363628ee829d7b53475fc96613383360cc86046308a8db5ea62d96bf2c66a7
- SHA512
  
  713ff8af03a223822f5ac60fbc9bb01e578dc402166305555f049717042db4655606440bf4b8c2e040542e862c2fae9ac2cfb795dcecbeb9bda5caaa5a2d92bc
Score

1^/10
behavioral5 behavioral6
- Target
  
  detection/duqudetector-v1_01.zip
- Size
  
  439KB
- MD5
  
  a7421eab26342eec59f747e20debdb9b
- SHA1
  
  789aa653e7493724bc25636d9833bc242cf0ef4a
- SHA256
  
  1953b30d386896f45b3cf9e0174914dc1825ecf2873ce222a317fa1675ad35fe
- SHA512
  
  be1087cdf392ae1cda889eeef76343ac3fb31e8f2a1fe32cbe6be9c825437d10749cfafcae7f4ce3c5338c388fe406e2cfb7b94b1ff393541ad2ceb33a7a8657
- SSDEEP
  
  12288:9VoubfiHcg65uZEgLzNONk2858aVDlImO+pXd1XEzku:TbKHc/IEgjr8aVB/P0ku
Score

1^/10
behavioral7 behavioral8
- Target
  
  CalcPNFEntropy.exe
- Size
  
  10KB
- MD5
  
  3485b4b429236267ce158d8b9990cf44
- SHA1
  
  14fa466cef5aef26e95652858fb622e30cebec2d
- SHA256
  
  d1147e6faf24e9008245af7f11639d0c0900233de23c4a70cde93a2e9500b4ef
- SHA512
  
  958bd52988afc97fb5cb589efd5956511eb8483f689f1a5792ac198bed9c9629758aeaf51517eb0db3cd576c7818f2a8ea8339cf40c0212049741fbfb54d8585
- SSDEEP
  
  192:uOJSNe7uHGQgHw4PJYxd/yLknC3qXNU0MzruVQG6Fa8p:uOtKHjgHwzxd/HtU0MHuV
Score

1^/10
behavioral10 behavioral9
- Target
  
  FindDuquRunme.bat
- Size
  
  150B
- MD5
  
  eaeae4eab186eb700da1169e8134a054
- SHA1
  
  c188e715e860535363c39adbdedae0179eb976e9
- SHA256
  
  dff42118e67c38ffec2192aa44ed3407848e2ddeb429bf662e2bf4db708cef5d
- SHA512
  
  2b2cc16aa82e098231366ceea7f47c6fce5a39cf1ef703f7df9c7be88a97ad7c14b18f575cfd1933c849ede6d1a6c77db90cf9239434b848f9056080064d1fc4
Score

1^/10
behavioral11 behavioral12
- Target
  
  FindDuquSys.exe
- Size
  
  15KB
- MD5
  
  6963f0efb6943b16cc7e41634b56b155
- SHA1
  
  4290f026623cabd603a7913f730fe09efcb4d929
- SHA256
  
  a01656c305c79f923f13471df0d386bf99a0ec862f77c0dc5a2f17f5aa8a6edb
- SHA512
  
  1e6486ead9527a6d66e7aacf32ae1011369c937239e2f31b81216cf9a5b580d6c62939c80fec935f73302e33028909e0518e3cca1b1276d18a03d1cab8a146a1
- SSDEEP
  
  192:JTJ7JKSvq/Q6XNb11HTMDW4L9AGMMnYnvkrM2YzruVQl6pBUXQeE9:hJBq/rXNbD33GtYnr2YHuVPU
Score

1^/10
behavioral13 behavioral14
- Target
  
  FindDuquTmp.exe
- Size
  
  23KB
- MD5
  
  196a31bfd582e49dc241325067810683
- SHA1
  
  60619d4245ca2c95e769786c0adad6ce1c75961c
- SHA256
  
  6ce305ff6e90068126966eece853487bbffef770bdbea46936066b9e8e18f4d3
- SHA512
  
  ed4edf4ab3802134df4e78413597592d7a1e31f1c00507aa547416e9675853289c126de433378d05d115fb11692db79f15deedea4bf01c9b0f3d89ea6323f038
- SSDEEP
  
  192:6LQvC1OIGBz31MDDnFL1nDgpo4wzruVQG65KnRm0:6LQK1OIm3mnLcpo4wHuVx
Score

1^/10
behavioral15 behavioral16
- Target
  
  FindPNFnoINF.exe
- Size
  
  9KB
- MD5
  
  ea0609fdfd8e6cc4ba6337c7c2f7327d
- SHA1
  
  49cc8e2b2e8fe5aeede675b3558e2b4c3a67606c
- SHA256
  
  9715a10537112469b4317f8b16fd00ffda36db8395f18ac6eb637647af1a1b46
- SHA512
  
  0b58e3d282ba255c0cbd2abed56a26f14e24622536765e73dff0c911a20140b9e099d5d8669944b2a6737aebfdfd0f1bf79b790a47b01ef8503bc512c4e28be5
- SSDEEP
  
  192:gRCl8O/liCE+gHIqOLMnHb4BfRzruVQG65asKYP:gwl8CliDHBcBfRHuVoK
Score

1^/10
behavioral17 behavioral18
- Target
  
  manual-v1_01.txt
- Size
  
  8KB
- MD5
  
  f28f750f74076e52c88ef5e1e7a349fe
- SHA1
  
  ba28dd30b27e60ab7d4e615df107335be399fac1
- SHA256
  
  018814ca05cd1a0223db54ff6a2a1a7006d38efb832a7fa60b31a9f894ee90d2
- SHA512
  
  d69337c44988e84aabd78b1b46347b43a0a5b20174f387772132262c217d17922ca9b760bc048cd9e5f42394da14805f9b8f193d00d3eb05e3be1f60d67b5116
- SSDEEP
  
  192:okHzpNfzhSyR2mjGWk0RKl/iBX5csl2M/dQ5QW1lY8S:DzpNf9SU2mjGWJRKl/2c9vS
Score

1^/10
behavioral19 behavioral20
- Target
  
  msvcr100.dll
- Size
  
  752KB
- MD5
  
  67ec459e42d3081dd8fd34356f7cafc1
- SHA1
  
  1738050616169d5b17b5adac3ff0370b8c642734
- SHA256
  
  1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
- SHA512
  
  9ed1c106df217e0b4e4fbd1f4275486ceba1d8a225d6c7e47b854b0b5e6158135b81be926f51db0ad5c624f9bd1d09282332cf064680dc9f7d287073b9686d33
- SSDEEP
  
  12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5
Score

3^/10
behavioral21 behavioral22
- Target
  
  sources/calcpnfentropy.cpp
- Size
  
  7KB
- MD5
  
  de10453ebc94969450895aa7ec62ded7
- SHA1
  
  3bc962b78c8e9577397cbdb596ea1d74e965013d
- SHA256
  
  5a4b57fd9dc24174cce5058c6fdeeac3459fc7458adb2ab15e64a8fb4167e4a2
- SHA512
  
  8368d9a8ced569c025dc0a8f6bde0fd78d1136d81fbac96eceb6663b316efe80c764c2650ade9a4df747927a905afb7ad71309631e9a840c9b33f5a1e2d1a29a
- SSDEEP
  
  192:AkP7Khvz4QCwqfd+CmS2Lef2obq29UU6+2vpZQ2p3d:kQGsUz
Score

3^/10
behavioral23 behavioral24
- Target
  
  sources/common.cpp
- Size
  
  2KB
- MD5
  
  e48542c39f7b6fb49cb6d3dc28e3dd95
- SHA1
  
  cc438fac1d7386914d2517dac3f1a1bed1240c06
- SHA256
  
  8186dae2740e72370bed34dc43df3b12f28babb34a6e0b477944bef03fed5d18
- SHA512
  
  6b331abb201edc3960c149606879237f25a94c04555460335159e070b29abd9d4cd9ca102f884ff9d00ae5d64b39a5ce8fb5f9095e08096cc64ab75f0138e4b0
Score

3^/10
behavioral25 behavioral26
- Target
  
  sources/common.h
- Size
  
  1KB
- MD5
  
  a09cecb5d7cb288f2a48eac23852982d
- SHA1
  
  d5d27e61521f853261e0e424cf674adf30dbb751
- SHA256
  
  47f2f12fdcf109d8e61e6d6672e8394fbaefc87c564ff5d2fdef909292cd5e68
- SHA512
  
  8506fafe22797738d4e07071614187ad6a9bb68dcc00a70732c79f47996df3a138249e3dff0ff998eff33a40f103c491065ee946cbd03c7fb2b523578cb9a38e
Score

3^/10
behavioral27 behavioral28
- Target
  
  sources/findduqusys.cpp
- Size
  
  11KB
- MD5
  
  80b135adc8ce5409c34b38f85c5ed829
- SHA1
  
  0504b488046b898eef81de414aa299ce6eeeedf3
- SHA256
  
  6ce4e4f59e073ef9101b20f20e4a989cf5b0a25a3f024ec5cfe5264167a664a1
- SHA512
  
  609afa27c62d6b1db8d473ea314f7821fb95a26d6d160788affb2a1e9e3ee4b8c9ea9dbd8376dec97690674756e360fbd050c0fc202e293f799c372442c34a76
- SSDEEP
  
  192:A4CE2AcuRrOn41RMyFN2I+Wep3/fpZ225by23EVwZ2gtZD0qR2nlRBRN:4ORMZVui21
Score

3^/10
behavioral29 behavioral30
- Target
  
  sources/findduqutmp.cpp
- Size
  
  11KB
- MD5
  
  aa4e4d6e5c01d3240c125430c540216f
- SHA1
  
  dc77cfbd299d6d907372822c945ffdcfa4694ef2
- SHA256
  
  19ae97a4c5fa52315405dfd7d150455c05685d344c3ce4a2a06b8ceb0f7a668a
- SHA512
  
  e4c91c38a056a821f209fd9f0a69e813c954252d9b463d837eeb4c6cfc2f87f2f095c37407bdbf1614296420c921c0fba1ffa96b3bf0cec1a83a3b3052748eb8
- SSDEEP
  
  192:AxrlvvCIcoyri2d54naSk1UwC2QljOuObv2XEApyxgTp2tWXuvANyhwx02ez+2YV:sQoRliO
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32