Overview
overview
10Static
static
367f64deda3...ca.exe
windows7-x64
1067f64deda3...ca.exe
windows10-2004-x64
10Ecco.xlm
windows7-x64
1Ecco.xlm
windows10-2004-x64
1Par.xlm
windows7-x64
1Par.xlm
windows10-2004-x64
1Sommesso.ps1
windows7-x64
1Sommesso.ps1
windows10-2004-x64
1Vento.xlm
windows7-x64
1Vento.xlm
windows10-2004-x64
1General
-
Target
67f64deda3027f9fcdd4b5d9568d37ca
-
Size
1.5MB
-
Sample
240119-ssf5nahbd9
-
MD5
67f64deda3027f9fcdd4b5d9568d37ca
-
SHA1
a0282c1308618988507d893ff0cf4210f48b8434
-
SHA256
4100053b3cc8236c5fefd63c3773e81c5daea40638bcafc588b2127d9a191670
-
SHA512
1004cb0635793106001a6aae43f82c53f21e20a24ad19d0a7e7904cc86fd76dc39aad4b6d9397274f640bec196559cc781260e45f82e123297161d041d9aa3b8
-
SSDEEP
49152:No/WVBIH536/5KXqU4lcv/BVHoj2RCtR3l:NoeVB4536/s6Ulvpt
Static task
static1
Behavioral task
behavioral1
Sample
67f64deda3027f9fcdd4b5d9568d37ca.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
67f64deda3027f9fcdd4b5d9568d37ca.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
Ecco.xlm
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
Ecco.xlm
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
Par.xlm
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
Par.xlm
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
Sommesso.ps1
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
Sommesso.ps1
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
Vento.xlm
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
Vento.xlm
Resource
win10v2004-20231222-en
Malware Config
Extracted
cryptbot
ewauhc58.top
morexn05.top
-
payload_url
http://winorm07.top/download.php?file=lv.exe
Targets
-
-
Target
67f64deda3027f9fcdd4b5d9568d37ca
-
Size
1.5MB
-
MD5
67f64deda3027f9fcdd4b5d9568d37ca
-
SHA1
a0282c1308618988507d893ff0cf4210f48b8434
-
SHA256
4100053b3cc8236c5fefd63c3773e81c5daea40638bcafc588b2127d9a191670
-
SHA512
1004cb0635793106001a6aae43f82c53f21e20a24ad19d0a7e7904cc86fd76dc39aad4b6d9397274f640bec196559cc781260e45f82e123297161d041d9aa3b8
-
SSDEEP
49152:No/WVBIH536/5KXqU4lcv/BVHoj2RCtR3l:NoeVB4536/s6Ulvpt
Score10/10-
CryptBot payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
Ecco.xlm
-
Size
499B
-
MD5
2aff5060ef4f5d995d554450516532bb
-
SHA1
2fc0f1b6ead08bbca6241c95d72c85de0a2ca735
-
SHA256
2f0a4a9283fb38f5f88376fa00844eb3141e1a0492ed42b38918df92c6f365e3
-
SHA512
798d0d5f1bfbc18e094c80329b4ab873517165f986b1bacdaaf3558af72b54870be5e4055600127950eda52ae4dedba653f87354fc48ddc8c1c261cbd67b9f7a
Score1/10 -
-
-
Target
Par.xlm
-
Size
634KB
-
MD5
033e57418a4d3ad237d0a86cf85795ac
-
SHA1
a97dbdbca7ff72e989a5c12f6c27743a36e9fd8a
-
SHA256
de3fae37d1e8ddd6c2888f4729bf63daaaed6946a9b1ea8d120bb911245b5c26
-
SHA512
18f5ce141e830efa2ceed5c246e8019f3da2296e90c438548ff4786b3e6bee85a51b634f5a2cd24e4801f495f14ddd47dd3fa012787f198e6e02b49312be928a
-
SSDEEP
12288:Hkd3+x7eH3/6287yuJShBoCW2AKt6SE6DuvRPGjhnTFjHl7xyMR+9PEf+ZAV:H43+c3/E7yuMhBoZ2AKtRivYnNJxLREa
Score1/10 -
-
-
Target
Sommesso.xlm
-
Size
697KB
-
MD5
529d7087e5a2c24342f2f2f3d13526db
-
SHA1
04c5c070272f851d1d1e1b9ba09ad43a8cd2db96
-
SHA256
7d766f03577e7bc27034b4657858182a06e1c632fcf3c8ff8afea46937e1c9c9
-
SHA512
e79c226c283da0e84a32e98972a18d95cbe90f41d80b8ae74162730ccc4424dfc694898721de9de955da2a986b95dc590388e1e5e2d9154df5155a39d5b8b99b
-
SSDEEP
6144:hGiqEPh6WMYhb1SxMf8nHDz7nryCDsxJQXWPDvGKc9+K+C+8i+eB+8+XL5e6UCvB:s4UWH4i8njz7ryGQCXWPrGfPVe6fvcYl
Score1/10 -
-
-
Target
Vento.xlm
-
Size
872KB
-
MD5
7086a5eb43121ec9982a724df35038c9
-
SHA1
a41da4521467cca2caf8bf4f125f2e9937ca6524
-
SHA256
cc48df3aabd0cb33748c57ace9c163c1b14dc19a287717afa6c333345081aa1b
-
SHA512
63eb0ad9cfe1634ddf1bcfed2307508dbfeaa1c9540fd62315e27cd1e1efdf8a5112992e582a877e66ce57540f113a49026a9eab82477273f6a1d65f79b35a52
-
SSDEEP
12288:hpVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:hT3E53Myyzl0hMf1tr7Caw8M01
Score1/10 -