General
-
Target
PSTools.zip
-
Size
5.0MB
-
Sample
240131-2l11xsfgap
-
MD5
41ebdadc06b18164dc571f9db251c01b
-
SHA1
ddfb009f8b92226aa45c467f8d0eebb29a8e2ff5
-
SHA256
a9ca77dfe03ce15004157727bb43ba66f00ceb215362c9b3d199f000edaa8d61
-
SHA512
263fb743b410f4fe5ff163e6435606b98087bd42e79ab82d1705cac32d93c31df6ecef9bcf6d9e0a344387184e3910f34f26ff7848e575b5b97019d12f7e0316
-
SSDEEP
98304:w8SK6YhPu87Ci2jqrAAQiu9fffhwqZ4qxIL48xtg6TK/nUjqbprp7sg:wU/h3h0qrAL9fCqZO1Kycbprp7P
Malware Config
Targets
-
-
Target
PsExec.exe
-
Size
699KB
-
MD5
24a648a48741b1ac809e47b9543c6f12
-
SHA1
3e2272b916da4be3c120d17490423230ab62c174
-
SHA256
078163d5c16f64caa5a14784323fd51451b8c831c73396b967b4e35e6879937b
-
SHA512
b974ce956f2e922e92ca414d1bd6cc7bcb36bc44532b28b392f2a8052d6d47fd742841c4add6ec5c8283d28d7245b1704af34a523917e49cef007eef700a0b9a
-
SSDEEP
12288:LOO6oMlKDdwPDMlkw6Pph0lhSMXle+eO1HK+meynh5yRX3oRG72:LD9McwPDCkw6Bh0lhSMXlemqth5yRX3E
Score1/10 -
-
-
Target
PsExec64.exe
-
Size
813KB
-
MD5
db89ec570e6281934a5c5fcf7f4c8967
-
SHA1
0098c79e1404b4399bf0e686d88dbf052269a302
-
SHA256
edfae1a69522f87b12c6dac3225d930e4848832e3c551ee1e7d31736bf4525ef
-
SHA512
c0b9723c1ebe946b7bfb36525dcc6063518c2a534ff5a9921dd84e3dd519ab670b83bd70cd4ed78843a411b573b9869b8fb527f8bd67cfe9fa7630717f6cad30
-
SSDEEP
24576:szZTjAVZibdc56dh0lhSMXlGTEzGASe3n1/:0ZTkZOcbyEz8e3nJ
Score1/10 -
-
-
Target
PsGetsid.exe
-
Size
403KB
-
MD5
3d4112b92a8285d8661bbc29125bdbf5
-
SHA1
38b53a8767a1c0d7ad774548780e5e071fa0414a
-
SHA256
a48ac157609888471bf8578fb8b2aef6b0068f7e0742fccf2e0e288b0b2cfdfb
-
SHA512
5b250a6e29a12bab1d8b5e332dfc7d7fad1a6a96d2d065a176a7f47688e05bc6fc2b3de280c182b681276162942838b4c868aa8f87316f7f88fff763df9be74e
-
SSDEEP
6144:1avXzmER+DOtMat59yLCJyrspAanZDAOg70vyLqN25hJWkTZPThq1Qecz9:iXR+DOeatPAVaZfvyLqi7TBTo1Lcp
Score1/10 -
-
-
Target
PsGetsid64.exe
-
Size
494KB
-
MD5
c2b0f2de5955aaa313999ff20b675be4
-
SHA1
15eb06d96700387c1eb7214841cf6a1cb667512d
-
SHA256
201d8e77ccc2575d910d47042a986480b1da28cf0033e7ee726ad9d45ccf4daa
-
SHA512
0678b079f6daa08dacbb56380ce093719134565adadf4ff905b08a83875c1e703b99296f4c6b9103dc9139528b4465a02c8277cfc29970f6e645a01716218da9
-
SSDEEP
6144:V361fygi7BtFSGMiSpoVCMBKE7aD8JtoWohb5ySWXa76Gmq2XSEVf2PgM:Jwi7LFSXiOahKONoJw676G9vEeX
Score1/10 -
-
-
Target
PsInfo.exe
-
Size
432KB
-
MD5
2691d7f266050e6849793d4b6661dddf
-
SHA1
7f66f109db5f30e17bc4a6705acbcace123c2765
-
SHA256
951b1b5fd5cb13cde159cebc7c60465587e2061363d1d8847ab78b6c4fba7501
-
SHA512
467253dce2c3d4cf50fdf42a094307d97988fd2a8f01f1f58aeb9406c5a3bfb49fe5ba238dc3b47e79f88dd8be8cc71e5f23553d0b3ef21add959f9462643707
-
SSDEEP
6144:sThlh7njzvX/XpKNHqCroZjtAAOS727nlSsSb8dpyk+b1fYXwj:g/T3X/UKokiLbcsS9Xtawj
Score1/10 -
-
-
Target
PsInfo64.exe
-
Size
523KB
-
MD5
86a65cfa9f258b0a46ed54e1ad235078
-
SHA1
e65d43d47fc1cab8359906711631beba78ab23b5
-
SHA256
de73b73eeb156f877de61f4a6975d06759292ed69f31aaf06c9811f3311e03e7
-
SHA512
799e21f9d24f36184f7d148696e25f88c7fab629f2e5b06644993fc1d798e5116f3e66159ef2f3a497785c252229f82ef841f5f1f9c6fd31e112d0dafe2582f2
-
SSDEEP
6144:BEpZceA9Bi3brLRSA0oIyd9MOI0Y1HQmZohauQQhsWHGZ8PgdJB+NMJQMnprK:BRBObvRIvyd5Yo0uQQhHi8Ydz+jyp+
Score1/10 -
-
-
Target
PsLoggedon.exe
-
Size
148KB
-
MD5
e3ea271e748ccdad6a6d3e692d6f337e
-
SHA1
f02e06bc439a28aad6dd957df8d0022f22798a09
-
SHA256
d689cb1dbd2e4c06cd15e51a6871c406c595790ddcdcd7dc8d0401c7183720ef
-
SHA512
07a47cb6c2663219f0673647acb01d8d5a702b5e14f40c11b1dcebb3655c9d1825d9f6f2c23dce1fc73cd2ab10565fadd19e0b18e63d51c44498b5f159215503
-
SSDEEP
3072:GJsH2jYVvmuOPybZUFS37ED65lx50kKXRlED:Ej3wIYZNR
Score1/10 -
-
-
Target
PsLoggedon64.exe
-
Size
166KB
-
MD5
07ed30d2343bf8914daaed872b681118
-
SHA1
1f5b5e40c420f64aa8e8de471367e3decc9763cd
-
SHA256
fdadb6e15c52c41a31e3c22659dd490d5b616e017d1b1aa6070008ce09ed27ea
-
SHA512
4f410a52c3a91174086990d4f827842514946874d9d65a71d2716258224cb28df7214602a84ea062747e1406cab15e7cd4b61c6660bc2a7e756031d83feb85d2
-
SSDEEP
3072:2CU/1bZRbIWLbJ+YdTcSio3qXatOg2X5UFyHYoWOwVRxnYs6aJcqRzE/Ma:hQ1rIabJ++TppMatOZqAL0+Ma
Score1/10 -
-
-
Target
PsService.exe
-
Size
261KB
-
MD5
136f9205a5945681ec470b8461dfee5f
-
SHA1
1ca7e6ac6128bb1f4e0318a28310525baf7c67c6
-
SHA256
d3a816fe5d545a80e4639b34b90d92d1039eb71ef59e6e81b3c0e043a45b751c
-
SHA512
a3eaf3665bc8a227d139fb0fd6032c1510288c3fa41a50ee5a774301f88491fa69297c437b4ddec1a0df18ba5085c9c5e61254bfcbd38fd3b5f7c4d074ede142
-
SSDEEP
3072:e4iIB7s+H1oGlMqE7PbxxY0X8xR1O4yjXUnJfELaQdUFvJPKg+SjWAg0FubMr/vV:e4p7sG30xTX8tajKJGa5pIAOCvM6+e
Score1/10 -
-
-
Target
PsService64.exe
-
Size
314KB
-
MD5
657c2da84107644a1397d49e0b526f24
-
SHA1
5c9ea381169e745d68e717cb7ad4adbf6afd6391
-
SHA256
554f523914cdbaed8b17527170502199c185bd69a41c81102c50dbb0e5e5a78d
-
SHA512
f71064bbad6aae5ca94da9f49d672d04b9e1435f9e13b724f00afd2213cab402f407e71fa18817fceabdcb7c114c32febec35f39cde70c3e3c3f096e8f94bc4e
-
SSDEEP
6144:DG1HIY/dt4hEotTabamlJCqTH7BXohll9vGfq:DioWP4eoA3lJT5ovlt/
Score1/10 -
-
-
Target
Pstools.chm
-
Size
65KB
-
MD5
009ac2be60f92dc2c41b094ce2d3857c
-
SHA1
2fe7a164b987856721fe43eb174090cf69afad54
-
SHA256
2813b6c07d17d25670163e0f66453b42d2f157bf2e42007806ebc6bb9d114acc
-
SHA512
85cb0156b5852728b4ba30960a45143a34ccfcec7faccfb9c0e6c03cca2a3a03ec792345046e82ee21a68ae75ed221936c43da2a35d6729b23cb2a75551a5ddc
-
SSDEEP
1536:L8G0S3fJmn7Mj3vwi7K3yC2mlyxYtVrRd+uwA54tC:Y/SB4w3PdC2mwxY5d6AyC
Score1/10 -
-
-
Target
psfile.exe
-
Size
229KB
-
MD5
a0c7585c86ab8bfe6d55a2547e7c9382
-
SHA1
c9088174075b01dcd28046441f67f9a7172d113d
-
SHA256
4243dc8b991f5f8b3c0f233ca2110a1e03a1d716c3f51e88faf1d59b8242d329
-
SHA512
166ab0fc420449f716ea2a568e245e6e447a1638ea1b8a662ab685f9f54516fc8c216fa559897e6f9eaf00a8eba704c18906ccda5eb438dcbb166fa9493ec099
-
SSDEEP
3072:34fm+gtYL7MyTrtLJNWYAnhzqZ31CRtcNRAaJBeCx/b6dUFSOTm84LQ2Ag0Fubfh:ofmDqZFCRyhJECx3LoL7AOtQ0hvWa
Score1/10 -
-
-
Target
psfile64.exe
-
Size
282KB
-
MD5
880ed8c97e6bdb64a342fad25094049b
-
SHA1
253ba984e247c640fa2c6fe1f93cafdc2d1df573
-
SHA256
be922312978a53c92a49fefd2c9f9cc098767b36f0e4d2e829d24725df65bc21
-
SHA512
8424a12532223b7d28ee31a293de01be6a08d01e6abfb8a63c66f6a112d7d296738e184e50e2935311e166e48acfc68878fd1eeb4f773517acd5370f48d1a446
-
SSDEEP
6144:1KSK5nJaoeoR1tVpFZ1ADrcHpYbWMMYe82hJohOHEeFy:1K9nLeoR1tVpT1mAHpYbuJooHi
Score1/10 -
-
-
Target
pskill.exe
-
Size
381KB
-
MD5
5801303c49e5bb612aa55fb8b909a9c9
-
SHA1
b9cf22418a5c45ede9fb44680fa7f3d90a1e0bee
-
SHA256
5ef168f83b55d2cbd2426afc5e6fa8161270fa6a2a312831332dc472c95dfa42
-
SHA512
1d0f97cb61320bfad6d4a4a3f47f6feac8c57166a1dfbf3aab1da705e8739a1250cb5930403095a23ad1a8fc5b119a63f55a2218e1bcf2718c881f8f2b501c30
-
SSDEEP
6144:erJT3E2vJM6rZ82ywZnVXxm9AOWDTaKC1CegGN85SH5dmIYL:eZ0eJM6rDz2CaKCE1IZwIYL
Score1/10 -
-
-
Target
pskill64.exe
-
Size
465KB
-
MD5
ba9345119c1175c96d27370b0d203e70
-
SHA1
aeb2a53e9c8730c2cbd15d620c001d0501e4bb91
-
SHA256
7ba47558c99e18c2c6449be804b5e765c48d3a70ceaa04c1e0fae67ff1d7178d
-
SHA512
504501c7c6d415a4ed66bf39827164080e093725d498de6b69a643c73e227392c127f8ab026587bce9d0c5fe9d3dd3d25c3d236d10f2dd38fa309d7d97606a7d
-
SSDEEP
6144:ucOvz1jiG+NSiKy9Uw/n/BcH7oNC5ohCe0pgaik3CCABtnVpTwXsu:fAJiG+NlKWTv/WHjoP0pTyVtfM1
Score1/10 -
-
-
Target
pslist.exe
-
Size
212KB
-
MD5
6c08bae0981841e0cd22ff0f0e8f7510
-
SHA1
cad5355c534cccf48ca8df5a1007cc34d37cb619
-
SHA256
ed05f5d462767b3986583188000143f0eb24f7d89605523a28950e72e6b9039a
-
SHA512
1080d9e7d3151122518c8ecc09da061086f1d490656f26df99153ddd3f933da049a8364af28fa104da54089271625f229007989a2dff713782066bd8fa142c25
-
SSDEEP
6144:UJTVdqTvShLDFQUH9To/JPjDXDzM/P77U8lvfhC9GEPyg:KPkQWdPjrgDJlXELyg
Score1/10 -
-
-
Target
pslist64.exe
-
Size
260KB
-
MD5
77bf50713a9eb7b270a73a9797f8ddfe
-
SHA1
630ccb6bea18f6224f830216273297ae0bb43718
-
SHA256
d3247f03dcd7b9335344ebba76a0b92370f32f1cb0e480c734da52db2bd8df60
-
SHA512
80d0fbcb25d81c6146aaa1adfffeac67681c6c6c5afddd5f84bc5112a510c0803936a3efa6753baab58cb73cf674ba6f6d077da7ddf864ea9fbe17e7626e6fdb
-
SSDEEP
3072:90UJu9scKE2FrJojBdfQ9heIlNDvZLByZhRg9bH9UFgwNVVwUElCSHzuD856bFz9:9RJu41FlWBdI9kIlN7RdMgBPlCuyFz9
Score1/10 -
-
-
Target
psloglist.exe
-
Size
305KB
-
MD5
4f7f8d6c8b22eb5c0c35b29210e2127c
-
SHA1
b03d70220e185124be9189d979026810d002a6cb
-
SHA256
dcdb9bd39b6014434190a9949dedf633726fdb470e95cc47cdaa47c1964b969f
-
SHA512
591c62557267842cc21670e0c2f94f92206a469b7ed6c4a9c54b6bce49b36d299e1fd903853879853fdf2d9c778c8a0a34dd3d912d7f5a7c7ddb65c7c7220aa6
-
SSDEEP
6144:w7GOlab76OGVBYukqhiExLcJVWr4LQLGFdAOxGKyE6i:w7GOlQ6nBvkqeVJQOd4E6i
Score1/10 -
-
-
Target
psloglist64.exe
-
Size
369KB
-
MD5
14b2f5291036be454ae2fc762ff6eaaa
-
SHA1
185c0507011d51d3bf998ea5c4f0618aae52ae41
-
SHA256
5e55b4caf47a248a10abd009617684e969dbe5c448d087ee8178262aaab68636
-
SHA512
8d6ba79658487dd7afab1aced334ddde372e8095abdeded7368a5d873e8beac1aeae752883b15c8c5291a39f5f9222017f5e6ecd61ceb5bcc5c63b6a567c9444
-
SSDEEP
6144:f5Xo8FK/v5qyC6MBKZBztRF66C5rlMs+y+n7kx89G5Soh4mWsSSTMAvC:fa3JqV6MB8zt3vQMry0AUpoVSyvC
Score1/10 -
-
-
Target
pspasswd.exe
-
Size
216KB
-
MD5
427214d675b6bce9f273eb2dde0aeefc
-
SHA1
423d9b37ef7155c3c36b71ca7f3e6ae154e212e8
-
SHA256
6ed5d50cf9d07db73eaa92c5405f6b1bf670028c602c605dfa7d4fcb80ef0801
-
SHA512
f8beeaf4ff4120b9fdd54e5e68bb49718b3a591bbce6c7c5ee5761ab1a89f43559e818be5562974cc50c4234d2ee38478b1a41f143535c38a7eafc22ac074a92
-
SSDEEP
6144:/qau0x6EJpB2E2GNoReumgb8HAOBMo6/fI:X0aB2WqeumB3m/fI
Score1/10 -
-
-
Target
pspasswd64.exe
-
Size
264KB
-
MD5
2a23848ac28d73352ba80584327ff713
-
SHA1
4e131910e0080799d86aceee036c0e288c0ae6bf
-
SHA256
8d950068f46a04e77ad6637c680cccf5d703a1828fbd6bdca513268af4f2170f
-
SHA512
bfb3b81d8a150d18cf334ad7be5ca07c0e653074cf5439eae041bf9c0b2e3872d2ccc5fa6cf87f92fa3865e70d3bd3405d3e3c9d97e529f4162bf5fba80212b2
-
SSDEEP
6144:A1PzLnK0L6i6s1qE9TMHVoiz2lOjohrSWDVa:AJn9Lp/1qEqHVRzPo5U
Score1/10 -
-
-
Target
psping.exe
-
Size
280KB
-
MD5
93f162d9e1ae290f47695e71589fd4d4
-
SHA1
6e4e76af6078a0272dd1b24822a82058b98a6026
-
SHA256
355b4a82313074999bd8fa1332b1ed00034e63bd2a0d0367e2622f35d75cf140
-
SHA512
1c354d00cc72fd91fd8ecfd57c07802bbd3d5e920f14d16eb8e7d0e0904a709c1017d641632dfee96202bdad5b20c60a242533972f60a1e4a6c5f97a7ab53afa
-
SSDEEP
6144:8l54D+DLqVyzmliEFq6RSOHIj+vzJDvXRnuxQ:Qz8Fq6RzoIdvB5
Score1/10 -
-
-
Target
psping64.exe
-
Size
338KB
-
MD5
ad7e3ddf557e1de0170e384031d3a221
-
SHA1
a57cbd620c3dad284b5d88d1cf5fa0d2cd44c4b9
-
SHA256
d1f718d219930e57794bdadf9dda61406294b0759038cef282f7544b44b92285
-
SHA512
b29801f322546d1dc2d086e97ca7450da0f4367e87a3c6ba5b5661f466fe148694db5714c34d1dc594e00bd802b8737a8176beff44680600f377615cf045db29
-
SSDEEP
6144:Y6DycgP7fW4/HmE/XYfZaVEu9gRr+ZA/Xk99PAAFsq7FYlq8+:Y5/7fW4fP/XQZaOu9gUZeXk9pAAG2M+
Score1/10 -
-
-
Target
psshutdown.exe
-
Size
674KB
-
MD5
31e8e12d02a6cac9088d89215cf4552c
-
SHA1
587c934f44ec69520d465e13ca7b3b43dd172a41
-
SHA256
13fd3ad690c73cf0ad26c6716d4e9d1581b47c22fb7518b1d3bf9cfb8f9e9123
-
SHA512
c787f30dd6b1caeee39b6c0f4380e8c782cbb5b2240c8657ef604b2a42c94f663f89a3c82a52c30b501d8059a7a743beeb1ac43b87529c51834378622a655a8a
-
SSDEEP
12288:91GkqvKoSr6P8/nnIavz7zCph0lhSMXleTtfDKi:Lrqyo4DnIaL7zoh0lhSMXlUOi
Score1/10 -
-
-
Target
psshutdown64.exe
-
Size
790KB
-
MD5
b5b4abc85d5d8c817ce552c3c6a0aba5
-
SHA1
3f4805854201987dd3d7b834cd5a1958d2cd82f5
-
SHA256
4226738489c2a67852d51dbf96574f33e44e509bc265b950d495da79bb457400
-
SHA512
db4eabbd938550e66fe1b75ad7d5a31bbdfb08be89ad4b39260fc4759ac1b60191fe336cc89a32179e5c7782c42ed597f6b1adc376f26d96c780736f7760c995
-
SSDEEP
24576:YADxH+T+4NEc7z8zeE7X71dv8h0lhSMXlN9vx:YAwTJj7zWRdpLvx
Score1/10 -
-
-
Target
pssuspend.exe
-
Size
383KB
-
MD5
1b9f1a75593dfc670fa7c54659ab5796
-
SHA1
c9f0c40e012f8cfe20b1e5cd6a9a7b078e89a00b
-
SHA256
95a922e178075fb771066db4ab1bd70c7016f794709d514ab1c7f11500f016cd
-
SHA512
ab7b26ce5487af2a337cabfa16908ddf72bf1f6942675760e7decee874dd0f72fd47aa42bc442fe11f71fab03106c75db0234199974c7de84d1ed3f12a9b4788
-
SSDEEP
6144:V/M1xPjrG1x+YgoglDni32wAO5GeLCfCsip9631L5qMbYd:W3PG1x+1+pBLCfCjGNqGY
Score1/10 -
-
-
Target
pssuspend64.exe
-
Size
468KB
-
MD5
6eeeeb93f86c729faa2280525c699caf
-
SHA1
35fca62d65dae3b6c4bfe746f04b5077fb5937d3
-
SHA256
4bf8fbb7db583e1aacbf36c5f740d012c8321f221066cc68107031bd8b6bc1ee
-
SHA512
de125c6571a7677ab5086a4fe70c846a678d79ad5ce831c79d0c853a1a74d9a538886b92a4cdbc18b3cb3178c18418b1b2c05cfb72bbebcf66d32e49aa06cb7e
-
SSDEEP
6144:TmnG+egsZWSeVqI/bA/7eCBl/F05lveyohDrwNx9cJ1qrg/WkucbXsZZIxQADzg:KGR5UVz/bqaeldYhotwNM7qryouXQj
Score1/10 -