75ce91d4f361227c1275a326653533c5eaa494b87dd96c529b03d0a3a6ff9ae2

Sharing

Copy URL

Twitter E-mail

General

Target

29f397839dcd23153c3e22d58cc729f9.bin
Size

36.0MB
Sample

240220-br5yysgf4v
MD5

29f397839dcd23153c3e22d58cc729f9
SHA1

cc283d2b1069b4ab6c4eb6f9a6f14dff0b96c0a6
SHA256

75ce91d4f361227c1275a326653533c5eaa494b87dd96c529b03d0a3a6ff9ae2
SHA512

d612b62e72d952ff20cb355144d868bb8db03529084c4b58fecd17c1ccdc76b690c8280631d33582e022ac0776e55fd0075b74ef608a0f261c4ce007dcfd09c3
SSDEEP

786432:jCRbCv+asKwdLVz50cdg1uzwoQMbxmllvg9LPuuOy01+qBA:jCg+asKwdNGcdMuzwoQMIviWuOT1fBA

Score

7^/10

Malware Config

Targets

- Target
  
  ORIONX-FUD-CRYPTER-main/ORIONX FUD CRYPTER.exe
- Size
  
  9.6MB
- MD5
  
  af452c108fee8530119d2534722238dd
- SHA1
  
  3d40eb00f9a455f5550a1b3ddd60c8dd09b13244
- SHA256
  
  a1539f9996c040b18c34983d48b80a3592f00c93ab5a279bf015999cf1796e1b
- SHA512
  
  fb12422ab74300c6874689659136da2655f02f2200a9de92d343e79ce1dd43f6d9277544d73d21066696fedb3be6b0407264979fefc75763f2d279a2655b486e
- SSDEEP
  
  196608:hFCY0yk+DfyGZ21X5Sp6GemDMPwSaw2cgWg1bMe0W8/LaNrruuWC:TCY0yxDfD0pfaMPXaw2a5W80ui
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  ORIONX-FUD-CRYPTER-main/main/sys/ApplicationFrameHost.exe
- Size
  
  9.2MB
- MD5
  
  7afc93b5b406fdb0cb1c98cab41c3e95
- SHA1
  
  ae17207e9542196f204adeb5e2b96349d0da167e
- SHA256
  
  39e8ce10a0fde4c94d9f939a51f7322676cd67fade457609a7f1dc27738a7c4c
- SHA512
  
  92c8e42b588ac9dc23a4aaaeab23336fde45b57e725c78725ec0414ca9eadb3a0093c2ad0e09614fabca4875ba43d3bc4a79d0eb96e321c2ad4641894237c790
- SSDEEP
  
  196608:neXeYDNJZVPpflOjmFju74M6P9Bq1bMgc3nruWGml1J9P:eXpnVPiKUMMIBbpruQJ9
Score

7^/10

persistence pyinstaller upx
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral3 behavioral4
- Target
  
  ORIONX-FUD-CRYPTER-main/main/sys/VCRUNTIME140.dll
- Size
  
  106KB
- MD5
  
  4585a96cc4eef6aafd5e27ea09147dc6
- SHA1
  
  489cfff1b19abbec98fda26ac8958005e88dd0cb
- SHA256
  
  a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736
- SHA512
  
  d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286
- SSDEEP
  
  1536:GcghbEGyzXJZDWnEzWG9q4lVOiVgXjO5/woecbq8qZHg2zuCS+zuecL:GV3iC0h9q4v6XjKwoecbq8qBTq+1cL
Score

1^/10
behavioral5 behavioral6
- Target
  
  ORIONX-FUD-CRYPTER-main/main/sys/_bz2.pyd
- Size
  
  82KB
- MD5
  
  a62207fc33140de460444e191ae19b74
- SHA1
  
  9327d3d4f9d56f1846781bcb0a05719dea462d74
- SHA256
  
  ebcac51449f323ae3ae961a33843029c34b6a82138ccd9214cf99f98dd2148c2
- SHA512
  
  90f9db9ee225958cb3e872b79f2c70cb1fd2248ebaa8f3282afff9250285852156bf668f5cfec49a4591b416ce7ebaaac62d2d887152f5356512f2347e3762b7
- SSDEEP
  
  1536:MidQz7pZ3catNZTRGE51LOBK5btb8ksfYqZImCVK7SysPxJ:MEQz9Z5VOwtIksAqZImCVKGxJ
Score

1^/10
behavioral7 behavioral8
- Target
  
  ORIONX-FUD-CRYPTER-main/main/sys/_decimal.pyd
- Size
  
  247KB
- MD5
  
  692c751a1782cc4b54c203546f238b73
- SHA1
  
  a103017afb7badaece8fee2721c9a9c924afd989
- SHA256
  
  c70f05f6bc564fe400527b30c29461e9642fb973f66eec719d282d3d0b402f93
- SHA512
  
  1b1ad0ca648bd50ce6e6af4be78ad818487aa336318b272417a2e955ead546c9e0864b515150cd48751a03ca8c62f9ec91306cda41baea52452e3fcc24d57d39
- SSDEEP
  
  6144:kH26+xqWUSYJqg2Jda6Rc7nxSelwgozq6t3Vs9qWM53pLW1AGgVMtEIbjf:aWUSYJqge47n8elwHjtl0EIjf
Score

1^/10
behavioral10 behavioral9
- Target
  
  ORIONX-FUD-CRYPTER-main/main/sys/_hashlib.pyd
- Size
  
  63KB
- MD5
  
  787b82d4466f393366657b8f1bc5f1a9
- SHA1
  
  658639cddda55ac3bfc452db4ec9cf88851e606b
- SHA256
  
  241322647ba9f94bdc3ae387413ffb57ae14c8cf88bd564a31fe193c6ca43e37
- SHA512
  
  afcf66962958f38eec8b591aa30d380eb0e1b41028836058ff91b4d1472658de9fba3262f5c27ba688bd73da018e938f398e45911cd37584f623073067f575b6
- SSDEEP
  
  1536:aG8njpnxGkYNEusZE/0Cw6cG1xImOI8K7Sy7Px:a7njpnxBZyw6t1xImOI8K1x
Score

1^/10
behavioral11 behavioral12
- Target
  
  ORIONX-FUD-CRYPTER-main/main/sys/_lzma.pyd
- Size
  
  155KB
- MD5
  
  0c7ea68ca88c07ae6b0a725497067891
- SHA1
  
  c2b61a3e230b30416bc283d1f3ea25678670eb74
- SHA256
  
  f74aaf0aa08cf90eb1eb23a474ccb7cb706b1ede7f911daf7ae68480765bdf11
- SHA512
  
  fd52f20496a12e6b20279646663d880b1354cffea10793506fe4560ed7da53e4efba900ae65c9996fbb3179c83844a9674051385e6e3c26fb2622917351846b9
- SSDEEP
  
  3072:5lirS97HrdVmEkGCm5hvznf49mNo2GOvJ02ZImZ1tUtx:5lirG0EkTQAYO2GQ3
Score

1^/10
behavioral13 behavioral14
- Target
  
  ORIONX-FUD-CRYPTER-main/main/sys/_ssl.pyd
- Size
  
  157KB
- MD5
  
  ab0e4fbffb6977d0196c7d50bc76cf2d
- SHA1
  
  680e581c27d67cd1545c810dbb175c2a2a4ef714
- SHA256
  
  680ad2de8a6cff927822c1d7dd22112a3e8a824e82a7958ee409a7b9ce45ec70
- SHA512
  
  2bff84a8ec7a26dde8d1bb09792ead8636009c8ef3fa68300a75420197cd7b6c8eaaf8db6a5f97442723e5228afa62961f002948e0eeee8c957c6517547dffba
- SSDEEP
  
  3072:iMxkIQQ8JHl+HPXeLeDgcuM8BYZxn8xfCA+nbUtgGoo4AyclUZImC7cbnx:iMxH8JFSGLAuMdnx1UZUf
Score

1^/10
behavioral15 behavioral16
- Target
  
  ORIONX-FUD-CRYPTER-main/main/sys/_tkinter.pyd
- Size
  
  62KB
- MD5
  
  6352db60d88705ce62b5665764529006
- SHA1
  
  e7a22fd590661e91dfe5cace1adff17d7a3de5ec
- SHA256
  
  4536d9092a366426aa01e1800d9d4de669928bbcb277f2363d54df44da096c31
- SHA512
  
  78b19668c82aef75dcdf98fd0b90677f3530cb7e80dc7cfec5640637fecb3e5d4fb38c21051fc305133882d26c6f8ecb03825227a3d66c5045b968bdc624bd2c
- SSDEEP
  
  768:w9v6FLQ04EgxQ1NX7TXBsd1T81LGAmUyP4QNxkoxImOSq5YiSyvCPxWE9:CyFLX9B7881Cj/wQNpxImOSo7SyqPx
Score

1^/10
behavioral17 behavioral18
- Target
  
  ORIONX-FUD-CRYPTER-main/main/sys/libcrypto-1_1.dll
- Size
  
  3.3MB
- MD5
  
  9d7a0c99256c50afd5b0560ba2548930
- SHA1
  
  76bd9f13597a46f5283aa35c30b53c21976d0824
- SHA256
  
  9b7b4a0ad212095a8c2e35c71694d8a1764cd72a829e8e17c8afe3a55f147939
- SHA512
  
  cb39aa99b9d98c735fdacf1c5ed68a4d09d11f30262b91f6aa48c3f8520eff95e499400d0ce7e280ca7a90ff6d7141d2d893ef0b33a8803a1cadb28ba9a9e3e2
- SSDEEP
  
  98304:YP+uemAdn67xfxw6rKsK1CPwDv3uFfJz1CmiX:OZemAYxfxw6HK1CPwDv3uFfJzUmA
Score

1^/10
behavioral19 behavioral20
- Target
  
  ORIONX-FUD-CRYPTER-main/main/sys/libssl-1_1.dll
- Size
  
  688KB
- MD5
  
  bec0f86f9da765e2a02c9237259a7898
- SHA1
  
  3caa604c3fff88e71f489977e4293a488fb5671c
- SHA256
  
  d74ce01319ae6f54483a19375524aa39d9f5fd91f06cf7df238ca25e043130fd
- SHA512
  
  ffbc4e5ffdb49704e7aa6d74533e5af76bbe5db297713d8e59bd296143fe5f145fbb616b343eed3c48eceaccccc2431630470d8975a4a17c37eafcc12edd19f4
- SSDEEP
  
  12288:WhO7/rNKmrouK/POt6h+7ToRLgo479dQwwLOpWW/dQ0TGqwfU2lvz2:2is/POtrzbLp5dQ0TGqcU2lvz2
Score

1^/10
behavioral21 behavioral22
- Target
  
  ORIONX-FUD-CRYPTER-main/main/sys/python311.dll
- Size
  
  5.5MB
- MD5
  
  e2bd5ae53427f193b42d64b8e9bf1943
- SHA1
  
  7c317aad8e2b24c08d3b8b3fba16dd537411727f
- SHA256
  
  c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400
- SHA512
  
  ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036
- SSDEEP
  
  98304:AtcGVQE2EKmLX3N1fn/q+VHzMzDPFE+syIqPzlJ0:AtcGVQE2XmLX3ffGzJENyIqH0
Score

1^/10
behavioral23 behavioral24
- Target
  
  ORIONX-FUD-CRYPTER-main/main/sys/select.pyd
- Size
  
  29KB
- MD5
  
  756c95d4d9b7820b00a3099faf3f4f51
- SHA1
  
  893954a45c75fb45fe8048a804990ca33f7c072d
- SHA256
  
  13e4d9a734a453a3613e11b6a518430099ad7e3d874ea407d1f9625b7f60268a
- SHA512
  
  0f54f0262cf8d71f00bf5666eb15541c6ecc5246cd298efd3b7dd39cdd29553a8242d204c42cfb28c537c3d61580153200373c34a94769f102b3baa288f6c398
- SSDEEP
  
  768:ReUeJVHqbbDNImQGN5YiSyvaAPxWE9Uux:ReUeJVKbbDNImQGT7SyFPxBx
Score

1^/10
behavioral25 behavioral26
- Target
  
  ORIONX-FUD-CRYPTER-main/main/sys/sys_stub.exe
- Size
  
  9.2MB
- MD5
  
  baf91b62e39494eb5dda874c012f0eca
- SHA1
  
  448ff0d21779062731cf526b225406cf7dd79644
- SHA256
  
  ac84ecde5cffebbc5b7a8b9f0b47db08dcca9168580af0c888a226ea22c034c7
- SHA512
  
  9b5f5dd43e4e09bdef986a7cf6f6db4e36c3d117baedcd7aea164c28bd714cff5f8b2f8da064c4b8b85b5c75b92fb22655959ba3195a7435ceccf3d0a62da14c
- SSDEEP
  
  196608:03+4Wtj951vpflODmFjubYM6P9hKVbsgcZnrO2GmFVJdvV:03aj71viqUMMIh7PrOwJdN
Score

1^/10
behavioral27 behavioral28
- Target
  
  ORIONX-FUD-CRYPTER-main/main/sys/tcl/auto.tcl
- Size
  
  20KB
- MD5
  
  02caa5526fa91319315788b38387a5e5
- SHA1
  
  56d7bd91740759a54d0ae724fd806a124b67ca98
- SHA256
  
  2a176e7467c15f12198662db68b9deda0726f4f744166c85060b894ce676d055
- SHA512
  
  aafb4ee6c71b0d75ad41e9bc57d9d297883ae41a994029e5e692c7b1360dd8136e13fbc3f509b4c46659c1d0302ac1a19aa5391610f347c9e2feb7cf6935d398
- SSDEEP
  
  384:vy8cBWaytAZXTP9nYP9Qq5HU3mT5uhUXBEWoYqpR+7pBtYSbJ0QDVlM:dcBWaytAJTPBYPy13mT5uubqpR+7pYSm
Score

1^/10
behavioral29 behavioral30
- Target
  
  ORIONX-FUD-CRYPTER-main/main/sys/tcl/clock.tcl
- Size
  
  125KB
- MD5
  
  f6190e0ddea9aba901eef220cdaedad9
- SHA1
  
  0e0c8d0bc7d472bf03226805f211fd7acc0a4593
- SHA256
  
  7f27d400b088a0e72adeb48d17059892e95f08a2a03970bd74cdfb35b106618b
- SHA512
  
  cadb90ab401966b5b9f6b8087657f227f28a8eae6dddb8b081500e1ac02d9ca8e74c73c8c4205172eb68fb0d5754d8af699cfbfe985b2c37e642ae12b7a32e93
- SSDEEP
  
  3072:7klVEuSDFeEzGtdaui+urVke5i1IsQ5SvtTImhrYnPrzAvtt2eyw7KBH/SOyQasa:BDFeEzMaui+urVke5i1R6SvtTImhrYPG
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

UPX packed file

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32