8daf2a0088faa54e2c2720af17559507bc68e318b080176895bdcb22edf01d5c

Sharing

Copy URL

Twitter E-mail

General

Target

Crack Rdp source @Tanhayhc.rar
Size

19.7MB
Sample

240220-k3tvhaeg59
MD5

18afe3b66b967b0429e36125ff1bad31
SHA1

c1ffd230342e58dd6afae4ba951bef306914ed84
SHA256

8daf2a0088faa54e2c2720af17559507bc68e318b080176895bdcb22edf01d5c
SHA512

d6b0012bdc5714f0cb45b15782999968a4416be3589e3bed23545650a3d32377da2a5d066ed4c9350a6922f530450a81347d9c98f66bf4bff07e15d9c1331fbb
SSDEEP

393216:o6qsB0EJYizogeogiU7TXkDSZTa0tNtX4c/s4kqW/RVuSClv:vfYiLeJiO0DSHX1QqW/mzv

Score

7^/10

Malware Config

Targets

- Target
  
  NLBrute 1.2 x64 & VPN - KeyGen.zip
- Size
  
  11.6MB
- MD5
  
  132a0a71d2f6653746b2cf08f83e5cba
- SHA1
  
  0c2b5f8e732392a7ef2439a8fcbf43f4523bb882
- SHA256
  
  a53d93fc6a940e7e5ad1abe433b232e0ed45ea4e5a09e1da4972841bd7db624d
- SHA512
  
  cbee7f2ddbbfdbe50e70b74287918b331619c694bb7d0ed9961c53747a3d02ba017a7f26aa7324d6cd35056544ea344e3b8ff7145120c767e5f4ea7d13e63fb2
- SSDEEP
  
  196608:YBAmCUX/1nsc74MlZvFwG7BrK6VxuZ4EU/VxXr+Xg+LZ78HuUuB+LVp5FV:YBAmTxsZMlZvFnFKLZZUbraJ8Hu5WV
Score

1^/10
behavioral1 behavioral2
- Target
  
  NLBrute 1.2 x64 & VPN - KeyGen/NLBrute 1.2 x64 & VPN - KeyGen.exe
- Size
  
  2.5MB
- MD5
  
  62b039b2af7bf5f6abf35ef903024300
- SHA1
  
  4ae220e451482e839619c2e927752468e0eda8d5
- SHA256
  
  83d7f6eaf7fe075503ea6a0bc726633c34595a6eae7edd7deab95ab4d4a66fd5
- SHA512
  
  8abcf2fb422465fa578eb59e2788317ef88360551b675c964e03475a865e22dd4b86550bb442c1823fa72de059cedb438cac34538dcb291ccdb22fd34ee5433e
- SSDEEP
  
  49152:45U/Jdf39XFINkWr5kkYe6TdOYz44rcaMJIsjOO/ry3X0EdNZgJAxGEG8CZaFD:L79XaH5kheKdX4cjuR6q6XTNTI58Z
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  NLBrute 1.2 x64 & VPN - KeyGen/NLBrute 1.2 x64.exe
- Size
  
  8.7MB
- MD5
  
  78dee6d98ef0305edf5e264f4b9e3389
- SHA1
  
  e89564f142b0900357ea5be5dfa5ec12a21f91ea
- SHA256
  
  f109dce14b8d7911ba69d6ac1309da3b93461c724cf327fd7be5d73eaae21572
- SHA512
  
  254a1dfd30dfed73de864cbca51c5673c4723796b9c3ccfc62cf8dd67b09abfe2786e8cf76ac0465f3a7582ab2a8c2c8ca163517fc4e607443b9cf9a4949fe7d
- SSDEEP
  
  196608:ELty6I5phJfAzVV4A8MWzYHuiDaU/BYv7x3soJrXC8I3Asdf:ELg6IxwV4ALWzrGa8k3sodJDsd
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6
- Target
  
  NLBrute 1.2 x64 & VPN - KeyGen/libeay32.dll
- Size
  
  1.6MB
- MD5
  
  d0a818dc5d401c5b0057bffd6ae8d4b7
- SHA1
  
  1af684f62259b94ecb52c19174d79130abc2ea5f
- SHA256
  
  dac6a6f4726683b6e04d4d1612784cfdcefd7513ebf590372b52f2955a364c4c
- SHA512
  
  a086b7ed7e7f721825497909b8dc2df4a9c6b10b4221ab40bb57888fb8e15f7637ab37351c09dc839ec655c37662f71634662ea5dca7cc9dcbdf3ac56700f0d6
- SSDEEP
  
  49152:ADtzncChmcaGhIdNDw8/T31nMeTf4YGVq:uRhmcaGhIdNsglnX0vVq
Score

1^/10
behavioral7 behavioral8
- Target
  
  masScan_1.6/Input.txt
- Size
  
  19KB
- MD5
  
  6c77eedee0cf48fdefee2707f2e97f7a
- SHA1
  
  bce4777c80eb763c1b0cef8fd4031226696a9c06
- SHA256
  
  9216dd042d38d56980c78e65754d7e07e5dfd36aaabb712fe5c0f7487b97d445
- SHA512
  
  3f60f72a11e0924baf3e7a0c31e62f7ec6b646d131936effd04be922249f0ba43faa52a30b5b92cec8c7405b4f6a49887c737e1bbd115187818e235fcc8d9718
- SSDEEP
  
  192:9+pNQRVMKgpxCuHS6x8U2tmSlhHQgVW2y5lYPE2t+CKoi5G:9+pN8OKgpx7SQ8hQSlhHkME2t+Cvi5G
Score

5^/10
- Drops file in System32 directory
behavioral10 behavioral9
- Target
  
  masScan_1.6/Massscan_GUI.exe
- Size
  
  334KB
- MD5
  
  7a6990bf78f3e2e835d3be85a2fea4ba
- SHA1
  
  9e2760e0c13d56cb744262b4fdef67e17ee08571
- SHA256
  
  37ff328175acd45ef27d3d339c3127a7612ad713fccd9c9aae01656dfbf13056
- SHA512
  
  ba2b8cd80613bff44c1624d6a17bae797b81fb53979f6a901850dac5e824483513cd312ff8a5aaa9d5eb3cf5c825785a7a53965692d2fb6274d22b6e62f9735c
- SSDEEP
  
  3072:eaxe0aX5Cw9Q56z456zB56zuIXk89V756zM:nanPj8X
Score

1^/10
behavioral11 behavioral12
- Target
  
  masScan_1.6/Packet.dll
- Size
  
  94KB
- MD5
  
  1250bef11bfa086f772cd2a273bc036e
- SHA1
  
  bfb60b4072f4533d8497f3d90631f818e345bcc6
- SHA256
  
  6b19cffaa2bf4359be1a0130a1fb47ab45e8c3be5d0cb7986579c5e04e1d77a5
- SHA512
  
  76cbc346468d400c4e6a95b3c91abfec0a63a375aade6f47c70a3b3db76c513bcfd91ed2994059a6c8bdd6b266f9b17ecf11f9941481c7a2692925d2457f5bba
- SSDEEP
  
  1536:6wG9plhvRIRVC2wJAyPFCnPKc0z70yIKtIn8zVpWj:E9rjh5t9cZyIKtInb
Score

1^/10
behavioral13 behavioral14
- Target
  
  masScan_1.6/WinPcap_4_1_3.exe
- Size
  
  893KB
- MD5
  
  a11a2f0cfe6d0b4c50945989db6360cd
- SHA1
  
  e2516fcd1573e70334c8f50bee5241cdfdf48a00
- SHA256
  
  fc4623b113a1f603c0d9ad5f83130bd6de1c62b973be9892305132389c8588de
- SHA512
  
  2652d84eb91ca7957b4fb3ff77313e5dae978960492669242df4f246296f1bedaa48c0d33ffb286b2859a1b86ef5460060b551edca597b4ec60ee08676877c70
- SSDEEP
  
  24576:UBOldyR6ORWsaM2QROxa6jsqUENfJjNK/CG6niqiL:2KzqWsayROxa6QDENuaG+ifL
Score

7^/10
- Loads dropped DLL
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/bootOptions.ini
- Size
  
  342B
- MD5
  
  9f64b7e590b32b5ba414f4301fb8b3d5
- SHA1
  
  8d44c84b3a78b4fd8b2dcf8d3d49400e47b41840
- SHA256
  
  f6f2e247226ab06e9b56ae2d10ccd02d9298abccac85c56abfa19e5587446d54
- SHA512
  
  513251b52da94d56e505ed8b8bac07b6f5e325561c6c6865c424bd2aecb437e69d9a8c91a1595deb2293f1df166b9712e8807a57506f80889bc5c2e1afb6d5f7
Score

1^/10
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/ioSpecial.ini
- Size
  
  211B
- MD5
  
  e2d5070bc28db1ac745613689ff86067
- SHA1
  
  282e080b4cf847174c5c11e4f9157b8c338ecb19
- SHA256
  
  d95aed234f932a1c48a2b1b0d98c60ca31f962310c03158e2884ab4ddd3ea1e0
- SHA512
  
  a50ca2014869629135b54e848f03cb4983ad8029cd811300d02b0fc54de0436185f418fea4d3db888eb0f3170e33a59d486aa885f024ab29e630e9bc0ae1a2de
Score

1^/10
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/modern-header.bmp
- Size
  
  29KB
- MD5
  
  d8f59a707b2a5000c7903595eddc3d48
- SHA1
  
  e86239fe1dc3cfdbec6006817160eb5f1fc92bca
- SHA256
  
  c0e284fde834fe8a6f90504dba7abff25b1e7dd4611483341203fd3efc5de8a6
- SHA512
  
  91e28a685733620832d3851d7f3eee36495f2728610bd6c66f305cdda039f75ab8499d0e51e64afa018c221a728889503db2fc7c84cf9599a61b68951686b048
- SSDEEP
  
  192:UdCd/28k2hZrlQ+jP3/PGs/ZkTnSQpuWE:UD8jLlQ+jP3///ZUSJ5
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/modern-wizard.bmp
- Size
  
  25KB
- MD5
  
  cbe40fd2b1ec96daedc65da172d90022
- SHA1
  
  366c216220aa4329dff6c485fd0e9b0f4f0a7944
- SHA256
  
  3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
- SHA512
  
  62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
- SSDEEP
  
  24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral25 behavioral26
- Target
  
  $SYSDIR/Packet.dll
- Size
  
  99KB
- MD5
  
  2ce150705bbeb30e6c8059cc530043aa
- SHA1
  
  3d8615f9d8f8f7a5d78b3c06bf746948b9ef6ba5
- SHA256
  
  cd9f4fb077c25013226e0883f9ae02e9ced9b71f07637081e55ae70fd0788f29
- SHA512
  
  9f7573ca679ef0cc0e1d815f605a399e87f7a046e3e51970d2c7597329b19e118cc2da7240ee854e13e31582f12bab8be506d1612ac81d5b453ef366d4674dcf
- SSDEEP
  
  1536:zbDKMXRC2wKDDuDirGfqs97WcETlsxtl2o+V:PDKMtfuysAcETlsxtco8
Score

1^/10
behavioral27 behavioral28
- Target
  
  $SYSDIR/pthreadVC.dll
- Size
  
  52KB
- MD5
  
  f04a90f917ba10ae2dcbe859870f4dea
- SHA1
  
  6668ebe373ce58c33017697c477557653427e626
- SHA256
  
  99c61abf41c3aec38cab3ed6270adbca9a247bbf5f9aa9d29ecb0659a5527f48
- SHA512
  
  aec29301b9ce311b27f1590b0e0c4121acdc183a30b570e087d77b7035684f02a6dfbdee950c37f3023b32e2ea5a075a5fbe6d18a2804da9490d4959733bb516
- SSDEEP
  
  384:hSvfC8Vv0Vy7ojuq7GQcdWTc4zU+GFronD/yD5rBEe0kiH32Jp9AhOW:wt+TGQcdWYdMG59EeJiH3YzW
Score

1^/10
behavioral29 behavioral30
- Target
  
  $SYSDIR/wpcap.dll
- Size
  
  275KB
- MD5
  
  4633b298d57014627831ccac89a2c50b
- SHA1
  
  e5f449766722c5c25fa02b065d22a854b6a32a5b
- SHA256
  
  b967e4dce952f9232592e4c1753516081438702a53424005642700522055dbc9
- SHA512
  
  29590fa5f72e6a36f2b72fc2a2cca35ee41554e13c9995198e740608975621142395d4b2e057db4314edf95520fd32aae8db066444d8d8db0fd06c391111c6d3
- SSDEEP
  
  6144:E4yIm5rC9WNWwKcNBSCiLvK8+jKgZBwIbg2:jyIm59WwpqCuEKIwv2
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Loads dropped DLL

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32