46604cb79716d7402b03cf68c6aa353d1c560d750bc82a1b4d549309a4d58ff4

Sharing

Copy URL

Twitter E-mail

General

Target

Email-Worm.zip
Size

2.0MB
Sample

240303-bhafpaah41
MD5

556ad8949b6306fafd8a8e61249d0933
SHA1

f30813e97f3970b6b0ebed008dbabec1c3459f3c
SHA256

46604cb79716d7402b03cf68c6aa353d1c560d750bc82a1b4d549309a4d58ff4
SHA512

b43f29c03b3c30000667f54f5a09e4bc3317ef7dc5f5cb7681bdcaf79eaa8c20f079e49ab3f3a3e3c7610a7b4d49b8df56d6f977c2b97e8bcbe8290438c43f6d
SSDEEP

49152:3Jd3kJDfI9NDpygeYDbrsj7D+G7HuE+gBz42+MbHgURBIBV7MJMEpexuVm:LcDkpyg3riD+G7HulgJBPlSdqGYm

Score

7^/10

persistence upx

Malware Config

Targets

- Target
  
  Email-Worm/Gruel.a.exe
- Size
  
  100KB
- MD5
  
  b0feccddd78039aed7f1d68dae4d73d3
- SHA1
  
  8fcffb3ae7af33b9b83af4c5acbb044f888eeabf
- SHA256
  
  5714efd4746f7796bbc52a272f8e354f67edfb50129d5fdaa1396e920956d0d6
- SHA512
  
  b02b9476eeb9c43fcfef56949f867c1c88f152d65f3961a2838b8bff02df2383945aefb9a8c517ac78d79b5a9163c7677f5b6238f4624b1966994c9c09eb428d
- SSDEEP
  
  1536:ThBfyxwMz14BSSQGRwmkwmGDAzGC6TaPAlbv/g:1BKxwMz14wSQGGUDAATaPAlbv/g
Score

7^/10

persistence
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  Email-Worm/Happy99.exe
- Size
  
  9KB
- MD5
  
  02dd0eaa9649a11e55fa5467fa4b8ef8
- SHA1
  
  a4a945192cb730634168f79b6e4cd298dbe3d168
- SHA256
  
  4ebe3e1af5e147c580ecce052fe7d7d0219d5e5a2f5e6d8a7f7291735923db18
- SHA512
  
  3bf69de674737ca15d6ff7ce73396194f3631dc4b8d32cc570adeeacdc210acee50fd64c97172ce7cc77f166c681d2ccd55955b3aca9188813b7ff6f49280441
- SSDEEP
  
  192:nR81cIkA5Dbaj/CaFx40Z9HnLH8bzTbjt5BNUFO:RycyhqN4u9HnLH8bnbjtpl
Score

5^/10
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  Email-Worm/ILOVEYOU.vbs
- Size
  
  10KB
- MD5
  
  8e2c097ca623ca32723d57968b9d2525
- SHA1
  
  dccfb092fa979fb51c8c8ca64368a6f43349e41d
- SHA256
  
  556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1
- SHA512
  
  a468476a8463c36c2db914e3fe4dc7aee67ac35e5e39292107431d68ab1553ca3c74255a741432ba71e8a650cf19eb55d43983363bfc9710e65b212fba37bbde
- SSDEEP
  
  192:BrjZcrmlHV31G7sMBMLMLMiMhM5MmMhMrMXM57Mksc/021wqIVCPsz87sGdOVRJw:BrjOi1V31GoIGWFqAHqi407/sX/pVCdF
Score

1^/10
behavioral5 behavioral6
- Target
  
  Email-Worm/Jer.html
- Size
  
  4KB
- MD5
  
  ecafc7fa4592920ca0948de98493a758
- SHA1
  
  6ed9a12aa6d586bdcb1b56c65411e75c539408fa
- SHA256
  
  390e460334ec801fdeadb511d7404ff2c8b7a0a945a0c763d0b3354e15639dbf
- SHA512
  
  27316d1836dfeb7b5f263d2371c3a8f4bb18ef6ee248955940a5d75a597161ab152b8e2d6092cf416bf326b629c2e6babda271b8a1e8977dd6d1f7b2317b876e
- SSDEEP
  
  96:Cu825tFtWFexFhPFj+KYqmFt7qmQ7AsuVY0w7pepcpIup4NlqbgqKIb8KuJ9BZ+6:C32pwGnj+K6t70fuVH90b/KIbPN2
Score

1^/10
behavioral7 behavioral8
- Target
  
  Email-Worm/Kiray.exe
- Size
  
  13KB
- MD5
  
  f22ae972aee081ec86faa30e73d9675f
- SHA1
  
  a559057e10f7e524688043ca283e2380739d6744
- SHA256
  
  166865fdb90e7964e7ea57a282343026d878230215e5694145f88a8afb56132f
- SHA512
  
  80c000c1ee73a402d0960ee768272096541786eacda7b938f9791ca3da067f5838c6850c74dff466cccde11851989062328b4a3d87b2eb99a6cac0efcf45f4c1
- SSDEEP
  
  384:XTm/Ye8zdTyBsyqAIZhgMFfpX5xqd1SJ5m:XHWsyqAggUnJI
Score

7^/10

persistence
- Modifies system executable filetype association
  persistence
- Drops file in System32 directory
behavioral10 behavioral9
- Target
  
  Email-Worm/Klez.e.exe
- Size
  
  86KB
- MD5
  
  f2db87b351770e5995e9fcaad47d9591
- SHA1
  
  4c75bd93f458096fbc27fa852e16ce25a602f267
- SHA256
  
  3113fa9a3cf00ed423a2c686a2ffb19586f6a047747de65a93436a7dca8fcfa7
- SHA512
  
  608e74274b555a239534a9d43514e07cb8aad9b13baf4cc383e8c21ea4e9ebd36162dc0b4bf30a0975c334facf23d6e63742e2bbe4ba400e80d9f191893a84fc
- SSDEEP
  
  768:zXS6Lnze1gshn5ew/QuBdL/4Ckir4SWeq3HwFdkt+Afs2DBnoLK6KcgMvtD:TSSnze1gsJ55n/4CkOwwF+bho0st
Score

7^/10
- Executes dropped EXE
- Drops file in System32 directory
behavioral11 behavioral12
- Target
  
  Email-Worm/Lacon.exe
- Size
  
  12KB
- MD5
  
  cb0f7b3fd927cf0d0ba36302e6f9af86
- SHA1
  
  32bdc349a35916e8991e69e9be1bd2596b6321cc
- SHA256
  
  9b3f73a12a793d1648f3209e1e3f10bbb548b1ec21d53b8ac060b7b95ae4ef1f
- SHA512
  
  e6152f3645d73c63f3f3aa9881fe8b404f9794b14a8ecaea659621828462baf042c13c88bb7f2c32277fa854ceda3056d09aa5603e92b107c6c8194464154252
- SSDEEP
  
  192:W+4C8fFkIp+ShIKIw4MUbLblp1E7qBalMyIl3PAHN0PhNx:W5kIp1IM4MUbPn1afIK4x
Score

7^/10

persistence upx
- Drops startup file
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral13 behavioral14
- Target
  
  Email-Worm/Lentin/Lentin.c.exe
- Size
  
  1.2MB
- MD5
  
  04ee0eff07a7e545f7052031ca0d8133
- SHA1
  
  56676f042cca5170a82f1fdc38648923297e8147
- SHA256
  
  50d60cd841a18b05e00ab4691fc1e30f6a099a65a58ba51080304205fbb0d666
- SHA512
  
  f4edcf31e36c94c1c568ec066edb961e7be6bdd25121cc118d5f19379cc57ab1db16ed14487c56d3838543b7668ce2b79f8ff510a646ae1216de811a23330551
- SSDEEP
  
  24576:yNybvnjuTqLU1P5sRs+89LvlFoizMADpTh+Dj0ZRze:tnqTD1BICiizMIpA3g6
Score

7^/10

persistence
- Modifies system executable filetype association
  persistence
behavioral15 behavioral16
- Target
  
  Email-Worm/Lentin/Lentin.d.exe
- Size
  
  26KB
- MD5
  
  d9ce0273f791da275ed2a69446413a87
- SHA1
  
  38cf7ea93d74fb770bfba766845cf29bef0169df
- SHA256
  
  aa2e8d70654e30cf11e2b57e92cea72a9823a048f75fc9029da04e1e4d8a9810
- SHA512
  
  a521b2a55207c9996c0399bc0403c0865c23bf7457b5cfa80d0bec2c2eeb898a30599d99dda15ece4aa5db405c46ea4183d4b3bac20a3d5836775efccedd0f8e
- SSDEEP
  
  384:EfhdE5u7Gd2xurrqotHeK5oeh94uKcAvl50HHMqn7VtN3F/n4tyyUGLtFly0s:SEc7KPrGotHeKzAXvWMO13ZerL/5s
Score

7^/10

persistence
- Modifies system executable filetype association
  persistence
behavioral17 behavioral18
- Target
  
  Email-Worm/Magistr.exe
- Size
  
  107KB
- MD5
  
  9890349fe3c68f5923b29347bba021a4
- SHA1
  
  fa080a50486b205b75833a6b5c9505abb1e3b4df
- SHA256
  
  068f2ee28af7645dbf2a1684f0a5fc5ccb6aa1027f71da4468e0cba56c65e058
- SHA512
  
  aedd86837987cbe8c0b1cf3b4ca0c3a875e4cc9bcc8097c160d0d6070427ad9e1d871d5339ea95cc03499c39a6536b5a6b6d43372a49eeaf2e87bf755a3d3367
- SSDEEP
  
  3072:pRr1m0iQwTlFiIoXTLDCLLUsgULFsfMGdd64:Lk0LCwIi3DMUwFNGd04
Score

1^/10
behavioral19 behavioral20
- Target
  
  Email-Worm/Maldal.a.exe
- Size
  
  80KB
- MD5
  
  cbcd34a252a7cf61250b0f7f1cba3382
- SHA1
  
  152f224d66555dd49711754bf4e29a17f4706332
- SHA256
  
  abac285f290f0cfcd308071c9dfa9b7b4b48d10b4a3b4d75048804e59a447787
- SHA512
  
  09fdcb04707a3314e584f81db5210b2390f4c3f5efa173539f9d248db48ae26b3a8b240cf254561b0ecb764f6b04bb4c129832c6502d952d1960e443371ce2a9
- SSDEEP
  
  1536:wh6S2wzALFx8hkMsiUmxi6QPitAKQjY8c4B5h:dS212xlQvKCYx4B
Score

5^/10
- Drops file in System32 directory
behavioral21 behavioral22
- Target
  
  Email-Worm/Mari.exe
- Size
  
  44KB
- MD5
  
  6513e97cffb6656fd7b5a29859fe47d3
- SHA1
  
  9ea95b90f501fa4b1fd4798622e7d736413d56f5
- SHA256
  
  efb67be90882ded2d3e53e463ae175a4b4b5229ca6929b835fa7dd4687801144
- SHA512
  
  87b34e2f980f446b0372815ee54942d42439c6b063f934f78b8ac1f8f04c9a8a48a2674621e83f62d0d2eae59f134a9eb6e033c698da56ddb8b3919d1f4e59ec
- SSDEEP
  
  768:dcndMPZ6pdQgrnuRublkbjxLxm8rWezfsNH8I:yiB6p6JzfPI
Score

1^/10
behavioral23 behavioral24
- Target
  
  Email-Worm/MeltingScreen.exe
- Size
  
  17KB
- MD5
  
  4784e42c3b15d1a141a5e0c8abc1205c
- SHA1
  
  48c958deba25a4763ef244ac87e87983c6534179
- SHA256
  
  9d355e4f9a51536b05269f696b304859155985957ba95eb575f3f38c599d913c
- SHA512
  
  d63d20a38602d4d228367b6596454a0f5b2884c831e3a95237d23b882abd624de59ea47835636b06a96e216f1decf8c468caacd45e5d3b16a5eb9e87bc69eb97
- SSDEEP
  
  384:eHsipOITNe52uuCiuhwYW5t/QS5uoIjkg:PivNZuhi+wYW5toBoB
Score

1^/10
behavioral25 behavioral26
- Target
  
  Email-Worm/Merkur.exe
- Size
  
  44KB
- MD5
  
  e6f8f701d646b193139cf0a92229455f
- SHA1
  
  b7747d41fcf52c3611af1153e46183dacbb3c709
- SHA256
  
  7e89fabfdbe214bf6a6f9730f3e451e69f752b62bbd54c0a81d2aae2320abd2c
- SHA512
  
  135d69ed4b3acdeaf45639090cefd48fa02f9ff1fb168d249717d0e2d3295530b697d8ff3fea84fa20a66aeb99437e5b0f2a2c3936f2a109c1068816263003ae
- SSDEEP
  
  384:/T16PQm7lU7lnDSLOwglunEuMhlkW3YpCzkVei7kVrcwh8PDM9TkLJI4WvEfbqgJ:/hdmCJq1glWlOEDvEo2k/2w/mo
Score

5^/10
- Drops file in System32 directory
behavioral27 behavioral28
- Target
  
  Email-Worm/MsWorld.exe
- Size
  
  128KB
- MD5
  
  7bd8a009b84b35868613332fe14267ab
- SHA1
  
  d36d4753aab27c6c5e253b9926406f7f97dc69a6
- SHA256
  
  56511f0b28f28c23b5a1a3c7d524ee25a4c6df9ac2b53797c95199534f86bbd2
- SHA512
  
  ad8e121f601f6698d720181d486da828781f729ca7880fb35c6fc70f021197e4a508dc46d980108a168ef2c6c89a62f3140e676ff71a1e40ea3e397ad0c63261
- SSDEEP
  
  3072:6wzn3BP7bo4a8uqwE6WPSUQvdIeaiQFc/sz4Px8vy+sL:R3BPP9G4Qvd/aKk4p8q+s
Score

5^/10
- Drops file in System32 directory
behavioral29 behavioral30
- Target
  
  Email-Worm/MyDoom.A.exe
- Size
  
  22KB
- MD5
  
  53df39092394741514bc050f3d6a06a9
- SHA1
  
  f91a4d7ac276b8e8b7ae41c22587c89a39ddcea5
- SHA256
  
  fff0ccf5feaf5d46b295f770ad398b6d572909b00e2b8bcd1b1c286c70cd9151
- SHA512
  
  9792017109cf6ffc783e67be2a4361aa2c0792a359718434fec53e83feed6a9a2f0f331e9951f798e7fb89421fdc1ac0e083527c3d3b6dd71b7fdd90836023a0
- SSDEEP
  
  384:96ZQHXcE7hUHwT56cC9Kg65JdwGADkHw/Rjxtuu7VIGGwQWEqpD6:CavuHAUcW/ojwG6kHw/lxqbW
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Modifies system executable filetype association

Adds Run key to start application

Drops file in System32 directory

Modifies system executable filetype association

Drops file in System32 directory

Executes dropped EXE

Drops file in System32 directory

Drops startup file

UPX packed file

Adds Run key to start application

Drops file in System32 directory

Modifies system executable filetype association

Modifies system executable filetype association

Drops file in System32 directory

Drops file in System32 directory

Drops file in System32 directory

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

UPX packed file

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32