Overview
overview
7Static
static
7Email-Worm....a.exe
windows7-x64
7Email-Worm....a.exe
windows10-2004-x64
7Email-Worm...99.exe
windows7-x64
5Email-Worm...99.exe
windows10-2004-x64
5Email-Worm...OU.vbs
windows7-x64
1Email-Worm...OU.vbs
windows10-2004-x64
1Email-Worm/Jer.vbs
windows7-x64
1Email-Worm/Jer.vbs
windows10-2004-x64
1Email-Worm/Kiray.exe
windows7-x64
5Email-Worm/Kiray.exe
windows10-2004-x64
7Email-Worm/Klez.e.exe
windows7-x64
7Email-Worm/Klez.e.exe
windows10-2004-x64
7Email-Worm/Lacon.exe
windows7-x64
7Email-Worm/Lacon.exe
windows10-2004-x64
7Email-Worm....c.exe
windows7-x64
7Email-Worm....c.exe
windows10-2004-x64
7Email-Worm....d.exe
windows7-x64
7Email-Worm....d.exe
windows10-2004-x64
7Email-Worm...tr.exe
windows7-x64
1Email-Worm...tr.exe
windows10-2004-x64
1Email-Worm....a.exe
windows7-x64
5Email-Worm....a.exe
windows10-2004-x64
5Email-Worm/Mari.exe
windows7-x64
1Email-Worm/Mari.exe
windows10-2004-x64
1Email-Worm...en.exe
windows7-x64
1Email-Worm...en.exe
windows10-2004-x64
1Email-Worm/Merkur.exe
windows7-x64
5Email-Worm/Merkur.exe
windows10-2004-x64
5Email-Worm...ld.exe
windows7-x64
5Email-Worm...ld.exe
windows10-2004-x64
1Email-Worm....A.exe
windows7-x64
7Email-Worm....A.exe
windows10-2004-x64
7General
-
Target
Email-Worm.zip
-
Size
2.0MB
-
Sample
240303-bhafpaah41
-
MD5
556ad8949b6306fafd8a8e61249d0933
-
SHA1
f30813e97f3970b6b0ebed008dbabec1c3459f3c
-
SHA256
46604cb79716d7402b03cf68c6aa353d1c560d750bc82a1b4d549309a4d58ff4
-
SHA512
b43f29c03b3c30000667f54f5a09e4bc3317ef7dc5f5cb7681bdcaf79eaa8c20f079e49ab3f3a3e3c7610a7b4d49b8df56d6f977c2b97e8bcbe8290438c43f6d
-
SSDEEP
49152:3Jd3kJDfI9NDpygeYDbrsj7D+G7HuE+gBz42+MbHgURBIBV7MJMEpexuVm:LcDkpyg3riD+G7HulgJBPlSdqGYm
Behavioral task
behavioral1
Sample
Email-Worm/Gruel.a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Email-Worm/Gruel.a.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Email-Worm/Happy99.exe
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
Email-Worm/Happy99.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Email-Worm/ILOVEYOU.vbs
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Email-Worm/ILOVEYOU.vbs
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Email-Worm/Jer.vbs
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Email-Worm/Jer.vbs
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
Email-Worm/Kiray.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
Email-Worm/Kiray.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
Email-Worm/Klez.e.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Email-Worm/Klez.e.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
Email-Worm/Lacon.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
Email-Worm/Lacon.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
Email-Worm/Lentin/Lentin.c.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
Email-Worm/Lentin/Lentin.c.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
Email-Worm/Lentin/Lentin.d.exe
Resource
win7-20240215-en
Behavioral task
behavioral18
Sample
Email-Worm/Lentin/Lentin.d.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
Email-Worm/Magistr.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
Email-Worm/Magistr.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
Email-Worm/Maldal.a.exe
Resource
win7-20240220-en
Behavioral task
behavioral22
Sample
Email-Worm/Maldal.a.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
Email-Worm/Mari.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
Email-Worm/Mari.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
Email-Worm/MeltingScreen.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
Email-Worm/MeltingScreen.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
Email-Worm/Merkur.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
Email-Worm/Merkur.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
Email-Worm/MsWorld.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
Email-Worm/MsWorld.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
Email-Worm/MyDoom.A.exe
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
Email-Worm/MyDoom.A.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
Email-Worm/Gruel.a.exe
-
Size
100KB
-
MD5
b0feccddd78039aed7f1d68dae4d73d3
-
SHA1
8fcffb3ae7af33b9b83af4c5acbb044f888eeabf
-
SHA256
5714efd4746f7796bbc52a272f8e354f67edfb50129d5fdaa1396e920956d0d6
-
SHA512
b02b9476eeb9c43fcfef56949f867c1c88f152d65f3961a2838b8bff02df2383945aefb9a8c517ac78d79b5a9163c7677f5b6238f4624b1966994c9c09eb428d
-
SSDEEP
1536:ThBfyxwMz14BSSQGRwmkwmGDAzGC6TaPAlbv/g:1BKxwMz14wSQGGUDAATaPAlbv/g
Score7/10-
Modifies system executable filetype association
-
Adds Run key to start application
-
-
-
Target
Email-Worm/Happy99.exe
-
Size
9KB
-
MD5
02dd0eaa9649a11e55fa5467fa4b8ef8
-
SHA1
a4a945192cb730634168f79b6e4cd298dbe3d168
-
SHA256
4ebe3e1af5e147c580ecce052fe7d7d0219d5e5a2f5e6d8a7f7291735923db18
-
SHA512
3bf69de674737ca15d6ff7ce73396194f3631dc4b8d32cc570adeeacdc210acee50fd64c97172ce7cc77f166c681d2ccd55955b3aca9188813b7ff6f49280441
-
SSDEEP
192:nR81cIkA5Dbaj/CaFx40Z9HnLH8bzTbjt5BNUFO:RycyhqN4u9HnLH8bnbjtpl
Score5/10-
Drops file in System32 directory
-
-
-
Target
Email-Worm/ILOVEYOU.vbs
-
Size
10KB
-
MD5
8e2c097ca623ca32723d57968b9d2525
-
SHA1
dccfb092fa979fb51c8c8ca64368a6f43349e41d
-
SHA256
556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1
-
SHA512
a468476a8463c36c2db914e3fe4dc7aee67ac35e5e39292107431d68ab1553ca3c74255a741432ba71e8a650cf19eb55d43983363bfc9710e65b212fba37bbde
-
SSDEEP
192:BrjZcrmlHV31G7sMBMLMLMiMhM5MmMhMrMXM57Mksc/021wqIVCPsz87sGdOVRJw:BrjOi1V31GoIGWFqAHqi407/sX/pVCdF
Score1/10 -
-
-
Target
Email-Worm/Jer.html
-
Size
4KB
-
MD5
ecafc7fa4592920ca0948de98493a758
-
SHA1
6ed9a12aa6d586bdcb1b56c65411e75c539408fa
-
SHA256
390e460334ec801fdeadb511d7404ff2c8b7a0a945a0c763d0b3354e15639dbf
-
SHA512
27316d1836dfeb7b5f263d2371c3a8f4bb18ef6ee248955940a5d75a597161ab152b8e2d6092cf416bf326b629c2e6babda271b8a1e8977dd6d1f7b2317b876e
-
SSDEEP
96:Cu825tFtWFexFhPFj+KYqmFt7qmQ7AsuVY0w7pepcpIup4NlqbgqKIb8KuJ9BZ+6:C32pwGnj+K6t70fuVH90b/KIbPN2
Score1/10 -
-
-
Target
Email-Worm/Kiray.exe
-
Size
13KB
-
MD5
f22ae972aee081ec86faa30e73d9675f
-
SHA1
a559057e10f7e524688043ca283e2380739d6744
-
SHA256
166865fdb90e7964e7ea57a282343026d878230215e5694145f88a8afb56132f
-
SHA512
80c000c1ee73a402d0960ee768272096541786eacda7b938f9791ca3da067f5838c6850c74dff466cccde11851989062328b4a3d87b2eb99a6cac0efcf45f4c1
-
SSDEEP
384:XTm/Ye8zdTyBsyqAIZhgMFfpX5xqd1SJ5m:XHWsyqAggUnJI
Score7/10-
Modifies system executable filetype association
-
Drops file in System32 directory
-
-
-
Target
Email-Worm/Klez.e.exe
-
Size
86KB
-
MD5
f2db87b351770e5995e9fcaad47d9591
-
SHA1
4c75bd93f458096fbc27fa852e16ce25a602f267
-
SHA256
3113fa9a3cf00ed423a2c686a2ffb19586f6a047747de65a93436a7dca8fcfa7
-
SHA512
608e74274b555a239534a9d43514e07cb8aad9b13baf4cc383e8c21ea4e9ebd36162dc0b4bf30a0975c334facf23d6e63742e2bbe4ba400e80d9f191893a84fc
-
SSDEEP
768:zXS6Lnze1gshn5ew/QuBdL/4Ckir4SWeq3HwFdkt+Afs2DBnoLK6KcgMvtD:TSSnze1gsJ55n/4CkOwwF+bho0st
Score7/10-
Executes dropped EXE
-
Drops file in System32 directory
-
-
-
Target
Email-Worm/Lacon.exe
-
Size
12KB
-
MD5
cb0f7b3fd927cf0d0ba36302e6f9af86
-
SHA1
32bdc349a35916e8991e69e9be1bd2596b6321cc
-
SHA256
9b3f73a12a793d1648f3209e1e3f10bbb548b1ec21d53b8ac060b7b95ae4ef1f
-
SHA512
e6152f3645d73c63f3f3aa9881fe8b404f9794b14a8ecaea659621828462baf042c13c88bb7f2c32277fa854ceda3056d09aa5603e92b107c6c8194464154252
-
SSDEEP
192:W+4C8fFkIp+ShIKIw4MUbLblp1E7qBalMyIl3PAHN0PhNx:W5kIp1IM4MUbPn1afIK4x
Score7/10-
Drops startup file
-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
Email-Worm/Lentin/Lentin.c.exe
-
Size
1.2MB
-
MD5
04ee0eff07a7e545f7052031ca0d8133
-
SHA1
56676f042cca5170a82f1fdc38648923297e8147
-
SHA256
50d60cd841a18b05e00ab4691fc1e30f6a099a65a58ba51080304205fbb0d666
-
SHA512
f4edcf31e36c94c1c568ec066edb961e7be6bdd25121cc118d5f19379cc57ab1db16ed14487c56d3838543b7668ce2b79f8ff510a646ae1216de811a23330551
-
SSDEEP
24576:yNybvnjuTqLU1P5sRs+89LvlFoizMADpTh+Dj0ZRze:tnqTD1BICiizMIpA3g6
Score7/10-
Modifies system executable filetype association
-
-
-
Target
Email-Worm/Lentin/Lentin.d.exe
-
Size
26KB
-
MD5
d9ce0273f791da275ed2a69446413a87
-
SHA1
38cf7ea93d74fb770bfba766845cf29bef0169df
-
SHA256
aa2e8d70654e30cf11e2b57e92cea72a9823a048f75fc9029da04e1e4d8a9810
-
SHA512
a521b2a55207c9996c0399bc0403c0865c23bf7457b5cfa80d0bec2c2eeb898a30599d99dda15ece4aa5db405c46ea4183d4b3bac20a3d5836775efccedd0f8e
-
SSDEEP
384:EfhdE5u7Gd2xurrqotHeK5oeh94uKcAvl50HHMqn7VtN3F/n4tyyUGLtFly0s:SEc7KPrGotHeKzAXvWMO13ZerL/5s
Score7/10-
Modifies system executable filetype association
-
-
-
Target
Email-Worm/Magistr.exe
-
Size
107KB
-
MD5
9890349fe3c68f5923b29347bba021a4
-
SHA1
fa080a50486b205b75833a6b5c9505abb1e3b4df
-
SHA256
068f2ee28af7645dbf2a1684f0a5fc5ccb6aa1027f71da4468e0cba56c65e058
-
SHA512
aedd86837987cbe8c0b1cf3b4ca0c3a875e4cc9bcc8097c160d0d6070427ad9e1d871d5339ea95cc03499c39a6536b5a6b6d43372a49eeaf2e87bf755a3d3367
-
SSDEEP
3072:pRr1m0iQwTlFiIoXTLDCLLUsgULFsfMGdd64:Lk0LCwIi3DMUwFNGd04
Score1/10 -
-
-
Target
Email-Worm/Maldal.a.exe
-
Size
80KB
-
MD5
cbcd34a252a7cf61250b0f7f1cba3382
-
SHA1
152f224d66555dd49711754bf4e29a17f4706332
-
SHA256
abac285f290f0cfcd308071c9dfa9b7b4b48d10b4a3b4d75048804e59a447787
-
SHA512
09fdcb04707a3314e584f81db5210b2390f4c3f5efa173539f9d248db48ae26b3a8b240cf254561b0ecb764f6b04bb4c129832c6502d952d1960e443371ce2a9
-
SSDEEP
1536:wh6S2wzALFx8hkMsiUmxi6QPitAKQjY8c4B5h:dS212xlQvKCYx4B
Score5/10-
Drops file in System32 directory
-
-
-
Target
Email-Worm/Mari.exe
-
Size
44KB
-
MD5
6513e97cffb6656fd7b5a29859fe47d3
-
SHA1
9ea95b90f501fa4b1fd4798622e7d736413d56f5
-
SHA256
efb67be90882ded2d3e53e463ae175a4b4b5229ca6929b835fa7dd4687801144
-
SHA512
87b34e2f980f446b0372815ee54942d42439c6b063f934f78b8ac1f8f04c9a8a48a2674621e83f62d0d2eae59f134a9eb6e033c698da56ddb8b3919d1f4e59ec
-
SSDEEP
768:dcndMPZ6pdQgrnuRublkbjxLxm8rWezfsNH8I:yiB6p6JzfPI
Score1/10 -
-
-
Target
Email-Worm/MeltingScreen.exe
-
Size
17KB
-
MD5
4784e42c3b15d1a141a5e0c8abc1205c
-
SHA1
48c958deba25a4763ef244ac87e87983c6534179
-
SHA256
9d355e4f9a51536b05269f696b304859155985957ba95eb575f3f38c599d913c
-
SHA512
d63d20a38602d4d228367b6596454a0f5b2884c831e3a95237d23b882abd624de59ea47835636b06a96e216f1decf8c468caacd45e5d3b16a5eb9e87bc69eb97
-
SSDEEP
384:eHsipOITNe52uuCiuhwYW5t/QS5uoIjkg:PivNZuhi+wYW5toBoB
Score1/10 -
-
-
Target
Email-Worm/Merkur.exe
-
Size
44KB
-
MD5
e6f8f701d646b193139cf0a92229455f
-
SHA1
b7747d41fcf52c3611af1153e46183dacbb3c709
-
SHA256
7e89fabfdbe214bf6a6f9730f3e451e69f752b62bbd54c0a81d2aae2320abd2c
-
SHA512
135d69ed4b3acdeaf45639090cefd48fa02f9ff1fb168d249717d0e2d3295530b697d8ff3fea84fa20a66aeb99437e5b0f2a2c3936f2a109c1068816263003ae
-
SSDEEP
384:/T16PQm7lU7lnDSLOwglunEuMhlkW3YpCzkVei7kVrcwh8PDM9TkLJI4WvEfbqgJ:/hdmCJq1glWlOEDvEo2k/2w/mo
Score5/10-
Drops file in System32 directory
-
-
-
Target
Email-Worm/MsWorld.exe
-
Size
128KB
-
MD5
7bd8a009b84b35868613332fe14267ab
-
SHA1
d36d4753aab27c6c5e253b9926406f7f97dc69a6
-
SHA256
56511f0b28f28c23b5a1a3c7d524ee25a4c6df9ac2b53797c95199534f86bbd2
-
SHA512
ad8e121f601f6698d720181d486da828781f729ca7880fb35c6fc70f021197e4a508dc46d980108a168ef2c6c89a62f3140e676ff71a1e40ea3e397ad0c63261
-
SSDEEP
3072:6wzn3BP7bo4a8uqwE6WPSUQvdIeaiQFc/sz4Px8vy+sL:R3BPP9G4Qvd/aKk4p8q+s
Score5/10-
Drops file in System32 directory
-
-
-
Target
Email-Worm/MyDoom.A.exe
-
Size
22KB
-
MD5
53df39092394741514bc050f3d6a06a9
-
SHA1
f91a4d7ac276b8e8b7ae41c22587c89a39ddcea5
-
SHA256
fff0ccf5feaf5d46b295f770ad398b6d572909b00e2b8bcd1b1c286c70cd9151
-
SHA512
9792017109cf6ffc783e67be2a4361aa2c0792a359718434fec53e83feed6a9a2f0f331e9951f798e7fb89421fdc1ac0e083527c3d3b6dd71b7fdd90836023a0
-
SSDEEP
384:96ZQHXcE7hUHwT56cC9Kg65JdwGADkHw/Rjxtuu7VIGGwQWEqpD6:CavuHAUcW/ojwG6kHw/lxqbW
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
4Change Default File Association
4Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2