Overview
overview
10Static
static
10The-MALWAR...ot.exe
windows7-x64
10The-MALWAR...ot.exe
windows10-2004-x64
10The-MALWAR...ll.exe
windows7-x64
10The-MALWAR...ll.exe
windows10-2004-x64
10The-MALWAR...BS.exe
windows7-x64
10The-MALWAR...BS.exe
windows10-2004-x64
10The-MALWAR...in.exe
windows7-x64
7The-MALWAR...in.exe
windows10-2004-x64
7The-MALWAR....A.exe
windows7-x64
7The-MALWAR....A.exe
windows10-2004-x64
7The-MALWAR....A.exe
windows7-x64
10The-MALWAR....A.exe
windows10-2004-x64
10The-MALWAR....A.dll
windows7-x64
7The-MALWAR....A.dll
windows10-2004-x64
6TheG0df2th...t.docm
windows7-x64
10TheG0df2th...t.docm
windows10-2004-x64
10The-MALWAR...r.xlsm
windows7-x64
10The-MALWAR...r.xlsm
windows10-2004-x64
10The-MALWAR...36c859
ubuntu-20.04-amd64
8The-MALWAR...caa742
ubuntu-20.04-amd64
8The-MALWAR...c1a732
ubuntu-20.04-amd64
8The-MALWAR...57c046
ubuntu-20.04-amd64
8The-MALWAR...4cde86
ubuntu-20.04-amd64
8The-MALWAR...460a01
ubuntu-20.04-amd64
8The-MALWAR...ece0c5
ubuntu-18.04-amd64
8The-MALWAR...257619
ubuntu-18.04-amd64
8The-MALWAR...fbcc59
ubuntu-18.04-amd64
8The-MALWAR...54f69c
ubuntu-18.04-amd64
8The-MALWAR...d539a6
ubuntu-20.04-amd64
8The-MALWAR...4996dd
ubuntu-20.04-amd64
8The-MALWAR...8232d5
ubuntu-20.04-amd64
8The-MALWAR...66b948
ubuntu-18.04-amd64
8General
-
Target
af60ad5b6cafd14d7ebce530813e68a0.bin
-
Size
198.8MB
-
Sample
240303-dws63acb2w
-
MD5
af60ad5b6cafd14d7ebce530813e68a0
-
SHA1
ad81b87e7e9bbc21eb93aca7638d827498e78076
-
SHA256
b7dd3bce3ebfbc2d5e3a9f00d47f27cb6a5895c4618c878e314e573a7c216df1
-
SHA512
81314363d5d461264ed5fdf8a7976f97bceb5081c374b4ee6bbea5d8ce3386822d089d031234ddd67c5077a1cc1ed3f6b16139253fbb1b3d34d3985f9b97aba3
-
SSDEEP
6291456:wNl3aFW2h9/fiTwCzCLS6iilVkLZgAEtknRzq:wDaFd//Orcpi4VkL6AfRG
Static task
static1
Behavioral task
behavioral1
Sample
The-MALWARE-Repo-master/Banking-Malware/DanaBot.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
The-MALWARE-Repo-master/Banking-Malware/DanaBot.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/Dridex.JhiSharp.dll.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/Dridex.JhiSharp.dll.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexDroppedVBS.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexDroppedVBS.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexLoader.bin.exe
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexLoader.bin.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.exe
Resource
win7-20240220-en
Behavioral task
behavioral12
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
The-MALWARE-Repo-master/Banking-Malware/Zloader.xlsm
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
The-MALWARE-Repo-master/Banking-Malware/Zloader.xlsm
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859
Resource
ubuntu2004-amd64-20240221-en
Behavioral task
behavioral20
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/041bc20ca8ac3161098cbc976e67e3c0f1b672ad36ecbe22fd21cbd53bcaa742
Resource
ubuntu2004-amd64-20240221-en
Behavioral task
behavioral21
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/0ab8836efcaa62c7daac314e0b7ab1679319b2901578fd9e95ec3476b4c1a732
Resource
ubuntu2004-amd64-20240221-en
Behavioral task
behavioral22
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046
Resource
ubuntu2004-amd64-20240221-en
Behavioral task
behavioral23
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/2378e76aba1ad6e0c937fb39989217bf0de616fdad4726c0f4233bf5414cde86
Resource
ubuntu2004-amd64-20240221-en
Behavioral task
behavioral24
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/30c150419000d27dafcd5d00702411b2b23b0f5d7e4d0cc729a7d63b2e460a01
Resource
ubuntu2004-amd64-20240221-en
Behavioral task
behavioral25
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/3205603282a636979a55aa1e1be518cd3adcbbe491745d996ceb4b5a4dece0c5
Resource
ubuntu1804-amd64-20240226-en
Behavioral task
behavioral26
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619
Resource
ubuntu1804-amd64-20240226-en
Behavioral task
behavioral27
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/5fb29fb0136978b9ccf60750af09cec74a257a0ca9c47159ca74dbba21fbcc59
Resource
ubuntu1804-amd64-20240226-en
Behavioral task
behavioral28
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/6fe6808b9cfe654f526108ec61cb5211bb6601d28e192cadf06102073b54f69c
Resource
ubuntu1804-amd64-20240226-en
Behavioral task
behavioral29
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/7745b070943e910e8807e3521ac7b7a01401d131bf6c18a63433f8177ed539a6
Resource
ubuntu2004-amd64-20240221-en
Behavioral task
behavioral30
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/7f18e5b5b7645a80a0d44adf3fecdafcbf937bfe30a4cfb965a1421e034996dd
Resource
ubuntu2004-amd64-20240221-en
Behavioral task
behavioral31
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/90b61cc77bb2d726219fd00ae2d0ecdf6f0fe7078529e87b7ec8e603008232d5
Resource
ubuntu2004-amd64-20240221-en
Behavioral task
behavioral32
Sample
The-MALWARE-Repo-master/Botnets/FritzFrog/9384b9e39334479194aacb53cb25ace289b6afe2e41bdc8619b2d2cae966b948
Resource
ubuntu1804-amd64-20240226-en
Malware Config
Extracted
njrat
0.7d
Geforce
startitit2-23969.portmap.host:1604
b9584a316aeb9ca9b31edd4db18381f5
-
reg_key
b9584a316aeb9ca9b31edd4db18381f5
-
splitter
Y262SUCZ4UJJ
Extracted
remcos
1.7 Pro
Host
nickman12-46565.portmap.io:46565
nickman12-46565.portmap.io:1735
-
audio_folder
audio
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
5
-
copy_file
Userdata.exe
-
copy_folder
Userdata
-
delete_file
true
-
hide_file
true
-
hide_keylog_file
true
-
install_flag
true
-
install_path
%WinDir%\System32
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%WinDir%\System32
-
mouse_option
false
-
mutex
remcos_vcexssuhap
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screens
-
screenshot_path
%AppData%
-
screenshot_time
1
-
startup_value
remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Extracted
revengerat
Guest
0.tcp.ngrok.io:19521
RV_MUTEX
Extracted
danabot
51.178.195.151
51.222.39.81
149.255.35.125
38.68.50.179
51.77.7.204
Extracted
http://blockchainjoblist.com/wp-admin/014080/
https://womenempowermentpakistan.com/wp-admin/paba5q52/
https://atnimanvilla.com/wp-content/073735/
https://yeuquynhnhai.com/upload/41830/
https://deepikarai.com/js/4bzs6/
Extracted
https://erpoweredent.at/3/zte.dll
Targets
-
-
Target
The-MALWARE-Repo-master/Banking-Malware/DanaBot.exe
-
Size
2.7MB
-
MD5
48d8f7bbb500af66baa765279ce58045
-
SHA1
2cdb5fdeee4e9c7bd2e5f744150521963487eb71
-
SHA256
db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1
-
SHA512
aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd
-
SSDEEP
49152:bbevayZlMTWkygVy0nQZfVY2BtZzpPL4PuQ65+6Dv7m0KXTn:bbexZlMQcEVY2BtZzpPL4WQI9U
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
-
-
Target
The-MALWARE-Repo-master/Banking-Malware/Dridex/Dridex.JhiSharp.dll.9d75ff0e9447ceb89c90cca24a1dbec1
-
Size
148KB
-
MD5
9d75ff0e9447ceb89c90cca24a1dbec1
-
SHA1
ebae1054d69619e9e70c9b2e806edb9000d7feb9
-
SHA256
f2b33edb7efa853eb7f11cb8259243238e220fdc0bfc6987835ba1b12c4af1eb
-
SHA512
6df94dbe3681c1cb572d63e54a6753b3bae7075b86507f33f152795c6e61f1feac6742986d7c72a2834f28c85d0a1890bb31b5888b98b29754300dceb63e210d
-
SSDEEP
1536:t1hWmKdZ9WmQTt+6KK2Ml+dZyx6wVIWiwiuvro1d2C91q5nYaY4vV4KBmX:t1hYZQtTt+02G+dHgMuzWZ1qISVkX
-
Deletes itself
-
-
-
Target
The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexDroppedVBS.925da3a10f7dde802c8d87047b14fda6
-
Size
140KB
-
MD5
925da3a10f7dde802c8d87047b14fda6
-
SHA1
1fc59fbf692f690b9fe82cfafc9dcbd5aac31a68
-
SHA256
c94fe7b646b681ac85756b4ce7f85f4745a7b505f1a2215ba8b58375238bad10
-
SHA512
82588188de13f34cd751da7409f780c4fc5814da780fe8cad1fa73370414fb24b9822fc56f1f162d0db4a5c27159c225bc4d4fb061a87cb3c0d89b067353a478
-
SSDEEP
3072:X9z9zjy6WEba5uuoLPhiVF3NT5nNpytoQE:X9J9gu0td5nN4
-
Deletes itself
-
-
-
Target
The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexLoader.bin.exe.c26203af4b3e9c81a9e634178b603601
-
Size
212KB
-
MD5
c26203af4b3e9c81a9e634178b603601
-
SHA1
5e41cbc4d7a1afdf05f441086c2caf45a44bac9e
-
SHA256
7b8fc6e62ef39770587a056af9709cb38f052aad5d815f808346494b7a3d00c5
-
SHA512
bb5aeb995d7b9b2b532812be0da4644db5f3d22635c37d7154ba39691f3561da574597618e7359b9a45b3bb906ec0b8b0104cbc05689455c952e995759e188b6
-
SSDEEP
3072:Te8LOIa22GwayjbzJ4xgAW8NeN00w7Aoalm2HdTStgjuPaMe+H9tJA:iUOIa2sZjPJJQiw4igjAL
Score7/10-
Deletes itself
-
-
-
Target
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A. dbf96ab40b728c12951d317642fbd9da
-
Size
132KB
-
MD5
dbf96ab40b728c12951d317642fbd9da
-
SHA1
38687e06f4f66a6a661b94aaf4e73d0012dfb8e3
-
SHA256
daab430bb5771eaa7af0fbd3417604e8af5f4693099a6393a4dc3b440863bced
-
SHA512
a49cc96651d01da5d6cbb833df36b7987eafb4f09cc9c516c10d0d812002d06ae8edee4e7256c84e300dc2eadad90f7bb37c797bccdee4bad16fcaf88277b381
-
SSDEEP
3072:uItv1YJOQnVc2pEANuoUeyCx9CC5O86BJaoqsf:xrr2pEANuXCx9Jd6c
Score7/10-
Deletes itself
-
-
-
Target
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.6164228ed2cc0eceba9ce1828d87d827
-
Size
152KB
-
MD5
6164228ed2cc0eceba9ce1828d87d827
-
SHA1
cea5bc473c948a78ce565b6e195e6e25f029c0c6
-
SHA256
7fa83f0588f0f50d0635313918137c05cb59aa672d842f864073aebb72c66195
-
SHA512
b53ac27397ce5453fa008d1a2e98f9f66be7d7f08375b92c88007544c09ab844d6c8eeceb2221c988e0a0d6ffc2a8a290e49715e3062a74bcd2310d41bffcc37
-
SSDEEP
3072:VqD/ri6AM4odK4J663POAQgG8rYKvh+5Nl:V0xlIBwPOA+8Zhu
-
Deletes itself
-
-
-
Target
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.97a26d9e3598fea2e1715c6c77b645c2
-
Size
628KB
-
MD5
97a26d9e3598fea2e1715c6c77b645c2
-
SHA1
c4bf3a00c9223201aa11178d0f0b53c761a551c4
-
SHA256
e5df93c0fedca105218296cbfc083bdc535ca99862f10d21a179213203d6794f
-
SHA512
acfec633714f72bd5c39f16f10e39e88b5c1cf0adab7154891a383912852f92d3415b0b2d874a8f8f3166879e63796a8ed25ee750c6e4be09a4dddd8c849920c
-
SSDEEP
12288:2oXYZawPO7urFw4HLLDOeLSwg4ULeHOuCqA8:2oXYFIuh5HjhSwiJ8
Score7/10-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
-
Size
139KB
-
MD5
b92021ca10aed3046fc3be5ac1c2a094
-
SHA1
0fb1ad5b53cdd09a7268c823ec796a6e623f086f
-
SHA256
c378387344e0a552dc065de6bfa607fd26e0b5c569751c79fbf9c6f2e91c9807
-
SHA512
bbeb5cfd7c5a890456b0805234a9ae325abc4a08dbad70b4ed1b3635dee4470a1f86869d5532809cecb595b9a89708f378921d733bd061aef693bfc5ee77ebb4
-
SSDEEP
3072:/Msknok2er/yR5DpQKajNDu1CkBwN0pqJfWSq:zkoRoKDpQZqQkmN0scR
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
-
-
Target
The-MALWARE-Repo-master/Banking-Malware/Zloader.xlsm
-
Size
93KB
-
MD5
b36a0543b28f4ad61d0f64b729b2511b
-
SHA1
bf62dc338b1dd50a3f7410371bc3f2206350ebea
-
SHA256
90c03a8ca35c33aad5e77488625598da6deeb08794e6efc9f1ddbe486df33e0c
-
SHA512
cf691e088f9852a3850ee458ef56406ead4aea539a46f8f90eb8e300bc06612a66dfa6c9dee8dcb801e7edf7fb4ed35226a5684f4164eaad073b9511189af037
-
SSDEEP
1536:0sqG3SkDNIVXnR8TeYSSkCXgN+Uu+j6XJaRqWD/0ACKNONUhfy:0sNrxWXnCjiubXKD/EQA
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859
-
Size
8.7MB
-
MD5
799c965e0a5a132ec2263d5fea0b0e1c
-
SHA1
a15c5a706122fabdef1989c893c72c6530fedcb4
-
SHA256
001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859
-
SHA512
6c481a855ee6f81dd388c8a4623e519bfbb9f496dada93672360f0a7476fb2b32fd261324156fd4729cef3cbe13f0a8b5862fe47b6db1860d0d67a77283b5ad8
-
SSDEEP
98304:VqGMOLT5E2Dy8Ji6LrDl3bTMsEplZ1GW5w+Aw:wGMOLTmaHjLXl3bTMsEpf1x5
Score8/10-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes itself
-
Reads EFI boot settings
Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/041bc20ca8ac3161098cbc976e67e3c0f1b672ad36ecbe22fd21cbd53bcaa742
-
Size
8.7MB
-
MD5
76fe4fdd628218f630ba50f91ceba852
-
SHA1
6e90f2fe619597115e5b8dd8b0d1fb0c8ad33fa4
-
SHA256
041bc20ca8ac3161098cbc976e67e3c0f1b672ad36ecbe22fd21cbd53bcaa742
-
SHA512
7956505ae0d8479a92ddf97bb09a757566ef526934ee06b4273f0fc450e4da9204808ffa4f4674f4e6e313eb718a7c65f258ef8d23b9769b8aa12d47610d8011
-
SSDEEP
98304:f27or8Dynb9c4EHv9/fW/NQXPvTCaedHuaJE3fSdCnKg27Xk:f27or8DyO4UnwQfvTCXdHua4No
Score8/10-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes itself
-
Reads EFI boot settings
Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/0ab8836efcaa62c7daac314e0b7ab1679319b2901578fd9e95ec3476b4c1a732
-
Size
8.7MB
-
MD5
0263de27fd997a4904ee4a92f91ac733
-
SHA1
da090fd76b2d92320cf7e55666bb5bd8f50796c9
-
SHA256
0ab8836efcaa62c7daac314e0b7ab1679319b2901578fd9e95ec3476b4c1a732
-
SHA512
09ef02532eb7c3a968c1d04bf1f3aa9a4bf400f8485d3be596d7db3aed5f705fc1f85a1f6218397a70830ad747aa03c61b9c5b1cca24c2620cdbb3e5361db194
-
SSDEEP
98304:bKwGam/zeDrZCDcryHlc5Qp+FLk0h6u9SrS2D8t7Xk:bKwGam/z4C3FKQ8FLTh6u9S4
Score8/10-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes itself
-
Reads EFI boot settings
Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046
-
Size
8.6MB
-
MD5
ae747bc7fff9bc23f06635ef60ea0e8d
-
SHA1
64315e834f67905ed4e47f36155362a78ac23462
-
SHA256
103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046
-
SHA512
e24914a58565a43883c27ae4a41061e8edd3d5eef7b86c1c0e9910d9fbe0eef3e78ed49136ac0c9378311e99901b1847bcfd926aa9a3ea44149a7478480f82b2
-
SSDEEP
98304:rDSceJ/GqDu6P0ypQ0Qv5knSTH20ejwBcHjI7Xk:rDSceJ/GqD18RZv5knS720e7s
Score8/10-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes itself
-
Reads EFI boot settings
Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/2378e76aba1ad6e0c937fb39989217bf0de616fdad4726c0f4233bf5414cde86
-
Size
8.7MB
-
MD5
3a371a09bfcba3d545465339f1e1d481
-
SHA1
7f5712878929aab6a2ab297072a5a5f3d3c15a01
-
SHA256
2378e76aba1ad6e0c937fb39989217bf0de616fdad4726c0f4233bf5414cde86
-
SHA512
35efc5129316ea697f1f4591c37e70c74b643942cdb3cb1aac6a0f14f5d133da39c0c393439490bc059361e9feeacee3d4056f88700f56dfe1088ba0ab22613b
-
SSDEEP
98304:f/VrKprvLVtb8E0dD71puy219CZ2gT3/3Khbw+Aw:3VrKpjROndH1puy219CZBShb
Score8/10-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes itself
-
Reads EFI boot settings
Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/30c150419000d27dafcd5d00702411b2b23b0f5d7e4d0cc729a7d63b2e460a01
-
Size
8.6MB
-
MD5
819b0fdb2b9c8a440b734a7b72522f12
-
SHA1
f3aff7e1c44d21508eb60797211570c84a53597a
-
SHA256
30c150419000d27dafcd5d00702411b2b23b0f5d7e4d0cc729a7d63b2e460a01
-
SHA512
fee2c0dbbc91e2486e409e8b6a877c6ec500e6c7c0491d4c44d37006c30de79b95dd4640c7c8c8efcc920abccbdb659a590fde1e2526126279b7486778d08b5a
-
SSDEEP
98304:zhPTaS9ki2kJxOU/ci9Z6uHFg3+QIEvRihdF7Xk:dPTaS9kitnEi9Z6uHq3+XE8z
Score8/10-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes itself
-
Reads EFI boot settings
Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/3205603282a636979a55aa1e1be518cd3adcbbe491745d996ceb4b5a4dece0c5
-
Size
8.7MB
-
MD5
8f0cb7af15afe40ed85f35e1b40b8f38
-
SHA1
525f97d6e7e3cbb611a1cf37e955c0656f4b3c06
-
SHA256
3205603282a636979a55aa1e1be518cd3adcbbe491745d996ceb4b5a4dece0c5
-
SHA512
bd9e97b4042d89e081eced5781149b0d8e28a6e9d35c2a449a21aee26765ed8eea560434ba5e9a897c4e4c89d7a2b8997e31ad4ac2202a940b8731a5f447170d
-
SSDEEP
98304:xFjhn+LznCFajBKs/Q1N4KGWISZOLor5lkFIGGw+Aw:Hjhn+HCS4s41N4KGWISZd5lrGG
Score8/10-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes itself
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619
-
Size
8.7MB
-
MD5
682ac123d740321e6ba04d82e8cc4ed8
-
SHA1
088a8c8c2b7f9db92ec0ae39e1dc77c8707d3895
-
SHA256
453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619
-
SHA512
26ddc0a1b91337de2314465f82f3a02ec478f32708fa91b7cdf75fc235eda7b3cf7c495616145dc29fc081ac4398cab5aac0d42978ea694fa183518533fcf4ad
-
SSDEEP
98304:i7ihKiuH4QpmHh/vN0SyDbQy5lZGJJRgOX5f4y+n47Xk:i7ihKiuH4QIha1PQaZGTRgOXxR
Score8/10-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes itself
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/5fb29fb0136978b9ccf60750af09cec74a257a0ca9c47159ca74dbba21fbcc59
-
Size
8.7MB
-
MD5
97cfb3c26a12e13792f7d1741309d767
-
SHA1
a010f85cdda9f83cbc738eb1b41cd621f3d6018e
-
SHA256
5fb29fb0136978b9ccf60750af09cec74a257a0ca9c47159ca74dbba21fbcc59
-
SHA512
162028b9e93bb4718427304a96767880da7094c99ae6145e61a562f09dae0ce6726b2dfac95782990f50fa9bfc9f82b1aacb9e7b12442094137872fa8a3f3379
-
SSDEEP
98304:yM1SkPCVk8rOmgYcGrr69gRQTI6xmiiLuSESStOAco7Xk:yM1SkPCVkIgcWAQ06xniLuSExR
Score8/10-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes itself
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/6fe6808b9cfe654f526108ec61cb5211bb6601d28e192cadf06102073b54f69c
-
Size
8.7MB
-
MD5
3fe7b88a9ba6c5acee4faae760642b78
-
SHA1
bae245bc98c516604838c6ce5a233f066de44a50
-
SHA256
6fe6808b9cfe654f526108ec61cb5211bb6601d28e192cadf06102073b54f69c
-
SHA512
02abc8d4fe280306a9ac6a25d28cf174a8d51a43d98b6837bc129701d8c0ab486eebaeef11062b58c455627d4de7c8782b3828aa02891fe439ca1ca617038f95
-
SSDEEP
98304:g4K0/V2eKEDj+VK61qXXiQqwMwUa/f0OstejSUVv7Xk:g4K0/V2eKM+D4SQbMwX/f0Oskz
Score8/10-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes itself
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/7745b070943e910e8807e3521ac7b7a01401d131bf6c18a63433f8177ed539a6
-
Size
8.7MB
-
MD5
d4e533f9c11b5cc9e755d94c1315553a
-
SHA1
9e15020cd2688b537bae18e5f291ee8cbe9a85e7
-
SHA256
7745b070943e910e8807e3521ac7b7a01401d131bf6c18a63433f8177ed539a6
-
SHA512
149226355b2e5c3fac403289b5e66bd4164a7aee76d8dc8f1d698c509db7a081bad9d4172cc950bb0e6e6909e0073d551dcde82cbeaaf61a9c1b02c9ba48fb38
-
SSDEEP
98304:H27or8Dynb9c4EHv9/fW/NQXPvTCaedQuMBiHAUU4C7Xk:H27or8DyO4UnwQfvTCXdQuMoUj
Score8/10-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes itself
-
Reads EFI boot settings
Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/7f18e5b5b7645a80a0d44adf3fecdafcbf937bfe30a4cfb965a1421e034996dd
-
Size
8.7MB
-
MD5
b2e0eede7b18253dccd0d44ebb5db85a
-
SHA1
ee5db9590090efd5549e1c17ec1ee956ef1ed3d1
-
SHA256
7f18e5b5b7645a80a0d44adf3fecdafcbf937bfe30a4cfb965a1421e034996dd
-
SHA512
5608fe7bde5072de7c98bacfe7beb928e6073be87c0fbccd8075c808d9a7c642abe254f6eb620d627f5324e35821fc9b41a31970264abcc472adfbe2c214a9fe
-
SSDEEP
98304:zbc+G4RTwJg0GTvmF3D4cQ1XmkPF0ihOehaOE3Ok7Xk:zbc+G4RTwJGOzfQYkPGihOekj
Score8/10-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes itself
-
Reads EFI boot settings
Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/90b61cc77bb2d726219fd00ae2d0ecdf6f0fe7078529e87b7ec8e603008232d5
-
Size
8.7MB
-
MD5
100bff2f4ee4d88b005bb016daa04fe6
-
SHA1
36e5f8f70890601aa2adaffb203afd06516097f0
-
SHA256
90b61cc77bb2d726219fd00ae2d0ecdf6f0fe7078529e87b7ec8e603008232d5
-
SHA512
a1cb52bc6edaa7f8bb216d2a5f3deb0b8468c64b43931ef570c05e6a9872c63f00aff50d69686fdc2ea25d3d83da4bf9d78f5e6910643163570d0bd6279c6e16
-
SSDEEP
98304:wRINZeR9Zy031d3eDi2dZQT3/S1GVlOre53ziKZ7Xk:wRINZeR9Zx1CFDQD/SQVlOrKr
Score8/10-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes itself
-
Reads EFI boot settings
Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
-
-
Target
The-MALWARE-Repo-master/Botnets/FritzFrog/9384b9e39334479194aacb53cb25ace289b6afe2e41bdc8619b2d2cae966b948
-
Size
8.6MB
-
MD5
4842d5cc29c97aa611fba5ca07b060a5
-
SHA1
f93772038406f28fa4ca1cfb23349193562414b2
-
SHA256
9384b9e39334479194aacb53cb25ace289b6afe2e41bdc8619b2d2cae966b948
-
SHA512
cf1cb3f0291f3e0c3b47ff3ee9074b624e2d9781f9637d14ede0628ebb4b8b0fe13e16583f6a933a3e20872ec084dc812237f021757efe2a6d527a0a1723b5c8
-
SSDEEP
98304:JcZJWD3qZL7I9lysBfU9OWQcIImfWoezuA+dTlwO0Fz7Xk:JcZJWTqZLGlHsHQl3fNezuAI5g
Score8/10-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Deletes itself
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Indicator Removal
1Modify Registry
2Virtualization/Sandbox Evasion
1