Overview

overview

10

Static

static

10

malware-co...es.vbs

windows7-x64

1

malware-co...es.vbs

windows10-2004-x64

1

malware-co...er.exe

windows7-x64

1

malware-co...er.exe

windows10-2004-x64

1

malware-co...st.exe

windows7-x64

3

malware-co...st.exe

windows10-2004-x64

3

malware-co...us.exe

windows7-x64

7

malware-co...us.exe

windows10-2004-x64

7

malware-co...er.exe

windows7-x64

1

malware-co...er.exe

windows10-2004-x64

1

malware-co...Te.dll

windows7-x64

1

malware-co...Te.dll

windows10-2004-x64

1

malware-co...e/.dll

windows7-x64

1

malware-co...e/.dll

windows10-2004-x64

1

malware-co...rm1.js

windows7-x64

1

malware-co...rm1.js

windows10-2004-x64

1

malware-co...m1.vbs

windows7-x64

1

malware-co...m1.vbs

windows10-2004-x64

1

malware-co...er.vbs

windows7-x64

1

malware-co...er.vbs

windows10-2004-x64

1

malware-co...es.vbs

windows7-x64

1

malware-co...es.vbs

windows10-2004-x64

1

malware-co...a2.exe

windows7-x64

1

malware-co...a2.exe

windows10-2004-x64

1

malware-co...a2.exe

windows7-x64

1

malware-co...a2.exe

windows10-2004-x64

1

malware-co...AES.js

windows7-x64

1

malware-co...AES.js

windows10-2004-x64

1

malware-co...ase.js

windows7-x64

1

malware-co...ase.js

windows10-2004-x64

1

malware-co...ish.js

windows7-x64

1

malware-co...ish.js

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    malware-collection-master.zip

  • Size

    72.8MB

  • Sample

    240303-qcpqraah7t

  • MD5

    4293bf4f1ed1b58f02d6a07f48518b63

  • SHA1

    fecc4aee891aa8054381902d403c69565afb1a33

  • SHA256

    6436568a104a8811d5180569f34b16f5ab9903f49a4027ccc82d7ef43e66c315

  • SHA512

    82fa7de55cc52280a644ca93c81bee8c869fde877005772dfd032d2c9b54a1de44df0400ff8ed0ac1195b197e7539af8c1ac0c7e22bf344977267291991f3e80

  • SSDEEP

    1572864:H7p+6cE+7rmcLMaB/S+iRQ4afg/D98QuT9k+YTTp:VqE+7r/MIr7Y/D2QuTXYTTp

Score
10/10
xoristransomwarespywarestealerupx

Malware Config

Targets

    • Target

      malware-collection-master/Ransomware/Shell Locker - Source Code/ShellLocker/ShellLocker/My Project/Resources.resx

    • Size

      5KB

    • MD5

      c07716633f086d91759ae32a18996a1a

    • SHA1

      bf3383c20acf6e64ce49f120938456161e5f6cb9

    • SHA256

      4e124f5a7694ffe813c60601b1b73c53e47536b1f1c0e798d4d55bfc2ca3774f

    • SHA512

      c6ad0ec603ff69d2d1b787db9426f29d44ea1ba45cf1d2b7ec41cc2bd6d5c93af8d2299139cc1c5d10d56718f36daa37d544f8d5411fad91a72efc2e70454cdf

    • SSDEEP

      96:ECf+lbD5X5LPXCazYV5Lv6K6uOidfaxwsxuUPFE3qxdRMvDTursrbLAy202W:Zf+tLPfYnLvFVOiFQaUR6

    Score
    1/10
    behavioral1behavioral2

    • Target

      malware-collection-master/Ransomware/Shell Locker - Source Code/ShellLocker/ShellLocker/bin/Debug/ShellLocker.exe

    • Size

      679KB

    • MD5

      5f3a3ee275a03ac1c2fa5482649b6471

    • SHA1

      9673a5a87428e3b38e65f2cd922946d47c4a329b

    • SHA256

      c9661b2f5274b1835d64e6d58ea5a8ff58ffa8d9d19a9a31bd43f074c6e2eb69

    • SHA512

      405139d37c3ec224f96316a59b2764d159d750d480acbbbc77c7bb8f46d9709dbcbea60cfe6d6f500d72e4b23b88ac52951bf13fb34ad81ffde9d5c32b0fb46a

    • SSDEEP

      12288:/W3FwqcxVUmAb35S9DLF4YMQ9WhueDFEkSstBZfMUpqv:/W3FwqcxKmgBkW8dstXEUpqv

    Score
    1/10
    behavioral3behavioral4

    • Target

      malware-collection-master/Ransomware/Shell Locker - Source Code/ShellLocker/ShellLocker/bin/Debug/ShellLocker.vshost.exe

    • Size

      22KB

    • MD5

      5a968502b84a268ca84018f1a9f6bb59

    • SHA1

      473b76e89014eebfaa03aa6c3b741dc3747c98c7

    • SHA256

      58d46a3801c280908698ef4ff789546427b9be7cd78f61a7533cc2f56c1b881b

    • SHA512

      73b0a1903b92e95ca0251e78a18d4fbdf61be15ec29f283488a7c3914ca2bdbb4267a4f5f86e0cd20a809bed1f0f0e804189da541a58a50df35271107f0c1bd6

    • SSDEEP

      384:TICPZQWMPW7SUA0GftpBjcV+ILKHRN7illI66s1:8WAMiWVm566

    Score
    3/10
    behavioral5behavioral6

    • Target

      malware-collection-master/Ransomware/Shell Locker - Source Code/ShellLocker/ShellLocker/bin/Release/chatwithus.exe

    • Size

      94KB

    • MD5

      794611fca6474ec37bbe5dbff3b475ab

    • SHA1

      adacbabeac5b164bbe30d441efde2daee3a878c5

    • SHA256

      4f6ccc3d4a62fd0cf7af7ed63ac12f90f46261f251cab3dc2783cad4674a9e05

    • SHA512

      539669178baf248a9d992d595d29e9b7b0286b4a78e5140c7a09bc253277492fe7e61b32f3e5885d8e65c5ef76d733ae9c73f3d9de571e4e0ac079f5408ee698

    • SSDEEP

      1536:fbsbfRKrE4FG4qWE0lcdCgJiWE0lcdCgJ4skgx:fbs0rlFG8oBJJoBJ4dgx

    Score
    7/10
    ransomwarespywarestealer

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Sets desktop wallpaper using registry

      ransomware
    behavioral7behavioral8

    • Target

      malware-collection-master/Ransomware/Shell Locker - Source Code/ShellLocker/ShellLocker/obj/Debug/ShellLocker.exe

    • Size

      679KB

    • MD5

      5f3a3ee275a03ac1c2fa5482649b6471

    • SHA1

      9673a5a87428e3b38e65f2cd922946d47c4a329b

    • SHA256

      c9661b2f5274b1835d64e6d58ea5a8ff58ffa8d9d19a9a31bd43f074c6e2eb69

    • SHA512

      405139d37c3ec224f96316a59b2764d159d750d480acbbbc77c7bb8f46d9709dbcbea60cfe6d6f500d72e4b23b88ac52951bf13fb34ad81ffde9d5c32b0fb46a

    • SSDEEP

      12288:/W3FwqcxVUmAb35S9DLF4YMQ9WhueDFEkSstBZfMUpqv:/W3FwqcxKmgBkW8dstXEUpqv

    Score
    1/10
    behavioral10behavioral9

    • Target

      malware-collection-master/Ransomware/Shell Locker - Source Code/ShellLocker/ShellLocker/obj/Debug/TempPE/My Project.Resources.Designer.vb.dll

    • Size

      6KB

    • MD5

      d321f21513674048443264683e997992

    • SHA1

      61f59da8227b3cbf9dec78a098c9a0b37236d640

    • SHA256

      cb7736ac7557082aefb50baca5ae9541a8090c772c1b9a89196474e09e0bdddd

    • SHA512

      a87cd10cbac3e1d6d994c161bdf3b5444c1560daea21f103da98c238179942df4c7ef038347273c305313fd1dd1f0c6c3722ecbe6634176914b6d3d41fea4405

    • SSDEEP

      96:9ovn4Z5lK+49cGLq1BH9OHmOd2nigM1TThIW1PnEfpH9Bux84Wk97pInmK:96sEbXW1BHQGO461TThIW1PnaJ0l6V

    Score
    1/10
    behavioral11behavioral12

    • Target

      malware-collection-master/Ransomware/Shell Locker - Source Code/ShellLocker/ShellLocker/obj/Release/TempPE/My Project.Resources.Designer.vb.dll

    • Size

      6KB

    • MD5

      cc7a5f9f4a46fe1f777865569dea964a

    • SHA1

      c18f49a827bcc279a1a0a7661574e4b755cecb7c

    • SHA256

      711fdad8e5a1ad914bed61dce60cabac328d7108aff4874306a8a9abce947903

    • SHA512

      cb1dbc1d0abb51dcf7c8e83fdc0bb58a1d41449edaaca715e7eb4befab57148ed94e3a9d80efb6f578e6257db167ade1ce0d0a56ea4efbceaca5b0611d5c8ed9

    • SSDEEP

      96:+Tvn4Z5lfZ8Qym8GzXHyOHmOd2niXM1TThIW1PnEfpH9kx84Wk97RnmK:osfmngXH9GO411TThIW1PnaKldV

    Score
    1/10
    behavioral13behavioral14

    • Target

      malware-collection-master/Ransomware/eda2/eda2/eda2/Form1.cs

    • Size

      8KB

    • MD5

      d38de550ba4aeff404c8421fdf5ae192

    • SHA1

      6209b04561063ec3e207debd6c91c03da2ef68c5

    • SHA256

      25af708af5ffc8067f2d086d022cb77820fce747c3ddc41d9d24bff1ff3834bc

    • SHA512

      15741ede9411aab22ecc95c714af8b78be595065599b0933fd1eff789185cafb69ea548a77c9fb4b07ad132d68483417bb2b3228dbbbd1505d76577e7fec9cc2

    • SSDEEP

      192:ujRag+PeMSIamWrpB4/1WPB4/20XC5KYpwUS1ajSCp9IaC6xy:ujRagkMP9B4/oPB4/eLS1a4

    Score
    1/10
    behavioral15behavioral16

    • Target

      malware-collection-master/Ransomware/eda2/eda2/eda2/Form1.resx

    • Size

      150KB

    • MD5

      c2c86dc2c6d133abae64c4170aec2765

    • SHA1

      73fcfa975496f5c32193e7b652433838788e6038

    • SHA256

      9f7637b3a10ac9d4737e83febdd636bc84fbcaf73764f72e6d9ad650b5fb6302

    • SHA512

      7b21a8b96266070ca825f75077e431551b74f0b1fed38e16eab1872ebd12b4f31b3760ed34f85ed35b294d9c480ab4af687df35103164b811cff6232232c74b4

    • SSDEEP

      768:ZfWMnXOiWa4FrlSFxrhORaTo7N+BnPjsWpjfhByENdRQsJs6tdTOEgqdm+soeyzu:ZfIiWnlqgaTuN2no2fbRqkdsWzPG

    Score
    1/10
    behavioral17behavioral18

    • Target

      malware-collection-master/Ransomware/eda2/eda2/eda2/Properties/Resources.Designer.cs

    • Size

      2KB

    • MD5

      1260ded9410ea2c13e56041b871c928e

    • SHA1

      3ef888ea58c2987a8cab5ef35b7d137021acc8f2

    • SHA256

      36c8612d63d12af1b361cde257b7a128066d1e25f9837182d953328ce56401ae

    • SHA512

      693d4f0d67ed3b8ea6994ea71a1312357f5529c2616ecb502a55ce6324d3595c0a248da7ebce856709e1ddabded247b7ef8fb6baf8ee416392d851cfe1b224d1

    Score
    1/10
    behavioral19behavioral20

    • Target

      malware-collection-master/Ransomware/eda2/eda2/eda2/Properties/Resources.resx

    • Size

      5KB

    • MD5

      c07716633f086d91759ae32a18996a1a

    • SHA1

      bf3383c20acf6e64ce49f120938456161e5f6cb9

    • SHA256

      4e124f5a7694ffe813c60601b1b73c53e47536b1f1c0e798d4d55bfc2ca3774f

    • SHA512

      c6ad0ec603ff69d2d1b787db9426f29d44ea1ba45cf1d2b7ec41cc2bd6d5c93af8d2299139cc1c5d10d56718f36daa37d544f8d5411fad91a72efc2e70454cdf

    • SSDEEP

      96:ECf+lbD5X5LPXCazYV5Lv6K6uOidfaxwsxuUPFE3qxdRMvDTursrbLAy202W:Zf+tLPfYnLvFVOiFQaUR6

    Score
    1/10
    behavioral21behavioral22

    • Target

      malware-collection-master/Ransomware/eda2/eda2/eda2/bin/Debug/eda2.exe

    • Size

      208KB

    • MD5

      9ed4b9ace2563ce02973e94999e5081e

    • SHA1

      7c69fd4f8650370ce07d18436ee4a44185f4f529

    • SHA256

      fa2a9561a0cfc535908b8b39168391d4f87c685e8d95f52a51d194cc7264ba37

    • SHA512

      6d48b956cbfc2d1a27a89e082bd7f914b5aeac8e00339a961cd1a18bab860185a64bb471f71e69e4bd1cacb801f57df140dffe7fd6b5b007eb2ec4b5540f8031

    • SSDEEP

      3072:etRM+lmsolAIrRuw+mqv9j1MWLQ5MTmmsolNIrRuw+mqv9j1MWLQ5:1+lDAArTmDAN

    Score
    1/10
    behavioral23behavioral24

    • Target

      malware-collection-master/Ransomware/eda2/eda2/eda2/obj/Debug/eda2.exe

    • Size

      208KB

    • MD5

      9ed4b9ace2563ce02973e94999e5081e

    • SHA1

      7c69fd4f8650370ce07d18436ee4a44185f4f529

    • SHA256

      fa2a9561a0cfc535908b8b39168391d4f87c685e8d95f52a51d194cc7264ba37

    • SHA512

      6d48b956cbfc2d1a27a89e082bd7f914b5aeac8e00339a961cd1a18bab860185a64bb471f71e69e4bd1cacb801f57df140dffe7fd6b5b007eb2ec4b5540f8031

    • SSDEEP

      3072:etRM+lmsolAIrRuw+mqv9j1MWLQ5MTmmsolNIrRuw+mqv9j1MWLQ5:1+lDAArTmDAN

    Score
    1/10
    behavioral25behavioral26

    • Target

      malware-collection-master/Ransomware/eda2/webpanel/lib/Crypt/AES.php

    • Size

      6KB

    • MD5

      91c7c2adec8eb76606187c3a3ae03516

    • SHA1

      e401d7e5c61d605697cd0039e48bef1d716ec5c9

    • SHA256

      64a960151b291376234896ce6af125d63a73c05e9b0233c57d8f4e776a7bfdf3

    • SHA512

      e93e37eecbe24a7df1eb18ce7ab151cfb8993f793c4506d27eb081ca7652099b932ae0884689372d328c67074144b21f47f7439396ec09014bf991a38ee44a3a

    • SSDEEP

      96:tkfNX1gtYMQHqEoY5t8tK/emhDglGRgxbKJCxHKf4nQo1eu8L:wqYMQHRqE/eDGwsf4Qo1eu8L

    Score
    1/10
    behavioral27behavioral28

    • Target

      malware-collection-master/Ransomware/eda2/webpanel/lib/Crypt/Base.php

    • Size

      95KB

    • MD5

      7dbfc9ae2150a4aef6c287509f039edf

    • SHA1

      e61738644a67602e95bc9efbc26051a80c8e1f55

    • SHA256

      d90a197b7eabf36a2238d93f70b7e9f6a2a6caf6a203ddf040c85be9cc6bd3cb

    • SHA512

      3cbb27dee33aa455764d259adf7145521c35915f9d0e84275805b4681ac536af9df821388da603d283b74d3da0ad52be2f48b7a7ece001bc5790c717b909c223

    • SSDEEP

      768:gpNwdYFWcywvkt0DGcr2on07vlfMOGHFnEeLi+:gpNcgywvkt0Eo07WOGHFvi+

    Score
    1/10
    behavioral29behavioral30

    • Target

      malware-collection-master/Ransomware/eda2/webpanel/lib/Crypt/Blowfish.php

    • Size

      28KB

    • MD5

      878e28976c213120054e75cadb110de0

    • SHA1

      2e2bde288eac57280fdb2e325c52e9587a9e178b

    • SHA256

      322562d6c11738d8f9945f2647973238580375e113af2557bf4214ae4292e8e8

    • SHA512

      559c65d5f5d3a5e8298aa584af71a938382af46a173610bb2197b82d6391873d8690062182366eb9a14fdd9b08bdcfb8ba21560d78699cff52c2639e540e755f

    • SSDEEP

      768:mFRodA3UG1A5GXIFC6w3vJwQgSut7IQZS2H:mFOS3n14LwKvR7IN2H

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Defacement

1
T1491

Resource Development

Reconnaissance

Tasks

static1

upxxorist
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

ransomwarespywarestealer
Score
7/10

behavioral8

ransomwarespywarestealer
Score
7/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10