004130a04dfdbe993a7f9edd8f28d13d5b5e9df4bcf589a44cc650384f5a54a4

General

Target

Napalm Loader.zip
Size

23.4MB
Sample

240311-g8kx1aec6y
MD5

0763aff90dff7d0af5a10723dd749e2c
SHA1

135d8e9b5bd5edce6c62315083a676cc97097a9b
SHA256

004130a04dfdbe993a7f9edd8f28d13d5b5e9df4bcf589a44cc650384f5a54a4
SHA512

0894ba67242eac76dcf9d50d63a40566c6ddf3a3f09ac07d2852fca0f007847140386f580c8a3c078dc6f845ee11984051014049d3abcb4719601ed037b3f590
SSDEEP

393216:yr8PTUWddaYBf146awqPf4XlqxKV00KHFiV25EdKQbKlydakGP4tebv23Umj4kFo:yQPjdaYB9LYQVqxKq1buKQbkyPtebOp4

Score

8^/10

Malware Config

Targets

- Target
  
  Napalm Loader.zip
- Size
  
  23.4MB
- MD5
  
  0763aff90dff7d0af5a10723dd749e2c
- SHA1
  
  135d8e9b5bd5edce6c62315083a676cc97097a9b
- SHA256
  
  004130a04dfdbe993a7f9edd8f28d13d5b5e9df4bcf589a44cc650384f5a54a4
- SHA512
  
  0894ba67242eac76dcf9d50d63a40566c6ddf3a3f09ac07d2852fca0f007847140386f580c8a3c078dc6f845ee11984051014049d3abcb4719601ed037b3f590
- SSDEEP
  
  393216:yr8PTUWddaYBf146awqPf4XlqxKV00KHFiV25EdKQbKlydakGP4tebv23Umj4kFo:yQPjdaYB9LYQVqxKq1buKQbkyPtebOp4
Score

1^/10
behavioral1
- Target
  
  Napalm Loader.exe
- Size
  
  23.4MB
- MD5
  
  bc2429b889b6c8621702c464a7cb39f5
- SHA1
  
  ee4a3016f2584ca664b264b0aa0738ffdb2126aa
- SHA256
  
  502c6e0007e310ce5b04b7d8dd91c12593c140aecb29797da269767e4dc2f545
- SHA512
  
  0ae58a6c278c6b20099ebe6a64a228d0f584ea768c5355a8647a5d0ff111a5ca6c1f99e65451085fc36b985ebffb9cae6d45dadf5f5e540f473eee75eb5462fb
- SSDEEP
  
  393216:2o9DQWvz+q3VhrScsdLKFL+9qz8sEnBSVkRIrY87MQ7Ck+7q3D1JMEU1zGzWXiWC:39Bz+q3zF+ep+9q4BzcY87MQZ3D1KLyP
Score

8^/10

persistence upx
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Modifies AppInit DLL entries
  persistence
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral2
- Target
  
  Napalm Loader.pyc
- Size
  
  68KB
- MD5
  
  b7ca8ee18b13979be009f9cfa57c5f78
- SHA1
  
  cc706be1d0b96734502203fc726411883b4d55f4
- SHA256
  
  f412026c2efb1f93cbe70c115eefcf41e52d2a68df4be89da6562ebcd1ed9b56
- SHA512
  
  3dbfdfae12ca8be43a6bf9f5f93198f592a775a1e0acbb88e8ee91f8719253711e349a0653da9bbdac506e552397dd899c7fa88c1985b82cb2ee27539145dd89
- SSDEEP
  
  768:52RfPTS6QcmCM26/hfsz6oe+x1F1mAJbX3hElmXTxdhlzJsfCGMq+0AnjEUnrIFO:52E6QhjhQ8AHnxTGCGMq+F4qreO
Score

3^/10
behavioral3
- Target
  
  README.txt
- Size
  
  311B
- MD5
  
  df08ee787e300dc455b80859b9cfb4a4
- SHA1
  
  b745bdb7fed8ac5a8db2cdfed0ed9505373a49ff
- SHA256
  
  5ed138a114a1633bcbac857a1822d86b0704f24344a6588488a003535194ccd3
- SHA512
  
  2df8cc7cd8a49abc3a8ca1c810628b891279942d8331b6469276a2dd1ceb4b0d9b14cd31632b02ccd79d63a965f890f7fc97d50a54104a3c60034cb5c538c593
Score

1^/10
behavioral4
- Target
  
  hash.txt
- Size
  
  64B
- MD5
  
  bb666a456019a1e0a3d3e9e1ce09a22a
- SHA1
  
  366e8f641f9103e95d21948c5cc7afca7e586e25
- SHA256
  
  012286270a27d7c5faf7ceebc17ddbef5795a51c6513d40b6d9fe03d1ec96644
- SHA512
  
  5f80d7729b772f4ba20a1e746c95eb021a625ef655c48ae24c4fd32a5f72b1d8fc5166a4b4369d06f20fb670d44cfee7ff922c5bb152e4f2149bcd4bc9d15e1b
Score

1^/10
behavioral5
- Target
  
  napalm_hook.dll
- Size
  
  341KB
- MD5
  
  e2a68ccb323d103034a0ba6deb9ae1c5
- SHA1
  
  c6137d88d67469cf80a15caf65b779e2249ad9d4
- SHA256
  
  00151dbec59f369a280112d04b1ed3202323eaa8c487d9da6deba67bf7c89237
- SHA512
  
  d92d1b25e598f7a7b956a655e4d6d2a344b0bff517ce650521ecbaffb730314ef2f82ac04842ebdb5f60d49c3a449a5db44bb7d647fc1a9869eec4cd31a00eab
- SSDEEP
  
  6144:57oy9Zr+BAF84IC117bTyQdgrmPCeQelz7lWLxnNSdwl2OSd2T:iy9Zrp8smcYmEAexnNb
Score

1^/10
behavioral6