Overview
overview
10Static
static
3ZC-AIO/any...t__.py
windows7-x64
3ZC-AIO/any...t__.py
windows10-2004-x64
3ZC-AIO/any...ase.py
windows7-x64
3ZC-AIO/any...ase.py
windows10-2004-x64
10ZC-AIO/any...pat.py
windows7-x64
3ZC-AIO/any...pat.py
windows10-2004-x64
3ZC-AIO/any...ons.py
windows7-x64
3ZC-AIO/any...ons.py
windows10-2004-x64
3ZC-AIO/any...lds.py
windows7-x64
3ZC-AIO/any...lds.py
windows10-2004-x64
3ZC-AIO/any...sks.py
windows7-x64
3ZC-AIO/any...sks.py
windows10-2004-x64
3ZC-AIO/any...emo.py
windows7-x64
3ZC-AIO/any...emo.py
windows10-2004-x64
3ZC-AIO/any...tup.py
windows7-x64
3ZC-AIO/any...tup.py
windows10-2004-x64
3ZC-AIO/any...ch.exe
windows7-x64
7ZC-AIO/any...ch.exe
windows10-2004-x64
7ZC-AIO/install.bat
windows7-x64
1ZC-AIO/install.bat
windows10-2004-x64
1ZC-AIO/mod...12.pyc
windows7-x64
3ZC-AIO/mod...12.pyc
windows10-2004-x64
3ZC-AIO/mod...12.pyc
windows7-x64
3ZC-AIO/mod...12.pyc
windows10-2004-x64
3ZC-AIO/mod...12.pyc
windows7-x64
3ZC-AIO/mod...12.pyc
windows10-2004-x64
3ZC-AIO/mod...12.pyc
windows7-x64
3ZC-AIO/mod...12.pyc
windows10-2004-x64
3ZC-AIO/mod...12.pyc
windows7-x64
3ZC-AIO/mod...12.pyc
windows10-2004-x64
3ZC-AIO/mod...12.pyc
windows7-x64
3ZC-AIO/mod...12.pyc
windows10-2004-x64
3General
-
Target
ZC-AIO.rar
-
Size
16.9MB
-
Sample
240311-shz5sadg8s
-
MD5
3facc1deb6e62481a0ceb4bffe07a906
-
SHA1
1cd5674d5ebcf54bbb48aa4153eaa2e371731616
-
SHA256
e6015567f25c32599b2c0cad7e3f1213ea6df23fcd04dd3876a18e33651d8a93
-
SHA512
6e3b459bd1541760af4adc25006c4d24b0eaf65f2c31ddfafb85718ed4b2193022c6078500de2bb126bc4ccc9bea0926bdf77b063f90820db160ef3e3a3190e6
-
SSDEEP
393216:GBJpAgVxiwQaFSxIM/d5OJLUdnXvpPRqGLNuwpLPwGQaA:iDAgd8xPF5R5Bpr18pV
Behavioral task
behavioral1
Sample
ZC-AIO/anycaptcha-python-main/anycaptcha/__init__.py
Resource
win7-20240221-de
Behavioral task
behavioral2
Sample
ZC-AIO/anycaptcha-python-main/anycaptcha/__init__.py
Resource
win10v2004-20240226-de
Behavioral task
behavioral3
Sample
ZC-AIO/anycaptcha-python-main/anycaptcha/base.py
Resource
win7-20240221-de
Behavioral task
behavioral4
Sample
ZC-AIO/anycaptcha-python-main/anycaptcha/base.py
Resource
win10v2004-20240226-de
Behavioral task
behavioral5
Sample
ZC-AIO/anycaptcha-python-main/anycaptcha/compat.py
Resource
win7-20240221-de
Behavioral task
behavioral6
Sample
ZC-AIO/anycaptcha-python-main/anycaptcha/compat.py
Resource
win10v2004-20240226-de
Behavioral task
behavioral7
Sample
ZC-AIO/anycaptcha-python-main/anycaptcha/exceptions.py
Resource
win7-20240221-de
Behavioral task
behavioral8
Sample
ZC-AIO/anycaptcha-python-main/anycaptcha/exceptions.py
Resource
win10v2004-20240226-de
Behavioral task
behavioral9
Sample
ZC-AIO/anycaptcha-python-main/anycaptcha/fields.py
Resource
win7-20240221-de
Behavioral task
behavioral10
Sample
ZC-AIO/anycaptcha-python-main/anycaptcha/fields.py
Resource
win10v2004-20240226-de
Behavioral task
behavioral11
Sample
ZC-AIO/anycaptcha-python-main/anycaptcha/tasks.py
Resource
win7-20240221-de
Behavioral task
behavioral12
Sample
ZC-AIO/anycaptcha-python-main/anycaptcha/tasks.py
Resource
win10v2004-20240226-de
Behavioral task
behavioral13
Sample
ZC-AIO/anycaptcha-python-main/demo.py
Resource
win7-20240221-de
Behavioral task
behavioral14
Sample
ZC-AIO/anycaptcha-python-main/demo.py
Resource
win10v2004-20240226-de
Behavioral task
behavioral15
Sample
ZC-AIO/anycaptcha-python-main/setup.py
Resource
win7-20240221-de
Behavioral task
behavioral16
Sample
ZC-AIO/anycaptcha-python-main/setup.py
Resource
win10v2004-20240226-de
Behavioral task
behavioral17
Sample
ZC-AIO/anycaptcha-python-main/varssearch.exe
Resource
win7-20240221-de
Behavioral task
behavioral18
Sample
ZC-AIO/anycaptcha-python-main/varssearch.exe
Resource
win10v2004-20240226-de
Behavioral task
behavioral19
Sample
ZC-AIO/install.bat
Resource
win7-20240221-de
Behavioral task
behavioral20
Sample
ZC-AIO/install.bat
Resource
win10v2004-20240226-de
Behavioral task
behavioral21
Sample
ZC-AIO/modules/__pycache__/config.cpython-312.pyc
Resource
win7-20240220-de
Behavioral task
behavioral22
Sample
ZC-AIO/modules/__pycache__/config.cpython-312.pyc
Resource
win10v2004-20240226-de
Behavioral task
behavioral23
Sample
ZC-AIO/modules/__pycache__/functions.cpython-312.pyc
Resource
win7-20240221-de
Behavioral task
behavioral24
Sample
ZC-AIO/modules/__pycache__/functions.cpython-312.pyc
Resource
win10v2004-20240226-de
Behavioral task
behavioral25
Sample
ZC-AIO/modules/__pycache__/start.cpython-312.pyc
Resource
win7-20240221-de
Behavioral task
behavioral26
Sample
ZC-AIO/modules/__pycache__/start.cpython-312.pyc
Resource
win10v2004-20240226-de
Behavioral task
behavioral27
Sample
ZC-AIO/modules/__pycache__/updater.cpython-312.pyc
Resource
win7-20240221-de
Behavioral task
behavioral28
Sample
ZC-AIO/modules/__pycache__/updater.cpython-312.pyc
Resource
win10v2004-20240226-de
Behavioral task
behavioral29
Sample
ZC-AIO/modules/__pycache__/variables.cpython-312.pyc
Resource
win7-20240221-de
Behavioral task
behavioral30
Sample
ZC-AIO/modules/__pycache__/variables.cpython-312.pyc
Resource
win10v2004-20240226-de
Behavioral task
behavioral31
Sample
ZC-AIO/modules/checkers/__pycache__/bonk_io.cpython-312.pyc
Resource
win7-20240221-de
Behavioral task
behavioral32
Sample
ZC-AIO/modules/checkers/__pycache__/bonk_io.cpython-312.pyc
Resource
win10v2004-20240226-de
Malware Config
Extracted
C:\Users\Admin\Downloads\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Extracted
C:\Users\Admin\Downloads\r.wnry
wannacry
Targets
-
-
Target
ZC-AIO/anycaptcha-python-main/anycaptcha/__init__.py
-
Size
660B
-
MD5
1c63900b53a5c8f84ed65311e3eff35e
-
SHA1
2ad70997b8db067f53401c6533d6d24e1bc763d4
-
SHA256
415730615d50d0cdc314d0b56ea5cee2be8004b6f6856e12a591c629c2ce5415
-
SHA512
e16d931a23e37a9c01eda7e8cb4a5ae07ad492ec39946a2184a67c0ca9e6172d34fa1eb042b00dc953df32ff5479d44d0c8ab26210b1422f3592a4d9857e5d97
Score3/10 -
-
-
Target
ZC-AIO/anycaptcha-python-main/anycaptcha/base.py
-
Size
7KB
-
MD5
2289724b20fea57866e7077769b37567
-
SHA1
039881c8eb47b0550c3129ef27f478441849c009
-
SHA256
2f8cae5d7c1cb8774c101c93f3e960c1d81ffdc4c4154af7a5df5b95ba239e53
-
SHA512
c4a098a1c0eedf676a56de529584a2c38f32550b5524e2f6f4847191bbcf406c7a8ab20dbd8e895018d8821eebb3dbb2fe267f48cf232559d24702e54c11a156
-
SSDEEP
192:XT40Dayut3jj1l1lIWMbSqQEd9MMo3SFttFpkryJ:bDatvl49QEgItSG
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
-
-
Target
ZC-AIO/anycaptcha-python-main/anycaptcha/compat.py
-
Size
278B
-
MD5
5c97708c4dc15943eff639b19e87b2ee
-
SHA1
10aa100c8c02abd4de745977e142da3fac30a7d3
-
SHA256
eea7e96fd695e28ce2acc4b379f71e2948ceabfceecd0c4e1b25260d3710e074
-
SHA512
085ad3ecbee5d61a0fca9ce5c300fc3196539a7d47e61cde4b46c4c4bcb3c23a10f2abc783cffa4c4a8157f315f88667e9fbda5f720eb7e9e5a717754b2e809d
Score3/10 -
-
-
Target
ZC-AIO/anycaptcha-python-main/anycaptcha/exceptions.py
-
Size
1013B
-
MD5
eb468da2c92664555f160f82ebca2ddc
-
SHA1
539bf7d6dd232af1a2b40dddb13449ea4008e35d
-
SHA256
232fe0bded9d11aeb9475f367833a8ccd89a0c683df21ee9cb8a0628c3b2df08
-
SHA512
d16698743bf106859ec98494cf489935828b56b3a9bcb75915b47fef38948c9b9e514bb5fbdb6a149177bbacae43584c190c0a305a31f67f83b6444e7422f351
Score3/10 -
-
-
Target
ZC-AIO/anycaptcha-python-main/anycaptcha/fields.py
-
Size
5KB
-
MD5
5f14bbfc3204edc040551cac2490f447
-
SHA1
cc5a8eaee041774e180966f9e24630baae56085e
-
SHA256
0d8d399fda7bbeb8567eb6b01b20f6b442cb2921be5f49da7b1bc449052aa5d1
-
SHA512
9473faa03f0a2607fd9cf1729cedefa5102db17993c292e4d6cc8b41d82147d2a7e1c533c7d86d3799ff53076175308863180c383742b8d3c6d8732b7282f6d0
-
SSDEEP
96:Bx8IqPMFjQ42oHd7YfbuKhOqNz9RAXDjt+wMZQjxTqhdNanDqEPUS:wt+DDX
Score3/10 -
-
-
Target
ZC-AIO/anycaptcha-python-main/anycaptcha/tasks.py
-
Size
9KB
-
MD5
116d16e8362ee2136b4abb883d1fe61f
-
SHA1
f949c313f261c4568acf9bb82dad1edda81c9be3
-
SHA256
ca3dedeb3e577c0177a5dceaa88f286b3417c5ec014131b04d108719bf7b71f8
-
SHA512
bc154a6fe258d2738a83d48d4d603807926dfb010d0f05b68bba89451201f3466a7ca5490649f5683c91802267527dea0ef50f3cf47a8226accb447f536cb7b3
-
SSDEEP
96:+//P56AjsLADSXb6AjRjUhb787d3LhDiWBfT9AnW66WCB6m8TTud5t:w/RabXb3jUV787d35n9IkW7nud5t
Score3/10 -
-
-
Target
ZC-AIO/anycaptcha-python-main/demo.py
-
Size
5KB
-
MD5
dbcbd818db5b5da3d7949cd447a4ab21
-
SHA1
884865106096dad51d8163344e3cdebba403349d
-
SHA256
bb3ccacf7fbab9c705f752d97f2f86bb24977227eef491a798fd6d884b2a5082
-
SHA512
fa3a0c5b6b012ff9bcb522ac209a158b5322ce045a46df35637d0eac2e7e134fac41176ee8968ee9e395e126174c641fdaa2b99cc2c6e0e8bb6f12a835eaed47
-
SSDEEP
96:CfGiRbZaPfvEOA2vf6HvKfPHIjnAPf3bzfRTNLfxPNf8Bz:gVb4PXEAvSyXiavbzJTNL9NE1
Score3/10 -
-
-
Target
ZC-AIO/anycaptcha-python-main/setup.py
-
Size
150B
-
MD5
a1021857a071add28fe50a8dfbb6bcb1
-
SHA1
e98eb72dbadd15fa604603a39f81b12076aea46c
-
SHA256
5c43653e6a69b5d8fa75b3d40dc8cda716b04bc924af53fd9d1195fbc26d5c67
-
SHA512
5af112bb172071382e146e7bfabdc1cb254f7345c1e11ff823d8727ced87b49f8525e1dec99bad8ca72385ad075d3ec2a4534bc4d4c5d771141190eaee1460ce
Score3/10 -
-
-
Target
ZC-AIO/anycaptcha-python-main/varssearch.exe
-
Size
16.9MB
-
MD5
27362a0ed07e0d15642917fefd9a2362
-
SHA1
eaa7630db627f05166d5a0292e9f6186b7bf73e9
-
SHA256
cd74c4a814adb9ca377483d0f61b8eb183e7c2364bd91fe418cb2b3dedca76d1
-
SHA512
a37275dedf2da42550d138bc7d26fee2cfbbc0137ecdbb91262f2d9f2fc6e8636507bc20d3cc4a921ee36012b559074a74be60101908920eb48b187411029524
-
SSDEEP
393216:hEkZgf8FgP8AxYDX1+TtIiFGuvB5IjWqn6eclz13ypX8WjD+da:hRbFbX71QtIZS3ILn6ecfyCeD+da
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
ZC-AIO/install.bat
-
Size
91B
-
MD5
ae699746f445cdcb399b5962d1a85d4d
-
SHA1
6a84334656df64b6dd3207ef6ccadd1c7914c869
-
SHA256
56f4f57a1ebe01e57df3973c03764ae0f7182596115c2cba631d709226e73a05
-
SHA512
8654b3ec9724372185a669ab7c19e179403ebe8ceea378909c7542609f1970b7c6ecb833eaef1372585af917c9b8c994201aeba140522546ed89caaf0fcdc657
Score1/10 -
-
-
Target
ZC-AIO/modules/__pycache__/config.cpython-312.pyc
-
Size
6KB
-
MD5
04c3b054ba72c8a5b1dcb7f208f7bea0
-
SHA1
c94b10d2fab7cd41edca4688bfcfc14aae5f184d
-
SHA256
458154e623dd2a234ec190a790ecd36c4d23ae69e09b7e33fd9501f1b626a2c2
-
SHA512
0ca97c95d325d1e59655aa90ebbbbce02de56f4cb52be40432e46edf309d84a9b904e3c18ec38d95d07c4d88e1468c66db3f4b43f0ed78eb95eb9a6eb06dc089
-
SSDEEP
192:ghIa21Efgvf1NKQao4tHq+sbjcbREQvqyWMTd:pamagYhHq9j2h
Score3/10 -
-
-
Target
ZC-AIO/modules/__pycache__/functions.cpython-312.pyc
-
Size
28KB
-
MD5
9aa1d15d2cee1acaf9aaec8076754982
-
SHA1
f012ca8598620ffcb94c6ccadef8177d135e3014
-
SHA256
d2b973d697ed7c295dba22bc2db9728224321934afde74aaadcd0578763a2858
-
SHA512
5bc1f08b13af5a2eba2194d993c6d2c6a41dcd996577cd4e67b30968e4e6bf2537f3b41beb6f42f0cf4c5bbb79c25d20d4cedb86ce4b5caa1c6ea5cc6805dcb3
-
SSDEEP
384:M6dCCZHDHy1S2FqWdrhJrBipPW3lYI6HgMpL7fjXTwL8tmVRVAyIz:7zH7y1S2Xp3BiQVYI6HgMZbTwgti1Iz
Score3/10 -
-
-
Target
ZC-AIO/modules/__pycache__/start.cpython-312.pyc
-
Size
9KB
-
MD5
dff60e11150b7e57a1fe15bbf40c5667
-
SHA1
bb9b2757ab1a2e14dcb5ecb36293adf7f1b0bd8e
-
SHA256
65eb0787fe15e8f707730d067cd2dfd1ceedede4d50c383ec1ca9d7f928034e5
-
SHA512
d3fc203fc306f734c1e4ca777f4b1f6c4350d4b64bfc8d91a3d5700f8ed8cacb05ea41b78b6b17bde7b4525066297971c7b1cabcf759c7b51ecbda4f223ffd1e
-
SSDEEP
192:Xdm6W7UpUfS+rxVJ/IqYv3rrwx6lsNH+Qtw1i+zyhkltnohHa96:xIUpUfS+rxVJ/IqYv3rrvYgi+mA2Za96
Score3/10 -
-
-
Target
ZC-AIO/modules/__pycache__/updater.cpython-312.pyc
-
Size
706B
-
MD5
8d9aba99c0e55f9389148209ec7aa35b
-
SHA1
8c8eca94ae09dab89f3d93f01301b755cb1307c4
-
SHA256
83af4a716b6230aa8fbf49b0ec95d18623d0f2750a07d1c310e42ca10b195896
-
SHA512
27f71ff2482c7a81da5a98454496052cfa11056f885082928b16b2102584aded06d7b07ec12c655e0b061fd741001f287d19d4809ba1b90dec620dcfd716f4fb
Score3/10 -
-
-
Target
ZC-AIO/modules/__pycache__/variables.cpython-312.pyc
-
Size
1KB
-
MD5
68de46d897b40483bbdcd584216014d4
-
SHA1
0f7e592412220909277f5014e1219c0220cc621a
-
SHA256
c318eec2b6bb3a04626b1e729e954c97cb646ece5d06258719a516932ad74b6f
-
SHA512
27e48336afd85c70410dd120595bc73e9d3356e6acdb8b8aaaaa9bd11a44a792a7db1b55ad47793ae73e62e511c97aa4fa524560a58032b4745bd2932524c997
Score3/10 -
-
-
Target
ZC-AIO/modules/checkers/__pycache__/bonk_io.cpython-312.pyc
-
Size
3KB
-
MD5
83180c2d14797481b5c1f5b591f14013
-
SHA1
66dc41f6ff728d5ba3ce2f59c6b103e1818c0a32
-
SHA256
70be6555be5dc07a106c9262fbb09f7d907436362e2106d21cd6bcd851f15c94
-
SHA512
43d32be98dbc5d0c81780766d83243bb2f729fa2e0107035739eedc4e8ce8d2e9c68088a1f25334304fdba1700f60b9282f53831793a1f1bea15661129f556be
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
1File Deletion
1Modify Registry
4Pre-OS Boot
1Bootkit
1