599b40aa7b210e6c8204c658da233a7bfe8d3f144860a93a4db498b69969679e

Sharing

Copy URL

Twitter E-mail

General

Target

email-worms.zip
Size

359KB
Sample

240315-z7lr1sdd26
MD5

0a1ed3ef52c7f1eaf3f9566dcfb847c5
SHA1

77dda7ab133a0683f1b0cf6ff2a867a92be349ff
SHA256

599b40aa7b210e6c8204c658da233a7bfe8d3f144860a93a4db498b69969679e
SHA512

0c91ed5b54fcf1c4aa26ac7b12d0511525d24968c62461525d17f4645fbb290b82807704ec818739aabe6b50fe6261fa6e539222691ee1de96d7665901a44a90
SSDEEP

6144:0H71nGt6VountL/neIbFX1zyXnQBh95voTVb/UnfVDvsXSBA++fZAG65mK8/t31Z:0H71nAOoqpGIbFFn5voVIuXSijaGtF3

Score

7^/10

Malware Config

Targets

- Target
  
  Gruel.exe
- Size
  
  100KB
- MD5
  
  b0feccddd78039aed7f1d68dae4d73d3
- SHA1
  
  8fcffb3ae7af33b9b83af4c5acbb044f888eeabf
- SHA256
  
  5714efd4746f7796bbc52a272f8e354f67edfb50129d5fdaa1396e920956d0d6
- SHA512
  
  b02b9476eeb9c43fcfef56949f867c1c88f152d65f3961a2838b8bff02df2383945aefb9a8c517ac78d79b5a9163c7677f5b6238f4624b1966994c9c09eb428d
- SSDEEP
  
  1536:ThBfyxwMz14BSSQGRwmkwmGDAzGC6TaPAlbv/g:1BKxwMz14wSQGGUDAATaPAlbv/g
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2
- Target
  
  Happy99.exe
- Size
  
  9KB
- MD5
  
  02dd0eaa9649a11e55fa5467fa4b8ef8
- SHA1
  
  a4a945192cb730634168f79b6e4cd298dbe3d168
- SHA256
  
  4ebe3e1af5e147c580ecce052fe7d7d0219d5e5a2f5e6d8a7f7291735923db18
- SHA512
  
  3bf69de674737ca15d6ff7ce73396194f3631dc4b8d32cc570adeeacdc210acee50fd64c97172ce7cc77f166c681d2ccd55955b3aca9188813b7ff6f49280441
- SSDEEP
  
  192:nR81cIkA5Dbaj/CaFx40Z9HnLH8bzTbjt5BNUFO:RycyhqN4u9HnLH8bnbjtpl
Score

5^/10
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  MeltingScreen.exe
- Size
  
  17KB
- MD5
  
  4784e42c3b15d1a141a5e0c8abc1205c
- SHA1
  
  48c958deba25a4763ef244ac87e87983c6534179
- SHA256
  
  9d355e4f9a51536b05269f696b304859155985957ba95eb575f3f38c599d913c
- SHA512
  
  d63d20a38602d4d228367b6596454a0f5b2884c831e3a95237d23b882abd624de59ea47835636b06a96e216f1decf8c468caacd45e5d3b16a5eb9e87bc69eb97
- SSDEEP
  
  384:eHsipOITNe52uuCiuhwYW5t/QS5uoIjkg:PivNZuhi+wYW5toBoB
Score

1^/10
behavioral5 behavioral6
- Target
  
  MsWorld.exe
- Size
  
  128KB
- MD5
  
  7bd8a009b84b35868613332fe14267ab
- SHA1
  
  d36d4753aab27c6c5e253b9926406f7f97dc69a6
- SHA256
  
  56511f0b28f28c23b5a1a3c7d524ee25a4c6df9ac2b53797c95199534f86bbd2
- SHA512
  
  ad8e121f601f6698d720181d486da828781f729ca7880fb35c6fc70f021197e4a508dc46d980108a168ef2c6c89a62f3140e676ff71a1e40ea3e397ad0c63261
- SSDEEP
  
  3072:6wzn3BP7bo4a8uqwE6WPSUQvdIeaiQFc/sz4Px8vy+sL:R3BPP9G4Qvd/aKk4p8q+s
Score

5^/10
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  MyDoom.exe
- Size
  
  22KB
- MD5
  
  53df39092394741514bc050f3d6a06a9
- SHA1
  
  f91a4d7ac276b8e8b7ae41c22587c89a39ddcea5
- SHA256
  
  fff0ccf5feaf5d46b295f770ad398b6d572909b00e2b8bcd1b1c286c70cd9151
- SHA512
  
  9792017109cf6ffc783e67be2a4361aa2c0792a359718434fec53e83feed6a9a2f0f331e9951f798e7fb89421fdc1ac0e083527c3d3b6dd71b7fdd90836023a0
- SSDEEP
  
  384:96ZQHXcE7hUHwT56cC9Kg65JdwGADkHw/Rjxtuu7VIGGwQWEqpD6:CavuHAUcW/ojwG6kHw/lxqbW
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral10 behavioral9
- Target
  
  out.upx
- Size
  
  32KB
- MD5
  
  c1b1fccf6394c39515f0f86db27db706
- SHA1
  
  019ebac73dae3cbf0958ba52dadc174a4b0b2242
- SHA256
  
  647baea011bb1a19c85f0efeeeaffa02f85044656657eed850f0d68f18614469
- SHA512
  
  8d128934408213714de2fe6da28558330e11226e1c8a95140a6ae005b64f58e73c4bb76ceff265b8d8a1eaa2042238282440169916708a6d1f826917eb548533
- SSDEEP
  
  768:XJt9QXTt8QJZiQcpePcb9eRIdZATwYv1u:Zbq8Qcw5InATwYvY
Score

3^/10
behavioral11 behavioral12
- Target
  
  NetSky.exe
- Size
  
  17KB
- MD5
  
  6f49434d7e4532520372a4721a7a9aec
- SHA1
  
  979e0112b24c1f490653e47e4a340b37f72d17cd
- SHA256
  
  15e48ef767e1b2d696d2f6beec08e12e6e6d8909c070347d2d10abe75c120495
- SHA512
  
  9c86461d65fa52dc0e2ab15f3b95b75fe572f7e46b20ada7fcae57b9fd5355bee6e31b47183d5465e97bc72a065fa96dc8330667fbd3e69b13ed561600e6672c
- SSDEEP
  
  384:7/q2Nfs60PUnfTSILFm4UY2t9L+a30Bpk+3NyqSTqOvSKz:XNNXnmwygkmNHSY
Score

7^/10

persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral13 behavioral14
- Target
  
  Parrot.exe
- Size
  
  51KB
- MD5
  
  73d35451dbfbba5ac051d36f095a629f
- SHA1
  
  0a1c087e6f91506f96e284b89d99a283d650de07
- SHA256
  
  af983d2bf8f90fe563159983521b110e8560a409391254cb8ba7662df88fa3c3
- SHA512
  
  9d74bb098aafa7cf3a9dee0f9a0638015d4be8ea26631082db810560748d2da85607d3bc67c9d75cfa2642e93dca3e0b0c6d214b38176a3b6ac2ba44cbe27836
- SSDEEP
  
  768:oN2SaAr2oCgNHt9WoxayWIHZuvxulndbdb+UWEkrRNK+rR8NeJf9XR6idH6A3s:oASnrpNHt9bUYoWdbdb+VEkr+WXdHvc
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral15 behavioral16