Overview

overview

10

Static

static

10

001.exe

windows7-x64

10

001.exe

windows10-2004-x64

10

1488.exe

windows7-x64

10

1488.exe

windows10-2004-x64

10

1_cr.exe

windows7-x64

5

1_cr.exe

windows10-2004-x64

1

1cr.exe

windows7-x64

10

1cr.exe

windows10-2004-x64

10

1fc2d.exe

windows7-x64

10

1fc2d.exe

windows10-2004-x64

10

6e7_2021-0...04.exe

windows7-x64

10

6e7_2021-0...04.exe

windows10-2004-x64

10

Abjects.exe

windows7-x64

1

Abjects.exe

windows10-2004-x64

1

BattleText.exe

windows7-x64

9

BattleText.exe

windows10-2004-x64

10

HANS.exe

windows7-x64

1

HANS.exe

windows10-2004-x64

1

Hulu.exe

windows7-x64

7

Hulu.exe

windows10-2004-x64

7

IntelFIVE.exe

windows7-x64

3

IntelFIVE.exe

windows10-2004-x64

7

IntelFOUR.exe

windows7-x64

3

IntelFOUR.exe

windows10-2004-x64

7

IntelONE.exe

windows7-x64

3

IntelONE.exe

windows10-2004-x64

7

IntelTHREE.exe

windows7-x64

3

IntelTHREE.exe

windows10-2004-x64

7

IntelTWO.exe

windows7-x64

3

IntelTWO.exe

windows10-2004-x64

7

Lucky_Fixed.exe

windows7-x64

1

Lucky_Fixed.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    08d215fd35494280e6397e8bc527bd6de64eb78a73acd3bd07a01da376ed4cb7

  • Size

    19.6MB

  • MD5

    844d06a617687dec8baef97423d3a6e1

  • SHA1

    ce4bf971d64c3dcb16b720b3291e5c34de91035f

  • SHA256

    08d215fd35494280e6397e8bc527bd6de64eb78a73acd3bd07a01da376ed4cb7

  • SHA512

    69858f7b1c715aeba871ed2e921242da970b1ef6f061c129e5ae2af15935aa44d91f3bd0c9abf2345969b3a36019bd6daa2a2a027cb3e12de96338a01439d469

  • SSDEEP

    393216:jtKgICYntWuBAaWdNWgUYflqQBlwSjFce/f1MSo91pAc:J+ntzAaWdsgZqsxCeX1MJpAc

Score
10/10
upxratdcratavaddon

Malware Config

Signatures

  • Avaddon family
    avaddon
  • Avaddon payload 1 IoCs
  • DCRat payload 1 IoCs

    Detects payload of DCRat, commonly dropped by NSIS installers.

    rat
  • Dcrat family
    dcrat
  • Detects executables containing URLs to raw contents of a Github gist 1 IoCs
  • UPX dump on OEP (original entry point) 2 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 4 IoCs

    AutoIT scripts compiled to PE executables.

  • Unsigned PE 37 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs
    installer

Files

  • 08d215fd35494280e6397e8bc527bd6de64eb78a73acd3bd07a01da376ed4cb7
    .7z
  • 001.txt
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • 1488.txt
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • 1_cr.txt
    .exe windows:5 windows x86 arch:x86

    eb97e4fc5518ac300a92a11673825e0b


    Headers

    Imports

    Sections

  • 1cr.txt
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • 1fc2d.txt
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • 6e7_2021-01-19_18-04.txt
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • Abjects.txt
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • BattleText.txt
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • HANS.txt
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Hulu.txt
    .exe windows:4 windows x86 arch:x86

    a1a66d588dcf1394354ebf6ec400c223


    Headers

    Imports

    Sections

  • IntelFIVE.txt
    .exe windows:5 windows x86 arch:x86

    fcf1390e9ce472c7270447fc5c61a0c1


    Headers

    Imports

    Sections

  • IntelFOUR.txt
    .exe windows:5 windows x86 arch:x86

    fcf1390e9ce472c7270447fc5c61a0c1


    Headers

    Imports

    Sections

  • IntelONE.txt
    .exe windows:5 windows x86 arch:x86

    fcf1390e9ce472c7270447fc5c61a0c1


    Headers

    Imports

    Sections

  • IntelTHREE.txt
    .exe windows:5 windows x86 arch:x86

    fcf1390e9ce472c7270447fc5c61a0c1


    Headers

    Imports

    Sections

  • IntelTWO.txt
    .exe windows:5 windows x86 arch:x86

    fcf1390e9ce472c7270447fc5c61a0c1


    Headers

    Imports

    Sections

  • Lucky_Fixed.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • NotepadPlus.txt
    .exe windows:5 windows x86 arch:x86

    425c54b6507d90a6e2c9eaf3ecf04a80


    Code Sign

    Headers

    Imports

    Sections

  • Osiris_qqkz_nauto.exe
    .exe windows:6 windows x86 arch:x86

    da2dcae38cb7d5fb4bb2e12742d74cfd


    Headers

    Imports

    Sections

  • Out.exe
    .exe windows:5 windows x64 arch:x64

    7027da7f8e7173a664afc4d30c0af509


    Headers

    Imports

    Sections

  • Out.txt
    .exe windows:5 windows x64 arch:x64

    7027da7f8e7173a664afc4d30c0af509


    Headers

    Imports

    Sections

  • Snake.txt
    .exe windows:4 windows x86 arch:x86

    b1a57b635b23ffd553b3fd1e0960b2bd


    Headers

    Imports

    Sections

  • $PLUGINSDIR/78mxr.dll
    .dll windows:6 windows x86 arch:x86

    23bbd544e0b396b8f6666998536c55a4


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    738dc9bb91549f627cf1953c2000e1d6


    Headers

    Imports

    Exports

    Sections

  • Stealers2.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • Stgedo.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Taurjok.txt
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Taurusbabac.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • TeleKiller.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • attached.txt
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • bsdasdasd333.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • build.txt
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • build_makros.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • build_silent.txt
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • buildcmobiler.exe
    .exe windows:5 windows x86 arch:x86

    eb97e4fc5518ac300a92a11673825e0b


    Headers

    Imports

    Sections

  • buildcmobiler.txt
    .exe windows:5 windows x86 arch:x86

    eb97e4fc5518ac300a92a11673825e0b


    Headers

    Imports

    Sections

  • buildcr.txt
    .exe windows:5 windows x86 arch:x86

    eb97e4fc5518ac300a92a11673825e0b


    Headers

    Imports

    Sections

  • buildss.txt
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • clientrevers.txt
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • dcrat.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • dllservices.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • dllservices2.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • exe_morris.mcdermott.exe
    .exe windows:6 windows x86 arch:x86

    8634a890637b58f527c95218636740c9


    Headers

    Imports

    Sections

  • jjuufksfn.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • kleiman.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • pacbe_bin.txt
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • scvhost900.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • sessionwin.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • svcperf.txt
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • updateanddr.txt
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • updateandr.txt
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • vhajeja.txt
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • word.txt
    .exe windows:10 windows x86 arch:x86

    646167cce332c1c252cdcb1839e0cf48


    Code Sign

    Headers

    Imports

    Sections

  • www.txt
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • xlsd.txt
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections