General

  • Target

    ddos-reaper (2).zip

  • Size

    1.2MB

  • Sample

    240325-fa3jqabb4v

  • MD5

    359d6a3b91cafd2e9409d32b50e69feb

  • SHA1

    401c0df087cd72461751b80f9800d22e5b2c5fe0

  • SHA256

    933a3b090613a423aa7f9486e5a779f57a967776d8b154a40c078e2bff33f526

  • SHA512

    ad6d54221e1b857b564be496cac3320bd30d197b87d5e3f6f9c24138f154bf051d178631417cd1726f9340d9b91ced19c159bf8f665defb9d77e2f155fd012bc

  • SSDEEP

    24576:kS7p30yyt8cDQsemqxQkqOsnfY5uIXVzZxJwqlJWcoaQm:kS7p30y87DQCHi55VzZAqlJWhg

Malware Config

Targets

    • Target

      ddos-reaper (2).zip

    • Size

      1.2MB

    • MD5

      359d6a3b91cafd2e9409d32b50e69feb

    • SHA1

      401c0df087cd72461751b80f9800d22e5b2c5fe0

    • SHA256

      933a3b090613a423aa7f9486e5a779f57a967776d8b154a40c078e2bff33f526

    • SHA512

      ad6d54221e1b857b564be496cac3320bd30d197b87d5e3f6f9c24138f154bf051d178631417cd1726f9340d9b91ced19c159bf8f665defb9d77e2f155fd012bc

    • SSDEEP

      24576:kS7p30yyt8cDQsemqxQkqOsnfY5uIXVzZxJwqlJWcoaQm:kS7p30y87DQCHi55VzZAqlJWhg

    • Panda Stealer payload

    • PandaStealer

      Panda Stealer is a fork of CollectorProject Stealer written in C++.

    • PhoenixStealer

      PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      ddos-reaper/api-ms-win-crt-string-l1-1-0.dll

    • Size

      17KB

    • MD5

      f816666e3fc087cd24828943cb15f260

    • SHA1

      eae814c9c41e3d333f43890ed7dafa3575e4c50e

    • SHA256

      45e0835b1d3b446fe2c347bd87922c53cfb6dd826499e19a1d977bf4c11b0e4a

    • SHA512

      6860abe8ab5220efb88f68b80e6c6e95fe35b4029f46b59bc467e3850fe671bda1c7c1c7b035b287bdfed5daeac879ee481d35330b153ea7ef2532970f62c581

    • SSDEEP

      384:NFvU4x0C5yguNvZ5VQgx3SbwA7yMVIkFGl/WYhW49PBolniMcx:T5yguNvZ5VQgx3SbwA71IkFwNJT

    Score
    1/10
    • Target

      ddos-reaper/api-ms-win-crt-utility-l1-1-0.dll

    • Size

      11KB

    • MD5

      6f1a1dfb2761228ccc7d07b8b190054c

    • SHA1

      117d66360c84a0088626e22d8b3b4b685cb70d56

    • SHA256

      c81c4bba4e5f205359ad145963f6fbd074879047c66569f52b6d66711108e1ed

    • SHA512

      480b4f9179d5da56010fa90e1937fe3a232f2f8682596c16eeaed08f57cf8cffeaa506060429501764f695cb6c5b3e56b0037de948c4d0e3933f022a0b4103d2

    • SSDEEP

      192:GI6fHQduPWYhWcWWFYg7VWQ4yWpbdsQlmqnajlDPD:2f5WYhW8Kd6l9L

    Score
    1/10
    • Target

      ddos-reaper/ddos-reaper.exe

    • Size

      1.2MB

    • MD5

      dd20876bf25544aa55e0c3725103c666

    • SHA1

      d00d689de9f35159188935d3bd93677c807ed655

    • SHA256

      33e5d605c1c13a995d4a2d7cb9dca9facda4c97c1c7b41dc349cc756bfc0bd67

    • SHA512

      8e88e8777717d203065144ce594e18f86048c83c83d06ef06f0255f42c0de1bfdb1da2faad2bb39da52a652eb4267af79a84d2822afb6e5e31e27899b70ab9fc

    • SSDEEP

      24576:D8Ic2Byst8cLgkzOqxJk9fsngYLkIZfYK/cRgOnmq9g6PzAew:D8Ic2ByG7LgNIhL9fzcOU7m6g

    • Panda Stealer payload

    • PandaStealer

      Panda Stealer is a fork of CollectorProject Stealer written in C++.

    • PhoenixStealer

      PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.

    • Suspicious use of SetThreadContext

    • Target

      ddos-reaper/headers.txt

    • Size

      226B

    • MD5

      d96df362a721b7f2e5069f282231d008

    • SHA1

      66506f444bcf6a3b0ab1d790598e64997f56a349

    • SHA256

      8b834227d25fd9777362c074d3184c480f3ca1c51ac287c84097bb90ff1b9346

    • SHA512

      121de04f3f8b4e34046e780605303508948e381e909b6cda5bc8cad61859ffc5ea0a82e700c3550b35aff88bcad699ab9c3266c1b4bb4daff36ff5bef11e302b

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks