Overview
overview
10Static
static
3ddos-reaper (2).7z
windows7-x64
10ddos-reaper (2).7z
windows10-2004-x64
10ddos-reape...-0.dll
windows10-2004-x64
1ddos-reape...-0.dll
windows10-2004-x64
1ddos-reape...er.exe
windows7-x64
10ddos-reape...er.exe
windows10-2004-x64
10ddos-reape...rs.txt
windows7-x64
1ddos-reape...rs.txt
windows10-2004-x64
1General
-
Target
ddos-reaper (2).zip
-
Size
1.2MB
-
Sample
240325-fa3jqabb4v
-
MD5
359d6a3b91cafd2e9409d32b50e69feb
-
SHA1
401c0df087cd72461751b80f9800d22e5b2c5fe0
-
SHA256
933a3b090613a423aa7f9486e5a779f57a967776d8b154a40c078e2bff33f526
-
SHA512
ad6d54221e1b857b564be496cac3320bd30d197b87d5e3f6f9c24138f154bf051d178631417cd1726f9340d9b91ced19c159bf8f665defb9d77e2f155fd012bc
-
SSDEEP
24576:kS7p30yyt8cDQsemqxQkqOsnfY5uIXVzZxJwqlJWcoaQm:kS7p30y87DQCHi55VzZAqlJWhg
Static task
static1
Behavioral task
behavioral1
Sample
ddos-reaper (2).7z
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
ddos-reaper (2).7z
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
ddos-reaper/api-ms-win-crt-string-l1-1-0.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
ddos-reaper/api-ms-win-crt-utility-l1-1-0.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
ddos-reaper/ddos-reaper.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
ddos-reaper/ddos-reaper.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
ddos-reaper/headers.txt
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
ddos-reaper/headers.txt
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
ddos-reaper (2).zip
-
Size
1.2MB
-
MD5
359d6a3b91cafd2e9409d32b50e69feb
-
SHA1
401c0df087cd72461751b80f9800d22e5b2c5fe0
-
SHA256
933a3b090613a423aa7f9486e5a779f57a967776d8b154a40c078e2bff33f526
-
SHA512
ad6d54221e1b857b564be496cac3320bd30d197b87d5e3f6f9c24138f154bf051d178631417cd1726f9340d9b91ced19c159bf8f665defb9d77e2f155fd012bc
-
SSDEEP
24576:kS7p30yyt8cDQsemqxQkqOsnfY5uIXVzZxJwqlJWcoaQm:kS7p30y87DQCHi55VzZAqlJWhg
Score10/10-
Panda Stealer payload
-
PhoenixStealer
PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
ddos-reaper/api-ms-win-crt-string-l1-1-0.dll
-
Size
17KB
-
MD5
f816666e3fc087cd24828943cb15f260
-
SHA1
eae814c9c41e3d333f43890ed7dafa3575e4c50e
-
SHA256
45e0835b1d3b446fe2c347bd87922c53cfb6dd826499e19a1d977bf4c11b0e4a
-
SHA512
6860abe8ab5220efb88f68b80e6c6e95fe35b4029f46b59bc467e3850fe671bda1c7c1c7b035b287bdfed5daeac879ee481d35330b153ea7ef2532970f62c581
-
SSDEEP
384:NFvU4x0C5yguNvZ5VQgx3SbwA7yMVIkFGl/WYhW49PBolniMcx:T5yguNvZ5VQgx3SbwA71IkFwNJT
Score1/10 -
-
-
Target
ddos-reaper/api-ms-win-crt-utility-l1-1-0.dll
-
Size
11KB
-
MD5
6f1a1dfb2761228ccc7d07b8b190054c
-
SHA1
117d66360c84a0088626e22d8b3b4b685cb70d56
-
SHA256
c81c4bba4e5f205359ad145963f6fbd074879047c66569f52b6d66711108e1ed
-
SHA512
480b4f9179d5da56010fa90e1937fe3a232f2f8682596c16eeaed08f57cf8cffeaa506060429501764f695cb6c5b3e56b0037de948c4d0e3933f022a0b4103d2
-
SSDEEP
192:GI6fHQduPWYhWcWWFYg7VWQ4yWpbdsQlmqnajlDPD:2f5WYhW8Kd6l9L
Score1/10 -
-
-
Target
ddos-reaper/ddos-reaper.exe
-
Size
1.2MB
-
MD5
dd20876bf25544aa55e0c3725103c666
-
SHA1
d00d689de9f35159188935d3bd93677c807ed655
-
SHA256
33e5d605c1c13a995d4a2d7cb9dca9facda4c97c1c7b41dc349cc756bfc0bd67
-
SHA512
8e88e8777717d203065144ce594e18f86048c83c83d06ef06f0255f42c0de1bfdb1da2faad2bb39da52a652eb4267af79a84d2822afb6e5e31e27899b70ab9fc
-
SSDEEP
24576:D8Ic2Byst8cLgkzOqxJk9fsngYLkIZfYK/cRgOnmq9g6PzAew:D8Ic2ByG7LgNIhL9fzcOU7m6g
Score10/10-
Panda Stealer payload
-
PhoenixStealer
PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.
-
Suspicious use of SetThreadContext
-
-
-
Target
ddos-reaper/headers.txt
-
Size
226B
-
MD5
d96df362a721b7f2e5069f282231d008
-
SHA1
66506f444bcf6a3b0ab1d790598e64997f56a349
-
SHA256
8b834227d25fd9777362c074d3184c480f3ca1c51ac287c84097bb90ff1b9346
-
SHA512
121de04f3f8b4e34046e780605303508948e381e909b6cda5bc8cad61859ffc5ea0a82e700c3550b35aff88bcad699ab9c3266c1b4bb4daff36ff5bef11e302b
Score1/10 -