Overview

overview

10

Static

static

10

ALL.ps1

windows7-x64

8

ALL.ps1

windows10-2004-x64

8

ALL_2542.vbs

windows7-x64

1

ALL_2542.vbs

windows10-2004-x64

1

ALL_LLLLLL...90.vbs

windows7-x64

1

ALL_LLLLLL...90.vbs

windows10-2004-x64

1

ALL_jjnb.vbs

windows7-x64

1

ALL_jjnb.vbs

windows10-2004-x64

1

ALL_kkkkkk...kk.vbs

windows7-x64

1

ALL_kkkkkk...kk.vbs

windows10-2004-x64

1

ALL_steale...89.vbs

windows7-x64

1

ALL_steale...89.vbs

windows10-2004-x64

1

Server.ps1

windows7-x64

10

Server.ps1

windows10-2004-x64

10

Server_1faa.ps1

windows7-x64

1

Server_1faa.ps1

windows10-2004-x64

10

Server_77251.ps1

windows7-x64

1

Server_77251.ps1

windows10-2004-x64

10

Server_LLL...78.ps1

windows7-x64

1

Server_LLL...78.ps1

windows10-2004-x64

10

Server_asnn.ps1

windows7-x64

1

Server_asnn.ps1

windows10-2004-x64

10

Server_lkmm.ps1

windows7-x64

1

Server_lkmm.ps1

windows10-2004-x64

10

Server_lol123.ps1

windows7-x64

1

Server_lol123.ps1

windows10-2004-x64

10

Server_lol_123.ps1

windows7-x64

1

Server_lol_123.ps1

windows10-2004-x64

10

Server_lol...80.ps1

windows7-x64

1

Server_lol...80.ps1

windows10-2004-x64

10

Server_ste...67.ps1

windows7-x64

1

Server_ste...67.ps1

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dfe21baea2a1898113da529289fb1b29

  • Size

    3.1MB

  • MD5

    dfe21baea2a1898113da529289fb1b29

  • SHA1

    c70700683d67f169d208c245e7c77f3e9e0ef24f

  • SHA256

    6f35ab9d6aed8b8df1754149da79be5cdadae7b5366e8f2be46d9370f7e920c0

  • SHA512

    974190730bf2b3d68728ab24ce3798bc6a174e83bf9ef7faed7e746c10803a20801337e4d687c54f21df82f79d3fd208d8bfdf0ea3262eb9de593e387ce93bef

  • SSDEEP

    98304:1N/rg6gL9U8iiQ1NOIo9aHg0UerlpZibnEgHf8pdF:jGL9UPV1gvaHCeZgnEg/u

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://ia801503.us.archive.org/18/items/cmd_20210302/CMD.TXT
exe.dropper

https://ia801508.us.archive.org/11/items/server_20210419_0848/Server.txt

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://ia601409.us.archive.org/31/items/SNEPSE/SNEPSE.txt
exe.dropper

https://ia601508.us.archive.org/11/items/vbs_startup_update/vbs_startup_update.txt

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://ia601503.us.archive.org/13/items/startup_20210219/Startup.txt
exe.dropper

https://ia601408.us.archive.org/2/items/server_20210224/Server.txt

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://ia601408.us.archive.org/18/items/server_20210428_0903/Server.txt
exe.dropper

https://ia801402.us.archive.org/6/items/bat_20210331/bat.txt

Extracted

Language
ps1
Source
URLs
exe.dropper

https://onedriveupdate.net/Def/GoogleUpdate.bat
exe.dropper

https://archive.org/download/cc1_20210403/cc1.txt
exe.dropper

https://onedriveupdate.net/Defender/Microsoft.png
exe.dropper

https://onedriveupdate.net/Def/all.bat
exe.dropper

https://onedriveupdate.net/Def/all.txt.lnk

Extracted

Language
ps1
Source
URLs
exe.dropper

https://archive.org/download/bat_20210322/bat.txt
exe.dropper

https://archive.org/download/ch1_20210330/ch1.txt
exe.dropper

https://archive.org/download/google-update.txt/GoogleUpdate.txt.lnk
exe.dropper

https://archive.org/download/startdefender/startdefender.txt
exe.dropper

https://archive.org/download/codeali/codeali.txt

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://ia801400.us.archive.org/0/items/bat02/bat02.txt
exe.dropper

https://ia601505.us.archive.org/10/items/server_20210407_0725/Server.txt

Signatures

Files

  • dfe21baea2a1898113da529289fb1b29
    .zip
  • ALL.txt
    .ps1
  • ALL_2542.txt
    .vbs
  • ALL_LLLLLLLLLLLLLLLLLLLOOOOOOOOOOOOOOOLLLLLLLLLLLLLLLL_34567890.txt
    .vbs
  • ALL_jjnb.txt
    .vbs
  • ALL_kkkkkkkkkkkkooooooooookkkkkkkkkkkkkkk.txt
    .vbs
  • ALL_lol123.TXT
  • ALL_stealer_newww_23435656787989.txt
    .vbs
  • ALL_tai123.TXT
  • Clean_LLLLLLLLL_45678904356787.txt
    .html .vbs polyglot
  • Clean_lol123.txt
    .html .vbs polyglot
  • Clean_tai_lol_123.txt
    .html .vbs polyglot
  • ENC_STEALER_NEWWWWWWW43567543567.txt
    .html .vbs polyglot
  • Encoding.txt
    .html .vbs polyglot
  • Server.txt
    .ps1
  • Server_1faa.txt
    .ps1
  • Server_77251.txt
    .ps1
  • Server_LLLLLLLLLLLLLOOOOOOOOOOOOOOOLLLLLLLLLLLLLLL_45675435465678.txt
    .ps1
  • Server_asnn.txt
    .ps1
  • Server_lkmm.txt
    .ps1
  • Server_lol123.txt
    .ps1
  • Server_lol_123.txt
    .ps1
  • Server_lolllllllllllllllllll_kkkkkkkkkookkkkkkkkkkk_2345678980.txt
    .ps1
  • Server_stealer_newwwwwww_345675743567.txt
    .ps1
  • Serverne.txt
    .ps1
  • XOENSA_PE.TXT
    .ps1
  • all_20210224_ALL.txt
    .ps1
  • asyncRAT_stealer_all_32456789.txt
    .vbs
  • bypass.txt
    .ps1
  • bypass1sd.TXT
    .vbs
  • bypass_98778.TXT
    .vbs
  • bypass_gshh.TXT
    .vbs
  • bypass_xca.TXT
    .vbs
  • cc1.txt
    .ps1
  • cc2.txt
    .ps1
  • ch2.txt
    .ps1
  • ch3.txt
    .html .vbs polyglot
  • pervey.txt
  • server_20210224_Server.txt
    .ps1
  • server_20210407_0725_ALL.TXT
    .ps1
  • startup.txt
    .html .vbs polyglot
  • vceo.txt
    .vbs