anchordns | ba18ff142bae31457031ca49e772b10792ad3a5bdead90cb2c1d37e2a6c2fd59

Sharing

Copy URL

Twitter E-mail

General

Target

possible malware.zip
Size

682.3MB
Sample

240413-bfw7nshd58
MD5

ba06cb72b125a0a353b87008d95e86ca
SHA1

9b4d7e2f1087ccbe73012c8237b0609f10576806
SHA256

ba18ff142bae31457031ca49e772b10792ad3a5bdead90cb2c1d37e2a6c2fd59
SHA512

3270783c7b42014ecfa3be771d675cffe75a0ba65cf7d4e0f5e1d61e65a4cee2c6f2e471c0e95ef23799c6a7b2eb7edbca8393d59353f4d6531099dd4def909e
SSDEEP

12582912:Bo4WyWq2xPQ3JjlAd9hpopjS5j/5i7Pdst6n8+fLOzV0fPWc+afxK6kKuq:BoJqJ5Bs9hpop25bvTGLeVJc3xgdq

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://webmail.lax.co.il/owa/auth/Current/Script/jquery-3.5.1.min.js

Extracted

Family

revengerat

Botnet

Guest

voly.ddns.net:88

Mutex

RV_MUTEX-BUPRawrSNddXxdY

Extracted

Family

spynote

voly.ddns.net:1988

Extracted

Family

sandrorat

voly.ddns.net:1962

Extracted

Family

njrat

Version

Hallaj PRO Rat [Fixed]

Botnet

HacKed

voly.ddns.net:81

Mutex

23e6d18d0fa7e25eb8844687c5ca5f5c

Attributes

reg_key
23e6d18d0fa7e25eb8844687c5ca5f5c
splitter
boolLove

Extracted

Family

cobaltstrike

Botnet

http://summerevent.webhop.net:443/safebrowsing/rd/tnOztRgLx1ugKt8uumGcreRFm5CqXD9ge-zzz5sA6WzhC

Attributes

access_type
512
beacon_type
2048
crypto_scheme
256
host
summerevent.webhop.net,/safebrowsing/rd/tnOztRgLx1ugKt8uumGcreRFm5CqXD9ge-zzz5sA6WzhC
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAAIAAAAAgAAAAhQUkVGPUlEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAAIAAAAAgAAABJVPXNSdjg1VUhpakJycldpSHoAAAACAAAACFBSRUY9SUQ9AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
jitter
3840
maxdns
247
polling_time
6600
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDmFvK6fWzx+zTnQqAkZAQv6Eqwme1a80cwMNtrYEJShrKKbgpTy71w5Zd9u7EdBClno3HF9U4/9/tkBRw6PPPRa+W6bgpf97I3/Y0z36I5E/h+UP8h076IkzaWyPHbS1QMOiE6AXC3rCERjgirkn1LKUs+Q+zj0LeN8/QHEq/ZqQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/safebrowsing/rd/r8l4jO3947jVxa5wBhEijGc0y77iX4oFy
user_agent
Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
watermark
0

Extracted

Family

jupyter

Version

DR/1.4

http://45.146.165.219

Extracted

Family

jupyter

Version

DR/1.0

http://45.135.232.131

Targets

- Target
  
  possible malware.zip
- Size
  
  682.3MB
- MD5
  
  ba06cb72b125a0a353b87008d95e86ca
- SHA1
  
  9b4d7e2f1087ccbe73012c8237b0609f10576806
- SHA256
  
  ba18ff142bae31457031ca49e772b10792ad3a5bdead90cb2c1d37e2a6c2fd59
- SHA512
  
  3270783c7b42014ecfa3be771d675cffe75a0ba65cf7d4e0f5e1d61e65a4cee2c6f2e471c0e95ef23799c6a7b2eb7edbca8393d59353f4d6531099dd4def909e
- SSDEEP
  
  12582912:Bo4WyWq2xPQ3JjlAd9hpopjS5j/5i7Pdst6n8+fLOzV0fPWc+afxK6kKuq:BoJqJ5Bs9hpop25bvTGLeVJc3xgdq
Score

1^/10
behavioral1 behavioral2
- Target
  
  Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/3cb052a7da6cda9609c32b5bafa11b76c2bb0f74b61277fecf464d3c0baeac0e
- Size
  
  6KB
- MD5
  
  4bc98571bdf2cebf34eac03032f7bcd2
- SHA1
  
  f7adfab4af32b34dbe41096ef710058ef1a8a08b
- SHA256
  
  3cb052a7da6cda9609c32b5bafa11b76c2bb0f74b61277fecf464d3c0baeac0e
- SHA512
  
  cca41e8391fd9d81ebed9b565d16f33a1b6c2a382ecc87f183567e3cc2bc8b99d36be7d57167ef91e58a6e5c8bf0370146dc7509449e9b1a20e1767f86bdcae9
- SSDEEP
  
  192:aEMHRXN68oMrdwtpEPCQYZ5A8X7/Agl/H9:NLHYdIKPy1
Score

1^/10
behavioral3 behavioral4
- Target
  
  Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/README.md
- Size
  
  47B
- MD5
  
  1a520aff858573e768ad77c5f61d4c25
- SHA1
  
  88332c9edbd3561307f79f79a4c22414fdc1f369
- SHA256
  
  66cd4b7d78465c16e710e3b8720f0700f2bb557d9feebce07033406b77bb942d
- SHA512
  
  79a15c238b518a9903a8a7c070c9632298f81d2c85898c8f6c637bfabfd44abb513d68e6ba061f9ad102123ff951b85cb44d369723507f9193d02ae6c321fc69
Score

3^/10
behavioral5 behavioral6
- Target
  
  Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/9f9027b5db5c408ee43ef2a7c7dd1aecbdb244ef6b16d9aafb599e8c40368967
- Size
  
  664KB
- MD5
  
  7a1288c7be386c99fad964dbd068964f
- SHA1
  
  c880daabaca11dde198b6340e4430401d0bfef10
- SHA256
  
  9f9027b5db5c408ee43ef2a7c7dd1aecbdb244ef6b16d9aafb599e8c40368967
- SHA512
  
  2d52f6e974fad85b9c0cf588ce6a8a62bb37db7a2c8aff8138d9d740f2ae8844267c9052ed3a25c65335e948bed8bf449d0815b0f7e372872d49270dd60ad027
- SSDEEP
  
  3072:JO5bNMC3dfsftuxvwgZcSwi4Q5grRsTs/75xuVYj629H8BrjqUgxASoOamv6337C:JO5bNMCKtuJvcPRKHCRQqukNy337BAZ
Score

1^/10
behavioral7 behavioral8
- Target
  
  Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/README.md
- Size
  
  72B
- MD5
  
  0527842fbf758cbe02a4d1417250a3d3
- SHA1
  
  33ec0d879781a26c800b823d13b6dcd228900be1
- SHA256
  
  0c8668604e05ae2e1d1d369ae5992f61a0f625e0714730b10b1e13e849f699ca
- SHA512
  
  b9d49bb1af83ec183eb32e37bad6eafc0726003fff8fa6788a06bf9bbdd16e08e461f90aa063a3e59d08208beedf893750e10fcd1aaa8f77cfacf38a080c53a4
Score

3^/10
behavioral10 behavioral9
- Target
  
  Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/ad8d379a4431cabd079a1c34add903451e11f06652fe28d3f3edb6c469c43893
- Size
  
  517KB
- MD5
  
  5b80cbbdcb697c0b8ec26e6cf0ff305c
- SHA1
  
  f26323676b7ed39590ddfedd344b0cf605393598
- SHA256
  
  ad8d379a4431cabd079a1c34add903451e11f06652fe28d3f3edb6c469c43893
- SHA512
  
  edd515fc321f7af19241c88860d069d4fb3fe112e39e9752fbfe1a4c90b7deb32d74bfb4d5719f84248bf1932744a59ccda6cea010ff22b5d63c41a9cc292ca9
- SSDEEP
  
  3072:AEe+n+jGECbFXc7tt8PWmMFqHGnxnMx/nbUArHxWNyEAWPRhNa:AEfT27MPWumxM+7N/AwM
Score

1^/10
behavioral11 behavioral12
- Target
  
  Malware-Feed-master/2020.08.03_CISA-Chinese_RAT_TAIDOOR/0d0ccfe7cd476e2e2498b854cef2e6f959df817e52924b3a8bcdae7a8faaa686
- Size
  
  179KB
- MD5
  
  6627918d989bd7d15ef0724362b67edd
- SHA1
  
  21e29034538bb4e3bc922149ef4312b90b6b4ea3
- SHA256
  
  0d0ccfe7cd476e2e2498b854cef2e6f959df817e52924b3a8bcdae7a8faaa686
- SHA512
  
  83ee751b15d8fd8477b8ecf8d33a4faf30b75aceb90c0e58ebf9dbbfc1d354f7e772f126b8462fd5897a4015a6f5e324d34900ff7319e8cc791fb239ca603ddc
- SSDEEP
  
  3072:7PR4kaQOrd41zdruwiAyr/Ta1XxKH3zVrWvcfWslmOLdXFKY8SIMjUPpF5:3aQLgwiAyr/TiXxMsvcrxbnjUPP5
Score

1^/10
behavioral13 behavioral14
- Target
  
  Malware-Feed-master/2020.08.03_CISA-Chinese_RAT_TAIDOOR/363ea096a3f6d06d56dc97ff1618607d462f366139df70c88310bbf77b9f9f90
- Size
  
  154KB
- MD5
  
  8cf683b7d181591b91e145985f32664c
- SHA1
  
  f0a20aaf4d2598be043469b69075c00236b7a89a
- SHA256
  
  363ea096a3f6d06d56dc97ff1618607d462f366139df70c88310bbf77b9f9f90
- SHA512
  
  b75401d591caee812c5c1a669ce03c47f78f1c40a2fa31cf58a0318ffbfc032b82cb1b6d2a599ce1b3547be5a404f55212156640b095f895a9aac3c58ec4bad8
- SSDEEP
  
  3072:fRxYk0d5+6/kdGyfitoxNsUZE2XZ+4Duz6fCKmjjwF5PaT:JqkoiGiZxE4qRKqgIT
Score

1^/10
behavioral15 behavioral16
- Target
  
  Malware-Feed-master/2020.08.03_CISA-Chinese_RAT_TAIDOOR/README.md
- Size
  
  57B
- MD5
  
  df252a327feefa31802dc9f84a688bf0
- SHA1
  
  b093b9b797144a73472fb76604207f184211f487
- SHA256
  
  664146b80800229b268722d618ac4ddcef9bd4a29715e3b7ddd36a21a0012500
- SHA512
  
  5e09a77ba50edfd011fe2a9a274393bccebc878342b3cb0ccf00526146394695f674cca37a966777b053e6f47854d4178cc762f80a846ede631dbef424158811
Score

3^/10
behavioral17 behavioral18
- Target
  
  Malware-Feed-master/2020.08.19_CISA-North_Korean_RAT_BLINDINGCAN/README.md
- Size
  
  57B
- MD5
  
  0272f462b25073e0228d87c39ed15eb3
- SHA1
  
  8c3de1da5c8660f872dff926a8784f2fa651eda4
- SHA256
  
  80eaf28ff86838e322a4413f90c055151615a42fd0ad4d665201271684b9c06c
- SHA512
  
  2a12b4fc21ad5eb65c75df83918b30f5028f10bd688a36a850b67a1cef76de3dac65177124e920ed8085f930173dfc414c773332dead677dda98e64efe33cb9d
Score

3^/10
behavioral19 behavioral20
- Target
  
  Malware-Feed-master/2020.08.26_CISA-MAR-10301706_North_Korean_RAT_VIVACIOUSGIFT/README.md
- Size
  
  57B
- MD5
  
  79f3d3ec95c1681b30a289d47fe9bf82
- SHA1
  
  5e056ef6753dce87b18f63887c3a93edc982b8cd
- SHA256
  
  cf902e98385501c66693e066020c9cd5e8f0fcde375e2821d1b2658ecec7dfc1
- SHA512
  
  38a8ccc55d8c7badafd36899b6302724039ee3a17f387ebe0aa29a86ac30215d60e0af8fbb88965e68551853b5a41a454166f95df066ea53b5ed2b8bd83cf2cc
Score

3^/10
behavioral21 behavioral22
- Target
  
  Malware-Feed-master/2020.08.26_CISA-North_Korean_RAT_ECCENTRICBANDWAGON/README.md
- Size
  
  57B
- MD5
  
  0d103d48c25db669e6c2a60c6d00f755
- SHA1
  
  59b102919b1f1e2170cbe1e01133f5bb3eb85e75
- SHA256
  
  02f4920a8920ce63f81794307420430419349050d34b304c5168cbba41138ae6
- SHA512
  
  7eb68c452c152de06f117eac85bbb18e675867eae515559628de285ca1bb646bd9a7c2b9306ab2bda42792a3364a72fb2ceed3b6bcc13cc386f16e15edd2e191
Score

3^/10
behavioral23 behavioral24
- Target
  
  Malware-Feed-master/2020.08.26_CISA-North_Korean_RAT_FASTCASH/README.md
- Size
  
  57B
- MD5
  
  458d11e645eeffee92af828d0414b416
- SHA1
  
  a14b228cc590da99273e94b726be87656023e1a4
- SHA256
  
  c84b6395bd4039e696a5f809e26812630a4b3a69e34e17d7dba6d32bbdf2f95d
- SHA512
  
  2a1fa4833893f2c340f7f9f07569c8258af699254e44de4e57572a649cfc0d3cd7bae5f5af447b24690f19b6c4a53ffc0fb53b8cd736cbf036dd37bf7c28da11
Score

3^/10
behavioral25 behavioral26
- Target
  
  Malware-Feed-master/2020.09.15_CISA-MAR-10297887_Iranian_Web_Shells/4a1fc30ffeee48f213e256fa7bff77d8abd8acd81e3b2eb3b9c40bd3e2b04756
- Size
  
  57B
- MD5
  
  fd6c1e1fbe93a6c1ae97da3ddc3a381f
- SHA1
  
  a5225159267538863f8625050de94d880d54d2d4
- SHA256
  
  4a1fc30ffeee48f213e256fa7bff77d8abd8acd81e3b2eb3b9c40bd3e2b04756
- SHA512
  
  ea392b3dd9c323ae5e41d68394a56bb13914e9311f2d98648c9b5560af3bb9f85b4ac4d5a947bce5658fa230b3902fb574e5247c626643150dd8b6087f782ec1
Score

1^/10
behavioral27 behavioral28
- Target
  
  Malware-Feed-master/2020.09.15_CISA-MAR-10297887_Iranian_Web_Shells/51e9cadeab1b33260c4ccb2c63f5860a77dd58541d7fb0840ad52d0a1abedd21
- Size
  
  585B
- MD5
  
  b3b1dea400464ab5dd55e44766357957
- SHA1
  
  507a04d3faed99cee089da042913d63f1813fc2a
- SHA256
  
  51e9cadeab1b33260c4ccb2c63f5860a77dd58541d7fb0840ad52d0a1abedd21
- SHA512
  
  f7c21a4171942edd7e0d4ab7c0b3a3a1666a3dbbed14da6af4ae3c41c7607301c0c3bc83782e22c47fe40b5297a9c1374d645d04ce3b22cebf5a54d2d92ed5bb
Score

1^/10
behavioral29 behavioral30
- Target
  
  Malware-Feed-master/2020.09.15_CISA-MAR-10297887_Iranian_Web_Shells/547440bd037a149ac7ac58bc5aaa65d079537e7a87dc93bb92edf0de7648761c
- Size
  
  28B
- MD5
  
  e11f9350ced37173d1e957ffe7d659b9
- SHA1
  
  ec6d63fd5695c470bc3daea500b270eca85e81f4
- SHA256
  
  547440bd037a149ac7ac58bc5aaa65d079537e7a87dc93bb92edf0de7648761c
- SHA512
  
  ecd2ae19d5b3264821a1d88a265973b32724d2fc85b4225a23d4bc0c1aad6e8280a78de1f9024a19461a1c1b9209222eb51cb57f980c11a862eb78c82d29a7e1
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32