Overview
overview
10Static
static
100490e8427a...c7.elf
ubuntu-18.04-amd64
0490e8427a...c7.elf
debian-9-armhf
0490e8427a...c7.elf
debian-9-mips
0490e8427a...c7.elf
debian-9-mipsel
068428a4ac...26.exe
windows7-x64
1068428a4ac...26.exe
windows10-2004-x64
8087421ac22...94.elf
debian-9-mipsel
100c4791a6b4...ea.elf
debian-12-armhf
10d9bd2ae2e...ea.exe
windows7-x64
70d9bd2ae2e...ea.exe
windows10-2004-x64
70fa00d4f4f...70.dll
windows7-x64
10fa00d4f4f...70.dll
windows10-2004-x64
110de02fec8...d1.bat
windows7-x64
110de02fec8...d1.bat
windows10-2004-x64
81157191701...32.exe
windows7-x64
71157191701...32.exe
windows10-2004-x64
1016e81343ec...a5.exe
windows7-x64
716e81343ec...a5.exe
windows10-2004-x64
717691f0962...b7.elf
debian-12-mipsel
617c24104e8...12.exe
windows7-x64
317c24104e8...12.exe
windows10-2004-x64
31816cd993d...28.exe
windows7-x64
71816cd993d...28.exe
windows10-2004-x64
71b8cda768b...8a.elf
debian-12-armhf
11df6acbc11...b7.elf
ubuntu-18.04-amd64
1df6acbc11...b7.elf
debian-9-armhf
1df6acbc11...b7.elf
debian-9-mips
1df6acbc11...b7.elf
debian-9-mipsel
1e7706ed04...b0.elf
ubuntu-18.04-amd64
1e7706ed04...b0.elf
debian-9-armhf
1e7706ed04...b0.elf
debian-9-mips
1e7706ed04...b0.elf
debian-9-mipsel
General
-
Target
7d69e0d82e74059115486fae5dd5ac6463c7fccd91dbbcaa9587117c7d201ddb
-
Size
289.5MB
-
Sample
240422-1xtwbagh68
-
MD5
405394c381ca2000e01428e79d03cecb
-
SHA1
cb41f1d9e06c1b783378a43486c7d997a3635b68
-
SHA256
7d69e0d82e74059115486fae5dd5ac6463c7fccd91dbbcaa9587117c7d201ddb
-
SHA512
40266c79a3d2c010882cfc4b237c6d27989dc385fd23d8bafe89e4ff329a181fed4ba44dac91187ffd2698d51af44454917e901375aa0dc87624ec956f12f80d
-
SSDEEP
6291456:BN08aneiYsmfO6eRtz+WmPn4auzQgHDXuDFHVfuc1Fyn6RQuj3jN31S:j08aneo2eTTI2NHDXuDjxPyn6zj3jN3M
Static task
static1
Behavioral task
behavioral1
Sample
0490e8427ac66951389e11dbd990c19cb1ee43102c33935b12db6a4eca7717c7.elf
Resource
ubuntu1804-amd64-20240226-en
Behavioral task
behavioral2
Sample
0490e8427ac66951389e11dbd990c19cb1ee43102c33935b12db6a4eca7717c7.elf
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral3
Sample
0490e8427ac66951389e11dbd990c19cb1ee43102c33935b12db6a4eca7717c7.elf
Resource
debian9-mipsbe-20240226-en
Behavioral task
behavioral4
Sample
0490e8427ac66951389e11dbd990c19cb1ee43102c33935b12db6a4eca7717c7.elf
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral5
Sample
068428a4acb65807251b3b4c0aee2101519fdaebf6db5376863da5add3471f26.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
068428a4acb65807251b3b4c0aee2101519fdaebf6db5376863da5add3471f26.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
087421ac222e935579dfd3b7a5120451fd9d9a663d3d1872c04b6154b238c894.elf
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral8
Sample
0c4791a6b47491a0c43cea0ba54357e391a3c8b23aa28025489bbe43bb9ea6ea.elf
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral9
Sample
0d9bd2ae2e4b023047b6c08684e9e5daae76e31cced4c3fdf4640136245f7eea.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
0d9bd2ae2e4b023047b6c08684e9e5daae76e31cced4c3fdf4640136245f7eea.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral11
Sample
0fa00d4f4f8e8449883aef7f0459a0fb754d57d55af2b41f5e445f867000fa70.dll
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
0fa00d4f4f8e8449883aef7f0459a0fb754d57d55af2b41f5e445f867000fa70.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral13
Sample
10de02fec8ac3edbf1398e6dd43ddec95a89e0499e1e865a7d9e5289fb2b31d1.bat
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
10de02fec8ac3edbf1398e6dd43ddec95a89e0499e1e865a7d9e5289fb2b31d1.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
11571917015adbf3b5196509e1082c8d415f011cce88bd8b16e9d9c5a39ac432.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
11571917015adbf3b5196509e1082c8d415f011cce88bd8b16e9d9c5a39ac432.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral17
Sample
16e81343ecea6082d76bf1ab26818c3bf56929c92468fae8837c6384b62d05a5.exe
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
16e81343ecea6082d76bf1ab26818c3bf56929c92468fae8837c6384b62d05a5.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral19
Sample
17691f0962027e7110f727ae997f8af5885dd783674d1db023d467ec478515b7.elf
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral20
Sample
17c24104e8e5350eeb7e2a162dec3f6a4d6c70f3f0849e6346fd383d998dcc12.exe
Resource
win7-20240221-en
Behavioral task
behavioral21
Sample
17c24104e8e5350eeb7e2a162dec3f6a4d6c70f3f0849e6346fd383d998dcc12.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral22
Sample
1816cd993ddda970b791b090e6ecb501ef923bdcc0cc5f4a99e18dcdb7093228.exe
Resource
win7-20240221-en
Behavioral task
behavioral23
Sample
1816cd993ddda970b791b090e6ecb501ef923bdcc0cc5f4a99e18dcdb7093228.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral24
Sample
1b8cda768ba75d723b2b0b34cf955f7ec9469b4e33c6fde6494eefd60a139d8a.elf
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral25
Sample
1df6acbc1106e17265fde3ab54b2a83fa8f6f39656d7c55481b2dbd66f1114b7.elf
Resource
ubuntu1804-amd64-20240226-en
Behavioral task
behavioral26
Sample
1df6acbc1106e17265fde3ab54b2a83fa8f6f39656d7c55481b2dbd66f1114b7.elf
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral27
Sample
1df6acbc1106e17265fde3ab54b2a83fa8f6f39656d7c55481b2dbd66f1114b7.elf
Resource
debian9-mipsbe-20240226-en
Behavioral task
behavioral28
Sample
1df6acbc1106e17265fde3ab54b2a83fa8f6f39656d7c55481b2dbd66f1114b7.elf
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral29
Sample
1e7706ed0492572474cd866f13778cc66c42b614b3d0b1d9af35727c051a50b0.elf
Resource
ubuntu1804-amd64-20240226-en
Behavioral task
behavioral30
Sample
1e7706ed0492572474cd866f13778cc66c42b614b3d0b1d9af35727c051a50b0.elf
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral31
Sample
1e7706ed0492572474cd866f13778cc66c42b614b3d0b1d9af35727c051a50b0.elf
Resource
debian9-mipsbe-20240226-en
Behavioral task
behavioral32
Sample
1e7706ed0492572474cd866f13778cc66c42b614b3d0b1d9af35727c051a50b0.elf
Resource
debian9-mipsel-20240226-en
Malware Config
Extracted
gafgyt
94.156.64.4:42516
Extracted
mirai
SORA
Extracted
mirai
MIRAI
Extracted
blacknet
HacKed
http://botnetera.pagekite.me/
BN[pjClIrDI-2470224]
-
antivm
true
-
elevate_uac
true
-
install_name
WindowsUpdate.exe
-
splitter
|BN|
-
start_name
35dcbc7eb742dd4f1edfbccf7826c724
-
startup
false
-
usb_spread
false
Extracted
mirai
MIRAI
Extracted
xworm
involved-hurt.gl.at.ply.gg:35238
-
Install_directory
%LocalAppData%
-
install_file
WindowsHealthSystem.exe
Extracted
redline
cheat
0.tcp.eu.ngrok.io:18950
Extracted
mirai
hoiiaz.iaz.coby
Extracted
redline
tg
163.5.112.53:51523
Extracted
stealc
http://185.216.70.109
-
url_path
/eb488f9cb9d466ca.php
Extracted
mirai
SORA
Extracted
mirai
MIRAI
client.orxy.space
Extracted
mirai
MIRAI
Extracted
lumma
https://interferencesandyshiw.shop/api
https://cleartotalfisherwo.shop/api
https://worryfillvolcawoi.shop/api
https://enthusiasimtitleow.shop/api
https://dismissalcylinderhostw.shop/api
https://affordcharmcropwo.shop/api
https://diskretainvigorousiw.shop/api
https://communicationgenerwo.shop/api
https://pillowbrocccolipe.shop/api
Extracted
mirai
SORA
Targets
-
-
Target
0490e8427ac66951389e11dbd990c19cb1ee43102c33935b12db6a4eca7717c7.elf
-
Size
115KB
-
MD5
864bda0dc36b639210f886e6968394b7
-
SHA1
6e5d6d3cfeae7f5b0cb4987ea35fbfc4ea100527
-
SHA256
0490e8427ac66951389e11dbd990c19cb1ee43102c33935b12db6a4eca7717c7
-
SHA512
37cfcf70855ad24970cd76e911d39ddd788090f1e0bb8815b8d41af00b38dd66e6bcd57ab3102cac3a2e896c135ea7a9f3b1ed50839373056b3037261d80a87b
-
SSDEEP
3072:6oLEcVdOAnowHfbEqyas7J3UPwenmvI0PDGnSQNER:6oLEcPOAnowLyaoJ3ajnmvI0PDGnSQNM
Score1/10 -
-
-
Target
068428a4acb65807251b3b4c0aee2101519fdaebf6db5376863da5add3471f26.exe
-
Size
2.7MB
-
MD5
853a9918a66c6de88c9d8577726f2605
-
SHA1
36b6e43bcd91cdb0ca35c48a3b8644ba0d51f305
-
SHA256
068428a4acb65807251b3b4c0aee2101519fdaebf6db5376863da5add3471f26
-
SHA512
7980da87d70698ea26bf2109174cdbad041ff1c35ef19beb29985fa6a9ffeaa17df920b7ad9331700863cf7cc7b492e06fa1b9ff06a35e14779b742559d04489
-
SSDEEP
24576:W0FRFbz9JmGF6uabHxZ2/AVWcE1+APcSs+x4HRjcKx+Afz0bRK+m4pGAhiBLqx7I:Wc5/mGJae/AJcBPcRjcA+AYDZLx7acT
Score8/10-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-
-
-
Target
087421ac222e935579dfd3b7a5120451fd9d9a663d3d1872c04b6154b238c894.elf
-
Size
29KB
-
MD5
caa62fc5426fda5bb51dd6dcfc804b5b
-
SHA1
c1648ab78484ea318efa729b41f0fff80772a8b3
-
SHA256
087421ac222e935579dfd3b7a5120451fd9d9a663d3d1872c04b6154b238c894
-
SHA512
5b6678cc985a4e180032c2ef9ecc094b22ea2c7de3ab2cc9bfa265ef444c13582bcb3183125ab1193d9f5a45ceee46ff49d5773532242f8821d8ba845b39a460
-
SSDEEP
768:Mqa+lipfbBFUDuQZHAOrvWj6rRjrM1u2BYiQnUWsx:0bB2aQZJvWjyhL2BY7nix
-
-
-
Target
0c4791a6b47491a0c43cea0ba54357e391a3c8b23aa28025489bbe43bb9ea6ea.elf
-
Size
50KB
-
MD5
386982ad3916c76d79d706af4d8639fc
-
SHA1
9b4e80785492dbbfc8c585587851bce3844f48a2
-
SHA256
0c4791a6b47491a0c43cea0ba54357e391a3c8b23aa28025489bbe43bb9ea6ea
-
SHA512
24ba01f9473a9fd5d5e8e0056952147f5ac2a9b166552dfc25fccf36b3b82e2eb608f0fc6994a92546617586cba82ef9469e9785d48e7f8d4875d2492c90ea1f
-
SSDEEP
1536:EFE+30g4zbPVfqnB+1F5WfLKSMdD6elLB:0E+3szbtP13sL6h9BB
Score1/10 -
-
-
Target
0d9bd2ae2e4b023047b6c08684e9e5daae76e31cced4c3fdf4640136245f7eea.exe
-
Size
725KB
-
MD5
4b0a935fbc037ea00bf17468d4cf5b85
-
SHA1
169cd19c1d29bebd2c7fe5a8de25b1429f8f2aed
-
SHA256
0d9bd2ae2e4b023047b6c08684e9e5daae76e31cced4c3fdf4640136245f7eea
-
SHA512
0bee469d0188505772af1fd9af4a6710c201475340045b97024102a63aaba14f940e6ee36d118d338e836b4ee7ba03387001ce81724c4f4433123f5b9d83dd4f
-
SSDEEP
12288:w6Wq4aaE6KwyF5L0Y2D1PqL5C38Lua13KVsrOQW60Ztsmhv3:GthEVaPqL58F2rBjmB3
Score7/10-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
-
-
Target
0fa00d4f4f8e8449883aef7f0459a0fb754d57d55af2b41f5e445f867000fa70.exe
-
Size
149KB
-
MD5
d466c92a9ed1b0dd7a9789d24182b387
-
SHA1
619c3496cb1494bcabbae38bf78bceb501608a7a
-
SHA256
0fa00d4f4f8e8449883aef7f0459a0fb754d57d55af2b41f5e445f867000fa70
-
SHA512
2fe67183a79118853f89b97bc0e43b74ce02692be8e5fa4e79e45fb09010d599b961191913c3836652536b2382321d8a5191921965aeea85616127ba2e6ac6bb
-
SSDEEP
3072:cs2t+jk/d1uce+aD7UKg6THMGANMemOI:E7ufgKg6TsvI
Score1/10 -
-
-
Target
10de02fec8ac3edbf1398e6dd43ddec95a89e0499e1e865a7d9e5289fb2b31d1.bat
-
Size
1.1MB
-
MD5
4030841f8cd4b3ac37ab0a0b9332f3a5
-
SHA1
6d05584de372399fbadd59a1e6a1eefee90f8725
-
SHA256
10de02fec8ac3edbf1398e6dd43ddec95a89e0499e1e865a7d9e5289fb2b31d1
-
SHA512
a8c40c3fa3f7f9ba47eed94a55a2562719073fd568d4aa96a081a46ce150e0b068b453e812eaef3fe15cafae3b66127e23ed4d72669173c8c254ba58d32534c0
-
SSDEEP
24576:+NAwcGqisVN8rXpLOnM+YCftp99Jj9Pgxp1QrKDI:+NKVVsxmt9j
Score8/10-
Blocklisted process makes network request
-
-
-
Target
11571917015adbf3b5196509e1082c8d415f011cce88bd8b16e9d9c5a39ac432.exe
-
Size
14.4MB
-
MD5
ecaa6f88c3b6594914a8ffde04fd5d84
-
SHA1
885e4370299d369f7285ba5f2c544cbcd70a5fd0
-
SHA256
11571917015adbf3b5196509e1082c8d415f011cce88bd8b16e9d9c5a39ac432
-
SHA512
94712c9ceddc1e2abd7ec19dc39bf2cbea54d3430f66887e2e0861c2cdb4c4ee24c39d3140c9374e826049516b814c3fcfcf4c49402bc5c2335d87bc0ee67f83
-
SSDEEP
393216:hp8QGQCKH9iqYCfy8tW5MrYR0aioa4CMRmrrCZRBkyQzy:v8QGrK5GXR9ioaJMRmrrdysy
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
16e81343ecea6082d76bf1ab26818c3bf56929c92468fae8837c6384b62d05a5.exe
-
Size
6.9MB
-
MD5
755c6c74f65a7eb6fac438c71232090b
-
SHA1
ecd899ca1c4764a57a8a15f7ac41624196f1a4e7
-
SHA256
16e81343ecea6082d76bf1ab26818c3bf56929c92468fae8837c6384b62d05a5
-
SHA512
f0dcf9c4d84708a6dd665c53d0d8b72209de79cd571836a496d9cf3dbdc757f82a69e6788b2037484720fa6e966ff5c6719be4f7faa36486561856b1f7e6379c
-
SSDEEP
3072:MNA/391UUU35AkH+wWtailGlIQZboLRM9ua/aHyvZRVed2idrTj4i4MzNrpFFbmO:MNALUU4T7sGlVbAP//zNCbuIQ
Score7/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
17691f0962027e7110f727ae997f8af5885dd783674d1db023d467ec478515b7.elf
-
Size
177KB
-
MD5
a34eeacb65f86c57bdea56175af169ef
-
SHA1
6f474269c97412679d64187a3e99eec1707b4200
-
SHA256
17691f0962027e7110f727ae997f8af5885dd783674d1db023d467ec478515b7
-
SHA512
7e763bec443a758df9c6f322087a07cf12406a5b46ba6049ddf3fd33c780f1bbe32cd7dd7e7fb19f9a43bd4d168984de1df925c525304099e6f8cd44947da432
-
SSDEEP
3072:Mwoe3s52Zt9nQiX/GpO1SMRpp6NWJdWQwi:MnSskZDQiX/2ObRWoDWf
Score6/10-
Enumerates running processes
Discovers information about currently running processes on the system
-
-
-
Target
17c24104e8e5350eeb7e2a162dec3f6a4d6c70f3f0849e6346fd383d998dcc12.exe
-
Size
4.6MB
-
MD5
8ceb3a5e7da3309b307a2407298a7cee
-
SHA1
c7b571e5020866e068c8b780782be72cf5f8df3f
-
SHA256
17c24104e8e5350eeb7e2a162dec3f6a4d6c70f3f0849e6346fd383d998dcc12
-
SHA512
80a5cd2d600cee52ac02dd2534c7415a714e41d403486dac3e181706f5ea1a63f610c46b09c46035d60462f2b20bc5fdaf8e4ca1aafaa0ffaadd9430ea3b7277
-
SSDEEP
98304:jf3t4BNLhoAfN/BKhtrW4+UbTRS2S6A4nzSHkKZkWKR/J7gyTT:jf3t4zNoAFYhdW4ZJzfOkCkWu/dgO
Score3/10 -
-
-
Target
1816cd993ddda970b791b090e6ecb501ef923bdcc0cc5f4a99e18dcdb7093228.exe
-
Size
1.7MB
-
MD5
74a37bb794ed287696eac4495ffae13f
-
SHA1
0097bc646687e8441db0079c3f85320be39e4a13
-
SHA256
1816cd993ddda970b791b090e6ecb501ef923bdcc0cc5f4a99e18dcdb7093228
-
SHA512
17770d69d3792f1663d58d2d5c1b1cbcac04ac9ef85c0416bb4f69ca3410b710953f384039999e8719a798bf4cd751226a2282affb7f959197eeccb782126950
-
SSDEEP
24576:s7FUDowAyrTVE3U5F/9GqKVKic6QL3E2vVsjECUAQT45deRV9RZ:sBuZrEUwzKIy029s4C1eH93
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
1b8cda768ba75d723b2b0b34cf955f7ec9469b4e33c6fde6494eefd60a139d8a.elf
-
Size
142KB
-
MD5
95917209bb8848eae1a1c23bc9f1d408
-
SHA1
6a1d24d516661a8ce45621215d567005504abdee
-
SHA256
1b8cda768ba75d723b2b0b34cf955f7ec9469b4e33c6fde6494eefd60a139d8a
-
SHA512
a210dd4775612be960fbb2850f7a4f13680e40386b37ca05605434f9670e70d535fab839df9dd5b013910056a0cd8f32f163208af9ce890af789e485fab3a480
-
SSDEEP
3072:PccxTBU5zIUJXXxhtn/aZ6OVCRLCSpO8BC:PciBy7JXhht/anmXpO8BC
Score1/10 -
-
-
Target
1df6acbc1106e17265fde3ab54b2a83fa8f6f39656d7c55481b2dbd66f1114b7.elf
-
Size
115KB
-
MD5
d465f896ac0fa592fd84f65824c424f2
-
SHA1
307e056622700b43eebb6bb43080708fcd6e7990
-
SHA256
1df6acbc1106e17265fde3ab54b2a83fa8f6f39656d7c55481b2dbd66f1114b7
-
SHA512
7034166cf7c3e05f9555c4356b31c1ab9d1abb3b68f3483448bf1983a3fdad5adf5f38c1f32ee5de069a8b59c5b43e48b0f4abf776ab1246265bcfa1a434794b
-
SSDEEP
3072:L+YUpmc5hIof5UM7XgYjykKdYmm/QcuLB126DNb:LwU1of5UMPyk2Ymm/QcuLB126DNb
-
Class file contains resources related to AdWind
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Detect ZGRat V1
-
Detected Gafgyt variant
-
Irata
Irata is an Iranian remote access trojan Android malware first seen in August 2022.
-
Irata payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Requests dangerous framework permissions
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
-
-
Target
1e7706ed0492572474cd866f13778cc66c42b614b3d0b1d9af35727c051a50b0.elf
-
Size
61KB
-
MD5
013c472aa24c1a90c7d3d9f7cb429acf
-
SHA1
c2d2332e6ae7896feb69591968752431656fac40
-
SHA256
1e7706ed0492572474cd866f13778cc66c42b614b3d0b1d9af35727c051a50b0
-
SHA512
0fc535975b93d62f32e54993413093b236d64aedb8fd76822d66988e85d9649833dca3479159b8e16dc92645a26c36b92ae9b422e642c94dacfd1c212184dd1c
-
SSDEEP
768:WV8SNmQEPAPJD7E9NsB8UI8t/PMJTjKxVnjDbwqctNcjvwRgIP:WhNgPE7As8x8t/ETjKx9jDbDSGKP
Score1/10 -