Overview

overview

10

Static

static

10

068428a4ac...26.exe

windows11-21h2-x64

8

0c4791a6b4...ea.elf

windows11-21h2-x64

3

0d9bd2ae2e...ea.exe

windows11-21h2-x64

7

0fa00d4f4f...70.dll

windows11-21h2-x64

1

10de02fec8...d1.bat

windows11-21h2-x64

8

1157191701...32.exe

windows11-21h2-x64

7

16e81343ec...a5.exe

windows11-21h2-x64

7

17691f0962...b7.elf

windows11-21h2-x64

3

17c24104e8...12.exe

windows11-21h2-x64

3

1816cd993d...28.exe

windows11-21h2-x64

7

1b8cda768b...8a.elf

windows11-21h2-x64

3

1df6acbc11...b7.elf

windows11-21h2-x64

3

1e7706ed04...b0.elf

windows11-21h2-x64

3

1f580428fa...2c.elf

windows11-21h2-x64

3

257fc477b9...cc.elf

windows11-21h2-x64

3

262a10ee37...50.elf

windows11-21h2-x64

3

267909cf4a...e7.bat

windows11-21h2-x64

10

2796760675...13.elf

windows11-21h2-x64

3

27e181c699...8c.elf

windows11-21h2-x64

3

2b4b073178...74.elf

windows11-21h2-x64

3

2b5bf75c0a...35.exe

windows11-21h2-x64

7

2bac99f5be...ec.elf

windows11-21h2-x64

3

2cfeefaa13...50.elf

windows11-21h2-x64

3

2e48ee0fb3...66.exe

windows11-21h2-x64

10

2e4d872360...5b.exe

windows11-21h2-x64

10

31b6a60839...1b.exe

windows11-21h2-x64

3

320ccae2e9...0d.exe

windows11-21h2-x64

10

3476006a8f...16.apk

windows11-21h2-x64

3

3545082c16...2e.elf

windows11-21h2-x64

3

377c3c3679...05.elf

windows11-21h2-x64

3

3c40413f93...f5.exe

windows11-21h2-x64

10

cbe27936a3...8b.iso

windows11-21h2-x64

3

Resubmissions

22-04-2024 22:02

240422-1xtwbagh68 10

22-04-2024 19:25

240422-x42b7afa68 10

19-04-2024 03:02

240419-djmthsfh8w 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7d69e0d82e74059115486fae5dd5ac6463c7fccd91dbbcaa9587117c7d201ddb

  • Size

    289.5MB

  • Sample

    240422-x42b7afa68

  • MD5

    405394c381ca2000e01428e79d03cecb

  • SHA1

    cb41f1d9e06c1b783378a43486c7d997a3635b68

  • SHA256

    7d69e0d82e74059115486fae5dd5ac6463c7fccd91dbbcaa9587117c7d201ddb

  • SHA512

    40266c79a3d2c010882cfc4b237c6d27989dc385fd23d8bafe89e4ff329a181fed4ba44dac91187ffd2698d51af44454917e901375aa0dc87624ec956f12f80d

  • SSDEEP

    6291456:BN08aneiYsmfO6eRtz+WmPn4auzQgHDXuDFHVfuc1Fyn6RQuj3jN31S:j08aneo2eTTI2NHDXuDjxPyn6zj3jN3M

Score
10/10
adwindasyncratblacknetdcratgafgytiratamirairedlinesectopratsocks5systemzstealctriadavidarxwormxzutilzgratcheathackedmirainew_n4soratgbackdoorbotnetcollectiondiscoverypyinstallerratspywarestealertrojanupx

Malware Config

Extracted

Family

gafgyt

C2

94.156.64.4:42516

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

MIRAI

Extracted

Family

blacknet

Botnet

HacKed

C2

http://botnetera.pagekite.me/

Mutex

BN[pjClIrDI-2470224]

Attributes
  • antivm

    true

  • elevate_uac

    true

  • install_name

    WindowsUpdate.exe

  • splitter

    |BN|

  • start_name

    35dcbc7eb742dd4f1edfbccf7826c724

  • startup

    false

  • usb_spread

    false

Extracted

Family

mirai

Botnet

MIRAI

Extracted

Family

xworm

C2

involved-hurt.gl.at.ply.gg:35238

Attributes
  • Install_directory

    %LocalAppData%

  • install_file

    WindowsHealthSystem.exe

Extracted

Family

redline

Botnet

cheat

C2

0.tcp.eu.ngrok.io:18950

Extracted

Family

mirai

C2

hoiiaz.iaz.coby

Extracted

Family

redline

Botnet

tg

C2

163.5.112.53:51523

Extracted

Family

stealc

C2

http://185.216.70.109

Attributes
  • url_path

    /eb488f9cb9d466ca.php

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

MIRAI

C2

client.orxy.space

Extracted

Family

mirai

Botnet

MIRAI

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://po.vigorlabs.info:443

Extracted

Family

asyncrat

Version

AWS | 3Losh

Botnet

NEW_N4

C2

fttuvgt.ddnsfree.com:6969

fttuvgt.ddnsfree.com:6668

fttuvgt.ddnsfree.com:6667
Mutex

AsyncMutex_xxx342592

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Extracted

Family

socks5systemz

C2

http://erzwnet.ua/search/?q=67e28dd8395df37a1507f81b7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978ff71ea771795af8e05c645db22f31dfe339426fa12a466c553adb719a9577e55b8603e983a608ffc19c1eb9c9e3f

http://erzwnet.ua/search/?q=67e28dd8395df37a1507f81b7c27d78406abdd88be4b12eab517aa5c96bd86ec908e44885a8bbc896c58e713bc90c91936b5281fc235a925ed3e5cd6bd974a95129070b616e96cc92be510b866db51b9e34eed4c2b14a82966836f23d7f210c7ee96923ac9669212

Extracted

Family

vidar

C2

https://steamcommunity.com/profiles/76561199658817715

https://t.me/sa9ok
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36

Targets

    • Target

      068428a4acb65807251b3b4c0aee2101519fdaebf6db5376863da5add3471f26.exe

    • Size

      2.7MB

    • MD5

      853a9918a66c6de88c9d8577726f2605

    • SHA1

      36b6e43bcd91cdb0ca35c48a3b8644ba0d51f305

    • SHA256

      068428a4acb65807251b3b4c0aee2101519fdaebf6db5376863da5add3471f26

    • SHA512

      7980da87d70698ea26bf2109174cdbad041ff1c35ef19beb29985fa6a9ffeaa17df920b7ad9331700863cf7cc7b492e06fa1b9ff06a35e14779b742559d04489

    • SSDEEP

      24576:W0FRFbz9JmGF6uabHxZ2/AVWcE1+APcSs+x4HRjcKx+Afz0bRK+m4pGAhiBLqx7I:Wc5/mGJae/AJcBPcRjcA+AYDZLx7acT

    Score
    8/10

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1

    • Target

      0c4791a6b47491a0c43cea0ba54357e391a3c8b23aa28025489bbe43bb9ea6ea.elf

    • Size

      50KB

    • MD5

      386982ad3916c76d79d706af4d8639fc

    • SHA1

      9b4e80785492dbbfc8c585587851bce3844f48a2

    • SHA256

      0c4791a6b47491a0c43cea0ba54357e391a3c8b23aa28025489bbe43bb9ea6ea

    • SHA512

      24ba01f9473a9fd5d5e8e0056952147f5ac2a9b166552dfc25fccf36b3b82e2eb608f0fc6994a92546617586cba82ef9469e9785d48e7f8d4875d2492c90ea1f

    • SSDEEP

      1536:EFE+30g4zbPVfqnB+1F5WfLKSMdD6elLB:0E+3szbtP13sL6h9BB

    Score
    3/10
    behavioral2

    • Target

      0d9bd2ae2e4b023047b6c08684e9e5daae76e31cced4c3fdf4640136245f7eea.exe

    • Size

      725KB

    • MD5

      4b0a935fbc037ea00bf17468d4cf5b85

    • SHA1

      169cd19c1d29bebd2c7fe5a8de25b1429f8f2aed

    • SHA256

      0d9bd2ae2e4b023047b6c08684e9e5daae76e31cced4c3fdf4640136245f7eea

    • SHA512

      0bee469d0188505772af1fd9af4a6710c201475340045b97024102a63aaba14f940e6ee36d118d338e836b4ee7ba03387001ce81724c4f4433123f5b9d83dd4f

    • SSDEEP

      12288:w6Wq4aaE6KwyF5L0Y2D1PqL5C38Lua13KVsrOQW60Ztsmhv3:GthEVaPqL58F2rBjmB3

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    behavioral3

    • Target

      0fa00d4f4f8e8449883aef7f0459a0fb754d57d55af2b41f5e445f867000fa70.exe

    • Size

      149KB

    • MD5

      d466c92a9ed1b0dd7a9789d24182b387

    • SHA1

      619c3496cb1494bcabbae38bf78bceb501608a7a

    • SHA256

      0fa00d4f4f8e8449883aef7f0459a0fb754d57d55af2b41f5e445f867000fa70

    • SHA512

      2fe67183a79118853f89b97bc0e43b74ce02692be8e5fa4e79e45fb09010d599b961191913c3836652536b2382321d8a5191921965aeea85616127ba2e6ac6bb

    • SSDEEP

      3072:cs2t+jk/d1uce+aD7UKg6THMGANMemOI:E7ufgKg6TsvI

    Score
    1/10
    behavioral4

    • Target

      10de02fec8ac3edbf1398e6dd43ddec95a89e0499e1e865a7d9e5289fb2b31d1.bat

    • Size

      1.1MB

    • MD5

      4030841f8cd4b3ac37ab0a0b9332f3a5

    • SHA1

      6d05584de372399fbadd59a1e6a1eefee90f8725

    • SHA256

      10de02fec8ac3edbf1398e6dd43ddec95a89e0499e1e865a7d9e5289fb2b31d1

    • SHA512

      a8c40c3fa3f7f9ba47eed94a55a2562719073fd568d4aa96a081a46ce150e0b068b453e812eaef3fe15cafae3b66127e23ed4d72669173c8c254ba58d32534c0

    • SSDEEP

      24576:+NAwcGqisVN8rXpLOnM+YCftp99Jj9Pgxp1QrKDI:+NKVVsxmt9j

    Score
    8/10

    • Blocklisted process makes network request

    behavioral5

    • Target

      11571917015adbf3b5196509e1082c8d415f011cce88bd8b16e9d9c5a39ac432.exe

    • Size

      14.4MB

    • MD5

      ecaa6f88c3b6594914a8ffde04fd5d84

    • SHA1

      885e4370299d369f7285ba5f2c544cbcd70a5fd0

    • SHA256

      11571917015adbf3b5196509e1082c8d415f011cce88bd8b16e9d9c5a39ac432

    • SHA512

      94712c9ceddc1e2abd7ec19dc39bf2cbea54d3430f66887e2e0861c2cdb4c4ee24c39d3140c9374e826049516b814c3fcfcf4c49402bc5c2335d87bc0ee67f83

    • SSDEEP

      393216:hp8QGQCKH9iqYCfy8tW5MrYR0aioa4CMRmrrCZRBkyQzy:v8QGrK5GXR9ioaJMRmrrdysy

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral6

    • Target

      16e81343ecea6082d76bf1ab26818c3bf56929c92468fae8837c6384b62d05a5.exe

    • Size

      6.9MB

    • MD5

      755c6c74f65a7eb6fac438c71232090b

    • SHA1

      ecd899ca1c4764a57a8a15f7ac41624196f1a4e7

    • SHA256

      16e81343ecea6082d76bf1ab26818c3bf56929c92468fae8837c6384b62d05a5

    • SHA512

      f0dcf9c4d84708a6dd665c53d0d8b72209de79cd571836a496d9cf3dbdc757f82a69e6788b2037484720fa6e966ff5c6719be4f7faa36486561856b1f7e6379c

    • SSDEEP

      3072:MNA/391UUU35AkH+wWtailGlIQZboLRM9ua/aHyvZRVed2idrTj4i4MzNrpFFbmO:MNALUU4T7sGlVbAP//zNCbuIQ

    Score
    7/10
    collectionspywarestealer

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral7

    • Target

      17691f0962027e7110f727ae997f8af5885dd783674d1db023d467ec478515b7.elf

    • Size

      177KB

    • MD5

      a34eeacb65f86c57bdea56175af169ef

    • SHA1

      6f474269c97412679d64187a3e99eec1707b4200

    • SHA256

      17691f0962027e7110f727ae997f8af5885dd783674d1db023d467ec478515b7

    • SHA512

      7e763bec443a758df9c6f322087a07cf12406a5b46ba6049ddf3fd33c780f1bbe32cd7dd7e7fb19f9a43bd4d168984de1df925c525304099e6f8cd44947da432

    • SSDEEP

      3072:Mwoe3s52Zt9nQiX/GpO1SMRpp6NWJdWQwi:MnSskZDQiX/2ObRWoDWf

    Score
    3/10
    behavioral8

    • Target

      17c24104e8e5350eeb7e2a162dec3f6a4d6c70f3f0849e6346fd383d998dcc12.exe

    • Size

      4.6MB

    • MD5

      8ceb3a5e7da3309b307a2407298a7cee

    • SHA1

      c7b571e5020866e068c8b780782be72cf5f8df3f

    • SHA256

      17c24104e8e5350eeb7e2a162dec3f6a4d6c70f3f0849e6346fd383d998dcc12

    • SHA512

      80a5cd2d600cee52ac02dd2534c7415a714e41d403486dac3e181706f5ea1a63f610c46b09c46035d60462f2b20bc5fdaf8e4ca1aafaa0ffaadd9430ea3b7277

    • SSDEEP

      98304:jf3t4BNLhoAfN/BKhtrW4+UbTRS2S6A4nzSHkKZkWKR/J7gyTT:jf3t4zNoAFYhdW4ZJzfOkCkWu/dgO

    Score
    3/10
    behavioral9

    • Target

      1816cd993ddda970b791b090e6ecb501ef923bdcc0cc5f4a99e18dcdb7093228.exe

    • Size

      1.7MB

    • MD5

      74a37bb794ed287696eac4495ffae13f

    • SHA1

      0097bc646687e8441db0079c3f85320be39e4a13

    • SHA256

      1816cd993ddda970b791b090e6ecb501ef923bdcc0cc5f4a99e18dcdb7093228

    • SHA512

      17770d69d3792f1663d58d2d5c1b1cbcac04ac9ef85c0416bb4f69ca3410b710953f384039999e8719a798bf4cd751226a2282affb7f959197eeccb782126950

    • SSDEEP

      24576:s7FUDowAyrTVE3U5F/9GqKVKic6QL3E2vVsjECUAQT45deRV9RZ:sBuZrEUwzKIy029s4C1eH93

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral10

    • Target

      1b8cda768ba75d723b2b0b34cf955f7ec9469b4e33c6fde6494eefd60a139d8a.elf

    • Size

      142KB

    • MD5

      95917209bb8848eae1a1c23bc9f1d408

    • SHA1

      6a1d24d516661a8ce45621215d567005504abdee

    • SHA256

      1b8cda768ba75d723b2b0b34cf955f7ec9469b4e33c6fde6494eefd60a139d8a

    • SHA512

      a210dd4775612be960fbb2850f7a4f13680e40386b37ca05605434f9670e70d535fab839df9dd5b013910056a0cd8f32f163208af9ce890af789e485fab3a480

    • SSDEEP

      3072:PccxTBU5zIUJXXxhtn/aZ6OVCRLCSpO8BC:PciBy7JXhht/anmXpO8BC

    Score
    3/10
    behavioral11

    • Target

      1df6acbc1106e17265fde3ab54b2a83fa8f6f39656d7c55481b2dbd66f1114b7.elf

    • Size

      115KB

    • MD5

      d465f896ac0fa592fd84f65824c424f2

    • SHA1

      307e056622700b43eebb6bb43080708fcd6e7990

    • SHA256

      1df6acbc1106e17265fde3ab54b2a83fa8f6f39656d7c55481b2dbd66f1114b7

    • SHA512

      7034166cf7c3e05f9555c4356b31c1ab9d1abb3b68f3483448bf1983a3fdad5adf5f38c1f32ee5de069a8b59c5b43e48b0f4abf776ab1246265bcfa1a434794b

    • SSDEEP

      3072:L+YUpmc5hIof5UM7XgYjykKdYmm/QcuLB126DNb:LwU1of5UMPyk2Ymm/QcuLB126DNb

    Score
    3/10
    behavioral12

    • Target

      1e7706ed0492572474cd866f13778cc66c42b614b3d0b1d9af35727c051a50b0.elf

    • Size

      61KB

    • MD5

      013c472aa24c1a90c7d3d9f7cb429acf

    • SHA1

      c2d2332e6ae7896feb69591968752431656fac40

    • SHA256

      1e7706ed0492572474cd866f13778cc66c42b614b3d0b1d9af35727c051a50b0

    • SHA512

      0fc535975b93d62f32e54993413093b236d64aedb8fd76822d66988e85d9649833dca3479159b8e16dc92645a26c36b92ae9b422e642c94dacfd1c212184dd1c

    • SSDEEP

      768:WV8SNmQEPAPJD7E9NsB8UI8t/PMJTjKxVnjDbwqctNcjvwRgIP:WhNgPE7As8x8t/ETjKx9jDbDSGKP

    Score
    3/10
    behavioral13

    • Target

      1f580428fa8afd15832fcd04f5d6832be9f7a7144ff17e19c89d2b07e7f51f2c.elf

    • Size

      127KB

    • MD5

      0589691fb8aea57598cb05690213a08a

    • SHA1

      69b0f2fe133f6abfa26fcbddad36967edfa294ac

    • SHA256

      1f580428fa8afd15832fcd04f5d6832be9f7a7144ff17e19c89d2b07e7f51f2c

    • SHA512

      11cb390e18428ec9a11fae60606126235d75f99469b0bd50e92e64d513ae1ae21446f3ac3227a9c599ec73a117cfbcc7b5419ddda8e8680759b98c6122a1c773

    • SSDEEP

      3072:+DShVLkDZ6waCAdclgbYJOmP46aQyfPluesNb:VhVeZ6zclgboOmP46aQyfPluesNb

    Score
    3/10
    behavioral14

    • Target

      257fc477b9684863e0822cbad3606d76c039be8dd51cdc13b73e74e93d7b04cc.elf

    • Size

      1.2MB

    • MD5

      a78380f647766a2bc099844375bd5a4c

    • SHA1

      4546876d037d899090260fcf9fe49683998cc9de

    • SHA256

      257fc477b9684863e0822cbad3606d76c039be8dd51cdc13b73e74e93d7b04cc

    • SHA512

      16f9c97b8f46f85ef003174b94ff5444d91845e759ae3fee3e7f468e22232c8afb0d068942eb8b73686caca299f3998bf0cb235a918ea81e3c2ddc15167f5c43

    • SSDEEP

      12288:EOAMgUW8jfDhKGCotRnmpi6pF4XhCZDicNFeDG/p1vaKfgUZmao:/I2j7hZCoPnmp3p7DbNcK7zw

    Score
    3/10
    behavioral15

    • Target

      262a10ee377a4945ce30e115e2ab1bf9ff2fc0f35741bbb72e40f145de24bd50.elf

    • Size

      133KB

    • MD5

      f389886a847d6e69148c5cc795ef9ebd

    • SHA1

      3c157e3ef052503181f6520fbe95240060d7e3a1

    • SHA256

      262a10ee377a4945ce30e115e2ab1bf9ff2fc0f35741bbb72e40f145de24bd50

    • SHA512

      6b1acae24692d583a6673d817af32282f305884df7de68a73f3ed76e7e567d2821ad6c0d611480da7437051b42a2d7823d461e3f8cc49ab96918b1219ea4d911

    • SSDEEP

      1536:O+65RMfLd4/IbINUgicUwK9xpNvTxNfjbo8PgUF7MJqvAfItK510LHqQe2khhyz3:Odcd4TUYUB9xr7x17ga7MdfrhhQqo

    Score
    3/10
    behavioral16

    • Target

      267909cf4a62955a35b0fe013afbfd62d7ae1a1eef6d7a24d7ce50db52d48ce7.bat

    • Size

      6KB

    • MD5

      c3a090912dd6f7c536225858fb24387c

    • SHA1

      3773938587b06c7dc300b3d973c715c685a28877

    • SHA256

      267909cf4a62955a35b0fe013afbfd62d7ae1a1eef6d7a24d7ce50db52d48ce7

    • SHA512

      7ff0e8434fafbc88e3e444a0300504c01e3976c369662ec55c70e38c1178f8e383522362efc2c4bde8c338bbb6c14007617a8696a6cb2082036c00136db6f0f8

    • SSDEEP

      192:UPtKEKMJRLI0WCUaypBO2xzk4oquKEwY6edkEEhd:UPtKdMJpJV2xo4oCEwAAhd

    Score
    10/10

    • Blocklisted process makes network request

    behavioral17

    • Target

      2796760675e5efbef0319f0285c2e1d07c11b038311c02e16c2407ba57c38413.elf

    • Size

      115KB

    • MD5

      4fe32715422fb3e917e0862c968d92fc

    • SHA1

      38389592a134c3845acaaef60aaa1ea5e98cb0b2

    • SHA256

      2796760675e5efbef0319f0285c2e1d07c11b038311c02e16c2407ba57c38413

    • SHA512

      aa61f8d7f959a3f729b2e1ed77c5545220807e304f8445955a6b1c9caa193ef4e9d965ca59ce7b9fadaf098a32a2c51a3eb8c7b3546e7f92ee3f584c6bdd88f8

    • SSDEEP

      3072:hqIkB/Ldm6cGswYLVDFyh/lJ3CnV97emvI0PDGnSQNER:hqIkBTo6cGswcyh9J3WXemvI0PDGnSQ6

    Score
    3/10
    behavioral18

    • Target

      27e181c699f14c3e53cabc89941ac40917165cc4be34d2c7f9d6eca0e16b508c.elf

    • Size

      62KB

    • MD5

      e8708f827c4559c956d96a43d10617ae

    • SHA1

      987f00a30840f19e86bf63d957f597e3e989f5a5

    • SHA256

      27e181c699f14c3e53cabc89941ac40917165cc4be34d2c7f9d6eca0e16b508c

    • SHA512

      a8268865a951ccf1fe16ba1eeaf4eaa1c7c5fb2b9b0f3503d0aa8958b8f3cb08d57bb46332f891aeabaf8770f628bcbbb152915b3fb811cd84438b39cfa20c69

    • SSDEEP

      768:oe2V5Ds1WRxUFaYiTW2NamlX3vu6aCgFlQ3xQkgFHTn0au783JNVPM4R/wsJn+Dz:oBgWHc+S2R6FTn0D783JU4R/wqn+KC

    Score
    3/10
    behavioral19

    • Target

      2b4b073178b573aa181fdc6e8063c778c90f76235d640c186b99278186509e74.elf

    • Size

      150KB

    • MD5

      5d56a442ec59555956e27a72a1cba483

    • SHA1

      002763e66b2f3856d386a9faaf62eab610a3fde1

    • SHA256

      2b4b073178b573aa181fdc6e8063c778c90f76235d640c186b99278186509e74

    • SHA512

      d1d5f40419d3156efa0de16c719f02d853b36a3c409d3d62bd763befa739fc368f86b1823f4881ef2661d66a149cb6fb321178af7db2cf2d46fc5d3fcc5baf85

    • SSDEEP

      3072:f3Yco4c+tKiAY/5hlKdcWDURxuZq+1uPNd5R:v6kB/5hl0lURxuZq+1uPNd5R

    Score
    3/10
    behavioral20

    • Target

      2b5bf75c0aede1169e7aa2b4c760b1852f34990d5b8ce27ca2fa21efa35e0635.exe

    • Size

      9.7MB

    • MD5

      e959a251d4fd9d7c2bb495120b34e0c7

    • SHA1

      f1fd8ceb0c33d51d36e7b48fe2672ee1873a8d5c

    • SHA256

      2b5bf75c0aede1169e7aa2b4c760b1852f34990d5b8ce27ca2fa21efa35e0635

    • SHA512

      bb87ec1a60d28a8949ba0bbb4f2cf8c839f1648420ad24016d2aec87d400193071936e9f2239d8df609c4c08cd144c204466e3da71615d90988498718aef0eb0

    • SSDEEP

      3072:g2YHCLwn3UjOikH+LGP34o7KerVUzeeDXbwa21Dv9ua/aHyvDTd2iWtxILgcaL1K:g2YHuwn3UFdbwvsvj3xh

    Score
    7/10
    collectionspywarestealer

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral21

    • Target

      2bac99f5be34b649749a4ce8ab7c8103f9dce863cbc490f273c27297b2c465ec.elf

    • Size

      81KB

    • MD5

      ad8386d085209e80efb83b5d9ffc3981

    • SHA1

      b81e08d6f5144ba1bf4acf2a28d1577bc95a7d44

    • SHA256

      2bac99f5be34b649749a4ce8ab7c8103f9dce863cbc490f273c27297b2c465ec

    • SHA512

      35fe10cc741f58eb71e86883e8fc90161ca313599d50dc26206ce62badbd5333543b2ed60abcb1a0b6f9d048ee5b51356a857b4d2889150d5963bdf13e9331c1

    • SSDEEP

      1536:0/WS0ZlJVfdtV7QiVFnFk6tXpN+tQDkAlM50tJv0:qHcv7G6tX+SD1l8Qv0

    Score
    3/10
    behavioral22

    • Target

      2cfeefaa133519defee56f4253c7c7f2396d784ed8e09d2212ab5bee6cf52b50.elf

    • Size

      150KB

    • MD5

      c2b9c468309d87c79398b01bed8f85a8

    • SHA1

      d9ba2ef9fbc5d47c42cf370d3d38d68b10535c21

    • SHA256

      2cfeefaa133519defee56f4253c7c7f2396d784ed8e09d2212ab5bee6cf52b50

    • SHA512

      f47dd02ecfe7848cf2b8d7ab3852167a371013a71ca8670ab8b14e98493018c038dc269ea2169c862167b3a38ff4095a957fe0dbfb5767b81ad00e2174a42002

    • SSDEEP

      3072:fcyWqgG6CH7XUS4zA07tYTEVrjbi/LSD/J1yRN+cq:fcybESAAuYT3LSDHyR0cq

    Score
    3/10
    behavioral23

    • Target

      2e48ee0fb3ddd63efeecd900a9d2bde365e2fe1fcbb3c43c882362ae935c5066.exe

    • Size

      647KB

    • MD5

      4532fe89506406de9ebaa83778d74c8f

    • SHA1

      8015b822fc7df8d33ec3416e773f7189e9b74b5f

    • SHA256

      2e48ee0fb3ddd63efeecd900a9d2bde365e2fe1fcbb3c43c882362ae935c5066

    • SHA512

      50706520d3df0669ac2b7a75a6a234cd28deec92e8be98e0e4ce7ef8848952cc07b53e30723bf4668ee3f940714360f6ba705bfe83e2d47f3163c86e407ba36a

    • SSDEEP

      12288:w3qcsNKVUdaaPDodw7y1Q3krddMK341VhJ5mhj2ZCm03Pjzkjp:w33uK2daGz+1Q3qdMKoDhJkhWCmQjzAp

    Score
    10/10
    asyncratnew_n4ratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral24

    • Target

      2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe

    • Size

      141KB

    • MD5

      8c64a02c90f20524920e6e5e482b5a55

    • SHA1

      cc0f119b3d8e6d91f6e49d9cd21df4bc6b478b52

    • SHA256

      2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b

    • SHA512

      45b43dace1960596f7da79f9fec0dc4189ad7d8c5c3d6f6372a6b52d5adc5077ab50e5832852b0e69c92a02b637fb96d5b2f275738a653cb1113e42a9c2a7105

    • SSDEEP

      1536:VZuhD5z28TC2u8OpBPncFPAcTgbSUPH4Lh0tY7:ah0BPncKCgbSKHahoY7

    Score
    10/10
    blacknettrojan

    • BlackNET

      BlackNET is an open source remote access tool written in VB.NET.

      trojanblacknet
    behavioral25

    • Target

      31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b.exe

    • Size

      355KB

    • MD5

      cf1d6b216e37745bf725a0b327f0045e

    • SHA1

      3278b37ac35b877d3d5e9e1aff82d94bce532709

    • SHA256

      31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b

    • SHA512

      70b4f8651efd28af344059d62886f38595a692c642b8ebf0a81a69bfa948c471d73b7b7888d4a91c97e0bbe0d44f819e3ffcdae06dccfa790c77503ec5b7130b

    • SSDEEP

      6144:aR74gEBkjnu0zpAhr5lX8+CcpsUS5YKLFBVERB:a+gEBkjnXAhFlMSpBS5Htm

    Score
    3/10
    behavioral26

    • Target

      320ccae2e9ae546c56193c24cb12cc54f29a872c08856cc143294dd2cf8a170d.exe

    • Size

      2.0MB

    • MD5

      7c75ba2571e91dca0ebb1319aa20da5f

    • SHA1

      ccef5b75906891ca1e3870ee25b04b1217fab8d7

    • SHA256

      320ccae2e9ae546c56193c24cb12cc54f29a872c08856cc143294dd2cf8a170d

    • SHA512

      88231259a4f6ad9502c6ade78d8c6c6f53653b6c122894c1217fe67baf2c880522ffd855c4f5478a0b104f4ef3d00ee39cf209abb749f9ea40026179dab37a4c

    • SSDEEP

      49152:32lHrEP4oHhGa6yGE4jz7WCp4VpO5STuxDNtS9W1Cf:mlLoHhzxGEGX2DWBxD/S9nf

    Score
    10/10
    socks5systemzbotnetdiscovery

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral27

    • Target

      3476006a8f64bfe72a8b04477f6005293b5854cfbc58bee2ea28e59b58f0e316.apk

    • Size

      76.1MB

    • MD5

      d4d73a10d80f4f09d54340088f352554

    • SHA1

      6ca0a0b90cc1e7df7a3a6fcdc419cb1684c5d22b

    • SHA256

      3476006a8f64bfe72a8b04477f6005293b5854cfbc58bee2ea28e59b58f0e316

    • SHA512

      6af85127eeb011213e97e8af7761445394cbbccc04d2dfb6d4c739cad7c9465c9c89c4d37432cb3fa423cfcea809a71a1eab0891b1a82bca92857145656b77ff

    • SSDEEP

      1572864:Lcga40E1c4sL0MmD+PwpJjTVveOwZIjZMxNgN9O7hZw3:ggqEe0rDamwZ6Z+gfQZ4

    Score
    3/10
    behavioral28

    • Target

      3545082c16d0e05faad342c614b27793ab0ec940a174ab5162dce1787ea8472e.elf

    • Size

      36KB

    • MD5

      1df9e4dcca97685f475d975c2a66f464

    • SHA1

      fc0570fdd2168e6648ff2fa68936ac9b86c5f696

    • SHA256

      3545082c16d0e05faad342c614b27793ab0ec940a174ab5162dce1787ea8472e

    • SHA512

      ebda8ab2f0be540cc18021be7d068c72c3250522834a068881a6cc4d201358c3c527593473d7dac70a5e88151a208dab519b23eead1fc8f14e6ae13f1fe2a88d

    • SSDEEP

      768:WJMcRjFvxqt6hqFFT1RxJhhX4TUYTnDajfTtJl7vfi9q3UELrP:gDPh6FT9Jcr/ajfTtJlTXLz

    Score
    3/10
    behavioral29

    • Target

      377c3c3679e44acbc13388ca7ec69f2346b321aa42110fc6ee44a44c54d67105.elf

    • Size

      101KB

    • MD5

      ba8c3d833bf5596f87b29eaf2a2c8147

    • SHA1

      8b402e35103a9d0b88122790849476afa96b58d3

    • SHA256

      377c3c3679e44acbc13388ca7ec69f2346b321aa42110fc6ee44a44c54d67105

    • SHA512

      bbf30bbc1adb96e702921a2d0da940a5c269410d03e6d747dac5bbd61974777d0ba69c3a72114bfd8106d2504520009cea4b58f72cb52a3d222ccca5679b67d8

    • SSDEEP

      3072:SOGAEtZoGZKWl6u4YTnbHgbimmFVcqq0G27ZT:SqEtZ755nbHgbimmFVcqq0G27ZT

    Score
    3/10
    behavioral30

    • Target

      3c40413f9340d25dc7f2c4358583706b1eb19962cb74669bf8276597e871faf5.exe

    • Size

      234KB

    • MD5

      47573a5a6be2c7209517807e507f4e9c

    • SHA1

      b0d0d999c9855c95f6c4e739b8d873ff4b6b940c

    • SHA256

      3c40413f9340d25dc7f2c4358583706b1eb19962cb74669bf8276597e871faf5

    • SHA512

      9bea8f64b374fcfd9dc343379b220bc71aa83090f5798eab229c511bd5ecb52c88c56d38b0f860ed410dc59bb19477216c99c961a87e291be262333fd8c3c99b

    • SSDEEP

      6144:5qLFfq23vFmPFvyYrNFOqTOTWZ/gFOnWyqSwgcnRtabUAl:EN/EPFvPr3OI/gFT/SBJbUk

    Score
    10/10
    vidarstealer

    • Detect Vidar Stealer

      stealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Suspicious use of SetThreadContext

    behavioral31

    • Target

      cbe27936a3beb1902517906f7da1d6d3f6ef8d1a0eda5e033f4da436df7cd88b.iso

    • Size

      100KB

    • MD5

      dd43ff0fd508a41accbe9db19d62f747

    • SHA1

      5026b911b5eddbc67e4650ea129ed38544305c3f

    • SHA256

      cbe27936a3beb1902517906f7da1d6d3f6ef8d1a0eda5e033f4da436df7cd88b

    • SHA512

      47caab805ca46e148f5716c6ba0e6a5d32a0016b47891eaa6f9f9845df30052953d7e4aff73ffa05939b52c7ac73faac6a3310d2fee992c469ca4765297af207

    • SSDEEP

      768:9j0agBtKWAZGc8NnKwiQoAMyCgnnDSR9mfJYAwYu:SQqNnKwbmgnDSefJYAD

    Score
    3/10
    behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

9
T1552

Credentials In Files

7
T1552.001

Credentials in Registry

2
T1552.002

Discovery

System Information Discovery

24
T1082

Query Registry

3
T1012

Process Discovery

1
T1057

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

9
T1005

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

upxbackdoorsoramiraihackedratcheattgpyinstallergafgytmiraixzutilblacknettriadadcratzgratxwormasyncratredlinesectopratsocks5systemziratastealcadwind
Score
10/10

behavioral1

Score
8/10

behavioral2

Score
3/10

behavioral3

upx
Score
7/10

behavioral4

Score
1/10

behavioral5

Score
8/10

behavioral6

Score
7/10

behavioral7

collectionspywarestealer
Score
7/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

discovery
Score
7/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
10/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

collectionspywarestealer
Score
7/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

asyncratnew_n4ratspywarestealer
Score
10/10

behavioral25

blacknettrojan
Score
10/10

behavioral26

Score
3/10

behavioral27

socks5systemzbotnetdiscovery
Score
10/10

behavioral28

Score
3/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

vidarstealer
Score
10/10

behavioral32

Score
3/10