challenge-files[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

challenge-files.zip
Size

4.8MB
MD5

4edf33b3a4dd1c1c005aefeaa29c7f1d
SHA1

e4d4bb8c8dcf357b068019660fdc72e65f577857
SHA256

d312c079c51f2bf011902df86e1ca4cac84eb7c74ff104fa48a505caa88ef2fe
SHA512

b647d071e71ece4a4d5d4601f28cbcab9f12a85014f1d06cc80ed65f35c7d3f81fc0b27cfd0855b456194f50e7f5dd2ce9588077735c2ec7f43f4a1e38ee2803
SSDEEP

98304:DfFixex8es3YZIbSNMDHMDhODrxaQe8vNzLB/RensEGdCW/1BTK4EBzaQyLzZ:sAx8eOHawsDhk0QlvNLB/0nsEGdCWNIu

Score

8^/10

macro

Malware Config

Signatures

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

Processes:

resource
static1/unpack001/challenge-files/challenge-files/docs 06.02.2021.doc

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/challenge-files/challenge-files/Tetoomdu64.dll
unpack001/challenge-files/challenge-files/collectionBoxConst.jpg

Files

challenge-files.zip
.zip

Password: infected
challenge-files/challenge-files/2021-06-02-fake-gzip-file-from-supplementik.top.bin
.gz
Stairs.txt
challenge-files/challenge-files/2021-06-02-scheduled-task.txt
challenge-files/challenge-files/Tetoomdu64.dll
.dll regsvr32 windows:6 windows x64 arch:x64

05afaa6bfc5d201c946211bd35577320

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

I:\lWRGd\4rAxQ5cPUjEh\KDOrsr07e\jU96LIt6t\Q3UZ\sX4zQTiN6PiL\UjMr21Ab2T\qFcb\Ope9Oj.pdb

Imports

kernel32

InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
WideCharToMultiByte
GetLastError
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetProcAddress
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
GetCurrentProcess
TerminateProcess
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
CloseHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
SetStdHandle
HeapSize
CreateFileW
WriteConsoleW
RtlUnwind

Exports

Exports

AlCnwRWzUJCPExmTI
AxWrQVKHQBqjk
AxufQtqPUFaPkRGDox
DllRegisterServer
FaLEdGvslWjAxObwtO
HIhSLQJqbQ
JmzAhKzURqnINerUhy
JyTsdqjsxa
LENGfMpevkxWfkNq
LQhWjINCDARqvUde
PAxaLcBqXAxKTsdyPg
PIdCPQxqjQ
QxOPwBCrchqPc
SHUleDspmjYlePQBe
VqDkxSjcxCzEZqXQZS
WzwdufIROrMFKbIRyD
YxGfgNWjINyPotyfEh
ZOjkZifAZqrAVevUZe
dCrcpyHc
fUJCPYVmbI
gFyfEVSzoRePIVe
gVyLshCTwdOPYJaXkJ
iLQRKTgRuHwRC
kByrwxOPYtSrgNWTEl
kxubsZaDQFajAJefcB
luvsVGXM
qTodynEtqbYVW
rAJCzwduHQVyHIdWPs
rIhCDMNqvMZmzYFSLE
update
vwRKLEFqnERmLIhWvk
xWvwZubYxeDcxmrAFi

Sections

.text
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
challenge-files/challenge-files/collectionBoxConst.hta
.js
challenge-files/challenge-files/collectionBoxConst.jpg
.dll regsvr32 windows:6 windows x64 arch:x64

2fa12bc5d8b96628e299895086c0fee4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\e1yX0dyj8R\ExQdmZ0f\ehqvYRUVw\PoX\jstEfi.pdb

Imports

kernel32

WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
GetStdHandle
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
CloseHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
CreateFileW
WriteConsoleW
RtlUnwind

Exports

Exports

AhSrMNKLYVePUVK
AherIVWTYtifYdGHYV
AxOLYpKjIpmDIVivkd
BqPkhGrsROzAVq
CXAFOjAVufAhaPgVCD
DglizYVyrEVGfQ
DllRegisterServer
GLItKvYhODo
KfwFWnEtm
MRSHkJWPkNW
MZiDohSLY
NSPMlGfodeHIJOvwZe
PluginInit
ROjcxubkRSzARaHMFy
UheTsRafsJmjYhCroJ
UxKfYZiDUxiDUVyLkR
bMtCTYRuPEdeHoJi
cByfMNeLE
cdanYpCXUpmnsBuLYV
fcFWTMBqHwxeboByrg
fgRCDYxObsZynoJijQ
gJKHQBCvg
gJufkBCXEFCnstSLoB
iDApOXgBOXgVu
iPkpGXwFq
kxKvwNqrMJqbshCPsh
oluzgFaXAlSrwBCzI
qnkZuzMxmzEJGXo
vsJCXYJePIZO
whKHIRyLg
xGXQNijQ
yvAdGDQpivgxijAhCL

Sections

.text
Size: 418KB - Virtual size: 417KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
challenge-files/challenge-files/docs 06.02.2021.doc
.docm .doc office2007

ThisDocument

leftSize

arrayBBorder
challenge-files/challenge-files/infection-traffic.pcap
challenge-files/challenge-files/license.dat

Sharing

General

Malware Config

Signatures

Files

Password: infected

05afaa6bfc5d201c946211bd35577320

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 263KB - Virtual size: 263KB

.rdata Size: 106KB - Virtual size: 105KB

.data Size: 11KB - Virtual size: 16KB

.pdata Size: 11KB - Virtual size: 11KB

.reloc Size: 3KB - Virtual size: 3KB

2fa12bc5d8b96628e299895086c0fee4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 418KB - Virtual size: 417KB

.rdata Size: 100KB - Virtual size: 100KB

.data Size: 4KB - Virtual size: 10KB

.pdata Size: 11KB - Virtual size: 10KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 2KB - Virtual size: 2KB

ThisDocument

leftSize

arrayBBorder

.text
Size: 263KB - Virtual size: 263KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 11KB - Virtual size: 16KB

.pdata
Size: 11KB - Virtual size: 11KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 418KB - Virtual size: 417KB

.rdata
Size: 100KB - Virtual size: 100KB

.data
Size: 4KB - Virtual size: 10KB

.pdata
Size: 11KB - Virtual size: 10KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 2KB - Virtual size: 2KB