2a50eaed6ccb9b45e9c65db0bfe5af5b013b9685395d53faddbb5bd1d7037784[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

2a50eaed6ccb9b45e9c65db0bfe5af5b013b9685395d53faddbb5bd1d7037784.zip
Size

3.1MB
MD5

1dbd0d434c3d1c635c39685f34e3dab4
SHA1

acb64a1eba8bd72fb1f1adb2415c603effe3010d
SHA256

f0ed129e69047aa620cfbdafd01801e54aa63b1b12accfd1b3cc2ced190b7785
SHA512

8e2a7c04a5c1b6070618af5c014e36899f1256931d3caf8d59947c7c31ebc592ec13dd4b55203dfa992e8c6099a68dedf277d22280f64e6e37a40272515a51b7
SSDEEP

98304:foQWI4Csrw4tlxxbJoIoXIlHcoJWm/kFANQekJ/:AQWI4Csv3/JRqoHIm/dQ5

Score

5^/10

Malware Config

Signatures

Detect suspicious telegram bot 1 IoCs

Detect suspicious telegram bot.

resource	yara_rule
static1/unpack001/2a50eaed6ccb9b45e9c65db0bfe5af5b013b9685395d53faddbb5bd1d7037784	suspicious_telegram_bot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2a50eaed6ccb9b45e9c65db0bfe5af5b013b9685395d53faddbb5bd1d7037784

Files

2a50eaed6ccb9b45e9c65db0bfe5af5b013b9685395d53faddbb5bd1d7037784.zip
.zip

Password: infected
2a50eaed6ccb9b45e9c65db0bfe5af5b013b9685395d53faddbb5bd1d7037784
.exe windows:6 windows x64 arch:x64

68f501d546b7206f5d43b1b6c29230e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

python311

PyType_Ready
PyObject_Str
PyObject_RichCompare
PyObject_RichCompareBool
PyObject_SetAttrString
PyObject_GetAttr
PyObject_SetAttr
PyObject_SelfIter
PyObject_GenericSetAttr
PyObject_IsTrue
PyCallable_Check
PyObject_ClearWeakRefs
_Py_Dealloc
_PyType_Lookup
_PyObject_LookupAttr
PyObject_Realloc
PyObject_Free
PyObject_InitVar
_PyObject_New
_PyObject_GC_Resize
_PyObject_GC_NewVar
PyObject_GC_Del
PyByteArray_FromObject
PyByteArray_FromStringAndSize
PyBytes_FromStringAndSize
PyBytes_FromString
PyUnicode_FromStringAndSize
PyUnicode_FromFormat
PyUnicode_InternInPlace
PyUnicode_FromWideChar
PyUnicode_FromOrdinal
PyUnicode_DecodeUTF8
PyUnicode_Concat
PyUnicode_FindChar
PyUnicode_Format
PyUnicode_New
_PyUnicode_Ready
PyUnicode_AsUnicode
PyLong_FromLongLong
PyLong_FromUnsignedLongLong
_PyLong_New
_PyLong_Copy
PyFloat_FromDouble
PyComplex_FromDoubles
PyTuple_New
PyTuple_Pack
_PyTuple_MaybeUntrack
PyList_New
PyList_SetItem
PyList_Append
PyList_Sort
PyDict_New
PyDict_GetItem
PyDict_DelItem
PyDict_MergeFromSeq2
PyDict_GetItemString
PyDict_SetItemString
_PyDict_MaybeUntrack
PyFrozenSet_New
PySet_Add
_PySet_NextEntry
PyCMethod_New
PyModule_NewObject
PyModule_GetName
PyModule_GetFilenameObject
PyModule_GetDef
_PyFunction_Vectorcall
PyCode_NewWithPosOnlyArgs
PyFrame_GetBack
_PyGen_SetStopIterationValue
_PyGen_FetchStopIterationValue
PyDescr_IsData
PyErr_WarnEx
_PyWeakref_ClearRef
PyErr_ExceptionMatches
PyErr_BadArgument
PyErr_NoMemory
PyOS_snprintf
_PyErr_FormatFromCause
_PyErr_WriteUnraisableMsg
PyArg_ParseTuple
PyArg_ParseTupleAndKeywords
PyArg_UnpackTuple
Py_BuildValue
PyModule_ExecDef
PyModule_FromDefAndSpec2
_PyArg_NoKeywords
PyErr_Print
Py_CompileStringExFlags
PyEval_GetFuncName
PyEval_RestoreThread
_PyEval_EvalFrameDefault
PySys_WriteStderr
PyImport_ExecCodeModule
PyImport_ExecCodeModuleEx
PyImport_GetModuleDict
PyImport_ImportModule
PyImport_ImportFrozenModule
_PyImport_FixupExtensionObject
PyObject_Call
PyObject_CallObject
PyObject_CallFunction
PyObject_CallFunctionObjArgs
PyObject_CallMethodObjArgs
PyObject_DelItem
PyObject_GetIter
PyIter_Next
PyIter_Send
PyNumber_Add
PyNumber_Subtract
PyNumber_FloorDivide
PyNumber_InPlaceAdd
PyNumber_InPlaceMultiply
PyNumber_InPlaceLshift
PyNumber_InPlaceOr
PySequence_List
PyMapping_Size
_PyObject_HasLen
PyObject_LengthHint
PyMarshal_ReadObjectFromString
_PyErr_ChainStackItem
_PyErr_NormalizeException
PyBaseObject_Type
_Py_NotImplementedStruct
PyComplex_Type
PySet_Type
PyFrozenSet_Type
PyCFunction_Type
PyModuleDef_Type
PyFunction_Type
PyMethod_Type
PyCode_Type
PyFrame_Type
PyTraceBack_Type
PySlice_Type
PyEllipsis_Type
PyGen_Type
PyCoro_Type
PyAsyncGen_Type
_PyAsyncGenWrappedValue_Type
Py_GenericAliasType
_PyWeakref_RefType
_PyWeakref_ProxyType
_PyWeakref_CallableProxyType
PyExc_StopAsyncIteration
PyExc_NameError
PyExc_OverflowError
PyExc_RuntimeError
PyExc_UnboundLocalError
PyExc_ImportWarning
_Py_PackageContext
PyMem_Realloc
PyMem_Calloc
PyMem_Malloc
PyImport_FrozenModules
Py_UTF8Mode
Py_NoUserSiteDirectory
Py_DontWriteBytecodeFlag
Py_IgnoreEnvironmentFlag
Py_FrozenFlag
Py_BytesWarningFlag
Py_NoSiteFlag
Py_OptimizeFlag
Py_InspectFlag
Py_InteractiveFlag
Py_VerboseFlag
Py_DebugFlag
_PyConfig_InitCompatConfig
_PyRuntime_Initialize
_PyWarnings_Init
PySys_SetArgv
Py_ExitStatusException
Py_InitializeFromConfig
Py_SetProgramName
PyErr_SetInterrupt
PyConfig_SetArgv
PyConfig_SetString
PyWideStringList_Append
PyStatus_Exception
PyDict_DelItemString
PyList_SetSlice
PyList_Size
PyLong_AsLong
PyUnicode_AsUTF8
PyBool_Type
PyExc_FileNotFoundError
PyDict_Merge
PyExc_BaseException
PyEnum_Type
PySet_New
PyByteArray_Type
PyFloat_Type
PyObject_Repr
PyUnicode_Join
PyNumber_Negative
PyZip_Type
PyExc_KeyError
PyExc_GeneratorExit
PyExc_Exception
PyProperty_Type
PyRange_Type
PyBytes_Type
PyObject_IsInstance
PyObject_GetItem
PyLong_Type
PyObject_SetItem
_Py_EllipsisObject
_PyDict_NewPresized
PyList_Type
PyLong_FromSsize_t
PyExc_ImportError
Py_Exit
PyExc_ValueError
PyExc_IndexError
PyNumber_Long
PyErr_PrintEx
PyModule_GetDict
PyUnicode_Find
PyUnicode_GetLength
PyUnicode_Substring
PyObject_GetAttrString
_PyRuntime
PyExc_TypeError
PyExc_SystemError
PyExc_AttributeError
PyExc_StopIteration
PySeqIter_Type
PyModule_Type
PyDict_Type
PyTuple_Type
PyUnicode_Type
_Py_NoneStruct
PyType_Type
PyObject_IsSubclass
PySequence_Contains
PySequence_Tuple
PySequence_Check
PyNumber_AsSsize_t
PyEval_AcquireThread
PyEval_SaveThread
Py_MakePendingCalls
PyErr_WriteUnraisable
PyErr_Format
PyException_SetContext
PyException_GetContext
Py_GenericAlias
PyDict_SetItem
PyObject_Malloc
_PyObject_FunctionStr
PyType_IsSubtype
_Py_TrueStruct
_Py_FalseStruct
PySys_SetObject
PySys_GetObject
PyStructSequence_New
PyStructSequence_InitType
PyCapsule_New
PyLong_FromLong
PyUnicode_FromString
PyException_SetCause

kernel32

WriteConsoleW
HeapReAlloc
HeapSize
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetProcessHeap
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
MultiByteToWideChar
GetFileType
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetStdHandle
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
RtlPcToFileHeader
RaiseException
EncodePointer
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwindEx
GetEnvironmentVariableA
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
FindResourceA
FormatMessageA
LockResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
GetSystemTimeAsFileTime
GetCurrentProcessId
SetErrorMode
WriteFile
GetShortPathNameW
CreateFileW
SetEnvironmentVariableW
GetEnvironmentVariableW
SetDllDirectoryW
OpenProcess
CreateThread
ExitProcess
Sleep
WaitForSingleObject
GetLastError
CloseHandle
SetStdHandle

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

68f501d546b7206f5d43b1b6c29230e6

Headers

DLL Characteristics

File Characteristics

Imports

python311

kernel32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 121KB - Virtual size: 120KB

.data Size: 30KB - Virtual size: 78KB

.pdata Size: 22KB - Virtual size: 21KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 7.1MB - Virtual size: 7.1MB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 121KB - Virtual size: 120KB

.data
Size: 30KB - Virtual size: 78KB

.pdata
Size: 22KB - Virtual size: 21KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 7.1MB - Virtual size: 7.1MB

.reloc
Size: 4KB - Virtual size: 3KB