Overview

overview

10

Static

static

10

1680kb DMF...er.exe

windows7-x64

7

1680kb DMF...er.exe

windows10-2004-x64

7

AntMem v13...64.vbs

windows7-x64

1

AntMem v13...64.vbs

windows10-2004-x64

1

Atlantis N...is.exe

windows7-x64

8

Atlantis N...is.exe

windows10-2004-x64

7

CSVboard v...rd.exe

windows7-x64

7

CSVboard v...rd.exe

windows10-2004-x64

7

Encopy5/encopy5.exe

windows7-x64

7

Encopy5/encopy5.exe

windows10-2004-x64

7

Eve/eve.exe

windows7-x64

8

Eve/eve.exe

windows10-2004-x64

1

FoldersRep...ep.exe

windows7-x64

9

FoldersRep...ep.exe

windows10-2004-x64

9

FoldersRep...t.html

windows7-x64

1

FoldersRep...t.html

windows10-2004-x64

1

MICROFTP/MicroFTP.exe

windows7-x64

7

MICROFTP/MicroFTP.exe

windows10-2004-x64

7

PDFproduce...er.exe

windows7-x64

7

PDFproduce...er.exe

windows10-2004-x64

7

Password G...pg.exe

windows7-x64

7

Password G...pg.exe

windows10-2004-x64

7

ShackUp/ShackUp.exe

windows7-x64

7

ShackUp/ShackUp.exe

windows10-2004-x64

7

Spread32/Spread32.exe

windows7-x64

7

Spread32/Spread32.exe

windows10-2004-x64

7

TheGun/THEGUN.exe

windows7-x64

1

TheGun/THEGUN.exe

windows10-2004-x64

1

Xcalday Ca...ay.exe

windows7-x64

7

Xcalday Ca...ay.exe

windows10-2004-x64

7

Xpass/xpass.dll

windows7-x64

7

Xpass/xpass.dll

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    858ff0e6cd73fb2fc697e98f99ad5f9bd4de08a2a66f9a8b96267e169ecfc381

  • Size

    1.6MB

  • Sample

    240509-h3zpmsfd8t

  • MD5

    b5697ff5dcbf8f5d91a2afd1ff792b02

  • SHA1

    5b0f7f81d3b0a991d7f199b308c57e92b68d62d8

  • SHA256

    858ff0e6cd73fb2fc697e98f99ad5f9bd4de08a2a66f9a8b96267e169ecfc381

  • SHA512

    3484d05bf40f7f5d2ec9c6ec9a5b637345768783e01b279e3a9613959d9813e6553c3a2c1d12a8e1fadd9c51d1151f9569a6c6b3e2b6b8471afb452c274abd7c

  • SSDEEP

    49152:JCj7Ue8wWizW7hkY7diyw3k2nfHfTYnvEIpHyl9nFkJdkP:kfJrtzFY7diyAkAf/TyvENFkJKP

Score
10/10
aspackv2discoveryupx

Malware Config

Targets

    • Target

      1680kb DMF Floppy Office Xtort Homage 2021 Edition/100k zipper v1.21/100ziper.exe

    • Size

      71KB

    • MD5

      8d1c00ab1df8359522b4661b1bb92376

    • SHA1

      efc7202122b63f9518096a8783584f771ecd850c

    • SHA256

      f1cc2731872ca1593f30e428f935144395b4ff3253c039710c7c12518a702367

    • SHA512

      8ab1475ab7baec0be1cc84e14bb1759ce79832fde61422eaf59cf04e9c17e4af3f4abdfeb0da4d454cf0e1e1a1335e73900d8ce2d07d62a2f7c7733c03ee8c0f

    • SSDEEP

      1536:HES8lMcfQ3jNeQnD+uZXWHh9V74EZnMeWD0havK65nouy8:HWjkjNeQnDFqh9V7VtnWAgLpout

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      AntMem v13- Try to Free 64mb/64.vbs

    • Size

      179B

    • MD5

      74ba7f6fc968e1633c7904339acf3351

    • SHA1

      0437ace276eec653f10ad267a7ef42a2c628ca9f

    • SHA256

      64a54b0adf03b644ad6f4e58a5b61d4def119aca28a463068b358b01f19b00b5

    • SHA512

      ded3eea3d9c2d228cff4c6eb6280990cfe35b7dcc5e369a1a1f6486d9d7289679e886b3a43a8bd4f414d7904e829f1c8bc25da735797c94490848f96ce0bf8c2

    Score
    1/10
    behavioral3behavioral4

    • Target

      Atlantis Nova/Atlantis.exe

    • Size

      421KB

    • MD5

      12f106cd65f9c6af13d14081eaa7e205

    • SHA1

      6eeaba50103a88c666b1d94a6119332968c7b2bd

    • SHA256

      22f7e042f74c9a15b672573ef5f434861486cd5b1ff16ecb1f45858540b0a4ad

    • SHA512

      dab3b379748309845113328911040f58795086f27f2564fc8a4197559a77db05853440da5c0f24cefd5d52bca96158068eb90a2ffa40adda65d687ee68f3ad4f

    • SSDEEP

      12288:mWQ9xExurrTbVi+ATMJfZjGLiHBRXDoToLoS:/QfsA7Vi+8cfNWiHDzo8

    Score
    8/10
    upx

    • Blocklisted process makes network request

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

    • Target

      CSVboard v1.1/CSVboard.exe

    • Size

      71KB

    • MD5

      7e41a080dde71f26ddc6f92f6d1f748c

    • SHA1

      b1048a624aa5806ff65f8b93e3dc9c0af9b5cba4

    • SHA256

      5692c8b706a4a2a669a23a49118a7e496a8eddfa5a1c729f593a6e893f4e390c

    • SHA512

      32cc2237f9e4ce48ede9ca78ade400a509eda1277d0159907db00ab1938aeb2263a4939efd301622f4e3f4409b6cfa922ab1f64462f9fbd94f588fdf0bed9de9

    • SSDEEP

      1536:WrNFwnxAKJIUYVEBw5VAKfZswejcy25DByyk:WrNexJSVEB0fZFejcN5DByyk

    Score
    7/10
    upxdiscovery

    • Modifies file permissions

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral7behavioral8

    • Target

      Encopy5/encopy5.exe

    • Size

      22KB

    • MD5

      8bd2b27108e3e26d639b84fea4eccbd7

    • SHA1

      58a703628be6aa92daff707414dcea56a5ad68cd

    • SHA256

      c4e7f0163f33877a2628884b9d59f99c99d5bf515c095f2c077482eed5060d62

    • SHA512

      a4fb312f3a449ec5bff1678a168625a56a10bf0f2be6cbf965ac2db4937692bd18a4830ee5f0dce636d91cb4221b4293c83a73c4de2c1499c71ce39196b7d88d

    • SSDEEP

      384:V1ns3H5BoV4cER22Mhoq4VlZJiykPT5lo1QlgiStQoTFb6ttnhd:Xns3H5SVrEA7h0bZUykPT5VlnStQohsN

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral10behavioral9

    • Target

      Eve/eve.exe

    • Size

      73KB

    • MD5

      755d1b440f76791ef1d58d7ebb098068

    • SHA1

      27f540010a6fbbdae390dce806499bcb0c096c51

    • SHA256

      0fa0ee9d5c8416b622cc6a09d8dcff69d3f14ed8738a380fad3c27879b804354

    • SHA512

      2ddc9341270f7bce951b2349e2a5168f6f2947c3568f134ad57b935f98090db4a2d318be94650dc8d42965d19232346e01bc19c90445b742c8c659d4e2e561a3

    • SSDEEP

      1536:4Oc9V+aRuSIY2UahOI7DkcS1pUkbahMdALcURn31P46jVlBdt2qP:4Oc9kDSIY2UtI7A91pUkbahMqQUJC6vh

    Score
    8/10

    • Blocklisted process makes network request

    behavioral11behavioral12

    • Target

      FoldersReport/folrep.exe

    • Size

      21KB

    • MD5

      05b461afd51c50854edaa5977d2c43be

    • SHA1

      e23c0cdcf023953463c5c3ab046c2c48d3724e37

    • SHA256

      80219bfb6e65c3305786a659ecbfc025106d3e6bda60edb220f7b23c5361f878

    • SHA512

      cbccd8e6b9160945a88032674d88079dd8c70c3f41e850b848613def59f4b5fef924e8d4c5a69abc0728883acd3453213adf58663475fb6795b746de3c1815b0

    • SSDEEP

      384:rax6pgRKesGvYa+GJhmIVStlfrK6YBxT2JkCBWTGcZP:exnUHbiGtlK6YOJkMcZ

    Score
    9/10
    upx

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral13behavioral14

    • Target

      FoldersReport/report.html

    • Size

      1KB

    • MD5

      6214a6541b0f896bc5607e1d86490d65

    • SHA1

      27f479af93e7888c3ed8616bf0fcafaf89f2dd1e

    • SHA256

      669fb97be31468036ecef9a0c8051bde78a573efbe6063ba7ee52afe2e7c6e98

    • SHA512

      b7f0c27be8726fec7e49c1c28378ec850ca071f0891773ef603c9d6f499dc7ee798209c881a1727edcc899c4c56259c790ed41f8be33b2ed2dea4b63ba35544b

    Score
    1/10
    behavioral15behavioral16

    • Target

      MICROFTP/MicroFTP.exe

    • Size

      96KB

    • MD5

      dd6d2d8064d924f16b3ce31f1dac46f4

    • SHA1

      4d8d657ac201b4e44058a4c8c3d95fdb897524d8

    • SHA256

      5fd136aa803a1a64a0d5c946494c918fd96e1b20fed8306c1f65a1f07514daa9

    • SHA512

      0db12e18d13395d900fdb72b75a7d116dd2b44d27fca74249f71219d9ad3e9a4c96e98e956887054f2d1186dc9840abe81561f6597988ebdf8660d42aab78ba6

    • SSDEEP

      1536:+fHUvXSOu8vXTinMMdGinuzSykCxLXzDi9jKQIcAGienouy8J9dc9np:+f+SOumjiDnkLkCNjX3moutPMp

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral17behavioral18

    • Target

      PDFproducer/PDFproducer.exe

    • Size

      21KB

    • MD5

      15460882a9bf74dba0b30f2d62e67cbf

    • SHA1

      66f6cb8a099417b9ee662c1db20b74094f93107c

    • SHA256

      cda4f7bcf13cea0e211048137794714c8a8c8ebb8c3020fd13ec627e15d288dd

    • SHA512

      77df8d7fd82ceaba28c45240db0e61f6828bdf1a1bb1204b248683eb2a628fbdeef59b0ce986c221894752ac6876786db30524dc0767a8565cb72d949be41948

    • SSDEEP

      384:k4BFohnjpSip2Di8sRoTRz2p2JkNfXgz3w1tIEtJB/Tsy:kkFohn+DkosIkN1XI4HY

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral19behavioral20

    • Target

      Password Generator/pg.EXE

    • Size

      4KB

    • MD5

      a8bc8a0165a6994901c72cdefae6efb6

    • SHA1

      1039317cb4ed8f5d9e8ecb2fa9180174179bfa01

    • SHA256

      1223e14bf0ed02c976f04d05ab271c632b6903a71b20ab541606cba9566e2920

    • SHA512

      6c79177be24b69799eeefb867e7190c2e557e44066dd6b80ad26f7c96c33f2708459fadcf3749e3da6eb2534324dcb45b5599169c84c3496090fbe1e736e932e

    • SSDEEP

      96:nPqUQbhKVmAoLAITcu9O4sdSRjxmDCmASlP:nCXOoRx9OGrmeuP

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral21behavioral22

    • Target

      ShackUp/ShackUp.exe

    • Size

      118KB

    • MD5

      fa6aafe1b7ac72eb50a7b6902b35766e

    • SHA1

      348b0f81793f5b1c1850d1af5df1a41f5bab6847

    • SHA256

      68aad7f473df5d91619e02ccc142e3821865c88d047f3297677aa78b5466697e

    • SHA512

      c49a6ed88f108ce6e147312bf7bdc85c9f97e828f5a9e56956502f4e1ea2f3edf4c70481bc735b87efd06e81b9971c0030e1f7c4eed0873c26f334cf132d26f0

    • SSDEEP

      3072:kYxFFZRrVmx4+gLGiIiHWN9+H1f+9O8wGJWoutR:kY9Xr/g412A8jMoS

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral23behavioral24

    • Target

      Spread32/Spread32.exe

    • Size

      350KB

    • MD5

      3dee99d6d34a7547e4d2e4bee094f548

    • SHA1

      517f3d124b9cd55d481c0a4c246645cb45db6663

    • SHA256

      0eee506db3cc41aea696c8cce401d73d5979a0f924b2fbf6406400f649a74031

    • SHA512

      41425776fd7133eec25161abb14105474b05826bd952f2c2024ca9f8cdb439eeebdc44c76b44b5bab4d8a442a3cb8af3b1af590eb31f15e47da3632a28208ea5

    • SSDEEP

      6144:CUqnyo55oBmmO4NC4NrH6ORWQDJnTS1jpUboolc7Ub7ebTxmhR4PdZEEpoS:CUqnyaoHi4NrHHd9nTJboolt700h+d5T

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral25behavioral26

    • Target

      TheGun/THEGUN.EXE

    • Size

      6KB

    • MD5

      b90afd419a8596a7456053ac27cba0ee

    • SHA1

      6591f7cad4dae6070192c90eec914bd7dce2ca4a

    • SHA256

      3865989fc0f223fe6ed48af528040614b86a069981a957ee4fc6933066baf185

    • SHA512

      92016432c9b8486191045df9b46ab7a30a380df28694ff8e90b59f57f6cc0c9a64971a0f45d5840ddd68c09cd1441749a0ddbca28f0e645f8fe2db7e0c9af64e

    • SSDEEP

      96:l1NYluQFtUxulB4NzC6dDu0fDHl2i5P+wVdikT0B0:l1NYuQTUxUCxr1RB2k+wVdbAB0

    Score
    1/10
    behavioral27behavioral28

    • Target

      Xcalday Calendar/xcalday.exe

    • Size

      62KB

    • MD5

      8faf2a3330ba3f14a44a93d6d0297062

    • SHA1

      a35f432175d19cc728a9ec9f0d2ae86666bbb64d

    • SHA256

      89c9916c803e64de0d74c1f81956a77f6cdefc71a54ec363db1a28b892399c40

    • SHA512

      4be8c45b12ffd161bc6e3f9de4b0b87280f11cd91ed398de19e1b0e72ee35e98c8417b2b367c35df59f9b68eee2251cce5e0a5d18692d05a36a918f97853c906

    • SSDEEP

      1536:Ff+1K4v2CUUH73Yuw8WtoctXJQIDzlwfI2O1gBy7A8HzjnZk3nouy8WW:YKFlUbi8EXZDzl2qgyvTjaXout

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral29behavioral30

    • Target

      Xpass/xpass.dll

    • Size

      3KB

    • MD5

      0529409583411fe3f9afad345f896af9

    • SHA1

      9811cfb81db3169535cd62a943e5fe91bf733cb7

    • SHA256

      3ebfb1d9de5405717265a329dd96bd4f02b5a5364c0ddf3c2a8e1b0c8be3815f

    • SHA512

      fff1ced7a127a339e1e7891998b9d74f91d94b28103ba509fea80b76cfc062a43bb2b16cad58675eb09009b16bfa2b0c267c40ab792380f0933cf72cf0352dd3

    Score
    7/10
    upx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

upxaspackv2
Score
10/10

behavioral1

upx
Score
7/10

behavioral2

upx
Score
7/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

upx
Score
8/10

behavioral6

upx
Score
7/10

behavioral7

upx
Score
7/10

behavioral8

discoveryupx
Score
7/10

behavioral9

upx
Score
7/10

behavioral10

upx
Score
7/10

behavioral11

Score
8/10

behavioral12

Score
1/10

behavioral13

upx
Score
9/10

behavioral14

upx
Score
9/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

upx
Score
7/10

behavioral18

upx
Score
7/10

behavioral19

upx
Score
7/10

behavioral20

upx
Score
7/10

behavioral21

upx
Score
7/10

behavioral22

upx
Score
7/10

behavioral23

upx
Score
7/10

behavioral24

upx
Score
7/10

behavioral25

upx
Score
7/10

behavioral26

upx
Score
7/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

upx
Score
7/10

behavioral30

upx
Score
7/10

behavioral31

upx
Score
7/10

behavioral32

upx
Score
7/10