General

  • Target

    Prometheus.zip

  • Size

    37.1MB

  • MD5

    e98a7c8f71375842ddd8d8283453f3c1

  • SHA1

    803809b3aa1d4ecb95ab5e16f54d4c3b615e72c6

  • SHA256

    12692e75d80aff89b7500a560e0dc6578d4d748a81f6bed15e0bda2810dae03a

  • SHA512

    e3277f11ba22a5d4db905250def7ab82042db6d80262490ae0ef53188d4dfc006f893f40272059aaa0d65308d5b156787019dda354a0eb1cb1af8c5e988aa48a

  • SSDEEP

    786432:UFtE6W5tkO4DWedECvv5z29TQdfm35W11icyZlziEOe:xcdOCvbfb1Icfne

Score
8/10

Malware Config

Signatures

  • Patched UPX-packed file 1 IoCs

    Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Detects Pyinstaller 1 IoCs
  • Unsigned PE 29 IoCs

    Checks for missing Authenticode signature.

Files

  • Prometheus.zip
    .zip
  • Builder.bat
  • Components/BlankOBF.py
  • Components/cert
  • Components/config.json
  • Components/loader.py
  • Components/postprocess.py
  • Components/process.py
  • Components/rar.exe
    .exe windows:5 windows x64 arch:x64

    9a33888e10929c185d02249d2b55c15a


    Code Sign

    Headers

    Imports

    Sections

  • Components/rarreg.key
  • Components/requirements.txt
  • Components/run.bat
    .bat .vbs
  • Components/sigthief.py
  • Components/stub.py
  • Components/upx.exe
    .exe windows:4 windows x64 arch:x64


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x64 arch:x64


    Headers

    Sections

  • Components/version.txt
  • Extras/hash
  • Extras/icon.ico
  • Extras/unblock_sites.py
  • READme.txt
  • config.json
  • env/Scripts/dist/7zxa.dll
    .dll windows:4 windows x64 arch:x64

    e84ea73d0d9b417a1bc1810c7b836d4f


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • env/Scripts/dist/Default.SFX
    .exe windows:5 windows x86 arch:x86

    75e9596d74d063246ba6f3ac7c5369a0


    Headers

    Imports

    Sections

  • env/Scripts/dist/Default64.SFX
    .exe windows:5 windows x64 arch:x64

    bc758c921c6e0fda5a933c5b8a3c02e9


    Headers

    Imports

    Sections

  • env/Scripts/dist/DefaultEn.SFX
    .exe windows:5 windows x86 arch:x86

    75e9596d74d063246ba6f3ac7c5369a0


    Headers

    Imports

    Sections

  • env/Scripts/dist/DefaultEn64.SFX
    .exe windows:5 windows x64 arch:x64

    bc758c921c6e0fda5a933c5b8a3c02e9


    Headers

    Imports

    Sections

  • env/Scripts/dist/Descript.ion
  • env/Scripts/dist/Order.htm
    .html .js polyglot
  • env/Scripts/dist/Rar.exe
    .exe windows:5 windows x64 arch:x64

    46d4a991088e70acda923a7cd0f9aa4c


    Code Sign

    Headers

    Imports

    Sections

  • env/Scripts/dist/Rar.txt
  • env/Scripts/dist/RarExt.dll
    .dll windows:6 windows x64 arch:x64

    8f6f025c725ec2aa8498b3040d0a763c


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • env/Scripts/dist/RarExt32.dll
    .dll windows:6 windows x86 arch:x86

    ea92b4bb5d9deec4628d0f78b0881df5


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • env/Scripts/dist/RarExtInstaller.exe
    .exe windows:6 windows x64 arch:x64

    ff42caab74dab09e137a91d5dd30bdd2


    Code Sign

    Headers

    Imports

    Sections

  • env/Scripts/dist/RarExtLogo.altform-unplated_targetsize-32.png
    .png
  • env/Scripts/dist/RarExtLogo.altform-unplated_targetsize-48.png
    .png
  • env/Scripts/dist/RarExtLogo.altform-unplated_targetsize-64.png
    .png
  • env/Scripts/dist/RarExtPackage.msix
    .appx
  • env/Scripts/dist/RarFiles.lst
  • env/Scripts/dist/RarLng.dll
    .dll windows:5 windows x86 arch:x86


    Headers

    Sections

  • env/Scripts/dist/Resources.pri
  • env/Scripts/dist/UnRAR.exe
    .exe windows:5 windows x64 arch:x64

    9a3fd0d5c7ee877d3223332fb22a7cf5


    Code Sign

    Headers

    Imports

    Sections

  • env/Scripts/dist/Uninstall.exe
    .exe windows:6 windows x64 arch:x64

    6aed8a1d48749f3ad36c3c72bcf9aeb1


    Code Sign

    Headers

    Imports

    Sections

  • env/Scripts/dist/Uninstall.lst
  • env/Scripts/dist/WhatsNew.txt
  • env/Scripts/dist/WinCon.SFX
    .exe windows:5 windows x86 arch:x86

    1fac7e3e60191744918b1f8b259159d9


    Headers

    Imports

    Sections

  • env/Scripts/dist/WinCon64.SFX
    .exe windows:5 windows x64 arch:x64

    c6213d935a1ac1e6807c3dd6de896c77


    Headers

    Imports

    Sections

  • env/Scripts/dist/WinConEn.SFX
    .exe windows:5 windows x86 arch:x86

    1fac7e3e60191744918b1f8b259159d9


    Headers

    Imports

    Sections

  • env/Scripts/dist/WinConEn64.SFX
    .exe windows:5 windows x64 arch:x64

    c6213d935a1ac1e6807c3dd6de896c77


    Headers

    Imports

    Sections

  • env/Scripts/dist/WinRAR.exe
    .exe windows:6 windows x64 arch:x64

    3d1825a380415a76bb0ddaab646e1790


    Code Sign

    Headers

    Imports

    Sections

  • env/Scripts/dist/WinRAR/7zxa.dll
    .dll windows:4 windows x64 arch:x64

    e84ea73d0d9b417a1bc1810c7b836d4f


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • env/Scripts/dist/WinRAR/Default.SFX
    .exe windows:5 windows x86 arch:x86

    75e9596d74d063246ba6f3ac7c5369a0


    Headers

    Imports

    Sections

  • env/Scripts/dist/WinRAR/Default64.SFX
    .exe windows:5 windows x64 arch:x64

    bc758c921c6e0fda5a933c5b8a3c02e9


    Headers

    Imports

    Sections

  • env/Scripts/dist/WinRAR/DefaultEn.SFX
    .exe windows:5 windows x86 arch:x86

    75e9596d74d063246ba6f3ac7c5369a0


    Headers

    Imports

    Sections

  • env/Scripts/dist/WinRAR/DefaultEn64.SFX
    .exe windows:5 windows x64 arch:x64

    bc758c921c6e0fda5a933c5b8a3c02e9


    Headers

    Imports

    Sections

  • env/Scripts/dist/WinRAR/Descript.ion
  • env/Scripts/dist/WinRAR/Order.htm
    .html .js polyglot
  • env/Scripts/dist/WinRAR/Rar.exe
    .exe windows:5 windows x64 arch:x64

    46d4a991088e70acda923a7cd0f9aa4c


    Code Sign

    Headers

    Imports

    Sections

  • env/Scripts/dist/WinRAR/Rar.txt
  • env/Scripts/dist/WinRAR/RarExt.dll
    .dll windows:6 windows x64 arch:x64

    8f6f025c725ec2aa8498b3040d0a763c


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • env/Scripts/dist/WinRAR/RarExt32.dll
    .dll windows:6 windows x86 arch:x86

    ea92b4bb5d9deec4628d0f78b0881df5


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • env/Scripts/dist/WinRAR/RarExtInstaller.exe
    .exe windows:6 windows x64 arch:x64

    ff42caab74dab09e137a91d5dd30bdd2


    Code Sign

    Headers

    Imports

    Sections

  • env/Scripts/dist/WinRAR/RarExtLogo.altform-unplated_targetsize-32.png
    .png
  • env/Scripts/dist/WinRAR/RarExtLogo.altform-unplated_targetsize-48.png
    .png
  • env/Scripts/dist/WinRAR/RarExtLogo.altform-unplated_targetsize-64.png
    .png
  • env/Scripts/dist/WinRAR/RarExtPackage.msix
    .appx
  • env/Scripts/dist/WinRAR/RarFiles.lst
  • env/Scripts/dist/WinRAR/RarLng.dll
    .dll windows:5 windows x86 arch:x86


    Headers

    Sections

  • env/Scripts/dist/WinRAR/Resources.pri
  • env/Scripts/dist/WinRAR/UnRAR.exe
    .exe windows:5 windows x64 arch:x64

    9a3fd0d5c7ee877d3223332fb22a7cf5


    Code Sign

    Headers

    Imports

    Sections

  • env/Scripts/dist/WinRAR/Uninstall.exe
    .exe windows:6 windows x64 arch:x64

    6aed8a1d48749f3ad36c3c72bcf9aeb1


    Code Sign

    Headers

    Imports

    Sections

  • env/Scripts/dist/WinRAR/Uninstall.lst
  • env/Scripts/dist/WinRAR/WhatsNew.txt
  • env/Scripts/dist/WinRAR/WinCon.SFX
    .exe windows:5 windows x86 arch:x86

    1fac7e3e60191744918b1f8b259159d9


    Headers

    Imports

    Sections

  • env/Scripts/dist/WinRAR/WinCon64.SFX
    .exe windows:5 windows x64 arch:x64

    c6213d935a1ac1e6807c3dd6de896c77


    Headers

    Imports

    Sections

  • env/Scripts/dist/WinRAR/WinConEn.SFX
    .exe windows:5 windows x86 arch:x86

    1fac7e3e60191744918b1f8b259159d9


    Headers

    Imports

    Sections

  • env/Scripts/dist/WinRAR/WinConEn64.SFX
    .exe windows:5 windows x64 arch:x64

    c6213d935a1ac1e6807c3dd6de896c77


    Headers

    Imports

    Sections

  • env/Scripts/dist/WinRAR/WinRAR.exe
    .exe windows:6 windows x64 arch:x64

    3d1825a380415a76bb0ddaab646e1790


    Code Sign

    Headers

    Imports

    Sections

  • env/Scripts/dist/WinRAR/Zip.SFX
    .exe windows:5 windows x86 arch:x86

    319b1edcc4538be377f43066c635ffef


    Headers

    Imports

    Sections

  • env/Scripts/dist/WinRAR/Zip64.SFX
    .exe windows:5 windows x64 arch:x64

    f557cb5e3abb3bc5ede97f2a0da19e34


    Headers

    Imports

    Sections

  • env/Scripts/dist/WinRAR/ZipEn.SFX
    .exe windows:5 windows x86 arch:x86

    319b1edcc4538be377f43066c635ffef


    Headers

    Imports

    Sections

  • env/Scripts/dist/WinRAR/ZipEn64.SFX
    .exe windows:5 windows x64 arch:x64

    f557cb5e3abb3bc5ede97f2a0da19e34


    Headers

    Imports

    Sections

  • env/Scripts/dist/WinRAR/rarnew.dat
    .rar
  • env/Scripts/dist/WinRAR/rarreg.key
  • env/Scripts/dist/WinRAR/zipnew.dat
  • env/Scripts/dist/Zip.SFX
    .exe windows:5 windows x86 arch:x86

    319b1edcc4538be377f43066c635ffef


    Headers

    Imports

    Sections

  • env/Scripts/dist/Zip64.SFX
    .exe windows:5 windows x64 arch:x64

    f557cb5e3abb3bc5ede97f2a0da19e34


    Headers

    Imports

    Sections

  • env/Scripts/dist/ZipEn.SFX
    .exe windows:5 windows x86 arch:x86

    319b1edcc4538be377f43066c635ffef


    Headers

    Imports

    Sections

  • env/Scripts/dist/ZipEn64.SFX
    .exe windows:5 windows x64 arch:x64

    f557cb5e3abb3bc5ede97f2a0da19e34


    Headers

    Imports

    Sections

  • env/Scripts/dist/hacn.exe
    .exe windows:5 windows x64 arch:x64

    1af6c885af093afc55142c2f1761dbe8


    Headers

    Imports

    Sections

  • main.pyc
  • env/Scripts/dist/icon.ico
  • env/Scripts/dist/main.py
  • env/Scripts/dist/main.spec
  • env/Scripts/dist/rarnew.dat
    .rar
  • env/Scripts/dist/rarreg.key
  • env/Scripts/dist/setup.sfx
  • env/Scripts/dist/xfs.conf
  • env/Scripts/dist/zipnew.dat
  • gui.py