b7a407a09f2ecd215de4345bd2165e76607eef9297a8e848215c525d6ee19a80

General

Target

Email-Worms.zip
Size

359KB
Sample

240514-2t5n3sda67
MD5

ecb7a3920cdc7e52744238bf33c3e8a9
SHA1

3d72f9f7cc3e657f6a4960bbb2806920826fd290
SHA256

b7a407a09f2ecd215de4345bd2165e76607eef9297a8e848215c525d6ee19a80
SHA512

8219f5fe1a179ca4b7d9e5f90fd2da257c9d8e2951aac2d9bf8965947e64ff418e5aff2bdbb5fbd5841af4e273436da5026b0cdd9b1eb12aaaf82bb525d98e63
SSDEEP

6144:wSYAr8H71nGt6VountL/neIbFX1zo6w++NmK8/t31zPUXnQBh95voTVb/UnfVDvr:wSrQH71nAOoqpGIbFFIjItFD5voVIu2

Score

7^/10

Malware Config

Targets

- Target
  
  Email-Worms.zip
- Size
  
  359KB
- MD5
  
  ecb7a3920cdc7e52744238bf33c3e8a9
- SHA1
  
  3d72f9f7cc3e657f6a4960bbb2806920826fd290
- SHA256
  
  b7a407a09f2ecd215de4345bd2165e76607eef9297a8e848215c525d6ee19a80
- SHA512
  
  8219f5fe1a179ca4b7d9e5f90fd2da257c9d8e2951aac2d9bf8965947e64ff418e5aff2bdbb5fbd5841af4e273436da5026b0cdd9b1eb12aaaf82bb525d98e63
- SSDEEP
  
  6144:wSYAr8H71nGt6VountL/neIbFX1zo6w++NmK8/t31zPUXnQBh95voTVb/UnfVDvr:wSrQH71nAOoqpGIbFFIjItFD5voVIu2
Score

1^/10
behavioral1
- Target
  
  Gruel.exe
- Size
  
  100KB
- MD5
  
  b0feccddd78039aed7f1d68dae4d73d3
- SHA1
  
  8fcffb3ae7af33b9b83af4c5acbb044f888eeabf
- SHA256
  
  5714efd4746f7796bbc52a272f8e354f67edfb50129d5fdaa1396e920956d0d6
- SHA512
  
  b02b9476eeb9c43fcfef56949f867c1c88f152d65f3961a2838b8bff02df2383945aefb9a8c517ac78d79b5a9163c7677f5b6238f4624b1966994c9c09eb428d
- SSDEEP
  
  1536:ThBfyxwMz14BSSQGRwmkwmGDAzGC6TaPAlbv/g:1BKxwMz14wSQGGUDAATaPAlbv/g
Score

7^/10

persistence
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
behavioral2
- Target
  
  Happy99.exe
- Size
  
  9KB
- MD5
  
  02dd0eaa9649a11e55fa5467fa4b8ef8
- SHA1
  
  a4a945192cb730634168f79b6e4cd298dbe3d168
- SHA256
  
  4ebe3e1af5e147c580ecce052fe7d7d0219d5e5a2f5e6d8a7f7291735923db18
- SHA512
  
  3bf69de674737ca15d6ff7ce73396194f3631dc4b8d32cc570adeeacdc210acee50fd64c97172ce7cc77f166c681d2ccd55955b3aca9188813b7ff6f49280441
- SSDEEP
  
  192:nR81cIkA5Dbaj/CaFx40Z9HnLH8bzTbjt5BNUFO:RycyhqN4u9HnLH8bnbjtpl
Score

5^/10
- Drops file in System32 directory
behavioral3
- Target
  
  MeltingScreen.exe
- Size
  
  17KB
- MD5
  
  4784e42c3b15d1a141a5e0c8abc1205c
- SHA1
  
  48c958deba25a4763ef244ac87e87983c6534179
- SHA256
  
  9d355e4f9a51536b05269f696b304859155985957ba95eb575f3f38c599d913c
- SHA512
  
  d63d20a38602d4d228367b6596454a0f5b2884c831e3a95237d23b882abd624de59ea47835636b06a96e216f1decf8c468caacd45e5d3b16a5eb9e87bc69eb97
- SSDEEP
  
  384:eHsipOITNe52uuCiuhwYW5t/QS5uoIjkg:PivNZuhi+wYW5toBoB
Score

1^/10
behavioral4
- Target
  
  MsWorld.exe
- Size
  
  128KB
- MD5
  
  7bd8a009b84b35868613332fe14267ab
- SHA1
  
  d36d4753aab27c6c5e253b9926406f7f97dc69a6
- SHA256
  
  56511f0b28f28c23b5a1a3c7d524ee25a4c6df9ac2b53797c95199534f86bbd2
- SHA512
  
  ad8e121f601f6698d720181d486da828781f729ca7880fb35c6fc70f021197e4a508dc46d980108a168ef2c6c89a62f3140e676ff71a1e40ea3e397ad0c63261
- SSDEEP
  
  3072:6wzn3BP7bo4a8uqwE6WPSUQvdIeaiQFc/sz4Px8vy+sL:R3BPP9G4Qvd/aKk4p8q+s
Score

1^/10
behavioral5
- Target
  
  MyDoom.exe
- Size
  
  22KB
- MD5
  
  53df39092394741514bc050f3d6a06a9
- SHA1
  
  f91a4d7ac276b8e8b7ae41c22587c89a39ddcea5
- SHA256
  
  fff0ccf5feaf5d46b295f770ad398b6d572909b00e2b8bcd1b1c286c70cd9151
- SHA512
  
  9792017109cf6ffc783e67be2a4361aa2c0792a359718434fec53e83feed6a9a2f0f331e9951f798e7fb89421fdc1ac0e083527c3d3b6dd71b7fdd90836023a0
- SSDEEP
  
  384:96ZQHXcE7hUHwT56cC9Kg65JdwGADkHw/Rjxtuu7VIGGwQWEqpD6:CavuHAUcW/ojwG6kHw/lxqbW
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral6
- Target
  
  NetSky.exe
- Size
  
  17KB
- MD5
  
  6f49434d7e4532520372a4721a7a9aec
- SHA1
  
  979e0112b24c1f490653e47e4a340b37f72d17cd
- SHA256
  
  15e48ef767e1b2d696d2f6beec08e12e6e6d8909c070347d2d10abe75c120495
- SHA512
  
  9c86461d65fa52dc0e2ab15f3b95b75fe572f7e46b20ada7fcae57b9fd5355bee6e31b47183d5465e97bc72a065fa96dc8330667fbd3e69b13ed561600e6672c
- SSDEEP
  
  384:7/q2Nfs60PUnfTSILFm4UY2t9L+a30Bpk+3NyqSTqOvSKz:XNNXnmwygkmNHSY
Score

7^/10

persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral7
- Target
  
  Parrot.exe
- Size
  
  51KB
- MD5
  
  73d35451dbfbba5ac051d36f095a629f
- SHA1
  
  0a1c087e6f91506f96e284b89d99a283d650de07
- SHA256
  
  af983d2bf8f90fe563159983521b110e8560a409391254cb8ba7662df88fa3c3
- SHA512
  
  9d74bb098aafa7cf3a9dee0f9a0638015d4be8ea26631082db810560748d2da85607d3bc67c9d75cfa2642e93dca3e0b0c6d214b38176a3b6ac2ba44cbe27836
- SSDEEP
  
  768:oN2SaAr2oCgNHt9WoxayWIHZuvxulndbdb+UWEkrRNK+rR8NeJf9XR6idH6A3s:oASnrpNHt9bUYoWdbdb+VEkr+WXdHvc
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral8