General
-
Target
Email-Worms.zip
-
Size
359KB
-
Sample
240514-2t5n3sda67
-
MD5
ecb7a3920cdc7e52744238bf33c3e8a9
-
SHA1
3d72f9f7cc3e657f6a4960bbb2806920826fd290
-
SHA256
b7a407a09f2ecd215de4345bd2165e76607eef9297a8e848215c525d6ee19a80
-
SHA512
8219f5fe1a179ca4b7d9e5f90fd2da257c9d8e2951aac2d9bf8965947e64ff418e5aff2bdbb5fbd5841af4e273436da5026b0cdd9b1eb12aaaf82bb525d98e63
-
SSDEEP
6144:wSYAr8H71nGt6VountL/neIbFX1zo6w++NmK8/t31zPUXnQBh95voTVb/UnfVDvr:wSrQH71nAOoqpGIbFFIjItFD5voVIu2
Behavioral task
behavioral1
Sample
Email-Worms.zip
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Gruel.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
Happy99.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
MeltingScreen.exe
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
MsWorld.exe
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
MyDoom.exe
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
NetSky.exe
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
Parrot.exe
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
Email-Worms.zip
-
Size
359KB
-
MD5
ecb7a3920cdc7e52744238bf33c3e8a9
-
SHA1
3d72f9f7cc3e657f6a4960bbb2806920826fd290
-
SHA256
b7a407a09f2ecd215de4345bd2165e76607eef9297a8e848215c525d6ee19a80
-
SHA512
8219f5fe1a179ca4b7d9e5f90fd2da257c9d8e2951aac2d9bf8965947e64ff418e5aff2bdbb5fbd5841af4e273436da5026b0cdd9b1eb12aaaf82bb525d98e63
-
SSDEEP
6144:wSYAr8H71nGt6VountL/neIbFX1zo6w++NmK8/t31zPUXnQBh95voTVb/UnfVDvr:wSrQH71nAOoqpGIbFFIjItFD5voVIu2
Score1/10 -
-
-
Target
Gruel.exe
-
Size
100KB
-
MD5
b0feccddd78039aed7f1d68dae4d73d3
-
SHA1
8fcffb3ae7af33b9b83af4c5acbb044f888eeabf
-
SHA256
5714efd4746f7796bbc52a272f8e354f67edfb50129d5fdaa1396e920956d0d6
-
SHA512
b02b9476eeb9c43fcfef56949f867c1c88f152d65f3961a2838b8bff02df2383945aefb9a8c517ac78d79b5a9163c7677f5b6238f4624b1966994c9c09eb428d
-
SSDEEP
1536:ThBfyxwMz14BSSQGRwmkwmGDAzGC6TaPAlbv/g:1BKxwMz14wSQGGUDAATaPAlbv/g
Score7/10-
Modifies system executable filetype association
-
Adds Run key to start application
-
-
-
Target
Happy99.exe
-
Size
9KB
-
MD5
02dd0eaa9649a11e55fa5467fa4b8ef8
-
SHA1
a4a945192cb730634168f79b6e4cd298dbe3d168
-
SHA256
4ebe3e1af5e147c580ecce052fe7d7d0219d5e5a2f5e6d8a7f7291735923db18
-
SHA512
3bf69de674737ca15d6ff7ce73396194f3631dc4b8d32cc570adeeacdc210acee50fd64c97172ce7cc77f166c681d2ccd55955b3aca9188813b7ff6f49280441
-
SSDEEP
192:nR81cIkA5Dbaj/CaFx40Z9HnLH8bzTbjt5BNUFO:RycyhqN4u9HnLH8bnbjtpl
Score5/10-
Drops file in System32 directory
-
-
-
Target
MeltingScreen.exe
-
Size
17KB
-
MD5
4784e42c3b15d1a141a5e0c8abc1205c
-
SHA1
48c958deba25a4763ef244ac87e87983c6534179
-
SHA256
9d355e4f9a51536b05269f696b304859155985957ba95eb575f3f38c599d913c
-
SHA512
d63d20a38602d4d228367b6596454a0f5b2884c831e3a95237d23b882abd624de59ea47835636b06a96e216f1decf8c468caacd45e5d3b16a5eb9e87bc69eb97
-
SSDEEP
384:eHsipOITNe52uuCiuhwYW5t/QS5uoIjkg:PivNZuhi+wYW5toBoB
Score1/10 -
-
-
Target
MsWorld.exe
-
Size
128KB
-
MD5
7bd8a009b84b35868613332fe14267ab
-
SHA1
d36d4753aab27c6c5e253b9926406f7f97dc69a6
-
SHA256
56511f0b28f28c23b5a1a3c7d524ee25a4c6df9ac2b53797c95199534f86bbd2
-
SHA512
ad8e121f601f6698d720181d486da828781f729ca7880fb35c6fc70f021197e4a508dc46d980108a168ef2c6c89a62f3140e676ff71a1e40ea3e397ad0c63261
-
SSDEEP
3072:6wzn3BP7bo4a8uqwE6WPSUQvdIeaiQFc/sz4Px8vy+sL:R3BPP9G4Qvd/aKk4p8q+s
Score1/10 -
-
-
Target
MyDoom.exe
-
Size
22KB
-
MD5
53df39092394741514bc050f3d6a06a9
-
SHA1
f91a4d7ac276b8e8b7ae41c22587c89a39ddcea5
-
SHA256
fff0ccf5feaf5d46b295f770ad398b6d572909b00e2b8bcd1b1c286c70cd9151
-
SHA512
9792017109cf6ffc783e67be2a4361aa2c0792a359718434fec53e83feed6a9a2f0f331e9951f798e7fb89421fdc1ac0e083527c3d3b6dd71b7fdd90836023a0
-
SSDEEP
384:96ZQHXcE7hUHwT56cC9Kg65JdwGADkHw/Rjxtuu7VIGGwQWEqpD6:CavuHAUcW/ojwG6kHw/lxqbW
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
NetSky.exe
-
Size
17KB
-
MD5
6f49434d7e4532520372a4721a7a9aec
-
SHA1
979e0112b24c1f490653e47e4a340b37f72d17cd
-
SHA256
15e48ef767e1b2d696d2f6beec08e12e6e6d8909c070347d2d10abe75c120495
-
SHA512
9c86461d65fa52dc0e2ab15f3b95b75fe572f7e46b20ada7fcae57b9fd5355bee6e31b47183d5465e97bc72a065fa96dc8330667fbd3e69b13ed561600e6672c
-
SSDEEP
384:7/q2Nfs60PUnfTSILFm4UY2t9L+a30Bpk+3NyqSTqOvSKz:XNNXnmwygkmNHSY
Score7/10-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
Parrot.exe
-
Size
51KB
-
MD5
73d35451dbfbba5ac051d36f095a629f
-
SHA1
0a1c087e6f91506f96e284b89d99a283d650de07
-
SHA256
af983d2bf8f90fe563159983521b110e8560a409391254cb8ba7662df88fa3c3
-
SHA512
9d74bb098aafa7cf3a9dee0f9a0638015d4be8ea26631082db810560748d2da85607d3bc67c9d75cfa2642e93dca3e0b0c6d214b38176a3b6ac2ba44cbe27836
-
SSDEEP
768:oN2SaAr2oCgNHt9WoxayWIHZuvxulndbdb+UWEkrRNK+rR8NeJf9XR6idH6A3s:oASnrpNHt9bUYoWdbdb+VEkr+WXdHvc
Score6/10-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
1Change Default File Association
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Privilege Escalation
Event Triggered Execution
1Change Default File Association
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3