General
-
Target
bjj.zip
-
Size
1.2MB
-
Sample
240517-p2zrkshg91
-
MD5
d4f3aac49d3433b577e108b9073175d4
-
SHA1
914d3cd38d92e1f73d60c649b08ae3ab65447ad7
-
SHA256
93342ba29bb4352232870a25963ee5574fa7d78b29f20776cf8f13dc51432785
-
SHA512
d2e847d9353bb9af80231b16460a6a87187058701b1cbb181e23dc201df58715a8e6f1f35772590ace81be76ea6da0ecdf6f9672beb9a2ba766e7afc2f520daa
-
SSDEEP
24576:40zEarfEA0zj/WHdEJ8VAvEiNcYRxq1dkPK2M5k3egc6Wckj1X:VTrKW6Oueck1CPKR8egZ5kR
Behavioral task
behavioral1
Sample
3. Scan network drives/9.1 Finder.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
3. Scan network drives/9.2 NS.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
3. Scan network drives/9.1 Finder.exe
-
Size
125KB
-
MD5
597de376b1f80c06d501415dd973dcec
-
SHA1
629c9649ced38fd815124221b80c9d9c59a85e74
-
SHA256
f47e3555461472f23ab4766e4d5b6f6fd260e335a6abc31b860e569a720a5446
-
SHA512
072565912208e97cc691e1a102e32fd6c243b5a3f8047a159e97aabbe302bddc36f3c52cecde3b506151bc89e0f3b5acf6552a82d83dac6e0180c873d36d3f6b
-
SSDEEP
1536:Vc4Kvp6PWy/6oU2cpzLWJst+cYsu0TXSkdlgNPldqxFktvVg49jvvck1y40sWjcu:Vc3GJQ56et+cT7SoeNdqbMfN7TId
Score6/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
3. Scan network drives/9.2 NS.exe
-
Size
113KB
-
MD5
869420f42c9448924f935e5c1e2d9949
-
SHA1
f628f11e39d2ce90e49de8774df40a248a6abcff
-
SHA256
3da3b704547f6f4a1497107e78856d434a408306b92ba7c6e270c7c9790aa576
-
SHA512
c272bc1fe3dd8cace08b4c5315dd481820e25fc72d177d9ff450622d1d7f0f2b54afa179cfb6d473ff0c349f672a330f5945bcdddc6b3142c4dbe10e9d1b2bed
-
SSDEEP
1536:dcI+4BLSk6cMj+zlh/MHjibsu0y1P3q0LE4sCjYjUJG+fMgOQMcbFh169dsWjcdl:WIi0NXS2cm/qSE18Y44m5Fh4c3V
Score1/10 -
-
-
Target
-
Size
1.3MB
-
MD5
7c81770eee7776811ccbf01584262ca7
-
SHA1
5632f27158227ec4b6b6910133cebe035dc20bcb
-
SHA256
153a11e6dfe886a1950c874309f33cee72411bce30d283ece10b8f2d5870ca03
-
SHA512
39c515bc26ff320d8bfd07311ac927c5b68bac0b1b29b5f83235502f811b969b45edb6980656ac704b1963f562662f799a5275ca8c2f289d9d508f11a6c30437
-
SSDEEP
24576:/FkxWGzCNdJpSFyI/GRX15UELFv9tJm4BYUeOdeuAo8v2+74Ws3Nm30Y:exqmywGH5UK7AHLUNi3
Score8/10-
Modifies Windows Firewall
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-