General
-
Target
0149cd4727e356bb6561322c77c4b46df1e2f7f5fbb40bb24280e29f2745853f
-
Size
36.2MB
-
Sample
240522-n1yx8afa4t
-
MD5
2c76c37791e9ee93a516461d0e72dc14
-
SHA1
1cd2b907549f38adf4e44eb65326847f27ef0995
-
SHA256
0149cd4727e356bb6561322c77c4b46df1e2f7f5fbb40bb24280e29f2745853f
-
SHA512
a6f01eaaeaf5257a525a7bdda6aee5cc8006d9cb30c177407660c8872f0b9c83c860888b4d63f3011adff25f60d6aa1d6433737b68daf3f8ba6f8df56f934f85
-
SSDEEP
786432:ugjlEW8KyrjSJDfZ8ldLNZZlui6ol92fM57hWjlQGX0GiN:sW8Kyr2h8LNZPdl90MHWhJiN
Behavioral task
behavioral1
Sample
NirCmd.chm
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
NirCmd.chm
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
conhost.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
conhost.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
nircmd.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
nircmd.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
nircmdc.exe
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
nircmdc.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
NirCmd.chm
-
Size
45KB
-
MD5
de1d4e1caf466f6fa52f1ee518551c3e
-
SHA1
7a0b0ec66737a3fd9699d99e4e95e770e80231f2
-
SHA256
573aa5b8db5f7b73cd0cb166514a197553e73659e881707c781691cbf2034516
-
SHA512
3d41dbe484b9676ebcdf66a7cf8679b1c303c1e3279336c33414622d95e54e98d63a1e791db3d7cd9fd350087132fabbb7059aedebb6c6b4b6e5b6666456a53c
-
SSDEEP
768:85nDno+QMmhCFg8u5742wPpVoGYGeLjOsRbZosHRIevnw0fmBMV0Qdeo/J+KftbI:85PQhhmfm7424YnOcfxnwsJDAoJ+KftM
Score1/10 -
-
-
Target
conhost.exe
-
Size
32.3MB
-
MD5
777b3347af83a8e468b61ceecf5249de
-
SHA1
52597d44e245e2e708a501ed9ec3b6073c552c71
-
SHA256
c7f9bbdf69563f3b9e18350ab70c06e222691b9ec42ec78363d5959b291f5ca0
-
SHA512
0d447868ab938b5993569f8d275edc710d82726458c7d0fa10ded41f19c17e647b44858e7cd6bee257d12131e98fe00b22b80ccbf91f742cc14c7b31317b93f0
-
SSDEEP
786432:fL6vO1QtIDb2j6+s7LWB75zup/jLb/EF3IL55qW80hCMcSJ:fiaiIP2qHWB75ip/jfcFG5cW7Ce
Score7/10-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
nircmd.exe
-
Size
117KB
-
MD5
4a9da765fd91e80decfd2c9fe221e842
-
SHA1
6f763fbd2b37b2ce76a8e874b05a8075f48d1171
-
SHA256
2e81e048ab419fdc6e5f4336a951bd282ed6b740048dc38d7673678ee3490cda
-
SHA512
4716e598e4b930a0ec89f4d826afaa3dade22cf002111340bc253a618231e88f2f5247f918f993ed15b8ce0e3a97d6838c12b17616913e48334ee9b713c1957a
-
SSDEEP
3072:oG0tOQJC9TPafQy26RAA3hh5Tgr559MJZpOSDUDyjHHKHlLz1Ms/b:2OQJC9uICA11l1MYb
Score1/10 -
-
-
Target
nircmdc.exe
-
Size
115KB
-
MD5
4fb678dde98696cc8c7dd10ef1fada1f
-
SHA1
46fb15c3fb4865d7925c9b1e592cf3db45f8e769
-
SHA256
c3e28c6e201d5c0206d941bed96c1c6219397da9b563771d856da1b6cc390554
-
SHA512
7b1babf328b11747f336e7b2b267fba88c330de699bc5f90983ffd68ed15da76a28f0fb6c138d491325b9bdbf6f80f15f416558654611084d19dfc0a25658975
-
SSDEEP
3072:vGrnFse2GdzzolPYO/mvO/1vwUPG9W+I1vXzWX7YHuHlAizXuVxcJB:urnFeNlRDml/urkB
Score1/10 -