Resubmissions
05-09-2023 01:34
230905-by5lrsch46 10General
-
Target
2023-09-04.zip
-
Size
299.5MB
-
Sample
240524-bxrnhsgd3z
-
MD5
eea227737face033b823122d906dabed
-
SHA1
a35c1ae86ff0aa50fb2b1e941c9b35f711c354bd
-
SHA256
5695a75d96e56497ab5f7175d5c1da59a4565df668cb89db774eefbb5bfb6cf5
-
SHA512
99d7bf96ba029cd723671754bae514200697806a0fa32eeb3a7cf6e7237d30e51987bea15b31932b08de0b4332c4ba0d5e4a71283a5574d4780d593510b8d760
-
SSDEEP
6291456:QH0GuwBg8s1enBP7CXaDOl7R0Y/2f9Jzwnq92kYqYnLxyRPI:QK8UenRLK2fDz3bWn1yFI
Static task
static1
Behavioral task
behavioral1
Sample
2023-09-04.zip
Resource
win10-20240404-en
Malware Config
Extracted
nanocore
1.2.2.0
0.tcp.ngrok.io:19529
e8dc0029-2692-4710-a5f6-d65df0a729cd
-
activate_away_mode
true
-
backup_connection_host
0.tcp.ngrok.io
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2023-06-12T19:31:10.719245436Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
19529
-
default_group
Default
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
e8dc0029-2692-4710-a5f6-d65df0a729cd
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
0.tcp.ngrok.io
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Extracted
mirai
BOTNET
Extracted
mirai
BOTNET
Extracted
mirai
2.59.254.14
Extracted
mirai
BOTNET
Extracted
njrat
im523
svchost.exe
5.tcp.eu.ngrok.io:15312
0c7caa8c30ecac23145985ecdefb5649
-
reg_key
0c7caa8c30ecac23145985ecdefb5649
-
splitter
|'|'|
Extracted
agenttesla
Protocol: smtp- Host:
mail.elhamdelevator.com - Port:
587 - Username:
[email protected] - Password:
01221417748 - Email To:
[email protected]
https://discordapp.com/api/webhooks/1141171534019436636/rsmn69Lcmg35Ga7bqVUGtuetk3b-HNiKLnmDMzvt91gHtESYIARmGI9pQQxxg2F5Q3mM
Extracted
mirai
o.do.do
Extracted
mirai
BOTNET
Extracted
mirai
8.8.8.8
Extracted
mirai
8.8.8.8
2.59.254.14
Extracted
mirai
zerobot.zc.al
2.59.254.14
Extracted
njrat
0.7NC
NYAN CAT
4Mekey.myftp.biz:1011
adminbogota.duckdns.org:2015
unicornio2020.duckdns.org:9966
cfcfc4ede74345f998
-
reg_key
cfcfc4ede74345f998
-
splitter
@!#&^%$
Extracted
mirai
BOTNET
Extracted
mirai
LZRD
Extracted
mirai
2.59.254.14
Extracted
mirai
LZRD
Extracted
mirai
SORA
Extracted
asyncrat
1.0.7
VBS09
4Mekey.myftp.biz:8848
DcRatMutex_qwqdanchun
-
delay
1
-
install
false
-
install_folder
%AppData%
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/reverse_tcp
156.223.59.18:4444
Extracted
mirai
2.59.254.14
Extracted
mirai
SORA
Extracted
darkcloud
https://api.telegram.org/bot6342175884:AAGNYnOE8HN_cXImf1tA6GQfayeeb18yP84/sendMessage?chat_id=5990783030
-
email_from
tsctubesales.co.in
- email_to
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
2.59.254.14
Extracted
strrat
powerful.ddnsfree.com:7802
judepower.duckdns.org:7817
-
license_id
EBGS-IHJV-5E77-T3MF-HBXL
-
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
-
scheduled_task
false
-
secondary_startup
true
-
startup
false
Extracted
asyncrat
1.0.7
PIJAO 4 SEPT
16agostok.duckdns.org:8004
DcRatMutex_qwqdanchunfdsaf
-
delay
1
-
install
false
-
install_folder
%AppData%
Extracted
metasploit
windows/reverse_tcp_dns
privacy-now.org:8888
Extracted
asyncrat
0.5.7B
VBS09
4Mekey.myftp.biz:6606
4Mekey.myftp.biz:7707
4Mekey.myftp.biz:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Extracted
mirai
BOTNET
Targets
-
-
Target
2023-09-04.zip
-
Size
299.5MB
-
MD5
eea227737face033b823122d906dabed
-
SHA1
a35c1ae86ff0aa50fb2b1e941c9b35f711c354bd
-
SHA256
5695a75d96e56497ab5f7175d5c1da59a4565df668cb89db774eefbb5bfb6cf5
-
SHA512
99d7bf96ba029cd723671754bae514200697806a0fa32eeb3a7cf6e7237d30e51987bea15b31932b08de0b4332c4ba0d5e4a71283a5574d4780d593510b8d760
-
SSDEEP
6291456:QH0GuwBg8s1enBP7CXaDOl7R0Y/2f9Jzwnq92kYqYnLxyRPI:QK8UenRLK2fDz3bWn1yFI
Score1/10 -