iptablez | 231222-bhg6jachd3_pw_infected[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

231222-bhg6jachd3_pw_infected.zip
Size

2.9MB
MD5

b0159907bc8bf59b344f1db47e268df0
SHA1

b3ab240cc4b9f69922bf0b99f54127c1d1714119
SHA256

1c714527787cb354ebba0eeb1657fb054be765838e8c845d13c488480a872e23
SHA512

1cc0b2e4e59d43a8b2d54d5033d6f66450940faf86940f64b0a3eba7e9e2694b055975d531f3b0e65ffede881b5e6bbb008cea96e1b7b8dfdf7fe6250c78375f
SSDEEP

49152:blV6M6pbXKzJlFZId2EQ9M0PAybjlQaXue7ygESuNdwRxiOar2zaHB9H88pW:b7B6tKzPM2EkPTjlQOuRg8dwGxHn88o

Score

10^/10

iptablez

Malware Config

Signatures

Detected IptabLes/IptabLez backdoor 1 IoCs

resource	yara_rule
static1/unpack002//getsetup.hb	family_iptablez

Iptablez family
iptablez

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002//Client.exe
unpack002//getsetup.exe
unpack002//ƶ_C.exe

Files

231222-bhg6jachd3_pw_infected.zip
.zip

Password: infected
41278456deb35fbd66172eb506a8457b
.zip
/Client.exe
.exe windows:5 windows x86 arch:x86

4f60dfc53b8f96b5a07f2047fa00d9fe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

closesocket

kernel32

GetFileType
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DeferWindowPos

gdi32

GetClipBox

comdlg32

GetOpenFileNameA

winspool.drv

ClosePrinter

advapi32

SetFileSecurityA

shell32

ExtractIconA

comctl32

ImageList_Destroy

Exports

Exports

1��b�^��bv:G.>�ZJ��a��pl�.=U��$ ��M{@��g��>��Wr�dK��z�<2F'gزW��Q�J�^�d�S�G��o�͢o}<Y/�l^��XE�"[r�M=�jR�1��e��v��c�Pl�{=:ԛ��.��C�,5>>>#sә�i�_��\��[V�YdZF�x��H�а/��[�� c�J��V��1ҏ��)�k��9e�Q0��$��i�� ډ��6]Q�b��PFl�h5(.�V��i��& ��mY@��wȴ<dJ�z�FE�6��\<,��R�s%��{��6J��7�/,;�"�6WFy�5R��T�,�-�k��5�V�:<�Dٞ��ډ��A�R|��V^ظ2 ��f��?�� mf��-7s��F�Z�rLٌX�q�"dH�3�t��NE�>ڨb*/��7�H��m>��]�uq�-Y��9�5z @& ʄ`��ˁ�*�S|� �iK�]G�id��ٷԗ64N��m.e�A�wRT!��(��,��%��,�)��tz�E�Q)��6��v|�n�4��15�O��&GȲ/;��耺uɣ�t�D�XޗYNXi��K":��d��:��9f��5��H/ly\1�=�p^Q"��h��4�<�c��`"\JW�^��"��HN��>/��5wY�Zg�А0�Q��X�l{��71/�J�QV�P��T��`�V/� �1ԏ �_#Ը7[9�B�0G+eaɳe��ֹu��d��R�Ԓ�p��%��AW(L"�$-��eW2QZ��cA��⮖;��T!��4*�\\��qƟ�`3��J��J|��|�ik:F�:?�w�ȁ�R��|=?�d�4��A/��_<ә��;�a�SCfZ~��U��Z�7�LZ��n�ash�f)U��I��ڷ`Vo;�*eՁ�M�[�nW�\a�;�g��Uѝ��Q۟��=gv��Jd?��.6� :Wr@��ɲ�t��P86R�U\��>J�|x�y�^��&<g��"��L6>��#�"a�W��a�ؕ7�-�A6�� x��V��HA��0Q�i��D��_B�� e�@�s�D�S��!��u��ɪ\��$��c��ȉ̻k(��z��+!��T��4��ˮ0�LX��=�p:��.�wfab��|d�Wy��O�-0��؀L��|�d��R��X��!��H��V�V��t2 �\0�F6�$�VoǧM��5��O�]]<L�=Z�u��|�d=� k��MN]��@&l��I�m�v5�'3��E��<:��;WY�r��N��I��-��۞ a�A�)-^��؄=��ҩ��QH�+��U�C��_&�3�u�X�.Qn��8�S�� ߘj��?�4��W�z��'��{�`��:�6|��GD�j��H��T��>W�E�[X��wuY�ut� % t1jҏܡ_׳��y +�73^��]yF��[WcTI�EȖ�Z��j縛��5*Zo�ۀ~��r�|��y��H��ko�8��2�ke2��H�!�5J�SY#vgU `��{�� _I��)�/X��R��[(lz�hΛ�ZQa��LB�:��[%�� 'c;� �iSw��N�� }��/�-{}��(�w%�h�vo7��9֝=ci�ڊÞpш5�6�v#k��Fs�s �u�[*��7�r�}R z��G��TZ��߾=p?��y-%�4�F�| ( ?[+�Y�ru��K�]�=�汇��+�4ʱ�O�M5��|��( �<O KD��`�Rr�I�tV �ا��4�E�Wo�^.��_��]҅�cI��I-Ѣ��߾��V�9lY��3�s�ht7��c��X�U�`�q�y��l�ir۵똫�_|а� N=U� �\��D7��hJ笯[��0�Sb>��7{��[")��G�+�l��w`��a3�O�o�hD�<��RǻG�� X�]dP1k��j �M)��C.p��rK(�g��!j�� r� rj�Ǌ�M=M��R��%F�8�ƌ��<@=�o��n-��ze�.x��A�N�@j��#��NeZE��4�y/o��Y�M;�sc��Q�2Y3�x'��l ��\�_��5o)lnWWLҟ��v�!K~�Oy��#��s]7{Iz�67[,�u�`lp�$ʩ�ͳ#ي��$׀mZH��y4s�61e9'/�.�|P��gE��;bMM�m5V.�k+�树��5S|�\M�ro��&H�O�� w�6#�/��0�֢� �G��_�y#ҽ;a�[�i~��ZcʌFY� b&7��0��F]�-��G�-`��A�YϏx>)�6��1��29��,��qƎ�5��]o `-P�禼6l��M�MIE��_`�Q��w�h)�<�r>�K��3�;�`��AfX�;��ՉAY׮� �V�P��3�5a=�j�d�J�m�m��OB^�_}��K�u[�O_�DqB��m��0d$��Ի�� @��H+�m�u�wh-8�4��2{<j��C.;(m��FM��φ.��)�U��4K��* ��_~F��{]�w7�oFz�ij�i�6x(��,9%�O��%�x�hb>�h)��yx��f��`��*V�7/��E4A�s�/]�a��_�x��r^E��F�Q��+y.Uj��d�r;B&x�"�S��C�WZ]�>��[�Y�=N*Э�P�Aְj��~��#LͿK��}��U�V%ԿA��S�3r:��U�iֹ�R��e�@�-(�$�싢�M_Ŝ�H��MP��r��ͽ�

Sections

.text
Size: - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cn0
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cn1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
/getsetup.exe
.exe windows:4 windows x86 arch:x86

d22c5653ee228ce97e064fa87a057ad6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
TerminateThread
InitializeCriticalSection
GlobalMemoryStatusEx
GetVersionExA
Module32Next
Module32First
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
Process32Next
Process32First
OpenEventA
GetLastError
CreateEventA
SetEvent
ResetEvent
CopyFileA
GetCurrentProcessId
GetSystemDirectoryA
lstrlenA
WaitForSingleObject
GetFileAttributesA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
ReadFile
SetEndOfFile
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
CreateThread
SetThreadPriority
ResumeThread
GetCommandLineA
ExitProcess
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
WinExec
DeleteFileA
GetCurrentDirectoryA
GetModuleFileNameA
Sleep
InterlockedExchange
ExitThread
GetCPInfo
HeapFree
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
HeapReAlloc
GetModuleHandleA
GetStartupInfoA
GetVersion
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
DeleteCriticalSection
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
WriteFile
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
FlushFileBuffers
CreateFileA

ws2_32

htonl
htons
select
__WSAFDIsSet
getsockopt
gethostbyname
getsockname
closesocket
WSACleanup
WSAStartup
inet_addr
setsockopt
socket
connect
send
recv
ntohl
ntohs
sendto

advapi32

RegOpenKeyA
RegSetValueExA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
ControlService
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
StartServiceA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CreateServiceA

shell32

ShellExecuteExA

iphlpapi

GetIfTable
GetAdaptersInfo

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
/getsetup.hb
.elf linux x86
/key.dat
/װ.txt
/ƶ_C.exe
.exe windows:4 windows x86 arch:x86

f56a1a23e63b94543be20d9a5197467a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
GetACP
TerminateProcess
HeapSize
SetUnhandledExceptionFilter
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
ExitProcess
GetCommandLineA
GetStartupInfoA
GetProfileStringA
HeapReAlloc
HeapFree
GetLocalTime
GetSystemTime
GetTimeZoneInformation
HeapAlloc
RtlUnwind
RaiseException
GetTickCount
SetErrorMode
SizeofResource
GetFileTime
GetFileSize
GetFileAttributesA
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GlobalFlags
GetModuleFileNameA
lstrcmpA
GetCurrentThread
FileTimeToLocalFileTime
FileTimeToSystemTime
MulDiv
SetLastError
LoadLibraryA
FreeLibrary
FindResourceA
LoadResource
LockResource
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GetProcAddress
FormatMessageA
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
lstrcpynA
WritePrivateProfileStringA
SetThreadPriority
ResumeThread
GetCurrentDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
InterlockedIncrement
InterlockedDecrement
GlobalLock
GlobalUnlock
CreateThread
GetSystemInfo
PostQueuedCompletionStatus
TerminateThread
WaitForSingleObject
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
GetLastError
GlobalAlloc
CreateIoCompletionPort
GetQueuedCompletionStatus
GlobalFree
EnterCriticalSection
FreeEnvironmentStringsA
LeaveCriticalSection

user32

LoadBitmapA
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
GetFocus
SetActiveWindow
IsWindow
SetFocus
AdjustWindowRectEx
ScreenToClient
GetTopWindow
MessageBoxA
IsChild
GetParent
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenuItemCount
GetMenuItemID
GetMenuCheckMarkDimensions
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DestroyWindow
MessageBeep
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
GetWindow
GetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
CloseClipboard
SetClipboardData
EmptyClipboard
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
SystemParametersInfoA
GetWindowPlacement
CopyRect
GetDC
ReleaseDC
GetMenu
ModifyMenuA
SetTimer
SetForegroundWindow
IsIconic
GetSystemMetrics
DrawIcon
KillTimer
IsWindowVisible
LoadIconA
wsprintfA
PostMessageA
PostThreadMessageA
TrackPopupMenu
EnableWindow
GetWindowRect
GetClientRect
LoadMenuA
GetSubMenu
GetCursorPos
GetKeyState
SendMessageA
IsClipboardFormatAvailable
GetClipboardData
InvalidateRect
DefDlgProcA
IsWindowUnicode
OpenClipboard
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableA
CharNextA
CharUpperA
GetSysColorBrush
LoadCursorA
GetDesktopWindow
PtInRect
GetClassNameA
InflateRect
LoadStringA
MapDialogRect
SetWindowContextHelpId
GetMessageA
TranslateMessage
ValidateRect
SetCursor
PostQuitMessage
wvsprintfA
EndDialog
GetActiveWindow
CreateDialogIndirectParamA
DestroyMenu
DrawTextA
TabbedTextOutA
SetWindowLongA
RegisterClipboardFormatA
EndPaint
BeginPaint
GetWindowDC
CreateWindowExA
ClientToScreen
GrayStringA

gdi32

IntersectClipRect
DeleteObject
ScaleWindowExtEx
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetMapMode
DPtoLP
GetTextColor
GetBkColor
LPtoDP
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
PatBlt
GetDeviceCaps
CreateDIBitmap
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateFontA

comdlg32

GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegCloseKey
CryptReleaseContext
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA

shell32

Shell_NotifyIconA

comctl32

ImageList_Destroy
ord17

oledlg

ord8

ole32

CoTaskMemFree
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
CoRevokeClassObject
CLSIDFromString
CLSIDFromProgID
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
OleFlushClipboard
OleIsCurrentClipboard
CoGetClassObject

olepro32

ord253

oleaut32

VariantCopy
VariantClear
SysAllocStringLen
SysFreeString
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringLen
VariantTimeToSystemTime

ws2_32

ntohl
recvfrom
inet_addr
WSAStartup
WSAGetLastError
gethostname
gethostbyname
inet_ntoa
WSASocketA
htonl
htons
bind
listen
WSACleanup
shutdown
WSASend
WSAAccept
setsockopt
WSAIoctl
getpeername
closesocket
WSARecv

Sections

.text
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

4f60dfc53b8f96b5a07f2047fa00d9fe

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

Exports

Exports

Sections

.text Size: - Virtual size: 517KB

.rdata Size: - Virtual size: 92KB

.data Size: - Virtual size: 137KB

.cn0 Size: - Virtual size: 1.9MB

.tls Size: 4KB - Virtual size: 24B

.cn1 Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 8KB - Virtual size: 5KB

d22c5653ee228ce97e064fa87a057ad6

Headers

File Characteristics

Imports

kernel32

ws2_32

advapi32

shell32

iphlpapi

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 52KB - Virtual size: 56KB

f56a1a23e63b94543be20d9a5197467a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

ws2_32

Sections

.text Size: 192KB - Virtual size: 188KB

.rdata Size: 48KB - Virtual size: 44KB

.data Size: 20KB - Virtual size: 35KB

.rsrc Size: 84KB - Virtual size: 81KB

.text
Size: - Virtual size: 517KB

.rdata
Size: - Virtual size: 92KB

.data
Size: - Virtual size: 137KB

.cn0
Size: - Virtual size: 1.9MB

.tls
Size: 4KB - Virtual size: 24B

.cn1
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 8KB - Virtual size: 5KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 52KB - Virtual size: 56KB

.text
Size: 192KB - Virtual size: 188KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 84KB - Virtual size: 81KB