Analysis Overview
SHA256
dd74e4103e33c5eee471a9b9d7a1ff7e6d957d358d424665839eae1642ab516b
Threat Level: Known bad
The file po.zip was found to be: Known bad.
Malicious Activity Summary
GoldDigger payload
Golddigger family
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-05-28 11:09
Signatures
GoldDigger payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Golddigger family
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-28 11:09
Reported
2024-05-28 11:15
Platform
win7-20240215-en
Max time kernel
15s
Max time network
16s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\po.zip
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-28 11:09
Reported
2024-05-28 11:15
Platform
win10v2004-20240508-en
Max time kernel
30s
Max time network
28s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\po.zip
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| NL | 23.62.61.58:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-28 11:09
Reported
2024-05-28 11:15
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/po.zip
[/tmp/po.zip]
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-28 11:09
Reported
2024-05-28 11:15
Platform
debian9-armhf-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-28 11:09
Reported
2024-05-28 11:15
Platform
debian9-mipsbe-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-05-28 11:09
Reported
2024-05-28 11:15
Platform
debian9-mipsel-20240418-en