Malware Analysis Report

2024-12-01 03:14

Sample ID 240528-m9ckxage9y
Target po.zip
SHA256 dd74e4103e33c5eee471a9b9d7a1ff7e6d957d358d424665839eae1642ab516b
Tags
golddigger
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

dd74e4103e33c5eee471a9b9d7a1ff7e6d957d358d424665839eae1642ab516b

Threat Level: Known bad

The file po.zip was found to be: Known bad.

Malicious Activity Summary

golddigger

GoldDigger payload

Golddigger family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-28 11:09

Signatures

GoldDigger payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Golddigger family

golddigger

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-28 11:09

Reported

2024-05-28 11:15

Platform

win7-20240215-en

Max time kernel

15s

Max time network

16s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\po.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\po.zip

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-28 11:09

Reported

2024-05-28 11:15

Platform

win10v2004-20240508-en

Max time kernel

30s

Max time network

28s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\po.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\po.zip

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
NL 23.62.61.58:443 www.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 58.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-28 11:09

Reported

2024-05-28 11:15

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Command Line

[/tmp/po.zip]

Signatures

N/A

Processes

/tmp/po.zip

[/tmp/po.zip]

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-28 11:09

Reported

2024-05-28 11:15

Platform

debian9-armhf-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-28 11:09

Reported

2024-05-28 11:15

Platform

debian9-mipsbe-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-28 11:09

Reported

2024-05-28 11:15

Platform

debian9-mipsel-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A