Overview
overview
10Static
static
10Maintenance/rong.exe
windows7-x64
1Maintenance/rong.exe
windows10-1703-x64
1Maintenance/rong.exe
windows10-2004-x64
1Maintenance/rong.exe
windows11-21h2-x64
1Maintenance/ste.exe
windows7-x64
7Maintenance/ste.exe
windows10-1703-x64
10Maintenance/ste.exe
windows10-2004-x64
8Maintenance/ste.exe
windows11-21h2-x64
8Maintenanc...40.dll
windows7-x64
1Maintenanc...40.dll
windows10-1703-x64
1Maintenanc...40.dll
windows10-2004-x64
1Maintenanc...40.dll
windows11-21h2-x64
1Maintenanc...rg.dll
windows7-x64
1Maintenanc...rg.dll
windows10-1703-x64
1Maintenanc...rg.dll
windows10-2004-x64
1Maintenanc...rg.dll
windows11-21h2-x64
1General
-
Target
Maintenance.zip
-
Size
7.0MB
-
Sample
240530-xw9nlahf99
-
MD5
928a76956965ffd9ff49f129056255f3
-
SHA1
4662b09323cbc5e71a640e28bb83617a3047618c
-
SHA256
cf428bdbd8985af9eb3e137b4dd206df0583c06a144a8252acc1979e9ccb225c
-
SHA512
765193135e021de3c68474494950fd4a6a9052037ed9b8bb8aa076185bd3f11b4a3d3d0b0e6a5c27d1e377b5a356833e9aa7c45abacee2ac33733673b6ad5f8f
-
SSDEEP
98304:yLUghTmrB1Bez+EGHtjJe6aFqqlf3e7Fd6e6GMRelVLjAk94lYVJZ5SYQVJLV9dL:475c5veP5kF4e6eXLh5SYQ/vdO6
Behavioral task
behavioral1
Sample
Maintenance/rong.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Maintenance/rong.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
Maintenance/rong.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
Maintenance/rong.exe
Resource
win11-20240508-en
Behavioral task
behavioral5
Sample
Maintenance/ste.exe
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
Maintenance/ste.exe
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
Maintenance/ste.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral8
Sample
Maintenance/ste.exe
Resource
win11-20240508-en
Behavioral task
behavioral9
Sample
Maintenance/vcruntime140.dll
Resource
win7-20240419-en
Behavioral task
behavioral10
Sample
Maintenance/vcruntime140.dll
Resource
win10-20240404-en
Behavioral task
behavioral11
Sample
Maintenance/vcruntime140.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral12
Sample
Maintenance/vcruntime140.dll
Resource
win11-20240508-en
Behavioral task
behavioral13
Sample
Maintenance/vcruntime140Org.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
Maintenance/vcruntime140Org.dll
Resource
win10-20240404-en
Behavioral task
behavioral15
Sample
Maintenance/vcruntime140Org.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral16
Sample
Maintenance/vcruntime140Org.dll
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
Maintenance/rong.exe
-
Size
277KB
-
MD5
060d01a06716718bf818a53a50e9b669
-
SHA1
b070a04847e467111103cf6872d755738a1b38b2
-
SHA256
94f216ebc35eaaa45e11b94633a3af3daeee79a3fc9659606d438600842316a3
-
SHA512
246e3cf70422bb4da782b8956656cf6b4e456987fa3a0d88a31f69ba2416af59aff88bfd57cec8fb8b3f3bd965bd9d64b1e35e8ef40736dc034adfc25ac889d0
-
SSDEEP
3072:bG+1egX1rRALh+7LJqL1Fly9DAoBwyLNhcC2FVcZV9RxANZcCmcWe0se2wJDhyKE:mglrEkxu1y9Db1k+xKcCmfeRet0KY
Score1/10 -
-
-
Target
Maintenance/ste.exe
-
Size
6.9MB
-
MD5
082b02c8cebe0f81a1c82782c2dd5bb1
-
SHA1
ae20859b0045ceb64d39c45db9e8aeb634ea1cf9
-
SHA256
fdca4bc14c8ea31e448bffaf13aecbf9d727b9897ea44e905b9fe2a2987898ad
-
SHA512
af1bdcdf2ff849d2e7c18ce9a24b9099034210ec01a0726f2e263a14fe4341e53056de310e71502d4f43bdff44828fb278b9ca4cd75b7034f416307a6dbff172
-
SSDEEP
98304:EZvITBgZpeDamaHl3Ne4i3lqoFhTWrf9eQc0MJYzwZNqkzmZs5J1nD1ksBnrN5Jt:E9IsHeNlpYfMQc2sXhnD1ksVPJt
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Maintenance/vcruntime140.dll
-
Size
42KB
-
MD5
65bc79ec84cabe4c7ed8ce9a5fa2828b
-
SHA1
87d66dd545643bb848179598a37c0a93c0a80512
-
SHA256
14d683fb00c746eefa9cf44663b667cfdf28e814ac95e2415a93a6bf920155de
-
SHA512
60344faec9a6c2d868513188f28e2ff4a4140b48288361427f76552a261b99f6e146af4d880c0a30c623f5397c6cc2cedf86b473caa70252890e3cebad4bb383
-
SSDEEP
384:y5SA8M63a8et/cqqsKtEi9iYOd3AeeQDOeUc/bYHtQ1NnSPDuITCoGRxrIafIQXg:yoA8M2J9op5DOeUc/bYHtJNdegKdk
Score1/10 -
-
-
Target
Maintenance/vcruntime140Org.dll
-
Size
93KB
-
MD5
ade7aac069131f54e4294f722c17a412
-
SHA1
fede04724bdd280dae2c3ce04db0fe5f6e54988d
-
SHA256
92d50f7c4055718812cd3d823aa2821d6718eb55d2ab2bac55c2e47260c25a76
-
SHA512
76a810a41eb739fba2b4c437ed72eda400e71e3089f24c79bdabcb8aab0148d80bd6823849e5392140f423addb7613f0fc83895b9c01e85888d774e0596fc048
-
SSDEEP
1536:wkb0wrlWxdV4tyfa/PUFSAM/HQUucN2f0MFOHH+FVfecbTUhnvUuJ:wWD4eUp+HQpcNg0MFGH+FVfecbTUh8c
Score1/10 -