Analysis
-
max time kernel
92s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-it -
resource tags
arch:x64arch:x86image:win10v2004-20240508-itlocale:it-itos:windows10-2004-x64systemwindows -
submitted
03-06-2024 13:22
Behavioral task
behavioral1
Sample
marlbot-1.6.0-nextmortal.exe
Resource
win7-20231129-it
Behavioral task
behavioral2
Sample
marlbot-1.6.0-nextmortal.exe
Resource
win10v2004-20240508-it
Behavioral task
behavioral3
Sample
main.pyc
Resource
win7-20240221-it
Behavioral task
behavioral4
Sample
main.pyc
Resource
win10v2004-20240508-it
General
-
Target
main.pyc
-
Size
54KB
-
MD5
285e7619bccd46aea0c6aff6bf8a02c3
-
SHA1
060c2079c38abaec500279556abd44ce514442ca
-
SHA256
f484f262d8c5fc6f9bc9fde3052716cad3be14677faf9f19ec574ad110d50395
-
SHA512
34bd0848ecf3c0733f5f1a7938347634e9bbb253b32bbc3efa0b98d6de35f3071196f0ec647d80ce43e1b175fef544eef91751e9d5ad35fa803cf2d3f8071d3c
-
SSDEEP
768:t3iNiTGSJknfjSE832dGGKGGpHT1gKdGwzChPM1PqhjX21:t3Bkn782dGGKGGpTdGsChPM1POjX0
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid Process 4160 OpenWith.exe