Overview

overview

10

Static

static

7

00b9b6cf27...f7.exe

windows11-21h2-x64

1

05500734fe...81.exe

windows11-21h2-x64

0b75e2fadf...c5.exe

windows11-21h2-x64

8

0d5fa75218...64.exe

windows11-21h2-x64

10

1760c5727e...9c.exe

windows11-21h2-x64

7

1fe99fb7c5...81.exe

windows11-21h2-x64

7

2336173567...98.exe

windows11-21h2-x64

7

2522b83852...03.exe

windows11-21h2-x64

7

2af6bc16f2...b2.exe

windows11-21h2-x64

7

3d9f9c162e...64.exe

windows11-21h2-x64

7

3db846a796...e5.exe

windows11-21h2-x64

7

493813116f...dc.exe

windows11-21h2-x64

7

4d61a61265...08.exe

windows11-21h2-x64

7

510827ce68...c5.exe

windows11-21h2-x64

7

5642f8bd3b...2a.exe

windows11-21h2-x64

7

6c37d14d5a...4c.exe

windows11-21h2-x64

7

6c3c9af653...c3.exe

windows11-21h2-x64

7

77186e57b2...20.exe

windows11-21h2-x64

7

7bca70a81c...61.exe

windows11-21h2-x64

7

8e934dcd46...88.exe

windows11-21h2-x64

7

9a75c8e353...60.exe

windows11-21h2-x64

7

9e067453f0...f3.exe

windows11-21h2-x64

7

a9a89ed0d1...0f.exe

windows11-21h2-x64

7

b4ab8f5c8b...95.exe

windows11-21h2-x64

7

c034313090...ef.exe

windows11-21h2-x64

8

c45a330cf8...24.exe

windows11-21h2-x64

7

d42fc4dabd...06.exe

windows11-21h2-x64

7

d66f6565e9...91.exe

windows11-21h2-x64

7

e16d377c12...36.exe

windows11-21h2-x64

7

e302f733d4...02.exe

windows11-21h2-x64

7

fe3b2cf08a...d5.exe

windows11-21h2-x64

7

fff0ccf5fe...51.exe

windows11-21h2-x64

7

Resubmissions

21-08-2024 19:30

240821-x76q3sweqg 10

21-08-2024 17:42

240821-v92h2avgpj 10

12-06-2024 16:01

240612-tgps4a1bqh 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MyDoom.zip

  • Size

    7.4MB

  • Sample

    240612-tgps4a1bqh

  • MD5

    67a0019ef0d6a0e457151452d6d1e64e

  • SHA1

    f74247dc2feeebc38b2a86e8e919160798b27fd9

  • SHA256

    195688fdc5454fb7f6ba8188015e395bfe86876a9c0e28b818944ee264f0e77c

  • SHA512

    2b03b2523ac6f9fa01cbc38e572cdf8b60e0bd73d48813db0dfdd7df45896622f21a6dc16f6d68a1e062cdb1c8983768d8cef737393e7e91ef31f3509d40c45e

  • SSDEEP

    196608:jZiFnVyuWadlIK+pU3Y40y9InO+K8Lsi2X:1iFnVyuWaP6paY4PuPt2X

Score
10/10
dcratbootkitinfostealerpersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      00b9b6cf27deeda8de99d1719ef724808afa92080026df8dd17159be8ea420f7.exe

    • Size

      879KB

    • MD5

      af466faccd8bbab030d12caf7b16ea61

    • SHA1

      e18711fe226d39fe182c45ea1a15ccc587980b67

    • SHA256

      00b9b6cf27deeda8de99d1719ef724808afa92080026df8dd17159be8ea420f7

    • SHA512

      2599b3b6db13c14e36bc24980da5457c8788624050ad727d2b1d8975b6405e1a6dfee9829a849900edcc7cc831b69604cce9e6e7e0080835e426df343a1d6e64

    • SSDEEP

      12288:D+of7uHr7XLo+U90C447TmTWCsNWGHBm++WDzLGfWCayErUUxmptN:Dr7uH3vu0B4OWZxPDnG5ErUn

    Score
    1/10
    behavioral1

    • Target

      05500734fe07ac2b5bc89aa12b090203c4b74851cb0d62bd388f27ec6d6caa81.exe

    • Size

      15KB

    • MD5

      32915fef0066f3a580ae9389d83e195f

    • SHA1

      e000d59d91a6039c28a628ec436f680f41e8ffec

    • SHA256

      05500734fe07ac2b5bc89aa12b090203c4b74851cb0d62bd388f27ec6d6caa81

    • SHA512

      57d43daac4bc5d550bed9724dc8c2041111dba3f3a52fca7b688e3d6b64267c34c537b8045d974e007412f504aeb3428f571c360b053faff7c040c4bc235cbd8

    • SSDEEP

      192:F7r4fe9FV9wQw0XJ58CWuVmcmLQ4k8Md0QiyIWNMrXRkf1ZdDjgXFk3AaDvFmv:FAfe7wQw+4Cc84ZM6eIkf1Z1jgXKHC

    Score
    1/10
    behavioral2

    • Target

      0b75e2fadffc45dff940e58f5b6f8d99832426bb880f432f98d853308b29c9c5.exe

    • Size

      355KB

    • MD5

      ff4c98aae03f63b8256dd765e99f5934

    • SHA1

      db774f2c4a2ed02f42effd6016e6ee7b8ae5cfde

    • SHA256

      0b75e2fadffc45dff940e58f5b6f8d99832426bb880f432f98d853308b29c9c5

    • SHA512

      eea1f000945adf51217d3b3e6faaa947c683de5c278ce0c7870360d959d65347804b563853d32ce2d49bd6fb0567c9d0d065ee561bb4b16d66af1bbd98197c1d

    • SSDEEP

      6144:wlZzOaQGDj25OFco79+ITkBXkHQYfrF1aK0FAbw1lZzOR0x0k5kPFOM+11c5K9b:YZTP2kioZD1rUxPZA0x/ksB9b

    Score
    8/10
    persistenceupx

    • Drops file in Drivers directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral3

    • Target

      0d5fa75218e5eb97fccbcf36d3bbd9cd77247260977f69c50deb29399ee0e464.exe

    • Size

      9.4MB

    • MD5

      813b749967045532f86e6442447bcd8b

    • SHA1

      8d0615e7f7ba672a3fc94c05a9451f9d08797af7

    • SHA256

      0d5fa75218e5eb97fccbcf36d3bbd9cd77247260977f69c50deb29399ee0e464

    • SHA512

      47c16f403ab33ebb9e59c7c3a053dc29d0d654174d2be9153966ad9fc873e641f34ab44c7e38fb4c6fd376b384d4e1da0dacafb384e9abb1c7eb92cb32533877

    • SSDEEP

      24576:GYx7SFGwWG8/Ad5kybgeK8uQY2ZqR7NlaDbTxnVhv2MMLdGIhJ:IFFbK8q2ZhDbTNv2MuV

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Executes dropped EXE

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral4

    • Target

      1760c5727e5568d3b18a1cbf0d50c311613699af8233c96fb3eee197f438ce9c.exe

    • Size

      28KB

    • MD5

      e26570922a9373c1f3a06f647ddd10a4

    • SHA1

      e0f6853e39e0b9fbcb3062bb7e15b8734b9df9f3

    • SHA256

      1760c5727e5568d3b18a1cbf0d50c311613699af8233c96fb3eee197f438ce9c

    • SHA512

      e17a8c1ca8aa6c65106831086f203736b7bdd92c54d2487f381f7d7303a5f3852859935ef55a913dd8856c6015a5f9414308430ae1ff4b5690743025f8ff4c70

    • SSDEEP

      384:1vxBbK26lj5Id8SpHx9jLhsznnVxA1WmP5w7GGCJlqqwMyNQ05:Dv8IRRdsxq1DjJcqf8

    Score
    7/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral5

    • Target

      1fe99fb7c527a90826896e695f23e712375358df3c7aa9163af6b96d872a9f81.exe

    • Size

      21KB

    • MD5

      26b8bc40d95b979e1e708a9f843242ad

    • SHA1

      229284e8cb74bbfae647eb160e4188bda3e50721

    • SHA256

      1fe99fb7c527a90826896e695f23e712375358df3c7aa9163af6b96d872a9f81

    • SHA512

      e53fb1b351f47227c1568718c99cc78048507518ac823cebccddebdc630845f9c972a746036f67d416275bdb1667d298ddd6a0fd4e0fea4dc096d7c2cfcf0625

    • SSDEEP

      384:FZcpzCIqdG3A3WUkx38GZDJuJbf1+o44u8gHzU4ek+:SCIqdH/k1ZVcT194jp44eD

    Score
    7/10
    persistenceupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral6

    • Target

      23361735678f37d77510b22306c727a987f84c87143bb0062f3d76413c36fc98.exe

    • Size

      21KB

    • MD5

      3f122d9a0b7a9f1aa8c973d170ee8d55

    • SHA1

      3fb032e1a7a3a9cc5ce0d5f03fbb7f74a063ce39

    • SHA256

      23361735678f37d77510b22306c727a987f84c87143bb0062f3d76413c36fc98

    • SHA512

      25b3db24d20482476e07e29bcee1e231e106d1ec8e36bc390960085595816268ced9c6d392ee21e48c0643801e14c4bb88e1d006fc35467a1abf7b66a423fad4

    • SSDEEP

      384:FZcpzCIqdG3A3WUkx38GZDJuJbf1+o44u8gHzUEBI:SCIqdH/k1ZVcT194jp4ES

    Score
    7/10
    persistenceupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral7

    • Target

      2522b83852588bc0f7f620f9b4fe3a9337b9608be335d3958d190275f333df03.exe

    • Size

      49KB

    • MD5

      d4aae2114968c886660e4cbf1c694160

    • SHA1

      c5b6d1ccc5f238686f3be7bfff44c9b612d74efb

    • SHA256

      2522b83852588bc0f7f620f9b4fe3a9337b9608be335d3958d190275f333df03

    • SHA512

      69d0c95abcb789b5e638e826c0b827634fb076248c659b1d2d62741383a62510d6ad6b1e6c16ea1a2ab7f2ac271ba56958e0f070def4a33c6bcaacba848c8395

    • SSDEEP

      768:nqQ07c92/EyTAYtxqfGNC0klI7C8ycYlI5P194jp49w404LY:n87wc1aGNC0klI7CPpIFa69wAY

    Score
    7/10
    persistenceupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral8

    • Target

      2af6bc16f25822d6d2f1429bc15f3d47f6c0bcb026ba387249d173fc753919b2.exe

    • Size

      22KB

    • MD5

      44fad0089dd3b0b481f30486646fd3f0

    • SHA1

      54a3e4359bedeba0d8747e2bc7e94ebbd48feef3

    • SHA256

      2af6bc16f25822d6d2f1429bc15f3d47f6c0bcb026ba387249d173fc753919b2

    • SHA512

      7137de8a76aa91bc921a7334dde182eaa786a42bc5dc7369e9265f9226ea52bedf003e8ba707f297d880828daa5f1183233d985cb98e371eb711c2523a1a0acc

    • SSDEEP

      384:FZcpzCIqdG3A3WUkx38GZDJuJbf1+o44u8gHzUIegaC3:SCIqdH/k1ZVcT194jp4IegaC3

    Score
    7/10
    persistenceupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral9

    • Target

      3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe

    • Size

      41KB

    • MD5

      3e67d212278e1af5be913d236399fcf6

    • SHA1

      f993125ed4af1de6a551a6e0843a6d124cd46f27

    • SHA256

      3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464

    • SHA512

      f7e6394c9f9fdd6a03c72aaece5b4911cb821680a632f94b622b12d94cff9873d93b2c6604016524bdab4dd6e4b70b532c440f6b296138677be19e078ad23ec7

    • SSDEEP

      768:/eMc5VwWt1jDkbXdnTOyQxHFO+IxX2P5LIbbcPYir2lAqcdF0i09sy:/q5VwWDjDkdTRqHFOn8tIbbeYiuZIFSl

    Score
    7/10
    persistencespywarestealer

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    behavioral10

    • Target

      3db846a796caa001666df8f7cae709fff02f984711b0e70e0e79c457d631b4e5.exe

    • Size

      41KB

    • MD5

      b1f6a4cc592f3c9f7d4b69c02ac74d11

    • SHA1

      db2db17c1d3e2c4f3a45aad9215cc77ed455ffcc

    • SHA256

      3db846a796caa001666df8f7cae709fff02f984711b0e70e0e79c457d631b4e5

    • SHA512

      66c3d5cb3c9bf13604748853797e4c1a1eae13d52cdf43f16da0b1b180ad0c10102a2935d4d6bd0549f6e48427c0181cbb07f1ee664274727dff0cc61e5075c5

    • SSDEEP

      768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q

    Score
    7/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral11

    • Target

      493813116f32ad6f455676cd54e32a2167ece845038202614cbb49e126f5afdc.exe

    • Size

      21KB

    • MD5

      fd6deb4cda087d7a60b6b28104fad84b

    • SHA1

      6826e88b55a2794f9ea72c86bb9cfd084fe2aee9

    • SHA256

      493813116f32ad6f455676cd54e32a2167ece845038202614cbb49e126f5afdc

    • SHA512

      afa16663956ffa8d50d7a6622c7cb01d9b01f83c1ef21dfce1eeffc8cc217499e7a78bcea952b59c501caa71b3aaa5b2c144ed30529685efb55266678eb18dc3

    • SSDEEP

      384:FZcpzCIqdG3A3WUkx38GZDJuJbf1+o44u8gHzUMO2:SCIqdH/k1ZVcT194jp4N2

    Score
    7/10
    persistenceupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral12

    • Target

      4d61a61265cdd942cff973609170529eaf19579b5d17e64deccbd6f6f1fdfa08.exe

    • Size

      29KB

    • MD5

      0d14590170f35263c0e3f0e0e1594720

    • SHA1

      21414e31724eb95408a4031a0c0508b2a12260e7

    • SHA256

      4d61a61265cdd942cff973609170529eaf19579b5d17e64deccbd6f6f1fdfa08

    • SHA512

      76e6fbd04c08b749b46ce1499e15ad58d7bb8d0c20db0a0fae54001f973aaa73e961cf80558c090d31d7f69918562c519c01c2cb441548feca63cea37792aa3c

    • SSDEEP

      768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/V:AEwVs+0jNDY1qi/qt

    Score
    7/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral13

    • Target

      510827ce687ad00545a1726c25a00f65e7d685b7dcd857fc6f11a0392feee5c5.exe

    • Size

      28KB

    • MD5

      6cdec3ccff3c2a0c2602bc89443f865f

    • SHA1

      cf7ac47ec2e5b261786c9c11d30a09050bf459be

    • SHA256

      510827ce687ad00545a1726c25a00f65e7d685b7dcd857fc6f11a0392feee5c5

    • SHA512

      c97f74a3486b1018c2413473a82ca9d1f777c05993c4b3da4adca0006165107c2ecd14251f77e3cfcd8ea3949f64332e35e43648426f750aad8eb597f87370bb

    • SSDEEP

      384:1vxBbK26lj5Id8SpHx9jLhsznnVxA1WmP5w7GGCJlqqwMyNanRiEMnY:Dv8IRRdsxq1DjJcqfFRn4Y

    Score
    7/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral14

    • Target

      5642f8bd3bc151349ded1a3c160c037c26194c9da2b7ace5d8ca11cddb57612a.exe

    • Size

      41KB

    • MD5

      64276638075d3cab665966be7f366682

    • SHA1

      3fb9c599d5dc9188332b4a9c0f1262c07ee24699

    • SHA256

      5642f8bd3bc151349ded1a3c160c037c26194c9da2b7ace5d8ca11cddb57612a

    • SHA512

      1bbd7440a14f8651ef4433cdda3a48071024838688f8ff88a0688cf56f28854232446f655731a44d1f02f1e572697e132f06c92dfa170825433154042be02826

    • SSDEEP

      768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q

    Score
    7/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral15

    • Target

      6c37d14d5ad674e4c0fa8df0a999be6b27399936c9ff16f7fb30b802addb7b4c.exe

    • Size

      28KB

    • MD5

      e5128ece1b9916a6df7cd56d66c193c2

    • SHA1

      c99f687b182f3dee71e8434360595832ea431075

    • SHA256

      6c37d14d5ad674e4c0fa8df0a999be6b27399936c9ff16f7fb30b802addb7b4c

    • SHA512

      67b9166f33c78140ce2259df9a7bae92e6cae066b7f54cb0ebdec183ef1ffaf958f6cd24b0bb01e2b6a302fb73e9c5c057554c825e1496ef3b679e77dd7715af

    • SSDEEP

      384:1vxBbK26lj5Id8SpHx9jLhsznnVxA1WmP5w7GGCJlqqwMyNHS6e:Dv8IRRdsxq1DjJcqfH

    Score
    7/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral16

    • Target

      6c3c9af653a28977257ce971ed701b1b893cdf67d5c57baa44a9d76c28675dc3.exe

    • Size

      21KB

    • MD5

      41a7ddd957c89fc7d20b60fbb7526198

    • SHA1

      2b3575ced3fb5227c1b21cb5a5d70de6ee20ac5e

    • SHA256

      6c3c9af653a28977257ce971ed701b1b893cdf67d5c57baa44a9d76c28675dc3

    • SHA512

      c97c733c37423269eefff67c66caf04317dbcfb8dc678cae18b265f9cde57ff0677c93cceaa0cda05e70daa3446d507538f1db9b37a30078568542a8cf67bec5

    • SSDEEP

      384:FZcpzCIqdG3A3WUkx38GZDJuJbf1+o44u8gHzULMc4:SCIqdH/k1ZVcT194jp4LMx

    Score
    7/10
    persistenceupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral17

    • Target

      77186e57b2eeb3ed4b56cfe280d5eeea3155d9502217cda824600bc93d365320.exe

    • Size

      29KB

    • MD5

      4568631011aae49f42e185b46a1a30a5

    • SHA1

      d3e88e07f54ad778b774822bcf283accc22b529b

    • SHA256

      77186e57b2eeb3ed4b56cfe280d5eeea3155d9502217cda824600bc93d365320

    • SHA512

      fc673b7013b9d291258579c18e0466e4e3e6de1fff73900fb3f87ff275aa0064e36620b7774880bbef14ad4e5e968ea46c0ef47484f260468f263cc6d1832cd1

    • SSDEEP

      768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/p:AEwVs+0jNDY1qi/qh

    Score
    7/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral18

    • Target

      7bca70a81cc9e1067e99e313802a4cc095f79bbc3a1aa86b7b3b9eabf3748e61.exe

    • Size

      29KB

    • MD5

      18e2d2d193f1b5e2fe2cec1f6b4c5c38

    • SHA1

      5c9e2ecd155da2d8822187398d58febd1044a1e4

    • SHA256

      7bca70a81cc9e1067e99e313802a4cc095f79bbc3a1aa86b7b3b9eabf3748e61

    • SHA512

      3a961ff5d823450134acc34fb984bd5105fcf02c65692ee5fc7273c6de9fc64185cc548ea1de6d5622d6985e754943a4b4d235458eb41bef469027e6b11a35ba

    • SSDEEP

      768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/9:AEwVs+0jNDY1qi/q1

    Score
    7/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral19

    • Target

      8e934dcd46eb57d42712d097deab6ce00ef1ce2db87d03f8d3d8e8c10da7e088.exe

    • Size

      45KB

    • MD5

      3aa484f942ddfeff67d043fafb9877bb

    • SHA1

      966cbc5b018d94b1797ad5d506ca4d3cb639eca7

    • SHA256

      8e934dcd46eb57d42712d097deab6ce00ef1ce2db87d03f8d3d8e8c10da7e088

    • SHA512

      9356aa0648b93558e0e3af85a9d08449f63c4e6675f82feed9b386425fcbcb7e391b2dfbc114055d0d2b779407b40074f7083205b194c0fa460e99ba8b635612

    • SSDEEP

      768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q

    Score
    7/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral20

    • Target

      9a75c8e353df060ec927ada5990402b57764275f2a860d9cf500a661ec3de060.exe

    • Size

      41KB

    • MD5

      cdc7a9e456810fd6d0a5f9129c633c03

    • SHA1

      3fd75d798773bbb29b26a4c9b9c0635ff52fee57

    • SHA256

      9a75c8e353df060ec927ada5990402b57764275f2a860d9cf500a661ec3de060

    • SHA512

      635346ea4d4c29618469e2aac76e12280e89d44b3fc22e1b522608a5c2352337d20745116e85bcf96e592261d5adb460e1bae8ae2a41e27e0a32298567462c11

    • SSDEEP

      768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q

    Score
    7/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral21

    • Target

      9e067453f09c5cbfa4c5a74fe3e70d7d8e66a25057e6c35240dce5a40ec31bf3.exe

    • Size

      28KB

    • MD5

      f64e4d13a57ae222768b792b2c16158d

    • SHA1

      5a0878beb5a8a464f71629f560b8ac12473776e7

    • SHA256

      9e067453f09c5cbfa4c5a74fe3e70d7d8e66a25057e6c35240dce5a40ec31bf3

    • SHA512

      e9bab92bb7df9414f531b579449c72fd911c9cc0e59809cb6105ef8bdd3cc7818e5626ef57159a7362a82e7cdbfbe2a0f58839e0167a696d3217e622143925a1

    • SSDEEP

      384:1vxBbK26lj5Id8SpHx9jLhsznnVxA1WmP5w7GGCJlqqwMyN7F57Oz:Dv8IRRdsxq1DjJcqfAJOz

    Score
    7/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral22

    • Target

      a9a89ed0d139fbc436794f5d3a8e58c547247039d8c86767b1e2f2bce40e390f.exe

    • Size

      41KB

    • MD5

      ec9e58951bf3e0ff91c5f86cae637dc4

    • SHA1

      8f2e5fce00e3f5265deabaa71a9243d1b936395c

    • SHA256

      a9a89ed0d139fbc436794f5d3a8e58c547247039d8c86767b1e2f2bce40e390f

    • SHA512

      466d31863ee8d7765b436f75588da017b095ac66f86deb8dff41fc2349de456da8dbb59bec863c4a754fc68a210ad8e1c578d968312c9ea0595d4aab7fb2f0a5

    • SSDEEP

      768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q

    Score
    7/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral23

    • Target

      b4ab8f5c8b97307b328ba30fdefdbe4341c4e2c576729fdb5c7329d5b07bb695.exe

    • Size

      41KB

    • MD5

      2f0ded84c37387024cd7145bd7e64e88

    • SHA1

      61803770a6bdf2aafb3f7efcc3c135d63ddd55b5

    • SHA256

      b4ab8f5c8b97307b328ba30fdefdbe4341c4e2c576729fdb5c7329d5b07bb695

    • SHA512

      efe39f1abf0c1ae5662c95bdcc7022e5982069e7656860356643eabf4a567639136125294dfd3ecbde72e0853e886a88b5d085d8c757c7b63f67cb000b510848

    • SSDEEP

      768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q

    Score
    7/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral24

    • Target

      c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe

    • Size

      856KB

    • MD5

      733766ff5495f04d82744291993eb69e

    • SHA1

      2830778313fd7fccc6c8129d419b1757368078fd

    • SHA256

      c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef

    • SHA512

      cf3bf548e743894888ba3ea191a289f09d9f36215e1306aa21e61f0ea81473eec6df01a6e7f05f9251ecb9cc71c654934a53d4916c4152bf8fa4a95119e98cf2

    • SSDEEP

      12288:0zqKbHTadreUv6e2faqsW8lEsbjwepi8K2cE4b5wxH5/uek6JA6QfmpFiMtMv7u3:yPaFnCec8vj1p7pc5bQZ/uesmoqt7jF

    Score
    8/10
    bootkitpersistenceupx

    • Sets DLL path for service in the registry

      persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral25

    • Target

      c45a330cf80c33977658649596d4867301e928381c5fc37ec3edabfad2251324.exe

    • Size

      29KB

    • MD5

      5b4833161897a50ab4688e2990d1d24b

    • SHA1

      0a04dd46bca64169511b4bcdc8ea36eb8ad55012

    • SHA256

      c45a330cf80c33977658649596d4867301e928381c5fc37ec3edabfad2251324

    • SHA512

      df87dacc161a583dbc060ddc60868476ba5a864021644da643475a93805229a633eb8f0ade738f2512e05b7ec3c8647d877bc4658beb475bd6b0347568caaf5e

    • SSDEEP

      768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/l:AEwVs+0jNDY1qi/qN

    Score
    7/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral26

    • Target

      d42fc4dabd9a9e74156d1a856cb542ed2e0796d2d7c6b976c0ac5421a87f9806.exe

    • Size

      29KB

    • MD5

      c4074b5cca1b0e41aa22b8d090ccfd5f

    • SHA1

      8a90f2c08d98c3803003c41147dfdaafa5d31039

    • SHA256

      d42fc4dabd9a9e74156d1a856cb542ed2e0796d2d7c6b976c0ac5421a87f9806

    • SHA512

      b4068d61d348ace4f9712e975b36e5077a34d93566b1ff46ba6933916bfb18fb506ee30b5feaa49a3c714a4636ff1868d499061ea1ec7b41c4fe2c01a34c8e42

    • SSDEEP

      768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/qg:AEwVs+0jNDY1qi/qig

    Score
    7/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral27

    • Target

      d66f6565e97f43030ff6fba9c9550894aad05affb66efaf561ec229d80b0a691.exe

    • Size

      41KB

    • MD5

      e9b62cab54b78180f9cfe8377ca845aa

    • SHA1

      246c69cf987148e7fddafb9c344ae5ba8dab1620

    • SHA256

      d66f6565e97f43030ff6fba9c9550894aad05affb66efaf561ec229d80b0a691

    • SHA512

      f3d8d83272178140986898f2e50f1bc1faa26626d03fc2f989198b37131140d72e38bd59286a70e72498aa4304f761121ee88b2efe0542b846bc2e7f9e72269b

    • SSDEEP

      768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q

    Score
    7/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral28

    • Target

      e16d377c12b63acb694601b4bde36d61839054409e7fae1661fb051892d2ed36.exe

    • Size

      41KB

    • MD5

      edf4ff0bc5da6dabd5e7b78113d73bd8

    • SHA1

      af49d2935b75627f6f748256f10c555d54040f2e

    • SHA256

      e16d377c12b63acb694601b4bde36d61839054409e7fae1661fb051892d2ed36

    • SHA512

      68d5d0a81964eda0b156ef4e82d26ca479d32b4a19dfbec44b4058a6322e8c1f62dff1ea4f7e61812470790a2029b285c365bf6da69d31e99788fdd24e17e2f6

    • SSDEEP

      768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q

    Score
    7/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral29

    • Target

      e302f733d4a31342a0c908055a6e59b3fd8f1ed3ce98750d00251e4f0efe6c02.exe

    • Size

      41KB

    • MD5

      c89cb72586afe2f652ccea009225cec6

    • SHA1

      89617d49fe5366b120d6fe9fa098bca7d3b5e1ad

    • SHA256

      e302f733d4a31342a0c908055a6e59b3fd8f1ed3ce98750d00251e4f0efe6c02

    • SHA512

      dd53d4e714d1f39300a5ac0988877c857546a1f4117bb06e2cd0db567ad8949be1dc4f7fb7ec83e077f546501b72715c8a92af70be89c7c5e30102b6413f6f31

    • SSDEEP

      768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q

    Score
    7/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral30

    • Target

      fe3b2cf08a6224a04194a6555b4593b0a7428cb1fe057c08776d09568fc58cd5.exe

    • Size

      45KB

    • MD5

      455fabda3dcf8184c8e868434db1824d

    • SHA1

      207aae8317a9c16042ae32adc7aed7106a950ab3

    • SHA256

      fe3b2cf08a6224a04194a6555b4593b0a7428cb1fe057c08776d09568fc58cd5

    • SHA512

      363e81837cb00b7f35c5fa73ff0e6a1f15a20e47ce95344b5fcebd6c00457b0aeef4bb27c7b09a620d14b18112e5ae024537f4f11dc96088b8f6de0edc449538

    • SSDEEP

      768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q

    Score
    7/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral31

    • Target

      fff0ccf5feaf5d46b295f770ad398b6d572909b00e2b8bcd1b1c286c70cd9151.exe

    • Size

      22KB

    • MD5

      53df39092394741514bc050f3d6a06a9

    • SHA1

      f91a4d7ac276b8e8b7ae41c22587c89a39ddcea5

    • SHA256

      fff0ccf5feaf5d46b295f770ad398b6d572909b00e2b8bcd1b1c286c70cd9151

    • SHA512

      9792017109cf6ffc783e67be2a4361aa2c0792a359718434fec53e83feed6a9a2f0f331e9951f798e7fb89421fdc1ac0e083527c3d3b6dd71b7fdd90836023a0

    • SSDEEP

      384:96ZQHXcE7hUHwT56cC9Kg65JdwGADkHw/Rjxtuu7VIGGwQWEqpD6:CavuHAUcW/ojwG6kHw/lxqbW

    Score
    7/10
    upx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

28
T1547

Registry Run Keys / Startup Folder

28
T1547.001

Scheduled Task/Job

1
T1053

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

28
T1547

Registry Run Keys / Startup Folder

28
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

28
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

4
T1082

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks

static1

upx
Score
7/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

persistenceupx
Score
8/10

behavioral4

dcratinfostealerrat
Score
10/10

behavioral5

persistenceupx
Score
7/10

behavioral6

persistenceupx
Score
7/10

behavioral7

persistenceupx
Score
7/10

behavioral8

persistenceupx
Score
7/10

behavioral9

persistenceupx
Score
7/10

behavioral10

persistencespywarestealer
Score
7/10

behavioral11

persistenceupx
Score
7/10

behavioral12

persistenceupx
Score
7/10

behavioral13

persistenceupx
Score
7/10

behavioral14

persistenceupx
Score
7/10

behavioral15

persistenceupx
Score
7/10

behavioral16

persistenceupx
Score
7/10

behavioral17

persistenceupx
Score
7/10

behavioral18

persistenceupx
Score
7/10

behavioral19

persistenceupx
Score
7/10

behavioral20

persistenceupx
Score
7/10

behavioral21

persistenceupx
Score
7/10

behavioral22

persistenceupx
Score
7/10

behavioral23

persistenceupx
Score
7/10

behavioral24

persistenceupx
Score
7/10

behavioral25

bootkitpersistenceupx
Score
8/10

behavioral26

persistenceupx
Score
7/10

behavioral27

persistenceupx
Score
7/10

behavioral28

persistenceupx
Score
7/10

behavioral29

persistenceupx
Score
7/10

behavioral30

persistenceupx
Score
7/10

behavioral31

persistenceupx
Score
7/10

behavioral32

upx
Score
7/10