General
-
Target
MyDoom.zip
-
Size
7.4MB
-
Sample
240612-tgps4a1bqh
-
MD5
67a0019ef0d6a0e457151452d6d1e64e
-
SHA1
f74247dc2feeebc38b2a86e8e919160798b27fd9
-
SHA256
195688fdc5454fb7f6ba8188015e395bfe86876a9c0e28b818944ee264f0e77c
-
SHA512
2b03b2523ac6f9fa01cbc38e572cdf8b60e0bd73d48813db0dfdd7df45896622f21a6dc16f6d68a1e062cdb1c8983768d8cef737393e7e91ef31f3509d40c45e
-
SSDEEP
196608:jZiFnVyuWadlIK+pU3Y40y9InO+K8Lsi2X:1iFnVyuWaP6paY4PuPt2X
Malware Config
Targets
-
-
Target
00b9b6cf27deeda8de99d1719ef724808afa92080026df8dd17159be8ea420f7.exe
-
Size
879KB
-
MD5
af466faccd8bbab030d12caf7b16ea61
-
SHA1
e18711fe226d39fe182c45ea1a15ccc587980b67
-
SHA256
00b9b6cf27deeda8de99d1719ef724808afa92080026df8dd17159be8ea420f7
-
SHA512
2599b3b6db13c14e36bc24980da5457c8788624050ad727d2b1d8975b6405e1a6dfee9829a849900edcc7cc831b69604cce9e6e7e0080835e426df343a1d6e64
-
SSDEEP
12288:D+of7uHr7XLo+U90C447TmTWCsNWGHBm++WDzLGfWCayErUUxmptN:Dr7uH3vu0B4OWZxPDnG5ErUn
Score1/10 -
-
-
Target
05500734fe07ac2b5bc89aa12b090203c4b74851cb0d62bd388f27ec6d6caa81.exe
-
Size
15KB
-
MD5
32915fef0066f3a580ae9389d83e195f
-
SHA1
e000d59d91a6039c28a628ec436f680f41e8ffec
-
SHA256
05500734fe07ac2b5bc89aa12b090203c4b74851cb0d62bd388f27ec6d6caa81
-
SHA512
57d43daac4bc5d550bed9724dc8c2041111dba3f3a52fca7b688e3d6b64267c34c537b8045d974e007412f504aeb3428f571c360b053faff7c040c4bc235cbd8
-
SSDEEP
192:F7r4fe9FV9wQw0XJ58CWuVmcmLQ4k8Md0QiyIWNMrXRkf1ZdDjgXFk3AaDvFmv:FAfe7wQw+4Cc84ZM6eIkf1Z1jgXKHC
Score1/10 -
-
-
Target
0b75e2fadffc45dff940e58f5b6f8d99832426bb880f432f98d853308b29c9c5.exe
-
Size
355KB
-
MD5
ff4c98aae03f63b8256dd765e99f5934
-
SHA1
db774f2c4a2ed02f42effd6016e6ee7b8ae5cfde
-
SHA256
0b75e2fadffc45dff940e58f5b6f8d99832426bb880f432f98d853308b29c9c5
-
SHA512
eea1f000945adf51217d3b3e6faaa947c683de5c278ce0c7870360d959d65347804b563853d32ce2d49bd6fb0567c9d0d065ee561bb4b16d66af1bbd98197c1d
-
SSDEEP
6144:wlZzOaQGDj25OFco79+ITkBXkHQYfrF1aK0FAbw1lZzOR0x0k5kPFOM+11c5K9b:YZTP2kioZD1rUxPZA0x/ksB9b
Score8/10-
Drops file in Drivers directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
0d5fa75218e5eb97fccbcf36d3bbd9cd77247260977f69c50deb29399ee0e464.exe
-
Size
9.4MB
-
MD5
813b749967045532f86e6442447bcd8b
-
SHA1
8d0615e7f7ba672a3fc94c05a9451f9d08797af7
-
SHA256
0d5fa75218e5eb97fccbcf36d3bbd9cd77247260977f69c50deb29399ee0e464
-
SHA512
47c16f403ab33ebb9e59c7c3a053dc29d0d654174d2be9153966ad9fc873e641f34ab44c7e38fb4c6fd376b384d4e1da0dacafb384e9abb1c7eb92cb32533877
-
SSDEEP
24576:GYx7SFGwWG8/Ad5kybgeK8uQY2ZqR7NlaDbTxnVhv2MMLdGIhJ:IFFbK8q2ZhDbTNv2MuV
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
1760c5727e5568d3b18a1cbf0d50c311613699af8233c96fb3eee197f438ce9c.exe
-
Size
28KB
-
MD5
e26570922a9373c1f3a06f647ddd10a4
-
SHA1
e0f6853e39e0b9fbcb3062bb7e15b8734b9df9f3
-
SHA256
1760c5727e5568d3b18a1cbf0d50c311613699af8233c96fb3eee197f438ce9c
-
SHA512
e17a8c1ca8aa6c65106831086f203736b7bdd92c54d2487f381f7d7303a5f3852859935ef55a913dd8856c6015a5f9414308430ae1ff4b5690743025f8ff4c70
-
SSDEEP
384:1vxBbK26lj5Id8SpHx9jLhsznnVxA1WmP5w7GGCJlqqwMyNQ05:Dv8IRRdsxq1DjJcqf8
Score7/10-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
1fe99fb7c527a90826896e695f23e712375358df3c7aa9163af6b96d872a9f81.exe
-
Size
21KB
-
MD5
26b8bc40d95b979e1e708a9f843242ad
-
SHA1
229284e8cb74bbfae647eb160e4188bda3e50721
-
SHA256
1fe99fb7c527a90826896e695f23e712375358df3c7aa9163af6b96d872a9f81
-
SHA512
e53fb1b351f47227c1568718c99cc78048507518ac823cebccddebdc630845f9c972a746036f67d416275bdb1667d298ddd6a0fd4e0fea4dc096d7c2cfcf0625
-
SSDEEP
384:FZcpzCIqdG3A3WUkx38GZDJuJbf1+o44u8gHzU4ek+:SCIqdH/k1ZVcT194jp44eD
Score7/10-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
23361735678f37d77510b22306c727a987f84c87143bb0062f3d76413c36fc98.exe
-
Size
21KB
-
MD5
3f122d9a0b7a9f1aa8c973d170ee8d55
-
SHA1
3fb032e1a7a3a9cc5ce0d5f03fbb7f74a063ce39
-
SHA256
23361735678f37d77510b22306c727a987f84c87143bb0062f3d76413c36fc98
-
SHA512
25b3db24d20482476e07e29bcee1e231e106d1ec8e36bc390960085595816268ced9c6d392ee21e48c0643801e14c4bb88e1d006fc35467a1abf7b66a423fad4
-
SSDEEP
384:FZcpzCIqdG3A3WUkx38GZDJuJbf1+o44u8gHzUEBI:SCIqdH/k1ZVcT194jp4ES
Score7/10-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
2522b83852588bc0f7f620f9b4fe3a9337b9608be335d3958d190275f333df03.exe
-
Size
49KB
-
MD5
d4aae2114968c886660e4cbf1c694160
-
SHA1
c5b6d1ccc5f238686f3be7bfff44c9b612d74efb
-
SHA256
2522b83852588bc0f7f620f9b4fe3a9337b9608be335d3958d190275f333df03
-
SHA512
69d0c95abcb789b5e638e826c0b827634fb076248c659b1d2d62741383a62510d6ad6b1e6c16ea1a2ab7f2ac271ba56958e0f070def4a33c6bcaacba848c8395
-
SSDEEP
768:nqQ07c92/EyTAYtxqfGNC0klI7C8ycYlI5P194jp49w404LY:n87wc1aGNC0klI7CPpIFa69wAY
Score7/10-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
2af6bc16f25822d6d2f1429bc15f3d47f6c0bcb026ba387249d173fc753919b2.exe
-
Size
22KB
-
MD5
44fad0089dd3b0b481f30486646fd3f0
-
SHA1
54a3e4359bedeba0d8747e2bc7e94ebbd48feef3
-
SHA256
2af6bc16f25822d6d2f1429bc15f3d47f6c0bcb026ba387249d173fc753919b2
-
SHA512
7137de8a76aa91bc921a7334dde182eaa786a42bc5dc7369e9265f9226ea52bedf003e8ba707f297d880828daa5f1183233d985cb98e371eb711c2523a1a0acc
-
SSDEEP
384:FZcpzCIqdG3A3WUkx38GZDJuJbf1+o44u8gHzUIegaC3:SCIqdH/k1ZVcT194jp4IegaC3
Score7/10-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe
-
Size
41KB
-
MD5
3e67d212278e1af5be913d236399fcf6
-
SHA1
f993125ed4af1de6a551a6e0843a6d124cd46f27
-
SHA256
3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464
-
SHA512
f7e6394c9f9fdd6a03c72aaece5b4911cb821680a632f94b622b12d94cff9873d93b2c6604016524bdab4dd6e4b70b532c440f6b296138677be19e078ad23ec7
-
SSDEEP
768:/eMc5VwWt1jDkbXdnTOyQxHFO+IxX2P5LIbbcPYir2lAqcdF0i09sy:/q5VwWDjDkdTRqHFOn8tIbbeYiuZIFSl
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
-
-
Target
3db846a796caa001666df8f7cae709fff02f984711b0e70e0e79c457d631b4e5.exe
-
Size
41KB
-
MD5
b1f6a4cc592f3c9f7d4b69c02ac74d11
-
SHA1
db2db17c1d3e2c4f3a45aad9215cc77ed455ffcc
-
SHA256
3db846a796caa001666df8f7cae709fff02f984711b0e70e0e79c457d631b4e5
-
SHA512
66c3d5cb3c9bf13604748853797e4c1a1eae13d52cdf43f16da0b1b180ad0c10102a2935d4d6bd0549f6e48427c0181cbb07f1ee664274727dff0cc61e5075c5
-
SSDEEP
768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q
Score7/10-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
493813116f32ad6f455676cd54e32a2167ece845038202614cbb49e126f5afdc.exe
-
Size
21KB
-
MD5
fd6deb4cda087d7a60b6b28104fad84b
-
SHA1
6826e88b55a2794f9ea72c86bb9cfd084fe2aee9
-
SHA256
493813116f32ad6f455676cd54e32a2167ece845038202614cbb49e126f5afdc
-
SHA512
afa16663956ffa8d50d7a6622c7cb01d9b01f83c1ef21dfce1eeffc8cc217499e7a78bcea952b59c501caa71b3aaa5b2c144ed30529685efb55266678eb18dc3
-
SSDEEP
384:FZcpzCIqdG3A3WUkx38GZDJuJbf1+o44u8gHzUMO2:SCIqdH/k1ZVcT194jp4N2
Score7/10-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
4d61a61265cdd942cff973609170529eaf19579b5d17e64deccbd6f6f1fdfa08.exe
-
Size
29KB
-
MD5
0d14590170f35263c0e3f0e0e1594720
-
SHA1
21414e31724eb95408a4031a0c0508b2a12260e7
-
SHA256
4d61a61265cdd942cff973609170529eaf19579b5d17e64deccbd6f6f1fdfa08
-
SHA512
76e6fbd04c08b749b46ce1499e15ad58d7bb8d0c20db0a0fae54001f973aaa73e961cf80558c090d31d7f69918562c519c01c2cb441548feca63cea37792aa3c
-
SSDEEP
768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/V:AEwVs+0jNDY1qi/qt
Score7/10-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
510827ce687ad00545a1726c25a00f65e7d685b7dcd857fc6f11a0392feee5c5.exe
-
Size
28KB
-
MD5
6cdec3ccff3c2a0c2602bc89443f865f
-
SHA1
cf7ac47ec2e5b261786c9c11d30a09050bf459be
-
SHA256
510827ce687ad00545a1726c25a00f65e7d685b7dcd857fc6f11a0392feee5c5
-
SHA512
c97f74a3486b1018c2413473a82ca9d1f777c05993c4b3da4adca0006165107c2ecd14251f77e3cfcd8ea3949f64332e35e43648426f750aad8eb597f87370bb
-
SSDEEP
384:1vxBbK26lj5Id8SpHx9jLhsznnVxA1WmP5w7GGCJlqqwMyNanRiEMnY:Dv8IRRdsxq1DjJcqfFRn4Y
Score7/10-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
5642f8bd3bc151349ded1a3c160c037c26194c9da2b7ace5d8ca11cddb57612a.exe
-
Size
41KB
-
MD5
64276638075d3cab665966be7f366682
-
SHA1
3fb9c599d5dc9188332b4a9c0f1262c07ee24699
-
SHA256
5642f8bd3bc151349ded1a3c160c037c26194c9da2b7ace5d8ca11cddb57612a
-
SHA512
1bbd7440a14f8651ef4433cdda3a48071024838688f8ff88a0688cf56f28854232446f655731a44d1f02f1e572697e132f06c92dfa170825433154042be02826
-
SSDEEP
768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q
Score7/10-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
6c37d14d5ad674e4c0fa8df0a999be6b27399936c9ff16f7fb30b802addb7b4c.exe
-
Size
28KB
-
MD5
e5128ece1b9916a6df7cd56d66c193c2
-
SHA1
c99f687b182f3dee71e8434360595832ea431075
-
SHA256
6c37d14d5ad674e4c0fa8df0a999be6b27399936c9ff16f7fb30b802addb7b4c
-
SHA512
67b9166f33c78140ce2259df9a7bae92e6cae066b7f54cb0ebdec183ef1ffaf958f6cd24b0bb01e2b6a302fb73e9c5c057554c825e1496ef3b679e77dd7715af
-
SSDEEP
384:1vxBbK26lj5Id8SpHx9jLhsznnVxA1WmP5w7GGCJlqqwMyNHS6e:Dv8IRRdsxq1DjJcqfH
Score7/10-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
6c3c9af653a28977257ce971ed701b1b893cdf67d5c57baa44a9d76c28675dc3.exe
-
Size
21KB
-
MD5
41a7ddd957c89fc7d20b60fbb7526198
-
SHA1
2b3575ced3fb5227c1b21cb5a5d70de6ee20ac5e
-
SHA256
6c3c9af653a28977257ce971ed701b1b893cdf67d5c57baa44a9d76c28675dc3
-
SHA512
c97c733c37423269eefff67c66caf04317dbcfb8dc678cae18b265f9cde57ff0677c93cceaa0cda05e70daa3446d507538f1db9b37a30078568542a8cf67bec5
-
SSDEEP
384:FZcpzCIqdG3A3WUkx38GZDJuJbf1+o44u8gHzULMc4:SCIqdH/k1ZVcT194jp4LMx
Score7/10-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
77186e57b2eeb3ed4b56cfe280d5eeea3155d9502217cda824600bc93d365320.exe
-
Size
29KB
-
MD5
4568631011aae49f42e185b46a1a30a5
-
SHA1
d3e88e07f54ad778b774822bcf283accc22b529b
-
SHA256
77186e57b2eeb3ed4b56cfe280d5eeea3155d9502217cda824600bc93d365320
-
SHA512
fc673b7013b9d291258579c18e0466e4e3e6de1fff73900fb3f87ff275aa0064e36620b7774880bbef14ad4e5e968ea46c0ef47484f260468f263cc6d1832cd1
-
SSDEEP
768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/p:AEwVs+0jNDY1qi/qh
Score7/10-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
7bca70a81cc9e1067e99e313802a4cc095f79bbc3a1aa86b7b3b9eabf3748e61.exe
-
Size
29KB
-
MD5
18e2d2d193f1b5e2fe2cec1f6b4c5c38
-
SHA1
5c9e2ecd155da2d8822187398d58febd1044a1e4
-
SHA256
7bca70a81cc9e1067e99e313802a4cc095f79bbc3a1aa86b7b3b9eabf3748e61
-
SHA512
3a961ff5d823450134acc34fb984bd5105fcf02c65692ee5fc7273c6de9fc64185cc548ea1de6d5622d6985e754943a4b4d235458eb41bef469027e6b11a35ba
-
SSDEEP
768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/9:AEwVs+0jNDY1qi/q1
Score7/10-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
8e934dcd46eb57d42712d097deab6ce00ef1ce2db87d03f8d3d8e8c10da7e088.exe
-
Size
45KB
-
MD5
3aa484f942ddfeff67d043fafb9877bb
-
SHA1
966cbc5b018d94b1797ad5d506ca4d3cb639eca7
-
SHA256
8e934dcd46eb57d42712d097deab6ce00ef1ce2db87d03f8d3d8e8c10da7e088
-
SHA512
9356aa0648b93558e0e3af85a9d08449f63c4e6675f82feed9b386425fcbcb7e391b2dfbc114055d0d2b779407b40074f7083205b194c0fa460e99ba8b635612
-
SSDEEP
768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q
Score7/10-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
9a75c8e353df060ec927ada5990402b57764275f2a860d9cf500a661ec3de060.exe
-
Size
41KB
-
MD5
cdc7a9e456810fd6d0a5f9129c633c03
-
SHA1
3fd75d798773bbb29b26a4c9b9c0635ff52fee57
-
SHA256
9a75c8e353df060ec927ada5990402b57764275f2a860d9cf500a661ec3de060
-
SHA512
635346ea4d4c29618469e2aac76e12280e89d44b3fc22e1b522608a5c2352337d20745116e85bcf96e592261d5adb460e1bae8ae2a41e27e0a32298567462c11
-
SSDEEP
768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q
Score7/10-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
9e067453f09c5cbfa4c5a74fe3e70d7d8e66a25057e6c35240dce5a40ec31bf3.exe
-
Size
28KB
-
MD5
f64e4d13a57ae222768b792b2c16158d
-
SHA1
5a0878beb5a8a464f71629f560b8ac12473776e7
-
SHA256
9e067453f09c5cbfa4c5a74fe3e70d7d8e66a25057e6c35240dce5a40ec31bf3
-
SHA512
e9bab92bb7df9414f531b579449c72fd911c9cc0e59809cb6105ef8bdd3cc7818e5626ef57159a7362a82e7cdbfbe2a0f58839e0167a696d3217e622143925a1
-
SSDEEP
384:1vxBbK26lj5Id8SpHx9jLhsznnVxA1WmP5w7GGCJlqqwMyN7F57Oz:Dv8IRRdsxq1DjJcqfAJOz
Score7/10-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
a9a89ed0d139fbc436794f5d3a8e58c547247039d8c86767b1e2f2bce40e390f.exe
-
Size
41KB
-
MD5
ec9e58951bf3e0ff91c5f86cae637dc4
-
SHA1
8f2e5fce00e3f5265deabaa71a9243d1b936395c
-
SHA256
a9a89ed0d139fbc436794f5d3a8e58c547247039d8c86767b1e2f2bce40e390f
-
SHA512
466d31863ee8d7765b436f75588da017b095ac66f86deb8dff41fc2349de456da8dbb59bec863c4a754fc68a210ad8e1c578d968312c9ea0595d4aab7fb2f0a5
-
SSDEEP
768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q
Score7/10-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
b4ab8f5c8b97307b328ba30fdefdbe4341c4e2c576729fdb5c7329d5b07bb695.exe
-
Size
41KB
-
MD5
2f0ded84c37387024cd7145bd7e64e88
-
SHA1
61803770a6bdf2aafb3f7efcc3c135d63ddd55b5
-
SHA256
b4ab8f5c8b97307b328ba30fdefdbe4341c4e2c576729fdb5c7329d5b07bb695
-
SHA512
efe39f1abf0c1ae5662c95bdcc7022e5982069e7656860356643eabf4a567639136125294dfd3ecbde72e0853e886a88b5d085d8c757c7b63f67cb000b510848
-
SSDEEP
768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q
Score7/10-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe
-
Size
856KB
-
MD5
733766ff5495f04d82744291993eb69e
-
SHA1
2830778313fd7fccc6c8129d419b1757368078fd
-
SHA256
c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef
-
SHA512
cf3bf548e743894888ba3ea191a289f09d9f36215e1306aa21e61f0ea81473eec6df01a6e7f05f9251ecb9cc71c654934a53d4916c4152bf8fa4a95119e98cf2
-
SSDEEP
12288:0zqKbHTadreUv6e2faqsW8lEsbjwepi8K2cE4b5wxH5/uek6JA6QfmpFiMtMv7u3:yPaFnCec8vj1p7pc5bQZ/uesmoqt7jF
Score8/10-
Sets DLL path for service in the registry
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
c45a330cf80c33977658649596d4867301e928381c5fc37ec3edabfad2251324.exe
-
Size
29KB
-
MD5
5b4833161897a50ab4688e2990d1d24b
-
SHA1
0a04dd46bca64169511b4bcdc8ea36eb8ad55012
-
SHA256
c45a330cf80c33977658649596d4867301e928381c5fc37ec3edabfad2251324
-
SHA512
df87dacc161a583dbc060ddc60868476ba5a864021644da643475a93805229a633eb8f0ade738f2512e05b7ec3c8647d877bc4658beb475bd6b0347568caaf5e
-
SSDEEP
768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/l:AEwVs+0jNDY1qi/qN
Score7/10-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
d42fc4dabd9a9e74156d1a856cb542ed2e0796d2d7c6b976c0ac5421a87f9806.exe
-
Size
29KB
-
MD5
c4074b5cca1b0e41aa22b8d090ccfd5f
-
SHA1
8a90f2c08d98c3803003c41147dfdaafa5d31039
-
SHA256
d42fc4dabd9a9e74156d1a856cb542ed2e0796d2d7c6b976c0ac5421a87f9806
-
SHA512
b4068d61d348ace4f9712e975b36e5077a34d93566b1ff46ba6933916bfb18fb506ee30b5feaa49a3c714a4636ff1868d499061ea1ec7b41c4fe2c01a34c8e42
-
SSDEEP
768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/qg:AEwVs+0jNDY1qi/qig
Score7/10-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
d66f6565e97f43030ff6fba9c9550894aad05affb66efaf561ec229d80b0a691.exe
-
Size
41KB
-
MD5
e9b62cab54b78180f9cfe8377ca845aa
-
SHA1
246c69cf987148e7fddafb9c344ae5ba8dab1620
-
SHA256
d66f6565e97f43030ff6fba9c9550894aad05affb66efaf561ec229d80b0a691
-
SHA512
f3d8d83272178140986898f2e50f1bc1faa26626d03fc2f989198b37131140d72e38bd59286a70e72498aa4304f761121ee88b2efe0542b846bc2e7f9e72269b
-
SSDEEP
768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q
Score7/10-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
e16d377c12b63acb694601b4bde36d61839054409e7fae1661fb051892d2ed36.exe
-
Size
41KB
-
MD5
edf4ff0bc5da6dabd5e7b78113d73bd8
-
SHA1
af49d2935b75627f6f748256f10c555d54040f2e
-
SHA256
e16d377c12b63acb694601b4bde36d61839054409e7fae1661fb051892d2ed36
-
SHA512
68d5d0a81964eda0b156ef4e82d26ca479d32b4a19dfbec44b4058a6322e8c1f62dff1ea4f7e61812470790a2029b285c365bf6da69d31e99788fdd24e17e2f6
-
SSDEEP
768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q
Score7/10-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
e302f733d4a31342a0c908055a6e59b3fd8f1ed3ce98750d00251e4f0efe6c02.exe
-
Size
41KB
-
MD5
c89cb72586afe2f652ccea009225cec6
-
SHA1
89617d49fe5366b120d6fe9fa098bca7d3b5e1ad
-
SHA256
e302f733d4a31342a0c908055a6e59b3fd8f1ed3ce98750d00251e4f0efe6c02
-
SHA512
dd53d4e714d1f39300a5ac0988877c857546a1f4117bb06e2cd0db567ad8949be1dc4f7fb7ec83e077f546501b72715c8a92af70be89c7c5e30102b6413f6f31
-
SSDEEP
768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q
Score7/10-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
fe3b2cf08a6224a04194a6555b4593b0a7428cb1fe057c08776d09568fc58cd5.exe
-
Size
45KB
-
MD5
455fabda3dcf8184c8e868434db1824d
-
SHA1
207aae8317a9c16042ae32adc7aed7106a950ab3
-
SHA256
fe3b2cf08a6224a04194a6555b4593b0a7428cb1fe057c08776d09568fc58cd5
-
SHA512
363e81837cb00b7f35c5fa73ff0e6a1f15a20e47ce95344b5fcebd6c00457b0aeef4bb27c7b09a620d14b18112e5ae024537f4f11dc96088b8f6de0edc449538
-
SSDEEP
768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q
Score7/10-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
fff0ccf5feaf5d46b295f770ad398b6d572909b00e2b8bcd1b1c286c70cd9151.exe
-
Size
22KB
-
MD5
53df39092394741514bc050f3d6a06a9
-
SHA1
f91a4d7ac276b8e8b7ae41c22587c89a39ddcea5
-
SHA256
fff0ccf5feaf5d46b295f770ad398b6d572909b00e2b8bcd1b1c286c70cd9151
-
SHA512
9792017109cf6ffc783e67be2a4361aa2c0792a359718434fec53e83feed6a9a2f0f331e9951f798e7fb89421fdc1ac0e083527c3d3b6dd71b7fdd90836023a0
-
SSDEEP
384:96ZQHXcE7hUHwT56cC9Kg65JdwGADkHw/Rjxtuu7VIGGwQWEqpD6:CavuHAUcW/ojwG6kHw/lxqbW
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Pre-OS Boot
1Bootkit
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Scheduled Task/Job
1