c7b130f5b5a0c5d2fa4d202143d40393eccd2bcf563c7496a51ee267dd50bc16

Submit
Reports

Overview

overview

Static

static

0d406f17fa...7d.exe

windows7-x64

0d406f17fa...7d.exe

windows10-2004-x64

1396699458...83.elf

debian-9-armhf

18753a0cb6...76.exe

windows7-x64

18753a0cb6...76.exe

windows10-2004-x64

30a973e75f...89.xls

windows7-x64

30a973e75f...89.xls

windows10-2004-x64

3214e308dc...fb.exe

windows7-x64

3214e308dc...fb.exe

windows10-2004-x64

361cd32a75...b5.elf

debian-12-armhf

60be4a7179...3e.elf

debian-12-armhf

6559c81490...6c.exe

windows7-x64

6559c81490...6c.exe

windows10-2004-x64

6845e34952...cc.elf

debian-9-armhf

6fdf5b4b08...0b.elf

debian-12-mipsel

744daca400...ee.exe

windows7-x64

744daca400...ee.exe

windows10-2004-x64

7dc25c4e1e...91.exe

windows7-x64

7dc25c4e1e...91.exe

windows10-2004-x64

819e3765d5...4d.elf

ubuntu-24.04-amd64

835e27dcd5...73.exe

windows7-x64

835e27dcd5...73.exe

windows10-2004-x64

8ed5281c02...d4.elf

ubuntu-22.04-amd64

8fd73ae7fb...da.exe

windows7-x64

8fd73ae7fb...da.exe

windows10-2004-x64

add0cec032...26.exe

windows7-x64

add0cec032...26.exe

windows10-2004-x64

ae7dfe0fe3...a6.exe

windows7-x64

ae7dfe0fe3...a6.exe

windows10-2004-x64

b218376076...26.exe

windows7-x64

b218376076...26.exe

windows10-2004-x64

c7305e86e9...38.exe

windows7-x64

Analysis

max time network
155s
platform
debian-9_armhf
resource
debian9-armhf-20240418-en
resource tags

arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
19-06-2024 01:02

Sharing

Copy URL

Twitter E-mail

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

0d406f17fa6d208a7c58e0907883c1a626ea38f4db206621fd241f8d62f8277d.exe

Resource

win7-20240611-en

agenttesla keylogger spyware stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

0d406f17fa6d208a7c58e0907883c1a626ea38f4db206621fd241f8d62f8277d.exe

Resource

win10v2004-20240611-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral3

Sample

13966994581adf90c88d36fff75eb33c4a79557cf55fd616124a8c77f883e983.elf

Resource

debian9-armhf-20240418-en

debian-9-armhf

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

18753a0cb65d2b75bd60b82de5ac799c5bc39eab29014c5a57fc04685da72076.exe

Resource

win7-20240611-en

socks5systemz botnet discovery

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral5

Sample

18753a0cb65d2b75bd60b82de5ac799c5bc39eab29014c5a57fc04685da72076.exe

Resource

win10v2004-20240508-en

socks5systemz botnet discovery

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral6

Sample

30a973e75f85a9ee9063fc4b17e5c6704f2e58ebfef7abe3e1d55c16f51b2e89.xls

Resource

win7-20240611-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral7

Sample

30a973e75f85a9ee9063fc4b17e5c6704f2e58ebfef7abe3e1d55c16f51b2e89.xls

Resource

win10v2004-20240611-en

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral8

Sample

3214e308dc291ff3e86eefd6f1e36883e9ebe60aa92e8b3f55a0f7ae730790fb.exe

Resource

win7-20240221-en

agenttesla keylogger persistence spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral9

Sample

3214e308dc291ff3e86eefd6f1e36883e9ebe60aa92e8b3f55a0f7ae730790fb.exe

Resource

win10v2004-20240611-en

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral10

Sample

361cd32a750b89857322f54b665f7f8849407ba09074e6303be0f26a351f39b5.elf

Resource

debian12-armhf-20240418-en

discovery

debian-12-armhf

3 signatures

150 seconds

Behavioral task

behavioral11

Sample

60be4a7179ddc4d9f12fba876443b3d782508b26fd3a93f89c4d128396abcb3e.elf

Resource

debian12-armhf-20240221-en

debian-12-armhf

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

6559c8149044fde6c8d7ba12ef151a181a3635d0e5ea673cdbb65aaea3d4156c.exe

Resource

win7-20240220-en

agenttesla execution keylogger spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral13

Sample

6559c8149044fde6c8d7ba12ef151a181a3635d0e5ea673cdbb65aaea3d4156c.exe

Resource

win10v2004-20240508-en

agenttesla execution keylogger spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Behavioral task

behavioral14

Sample

6845e34952a416113dbc6fbffae8245d708c9bab6dc801c16f34a84744a3b7cc.elf

Resource

debian9-armhf-20240418-en

discovery

debian-9-armhf

3 signatures

150 seconds

Behavioral task

behavioral15

Sample

6fdf5b4b08a5894339c26249e190ce627b9585af846573098bed2c050d0ae80b.elf

Resource

debian12-mipsel-20240221-en

debian-12-mipsel

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

744daca400af1f5721eaa529ec3fe427e4837e17ff4766f6bb39643aa488bfee.exe

Resource

win7-20240611-en

agenttesla keylogger spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral17

Sample

744daca400af1f5721eaa529ec3fe427e4837e17ff4766f6bb39643aa488bfee.exe

Resource

win10v2004-20240508-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral18

Sample

7dc25c4e1ebd89f13aa8ecc4fb141a9bf297851781c82d7cb630ce1802e52791.exe

Resource

win7-20240220-en

agenttesla keylogger persistence spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral19

Sample

7dc25c4e1ebd89f13aa8ecc4fb141a9bf297851781c82d7cb630ce1802e52791.exe

Resource

win10v2004-20240508-en

agenttesla keylogger persistence spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Behavioral task

behavioral20

Sample

819e3765d5c40a66951c194f67cdb783e1a711cc3499dd44a43d1cfdec06af4d.elf

Resource

ubuntu2404-amd64-20240523-en

discovery

ubuntu-24.04-amd64

3 signatures

150 seconds

Behavioral task

behavioral21

Sample

835e27dcd567204d905fb88c8a7d9e086349f8fd626721e5364041c15a332f73.exe

Resource

win7-20240611-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral22

Sample

835e27dcd567204d905fb88c8a7d9e086349f8fd626721e5364041c15a332f73.exe

Resource

win10v2004-20240611-en

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral23

Sample

8ed5281c024dc7cf99273c32faa92e358392272a01898958399e324e666c4fd4.elf

Resource

ubuntu2204-amd64-20240522.1-en

ubuntu-22.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

8fd73ae7fb9da6bf5d793b56d1cd12a0f2cd342236cca599fb92ecdc1ea700da.exe

Resource

win7-20240221-en

agenttesla keylogger spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral25

Sample

8fd73ae7fb9da6bf5d793b56d1cd12a0f2cd342236cca599fb92ecdc1ea700da.exe

Resource

win10v2004-20240508-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral26

Sample

add0cec032cff1069925f00734c1296bd4e305c4e07006b3b0fa3b9497d8e626.exe

Resource

win7-20240611-en

agenttesla keylogger spyware stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral27

Sample

add0cec032cff1069925f00734c1296bd4e305c4e07006b3b0fa3b9497d8e626.exe

Resource

win10v2004-20240226-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral28

Sample

ae7dfe0fe3ea9ba1dae5221072a51896c9b6c8384eb6514fb9dacbf9d6c7fca6.exe

Resource

win7-20240221-en

agenttesla keylogger spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral29

Sample

ae7dfe0fe3ea9ba1dae5221072a51896c9b6c8384eb6514fb9dacbf9d6c7fca6.exe

Resource

win10v2004-20240508-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral30

Sample

b2183760768b6dffb3c3f4c28510c6e32cae125d46f5d4e046bbdfd860d46b26.exe

Resource

win7-20240508-en

agenttesla keylogger spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral31

Sample

b2183760768b6dffb3c3f4c28510c6e32cae125d46f5d4e046bbdfd860d46b26.exe

Resource

win10v2004-20240508-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral32

Sample

c7305e86e90093f34bae25efd97eb5a8fed3a6b985b1633ee99ffff608211838.exe

Resource

win7-20240508-en

execution

windows7-x64

7 signatures

150 seconds

Report Analysis Logs

General

Target

6845e34952a416113dbc6fbffae8245d708c9bab6dc801c16f34a84744a3b7cc.elf
Size

61KB
MD5

ba28069faf2b9dbb4345c5db40ede71f
SHA1

9e48423e3893dc5c000b8b99ec3cd6e03377913b
SHA256

6845e34952a416113dbc6fbffae8245d708c9bab6dc801c16f34a84744a3b7cc
SHA512

c749046b98fe666515c65d1f1b76a3beae0ab5498b15e694cfdbd70c57c98ce5714720460bd10f621360327193795829b8478ad08632f88d47b5b40ea4d6ee96
SSDEEP

1536:mWFZrbi9iXq+SlHplLEs7Lgs6oK+o6qL2tY:DT3l6lflLEs7hxKEe2tY

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (100959) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Unexpected DNS network traffic destination 12 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

description	ioc
Destination IP	91.217.137.37
Destination IP	51.254.162.59
Destination IP	94.16.114.254
Destination IP	91.217.137.37
Destination IP	94.16.114.254
Destination IP	94.16.114.254
Destination IP	94.16.114.254
Destination IP	91.217.137.37
Destination IP	91.217.137.37
Destination IP	91.217.137.37
Destination IP	178.254.22.166
Destination IP	94.16.114.254

Processes

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads