General

  • Target

    qL7tumRgxLj.zip

  • Size

    8.4MB

  • MD5

    63a0b1d5a4d913976d1ebb510cc6aad3

  • SHA1

    c99421a5e174b96962ce4ffe88f84671585214ea

  • SHA256

    73e7ea40a38cb32af35fdc3a66c7af3b86c40ee0af97f187186c21634db4864e

  • SHA512

    37b66765d579b32ff4a9997089ee22cd9b0fca9f76efe4def7171352401912acfb20f0d0ac4953b6c0779b846e35aa9fb83a38d65c0913214d88f1a9f98d6096

  • SSDEEP

    196608:BNFxiXYYs7pwUDR3adXBwogmDNaqX4ViWl/fIKjErGI+ht5f:jFgoHAxfkDVigfryGIyvf

Score
9/10

Malware Config

Signatures

  • CryptOne packer 1 IoCs

    Detects CryptOne packer defined in NCC blogpost.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • qL7tumRgxLj.zip
    .zip

    Password: FAS%$3T

  • README.txt
  • openMe.rar
    .rar

    Password: FAS%$3T

  • Boostrap/Solara X.exe
    .exe windows:4 windows x86 arch:x86

    Password: FAS%$3T

    c05041e01f84e1ccca9c4451f3b6a383


    Headers

    Imports

    Sections

  • $TEMP/Animated
  • $TEMP/Bennett
  • $TEMP/Broker
  • $TEMP/Dell
  • $TEMP/Departments
  • $TEMP/Grow
  • $TEMP/Implementing
  • $TEMP/Int
  • $TEMP/Invalid
  • $TEMP/Italiano
  • $TEMP/Jd
  • $TEMP/Latitude
  • $TEMP/Mailed
  • $TEMP/Manner
  • $TEMP/Matched
  • $TEMP/Nsw
  • $TEMP/Peeing
  • $TEMP/Pitch
  • $TEMP/Portion
  • $TEMP/Pour
  • $TEMP/Quarter
  • $TEMP/Ran
  • $TEMP/Regarding
  • $TEMP/Robinson
  • $TEMP/Roof
  • $TEMP/Roulette
  • $TEMP/Russell
  • $TEMP/Satisfaction
  • $TEMP/Southern
  • $TEMP/Supreme
  • $TEMP/Transparent
  • $TEMP/Une
  • $TEMP/Viii
  • $TEMP/Volt
  • Boostrap/web
    .dll regsvr32 windows:5 windows x86 arch:x86

    Password: FAS%$3T

    a9fd3e7f71a802c8eee0a502f46de991


    Code Sign

    Headers

    Imports

    Exports

    Sections