Overview
overview
10Static
static
107_zip_installer.exe
windows7-x64
8CHOCORAT.exe
windows7-x64
10ChrisMessage.exe
windows7-x64
1Free Porn.exe
windows7-x64
1Gay Porn Mailer.exe
windows7-x64
1GottaWork.exe
windows7-x64
PleaseWork.exe
windows7-x64
THING.exe
windows7-x64
7Technoturn...AT.exe
windows7-x64
1Verified by Visa.exe
windows7-x64
10abwsx1.exe
windows7-x64
7eee.exe
windows7-x64
1hypno.exe
windows7-x64
8mbam-setup...00.exe
windows7-x64
8molesto.exe
windows7-x64
1runme.exe
windows7-x64
7setup.exe
windows7-x64
3sevgi.exe
windows7-x64
6shrek.exe
windows7-x64
8upnp.exe
windows7-x64
7virus.exe
windows7-x64
10vmdestroyer.exe
windows7-x64
7General
-
Target
CollabVM (FTP Partial).rar
-
Size
78.8MB
-
Sample
240704-wkvjvstcnc
-
MD5
96d1b4d815e96b67b29d157715b3c074
-
SHA1
ae3f969933414b5e901d1df5576c51ae47dc1af4
-
SHA256
c8a496dcf94d5d246dec0747f139957709b63412f48d9a1591ca5e771a988636
-
SHA512
ed5ce8952830e696a76583af4e4b5b685656fb13384b9e73774756774d08c1cb054a427cf6ce954cf28fb04ddf07279e95a22c9e37bb31ff7d12a703238ad4d5
-
SSDEEP
1572864:po7MwiiwnO+khwOPqPACWqc+ZmdClkU6gyxXFaDrOegXCkgO/k/+WwOg:YMXZNOPqPQlCGnx1qrOegXdpk/+TOg
Behavioral task
behavioral1
Sample
7_zip_installer.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
CHOCORAT.exe
Resource
win7-20240220-en
Behavioral task
behavioral3
Sample
ChrisMessage.exe
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
Free Porn.exe
Resource
win7-20231129-en
Behavioral task
behavioral5
Sample
Gay Porn Mailer.exe
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
GottaWork.exe
Resource
win7-20240220-en
Behavioral task
behavioral7
Sample
PleaseWork.exe
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
THING.exe
Resource
win7-20240221-en
Behavioral task
behavioral9
Sample
Technoturnover's RAT.exe
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
Verified by Visa.exe
Resource
win7-20240508-en
Behavioral task
behavioral11
Sample
abwsx1.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
eee.exe
Resource
win7-20240508-en
Behavioral task
behavioral13
Sample
hypno.exe
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
mbam-setup-1.75.0.1300.exe
Resource
win7-20240611-en
Behavioral task
behavioral15
Sample
molesto.exe
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
runme.exe
Resource
win7-20240221-en
Behavioral task
behavioral17
Sample
setup.exe
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
sevgi.exe
Resource
win7-20240419-en
Behavioral task
behavioral19
Sample
shrek.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
upnp.exe
Resource
win7-20240611-en
Behavioral task
behavioral21
Sample
virus.exe
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
vmdestroyer.exe
Resource
win7-20240220-en
Malware Config
Extracted
nanocore
1.2.2.0
70.177.68.141:30005
127.0.0.1:30005
6d38efcc-c3ca-4519-9a65-962ebb7a84ff
-
activate_away_mode
true
-
backup_connection_host
127.0.0.1
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2017-09-02T04:47:37.850801436Z
-
bypass_user_account_control
false
-
bypass_user_account_control_data
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTE2Ij8+DQo8VGFzayB2ZXJzaW9uPSIxLjIiIHhtbG5zPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dpbmRvd3MvMjAwNC8wMi9taXQvdGFzayI+DQogIDxSZWdpc3RyYXRpb25JbmZvIC8+DQogIDxUcmlnZ2VycyAvPg0KICA8UHJpbmNpcGFscz4NCiAgICA8UHJpbmNpcGFsIGlkPSJBdXRob3IiPg0KICAgICAgPExvZ29uVHlwZT5JbnRlcmFjdGl2ZVRva2VuPC9Mb2dvblR5cGU+DQogICAgICA8UnVuTGV2ZWw+SGlnaGVzdEF2YWlsYWJsZTwvUnVuTGV2ZWw+DQogICAgPC9QcmluY2lwYWw+DQogIDwvUHJpbmNpcGFscz4NCiAgPFNldHRpbmdzPg0KICAgIDxNdWx0aXBsZUluc3RhbmNlc1BvbGljeT5QYXJhbGxlbDwvTXVsdGlwbGVJbnN0YW5jZXNQb2xpY3k+DQogICAgPERpc2FsbG93U3RhcnRJZk9uQmF0dGVyaWVzPmZhbHNlPC9EaXNhbGxvd1N0YXJ0SWZPbkJhdHRlcmllcz4NCiAgICA8U3RvcElmR29pbmdPbkJhdHRlcmllcz5mYWxzZTwvU3RvcElmR29pbmdPbkJhdHRlcmllcz4NCiAgICA8QWxsb3dIYXJkVGVybWluYXRlPnRydWU8L0FsbG93SGFyZFRlcm1pbmF0ZT4NCiAgICA8U3RhcnRXaGVuQXZhaWxhYmxlPmZhbHNlPC9TdGFydFdoZW5BdmFpbGFibGU+DQogICAgPFJ1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+ZmFsc2U8L1J1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+DQogICAgPElkbGVTZXR0aW5ncz4NCiAgICAgIDxTdG9wT25JZGxlRW5kPmZhbHNlPC9TdG9wT25JZGxlRW5kPg0KICAgICAgPFJlc3RhcnRPbklkbGU+ZmFsc2U8L1Jlc3RhcnRPbklkbGU+DQogICAgPC9JZGxlU2V0dGluZ3M+DQogICAgPEFsbG93U3RhcnRPbkRlbWFuZD50cnVlPC9BbGxvd1N0YXJ0T25EZW1hbmQ+DQogICAgPEVuYWJsZWQ+dHJ1ZTwvRW5hYmxlZD4NCiAgICA8SGlkZGVuPmZhbHNlPC9IaWRkZW4+DQogICAgPFJ1bk9ubHlJZklkbGU+ZmFsc2U8L1J1bk9ubHlJZklkbGU+DQogICAgPFdha2VUb1J1bj5mYWxzZTwvV2FrZVRvUnVuPg0KICAgIDxFeGVjdXRpb25UaW1lTGltaXQ+UFQwUzwvRXhlY3V0aW9uVGltZUxpbWl0Pg0KICAgIDxQcmlvcml0eT40PC9Qcmlvcml0eT4NCiAgPC9TZXR0aW5ncz4NCiAgPEFjdGlvbnMgQ29udGV4dD0iQXV0aG9yIj4NCiAgICA8RXhlYz4NCiAgICAgIDxDb21tYW5kPiIjRVhFQ1VUQUJMRVBBVEgiPC9Db21tYW5kPg0KICAgICAgPEFyZ3VtZW50cz4kKEFyZzApPC9Bcmd1bWVudHM+DQogICAgPC9FeGVjPg0KICA8L0FjdGlvbnM+DQo8L1Rhc2s+
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
30005
-
default_group
iC Scammer Baited
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
6d38efcc-c3ca-4519-9a65-962ebb7a84ff
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
70.177.68.141
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Extracted
metasploit
windows/reverse_tcp
192.168.75.128:4444
Targets
-
-
Target
7_zip_installer.exe
-
Size
120KB
-
MD5
6500ecbc6246ef726e41a910226eeb70
-
SHA1
63a0db918620989f0520cdaca658c842d3449d4a
-
SHA256
a95da033c563c411be8f49f91584e111e702d1221fdfc22d44dd12d5fe0ef934
-
SHA512
4e5e1b20c8f62304816bf86c53568d0b97e06f82143e8b1020a404c4f2b46026894946b5075aa1b21dd124b96be692a2b0053229688ca2b1d7ac83acd2e1f65b
-
SSDEEP
1536:j8mBfI1/Rx3iQDiA1lKFPqmg368mVFIN2CfLMERcu4CX/BSmnnnnnZ/ihnPOLvOV:jE70aPKY1ga2CfApEkmnnnnnZ/iUvV8
Score8/10-
Disables Task Manager via registry modification
-
-
-
Target
CHOCORAT.exe
-
Size
690KB
-
MD5
01eb0af08528a0ea0e9497a3b6152e06
-
SHA1
0ccc8c1d222c5b3975844155edebc34136704dbe
-
SHA256
576e11eee6d61199ea29fbb0106867913c2e4f22822eb3806df3076ebd15f7d6
-
SHA512
e30511c2c8fad9cb39ff43c6021ca8b0136c27bf1b0c08d5dad2b37e5268373b371a2965cab9cd86530a41862988b21aa28fc28ed201bf07c95012c5121f976c
-
SSDEEP
6144:CaaXMzUmOZoq2ZeiOwAbPQiMtCNeI8MyllmjbO:Rachq1wcQPtzM6snO
Score10/10-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
ChrisMessage.exe
-
Size
522KB
-
MD5
93d9cb69f5aa657a50540a188af1df96
-
SHA1
52e91f10558fca335e36cf4495cbac9be4cc8723
-
SHA256
754634f783c063e33abefeb2c231bd1450d853dbddc918f54946341ca56a8d8e
-
SHA512
d7a02562a26529d53cd7b1b3610fb36bbd210fda429b3e601fb1cec62a490d1a76fc511292f4368f8e437776006f2e693b64ae80d09b164fb6ed0982038c77f2
-
SSDEEP
12288:rbK/wwCN1SYuDyPPhwvowtQjhdOcOSqo2NxNA9K:rAwtDSTahwgwtLcO7o8xNA9K
Score1/10 -
-
-
Target
Free Porn.exe
-
Size
12KB
-
MD5
137860d1b5feb9398ab44431f89d91cb
-
SHA1
456279aefa02cc3eaac1e2bd6534e86742608da5
-
SHA256
fe625188da34d9b6551ce1c34627cefd1a3e4da78f1dacc9442d04bd0ea944b0
-
SHA512
058466f7d3604df1e01f5a4e89402582091fb30225bb7a004b8bd1b89adcc17d3321be273378aba8fe44faf09b7846706ff6be9de635c95b3db4f85934e812eb
-
SSDEEP
48:KrMqTVH79ACs5jJLIb3zPlRVCyXLhG7erSRycGaPqw0+EvWK2:kMGVw3eD1EeGRBDE92
Score1/10 -
-
-
Target
Gay Porn Mailer.exe
-
Size
20KB
-
MD5
4b3bf38438172474c9b3e3096d572282
-
SHA1
e127f1217d0fd39ee1c6f8d40aa6a3fb480a4845
-
SHA256
ae23c8ef1b6f0106c344867ca48101e1c94834e4e2b667879eb99aef0e4cbcf1
-
SHA512
37f31c756ecaf70fb3a8a82ed7bb5e6779534e4003c6c30d93efcc33fd3d2d5c9085c0741ce6e63249029b8b7923ca490507ae881afa9e1d975af781485c1d2b
-
SSDEEP
192:lS7AyNUDyW/MyTqVLEBFvchOIPxlflID94/mZEE:UNTSRaL6vcPPxlflID94/yP
Score1/10 -
-
-
Target
GottaWork.exe
-
Size
768KB
-
MD5
cf82dbe41481472594ae9420f622cc0f
-
SHA1
9e98c8ad6d5d7a804cec2a15a8c9b4a830d59e90
-
SHA256
f511e2862b0aa03dc74abd4babdb7b17ed0c447e8d8e249b8d1a48db27dbbea7
-
SHA512
2fdd1b47329a7c63a6f6b75c98227bb7d6226fe3959179a1dd474c960fee3de9c2361ddf82b412ef01b5cb63e26796dc7e3db95ae6d44a853f302209bb6582fa
-
SSDEEP
12288:AfAVutoEzPRxyjqu7dG1lFlWcYT70pxnnaaoawG3ssPeOCPrZNrI0AilFEvxHvB4:cfM4MROxnFl3ssPeXrZlI0AilFEvxHK
Score1/10 -
-
-
Target
PleaseWork.exe
-
Size
768KB
-
MD5
7ecfc33112992eed678a27c38ea2d6c2
-
SHA1
85e3668a1e4ca0497d97344a10eeefad59e45a20
-
SHA256
07df9e00f1228a1c7dc61ba6767fb7e04ed21242e6fd9690c7cb268bff22c162
-
SHA512
6e75f687cae62a0c52352570e3ca401398e28b127190734ca3befecf62cde468bfe969ebfc6e8d5b29d8d35abad5d7123679fc4305c1d78badc4c9c302e9a765
-
SSDEEP
12288:pfAVutoEzPRxyjqu7dG1lFlWcYT70pxnnaaoawG3ssPeOC2rZNrI0AilFEvxHvB4:zfM4MROxnFl3ssPe+rZlI0AilFEvxHK
Score1/10 -
-
-
Target
THING.EXE
-
Size
58.9MB
-
MD5
0f7b5b1d8676a68d60371c9c79f5e8de
-
SHA1
a07aa8146600e092c9cf90dba10e3ad822689329
-
SHA256
2b8024b6eb8f088dd539b4cea48765e5efb7a7f70708334b3172e54359c28437
-
SHA512
49d56ec265980728583813f641b1b3bdc2efa60060011348cf0e7942a4e1e2ac3006ecaf82e755ac3960275d767a53a3e01d9521bafc979c8caaa47db5ecea37
-
SSDEEP
1572864:R4AVBjIQSzQe3cf7xOCHKYrLn+XxdjrALIjOqWY99n5o+tEeE:RJVBIbzQe3u7KYrCDS9299n573E
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
Technoturnover's RAT.exe
-
Size
6.5MB
-
MD5
ab8dd193d1279b0e39abc21a372c475b
-
SHA1
b465fcd3c81cd130868b4dda5ea2247306c9fa3b
-
SHA256
c6e2f465f16efbabd1a78b2b1edcc164e09c24557e25b07975d9da91c2592add
-
SHA512
dd15bd4f3da2ac6266b3ea8ed866afaf2831cc73c8c56ec0d55c0415d1c6edfb1d8a15e022b902d9ce14df26790bddfb384b5b812e6f67b6ba95d1b0b82722fb
-
SSDEEP
196608:HW6b7+e6aPh7zSPmU4XpPslhVj7Z5XxHKbwqQ:tb7d57zSPT49slZqE
Score1/10 -
-
-
Target
Verified by Visa.exe
-
Size
203KB
-
MD5
317acdfc40a1101e24581e36cbedf08b
-
SHA1
18a4e6f44f5e40602e9a667ee0563ee344858c16
-
SHA256
05e59171a19c97bf2fa9dead4de20645fc41cf9fcbd59fc014cdc7a571c185d3
-
SHA512
5edaa32431dee3dc02c1d3b559ecc6984258876e9307bbaf367c9b1fb80fefee2ba11d46f6f1bedc9aee2481a0d8b904b6e66f909d759b50b94d3a8d05cf4c52
-
SSDEEP
6144:ULV6Bta6dtJmakIM5+72k3q7jrVGxP23GqRNL:ULV6BtpmkPq7jRKP23XL
-
Adds Run key to start application
-
-
-
Target
abwsx1.exe
-
Size
2.1MB
-
MD5
ee2a9d044a6a108da64db29a4056c4fb
-
SHA1
1da144f56f10697cf258fb1a52cea29e5ccf7c8e
-
SHA256
349fb7ff31d01e246881dd9b269b54c07ade4fa288b8c29965c5186311a49684
-
SHA512
f67d973de3224b6319f485db9fe53d2552b9a56b47643dd1d8816fbe2973974f3132210a6c09f880fa444eec28308d8bd0c04c10cbec8d2438438669270165a1
-
SSDEEP
49152:7PiViEE2f7RtawbEfpzYqCfzfNKoFUP8lDrD3GDUgS5:G8D237SM9eElCDjS5
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
eee.exe
-
Size
3KB
-
MD5
7423bea3e3909868bfac4a3470f7b1d0
-
SHA1
896028e56556dfc44e9acb8a543cbd097afe9c0a
-
SHA256
cd2ebff97713b069c0c39a5cd482be2d0e4546b68da718000a8353025ffe45e5
-
SHA512
44578fcc34f0e2fae17aa2b7eb1b37cdd7ce1283dbfbac18061284ea9058d3adf80e754d1644c3ce70371d9dd1e422b4143c467c0ab8b769bc8043e2dd024654
Score1/10 -
-
-
Target
hypno.exe
-
Size
867KB
-
MD5
d5b1d3d2b7a94a95ae09f5e25e3fdc28
-
SHA1
9c6aed952277f1b0d5b8a95233326988442f2ed9
-
SHA256
9a1cba95c631ba10afe33167928ccdaf2f8cde644d79212d36e63a815d711c8a
-
SHA512
0a282ed2b893569233f72d93f78168749959df577bb84e326ce3596a87ba25a6107b8c39070699628c7a403a3094daa573d27e9b5dd540db095640b84940dccf
-
SSDEEP
12288:DMYB9oY6c8IJpFL4KDESOsm0cVIgCJD1rTL:DMYzQczN4KDESPm0gIXDJTL
Score8/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
-
-
Target
mbam-setup-1.75.0.1300.exe
-
Size
9.8MB
-
MD5
683fdd3d773c58b262dc07cd0c6ce938
-
SHA1
d0bc40ebc2a60e259aff000acc025f68ef62da7d
-
SHA256
7efac5a2df9effd2b26de68163ad872d138082512d4403bbf1e1103722bb17bc
-
SHA512
b608da4e3dd2bc45bcc5ae84b7989e1ca8b7f05262418be1a04d70af5be7561835a3b897e21911678ab4c7e2de88891b235ce163c947ce71f227479539fcd2cf
-
SSDEEP
196608:5q5r20GmfsK9aoDKlE5xiKEsP/GfvUhWhyyvJ9ryBvX5NV3:52TGmxIKKKjivjv/hlh8vpP
-
Drops file in Drivers directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
molesto.exe
-
Size
253KB
-
MD5
8b212a3d1b33635777e14cfb64f9707a
-
SHA1
40607d6a34a4c99f907c3f0823fb08b103dd49ae
-
SHA256
ae02f370c8fea8bf69779fc3fe485a3286e0596c0a92ca2ce7839cfd84fcd7c0
-
SHA512
d62470ca0be97e19cba79464ae6adff957665823f05991e5df41bc753db104a607a22d61d5c70d784f4308c6e4803470e755f8630a052d82d5a7e9105547dea8
-
SSDEEP
6144:wOpE+siBjkvY1Vs09SV2vnX14RaIH+v547IUBU93u1eiqe:wOkiBjkA1VsyRvnXMHoS7Ifedl
Score1/10 -
-
-
Target
runme.exe
-
Size
100KB
-
MD5
b0feccddd78039aed7f1d68dae4d73d3
-
SHA1
8fcffb3ae7af33b9b83af4c5acbb044f888eeabf
-
SHA256
5714efd4746f7796bbc52a272f8e354f67edfb50129d5fdaa1396e920956d0d6
-
SHA512
b02b9476eeb9c43fcfef56949f867c1c88f152d65f3961a2838b8bff02df2383945aefb9a8c517ac78d79b5a9163c7677f5b6238f4624b1966994c9c09eb428d
-
SSDEEP
1536:ThBfyxwMz14BSSQGRwmkwmGDAzGC6TaPAlbv/g:1BKxwMz14wSQGGUDAATaPAlbv/g
Score7/10-
Modifies system executable filetype association
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
setup.exe
-
Size
7KB
-
MD5
0b2808cbee4dc69262d8f665c03ad4c3
-
SHA1
3db12c02b5ed3feaa0cae60189bad7d41f463c60
-
SHA256
a7b8028746ec3702a243c8d11a227f22c57b113efe26e735558ad510ed1feb7f
-
SHA512
87eb12c4b7e3428a9f51b79db89b5553a05dd51886d634d32d031f31208fef81a39de5419b42362a8c229da082088996b2ad7323508039160fb72fab80b2e969
-
SSDEEP
192:ILjeoldaLiN+pSiSSa/VunlYJLLLTeHEdqHJ:ILjFdaLiwSSChPLTeHzH
Score3/10 -
-
-
Target
sevgi.exe
-
Size
389KB
-
MD5
fee5f4cdd13ee7de37c507dc91c9e5bd
-
SHA1
2b467b9b303a3de6eca5d8c74eb98eed23005b3a
-
SHA256
d3d104146925611647eacccfc47196c953847c094541db268bde078dba063dd6
-
SHA512
2098edca042403cfa849c45233f868470cfc90fe84f563ff2ac8853a3d763680798c4d4229594b97febcc415162bd29be5bdfb1a4e72a0e057d11ca3946fe02e
-
SSDEEP
6144:NSxmRtRSaY4CHNRnjzyy/hzRMfa2sjQrFJMUOfwJSB9qbhWh:NSxmRthTwn1vMjZrFWtwJSca
Score6/10-
Adds Run key to start application
-
-
-
Target
shrek.exe
-
Size
1.3MB
-
MD5
95462c3241a0da037ed1dddfbefb3212
-
SHA1
2fc2bdbb697e8738fd8e310868fc7f10efcadd31
-
SHA256
24cb8619b1e699e2a85aba8d2690e5649e9de525f7967676823f397c9c8e5da8
-
SHA512
8deafbce2397061abfa73c70b4be0c96d5cddf7d43cfedd86f6a3539d260548207db21b9b55c6bbdce9fc4902e8ab5e1f383f0285b0a66fb7360d6d5adf9e1d7
-
SSDEEP
24576:ICdxte/80jYLT3U1jfsWarVlDuNb+5KpcFaQ:Bw80cTsjkWarXuNbKD
Score8/10-
Blocklisted process makes network request
-
-
-
Target
upnp.exe
-
Size
12KB
-
MD5
13804f8dc4e72ba103d5e34de895c9db
-
SHA1
03d7a0500ccb2fef3222ed1eb55f2cbedbb8b8c5
-
SHA256
da659d8c05cfcb5f0abe167191665359123643000d12140836c28d204294ceb6
-
SHA512
9abb98795a1b1c142c50c7c110966b4249972de5b1f40445b27d70c3127140b0ddaaada1d92297e96ffd71177b12cd87749953ffdcf6e5da7803b9f9527d7652
-
SSDEEP
192:NfPZyzqwizgU1sxCa49gqiVpEu6Tg/g7mj2D4VClx1RZ2UHnpoDkBTVh:N3Zyz8gCda49gTFJ/g7mY2CLtHnCDk/
Score7/10 -
-
-
Target
virus.exe
-
Size
72KB
-
MD5
f6059fd02286a28725bbf32da112096c
-
SHA1
9b7d4c3ef9d2a0feb11ad6389000fee0eecd5275
-
SHA256
628271669a0d2d8579cbe23128e1df7bcfa52f791f8caa597236a6bb031a6233
-
SHA512
0f5d3307a7122a345a5e4fc1e386523bb4b9a348cf39f28942bcbb1a9765847ddc9ff6dd54c8c3e5852314f9dfd02b199115511e7a310dd79c1811651fd348f8
-
SSDEEP
1536:IteXQFYyXi4XYcFyaV8bK+vmO6V1eVOMb+KR0Nc8QsJq39:AeAnXXY28bCJwOe0Nc8QsC9
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
-
-
Target
vmdestroyer.exe
-
Size
723KB
-
MD5
de7a4bbcaa7cfd08acc6868c59a11577
-
SHA1
ef84be5b53a77fd9bb8ab5d000f72f8c9c0a7291
-
SHA256
16636e50367a0ec90607ba0d1bccc31c08b9dc4cd104c1a77982a201b4d135e7
-
SHA512
e7272017c817ac8aa1c6aa87261d571ded274aea4f0550264eda7f10a1681a0300b61420f3c3b549fec564b707f3a86122e38941690d99fa26c16c6e351ed00b
-
SSDEEP
12288:JozGdX0M4ornOmZIzfMwHHQmRROXKTHVVlXPmu5OA4Kp:J4GHnhIzOaZVloA4Kp
Score7/10-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Scheduled Task/Job
1Scheduled Task
1