Overview

overview

7

Static

static

7

dos.exe

windows7-x64

7

dos.exe

windows10-2004-x64

7

libeay32.dll

windows7-x64

7

libeay32.dll

windows10-2004-x64

7

ngdqsz.dll

windows7-x64

5

ngdqsz.dll

windows10-2004-x64

5

ssleay32.dll

windows7-x64

7

ssleay32.dll

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    ce674faf0f24911fe8122911b5b06255.bin

  • Size

    12.8MB

  • Sample

    240708-eg7xca1elq

  • MD5

    ce674faf0f24911fe8122911b5b06255

  • SHA1

    871182cd743a9bf4efe1770ccf8d78ee935f1bba

  • SHA256

    fb6f5a25053b0e603747551fb644c8feac3223b122a821dba56641ee28d33cb3

  • SHA512

    06fa100e53a0a18e9ed09628bcec8b0a6eb4869970be22a713c7c6716194d00a302ed99f591cf914a84e380bac4263a3784b2b64e8d3ed831d52f6bced680e38

  • SSDEEP

    196608:KBXTthvMUy/thz2Z8qFCQQw7c4R/5FRijvetrpEUzZBvqHRAawsMbnys2qbZ5rlS:MXPkUQiZ8+ww7c0RpskZkHyFbnMQwYQb

Score
7/10
upx

Malware Config

Targets

    • Target

      dos.exe

    • Size

      892KB

    • MD5

      a59a2d3e5dda7aca6ec879263aa42fd3

    • SHA1

      312d496ec90eb30d5319307d47bfef602b6b8c6c

    • SHA256

      897b0d0e64cf87ac7086241c86f757f3c94d6826f949a1f0fec9c40892c0cecb

    • SHA512

      852972ca4d7f9141ea56d3498388c61610492d36ea7d7af1b36d192d7e04dd6d9bc5830e0dcb0a5f8f55350d4d8aaac2869477686b03f998affbac6321a22030

    • SSDEEP

      24576:bGzl9+a4Ne1nEFI56xU+0IdY2Zv952uetfbFEzP4UFhOt:b+tOWnEFZR0El0JEzQAh

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      libeay32.dll

    • Size

      482KB

    • MD5

      c2703965b8ba0ecf8c5d8a043976facc

    • SHA1

      c578c694d4fe5c15acc3b7aa60e9874d0ded3d54

    • SHA256

      e28e34fbdaff077669586dcdb4e10f0ba2ca6c9973ed4d372a5c3ec3b8ad20e7

    • SHA512

      cb729665206594928a90b29e5c7592120345e92a605122ec6aea564250c4d5d48e1d39c8803820eccde7920aa4d9af99fb3748671de076476d833710b9491d61

    • SSDEEP

      6144:GyAl+J4uce42ylALXYsGB9ZaPEZ3ahnZHFiZlfK/d77ycLFG4683UyS7zooSQQ1z:1Al5SbK0E4Z0EE413UyyzooSTVL

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      ngdqsz.xv

    • Size

      12.7MB

    • MD5

      a25fe3c1592007d0170684ec88e70389

    • SHA1

      c1fd6762c39e538d1fe2bdff383d949a138038e1

    • SHA256

      5b27ab076427abbdf3e9045bd06258cbe86ea7cb02192334b79ee1a2de7ea0ce

    • SHA512

      bac61f3df6ddfb6d00310f2cf24bf16941c74bc82a386a1ce842a4f6f1676800cc32a513239f2e20dfedf4b99d9dfe387d93a379fe875a01002679a528ee6bc3

    • SSDEEP

      393216:RO+/Q6SNgWGa/sqjXcsB9dJu3MnjDDAHg4:RO+/sDIi9dJdDDAH5

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral5behavioral6

    • Target

      ssleay32.dll

    • Size

      106KB

    • MD5

      931c97553b3319f21b9ef249aa3cd244

    • SHA1

      42c6611da2154bb6e0911993cf97071908b48bf2

    • SHA256

      7e643c188a1ee3b0251b7dfcab000b7c48fd840eff35189e8a45901852e3910a

    • SHA512

      790141b758aa68c6384aaf6f85b09f9bc641a300a4e7fa05a74c3f89af090fbbfdcfe3dce24842a8d0c75b874839d505692c1951ed66f57e9840c559820514d3

    • SSDEEP

      3072:7/NkvneF5fIzOLshJ/E2IJYuB4/aoutq:Lq/wAJO28R8aoS

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks