442bc1d9cc915c514f56d07d44d05d8caab80ae521e29f5a2a3b54058d77aa95

Sharing

Copy URL

Twitter E-mail

General

Target

ampscripts.tar.gz
Size

22.2MB
Sample

240711-jzwdgsxbql
MD5

ba076bac396e719d5cc23494ea4bc932
SHA1

62d179108eeb87f1757e82ecffba764e51d5788f
SHA256

442bc1d9cc915c514f56d07d44d05d8caab80ae521e29f5a2a3b54058d77aa95
SHA512

c3eee81870b85b9571335c0029a4526263572d628a5676a90f67af5983c734d27f03d724d95b985fee17e6d4196e6ea285560dbaf056d2c96a56cf7c569bb9be
SSDEEP

393216:CSCkKbJcPGGf2Yd/TL33ThnMfCO6vr22eGudbkSK9ubnTg9volOCWyWiVnp2D+r+:CMKNCGGuYnMKvrNlu1kyTguFWyJVp2K+

Score

10^/10

Malware Config

Targets

- Target
  
  ampscripts.tar.gz
- Size
  
  22.2MB
- MD5
  
  ba076bac396e719d5cc23494ea4bc932
- SHA1
  
  62d179108eeb87f1757e82ecffba764e51d5788f
- SHA256
  
  442bc1d9cc915c514f56d07d44d05d8caab80ae521e29f5a2a3b54058d77aa95
- SHA512
  
  c3eee81870b85b9571335c0029a4526263572d628a5676a90f67af5983c734d27f03d724d95b985fee17e6d4196e6ea285560dbaf056d2c96a56cf7c569bb9be
- SSDEEP
  
  393216:CSCkKbJcPGGf2Yd/TL33ThnMfCO6vr22eGudbkSK9ubnTg9volOCWyWiVnp2D+r+:CMKNCGGuYnMKvrNlu1kyTguFWyJVp2K+
Score

3^/10
behavioral1 behavioral2
- Target
  
  sample
- Size
  
  72.0MB
- MD5
  
  14c7fb85fdf6c4a11f6c19373d2d2a88
- SHA1
  
  2b79348fd8f751b59cdba7438b162a11391eb0cf
- SHA256
  
  bf9b1736682e66457ad1d91d197ab6ba8f76c7cb9b9aaaa756fa09cf287c5565
- SHA512
  
  c51d45da87a46fdd3faf25318a3726cba799bafde89d885c08cbcfd4481dae06791c4f7815162ba7b9e049516ac2b57041e5d3e6688cda28ce31f900929c107b
- SSDEEP
  
  49152:wtvgjJjaM7DdI3tHig45Akf3HBcxzSmLnQZsX3LxxmJSzG775ktP10yCWiAuy9wp:z
Score

3^/10
behavioral3 behavioral4
- Target
  
  ICMP
- Size
  
  26KB
- MD5
  
  d25194077c66aa30beebe70f2ac5c6bd
- SHA1
  
  51305e4815e5594196137232ef13613c1e82c8b9
- SHA256
  
  c716cf2edc465e86105e644b6c61b6c26b96b529e4afbd29d4f42c9ea21eab7e
- SHA512
  
  8fb5c0d7d1e970b7ffaac4162a704ddf1129efa1c7981daa79f80d8b38550b774e3d0b584dbf604d1d5f860ec93255c57f7706e01bee89cabc63af2fa1417e6c
- SSDEEP
  
  384:BWskamFsqGhR9jyi1jwn+SQDnTmkEWaRe7+IC9fu:AFTaLRRlhw+SQ7TmkE5M7+tf
Score

7^/10

persistence
- Executes dropped EXE
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Writes file to system bin folder
behavioral5
- Target
  
  arma
- Size
  
  20KB
- MD5
  
  879172c625566d9b39bc0381393e7474
- SHA1
  
  d4c52ba0983856bb1b1e5e5962bc7781d924d784
- SHA256
  
  4620566578ca146aa8bd214f18ac56ebb6a5cd95e946dfb75fa4d71be1733053
- SHA512
  
  51c361b781602d2af89aa66d99706f5b8d1dc60be288225a405f62ec961008c44b48af04b5d23c464976ca7e260e35550d3f6c3cab454ef9d9ac454b1c38da5c
- SSDEEP
  
  192:RnxzjwsWskaDanX6JENuZYhz0h+fcfLBj4dr4NwNsexpPgmd5u275H2O7Sve6/Ji:BWskamFsqGhR9jpNwN9xp4jS36/Or
Score

7^/10

persistence
- Executes dropped EXE
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Writes file to system bin folder
behavioral6
- Target
  
  fivem.txt
- Size
  
  186KB
- MD5
  
  5d40345250cb4e7636c73588bd8a93b9
- SHA1
  
  026bca5db8fc6be605f0f20273ca0971d55224f6
- SHA256
  
  e3e08cf2c89a7a06831c462769f9002560bd6b0e2096c4521ecec2df688c9c39
- SHA512
  
  d922247388c02dc21f9675b6d73e7ba7a5862088a20b158e62c195f8fab079185b92aab444a4d5b96f1e2dbf4363e83479bd95cb27d2073a129ace5f738659c7
- SSDEEP
  
  1536:ZVog0OkmZbElmoxLVwuW+BdaCyzg1ztV+J71YeLB860KS1Y191rxG1fGUFOeS8JH:HZAxLbBqcZnIZY/6frwt/PAHC0mZR
Score

1^/10
behavioral7 behavioral8
- Target
  
  fn-lag.txt
- Size
  
  1.9MB
- MD5
  
  094fb190fd5a79fdfd9322be04b616ca
- SHA1
  
  8627e9ec4252a9b7ecb2c38f9e5c237201ecd701
- SHA256
  
  2dcc9c54161515ef2b7c0c5675e96e5191bea28d01aaa01c63d6c42683e73fc9
- SHA512
  
  d18cc52405234d857ffee7cf063e56466d1fb0bea783446997c825bb6b4095aebc4c2cc21537223ceb16a4e0bedeada3c8d7c06295142056a89cebc7fe161a6a
- SSDEEP
  
  12288:acLyLQVVE1xWd9OF8KOnrMOIwcoIaxRGqi3SXKgNwn3L0w1yma:wiVEeyY4ZoV/PMSa/gwMma
Score

1^/10
behavioral10 behavioral9
- Target
  
  frantech.txt
- Size
  
  152KB
- MD5
  
  53fa6f06e929b4477fc0b14e33392d1c
- SHA1
  
  b4eaa992587fcc5d2821395d114fe36045683498
- SHA256
  
  d756cd8aef52c79bf0aaf984933e33f1d72c2969d09678a83f9b281f73b5bea8
- SHA512
  
  dbf136afe21540aa798e30655550d2f28304b6b28d748ab47abd2656b703560b911292e6bb031d9b96fb47f2f01b1e4c39ec1e229319176ff3b3e2f3625f90b3
- SSDEEP
  
  3072:t9MAcLyUf9ToW4sqEglLmGOocsM4t0Wc/jJbYPCoZg:LUuxHOPB
Score

1^/10
behavioral11 behavioral12
- Target
  
  game-clap.txt
- Size
  
  80KB
- MD5
  
  300f15ae3d92a94c2fdf1ad1d637448e
- SHA1
  
  ab4446a8d19bc97e0b6a00a5764878b559dec322
- SHA256
  
  38d9a525373de98045ff8006a84da0d44f54e6c1c1c3fd5fea18c41b86caa257
- SHA512
  
  3cd0a9dbd8f12d98d3a9ec5cf23c876307687850c78726cc1b01df785aa938b774a38a065ac4c9de28ce8319443ce4c0dc5fe120d096af10f44451366b34c4ca
- SSDEEP
  
  768:mcIAce5EW1Wt+tE1B+ZBYdoa3mONinwKAc43HNCAwt/5piZz8yXxET09XJFZxed/:xIYlteou6ZRwHcUgbvr
Score

1^/10
behavioral13 behavioral14
- Target
  
  game-lag.txt
- Size
  
  312KB
- MD5
  
  0bdf3969dd9d227af6bc7a7c7bc4dcf1
- SHA1
  
  bf45b278337895cbf62117a13f023dce447bea34
- SHA256
  
  b06e4c356ef8f4d961636d56dca2485a19346cf855ae7bbedfa52ece4f801596
- SHA512
  
  a764459c560d7c4b06e07f510cbcb10b93f6269ddde37a10e5385b539d2e854fe1102bf6c8ef2ba6e0c3c642234635fb7ff30358e285756b79962326f03cf58f
- SSDEEP
  
  3072:9Ykj1yXHizZMCrN6QeLXNcZIJE0yPd7c2ooYjpT7FsbH4Zsb4nCh:nz37Yg
Score

1^/10
behavioral15 behavioral16
- Target
  
  game.txt
- Size
  
  148KB
- MD5
  
  28b5840042a0cdf8273c30184c89aefe
- SHA1
  
  bded6cfbc9fe154ab00cf13c011e173b582cb704
- SHA256
  
  ae86e32b8e3ee1962c5a485652e598c8652f0d614e3846437b49765f02b079f6
- SHA512
  
  6ae8e18f12e9db25f62d84dfe2e8764cf1609fb18112e40c6557308f9992e52d52777558c032533f9451c4e1b60d147991c4bf8a1d4b7607016edeb376b289c1
- SSDEEP
  
  1536:Fz49+PDWUlie4Xkuj8DHoOdpuRxJmS9AbMhs6LwzXjDxbGdB+Z7Fpt1z:B
Score

1^/10
behavioral17 behavioral18
- Target
  
  gamev2.txt
- Size
  
  47KB
- MD5
  
  f9c3716010ec784b11a407b9f6657257
- SHA1
  
  d0d6a4c097bfabd63f2480688840b44d741eb273
- SHA256
  
  98bc31757a950866a5c7c5fd9e038651619a50b25e8573f7108db7764fef6c93
- SHA512
  
  08fb2c0ea34e106b0bb41f70a368a8b0b42818d99f4f8c9f14f11a17c86b87fe3d5b42bc61579e65ec97b30239ad9dc3685aea01d302c809885fb25c0e03c590
- SSDEEP
  
  768:2lht8fzbPM1c2mY/HyuyXKZknGghmmRJTmgajW6EqUbQkqC3v8J:4ZeKmBg
Score

1^/10
behavioral19 behavioral20
- Target
  
  gamev3.txt
- Size
  
  375KB
- MD5
  
  aebcb7e770c7741c1190625c21e83b97
- SHA1
  
  e42f70b264aa70defccb227f56935a4e08787363
- SHA256
  
  c8ed79a15cd88b0f01fe59b7f8e4969bf3bb8b82ae8e0a0fe48578eb6199e072
- SHA512
  
  e432ecaaa58f1fcd7d5ea8ec265c24cc2f699ade0a5b935bf90cbf67ff640ca4c02b1f3f73eed88af97e1cc5113220cdf12148863ab5f3775711e09f1375e743
- SSDEEP
  
  3072:fOmB8GL0oZ0Yt0l7PDayErQfOG90eYYKog:fh8GLr0YOda9rQT0evKB
Score

1^/10
behavioral21 behavioral22
- Target
  
  killall.txt
- Size
  
  8.1MB
- MD5
  
  7e5b17cccdc9224da4b8ffc889c27be4
- SHA1
  
  bdd30fe8466c3cae07fa5bf1152d08282ef1263c
- SHA256
  
  157403e7bc1fa901ae8268bf45fd461431468d79f7bc19254498f0fb5864f056
- SHA512
  
  d9bc9e9122eaffe4574928c5ae269aaa2d1928df04580df372dca098bf92cf8b0e2e543aa3a750c011edd5f15feedcf1e4865aed6d2024dc94a8431201c14554
- SSDEEP
  
  12288:AReaBaHj6imm6iPQUIwx45hRuiM0rj0dN+nLozWqq9KuViapeJa8aQ9UI9TTMt3L:jpOuyhY6CbyniIYF+fvEdpsnFAGsy
Score

1^/10
behavioral23 behavioral24
- Target
  
  killall1.txt
- Size
  
  1004KB
- MD5
  
  00656684c1d576c7548f585f931e97b3
- SHA1
  
  4d0429f61f34d71a9a15aca8219fca55ae541180
- SHA256
  
  06712435e25dff23c5ca3b5adfd097ec6e98931cca626aaf787fbf2a41f6780e
- SHA512
  
  864762cc3fbf0b773ea33aefdbe65d7070d48852bbe370ebcc47fef324e12b3a6f9ee3dab156614b9fcc82d19f7cf662e93a9baf880b0ec0d3b482102d0e5de7
- SSDEEP
  
  6144:PIHIF8etW7zlE8oTHjWxG1TQZrjYq/0oSONXRn+d+SAmPIOmpR3wf66+LQa906ws:yxnGO77ac
Score

1^/10
behavioral25 behavioral26
- Target
  
  ldap.txt
- Size
  
  147KB
- MD5
  
  5ee50a56169f17497020969abd8d7e1e
- SHA1
  
  d8d7a65013bddb5b9292f1a073857fcad45a403d
- SHA256
  
  38a5884679012fb243704184e63229f63bac6696a537bd27e149f8b40f033ed0
- SHA512
  
  b741209c50d2c8f29848f12bef33e5d9ddc4906f578158c88ef9d82cd721cbf32e7bcd786fd85257a4676398391ed06c5f55c3c825d6df201565d34b48ff1279
- SSDEEP
  
  1536:9n/s2yaIprVV0mb6NCUC8z7r9JD76kEOXNKIKUWUVs6AT4TIhCD6ZbS0sHuXMI2f:FjyNVqvrTq9RsEe
Score

1^/10
behavioral27 behavioral28
- Target
  
  ldapv2.txt
- Size
  
  147KB
- MD5
  
  6782abf895b1a425e60aa04508567eb1
- SHA1
  
  6559278581ef0077725775c47da919e2f490c6d6
- SHA256
  
  a86db984e09042236f7730aa4053285c536cd3c3bb53cd40fc0df7d9928666f6
- SHA512
  
  b0199863dad0239259a5531e29e1dd3c023cd7d231404f2bd5983f3948f0a0fc778989640213a08697699e184f686806951211be9e6c4c2daa11bfe1b00e8e51
- SSDEEP
  
  1536:zMcvoMtRW2TTPJqA3eLzY5pp5tec1y4zlLczQibU7gwHxdyZLszIJyfA2Dg7Ad/5:zMcvoMjPEBLePy9szx
Score

1^/10
behavioral29 behavioral30
- Target
  
  mdns.txt
- Size
  
  4.2MB
- MD5
  
  dba0cdf81186d1c18a3b91a6ec9499fc
- SHA1
  
  905586128265c0db13bbb7d447e6ccd89b38231a
- SHA256
  
  d41a4e2be9eedc448f3ea1c97ce12567ec2fac5b6925e607cd0a45396e0a068c
- SHA512
  
  5e7e3627afd848ec5c0cabb3d138d2bbf2f8bc7e6a5d0a42608d43f635936dcfd474cddce218c1980956ac6b5ad4db05032a0e4e574a05ee03125d6bd20fb0e7
- SSDEEP
  
  6144:DEE8N0BYRW+2BMzKPUYR4F148NmURENsIfVvDiGFhPLWEgZ1BBDxq7kjQ8s9W04m:F+WM1m
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Hijack Execution Flow

T1574

Scheduled Task/Job

T1053

Privilege Escalation

Hijack Execution Flow

T1574

Scheduled Task/Job

T1053

Defense Evasion

Hijack Execution Flow

T1574

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Creates/modifies Cron job

Writes file to system bin folder

Executes dropped EXE

Creates/modifies Cron job

Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32