Overview
overview
8Static
static
3Test.zip
windows7-x64
1Test.zip
windows10-2004-x64
1Loader.zip
windows7-x64
1Loader.zip
windows10-2004-x64
1D3DCompiler_43.dll
windows7-x64
1D3DCompiler_43.dll
windows10-2004-x64
1Loader.exe
windows7-x64
1Loader.exe
windows10-2004-x64
8d3dx10_43.dll
windows7-x64
1d3dx10_43.dll
windows10-2004-x64
1d3dx11_43.dll
windows7-x64
1d3dx11_43.dll
windows10-2004-x64
1d3dx9_43.dll
windows7-x64
1d3dx9_43.dll
windows10-2004-x64
1Visual-C-R...24.zip
windows7-x64
1Visual-C-R...24.zip
windows10-2004-x64
1install_all.bat
windows7-x64
7install_all.bat
windows10-2004-x64
7vcredist2005_x64.exe
windows7-x64
7vcredist2005_x64.exe
windows10-2004-x64
7vcredist2005_x86.exe
windows7-x64
7vcredist2005_x86.exe
windows10-2004-x64
7vcredist2008_x64.exe
windows7-x64
7vcredist2008_x64.exe
windows10-2004-x64
7vcredist2008_x86.exe
windows7-x64
7vcredist2008_x86.exe
windows10-2004-x64
7vcredist2010_x64.exe
windows7-x64
7vcredist2010_x64.exe
windows10-2004-x64
7vcredist2010_x86.exe
windows7-x64
7vcredist2010_x86.exe
windows10-2004-x64
7vcredist2012_x64.exe
windows7-x64
7vcredist2012_x64.exe
windows10-2004-x64
7General
-
Target
Test.zip
-
Size
98.3MB
-
Sample
240715-vzzxfstfqg
-
MD5
77b7a7c5f7b9fc908795a47f97003a92
-
SHA1
c5c22b42ec1e3d8b1a81607942726ad5003bc38c
-
SHA256
c7e8f1e7524fcbedbe7c80a7dda4e75b79d114d8b0f38c7a94db554ecc348449
-
SHA512
5eac023aacff41fbf0bc19bc8392222f25d8a2d010de2b339bbe59c815b0e762e344377414b3647e549010a428030ca52eecaa15b5b066b27a33e470f8f9d085
-
SSDEEP
3145728:kSQBaG/sLrNkiTFRNTiYLmDwtlZdpicLYC2UDGNpWg5h6Vbh9k:St/sLrKiBRNTiYKopRYC2UCNnD6ZA
Static task
static1
Behavioral task
behavioral1
Sample
Test.zip
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Test.zip
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
Loader.zip
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
Loader.zip
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
D3DCompiler_43.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
D3DCompiler_43.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
Loader.exe
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
Loader.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
d3dx10_43.dll
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
d3dx10_43.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
d3dx11_43.dll
Resource
win7-20240705-en
Behavioral task
behavioral12
Sample
d3dx11_43.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
d3dx9_43.dll
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
d3dx9_43.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
Visual-C-Runtimes-All-in-One-May-2024.zip
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
Visual-C-Runtimes-All-in-One-May-2024.zip
Resource
win10v2004-20240709-en
Behavioral task
behavioral17
Sample
install_all.bat
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
install_all.bat
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
vcredist2005_x64.exe
Resource
win7-20240708-en
Behavioral task
behavioral20
Sample
vcredist2005_x64.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral21
Sample
vcredist2005_x86.exe
Resource
win7-20240705-en
Behavioral task
behavioral22
Sample
vcredist2005_x86.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral23
Sample
vcredist2008_x64.exe
Resource
win7-20240705-en
Behavioral task
behavioral24
Sample
vcredist2008_x64.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral25
Sample
vcredist2008_x86.exe
Resource
win7-20240704-en
Behavioral task
behavioral26
Sample
vcredist2008_x86.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral27
Sample
vcredist2010_x64.exe
Resource
win7-20240704-en
Behavioral task
behavioral28
Sample
vcredist2010_x64.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral29
Sample
vcredist2010_x86.exe
Resource
win7-20240704-en
Behavioral task
behavioral30
Sample
vcredist2010_x86.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral31
Sample
vcredist2012_x64.exe
Resource
win7-20240708-en
Behavioral task
behavioral32
Sample
vcredist2012_x64.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
Test.zip
-
Size
98.3MB
-
MD5
77b7a7c5f7b9fc908795a47f97003a92
-
SHA1
c5c22b42ec1e3d8b1a81607942726ad5003bc38c
-
SHA256
c7e8f1e7524fcbedbe7c80a7dda4e75b79d114d8b0f38c7a94db554ecc348449
-
SHA512
5eac023aacff41fbf0bc19bc8392222f25d8a2d010de2b339bbe59c815b0e762e344377414b3647e549010a428030ca52eecaa15b5b066b27a33e470f8f9d085
-
SSDEEP
3145728:kSQBaG/sLrNkiTFRNTiYLmDwtlZdpicLYC2UDGNpWg5h6Vbh9k:St/sLrKiBRNTiYKopRYC2UCNnD6ZA
Score1/10 -
-
-
Target
Loader.zip
-
Size
2.9MB
-
MD5
0351d3ca23aedfb4d84e1bf19830fbee
-
SHA1
787da803762975b9dba33edac4b77f76fea1cdb2
-
SHA256
8771231330cfc4072955fef42852bef3ba2c4626b4d7dabbc3167931eb7fa743
-
SHA512
eaaa1d6e4741d25a470d6e420e4a696d5430b296777384272e2765320e81fcc00d4ec7902575b801b8fd6ce71f89a48df9fac8c44690c55e63c8f4b9fc3ec221
-
SSDEEP
49152:1zA2x5+9aHmF3nTU5kvxKYqBsUEZh41rVlBTQ5Ur3Y+gqagyNVaBLc3H7W5wtSaw:1zA+82mNI2vpq7llBTZ3Y+gqagcVa2bO
Score1/10 -
-
-
Target
D3DCompiler_43.dll
-
Size
2.4MB
-
MD5
d010ab113ed06bf6b42c7746ef395e21
-
SHA1
5d6b1763f38ffe6d70146e74e9abeae15e3fc35b
-
SHA256
ffedb064adc25328b24dcf145b04045a867a5574c931516d7845babf2a08937f
-
SHA512
0ca4656d0ea2af368b0f667dcfbbc819f8f1209cebba3e5a2bceb9b235e5443eb0452f0f0c3970b419fe6199d4d7cb7390a1f9cd46b689954f8e58ba9d0c2b9e
-
SSDEEP
49152:wf59zPxKcvHzDB6t3+C0/aJfyLg7Ie4Xy+5j4m2CTv:92642o7lftT
Score1/10 -
-
-
Target
Loader.exe
-
Size
1013KB
-
MD5
121f40b877e0db403d580b0eef6ee6e5
-
SHA1
1198e5dc195ad02950bda3df3f156402f92cd140
-
SHA256
c08b31a3b9db166b695c307313df2905e1ccd0c89ca42c17b268ef2c431d4a7c
-
SHA512
de1f88738843b1de99933984ea5d34f1f6ea857312fb312f8f956d733e76f86e46edfcd61f13effe20a0e5064b0ad726be19644dd69d0a97a7eaba099e05b95b
-
SSDEEP
24576:9Xrk4uI8+GTXgSiFBZhnumcQUKU/ayTW:9XQbTQ5nnumLuJ
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
d3dx10_43.dll
-
Size
502KB
-
MD5
190649d410964753a54a306caeb33cb8
-
SHA1
b45752e0558a9b0b70a9b490e8a7148b807a4f42
-
SHA256
b5f2e4d842c758fae91323888ace39328c47d9546231757f73831e2369ae58ed
-
SHA512
8321a42608947bdca156b48c019b999d01aaea6a558026493b42ca54c18b1f3eb7d0d343c998af16fd27dea63fff662c2f645962e261aec0fa04d8fcb72b92fe
-
SSDEEP
6144:dIHyAfFvQet8lzb3f3+UHWIVPfkKS7GXzeARN85BwC5uhFcuiZyoO2uwpapnlJRX:aNFoet8lzbv17VPfkKS78zBN8LgIappX
Score1/10 -
-
-
Target
d3dx11_43.dll
-
Size
273KB
-
MD5
015743813e8d70a91cce6319fd2ec94a
-
SHA1
14c224c566a28168be62de535445d527a1156f01
-
SHA256
25814402ce1d74f198958aa38661242189b4e5d640177087d0ba0ecf65d19a44
-
SHA512
163971668c8d34baccd6cd526b589b91792a2a6437ceebfb9080e2c98d0e33a59c9f084f98ccc2f117b872836407595b6166b09f3830b4875036db95ec2aef5f
-
SSDEEP
3072:FCWVWFOaVgP7BzvjYlTc91N6Vkg4eK6DvDBcMqpcJbMYBu1+Iz54+vJds:/Ww4gPdz7YlTc91i1DLopYMvIIhs
Score1/10 -
-
-
Target
d3dx9_43.dll
-
Size
2.3MB
-
MD5
460d2b03615d8c0697721ce26aee1e60
-
SHA1
e2dbd56d24cd783fb3c4bc2b527665623fb6435c
-
SHA256
36b84dfa0ef9d3ff3549a7ad54d2a8032bd22c879219ee1a959137c4ef8786c4
-
SHA512
7d2a6c0593269aa74af6e53ffaede1e805c795410f97c5eeef6f4963e3e5785d02db81630758747dfa6bad60082ec1e118869b27f3f6995e11d9f592956d5b2f
-
SSDEEP
49152:2bCJsk4VlPXA+15Om5wxw9Qsi55K+31BhZ64nI:1IIBnI
Score1/10 -
-
-
Target
Visual-C-Runtimes-All-in-One-May-2024.zip
-
Size
95.4MB
-
MD5
e4fa025c8e3739b76b2450fa8bf90498
-
SHA1
ce9213b1137749676f996f148626355c5cd6fc06
-
SHA256
b9e2daf2a76b3d7dbac2a657cd4a2ffa5c0052b01fc955088e988f6eea91f934
-
SHA512
1e0e38cf23f8793fff3d14c1323bcf99df3af5cd8c77db722ddf3705f5cb5c8356439e30a2f77997d33bffe252b898ae54e64c85efb8fc93fae06914bd3edae5
-
SSDEEP
1572864:Z65ClBYdsFz5l/sNmmlrNkiTqy/JEps3Q2WhYLmDwVDlxbNldpic9p1RYCZAUDG5:QQBaG/sLrNkiTFRNTiYLmDwtlZdpicL6
Score1/10 -
-
-
Target
install_all.bat
-
Size
1KB
-
MD5
eb55aae630088c91b88d2bfae4115ea0
-
SHA1
1495c69946edca474fe30c2b713aacb9f03bbf3a
-
SHA256
492ee4c16ac45a5483088583c9caa08252d3a1bb3922dbbec834d61673538f17
-
SHA512
48e4a3fa644b1859131cfec782641aaee9938c88f939ca0509df0f4120b922187753ce7cd7d912d2f90108526ba34d767baa28c9eeeb25d43fff77d38ddfd882
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
vcredist2005_x64.exe
-
Size
3.0MB
-
MD5
56eaf4e1237c974f6984edc93972c123
-
SHA1
ee916012783024dac67fc606457377932c826f05
-
SHA256
0551a61c85b718e1fa015b0c3e3f4c4eea0637055536c00e7969286b4fa663e0
-
SHA512
f8e15363e34db5b5445c41eea4dd80b2f682642cb8f1046f30ea4fb5f4f51b0b604f7bcb3000a35a7d3ba1d1bcc07df9b25e4533170c65640b2d137c19916736
-
SSDEEP
49152:+r67+stI6RWGTAdyvlADUrpTmcOgohwJpEM5grO3oc1OXZViFeRyDErkLUMHzkRN:AM9l8pUr9m30L5grOQXZKAsErkbQRN
Score7/10-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
vcredist2005_x86.exe
-
Size
2.6MB
-
MD5
ce2922f83fb4b170affce0ea448b107b
-
SHA1
b8fab0bb7f62a24ddfe77b19cd9a1451abd7b847
-
SHA256
4ee4da0fe62d5fa1b5e80c6e6d88a4a2f8b3b140c35da51053d0d7b72a381d29
-
SHA512
e94b077e054bd8992374d359f3adc4d1d78d42118d878556715d77182f7d03635850b2b2f06c012ccb7c410e2b3c124cf6508473efe150d3c51a51857ce1c6b0
-
SSDEEP
49152:rqGRIgg2SirwkF9xdtb43lyGKCafpKkiwnaDahmPzpY4FPyaza:rxxLFfY/KCCpKk9aWMzZyau
Score7/10-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
vcredist2008_x64.exe
-
Size
5.0MB
-
MD5
e2ada570911edaaae7d1b3c979345fce
-
SHA1
a7c83077b8a28d409e36316d2d7321fa0ccdb7e8
-
SHA256
b811f2c047a3e828517c234bd4aa4883e1ec591d88fad21289ae68a6915a6665
-
SHA512
b890d83d36f3681a690828d8926139b4f13f8d2fcd258581542cf2fb7dce5d7e7e477731c9545a54a476ed5c2aaac44ce12d2c3d9b99c2c1c04a5ab4ee20c4b8
-
SSDEEP
98304:98I8/pCVmdbx2rU/xFnTBU8UeNeagEXtIgvjyGFDdo85qyKYr5NM62dNKViClWPg:9Avx2rw5Th8XeNyGtW0DJr5uDdQdWPet
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
vcredist2008_x86.exe
-
Size
4.3MB
-
MD5
35da2bf2befd998980a495b6f4f55e60
-
SHA1
470640aa4bb7db8e69196b5edb0010933569e98d
-
SHA256
6b3e4c51c6c0e5f68c8a72b497445af3dbf976394cbb62aa23569065c28deeb6
-
SHA512
bf630667c87b8f10ef85b61f2f379d7ce24124618b999babfec8e2df424eb494b8f1bf0977580810dff5124d4dbdec9539ff53e0dc14625c076fa34dfe44e3f2
-
SSDEEP
98304:vT4tlQ0aeY51XNURYxaA6qjEb9tRuPmBmWBDLTMTtbslyzRt9cuISY6Qa:vKlhE9U6476itR+mLPw6lyZY61
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
vcredist2010_x64.exe
-
Size
9.8MB
-
MD5
c9d9eebccef20d637f193490cec05e79
-
SHA1
15d032d669078aa6f0f7fd1cbf4115a070bd034d
-
SHA256
cc7ec044218c72a9a15fca2363baed8fc51095ee3b2a7593476771f9eba3d223
-
SHA512
24b56b5d9b48d75baf53a98e007ace3e7d68fbd5fa55b75ae1a2c08dd466d20b13041f80e84fdb64b825f070843f9247daba681eff16baf99a4b14ea99f5cfd6
-
SSDEEP
196608:n9A3D5MBD0vwqMKgL29M2JWMWiKV/nPlnqIaAAVINqsAsbPnpCxmz7dU8:23D5MBwZMd0b4oSQ7VSrAs1gEdU8
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
vcredist2010_x86.exe
-
Size
8.6MB
-
MD5
1801436936e64598bab5b87b37dc7f87
-
SHA1
28c54491be70c38c97849c3d8cfbfdd0d3c515cb
-
SHA256
67313b3d1bc86e83091e8de22981f14968f1a7fb12eb7ad467754c40cd94cc3d
-
SHA512
0b8f20b0f171f49eb49367f1aafa7101e1575ef055d7007197c21ab8fe8d75a966569444449858c31bd147357d2bf5a5bd623fe6c4dbabdc7d16999b3256ab8c
-
SSDEEP
196608:e9A3DAnfudQZKuNK0kMp2Wxw2tr3aA5Jegn9kaK6Hj0aaNz9ZBJ7C:t3DAnGKZKuNK0SvAn9kaK6gaaNRZbC
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
vcredist2012_x64.exe
-
Size
6.9MB
-
MD5
3c03562b5af9ed347614053d459d7778
-
SHA1
1a5d93dddbc431ab27b1da711cd3370891542797
-
SHA256
681be3e5ba9fd3da02c09d7e565adfa078640ed66a0d58583efad2c1e3cc4064
-
SHA512
6c2f4eeb38705c2dafc4d75d8de0036a0aed197f83e9cb261d255fe26e4391f24b0b156e9019c739dd99057041c2bb80f9ab80f56869bc1e01f0469a76f24f75
-
SSDEEP
98304:vRWKtOl5CCGomEBkHUBmExJrIUg32t9RRyvo7VnOcyP24Vc35re94tb0eYbY1poo:v3tO3CCT/hBxtVtyUVnmSprzVIY7QKAk
Score7/10-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
4Netsh Helper DLL
1Installer Packages
3Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Privilege Escalation
Event Triggered Execution
4Netsh Helper DLL
1Installer Packages
3Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
3