General

Malware Config

Signatures

Files

• Shark Predictor.rar

  .rar

  Password: shark

• Shark Predictor/Read.txt
• Shark Predictor/Shark Predictor.exe

  .exe windows:6 windows x64 arch:x64

  Password: shark

  456e8615ad4320c9f54e50319a19df9c

  
  

  Code Sign

  48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  25-05-2021 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e

  Certificate

  Issuer

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Not Before

  22-03-2021 00:00

  Not After

  21-03-2036 23:59

  Subject

  CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  bf:b1:50:01:bb:f5:92:d4:96:2a:77:97:ea:73:6f:a3

  Certificate

  Issuer

  CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

  Not Before

  29-09-2021 00:00

  Not After

  28-09-2024 23:59

  Subject

  SERIALNUMBER=407950,CN=Akeo Consulting,O=Akeo Consulting,ST=Donegal,C=IE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024945

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12

  Certificate

  Issuer

  CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  12-01-2016 00:00

  Not After

  11-01-2031 23:59

  Subject

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12

  Certificate

  Issuer

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  23-12-2017 00:00

  Not After

  22-03-2029 23:59

  Subject

  CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  83:47:e1:ef:ff:77:3b:8f:69:4a:f4:bc:2e:d2:89:32:96:f0:78:aa:be:b1:6e:52:fd:16:b0:5e:14:2e:c3:47

  Signer

  Actual PE Digest

  83:47:e1:ef:ff:77:3b:8f:69:4a:f4:bc:2e:d2:89:32:96:f0:78:aa:be:b1:6e:52:fd:16:b0:5e:14:2e:c3:47

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  user32

  CreateWindowExW

  PostMessageW

  GetMessageW

  MessageBoxW

  MessageBoxA

  SystemParametersInfoW

  DestroyIcon

  SetWindowLongPtrW

  GetWindowLongPtrW

  GetClientRect

  InvalidateRect

  ReleaseDC

  GetDC

  DrawTextW

  GetDialogBaseUnits

  EndDialog

  DialogBoxIndirectParamW

  MoveWindow

  SendMessageW

  comctl32

  ord380

  kernel32

  GetACP

  IsValidCodePage

  GetStringTypeW

  GetFileAttributesExW

  SetEnvironmentVariableW

  FlushFileBuffers

  GetCurrentDirectoryW

  GetOEMCP

  GetCPInfo

  GetModuleHandleW

  MulDiv

  GetLastError

  FormatMessageW

  GetModuleFileNameW

  SetDllDirectoryW

  CreateSymbolicLinkW

  GetProcAddress

  CreateDirectoryW

  GetCommandLineW

  GetEnvironmentVariableW

  ExpandEnvironmentStringsW

  GetEnvironmentStringsW

  FindClose

  FindFirstFileW

  FindNextFileW

  GetDriveTypeW

  RemoveDirectoryW

  GetTempPathW

  CloseHandle

  WaitForSingleObject

  Sleep

  GetCurrentProcess

  GetExitCodeProcess

  CreateProcessW

  GetStartupInfoW

  FreeLibrary

  LoadLibraryExW

  LocalFree

  SetConsoleCtrlHandler

  K32EnumProcessModules

  K32GetModuleFileNameExW

  CreateFileW

  FindFirstFileExW

  GetFinalPathNameByHandleW

  MultiByteToWideChar

  WideCharToMultiByte

  FreeEnvironmentStringsW

  GetProcessHeap

  GetTimeZoneInformation

  HeapSize

  HeapReAlloc

  WriteConsoleW

  SetEndOfFile

  DeleteFileW

  IsProcessorFeaturePresent

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TerminateProcess

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  IsDebuggerPresent

  RtlUnwindEx

  SetLastError

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  InitializeCriticalSectionAndSpinCount

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  EncodePointer

  RaiseException

  RtlPcToFileHeader

  GetCommandLineA

  GetFileInformationByHandle

  GetFileType

  PeekNamedPipe

  SystemTimeToTzSpecificLocalTime

  FileTimeToSystemTime

  ReadFile

  GetFullPathNameW

  SetStdHandle

  GetStdHandle

  WriteFile

  ExitProcess

  GetModuleHandleExW

  HeapFree

  GetConsoleMode

  ReadConsoleW

  SetFilePointerEx

  GetConsoleOutputCP

  GetFileSizeEx

  HeapAlloc

  FlsAlloc

  FlsGetValue

  FlsSetValue

  FlsFree

  CompareStringW

  LCMapStringW

  advapi32

  OpenProcessToken

  GetTokenInformation

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  ConvertSidToStringSidW

  gdi32

  SelectObject

  DeleteObject

  CreateFontIndirectW

  Sections

  .text

  Size: 165KB - Virtual size: 164KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 74KB - Virtual size: 73KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 28KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 9KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• NM�>�H7.pyc
• Shark Predictor/python-3.12.4-amd64.exe

  .exe windows:6 windows x86 arch:x86

  Password: shark

  f57d7a40ebfca87e6f8082251d937ed8

  
  

  Code Sign

  05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2013 12:00

  Not After

  15-01-2038 12:00

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  29-04-2021 00:00

  Not After

  28-04-2036 23:59

  Subject

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:dd

  Certificate

  Issuer

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Not Before

  17-01-2022 00:00

  Not After

  15-01-2025 23:59

  Subject

  CN=Python Software Foundation,O=Python Software Foundation,L=Beaverton,ST=Oregon,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  14-07-2023 00:00

  Not After

  13-10-2034 23:59

  Subject

  CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  5e:60:8a:46:24:7d:05:15:cd:0a:ad:6e:4f:9f:8d:8e:8d:da:5b:ae:a5:8a:9e:ce:a8:f4:ce:3c:dd:be:50:a7

  Signer

  Actual PE Digest

  5e:60:8a:46:24:7d:05:15:cd:0a:ad:6e:4f:9f:8d:8e:8d:da:5b:ae:a5:8a:9e:ce:a8:f4:ce:3c:dd:be:50:a7

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

  IMAGE_FILE_NET_RUN_FROM_SWAP

  PDB Paths

  C:\agent\_work\138\s\build\ship\x86\burn.pdb

  Imports

  advapi32

  RegCloseKey

  RegOpenKeyExW

  OpenProcessToken

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  InitiateSystemShutdownExW

  GetUserNameW

  RegQueryValueExW

  RegDeleteValueW

  CloseEventLog

  OpenEventLogW

  ReportEventW

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  CreateWellKnownSid

  InitializeAcl

  DecryptFileW

  SetEntriesInAclW

  ChangeServiceConfigW

  CloseServiceHandle

  ControlService

  OpenSCManagerW

  OpenServiceW

  QueryServiceStatus

  SetNamedSecurityInfoW

  CheckTokenMembership

  AllocateAndInitializeSid

  SetEntriesInAclA

  SetSecurityDescriptorOwner

  SetSecurityDescriptorGroup

  SetSecurityDescriptorDacl

  InitializeSecurityDescriptor

  RegSetValueExW

  RegQueryInfoKeyW

  RegEnumValueW

  RegEnumKeyExW

  RegDeleteKeyW

  RegCreateKeyExW

  GetTokenInformation

  CryptDestroyHash

  CryptHashData

  CryptCreateHash

  CryptGetHashParam

  CryptReleaseContext

  CryptAcquireContextW

  QueryServiceConfigW

  user32

  PeekMessageW

  PostMessageW

  IsWindow

  WaitForInputIdle

  PostQuitMessage

  GetMessageW

  TranslateMessage

  MsgWaitForMultipleObjects

  PostThreadMessageW

  GetMonitorInfoW

  MonitorFromPoint

  IsDialogMessageW

  LoadCursorW

  LoadBitmapW

  SetWindowLongW

  GetWindowLongW

  GetCursorPos

  MessageBoxW

  CreateWindowExW

  UnregisterClassW

  RegisterClassW

  DefWindowProcW

  DispatchMessageW

  oleaut32

  VariantInit

  SysAllocString

  VariantClear

  SysFreeString

  gdi32

  DeleteDC

  DeleteObject

  SelectObject

  StretchBlt

  GetObjectW

  CreateCompatibleDC

  shell32

  CommandLineToArgvW

  SHGetFolderPathW

  ShellExecuteExW

  ole32

  CoUninitialize

  CoInitializeEx

  CoInitialize

  StringFromGUID2

  CoCreateInstance

  CoTaskMemFree

  CoInitializeSecurity

  CLSIDFromProgID

  kernel32

  GetCPInfo

  GetOEMCP

  GetACP

  CreateFileW

  CloseHandle

  GetLastError

  HeapSetInformation

  GetModuleHandleW

  GetProcAddress

  LocalFree

  FormatMessageW

  lstrlenA

  lstrlenW

  MultiByteToWideChar

  WideCharToMultiByte

  LCMapStringW

  ExpandEnvironmentStringsW

  CreateDirectoryW

  GetFullPathNameW

  GetTempFileNameW

  GetTempPathW

  Sleep

  GetLocalTime

  GetModuleFileNameW

  CompareStringW

  CreateFileA

  SetFilePointer

  WriteFile

  GetCurrentProcessId

  GetSystemDirectoryW

  LoadLibraryW

  HeapAlloc

  HeapReAlloc

  HeapFree

  HeapSize

  GetCommandLineA

  SetCurrentDirectoryW

  GetCurrentDirectoryW

  DeleteFileW

  FindClose

  FindFirstFileW

  FindNextFileW

  GetFileAttributesW

  RemoveDirectoryW

  SetFileAttributesW

  MoveFileExW

  InitializeCriticalSection

  DeleteCriticalSection

  ReleaseMutex

  GetCurrentProcess

  GetCurrentThreadId

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  CreateProcessW

  GetVersionExW

  VerSetConditionMask

  GetVolumePathNameW

  EnterCriticalSection

  LeaveCriticalSection

  GetSystemTime

  GetWindowsDirectoryW

  GetNativeSystemInfo

  GetCommandLineW

  FreeLibrary

  GetModuleHandleExW

  GetComputerNameW

  VerifyVersionInfoW

  GetDateFormatW

  GetUserDefaultUILanguage

  GetUserDefaultLangID

  GetSystemDefaultLangID

  GetStringTypeW

  ReadFile

  SetFilePointerEx

  DuplicateHandle

  LoadLibraryExW

  CreateEventW

  ProcessIdToSessionId

  ConnectNamedPipe

  SetNamedPipeHandleState

  CreateNamedPipeW

  WaitForSingleObject

  GetProcessId

  OpenProcess

  CreateThread

  GetExitCodeThread

  SetEvent

  WaitForMultipleObjects

  LocalFileTimeToFileTime

  SetEndOfFile

  SetFileTime

  ResetEvent

  DosDateTimeToFileTime

  CompareStringA

  GetExitCodeProcess

  SetThreadExecutionState

  CopyFileExW

  CreateMutexW

  CreateFileMappingW

  MapViewOfFile

  UnmapViewOfFile

  GetThreadLocale

  IsValidCodePage

  FindFirstFileExW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  SetStdHandle

  GetFileSizeEx

  FlushFileBuffers

  GetConsoleCP

  GetConsoleMode

  DecodePointer

  WriteConsoleW

  GetModuleHandleA

  GlobalAlloc

  GlobalFree

  CopyFileW

  VirtualAlloc

  VirtualFree

  SystemTimeToTzSpecificLocalTime

  SystemTimeToFileTime

  GetTimeZoneInformation

  GetSystemInfo

  VirtualProtect

  VirtualQuery

  GetSystemWow64DirectoryW

  GetProcessHeap

  GetFileType

  ExitProcess

  GetStdHandle

  InitializeCriticalSectionAndSpinCount

  SetLastError

  RtlUnwind

  RaiseException

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TerminateProcess

  IsProcessorFeaturePresent

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  InitializeSListHead

  IsDebuggerPresent

  GetStartupInfoW

  LoadLibraryExA

  rpcrt4

  UuidCreate

  Sections

  .text

  Size: 295KB - Virtual size: 294KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 125KB - Virtual size: 124KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .wixburn

  Size: 512B - Virtual size: 56B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 89KB - Virtual size: 89KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 15KB - Virtual size: 15KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ