Resubmissions

23/07/2024, 21:32

240723-1d16aazdjk 1

23/07/2024, 21:32

240723-1dsh5ssgkh 6

23/07/2024, 21:10

240723-z1hrsasakd 1

General

  • Target

    Crack.zip

  • Size

    1.8MB

  • Sample

    240723-1dsh5ssgkh

  • MD5

    d5a9a68a9bb3a1a4748c77b7d06588bf

  • SHA1

    fe3626a74d15267c1a4feac7c9725d956397f693

  • SHA256

    29095ae1431f6c1f158fdd6976c5505df56bc0a31bc05d0ccb6bb591ed48e0ac

  • SHA512

    1c17651d919e714a1585c9abc5793e270015ce78bad6928c66da690d2ee536d1cfd10bde781802ad9f33cd9344ee857e4b990af13432422ed82f7623ec973746

  • SSDEEP

    49152:LFrN8oN93uuGymzSO8ZpqTwPlLHNf2Q5jD3I8u2:Lgy4u9O8HTPlLBd7d

Malware Config

Targets

    • Target

      gosh/a

    • Size

      1001B

    • MD5

      3567c927841e88352d937feceaf02051

    • SHA1

      a82d099011463ac42a5cfa7ee5c91b5f7854f8eb

    • SHA256

      1405ed49200d2da24f0460af545c771003de444800a29e706ac58d28c57288a7

    • SHA512

      eb88f663b674eef5da9a91f42376b7ec11462a6c1451a727da0766e6c580ba9cf5c9d47f910a49741b05c65c55fa0795b14792a6faed4ac154dee73f51461c5b

    Score
    6/10
    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Target

      gosh/bash

    • Size

      822KB

    • MD5

      c7d7e861826a4fa7db2b92b27c36e5e2

    • SHA1

      95a5ff1372f352434525a416570eef4379ebac19

    • SHA256

      8dfe94a1b02d1330886ad4458b32db3da4b872f9c2116657840de499fee5438a

    • SHA512

      c5bf98e94fb0b87cc47b5b32834479c5f02fe75e385153429fcff6bac84e910db80463106fecd338e38174dc7272a6040db2c70cef6a8ddcdf6821c0b5a721ef

    • SSDEEP

      24576:U8dJG9L4f0TYRsbalWjFm4z33bavoZ48ZZ2HQ:dzG9LvDbalG04rb6oZ4cQHQ

    Score
    1/10
    • Target

      gosh/common

    • Size

      34KB

    • MD5

      dbfc44d20945f5411b715b5c725cb30c

    • SHA1

      2458c5bd32d683e7e92daaf9541f18fefd49ea2d

    • SHA256

      96cf3ce970e9d19cc1dddb190440318fe2de59cc88831f1ebe8fb47d86d1fef2

    • SHA512

      9bcc307f188e17c0027fa9c565d3af50cfcab4242a0307f9b7919868b824a530954bba01c6593dbe3b8784e9927f06c91c81bf1e1532ec4bb464bb7a0b859c58

    • SSDEEP

      768:1LJwCp2gfDH42NpshNkkOG0Qau8AkQD09WiQB4Xjxc37zuIwcm:J2FNkkHN09WiQB8U7iv

    Score
    3/10
    • Target

      gosh/go

    • Size

      868B

    • MD5

      0dc890627d049393e848d9d2f9aeab0e

    • SHA1

      cd96f6776ca92377ab0a77dc5fe34ae1fead1798

    • SHA256

      09088269595f513a22e9abfc122e25be31fd05291980f300528570423484ffbc

    • SHA512

      1814a4d026a98a9702161859e4b911751e35005f6720f423583ccfba6ca9549cc861ebc57cac7df9c3013f5337af3f94be0cec75da3006fd5e727794560ddaf5

    Score
    6/10
    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Target

      gosh/pscan2

    • Size

      9KB

    • MD5

      edf4d6003c9c68774438e4fb25198dab

    • SHA1

      90192522d6ff4337ce16e88e172bdad566dbc2b7

    • SHA256

      41479cf051c146a0cb1447d5e924f15044dadbf4b2d1e504ee593499b2bc2f54

    • SHA512

      3de4504f0ccdb41dc016abdc72ed7ebb0e04bcd9b2f5da415fc5e8cbf94cb03dc2ad8e0fd2f8ad981cdcb92c33de1423d12b3e10ce0ba417d02e8f92b3450e2b

    • SSDEEP

      96:f8BTwTEcfUzGPh5/eDZVOSzS0t/Fu8apScqIUVFzOwPSx+S5Abahf5PKtf2G2:f6TeEcfUzEwnVzSKFNapSciTPS5Ao53n

    Score
    1/10
    • Target

      gosh/screen

    • Size

      244KB

    • MD5

      cbf0f41bbbafb1c2609bedb943be3b36

    • SHA1

      a240a0118739e72ff89cefa2540bf0d7da8f8a6c

    • SHA256

      2413af510a75ada34716165992a425b35f62ba1478f63746502afd8a8a156b80

    • SHA512

      388cdc9f027aeb2b0ca336e5e262472fa8f0782727abe1e7d53723b4c36108e8b71167c06b9e5e7fb6a91ca4c9bc38be5d509ea17645cd1d23e5685307929943

    • SSDEEP

      3072:vgQ7G4bDuK/gBrcsP3a89qIW5OnApX2KnZJ5l8cZZbel8Ur5fURH59UlNmXXPqHw:vg5SSK/DsyZnpXndqWkr5sH54N2fq

    Score
    1/10
    • Target

      gosh/ss

    • Size

      443KB

    • MD5

      b51a52c9c82bb4401659b4c17c60f89f

    • SHA1

      b45ae5d8d3069ee7f880dd461c931fa711b6ad3d

    • SHA256

      97093a1ef729cb954b2a63d7ccc304b18d0243e2a77d87bbbb94741a0290d762

    • SHA512

      600c956d612b9b59d9846d5e83c009b6bac646ef2ba763dd54126ddf2e1a2c86c70960dbc9f836e6cbd6c7296c3f1801151a1548af904c61375d096c23aa0f68

    • SSDEEP

      6144:gIM21beIrQCxAeQmnT3V3xNNZkYgy2CZTLdUyh:NdbeIrT9QmbVDNZkMZLdUq

    Score
    1/10
    • Target

      20130119064211_http___safe_land_ru_altele_plutto_tgz

    • Size

      850KB

    • MD5

      c8121c396d3d3e0b4ee1164fee06d6ea

    • SHA1

      631dfb2b289934a0ebc324d5229b8748ea3f3c13

    • SHA256

      51501f3d7902749e29a6474edac840e9b24a97c845bbdc6a1d7d00c0c1429154

    • SHA512

      b3cfaad2b03d0ac5495939aff3aeb765b4d83639512aec73b1cca3c8ecafbe536e23a7405a0814d7fd610b990c340d9500d0b34f034a5cd5a470cf86c48f7756

    • SSDEEP

      24576:aTXrMbWhTBwLPQjhRJzlJfpBLSAtke9SAtk:OXrhTBwLPczBLSgTSg

    Score
    1/10
    • Target

      .s/autorun

    • Size

      317B

    • MD5

      9729c037cb0a32811ba3eb15e3c8a789

    • SHA1

      6e67d4929c0b87dd05afe1b3f5f0aed2852885c4

    • SHA256

      5f03b45dc87f35120fd01f18150d2c3c807c9dc22d9433208d1bd14d5d581260

    • SHA512

      ed9131f48df4f3f6503b38f064ef07c7d9a235280ecf03a0a2852f268b98e42b8b445931536bd4a4a4344fefb8a05594dae094e7e7795c9690ab5ca568b1ff8c

    Score
    6/10
    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Target

      .s/bash

    • Size

      480KB

    • MD5

      dc7b9585c47ab44830dc84a11e0272fe

    • SHA1

      7d0f6ecfb4985ec8ef003ab1e8bdf0aae5ffbc75

    • SHA256

      68aef1145b4e208cf6600d2ccda0080d8ec7a7fe97354b92a7378b81975fbb63

    • SHA512

      8e870c960053a5b280e6f17cf6b1bbb57a0df1e97799c5416d7ddc03774baba3af5c6d14aa7a3bb51a729f6e88bd7522bb5e950d3da79c97da4869797bb8908e

    • SSDEEP

      6144:Ymw9XywzvzMPz5obmvlJ9RS3Il4js9QneROyYJ0YnTBwLaTubM1DCmPGMhAj6JQ:Ym+XrvUbW4UHTBwLPQ5CNMhRJQ

    Score
    1/10
    • Target

      .s/inst

    • Size

      8KB

    • MD5

      6c52a9539a31632a849b0ecc909ffee8

    • SHA1

      e826bf2d50684e0e94c165e7316114697451188d

    • SHA256

      5b2dffd450a687433073fb358c15e1c8429ba994ecfff53a3c15f96df458c28d

    • SHA512

      ce96043f9b4fbc915f262f63a7bc88f88f7ce59c661306a63e62868160de64f6dc6617ac11440a099d51f2ab0c2a7f2abac0ef528fc625ae37b57bbccd89ba99

    • SSDEEP

      192:7Y3PWlysz/aeeB+qF5Y3PWlyt/aeeB+qFrURuXob:7Y3PiyqQB+qF5Y3PiyJQB+qFuuXob

    Score
    3/10
    • Target

      .s/m.help

    • Size

      22KB

    • MD5

      3867e7b1168f749f94536c85bf94a2c2

    • SHA1

      97fdf5c978400ed9de85555c63a7ba9cfe8b77a6

    • SHA256

      0d1191e8da46fb6461c072b97c94e2b9a139ee6e483a8b615524b47932095d59

    • SHA512

      b072ec3ccc411f75002c6428569e16d98b43386894be9a41a6c43cbbcf50c24c5a745f2175f40668ccf0be66265b830faf4d3db416a64844255fdc3e26db05b0

    • SSDEEP

      192:Pk80z2Z8ECr40jfSHgglM7mu07/+6MhqehT1Szb01wm7FElApsm4rcGB1tRlnMCv:c8YjRqMC5YRsQf7FMrpfR9MxInqKJNok

    Score
    1/10
    • Target

      .s/pico

    • Size

      164KB

    • MD5

      51c7f3ec60f1613aa5202f26d9248ed1

    • SHA1

      835ab0aba3740fcf80fe7238ef4d089d8c5a72c1

    • SHA256

      5e092470ec616d5b866aab0f1a69309b74a48567eec7a250c9a328901a21a498

    • SHA512

      424071e10216836567266cda5ab18876943817e731272ca68f1b96d00e80cef90c286aa5c46fdd5d963014282f39964f46905bda2e18309d6692383e24b5b8b6

    • SSDEEP

      3072:6vq0piaD1aJ3INN6QhldW6dV/T76+eRWPdrJlkODLm729xJtyv0t:6vtjDsYNJdW6dV/T76aPdrJlkOHm729b

    Score
    1/10
    • Target

      .s/run

    • Size

      29B

    • MD5

      978cc6e3ce07787898519aa26f3b429c

    • SHA1

      6240237deb675c81f8352a1352b2d8a0d3019493

    • SHA256

      e0abb3175ea6d042ca49ed299adc0fb2c322ca1e876db21968fc04c90be4fe53

    • SHA512

      9b4a691f80c953cbaff15e01ce11a858eb03a226c7834ca8adfb97c892c51edc8015863ce0ae22be6d4b50d591d923408a143e03c5d6bb9a801f6fcf4f676f9b

    Score
    1/10
    • Target

      .s/start

    • Size

      683B

    • MD5

      72504722ead7f0101f5f92e9f69c9da4

    • SHA1

      94178691b2e67ec7a887442f4d603779b7639243

    • SHA256

      ff7b660a11d5c33a09f75c652aa3f3f837a91de754d22485831acb7011527ee6

    • SHA512

      fce0e9a4f8f65bb2c53fcbdebb59c861def94ae3a12ba43b63f026aa8ff0e0d2fe3a60887dd8195d7d3c77c974dc02049bad76278fb586de11e22a8ce9a90337

    Score
    1/10
    • Target

      .s/xh

    • Size

      27KB

    • MD5

      2d1cf467562e524abb6ca1a6e2367824

    • SHA1

      95fcf96052ce1dd954176f303e5a60052f7016ac

    • SHA256

      eb7830e5387abecb79eadd8ee7447ce7e69bd9131554391fd74bd61987bb1adf

    • SHA512

      bf2808568325752c43adc08674f6cc942071452c2cc1f19a69aefec600ea86a01c0a65e85e824f397cfbc05999a1c031f1175f41a7a80c07a4adfe653ba5deea

    • SSDEEP

      384:vwMJlsIwxX/7U6oVMbuNLhOvO5PbdbFsc8aAYAXkiON2xBBcdCpqSzzjQ:vN6IwxvoV1LhOvubdb2c8aAciC2h4azI

    Score
    1/10
    • Target

      20130202110713_http___diabwolo_altervista_org_ggod_tgz

    • Size

      670KB

    • MD5

      fa83cffaba499ef9817eb272796a397e

    • SHA1

      43f7b788bebafde1ddaae1fecd23ecf9e7af7c2c

    • SHA256

      ec789ea5218fb501492e7863a58821963b05cfb8e039014ca2fb1a710be36736

    • SHA512

      7633d2853148230ab031f1549f148b8184498c24217e34cb80d09423f566a8a0efa9153825b1b732d0dcd8d8cd22de350f2419e2ed669d3c69ec69a1653a336f

    • SSDEEP

      12288:P5pjJEG3Pi4MIFgTaNih1Jm5EspSAtkeSAtk:P3jCG3lMIFgTVh1o5EKSAtkeSAtk

    Score
    1/10
    • Target

      god/-sh

    • Size

      490KB

    • MD5

      389ab8a4839494ca52b3a36067307de8

    • SHA1

      92c1409a53f0620e23d277c82e419624a209517e

    • SHA256

      80dbbd478fff0a8366e69f2869a01560b3ba082ce949ee67e496846d2def4e52

    • SHA512

      227cf646f0e4ad2fc22f8f7b2e0a7ec40584171276d349f860890f7a229d0e40252bd90bed8bc481b9640bc678620089601852b150d450a37f136a980a982cee

    • SSDEEP

      6144:eI0pjcMtEG3EEiMXMaiR0zrUrphYgTaYBqkVas51eZYZOot6Y64Q5ET:e5pjJEG3Pi4MIFgTaNih1Jm5ET

    Score
    1/10
    • Target

      god/autorun

    • Size

      329B

    • MD5

      11ec5904d11d0e96f4bc99360658754e

    • SHA1

      787285e62b08dd2ece9d1b5bd12ab3a46a7de372

    • SHA256

      de45559757e310e6c74dff999465d12d725d2292481d3016f00359dc62b46ac8

    • SHA512

      372f00b2cfaddfe4a911773689767b57bd32c57c0a0b1ac0af96fe093aa0333a5bcc4bbdc08df37cb3e541c7f05a1d898eae018e15963d2f8090ad1a08cdb346

    Score
    6/10
    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Target

      god/install

    • Size

      10KB

    • MD5

      8e1739d29456fdf96f4461ff8e34b0a3

    • SHA1

      af7cc987fbc114986dcad9a18f56a42b38ec7f0a

    • SHA256

      228842573b5f305208c66eaae62a04e9432008d4468882c4776029889249581e

    • SHA512

      5886c7cbfbcd30d42f701a93cfb836c084d47d3fc86a6e185b96748ef41247c5578d877b6a6277b1d557fd45a0b1f0e8b5228d75f283829d53e8275200bd5ecd

    • SSDEEP

      192:kb1H6uopRr8W21ec+BCUIFxmXbvtPPjuDAlx0pxmwJKwSRy2W3:kLogW28SmXbv9yOx0pxmwJKwSRy2W3

    Score
    1/10
    • Target

      god/run

    • Size

      29B

    • MD5

      4daf170ab50024b164c3d12de9b8bf09

    • SHA1

      7e530d1fabf231a1bbabfb2cbe77a9c7e9a95217

    • SHA256

      3cb6e074696ee72604dde63c78811f9cac52dd3cfedb68eec029547c16e5f04b

    • SHA512

      bddfd68a56c0a67e220b44df73844fa1249858141976c6348eb82fcdc8c802508b0b4ecb4dc50e1e821742e29c8db2ece809b44ef1973bc3f2901c0935e1a048

    Score
    1/10
    • Target

      god/start

    • Size

      608B

    • MD5

      d4655a3bdcb9e18c6718c29eda91725b

    • SHA1

      61cdc7f4dc3cd69198e7444df590b3d0a3e9847d

    • SHA256

      e0922a46a0f8e40d59a57511ca24079be9a03b423c42bb206dafe38b718dcd53

    • SHA512

      e46c084a7941c39e9279240d2febd77d2bfcf2cc805a179105de7a5f2f4237f3080bd871b65ab678cdc294e95f525c740a8ba74713462f6c886aa701fd46cc9c

    Score
    1/10
    • Target

      god/update

    • Size

      172B

    • MD5

      ccf94fbef4f401a5dde154b3341a604d

    • SHA1

      f24b29d8eab5b1e02e861cc60583fa1e2f51b13e

    • SHA256

      9b27210c3a73720720502ab4f71e1c1415c339647f7e91acc10aba944bfd74dd

    • SHA512

      c0d5e3945a5b1eb60b05008188e6f53a6bd2c6b740113ce30ae9a13d7ae38d299e52e1d186b9e0babdad736c1d8de12d1b1095a1238e85a7bedd366975dfddbd

    Score
    1/10
    • Target

      god/zmeu.help

    • Size

      22KB

    • MD5

      3867e7b1168f749f94536c85bf94a2c2

    • SHA1

      97fdf5c978400ed9de85555c63a7ba9cfe8b77a6

    • SHA256

      0d1191e8da46fb6461c072b97c94e2b9a139ee6e483a8b615524b47932095d59

    • SHA512

      b072ec3ccc411f75002c6428569e16d98b43386894be9a41a6c43cbbcf50c24c5a745f2175f40668ccf0be66265b830faf4d3db416a64844255fdc3e26db05b0

    • SSDEEP

      192:Pk80z2Z8ECr40jfSHgglM7mu07/+6MhqehT1Szb01wm7FElApsm4rcGB1tRlnMCv:c8YjRqMC5YRsQf7FMrpfR9MxInqKJNok

    Score
    1/10
    • Target

      sc/L

    • Size

      408B

    • MD5

      87e05775a0ba9e28644526d429a8f547

    • SHA1

      a79c99810bdedcf7651b1a771939714c17b0acc8

    • SHA256

      449381e564580872be339f52fe64b8cab3b7c36a8c2059bba8da0e14071e5a60

    • SHA512

      d4676cab0f31e26a195d64fd9be769e8b768252bdeef4a8e2ae2d877c52ab95a67ca56ae638e9833e8128e3c7394c01c407eaf70893a191c5e718adf4f68038f

    Score
    1/10
    • Target

      sc/exim

    • Size

      11KB

    • MD5

      c0347a62042023782bd571e73869ce84

    • SHA1

      85315bbe34ee70eecc5809f722baf4f5d0f39609

    • SHA256

      c692b9e2b8c45c7e724af8c840133c308d947b7d872a0e99e8980d644d99d31f

    • SHA512

      34b75aa205c646dd50f8f0ee88c11afa6fcb6b66c906b832d5cd46c04f0566fd53c2c0585246ccfe99c245dcadd793a4d7bde965b3fc6b8c0f379ad7114da5f2

    • SSDEEP

      192:fgY2alL4AXrZmatZk2BaeFtY7nKdT3Z5D1c+SUtXPHjENyN1:fgGL4eRtJBZfT3ZZ1cZ6DT

    Score
    1/10
    • Target

      sc/ss

    • Size

      443KB

    • MD5

      b51a52c9c82bb4401659b4c17c60f89f

    • SHA1

      b45ae5d8d3069ee7f880dd461c931fa711b6ad3d

    • SHA256

      97093a1ef729cb954b2a63d7ccc304b18d0243e2a77d87bbbb94741a0290d762

    • SHA512

      600c956d612b9b59d9846d5e83c009b6bac646ef2ba763dd54126ddf2e1a2c86c70960dbc9f836e6cbd6c7296c3f1801151a1548af904c61375d096c23aa0f68

    • SSDEEP

      6144:gIM21beIrQCxAeQmnT3V3xNNZkYgy2CZTLdUyh:NdbeIrT9QmbVDNZkMZLdUq

    Score
    1/10
    • Target

      sc/x.pl

    • Size

      2KB

    • MD5

      ce13ac9ada3d92b5f557624d7dc88788

    • SHA1

      656f29a69a9225da48331a548038b71f836859e3

    • SHA256

      640198efdc73fa5b82640611876458960ba8da747941e5cf86ba1a96c6f546bc

    • SHA512

      3462d81feff854e7df3e92eb712994ddd06aa0267156f774e28ff5282f91eb6b6eaffb003e2e456b547596d982dd3621e993a125c74d2e4fbb9b1860831eb8b1

    Score
    1/10
    • Target

      20130202111520_http___diabwolo_altervista_org_mysql

    • Size

      31KB

    • MD5

      99330e331381af3a64a0159a051c82b0

    • SHA1

      3b4ea98652ae5dc7fd77a500ce5b353b934f4f5f

    • SHA256

      c7851dd9d100878de225c9b7eaf761c05c37efde8d95b52981171d45f6414a50

    • SHA512

      34d79674a809f12019011c18621d73a9ebb4b7f9a9bec256f790d149560303f848104cc309c53fce758b65e33b1b3d64ebbc4528aa3e69fbf10dbbf2d6886a09

    • SSDEEP

      384:kdMCsJCEM778JDGbl1siahkMfd43+yZKB3lp:kfsJCj778JoyiGRyEB3D

    Score
    4/10

MITRE ATT&CK Enterprise v15

Tasks