29095ae1431f6c1f158fdd6976c5505df56bc0a31bc05d0ccb6bb591ed48e0ac

Resubmissions

23/07/2024, 21:32

240723-1d16aazdjk 1

23/07/2024, 21:32

240723-1dsh5ssgkh 6

23/07/2024, 21:10

240723-z1hrsasakd 1

Sharing

Copy URL

Twitter E-mail

General

Target

Crack.zip
Size

1.8MB
Sample

240723-1dsh5ssgkh
MD5

d5a9a68a9bb3a1a4748c77b7d06588bf
SHA1

fe3626a74d15267c1a4feac7c9725d956397f693
SHA256

29095ae1431f6c1f158fdd6976c5505df56bc0a31bc05d0ccb6bb591ed48e0ac
SHA512

1c17651d919e714a1585c9abc5793e270015ce78bad6928c66da690d2ee536d1cfd10bde781802ad9f33cd9344ee857e4b990af13432422ed82f7623ec973746
SSDEEP

49152:LFrN8oN93uuGymzSO8ZpqTwPlLHNf2Q5jD3I8u2:Lgy4u9O8HTPlLBd7d

Score

6^/10

Malware Config

Targets

- Target
  
  gosh/a
- Size
  
  1001B
- MD5
  
  3567c927841e88352d937feceaf02051
- SHA1
  
  a82d099011463ac42a5cfa7ee5c91b5f7854f8eb
- SHA256
  
  1405ed49200d2da24f0460af545c771003de444800a29e706ac58d28c57288a7
- SHA512
  
  eb88f663b674eef5da9a91f42376b7ec11462a6c1451a727da0766e6c580ba9cf5c9d47f910a49741b05c65c55fa0795b14792a6faed4ac154dee73f51461c5b
Score

6^/10

discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1
- Target
  
  gosh/bash
- Size
  
  822KB
- MD5
  
  c7d7e861826a4fa7db2b92b27c36e5e2
- SHA1
  
  95a5ff1372f352434525a416570eef4379ebac19
- SHA256
  
  8dfe94a1b02d1330886ad4458b32db3da4b872f9c2116657840de499fee5438a
- SHA512
  
  c5bf98e94fb0b87cc47b5b32834479c5f02fe75e385153429fcff6bac84e910db80463106fecd338e38174dc7272a6040db2c70cef6a8ddcdf6821c0b5a721ef
- SSDEEP
  
  24576:U8dJG9L4f0TYRsbalWjFm4z33bavoZ48ZZ2HQ:dzG9LvDbalG04rb6oZ4cQHQ
Score

1^/10
behavioral2
- Target
  
  gosh/common
- Size
  
  34KB
- MD5
  
  dbfc44d20945f5411b715b5c725cb30c
- SHA1
  
  2458c5bd32d683e7e92daaf9541f18fefd49ea2d
- SHA256
  
  96cf3ce970e9d19cc1dddb190440318fe2de59cc88831f1ebe8fb47d86d1fef2
- SHA512
  
  9bcc307f188e17c0027fa9c565d3af50cfcab4242a0307f9b7919868b824a530954bba01c6593dbe3b8784e9927f06c91c81bf1e1532ec4bb464bb7a0b859c58
- SSDEEP
  
  768:1LJwCp2gfDH42NpshNkkOG0Qau8AkQD09WiQB4Xjxc37zuIwcm:J2FNkkHN09WiQB8U7iv
Score

3^/10
behavioral3
- Target
  
  gosh/go
- Size
  
  868B
- MD5
  
  0dc890627d049393e848d9d2f9aeab0e
- SHA1
  
  cd96f6776ca92377ab0a77dc5fe34ae1fead1798
- SHA256
  
  09088269595f513a22e9abfc122e25be31fd05291980f300528570423484ffbc
- SHA512
  
  1814a4d026a98a9702161859e4b911751e35005f6720f423583ccfba6ca9549cc861ebc57cac7df9c3013f5337af3f94be0cec75da3006fd5e727794560ddaf5
Score

6^/10

discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral4
- Target
  
  gosh/pscan2
- Size
  
  9KB
- MD5
  
  edf4d6003c9c68774438e4fb25198dab
- SHA1
  
  90192522d6ff4337ce16e88e172bdad566dbc2b7
- SHA256
  
  41479cf051c146a0cb1447d5e924f15044dadbf4b2d1e504ee593499b2bc2f54
- SHA512
  
  3de4504f0ccdb41dc016abdc72ed7ebb0e04bcd9b2f5da415fc5e8cbf94cb03dc2ad8e0fd2f8ad981cdcb92c33de1423d12b3e10ce0ba417d02e8f92b3450e2b
- SSDEEP
  
  96:f8BTwTEcfUzGPh5/eDZVOSzS0t/Fu8apScqIUVFzOwPSx+S5Abahf5PKtf2G2:f6TeEcfUzEwnVzSKFNapSciTPS5Ao53n
Score

1^/10
behavioral5
- Target
  
  gosh/screen
- Size
  
  244KB
- MD5
  
  cbf0f41bbbafb1c2609bedb943be3b36
- SHA1
  
  a240a0118739e72ff89cefa2540bf0d7da8f8a6c
- SHA256
  
  2413af510a75ada34716165992a425b35f62ba1478f63746502afd8a8a156b80
- SHA512
  
  388cdc9f027aeb2b0ca336e5e262472fa8f0782727abe1e7d53723b4c36108e8b71167c06b9e5e7fb6a91ca4c9bc38be5d509ea17645cd1d23e5685307929943
- SSDEEP
  
  3072:vgQ7G4bDuK/gBrcsP3a89qIW5OnApX2KnZJ5l8cZZbel8Ur5fURH59UlNmXXPqHw:vg5SSK/DsyZnpXndqWkr5sH54N2fq
Score

1^/10
behavioral6
- Target
  
  gosh/ss
- Size
  
  443KB
- MD5
  
  b51a52c9c82bb4401659b4c17c60f89f
- SHA1
  
  b45ae5d8d3069ee7f880dd461c931fa711b6ad3d
- SHA256
  
  97093a1ef729cb954b2a63d7ccc304b18d0243e2a77d87bbbb94741a0290d762
- SHA512
  
  600c956d612b9b59d9846d5e83c009b6bac646ef2ba763dd54126ddf2e1a2c86c70960dbc9f836e6cbd6c7296c3f1801151a1548af904c61375d096c23aa0f68
- SSDEEP
  
  6144:gIM21beIrQCxAeQmnT3V3xNNZkYgy2CZTLdUyh:NdbeIrT9QmbVDNZkMZLdUq
Score

1^/10
behavioral7
- Target
  
  20130119064211_http___safe_land_ru_altele_plutto_tgz
- Size
  
  850KB
- MD5
  
  c8121c396d3d3e0b4ee1164fee06d6ea
- SHA1
  
  631dfb2b289934a0ebc324d5229b8748ea3f3c13
- SHA256
  
  51501f3d7902749e29a6474edac840e9b24a97c845bbdc6a1d7d00c0c1429154
- SHA512
  
  b3cfaad2b03d0ac5495939aff3aeb765b4d83639512aec73b1cca3c8ecafbe536e23a7405a0814d7fd610b990c340d9500d0b34f034a5cd5a470cf86c48f7756
- SSDEEP
  
  24576:aTXrMbWhTBwLPQjhRJzlJfpBLSAtke9SAtk:OXrhTBwLPczBLSgTSg
Score

1^/10
behavioral8
- Target
  
  .s/autorun
- Size
  
  317B
- MD5
  
  9729c037cb0a32811ba3eb15e3c8a789
- SHA1
  
  6e67d4929c0b87dd05afe1b3f5f0aed2852885c4
- SHA256
  
  5f03b45dc87f35120fd01f18150d2c3c807c9dc22d9433208d1bd14d5d581260
- SHA512
  
  ed9131f48df4f3f6503b38f064ef07c7d9a235280ecf03a0a2852f268b98e42b8b445931536bd4a4a4344fefb8a05594dae094e7e7795c9690ab5ca568b1ff8c
Score

6^/10

persistence
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral9
- Target
  
  .s/bash
- Size
  
  480KB
- MD5
  
  dc7b9585c47ab44830dc84a11e0272fe
- SHA1
  
  7d0f6ecfb4985ec8ef003ab1e8bdf0aae5ffbc75
- SHA256
  
  68aef1145b4e208cf6600d2ccda0080d8ec7a7fe97354b92a7378b81975fbb63
- SHA512
  
  8e870c960053a5b280e6f17cf6b1bbb57a0df1e97799c5416d7ddc03774baba3af5c6d14aa7a3bb51a729f6e88bd7522bb5e950d3da79c97da4869797bb8908e
- SSDEEP
  
  6144:Ymw9XywzvzMPz5obmvlJ9RS3Il4js9QneROyYJ0YnTBwLaTubM1DCmPGMhAj6JQ:Ym+XrvUbW4UHTBwLPQ5CNMhRJQ
Score

1^/10
behavioral10
- Target
  
  .s/inst
- Size
  
  8KB
- MD5
  
  6c52a9539a31632a849b0ecc909ffee8
- SHA1
  
  e826bf2d50684e0e94c165e7316114697451188d
- SHA256
  
  5b2dffd450a687433073fb358c15e1c8429ba994ecfff53a3c15f96df458c28d
- SHA512
  
  ce96043f9b4fbc915f262f63a7bc88f88f7ce59c661306a63e62868160de64f6dc6617ac11440a099d51f2ab0c2a7f2abac0ef528fc625ae37b57bbccd89ba99
- SSDEEP
  
  192:7Y3PWlysz/aeeB+qF5Y3PWlyt/aeeB+qFrURuXob:7Y3PiyqQB+qF5Y3PiyJQB+qFuuXob
Score

3^/10
behavioral11
- Target
  
  .s/m.help
- Size
  
  22KB
- MD5
  
  3867e7b1168f749f94536c85bf94a2c2
- SHA1
  
  97fdf5c978400ed9de85555c63a7ba9cfe8b77a6
- SHA256
  
  0d1191e8da46fb6461c072b97c94e2b9a139ee6e483a8b615524b47932095d59
- SHA512
  
  b072ec3ccc411f75002c6428569e16d98b43386894be9a41a6c43cbbcf50c24c5a745f2175f40668ccf0be66265b830faf4d3db416a64844255fdc3e26db05b0
- SSDEEP
  
  192:Pk80z2Z8ECr40jfSHgglM7mu07/+6MhqehT1Szb01wm7FElApsm4rcGB1tRlnMCv:c8YjRqMC5YRsQf7FMrpfR9MxInqKJNok
Score

1^/10
behavioral12
- Target
  
  .s/pico
- Size
  
  164KB
- MD5
  
  51c7f3ec60f1613aa5202f26d9248ed1
- SHA1
  
  835ab0aba3740fcf80fe7238ef4d089d8c5a72c1
- SHA256
  
  5e092470ec616d5b866aab0f1a69309b74a48567eec7a250c9a328901a21a498
- SHA512
  
  424071e10216836567266cda5ab18876943817e731272ca68f1b96d00e80cef90c286aa5c46fdd5d963014282f39964f46905bda2e18309d6692383e24b5b8b6
- SSDEEP
  
  3072:6vq0piaD1aJ3INN6QhldW6dV/T76+eRWPdrJlkODLm729xJtyv0t:6vtjDsYNJdW6dV/T76aPdrJlkOHm729b
Score

1^/10
behavioral13
- Target
  
  .s/run
- Size
  
  29B
- MD5
  
  978cc6e3ce07787898519aa26f3b429c
- SHA1
  
  6240237deb675c81f8352a1352b2d8a0d3019493
- SHA256
  
  e0abb3175ea6d042ca49ed299adc0fb2c322ca1e876db21968fc04c90be4fe53
- SHA512
  
  9b4a691f80c953cbaff15e01ce11a858eb03a226c7834ca8adfb97c892c51edc8015863ce0ae22be6d4b50d591d923408a143e03c5d6bb9a801f6fcf4f676f9b
Score

1^/10
behavioral14
- Target
  
  .s/start
- Size
  
  683B
- MD5
  
  72504722ead7f0101f5f92e9f69c9da4
- SHA1
  
  94178691b2e67ec7a887442f4d603779b7639243
- SHA256
  
  ff7b660a11d5c33a09f75c652aa3f3f837a91de754d22485831acb7011527ee6
- SHA512
  
  fce0e9a4f8f65bb2c53fcbdebb59c861def94ae3a12ba43b63f026aa8ff0e0d2fe3a60887dd8195d7d3c77c974dc02049bad76278fb586de11e22a8ce9a90337
Score

1^/10
behavioral15
- Target
  
  .s/xh
- Size
  
  27KB
- MD5
  
  2d1cf467562e524abb6ca1a6e2367824
- SHA1
  
  95fcf96052ce1dd954176f303e5a60052f7016ac
- SHA256
  
  eb7830e5387abecb79eadd8ee7447ce7e69bd9131554391fd74bd61987bb1adf
- SHA512
  
  bf2808568325752c43adc08674f6cc942071452c2cc1f19a69aefec600ea86a01c0a65e85e824f397cfbc05999a1c031f1175f41a7a80c07a4adfe653ba5deea
- SSDEEP
  
  384:vwMJlsIwxX/7U6oVMbuNLhOvO5PbdbFsc8aAYAXkiON2xBBcdCpqSzzjQ:vN6IwxvoV1LhOvubdb2c8aAciC2h4azI
Score

1^/10
behavioral16
- Target
  
  20130202110713_http___diabwolo_altervista_org_ggod_tgz
- Size
  
  670KB
- MD5
  
  fa83cffaba499ef9817eb272796a397e
- SHA1
  
  43f7b788bebafde1ddaae1fecd23ecf9e7af7c2c
- SHA256
  
  ec789ea5218fb501492e7863a58821963b05cfb8e039014ca2fb1a710be36736
- SHA512
  
  7633d2853148230ab031f1549f148b8184498c24217e34cb80d09423f566a8a0efa9153825b1b732d0dcd8d8cd22de350f2419e2ed669d3c69ec69a1653a336f
- SSDEEP
  
  12288:P5pjJEG3Pi4MIFgTaNih1Jm5EspSAtkeSAtk:P3jCG3lMIFgTVh1o5EKSAtkeSAtk
Score

1^/10
behavioral17
- Target
  
  god/-sh
- Size
  
  490KB
- MD5
  
  389ab8a4839494ca52b3a36067307de8
- SHA1
  
  92c1409a53f0620e23d277c82e419624a209517e
- SHA256
  
  80dbbd478fff0a8366e69f2869a01560b3ba082ce949ee67e496846d2def4e52
- SHA512
  
  227cf646f0e4ad2fc22f8f7b2e0a7ec40584171276d349f860890f7a229d0e40252bd90bed8bc481b9640bc678620089601852b150d450a37f136a980a982cee
- SSDEEP
  
  6144:eI0pjcMtEG3EEiMXMaiR0zrUrphYgTaYBqkVas51eZYZOot6Y64Q5ET:e5pjJEG3Pi4MIFgTaNih1Jm5ET
Score

1^/10
behavioral18
- Target
  
  god/autorun
- Size
  
  329B
- MD5
  
  11ec5904d11d0e96f4bc99360658754e
- SHA1
  
  787285e62b08dd2ece9d1b5bd12ab3a46a7de372
- SHA256
  
  de45559757e310e6c74dff999465d12d725d2292481d3016f00359dc62b46ac8
- SHA512
  
  372f00b2cfaddfe4a911773689767b57bd32c57c0a0b1ac0af96fe093aa0333a5bcc4bbdc08df37cb3e541c7f05a1d898eae018e15963d2f8090ad1a08cdb346
Score

6^/10

persistence
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral19
- Target
  
  god/install
- Size
  
  10KB
- MD5
  
  8e1739d29456fdf96f4461ff8e34b0a3
- SHA1
  
  af7cc987fbc114986dcad9a18f56a42b38ec7f0a
- SHA256
  
  228842573b5f305208c66eaae62a04e9432008d4468882c4776029889249581e
- SHA512
  
  5886c7cbfbcd30d42f701a93cfb836c084d47d3fc86a6e185b96748ef41247c5578d877b6a6277b1d557fd45a0b1f0e8b5228d75f283829d53e8275200bd5ecd
- SSDEEP
  
  192:kb1H6uopRr8W21ec+BCUIFxmXbvtPPjuDAlx0pxmwJKwSRy2W3:kLogW28SmXbv9yOx0pxmwJKwSRy2W3
Score

1^/10
behavioral20
- Target
  
  god/run
- Size
  
  29B
- MD5
  
  4daf170ab50024b164c3d12de9b8bf09
- SHA1
  
  7e530d1fabf231a1bbabfb2cbe77a9c7e9a95217
- SHA256
  
  3cb6e074696ee72604dde63c78811f9cac52dd3cfedb68eec029547c16e5f04b
- SHA512
  
  bddfd68a56c0a67e220b44df73844fa1249858141976c6348eb82fcdc8c802508b0b4ecb4dc50e1e821742e29c8db2ece809b44ef1973bc3f2901c0935e1a048
Score

1^/10
behavioral21
- Target
  
  god/start
- Size
  
  608B
- MD5
  
  d4655a3bdcb9e18c6718c29eda91725b
- SHA1
  
  61cdc7f4dc3cd69198e7444df590b3d0a3e9847d
- SHA256
  
  e0922a46a0f8e40d59a57511ca24079be9a03b423c42bb206dafe38b718dcd53
- SHA512
  
  e46c084a7941c39e9279240d2febd77d2bfcf2cc805a179105de7a5f2f4237f3080bd871b65ab678cdc294e95f525c740a8ba74713462f6c886aa701fd46cc9c
Score

1^/10
behavioral22
- Target
  
  god/update
- Size
  
  172B
- MD5
  
  ccf94fbef4f401a5dde154b3341a604d
- SHA1
  
  f24b29d8eab5b1e02e861cc60583fa1e2f51b13e
- SHA256
  
  9b27210c3a73720720502ab4f71e1c1415c339647f7e91acc10aba944bfd74dd
- SHA512
  
  c0d5e3945a5b1eb60b05008188e6f53a6bd2c6b740113ce30ae9a13d7ae38d299e52e1d186b9e0babdad736c1d8de12d1b1095a1238e85a7bedd366975dfddbd
Score

1^/10
behavioral23
- Target
  
  god/zmeu.help
- Size
  
  22KB
- MD5
  
  3867e7b1168f749f94536c85bf94a2c2
- SHA1
  
  97fdf5c978400ed9de85555c63a7ba9cfe8b77a6
- SHA256
  
  0d1191e8da46fb6461c072b97c94e2b9a139ee6e483a8b615524b47932095d59
- SHA512
  
  b072ec3ccc411f75002c6428569e16d98b43386894be9a41a6c43cbbcf50c24c5a745f2175f40668ccf0be66265b830faf4d3db416a64844255fdc3e26db05b0
- SSDEEP
  
  192:Pk80z2Z8ECr40jfSHgglM7mu07/+6MhqehT1Szb01wm7FElApsm4rcGB1tRlnMCv:c8YjRqMC5YRsQf7FMrpfR9MxInqKJNok
Score

1^/10
behavioral24
- Target
  
  sc/L
- Size
  
  408B
- MD5
  
  87e05775a0ba9e28644526d429a8f547
- SHA1
  
  a79c99810bdedcf7651b1a771939714c17b0acc8
- SHA256
  
  449381e564580872be339f52fe64b8cab3b7c36a8c2059bba8da0e14071e5a60
- SHA512
  
  d4676cab0f31e26a195d64fd9be769e8b768252bdeef4a8e2ae2d877c52ab95a67ca56ae638e9833e8128e3c7394c01c407eaf70893a191c5e718adf4f68038f
Score

1^/10
behavioral25
- Target
  
  sc/exim
- Size
  
  11KB
- MD5
  
  c0347a62042023782bd571e73869ce84
- SHA1
  
  85315bbe34ee70eecc5809f722baf4f5d0f39609
- SHA256
  
  c692b9e2b8c45c7e724af8c840133c308d947b7d872a0e99e8980d644d99d31f
- SHA512
  
  34b75aa205c646dd50f8f0ee88c11afa6fcb6b66c906b832d5cd46c04f0566fd53c2c0585246ccfe99c245dcadd793a4d7bde965b3fc6b8c0f379ad7114da5f2
- SSDEEP
  
  192:fgY2alL4AXrZmatZk2BaeFtY7nKdT3Z5D1c+SUtXPHjENyN1:fgGL4eRtJBZfT3ZZ1cZ6DT
Score

1^/10
behavioral26
- Target
  
  sc/ss
- Size
  
  443KB
- MD5
  
  b51a52c9c82bb4401659b4c17c60f89f
- SHA1
  
  b45ae5d8d3069ee7f880dd461c931fa711b6ad3d
- SHA256
  
  97093a1ef729cb954b2a63d7ccc304b18d0243e2a77d87bbbb94741a0290d762
- SHA512
  
  600c956d612b9b59d9846d5e83c009b6bac646ef2ba763dd54126ddf2e1a2c86c70960dbc9f836e6cbd6c7296c3f1801151a1548af904c61375d096c23aa0f68
- SSDEEP
  
  6144:gIM21beIrQCxAeQmnT3V3xNNZkYgy2CZTLdUyh:NdbeIrT9QmbVDNZkMZLdUq
Score

1^/10
behavioral27
- Target
  
  sc/x.pl
- Size
  
  2KB
- MD5
  
  ce13ac9ada3d92b5f557624d7dc88788
- SHA1
  
  656f29a69a9225da48331a548038b71f836859e3
- SHA256
  
  640198efdc73fa5b82640611876458960ba8da747941e5cf86ba1a96c6f546bc
- SHA512
  
  3462d81feff854e7df3e92eb712994ddd06aa0267156f774e28ff5282f91eb6b6eaffb003e2e456b547596d982dd3621e993a125c74d2e4fbb9b1860831eb8b1
Score

1^/10
behavioral28
- Target
  
  20130202111520_http___diabwolo_altervista_org_mysql
- Size
  
  31KB
- MD5
  
  99330e331381af3a64a0159a051c82b0
- SHA1
  
  3b4ea98652ae5dc7fd77a500ce5b353b934f4f5f
- SHA256
  
  c7851dd9d100878de225c9b7eaf761c05c37efde8d95b52981171d45f6414a50
- SHA512
  
  34d79674a809f12019011c18621d73a9ebb4b7f9a9bec256f790d149560303f848104cc309c53fce758b65e33b1b3d64ebbc4528aa3e69fbf10dbbf2d6886a09
- SSDEEP
  
  384:kdMCsJCEM778JDGbl1siahkMfd43+yZKB3lp:kfsJCj778JoyiGRyEB3D
Score

4^/10
behavioral29

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Creates a large amount of network flows

Creates a large amount of network flows

Creates/modifies Cron job

Creates/modifies Cron job

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29