Extracted

• • Target

    MegaLoader FIXED/COMPONENTS/VC_redist.x64.exe

  • Size

    24.2MB

  • MD5

    1d545507009cc4ec7409c1bc6e93b17b

  • SHA1

    84c61fadf8cd38016fb7632969b3ace9e54b763a

  • SHA256

    3642e3f95d50cc193e4b5a0b0ffbf7fe2c08801517758b4c8aeb7105a091208a

  • SHA512

    5935b69f5138ac3fbc33813c74da853269ba079f910936aefa95e230c6092b92f6225bffb594e5dd35ff29bf260e4b35f91adede90fdf5f062030d8666fd0104

  • SSDEEP

    786432:tSp+Ty2SfUfnbDDko5dFMYqlQbgAVLSElbmucMuZZxs6Sf:4p+Ty2SfWnHDk8FjVbfzPTq4

  Score

  4^/10

  discovery
  behavioral1

• • Target

    MegaLoader FIXED/COMPONENTS/VC_redist.x86.exe

  • Size

    13.2MB

  • MD5

    8457542fd4be74cb2c3a92b3386ae8e9

  • SHA1

    198722b4f5fc62721910569d9d926dce22730c22

  • SHA256

    a32dd41eaab0c5e1eaa78be3c0bb73b48593de8d97a7510b97de3fd993538600

  • SHA512

    91a6283f774f9e2338b65aa835156854e9e76aed32f821b13cfd070dd6c87e1542ce2d5845beb5e4af1ddb102314bb6e0ad6214d896bb3e387590a01eae0c182

  • SSDEEP

    393216:x3RwlptVYmfr7yBG/4uOzH01/Nc1eJ/RXZMPDyiX:xGpttD7yBG/jx1/N/tZUDJ

  Score

  4^/10

  discovery
  behavioral2

• • Target

    MegaLoader FIXED/COMPONENTS/dxwebsetup.exe

  • Size

    288KB

  • MD5

    2cbd6ad183914a0c554f0739069e77d7

  • SHA1

    7bf35f2afca666078db35ca95130beb2e3782212

  • SHA256

    2cf71d098c608c56e07f4655855a886c3102553f648df88458df616b26fd612f

  • SHA512

    ff1af2d2a883865f2412dddcd68006d1907a719fe833319c833f897c93ee750bac494c0991170dc1cf726b3f0406707daa361d06568cd610eeb4ed1d9c0fbb10

  • SSDEEP

    6144:kWK8fc2liXmrLxcdRDLiH1vVRGVOhMp421/7YQV:VcvgLARDI1KIOzO0

  Score

  7^/10

  discoverypersistence

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  behavioral3

• • Target

    MegaLoader FIXED/COMPONENTS/windowsdesktop-runtime-8.0.6-win-x64.exe

  • Size

    55.9MB

  • MD5

    d9175cfd252f03fc2bad1ced274d81bc

  • SHA1

    83a2867b09c0a7d4e95d1a26ac0fba7ca87cfb5b

  • SHA256

    6ca28cc70a9d85ac8ec0cf1faaefdcda045af0d1d46acd66e28a6d1863dfe026

  • SHA512

    91bec94f32609fd194ac47a893cea1466e6ad25a16bbaf39cd6989fa9f09e865ba87669aabfe26cd3c8f2a57296170cc021dc762e238a6c5cb5e843d3df3169f

  • SSDEEP

    1572864:NszAFqme0Vy59mhJ5Jvv9mJHsUC+jy7mQW+JfTE:+zAFqyo9mhHJvv9izjy7mQvJ4

  Score

  4^/10

  discovery
  behavioral4

• • Target

    MegaLoader FIXED/FIXER/DRIVER.exe

  • Size

    115KB

  • MD5

    2e02c5ddc17eebb8ea41ac96b81931dc

  • SHA1

    0c170d5a0f8ad30c626a6744ad984a70bbbfdd15

  • SHA256

    26fd5047f1a005975c8a70b4c4f6cdd5039a614b316e07df273a29a7622e3239

  • SHA512

    74b20b94a721d26152357ff79ab7dcabf57f91f30bed47315c0b43167163d56135ef88667b8a9b99ef1f883be9c6c297020d49b1ec8d9bf083ef02c073d69776

  • SSDEEP

    1536:+8kZVfG5Pq8rGZd3RpHpc7f+W4O6eh9+5p65MKZjUue4/Xzexcwcn+lIAzYeeDsa:I7GRqPrJc7f4Tei5Ahjx4mbH

  Score

  10^/10

  phemedronecredential_accessspywarestealer

  • Phemedrone

    An information and wallet stealer written in C#.

    stealerphemedrone

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer
  behavioral5

• • Target

    MegaLoader FIXED/FtEaCrack.dll

  • Size

    191KB

  • MD5

    d4f8ae345021cae486be8bcdd9bd67b8

  • SHA1

    e8ddcaf1dbdece8533b7f07bc9844dd4c30a0f33

  • SHA256

    81869b28329d9accfd6c1f19a8a65386027d546702f0ec59f61ef1f4a317ad41

  • SHA512

    343fed6257b5f681115833a37a45bf749266afecb79e6c5dfcb2c9fc1bb5e53aea686617983d7c05e355cfa638a8f140193a269ead0753fb7b3525904944a8e8

  • SSDEEP

    768:bwgcJtosu+MoaYakv/cCD+MoaYakv/cCdQ0+md+/9B7IAVz51qd73zyVVjdDQ7SH:bwjJvzMfYaogMfYaogWUlYpA6OZGc

  Score

  4^/10
  behavioral6

• • Target

    MegaLoader FIXED/FtEaCrack.dll.config

  • Size

    806B

  • MD5

    b9cf91b1a28bf318b8081eb7a782bd55

  • SHA1

    1228320f178c54fc35ec4b07c312fada0f4fbe7a

  • SHA256

    5dd16563498d44a8be1f0288f2f77ad61f1b976eb07cdf8f99b37a7cc489a1e3

  • SHA512

    e99b8863da2aae9019419c815834921490d9afd18745d44da476bf8878a4ff19b5ce896b5de7a4ce251c589725872a00a458d5a17e82bbef0e72eb05b04cc3f1

  Score

  3^/10
  behavioral7

• • Target

    MegaLoader FIXED/MEGALOADER.exe

  • Size

    115KB

  • MD5

    2e02c5ddc17eebb8ea41ac96b81931dc

  • SHA1

    0c170d5a0f8ad30c626a6744ad984a70bbbfdd15

  • SHA256

    26fd5047f1a005975c8a70b4c4f6cdd5039a614b316e07df273a29a7622e3239

  • SHA512

    74b20b94a721d26152357ff79ab7dcabf57f91f30bed47315c0b43167163d56135ef88667b8a9b99ef1f883be9c6c297020d49b1ec8d9bf083ef02c073d69776

  • SSDEEP

    1536:+8kZVfG5Pq8rGZd3RpHpc7f+W4O6eh9+5p65MKZjUue4/Xzexcwcn+lIAzYeeDsa:I7GRqPrJc7f4Tei5Ahjx4mbH

  Score

  10^/10

  phemedronecredential_accessspywarestealer

  • Phemedrone

    An information and wallet stealer written in C#.

    stealerphemedrone

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer
  behavioral8