kuiper | 18329606313[.]zip

General

Target

18329606313.zip
Size

1.1MB
MD5

d446c7d769258031a89bf6a9f9f1dce3
SHA1

124e7599ab2f9e10d2b89c8280f9046ee1425693
SHA256

8151974cfc35845346547f537e3df725bf4d11123b7b51a36f348a9b62010ae0
SHA512

5840df597d37b5b2640a6e1761a712680fa9e6edeb2bf7719a2d1f8cd0afccf60407c1f3d892128b8beed27e5377e486f02960df79e5bbc055f61e2caf985eb8
SSDEEP

24576:05JmZ3PHPG3Dv95sNBSIISZR0LkAzHYuBAEWm95eY1qyuOrb/:YJ2PvG3DvLsNBSIIYR0oAzHfBAzmbn3f

Score

10^/10

kuiper

Malware Config

Signatures

Kuiper family
kuiper

Kuiper is a multiplatform and architecture golang-based ransomware 1 IoCs

resource	yara_rule
static1/unpack001/d6c1d2e77ce21d5a026e7abf99c9fffe55d87b282f460dc737da231211a12a0d	kuiper

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d6c1d2e77ce21d5a026e7abf99c9fffe55d87b282f460dc737da231211a12a0d

Files

18329606313.zip
.zip

Password: infected
d6c1d2e77ce21d5a026e7abf99c9fffe55d87b282f460dc737da231211a12a0d
.exe windows:6 windows x86 arch:x86

Password: infected

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 109KB - Virtual size: 284KB

.idata Size: 1024B - Virtual size: 988B

.reloc Size: 51KB - Virtual size: 51KB

.symtab Size: 512B - Virtual size: 4B

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 109KB - Virtual size: 284KB

.idata
Size: 1024B - Virtual size: 988B

.reloc
Size: 51KB - Virtual size: 51KB

.symtab
Size: 512B - Virtual size: 4B