Resubmissions

26/07/2024, 16:04

240726-thx6vs1hna 10

26/07/2024, 16:02

240726-thaqka1hkg 10

General

  • Target

    turla.zip

  • Size

    145KB

  • MD5

    5c7250ff6330d8f16c349f64098de2bd

  • SHA1

    b2eb3e01e0ec6d3dd60f3e7b348186dca84365d1

  • SHA256

    f025d040abcda23e6aa4e531f01df5351276f309e7fbf84be5e3cf4da65af17c

  • SHA512

    a13e456eac207d9566f6c0da39b2de0451d96fc4fd0525e34c853906e44d74c62a8780ba4de168759d39094f4d0d74577d0016cd629bec8240a543af786860ec

  • SSDEEP

    3072:S/Ikwue7zNcxXpIVWfFuIEa9n556ohlpTuL1fohjqy2VWVN2fWXdtt:Mwue9cxZIVWfFuIE8amnCoUy2VWVNaW1

Score
10/10

Malware Config

Extracted

Family

tinyturlang

C2

https://thefinetreats.com/wp-content/themes/twentyseventeen/rss-old.php

https://hanagram.jp/wp/wp-content/themes/hanagram/rss-old.php

Signatures

  • Tinyturlang family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • turla.zip
    .zip

    Password: infected

  • 267071df79927abd1e57f57106924dd8a68e1c4ed74e7b69403cdcdf6e6a453b.exe
    .dll windows:6 windows x64 arch:x64

    Password: infected

    2240ae6f0dcbc0537836dfd9205a1f2b


    Headers

    Imports

    Exports

    Sections