General

  • Target

    Full Tool Scan VPS.zip

  • Size

    43.0MB

  • Sample

    240730-j8x9favgln

  • MD5

    bf0186af3227da62aeb3db92c1e5182d

  • SHA1

    3ca8b3b9e80bf08fffd1e9ccece85b4467af2889

  • SHA256

    95991984767349d93e902eba0487e74688ea5678a92d75a8b50a0852bd215b28

  • SHA512

    7592395ad64bc9e8ff2eea9127d99a3eeb8bb408d62ab105670ee5f5473bd9fa4027268bc0fc55a9920dd702e6692777851d42d6d807a6d85cbc59a34a295eb1

  • SSDEEP

    786432:7Zz9QTeRXpXlJRRct8dl+ugoX0e+yPwGZGU30LTbQTeRXpXlJRRct8dlSFOiHW:7J9QqRZXXcol+3k0wpZtk/bQqRZXXcoH

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04

C2

128.199.64.220:4782

Mutex

a6aa1ddd-3810-492e-8728-facd9d5ede65

Attributes
  • encryption_key

    CB9F9A0F270F5BD4211B4E21054ED956F7A81814

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Full Tool Scan VPS.zip

    • Size

      43.0MB

    • MD5

      bf0186af3227da62aeb3db92c1e5182d

    • SHA1

      3ca8b3b9e80bf08fffd1e9ccece85b4467af2889

    • SHA256

      95991984767349d93e902eba0487e74688ea5678a92d75a8b50a0852bd215b28

    • SHA512

      7592395ad64bc9e8ff2eea9127d99a3eeb8bb408d62ab105670ee5f5473bd9fa4027268bc0fc55a9920dd702e6692777851d42d6d807a6d85cbc59a34a295eb1

    • SSDEEP

      786432:7Zz9QTeRXpXlJRRct8dl+ugoX0e+yPwGZGU30LTbQTeRXpXlJRRct8dlSFOiHW:7J9QqRZXXcol+3k0wpZtk/bQqRZXXcoH

    Score
    1/10
    • Target

      Hit Sender/AxInterop.MSTSCLib.dll

    • Size

      360KB

    • MD5

      0c7d8ecb8fb4b88fd42de85e30944826

    • SHA1

      b8ca7c11063d58008f8b19cf93ebaab8245e616d

    • SHA256

      0c1a7276c53d85feae0996fb2f4524e2aeffa78c96304bf25e70c68f123e5e94

    • SHA512

      2d3078a0b583d9d4e5ebeaab4e3baa11e61f4988ff96bfa27152ea30d1e6374e704429f63f30ab6bfe72381830f5fd17e605f327ad9d2616d75ce0f336dc73e3

    • SSDEEP

      3072:LZEKEcvukPhjyUG2p8wV0z6gWAkapSyS6hH+GC1Z5U8I:qwhjvGU0WgWAkaW6hH+GC1ZF

    Score
    1/10
    • Target

      Hit Sender/Interop.MSTSCLib.dll

    • Size

      738KB

    • MD5

      a2a32a9b5cf3a554c351073821f9e366

    • SHA1

      3208bc1a1d4f526fd0abfad1ef7c3185f7d7b1d9

    • SHA256

      f4d5ad2f9053a39f652831baa915e90645e6198b56817969e2cd45f6223c3a0c

    • SHA512

      057373efd77d0744d60ab4ebe3bd6133e3edbc1e25137279398f84c254b1a400406954512f4252432daf6f4a8879611b05a694b23b643230b8f35578677f96be

    • SSDEEP

      12288:iuF8zCZQHmtk76B4veVsjyJgXW9UrqxINQzitUn2BYL6l8szncUicKs8geyRli+p:iuF8zCZQHmtk76B4veVsjyJgXW9Urqxq

    Score
    1/10
    • Target

      Hit Sender/NLBrute Hit Sender-Checker.exe

    • Size

      1.8MB

    • MD5

      663627e9e7d0f30d41dc754cec70c2a9

    • SHA1

      4f6562ee4c4a209e8ccdd894d5955909afc3498e

    • SHA256

      59c8595468186da0d323b5a5fc0304b04412fe11bea16c11bdce5315502a8716

    • SHA512

      b3184e56e9d9a9ae0bef34912c9e927e0dfdd100b7e36862e2a1f98af56bccb58fa23783cd9f42cbb663e70ba26835a24a27cca5e077b2d5e0a46ff1b8f412c3

    • SSDEEP

      24576:0Yh9sKCs4uvW4jfb2K90oo+C8JwUZc0PY0yNuVC9Hbv50eFGPlfFZDO+:p/C7uRfbQswUZcSByYGv5ujZ7

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      Hit Sender/RestSharp.dll

    • Size

      186KB

    • MD5

      ebb404b296276a65d85a13ce889a64ab

    • SHA1

      2fe54894589988a7c3b0c752f4de9d84b3f21312

    • SHA256

      37bf2a8815e1833153ff92d0bec3a1405f5c5f146884d0563a96bacd1b0074f9

    • SHA512

      c0ba618cc6aa3987930598bf9557f6e2aa6657f72febdc034b07ac25c2682debeccac4940a27a8612c1b84c70e350e78d19e8928cac613cadc48e4fefada9f71

    • SSDEEP

      3072:32SM9KBmXowyrg7h2Bk3uIRUgpOYx+fsh6ow4iDvmRBktpWaLJ1qbC:WbXDyG2GeyUglf6ow4iDoZ

    Score
    1/10
    • Target

      Hit Sender/SkinSoft.VisualStyler.dll

    • Size

      1.0MB

    • MD5

      69e6563e0e7ea843e9b37d58819f4136

    • SHA1

      4aebf9955ba0d0b5205b6b013da634aa0281a25d

    • SHA256

      f9fa9f508b9350ed12ed3aa5b7f24aed901a6434b1b02d1f0ee301b8eea54b06

    • SHA512

      c883bcb3f6f2ac3f2fe88eed1356178ff2b43bdeed2188aa06f35cbc9dda8745a3a5c2d28d99daae5b6ea9af46abcae45b7bd4da13f318ba31062a8e8b79a942

    • SSDEEP

      12288:OSVkAXRzNIYqsdMExMDj/iREVGx2G4dZJ25jad4NJQe5rkAf/e5rkp3gN372sx00:ZRz+YqsdMExMDj/iRHx2dJ7Wsx0

    Score
    1/10
    • Target

      IP Scanner (Thay thế cho MassScan chạy trên Guest hoặc không có quyền Administrator)/IP Scanner.exe

    • Size

      12.3MB

    • MD5

      57bf838c7b78b1d6382492047c5e58e7

    • SHA1

      e9f399ec58e2435305193cd3685c99f87622cd42

    • SHA256

      1ab440ef04f4b1396b6b6d6959887867f1b0f2b3c639b74920d3e7ad6fc64933

    • SHA512

      4e3304333604dce2c7f2ae446102764fba815f97cc3264878a66b451a781fe7c44d1821089aa155be141e86c8f626da24cd5f19bc6b1ce6aadc35c3f215adc70

    • SSDEEP

      196608:O1iODtjizE9onJ5hrZELte9tGPqKM48RmU/3ZlsPv2SEDTb5zTvN8CfZjAPaBk:bOD/9c5hlELdPNMtN3ZWjc3xTLjAS

    Score
    7/10
    • Loads dropped DLL

    • Target

      ScanIP.pyc

    • Size

      18KB

    • MD5

      cd16eb87528c80abe96974b3c2aaeea9

    • SHA1

      e4fe087d03e83e19d40e5d6e059702deb83119a2

    • SHA256

      f32a839078e59e3a9ee7320b8dd6373a47042cf1612510ded58d7fe960d09e59

    • SHA512

      00b3c1516183b2fa505cb4e9cf79de21621aeab2edf0a9af068983c503766707c83ce26c3ee01ac6f2a750f5ce55ae5b59dc0d8817534b83a02278605321b247

    • SSDEEP

      384:yP6Xvqwoz4nMh0v8HiuVMTaYU76/zDqAWUMU06ozRDf94UYO0HQxifwr:8IvtoJh0v8HiuVMTaYU0duzRDpL0HBf+

    Score
    3/10
    • Target

      KPort Scaner/KPortScan V3.exe

    • Size

      232KB

    • MD5

      9e474178aff71d68f7b72fb186d6d763

    • SHA1

      5eb3a66848515aed1cd9bb235dcb452e7470e5a2

    • SHA256

      16c1e3fea0b086044036f402b5e00af9efd689417fe98fed51884539a4ad44bd

    • SHA512

      ae41194fa85b4c5bb63f21e3218e62aa482d09b9fe3b4a3ea449c76d5d140abd232519abb563c70df3191d4be18b820af91c33842e1ed3459687fc2edb1593f2

    • SSDEEP

      6144:k997OTkNPTqLIOt6r+9dEPlUIbrMOFTfM0OZhErjie0KK3m+nak:FTkNLlE3m+n

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      KPort Scaner/QtCore4.dll

    • Size

      2.4MB

    • MD5

      438717377b9df0f53f283c9e4aa722cc

    • SHA1

      c413917dfcb816799613c6f86b55952c887ff711

    • SHA256

      a679cf46e128d028de22fb9ed8432e5107e53f8e7e6fb7f5e169b3eeab8f000a

    • SHA512

      03c10588ec47bce9b6c40fedffcaa775b84bb691450789000c17e7df02554036ee336d382524b35bfa67dbc4ae4b95d3d1807d61f46016427856f60850383f3f

    • SSDEEP

      49152:vfGCzRdEZK8hyX2ntJsv6tWKFdu9CeTxLyvL/6mShMZtmjNUVrciV5P+7QVg07Tl:vf8KF2tJsv6tWKFdu9CIK

    Score
    3/10
    • Target

      KPort Scaner/QtGui4.dll

    • Size

      8.0MB

    • MD5

      37957facc9afbdfbd119c8372c9cf0e3

    • SHA1

      1f5584ae75e947ffcbe00dc17bc423bf3f906ad0

    • SHA256

      bf52fec00b4f640d07bea3850096cc77983fca518bbec8122997b7ca561205f1

    • SHA512

      24ef6418f904b646d31912e0f350a0eb10147015bbd4b3710aba62c5a1da5d001600d9a381beb8d871d30cc0b07cf2fdb034f81f60810d8c14899cacdf68ad4d

    • SSDEEP

      98304:ixT4yTZMEMrIJCZxMvwQoVgN1617/PO1IQlS4Xsmw2zZQvkfsnXWP:ixbZxDJ9vv7617VQlSesn

    Score
    3/10
    • Target

      KPort Scaner/QtNetwork4.dll

    • Size

      982KB

    • MD5

      5c6afae60414546cef0a9b759da93912

    • SHA1

      928aba35960a17b9ee3a3e2f2f890b8aa6842e6b

    • SHA256

      99757ec661fd7de3b22fb641f25cf1565aae13daf8d31c6686c6c7cbd2be6fc9

    • SHA512

      bbd7aae541c5677317f68472c4be008164909f6395c43e554c4b070fb398ec680f496505644de0a706f831bc850e770c60c699d5aa0d5a7e0e19c5fc48e5c727

    • SSDEEP

      12288:BQ4LHoNwBkUx/0RpieLY+EZ8R2/hGT/YOt2ck/qTpQ39NM7LMi7nR4djiz0R6H2j:zr/k60RpizZ83/T6CTeNuMwR4djip8L

    Score
    3/10
    • Target

      MassScan/Input.txt

    • Size

      489KB

    • MD5

      7b01fd9ff51e5bea6aca3a544c9d4027

    • SHA1

      733583f4ce27ba035c4e50ab064c87a47a5b420b

    • SHA256

      f3a7f49c9d7ac6bef80e10290e64d6d12ba76442a1f5a172cb86782f680a3da5

    • SHA512

      a435da93ce677c6e723d6e8260d93cb67ea948ad4c29eb8b5dbba895cca69c52b64c1e7ea88db6802acf0b0529807a6c6d45aaff2061966d02deef8cadfb3547

    • SSDEEP

      1536:z/2MuXAudynezohwapRDjOp5LjKdl7rGxRj7qRDTr5RVNAxhldkxpNFopJ9V0pxd:z/3PR

    Score
    1/10
    • Target

      MassScan/Massscan_GUI.exe

    • Size

      334KB

    • MD5

      7a6990bf78f3e2e835d3be85a2fea4ba

    • SHA1

      9e2760e0c13d56cb744262b4fdef67e17ee08571

    • SHA256

      37ff328175acd45ef27d3d339c3127a7612ad713fccd9c9aae01656dfbf13056

    • SHA512

      ba2b8cd80613bff44c1624d6a17bae797b81fb53979f6a901850dac5e824483513cd312ff8a5aaa9d5eb3cf5c825785a7a53965692d2fb6274d22b6e62f9735c

    • SSDEEP

      3072:eaxe0aX5Cw9Q56z456zB56zuIXk89V756zM:nanPj8X

    Score
    3/10
    • Target

      MassScan/Packet.dll

    • Size

      94KB

    • MD5

      1250bef11bfa086f772cd2a273bc036e

    • SHA1

      bfb60b4072f4533d8497f3d90631f818e345bcc6

    • SHA256

      6b19cffaa2bf4359be1a0130a1fb47ab45e8c3be5d0cb7986579c5e04e1d77a5

    • SHA512

      76cbc346468d400c4e6a95b3c91abfec0a63a375aade6f47c70a3b3db76c513bcfd91ed2994059a6c8bdd6b266f9b17ecf11f9941481c7a2692925d2457f5bba

    • SSDEEP

      1536:6wG9plhvRIRVC2wJAyPFCnPKc0z70yIKtIn8zVpWj:E9rjh5t9cZyIKtInb

    Score
    3/10
    • Target

      MassScan/_config.ini

    • Size

      40B

    • MD5

      c341de757f98498511390dd5d1ad655e

    • SHA1

      f08b16c0b761a5cf8b27f37fddb0a12e913b10a3

    • SHA256

      f7ae54907b897780e9b6d7de02523774707f813ac9c8b13c249fb9a36497a527

    • SHA512

      691a33d533f2cb0499a3fe80c805459cba1b400e89ad5a19ca14510f648305c7a6106c76d653c41f4620685ec2a7711fac6c06d0b50bf0f1fa114484fee2f971

    Score
    1/10
    • Target

      MassScan/masscan.exe

    • Size

      232KB

    • MD5

      c50f3b0b23dfe5c66561bb9297bf7bbc

    • SHA1

      5f14241aea174608a7c85127fdad042d7382277d

    • SHA256

      de903a297afc249bb7d68fef6c885a4c945d740a487fe3e9144a8499a7094131

    • SHA512

      33c557c53b4f65cde67bc0f6a7952822d194e0da262aa7d44c1d527ed300043ad1c06002cd42e69ad98ad2c7b62aa98d66ac0aa211ddfa97dde3e737da3f768f

    • SSDEEP

      6144:9WQaNTimmz/EkPt1xeHP9mCeswbjnK6swOp9cL:vMTuz/Ek1eHP9KPf698

    Score
    3/10
    • Target

      MassScan/msvcr100.dll

    • Size

      755KB

    • MD5

      0e37fbfa79d349d672456923ec5fbbe3

    • SHA1

      4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

    • SHA256

      8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

    • SHA512

      2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

    • SSDEEP

      12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z

    Score
    3/10
    • Target

      MassScan/winpcap-4.3.exe

    • Size

      423KB

    • MD5

      ae26452c8b3d97ef2037521ac0dd3a8b

    • SHA1

      3ad99ec2bf6cc4f947bb09be627c91f82a898aa8

    • SHA256

      f28156a96be558dfb83a3d935223a127816ad124b94f92c499400c38078ad842

    • SHA512

      f5012a9600542b46eca137f41d58d6a6d3071aa36ca2b4c0f0119639cdf051c0a0e597c674583c4ec5753f8368ca121282acbf084930d2b1f30671f2032448d9

    • SSDEEP

      6144:MsNaGdmkMIdQQkpxYLcP+k471Xr4bjMxiW+D/xqfF3o2KCzDunki8m/VlidXTj2G:AG4kDdc8L4bQA5qt3CxnkLwlQFPcOLJ

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/final.ini

    • Size

      278B

    • MD5

      c462d044412a1accb4156157a4a2be8d

    • SHA1

      5b57ec29b87f4793a7a2dcb6bf37be025d679af3

    • SHA256

      34bad513ff13c6a293b218c794de823c51f6793fe87dcd980107653c50c95847

    • SHA512

      c5ef0643dcd25ed37a351a3720e336b9f9d5391035244dd22e957ff6bba0f19d7d639be95ec118987c61500d84a3f02010bee844aedbfb6564d4b8d5a31e63ad

    Score
    1/10
    • Target

      $PLUGINSDIR/options.ini

    • Size

      286B

    • MD5

      bb4fc9d8ffcdf3df4d09895c9ba9e131

    • SHA1

      2c159de8b59ce1546d67817d1283fdea9e04b6d5

    • SHA256

      005fb79f152e3d696ae0d475d237c99970d8111e36f162ed3bf1de676abead6e

    • SHA512

      f73c2972b24f987b4b7ff67fe4427cf8eb5edc4d5d3361f5b572fd870bd51847ecec8188d78f1e08eb80c6d7ff1279b97d30bba48549aa30026d32a68ba09550

    Score
    1/10
    • Target

      MassScan/wpcap.dll

    • Size

      220KB

    • MD5

      5c5561185a8751711156934585f002e8

    • SHA1

      4bc6097e41191903fcec60b5b6363c857e2d25af

    • SHA256

      4c2b690d8d9afaefc531d1fedcf2d067ffca8b7e2f99072014b6a6d8edfdc49c

    • SHA512

      6cb133fb2b8adbf5a939dadb9ea62f9400999eecbb0fd7af07cb6350cb02f2bb9133db61140776ad79addd8574a6ab4d78236ac816e4bbe2f95cf3a77823b2fc

    • SSDEEP

      3072:mHrZxq7dQ2qjbGO4eQ9KuuwN3Ch0kIrNsZ3Gva5aOlqPozwH:mHHqHb5eQEaN3O0kgyZ3j51

    Score
    3/10
    • Target

      NL Brute 2/NLBrute.exe

    • Size

      7.8MB

    • MD5

      baf8cba0953051c7062ac27a9d920a8e

    • SHA1

      e56196210132b7bd5016b6d53650f25db57fe330

    • SHA256

      a5657ce27cb25c81c84c019376b503f41a9bd00ee306e7bff2a027ccdbb84a57

    • SHA512

      0448264051635b6ee63730e4c2319560b1536ede3bf966020cdf44c664955177acd39ecc0622f422db0b5e1fa4e7a351388b68df167740ba3d75e7d2c0aeacf3

    • SSDEEP

      196608:w0p8Y4DFbBJ5dIa82Vou2j09a3XAydVdODHMD16UAsdf6:l8YwFV/dIa8wp2j09qXAyYDHMDYrsdi

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      NL Brute 2/settings.ini

    • Size

      137B

    • MD5

      d4b8704ad19f6dc087aa074aceeb0069

    • SHA1

      556c5825c155eeea7ba7f7052d71e80e453486a3

    • SHA256

      d1af1390fe0d0872b0510b00473ed4fe52f851684ef2b4d4515c1981257e6722

    • SHA512

      a873004fd8141c609b4d1453a48dc2443cc31f04262015d2ea48695b94825e8befb643ff848163f2f34cc3a85b4924babd6a0ec1ba92f07402539bb362755c28

    Score
    1/10
    • Target

      NL Brute 2/tối uu VPS ram cpu.exe

    • Size

      502KB

    • MD5

      f46feedbc1681f295b9dcb82286f59dc

    • SHA1

      88884e4d37c285c2104291f1f870363e20c66169

    • SHA256

      d2a79b6bc781b6faa62cc315cb103d60a2ef4d2d37325690da6ca6d61af84a64

    • SHA512

      541ff3f0a018752b53810a64b3c3ec920fb1caa8b33e67870d0b481020012f4f59b48b79505a063633b2885adb1f107078ba28a41431011b7347a3fc12e458d4

    • SSDEEP

      6144:JTEgdc0YvXAGbgiIN2RSB0WxCn4mQ44AkBcEqOb8FTySQUtPcTR3q:JTEgdfYnbgZl0da6pOGPcdq

    • Target

      ScanIP.exe

    • Size

      12.3MB

    • MD5

      57bf838c7b78b1d6382492047c5e58e7

    • SHA1

      e9f399ec58e2435305193cd3685c99f87622cd42

    • SHA256

      1ab440ef04f4b1396b6b6d6959887867f1b0f2b3c639b74920d3e7ad6fc64933

    • SHA512

      4e3304333604dce2c7f2ae446102764fba815f97cc3264878a66b451a781fe7c44d1821089aa155be141e86c8f626da24cd5f19bc6b1ce6aadc35c3f215adc70

    • SSDEEP

      196608:O1iODtjizE9onJ5hrZELte9tGPqKM48RmU/3ZlsPv2SEDTb5zTvN8CfZjAPaBk:bOD/9c5hlELdPNMtN3ZWjc3xTLjAS

    Score
    7/10
    • Loads dropped DLL

    • Target

      ScanIP.pyc

    • Size

      18KB

    • MD5

      cd16eb87528c80abe96974b3c2aaeea9

    • SHA1

      e4fe087d03e83e19d40e5d6e059702deb83119a2

    • SHA256

      f32a839078e59e3a9ee7320b8dd6373a47042cf1612510ded58d7fe960d09e59

    • SHA512

      00b3c1516183b2fa505cb4e9cf79de21621aeab2edf0a9af068983c503766707c83ce26c3ee01ac6f2a750f5ce55ae5b59dc0d8817534b83a02278605321b247

    • SSDEEP

      384:yP6Xvqwoz4nMh0v8HiuVMTaYU76/zDqAWUMU06ozRDf94UYO0HQxifwr:8IvtoJh0v8HiuVMTaYU0duzRDpL0HBf+

    Score
    3/10
    • Target

      UsefulRDPScript.exe

    • Size

      54KB

    • MD5

      e1490e52e145fa12c7b4812b7937b2a7

    • SHA1

      a1fac22bc179d84af24845e49649d2e9a9115b1e

    • SHA256

      b1bce6bd95d8e53bd23030f9157dbf13103df0a9af6371ca73be38d044aad0bd

    • SHA512

      9abefdb032ef833e7ba8bf3e09ded7ba37312aaa9bab88572070156e851cc32df4d4d2eda1f08f60c38deafa996baac76478820286cb31b0283f38f5486d2817

    • SSDEEP

      1536:PEiBwAw/cGYQi1y2QNAx1FcLD12Qs7yGVd7UU2JSS/nouy8:lB9wUGYQN2XD6UdeZvout

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      nVNC/bin/config.conf

    • Size

      267B

    • MD5

      9366898f4cb3e9f58da153b4def250d2

    • SHA1

      7bceed4cc18e2784188309c7598a60244d6784e9

    • SHA256

      fed90d42bcf95d742ab04e4f28f9fc990050f0455712dc7cb74a1a9e1b99b049

    • SHA512

      039685f09b64eed5d6ac36b1e51ebb3605184e5e3441c87424f1853574265db03bdc4d8f0506bcbcd7bcb07d53dbd146dc32392041733f40d10c39ae0967421c

    Score
    3/10
    • Target

      nVNC/input/passwords.txt

    • Size

      21KB

    • MD5

      d0b86314bd9473e5b8b9ee7c6422e42b

    • SHA1

      75f01eb81e93874d440a326b00768e65bf43245d

    • SHA256

      3f0ef05d29d85b3b97ee356679f0a2dc21b774a05e052209231809755b1fea3b

    • SHA512

      3c25399c8d4ac75e2f05184645da92234220f596bc14ab336176bdf346ec79c6c457dd0c90c6b3237d61be88a3bd2a14f96b52edeeb7e44b9298bee8316f202e

    • SSDEEP

      384:jaF4gH0l8CqQpTMDm1AFyvIOA7+up0BdqNiO9A/IV2UMj80evMIw:jaF4blhqQ9M5FR/7+kC4UBZGvC

    Score
    1/10
    • Target

      nVNC/nvnc.exe

    • Size

      3.5MB

    • MD5

      97c7721005493d49de6c7e71fd29fb0c

    • SHA1

      018d216371afa49370531c003b7196f042fb1bad

    • SHA256

      001bbc6b9f01b1f5996eaf2e725ce8d367dc398f90e065848816758b1a2d1256

    • SHA512

      335ce1d14621c2df023f87f80b08647bd153a5fd60c9d6bfcb47c40763128963659605dade9a9b9bfb93f74635b95ed3f529f8c7d8bee5f8a90df18fba6b304f

    • SSDEEP

      98304:jQl+wlWly+maKZpZGvzydeH9JGPC7o0DtwlLxtPP7+1ug:jQlVxfPqzgMS4o0527Ng

    Score
    7/10
    • Loads dropped DLL

    • Target

      password.txt

    • Size

      5B

    • MD5

      827ccb0eea8a706c4c34a16891f84e7b

    • SHA1

      8cb2237d0679ca88db6464eac60da96345513964

    • SHA256

      5994471abb01112afcc18159f6cc74b4f511b99806da59b3caf5a9c173cacfc5

    • SHA512

      3627909a29c31381a071ec27f7c9ca97726182aed29a7ddd2e54353322cfb30abb9e3a6df2ac2c20fe23436311d678564d0c8d305930575f60e2d3d048184d79

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

pyinstalleroffice04upxneshtaquasar
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

neshtadiscoverypersistencespywarestealer
Score
10/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
7/10

behavioral8

Score
3/10

behavioral9

neshtadiscoverypersistencespywarestealer
Score
10/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

Score
1/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

Score
1/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
7/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

discovery
Score
3/10

behavioral23

neshtadiscoveryevasionpersistencespywarestealer
Score
10/10

behavioral24

Score
1/10

behavioral25

quasaroffice04spywaretrojan
Score
10/10

behavioral26

Score
7/10

behavioral27

Score
3/10

behavioral28

discoveryupx
Score
7/10

behavioral29

Score
3/10

behavioral30

Score
1/10

behavioral31

discovery
Score
7/10

behavioral32

Score
1/10