Overview
overview
10Static
static
10Full Tool ...PS.zip
windows10-2004-x64
1Hit Sender...ib.dll
windows10-2004-x64
1Hit Sender...ib.dll
windows10-2004-x64
1Hit Sender...er.exe
windows10-2004-x64
10Hit Sender...rp.dll
windows10-2004-x64
1Hit Sender...er.dll
windows10-2004-x64
1IP Scanner...er.exe
windows10-2004-x64
7ScanIP.pyc
windows10-2004-x64
3KPort Scan...V3.exe
windows10-2004-x64
10KPort Scan...e4.dll
windows10-2004-x64
3KPort Scan...i4.dll
windows10-2004-x64
3KPort Scan...k4.dll
windows10-2004-x64
3MassScan/Input.txt
windows10-2004-x64
1MassScan/M...UI.exe
windows10-2004-x64
3MassScan/Packet.dll
windows10-2004-x64
3MassScan/_config.ini
windows10-2004-x64
1MassScan/masscan.exe
windows10-2004-x64
3MassScan/msvcr100.dll
windows10-2004-x64
3MassScan/w....3.exe
windows10-2004-x64
7$PLUGINSDIR/final.ini
windows10-2004-x64
1$PLUGINSDI...ns.ini
windows10-2004-x64
1MassScan/wpcap.dll
windows10-2004-x64
3NL Brute 2...te.exe
windows10-2004-x64
10NL Brute 2...gs.ini
windows10-2004-x64
1NL Brute 2...pu.exe
windows10-2004-x64
10ScanIP.exe
windows10-2004-x64
7ScanIP.pyc
windows10-2004-x64
3UsefulRDPScript.exe
windows10-2004-x64
7nVNC/bin/config.conf
windows10-2004-x64
3nVNC/input...ds.txt
windows10-2004-x64
1nVNC/nvnc.exe
windows10-2004-x64
7password.txt
windows10-2004-x64
1General
-
Target
Full Tool Scan VPS.zip
-
Size
43.0MB
-
Sample
240730-j8x9favgln
-
MD5
bf0186af3227da62aeb3db92c1e5182d
-
SHA1
3ca8b3b9e80bf08fffd1e9ccece85b4467af2889
-
SHA256
95991984767349d93e902eba0487e74688ea5678a92d75a8b50a0852bd215b28
-
SHA512
7592395ad64bc9e8ff2eea9127d99a3eeb8bb408d62ab105670ee5f5473bd9fa4027268bc0fc55a9920dd702e6692777851d42d6d807a6d85cbc59a34a295eb1
-
SSDEEP
786432:7Zz9QTeRXpXlJRRct8dl+ugoX0e+yPwGZGU30LTbQTeRXpXlJRRct8dlSFOiHW:7J9QqRZXXcol+3k0wpZtk/bQqRZXXcoH
Behavioral task
behavioral1
Sample
Full Tool Scan VPS.zip
Resource
win10v2004-20240729-en
Behavioral task
behavioral2
Sample
Hit Sender/AxInterop.MSTSCLib.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
Hit Sender/Interop.MSTSCLib.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral4
Sample
Hit Sender/NLBrute Hit Sender-Checker.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
Hit Sender/RestSharp.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral6
Sample
Hit Sender/SkinSoft.VisualStyler.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
IP Scanner (Thay thế cho MassScan chạy trên Guest hoặc không có quyền Administrator)/IP Scanner.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral8
Sample
ScanIP.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
KPort Scaner/KPortScan V3.exe
Resource
win10v2004-20240729-en
Behavioral task
behavioral10
Sample
KPort Scaner/QtCore4.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
KPort Scaner/QtGui4.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral12
Sample
KPort Scaner/QtNetwork4.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
MassScan/Input.txt
Resource
win10v2004-20240709-en
Behavioral task
behavioral14
Sample
MassScan/Massscan_GUI.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
MassScan/Packet.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral16
Sample
MassScan/_config.ini
Resource
win10v2004-20240729-en
Behavioral task
behavioral17
Sample
MassScan/masscan.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral18
Sample
MassScan/msvcr100.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
MassScan/winpcap-4.3.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/final.ini
Resource
win10v2004-20240704-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/options.ini
Resource
win10v2004-20240709-en
Behavioral task
behavioral22
Sample
MassScan/wpcap.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral23
Sample
NL Brute 2/NLBrute.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral24
Sample
NL Brute 2/settings.ini
Resource
win10v2004-20240709-en
Behavioral task
behavioral25
Sample
NL Brute 2/tối uu VPS ram cpu.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral26
Sample
ScanIP.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral27
Sample
ScanIP.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral28
Sample
UsefulRDPScript.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral29
Sample
nVNC/bin/config.conf
Resource
win10v2004-20240709-en
Behavioral task
behavioral30
Sample
nVNC/input/passwords.txt
Resource
win10v2004-20240709-en
Behavioral task
behavioral31
Sample
nVNC/nvnc.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral32
Sample
password.txt
Resource
win10v2004-20240709-en
Malware Config
Extracted
quasar
1.4.0
Office04
128.199.64.220:4782
a6aa1ddd-3810-492e-8728-facd9d5ede65
-
encryption_key
CB9F9A0F270F5BD4211B4E21054ED956F7A81814
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Full Tool Scan VPS.zip
-
Size
43.0MB
-
MD5
bf0186af3227da62aeb3db92c1e5182d
-
SHA1
3ca8b3b9e80bf08fffd1e9ccece85b4467af2889
-
SHA256
95991984767349d93e902eba0487e74688ea5678a92d75a8b50a0852bd215b28
-
SHA512
7592395ad64bc9e8ff2eea9127d99a3eeb8bb408d62ab105670ee5f5473bd9fa4027268bc0fc55a9920dd702e6692777851d42d6d807a6d85cbc59a34a295eb1
-
SSDEEP
786432:7Zz9QTeRXpXlJRRct8dl+ugoX0e+yPwGZGU30LTbQTeRXpXlJRRct8dlSFOiHW:7J9QqRZXXcol+3k0wpZtk/bQqRZXXcoH
Score1/10 -
-
-
Target
Hit Sender/AxInterop.MSTSCLib.dll
-
Size
360KB
-
MD5
0c7d8ecb8fb4b88fd42de85e30944826
-
SHA1
b8ca7c11063d58008f8b19cf93ebaab8245e616d
-
SHA256
0c1a7276c53d85feae0996fb2f4524e2aeffa78c96304bf25e70c68f123e5e94
-
SHA512
2d3078a0b583d9d4e5ebeaab4e3baa11e61f4988ff96bfa27152ea30d1e6374e704429f63f30ab6bfe72381830f5fd17e605f327ad9d2616d75ce0f336dc73e3
-
SSDEEP
3072:LZEKEcvukPhjyUG2p8wV0z6gWAkapSyS6hH+GC1Z5U8I:qwhjvGU0WgWAkaW6hH+GC1ZF
Score1/10 -
-
-
Target
Hit Sender/Interop.MSTSCLib.dll
-
Size
738KB
-
MD5
a2a32a9b5cf3a554c351073821f9e366
-
SHA1
3208bc1a1d4f526fd0abfad1ef7c3185f7d7b1d9
-
SHA256
f4d5ad2f9053a39f652831baa915e90645e6198b56817969e2cd45f6223c3a0c
-
SHA512
057373efd77d0744d60ab4ebe3bd6133e3edbc1e25137279398f84c254b1a400406954512f4252432daf6f4a8879611b05a694b23b643230b8f35578677f96be
-
SSDEEP
12288:iuF8zCZQHmtk76B4veVsjyJgXW9UrqxINQzitUn2BYL6l8szncUicKs8geyRli+p:iuF8zCZQHmtk76B4veVsjyJgXW9Urqxq
Score1/10 -
-
-
Target
Hit Sender/NLBrute Hit Sender-Checker.exe
-
Size
1.8MB
-
MD5
663627e9e7d0f30d41dc754cec70c2a9
-
SHA1
4f6562ee4c4a209e8ccdd894d5955909afc3498e
-
SHA256
59c8595468186da0d323b5a5fc0304b04412fe11bea16c11bdce5315502a8716
-
SHA512
b3184e56e9d9a9ae0bef34912c9e927e0dfdd100b7e36862e2a1f98af56bccb58fa23783cd9f42cbb663e70ba26835a24a27cca5e077b2d5e0a46ff1b8f412c3
-
SSDEEP
24576:0Yh9sKCs4uvW4jfb2K90oo+C8JwUZc0PY0yNuVC9Hbv50eFGPlfFZDO+:p/C7uRfbQswUZcSByYGv5ujZ7
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
-
-
Target
Hit Sender/RestSharp.dll
-
Size
186KB
-
MD5
ebb404b296276a65d85a13ce889a64ab
-
SHA1
2fe54894589988a7c3b0c752f4de9d84b3f21312
-
SHA256
37bf2a8815e1833153ff92d0bec3a1405f5c5f146884d0563a96bacd1b0074f9
-
SHA512
c0ba618cc6aa3987930598bf9557f6e2aa6657f72febdc034b07ac25c2682debeccac4940a27a8612c1b84c70e350e78d19e8928cac613cadc48e4fefada9f71
-
SSDEEP
3072:32SM9KBmXowyrg7h2Bk3uIRUgpOYx+fsh6ow4iDvmRBktpWaLJ1qbC:WbXDyG2GeyUglf6ow4iDoZ
Score1/10 -
-
-
Target
Hit Sender/SkinSoft.VisualStyler.dll
-
Size
1.0MB
-
MD5
69e6563e0e7ea843e9b37d58819f4136
-
SHA1
4aebf9955ba0d0b5205b6b013da634aa0281a25d
-
SHA256
f9fa9f508b9350ed12ed3aa5b7f24aed901a6434b1b02d1f0ee301b8eea54b06
-
SHA512
c883bcb3f6f2ac3f2fe88eed1356178ff2b43bdeed2188aa06f35cbc9dda8745a3a5c2d28d99daae5b6ea9af46abcae45b7bd4da13f318ba31062a8e8b79a942
-
SSDEEP
12288:OSVkAXRzNIYqsdMExMDj/iREVGx2G4dZJ25jad4NJQe5rkAf/e5rkp3gN372sx00:ZRz+YqsdMExMDj/iRHx2dJ7Wsx0
Score1/10 -
-
-
Target
IP Scanner (Thay thế cho MassScan chạy trên Guest hoặc không có quyền Administrator)/IP Scanner.exe
-
Size
12.3MB
-
MD5
57bf838c7b78b1d6382492047c5e58e7
-
SHA1
e9f399ec58e2435305193cd3685c99f87622cd42
-
SHA256
1ab440ef04f4b1396b6b6d6959887867f1b0f2b3c639b74920d3e7ad6fc64933
-
SHA512
4e3304333604dce2c7f2ae446102764fba815f97cc3264878a66b451a781fe7c44d1821089aa155be141e86c8f626da24cd5f19bc6b1ce6aadc35c3f215adc70
-
SSDEEP
196608:O1iODtjizE9onJ5hrZELte9tGPqKM48RmU/3ZlsPv2SEDTb5zTvN8CfZjAPaBk:bOD/9c5hlELdPNMtN3ZWjc3xTLjAS
Score7/10-
Loads dropped DLL
-
-
-
Target
ScanIP.pyc
-
Size
18KB
-
MD5
cd16eb87528c80abe96974b3c2aaeea9
-
SHA1
e4fe087d03e83e19d40e5d6e059702deb83119a2
-
SHA256
f32a839078e59e3a9ee7320b8dd6373a47042cf1612510ded58d7fe960d09e59
-
SHA512
00b3c1516183b2fa505cb4e9cf79de21621aeab2edf0a9af068983c503766707c83ce26c3ee01ac6f2a750f5ce55ae5b59dc0d8817534b83a02278605321b247
-
SSDEEP
384:yP6Xvqwoz4nMh0v8HiuVMTaYU76/zDqAWUMU06ozRDf94UYO0HQxifwr:8IvtoJh0v8HiuVMTaYU0duzRDpL0HBf+
Score3/10 -
-
-
Target
KPort Scaner/KPortScan V3.exe
-
Size
232KB
-
MD5
9e474178aff71d68f7b72fb186d6d763
-
SHA1
5eb3a66848515aed1cd9bb235dcb452e7470e5a2
-
SHA256
16c1e3fea0b086044036f402b5e00af9efd689417fe98fed51884539a4ad44bd
-
SHA512
ae41194fa85b4c5bb63f21e3218e62aa482d09b9fe3b4a3ea449c76d5d140abd232519abb563c70df3191d4be18b820af91c33842e1ed3459687fc2edb1593f2
-
SSDEEP
6144:k997OTkNPTqLIOt6r+9dEPlUIbrMOFTfM0OZhErjie0KK3m+nak:FTkNLlE3m+n
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Modifies system executable filetype association
-
-
-
Target
KPort Scaner/QtCore4.dll
-
Size
2.4MB
-
MD5
438717377b9df0f53f283c9e4aa722cc
-
SHA1
c413917dfcb816799613c6f86b55952c887ff711
-
SHA256
a679cf46e128d028de22fb9ed8432e5107e53f8e7e6fb7f5e169b3eeab8f000a
-
SHA512
03c10588ec47bce9b6c40fedffcaa775b84bb691450789000c17e7df02554036ee336d382524b35bfa67dbc4ae4b95d3d1807d61f46016427856f60850383f3f
-
SSDEEP
49152:vfGCzRdEZK8hyX2ntJsv6tWKFdu9CeTxLyvL/6mShMZtmjNUVrciV5P+7QVg07Tl:vf8KF2tJsv6tWKFdu9CIK
Score3/10 -
-
-
Target
KPort Scaner/QtGui4.dll
-
Size
8.0MB
-
MD5
37957facc9afbdfbd119c8372c9cf0e3
-
SHA1
1f5584ae75e947ffcbe00dc17bc423bf3f906ad0
-
SHA256
bf52fec00b4f640d07bea3850096cc77983fca518bbec8122997b7ca561205f1
-
SHA512
24ef6418f904b646d31912e0f350a0eb10147015bbd4b3710aba62c5a1da5d001600d9a381beb8d871d30cc0b07cf2fdb034f81f60810d8c14899cacdf68ad4d
-
SSDEEP
98304:ixT4yTZMEMrIJCZxMvwQoVgN1617/PO1IQlS4Xsmw2zZQvkfsnXWP:ixbZxDJ9vv7617VQlSesn
Score3/10 -
-
-
Target
KPort Scaner/QtNetwork4.dll
-
Size
982KB
-
MD5
5c6afae60414546cef0a9b759da93912
-
SHA1
928aba35960a17b9ee3a3e2f2f890b8aa6842e6b
-
SHA256
99757ec661fd7de3b22fb641f25cf1565aae13daf8d31c6686c6c7cbd2be6fc9
-
SHA512
bbd7aae541c5677317f68472c4be008164909f6395c43e554c4b070fb398ec680f496505644de0a706f831bc850e770c60c699d5aa0d5a7e0e19c5fc48e5c727
-
SSDEEP
12288:BQ4LHoNwBkUx/0RpieLY+EZ8R2/hGT/YOt2ck/qTpQ39NM7LMi7nR4djiz0R6H2j:zr/k60RpizZ83/T6CTeNuMwR4djip8L
Score3/10 -
-
-
Target
MassScan/Input.txt
-
Size
489KB
-
MD5
7b01fd9ff51e5bea6aca3a544c9d4027
-
SHA1
733583f4ce27ba035c4e50ab064c87a47a5b420b
-
SHA256
f3a7f49c9d7ac6bef80e10290e64d6d12ba76442a1f5a172cb86782f680a3da5
-
SHA512
a435da93ce677c6e723d6e8260d93cb67ea948ad4c29eb8b5dbba895cca69c52b64c1e7ea88db6802acf0b0529807a6c6d45aaff2061966d02deef8cadfb3547
-
SSDEEP
1536:z/2MuXAudynezohwapRDjOp5LjKdl7rGxRj7qRDTr5RVNAxhldkxpNFopJ9V0pxd:z/3PR
Score1/10 -
-
-
Target
MassScan/Massscan_GUI.exe
-
Size
334KB
-
MD5
7a6990bf78f3e2e835d3be85a2fea4ba
-
SHA1
9e2760e0c13d56cb744262b4fdef67e17ee08571
-
SHA256
37ff328175acd45ef27d3d339c3127a7612ad713fccd9c9aae01656dfbf13056
-
SHA512
ba2b8cd80613bff44c1624d6a17bae797b81fb53979f6a901850dac5e824483513cd312ff8a5aaa9d5eb3cf5c825785a7a53965692d2fb6274d22b6e62f9735c
-
SSDEEP
3072:eaxe0aX5Cw9Q56z456zB56zuIXk89V756zM:nanPj8X
Score3/10 -
-
-
Target
MassScan/Packet.dll
-
Size
94KB
-
MD5
1250bef11bfa086f772cd2a273bc036e
-
SHA1
bfb60b4072f4533d8497f3d90631f818e345bcc6
-
SHA256
6b19cffaa2bf4359be1a0130a1fb47ab45e8c3be5d0cb7986579c5e04e1d77a5
-
SHA512
76cbc346468d400c4e6a95b3c91abfec0a63a375aade6f47c70a3b3db76c513bcfd91ed2994059a6c8bdd6b266f9b17ecf11f9941481c7a2692925d2457f5bba
-
SSDEEP
1536:6wG9plhvRIRVC2wJAyPFCnPKc0z70yIKtIn8zVpWj:E9rjh5t9cZyIKtInb
Score3/10 -
-
-
Target
MassScan/_config.ini
-
Size
40B
-
MD5
c341de757f98498511390dd5d1ad655e
-
SHA1
f08b16c0b761a5cf8b27f37fddb0a12e913b10a3
-
SHA256
f7ae54907b897780e9b6d7de02523774707f813ac9c8b13c249fb9a36497a527
-
SHA512
691a33d533f2cb0499a3fe80c805459cba1b400e89ad5a19ca14510f648305c7a6106c76d653c41f4620685ec2a7711fac6c06d0b50bf0f1fa114484fee2f971
Score1/10 -
-
-
Target
MassScan/masscan.exe
-
Size
232KB
-
MD5
c50f3b0b23dfe5c66561bb9297bf7bbc
-
SHA1
5f14241aea174608a7c85127fdad042d7382277d
-
SHA256
de903a297afc249bb7d68fef6c885a4c945d740a487fe3e9144a8499a7094131
-
SHA512
33c557c53b4f65cde67bc0f6a7952822d194e0da262aa7d44c1d527ed300043ad1c06002cd42e69ad98ad2c7b62aa98d66ac0aa211ddfa97dde3e737da3f768f
-
SSDEEP
6144:9WQaNTimmz/EkPt1xeHP9mCeswbjnK6swOp9cL:vMTuz/Ek1eHP9KPf698
Score3/10 -
-
-
Target
MassScan/msvcr100.dll
-
Size
755KB
-
MD5
0e37fbfa79d349d672456923ec5fbbe3
-
SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
-
SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
-
SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
-
SSDEEP
12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score3/10 -
-
-
Target
MassScan/winpcap-4.3.exe
-
Size
423KB
-
MD5
ae26452c8b3d97ef2037521ac0dd3a8b
-
SHA1
3ad99ec2bf6cc4f947bb09be627c91f82a898aa8
-
SHA256
f28156a96be558dfb83a3d935223a127816ad124b94f92c499400c38078ad842
-
SHA512
f5012a9600542b46eca137f41d58d6a6d3071aa36ca2b4c0f0119639cdf051c0a0e597c674583c4ec5753f8368ca121282acbf084930d2b1f30671f2032448d9
-
SSDEEP
6144:MsNaGdmkMIdQQkpxYLcP+k471Xr4bjMxiW+D/xqfF3o2KCzDunki8m/VlidXTj2G:AG4kDdc8L4bQA5qt3CxnkLwlQFPcOLJ
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/final.ini
-
Size
278B
-
MD5
c462d044412a1accb4156157a4a2be8d
-
SHA1
5b57ec29b87f4793a7a2dcb6bf37be025d679af3
-
SHA256
34bad513ff13c6a293b218c794de823c51f6793fe87dcd980107653c50c95847
-
SHA512
c5ef0643dcd25ed37a351a3720e336b9f9d5391035244dd22e957ff6bba0f19d7d639be95ec118987c61500d84a3f02010bee844aedbfb6564d4b8d5a31e63ad
Score1/10 -
-
-
Target
$PLUGINSDIR/options.ini
-
Size
286B
-
MD5
bb4fc9d8ffcdf3df4d09895c9ba9e131
-
SHA1
2c159de8b59ce1546d67817d1283fdea9e04b6d5
-
SHA256
005fb79f152e3d696ae0d475d237c99970d8111e36f162ed3bf1de676abead6e
-
SHA512
f73c2972b24f987b4b7ff67fe4427cf8eb5edc4d5d3361f5b572fd870bd51847ecec8188d78f1e08eb80c6d7ff1279b97d30bba48549aa30026d32a68ba09550
Score1/10 -
-
-
Target
MassScan/wpcap.dll
-
Size
220KB
-
MD5
5c5561185a8751711156934585f002e8
-
SHA1
4bc6097e41191903fcec60b5b6363c857e2d25af
-
SHA256
4c2b690d8d9afaefc531d1fedcf2d067ffca8b7e2f99072014b6a6d8edfdc49c
-
SHA512
6cb133fb2b8adbf5a939dadb9ea62f9400999eecbb0fd7af07cb6350cb02f2bb9133db61140776ad79addd8574a6ab4d78236ac816e4bbe2f95cf3a77823b2fc
-
SSDEEP
3072:mHrZxq7dQ2qjbGO4eQ9KuuwN3Ch0kIrNsZ3Gva5aOlqPozwH:mHHqHb5eQEaN3O0kgyZ3j51
Score3/10 -
-
-
Target
NL Brute 2/NLBrute.exe
-
Size
7.8MB
-
MD5
baf8cba0953051c7062ac27a9d920a8e
-
SHA1
e56196210132b7bd5016b6d53650f25db57fe330
-
SHA256
a5657ce27cb25c81c84c019376b503f41a9bd00ee306e7bff2a027ccdbb84a57
-
SHA512
0448264051635b6ee63730e4c2319560b1536ede3bf966020cdf44c664955177acd39ecc0622f422db0b5e1fa4e7a351388b68df167740ba3d75e7d2c0aeacf3
-
SSDEEP
196608:w0p8Y4DFbBJ5dIa82Vou2j09a3XAydVdODHMD16UAsdf6:l8YwFV/dIa8wp2j09qXAyYDHMDYrsdi
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Modifies system executable filetype association
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
NL Brute 2/settings.ini
-
Size
137B
-
MD5
d4b8704ad19f6dc087aa074aceeb0069
-
SHA1
556c5825c155eeea7ba7f7052d71e80e453486a3
-
SHA256
d1af1390fe0d0872b0510b00473ed4fe52f851684ef2b4d4515c1981257e6722
-
SHA512
a873004fd8141c609b4d1453a48dc2443cc31f04262015d2ea48695b94825e8befb643ff848163f2f34cc3a85b4924babd6a0ec1ba92f07402539bb362755c28
Score1/10 -
-
-
Target
NL Brute 2/tối uu VPS ram cpu.exe
-
Size
502KB
-
MD5
f46feedbc1681f295b9dcb82286f59dc
-
SHA1
88884e4d37c285c2104291f1f870363e20c66169
-
SHA256
d2a79b6bc781b6faa62cc315cb103d60a2ef4d2d37325690da6ca6d61af84a64
-
SHA512
541ff3f0a018752b53810a64b3c3ec920fb1caa8b33e67870d0b481020012f4f59b48b79505a063633b2885adb1f107078ba28a41431011b7347a3fc12e458d4
-
SSDEEP
6144:JTEgdc0YvXAGbgiIN2RSB0WxCn4mQ44AkBcEqOb8FTySQUtPcTR3q:JTEgdfYnbgZl0da6pOGPcdq
-
Quasar payload
-
-
-
Target
ScanIP.exe
-
Size
12.3MB
-
MD5
57bf838c7b78b1d6382492047c5e58e7
-
SHA1
e9f399ec58e2435305193cd3685c99f87622cd42
-
SHA256
1ab440ef04f4b1396b6b6d6959887867f1b0f2b3c639b74920d3e7ad6fc64933
-
SHA512
4e3304333604dce2c7f2ae446102764fba815f97cc3264878a66b451a781fe7c44d1821089aa155be141e86c8f626da24cd5f19bc6b1ce6aadc35c3f215adc70
-
SSDEEP
196608:O1iODtjizE9onJ5hrZELte9tGPqKM48RmU/3ZlsPv2SEDTb5zTvN8CfZjAPaBk:bOD/9c5hlELdPNMtN3ZWjc3xTLjAS
Score7/10-
Loads dropped DLL
-
-
-
Target
ScanIP.pyc
-
Size
18KB
-
MD5
cd16eb87528c80abe96974b3c2aaeea9
-
SHA1
e4fe087d03e83e19d40e5d6e059702deb83119a2
-
SHA256
f32a839078e59e3a9ee7320b8dd6373a47042cf1612510ded58d7fe960d09e59
-
SHA512
00b3c1516183b2fa505cb4e9cf79de21621aeab2edf0a9af068983c503766707c83ce26c3ee01ac6f2a750f5ce55ae5b59dc0d8817534b83a02278605321b247
-
SSDEEP
384:yP6Xvqwoz4nMh0v8HiuVMTaYU76/zDqAWUMU06ozRDf94UYO0HQxifwr:8IvtoJh0v8HiuVMTaYU0duzRDpL0HBf+
Score3/10 -
-
-
Target
UsefulRDPScript.exe
-
Size
54KB
-
MD5
e1490e52e145fa12c7b4812b7937b2a7
-
SHA1
a1fac22bc179d84af24845e49649d2e9a9115b1e
-
SHA256
b1bce6bd95d8e53bd23030f9157dbf13103df0a9af6371ca73be38d044aad0bd
-
SHA512
9abefdb032ef833e7ba8bf3e09ded7ba37312aaa9bab88572070156e851cc32df4d4d2eda1f08f60c38deafa996baac76478820286cb31b0283f38f5486d2817
-
SSDEEP
1536:PEiBwAw/cGYQi1y2QNAx1FcLD12Qs7yGVd7UU2JSS/nouy8:lB9wUGYQN2XD6UdeZvout
-
-
-
Target
nVNC/bin/config.conf
-
Size
267B
-
MD5
9366898f4cb3e9f58da153b4def250d2
-
SHA1
7bceed4cc18e2784188309c7598a60244d6784e9
-
SHA256
fed90d42bcf95d742ab04e4f28f9fc990050f0455712dc7cb74a1a9e1b99b049
-
SHA512
039685f09b64eed5d6ac36b1e51ebb3605184e5e3441c87424f1853574265db03bdc4d8f0506bcbcd7bcb07d53dbd146dc32392041733f40d10c39ae0967421c
Score3/10 -
-
-
Target
nVNC/input/passwords.txt
-
Size
21KB
-
MD5
d0b86314bd9473e5b8b9ee7c6422e42b
-
SHA1
75f01eb81e93874d440a326b00768e65bf43245d
-
SHA256
3f0ef05d29d85b3b97ee356679f0a2dc21b774a05e052209231809755b1fea3b
-
SHA512
3c25399c8d4ac75e2f05184645da92234220f596bc14ab336176bdf346ec79c6c457dd0c90c6b3237d61be88a3bd2a14f96b52edeeb7e44b9298bee8316f202e
-
SSDEEP
384:jaF4gH0l8CqQpTMDm1AFyvIOA7+up0BdqNiO9A/IV2UMj80evMIw:jaF4blhqQ9M5FR/7+kC4UBZGvC
Score1/10 -
-
-
Target
nVNC/nvnc.exe
-
Size
3.5MB
-
MD5
97c7721005493d49de6c7e71fd29fb0c
-
SHA1
018d216371afa49370531c003b7196f042fb1bad
-
SHA256
001bbc6b9f01b1f5996eaf2e725ce8d367dc398f90e065848816758b1a2d1256
-
SHA512
335ce1d14621c2df023f87f80b08647bd153a5fd60c9d6bfcb47c40763128963659605dade9a9b9bfb93f74635b95ed3f529f8c7d8bee5f8a90df18fba6b304f
-
SSDEEP
98304:jQl+wlWly+maKZpZGvzydeH9JGPC7o0DtwlLxtPP7+1ug:jQlVxfPqzgMS4o0527Ng
Score7/10-
Loads dropped DLL
-
-
-
Target
password.txt
-
Size
5B
-
MD5
827ccb0eea8a706c4c34a16891f84e7b
-
SHA1
8cb2237d0679ca88db6464eac60da96345513964
-
SHA256
5994471abb01112afcc18159f6cc74b4f511b99806da59b3caf5a9c173cacfc5
-
SHA512
3627909a29c31381a071ec27f7c9ca97726182aed29a7ddd2e54353322cfb30abb9e3a6df2ac2c20fe23436311d678564d0c8d305930575f60e2d3d048184d79
Score1/10 -