Overview
overview
10Static
static
10Full Tool ...PS.zip
windows10-2004-x64
1Hit Sender...ib.dll
windows10-2004-x64
1Hit Sender...ib.dll
windows10-2004-x64
1Hit Sender...er.exe
windows10-2004-x64
10Hit Sender...rp.dll
windows10-2004-x64
1Hit Sender...er.dll
windows10-2004-x64
1IP Scanner...er.exe
windows10-2004-x64
7ScanIP.pyc
windows10-2004-x64
3KPort Scan...V3.exe
windows10-2004-x64
10KPort Scan...e4.dll
windows10-2004-x64
3KPort Scan...i4.dll
windows10-2004-x64
3KPort Scan...k4.dll
windows10-2004-x64
3MassScan/Input.txt
windows10-2004-x64
1MassScan/M...UI.exe
windows10-2004-x64
3MassScan/Packet.dll
windows10-2004-x64
3MassScan/_config.ini
windows10-2004-x64
1MassScan/masscan.exe
windows10-2004-x64
3MassScan/msvcr100.dll
windows10-2004-x64
3MassScan/w....3.exe
windows10-2004-x64
7$PLUGINSDIR/final.ini
windows10-2004-x64
1$PLUGINSDI...ns.ini
windows10-2004-x64
1MassScan/wpcap.dll
windows10-2004-x64
3NL Brute 2...te.exe
windows10-2004-x64
10NL Brute 2...gs.ini
windows10-2004-x64
1NL Brute 2...pu.exe
windows10-2004-x64
10ScanIP.exe
windows10-2004-x64
7ScanIP.pyc
windows10-2004-x64
3UsefulRDPScript.exe
windows10-2004-x64
7nVNC/bin/config.conf
windows10-2004-x64
3nVNC/input...ds.txt
windows10-2004-x64
1nVNC/nvnc.exe
windows10-2004-x64
7password.txt
windows10-2004-x64
1Analysis
-
max time kernel
1334s -
max time network
1158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240729-en -
resource tags
arch:x64arch:x86image:win10v2004-20240729-enlocale:en-usos:windows10-2004-x64system -
submitted
30-07-2024 08:20
Behavioral task
behavioral1
Sample
Full Tool Scan VPS.zip
Resource
win10v2004-20240729-en
Behavioral task
behavioral2
Sample
Hit Sender/AxInterop.MSTSCLib.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
Hit Sender/Interop.MSTSCLib.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral4
Sample
Hit Sender/NLBrute Hit Sender-Checker.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
Hit Sender/RestSharp.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral6
Sample
Hit Sender/SkinSoft.VisualStyler.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
IP Scanner (Thay thế cho MassScan chạy trên Guest hoặc không có quyền Administrator)/IP Scanner.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral8
Sample
ScanIP.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
KPort Scaner/KPortScan V3.exe
Resource
win10v2004-20240729-en
Behavioral task
behavioral10
Sample
KPort Scaner/QtCore4.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
KPort Scaner/QtGui4.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral12
Sample
KPort Scaner/QtNetwork4.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
MassScan/Input.txt
Resource
win10v2004-20240709-en
Behavioral task
behavioral14
Sample
MassScan/Massscan_GUI.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
MassScan/Packet.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral16
Sample
MassScan/_config.ini
Resource
win10v2004-20240729-en
Behavioral task
behavioral17
Sample
MassScan/masscan.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral18
Sample
MassScan/msvcr100.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
MassScan/winpcap-4.3.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/final.ini
Resource
win10v2004-20240704-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/options.ini
Resource
win10v2004-20240709-en
Behavioral task
behavioral22
Sample
MassScan/wpcap.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral23
Sample
NL Brute 2/NLBrute.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral24
Sample
NL Brute 2/settings.ini
Resource
win10v2004-20240709-en
Behavioral task
behavioral25
Sample
NL Brute 2/tối uu VPS ram cpu.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral26
Sample
ScanIP.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral27
Sample
ScanIP.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral28
Sample
UsefulRDPScript.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral29
Sample
nVNC/bin/config.conf
Resource
win10v2004-20240709-en
Behavioral task
behavioral30
Sample
nVNC/input/passwords.txt
Resource
win10v2004-20240709-en
Behavioral task
behavioral31
Sample
nVNC/nvnc.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral32
Sample
password.txt
Resource
win10v2004-20240709-en
General
-
Target
MassScan/_config.ini
-
Size
40B
-
MD5
c341de757f98498511390dd5d1ad655e
-
SHA1
f08b16c0b761a5cf8b27f37fddb0a12e913b10a3
-
SHA256
f7ae54907b897780e9b6d7de02523774707f813ac9c8b13c249fb9a36497a527
-
SHA512
691a33d533f2cb0499a3fe80c805459cba1b400e89ad5a19ca14510f648305c7a6106c76d653c41f4620685ec2a7711fac6c06d0b50bf0f1fa114484fee2f971
Malware Config
Signatures
-
Opens file in notepad (likely ransom note) 1 IoCs
Processes:
NOTEPAD.EXEpid process 3956 NOTEPAD.EXE
Processes
-
C:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\MassScan\_config.ini1⤵
- Opens file in notepad (likely ransom note)
PID:3956
-
C:\Windows\System32\Upfc.exeC:\Windows\System32\Upfc.exe /launchtype periodic /cv BxApXNFT8E2y/Q6bkS0ePA.01⤵PID:2956