Overview
overview
10Static
static
10Full Tool ...PS.zip
windows10-2004-x64
1Hit Sender...ib.dll
windows10-2004-x64
1Hit Sender...ib.dll
windows10-2004-x64
1Hit Sender...er.exe
windows10-2004-x64
10Hit Sender...rp.dll
windows10-2004-x64
1Hit Sender...er.dll
windows10-2004-x64
1IP Scanner...er.exe
windows10-2004-x64
7ScanIP.pyc
windows10-2004-x64
3KPort Scan...V3.exe
windows10-2004-x64
10KPort Scan...e4.dll
windows10-2004-x64
3KPort Scan...i4.dll
windows10-2004-x64
3KPort Scan...k4.dll
windows10-2004-x64
3MassScan/Input.txt
windows10-2004-x64
1MassScan/M...UI.exe
windows10-2004-x64
3MassScan/Packet.dll
windows10-2004-x64
3MassScan/_config.ini
windows10-2004-x64
1MassScan/masscan.exe
windows10-2004-x64
3MassScan/msvcr100.dll
windows10-2004-x64
3MassScan/w....3.exe
windows10-2004-x64
7$PLUGINSDIR/final.ini
windows10-2004-x64
1$PLUGINSDI...ns.ini
windows10-2004-x64
1MassScan/wpcap.dll
windows10-2004-x64
3NL Brute 2...te.exe
windows10-2004-x64
10NL Brute 2...gs.ini
windows10-2004-x64
1NL Brute 2...pu.exe
windows10-2004-x64
10ScanIP.exe
windows10-2004-x64
7ScanIP.pyc
windows10-2004-x64
3UsefulRDPScript.exe
windows10-2004-x64
7nVNC/bin/config.conf
windows10-2004-x64
3nVNC/input...ds.txt
windows10-2004-x64
1nVNC/nvnc.exe
windows10-2004-x64
7password.txt
windows10-2004-x64
1Analysis
-
max time kernel
1790s -
max time network
1166s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
30-07-2024 08:20
Behavioral task
behavioral1
Sample
Full Tool Scan VPS.zip
Resource
win10v2004-20240729-en
Behavioral task
behavioral2
Sample
Hit Sender/AxInterop.MSTSCLib.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
Hit Sender/Interop.MSTSCLib.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral4
Sample
Hit Sender/NLBrute Hit Sender-Checker.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
Hit Sender/RestSharp.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral6
Sample
Hit Sender/SkinSoft.VisualStyler.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
IP Scanner (Thay thế cho MassScan chạy trên Guest hoặc không có quyền Administrator)/IP Scanner.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral8
Sample
ScanIP.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
KPort Scaner/KPortScan V3.exe
Resource
win10v2004-20240729-en
Behavioral task
behavioral10
Sample
KPort Scaner/QtCore4.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
KPort Scaner/QtGui4.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral12
Sample
KPort Scaner/QtNetwork4.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
MassScan/Input.txt
Resource
win10v2004-20240709-en
Behavioral task
behavioral14
Sample
MassScan/Massscan_GUI.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
MassScan/Packet.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral16
Sample
MassScan/_config.ini
Resource
win10v2004-20240729-en
Behavioral task
behavioral17
Sample
MassScan/masscan.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral18
Sample
MassScan/msvcr100.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
MassScan/winpcap-4.3.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/final.ini
Resource
win10v2004-20240704-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/options.ini
Resource
win10v2004-20240709-en
Behavioral task
behavioral22
Sample
MassScan/wpcap.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral23
Sample
NL Brute 2/NLBrute.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral24
Sample
NL Brute 2/settings.ini
Resource
win10v2004-20240709-en
Behavioral task
behavioral25
Sample
NL Brute 2/tối uu VPS ram cpu.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral26
Sample
ScanIP.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral27
Sample
ScanIP.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral28
Sample
UsefulRDPScript.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral29
Sample
nVNC/bin/config.conf
Resource
win10v2004-20240709-en
Behavioral task
behavioral30
Sample
nVNC/input/passwords.txt
Resource
win10v2004-20240709-en
Behavioral task
behavioral31
Sample
nVNC/nvnc.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral32
Sample
password.txt
Resource
win10v2004-20240709-en
General
-
Target
UsefulRDPScript.exe
-
Size
54KB
-
MD5
e1490e52e145fa12c7b4812b7937b2a7
-
SHA1
a1fac22bc179d84af24845e49649d2e9a9115b1e
-
SHA256
b1bce6bd95d8e53bd23030f9157dbf13103df0a9af6371ca73be38d044aad0bd
-
SHA512
9abefdb032ef833e7ba8bf3e09ded7ba37312aaa9bab88572070156e851cc32df4d4d2eda1f08f60c38deafa996baac76478820286cb31b0283f38f5486d2817
-
SSDEEP
1536:PEiBwAw/cGYQi1y2QNAx1FcLD12Qs7yGVd7UU2JSS/nouy8:lB9wUGYQN2XD6UdeZvout
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral28/memory/3648-0-0x0000000000400000-0x000000000041F000-memory.dmp upx behavioral28/memory/3648-3-0x0000000000400000-0x000000000041F000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
UsefulRDPScript.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language UsefulRDPScript.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
UsefulRDPScript.exedescription pid process target process PID 3648 wrote to memory of 2996 3648 UsefulRDPScript.exe cmd.exe PID 3648 wrote to memory of 2996 3648 UsefulRDPScript.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\UsefulRDPScript.exe"C:\Users\Admin\AppData\Local\Temp\UsefulRDPScript.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3648 -
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\7733.tmp\7734.tmp\7735.bat C:\Users\Admin\AppData\Local\Temp\UsefulRDPScript.exe"2⤵PID:2996
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD578814a514c34812d96730e940f1e6333
SHA18f13c95b7048f32e708c7f0ae2764dd73fe9ba6b
SHA256adbbdb4da2905a476b84ef57390c51ee26617eba55802998e83ff5d33b92fdc7
SHA512d1dd81c1401c6024c358bfbefa38c4b459961ec354c5bffe25b3f390ca691a1b040b313aefcef537a79a14e3f20e8bfb0164e5ac2d4019bf6c9677ac41603f67