Overview

overview

6

Static

static

3

PlaceOpen/...le.bat

windows10-1703-x64

1

PlaceOpen/...ls.exe

windows10-1703-x64

6

PlaceOpen/...er.bat

windows10-1703-x64

3

PlaceOpen/...er.bat

windows10-1703-x64

1

PlaceOpen/...V2.bat

windows10-1703-x64

1

PlaceOpen/...MD.bat

windows10-1703-x64

1

PlaceOpen/...MD.exe

windows10-1703-x64

PlaceOpen/...es.bat

windows10-1703-x64

1

PlaceOpen/...es.exe

windows10-1703-x64

6

PlaceOpen/...ch.bat

windows10-1703-x64

1

PlaceOpen/...me.bat

windows10-1703-x64

1

PlaceOpen/...me.bat

windows10-1703-x64

1

PlaceOpen/...ss.bat

windows10-1703-x64

3

PlaceOpen/...en.bat

windows10-1703-x64

1

PlaceOpen/...es.bat

windows10-1703-x64

1

PlaceOpen/...es.exe

windows10-1703-x64

PlaceOpen/...er.bat

windows10-1703-x64

1

PlaceOpen/...er.bat

windows10-1703-x64

1

PlaceOpen/...ipt.js

windows10-1703-x64

3

PlaceOpen/...x.html

windows10-1703-x64

4

PlaceOpen/...ver.js

windows10-1703-x64

3

PlaceOpen/...ok.bat

windows10-1703-x64

1

PlaceOpen/...k2.bat

windows10-1703-x64

3

PlaceOpen/...s1.bat

windows10-1703-x64

1

PlaceOpen/...x.html

windows10-1703-x64

4

PlaceOpen/...ot.bat

windows10-1703-x64

1

PlaceOpen/...nt.bat

windows10-1703-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    PlaceOpen.rar

  • Size

    611KB

  • MD5

    eeee89744da068384d10b560fec9c3cf

  • SHA1

    17817422b034732cdaa71e6e9a3f3bce818f7809

  • SHA256

    2e620aacd1b96b7c7a7861f239e38dbe776aa5aad5f333865a409cf716a70e85

  • SHA512

    eb24860171ff1e5c307125041b33793082fec52fd99d86c9ca37a00f15bfd6e40cdbe5bda1c0aabae67f411974bd4243b421fd1021210bc4132f476b786067ab

  • SSDEEP

    12288:CRFRLD2WKkpf3qrCWQMeNbgaZiViE2i+Q/nsrk5DiGeWaGHM:o35KkRqrCWCNUaI4A30Y5DkMs

Score
3/10

Malware Config

Signatures

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • PlaceOpen.rar
    .rar
  • PlaceOpen/PlaceOpen/BatToExeFile.bat
  • PlaceOpen/PlaceOpen/Danger app .exe/Roblox Tools.exe
    .exe windows:10 windows x64 arch:x64

    4cea7ae85c87ddc7295d39ff9cda31d1


    Headers

    Imports

    Sections

  • PlaceOpen/PlaceOpen/batch 1v danger/BlenderKeyBinds.txt
  • PlaceOpen/PlaceOpen/batch 1v danger/DisQuest Executor.rar
    .rar
  • PlaceOpen/PlaceOpen/batch 1v danger/Learning.txt
  • PlaceOpen/PlaceOpen/batch 1v danger/TextLogger.bat
    .bat .ps1
  • PlaceOpen/PlaceOpen/batch harmless/CookieLogger.bat
  • PlaceOpen/PlaceOpen/batch harmless/Fake Virus/ExecuteCMD/ExecuteCMD.V2.bat
  • PlaceOpen/PlaceOpen/batch harmless/Fake Virus/ExecuteCMD/ExecuteCMD.bat
  • PlaceOpen/PlaceOpen/batch harmless/Fake Virus/ExecuteCMD/ExecuteCMD.bat.txt
  • PlaceOpen/PlaceOpen/batch harmless/Fake Virus/ExecuteCMD/ExecuteCMD.exe
  • PlaceOpen/PlaceOpen/batch harmless/Fake Virus/ExecuteCMD/pls donate hack.txt
  • PlaceOpen/PlaceOpen/batch harmless/Fake Virus/ProtecterFiles/ProtecterFiles.bat
  • PlaceOpen/PlaceOpen/batch harmless/Fake Virus/ProtecterFiles/ProtecterFiles.exe
    .exe windows:10 windows x64 arch:x64

    4cea7ae85c87ddc7295d39ff9cda31d1


    Headers

    Imports

    Sections

  • PlaceOpen/PlaceOpen/batch harmless/Games/MinecraftMadeWithBatch.bat
  • PlaceOpen/PlaceOpen/batch harmless/Games/Shootgame.bat
  • PlaceOpen/PlaceOpen/batch harmless/Games/Shooting Game.bat
    .bat .vbs
  • PlaceOpen/PlaceOpen/batch harmless/GetIPAddress.bat
    .bat .vbs
  • PlaceOpen/PlaceOpen/batch harmless/Joke Gen..txt
  • PlaceOpen/PlaceOpen/batch harmless/Joke Gen.bat
  • PlaceOpen/PlaceOpen/batch harmless/ProtecterFiles.bat
  • PlaceOpen/PlaceOpen/batch harmless/ProtecterFiles.exe
  • PlaceOpen/PlaceOpen/batch harmless/Random Fortune Teller.bat
  • PlaceOpen/PlaceOpen/batch harmless/Timer.bat
  • PlaceOpen/PlaceOpen/batch harmless/Website/Script.js
    .js
  • PlaceOpen/PlaceOpen/batch harmless/Website/publicindex.html.html
    .html
  • PlaceOpen/PlaceOpen/batch harmless/Website/server.js
  • PlaceOpen/PlaceOpen/batch harmless/Website/styles.css
  • PlaceOpen/PlaceOpen/batch harmless/discord_webhook.bat
    .bat .vbs
  • PlaceOpen/PlaceOpen/batch harmless/discord_webhook2.bat
  • PlaceOpen/PlaceOpen/batch harmless/discord_webhookfiles1.bat
    .bat .vbs
  • PlaceOpen/PlaceOpen/batch harmless/publicindex.html
    .html
  • PlaceOpen/PlaceOpen/batch harmless/robot.bat
  • PlaceOpen/PlaceOpen/malware/New Text Document.bat
    .bat .vbs