Resubmissions
03-08-2024 03:16
240803-dse52awejb 1003-08-2024 03:15
240803-dr286swdrd 1003-08-2024 03:15
240803-drxcxs1fnj 1003-08-2024 03:14
240803-drpcba1fmq 1003-08-2024 03:14
240803-drh6aswdqd 1003-08-2024 03:12
240803-dqhs5swdmc 303-08-2024 03:08
240803-dm7m4awcpe 1003-08-2024 03:07
240803-dmj7sswcne 10Static task
static1
Behavioral task
behavioral1
Sample
df049efbfa7ac0b76c8daff5d792c550c7a7a24f6e9e887d01a01013c9caa763.zip
Resource
win11-20240802-en
Behavioral task
behavioral2
Sample
rBlbqI2.exe
Resource
win11-20240802-en
General
-
Target
df049efbfa7ac0b76c8daff5d792c550c7a7a24f6e9e887d01a01013c9caa763.zip
-
Size
229KB
-
MD5
e0532c3452c5de166144de85144ab86e
-
SHA1
a1ac8137db77d51f426500a89c5009adaf0313bf
-
SHA256
91312ac2c8fa00d56b7ce9839f8a2934620f69ef6043a0c177c810870d6edd92
-
SHA512
a5c6236e637d9717438cda12e85302302435ad5df6a2ef7a068f6c62c01b4e89a546023226364970d9e01e79455977cd12662eff4b30b4f001bb3520c2850176
-
SSDEEP
6144:UyrJsTTaZCw3vCznBbiKzt9LyKtDrobuuZaK+0+:UCJs6ZCd1tz/pu3/+
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/rBlbqI2.bin
Files
-
df049efbfa7ac0b76c8daff5d792c550c7a7a24f6e9e887d01a01013c9caa763.zip.zip
Password: infected
-
rBlbqI2.bin.exe windows:5 windows x86 arch:x86
Password: infected
9dd8c0ff4fc84287e5b766563240f983
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
RaiseException
GetLastError
MultiByteToWideChar
lstrlenA
InterlockedDecrement
GetProcAddress
LoadLibraryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
Module32Next
CloseHandle
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
CreateFileA
HeapFree
GetProcessHeap
HeapAlloc
GetCommandLineA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
FlushFileBuffers
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
ole32
OleInitialize
oleaut32
VariantInit
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreateVector
VariantClear
SysFreeString
SysAllocString
mscoree
CorBindToRuntimeEx
Sections
.text Size: 102KB - Virtual size: 101KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 155KB - Virtual size: 155KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ