General

  • Target

    PAIcom.rar

  • Size

    244.0MB

  • Sample

    240829-hb9erszenq

  • MD5

    4cdc65513823a633ee5f1c576b93137f

  • SHA1

    fddbd5873965acd4055bf66c1a68bbecf958526f

  • SHA256

    19296eb9830d79b73295a7126dca332bbeb702b9cf4a2f806f89f0962af721de

  • SHA512

    164ec68a4decb52b207317c1f1d029caa715c89493d6228292425092cb881299bc763bc983e5bd9c981a039f54988872d36cd044163fa710b32376fbd5d18df3

  • SSDEEP

    6291456:8MuHNLs2ffM8KfCV+DXANHbGavvMmXKbcVUUj5lzwE43c2b0yvI:fuHRzMNG+DwRbTMma0UUHcE435b0yvI

Score
7/10

Malware Config

Targets

    • Target

      PAIcom/PAIcom/Commands.exe

    • Size

      26.4MB

    • MD5

      33798ad56d6d67185564f0f019cc900b

    • SHA1

      e2b8be8a5c4421e7416a3d9d5525eceeec4fc33b

    • SHA256

      c635654a58b7fb9c51ee5d76faedc1f53f92da9b3b2de66a369760e1d78fcf03

    • SHA512

      25e3aef882cdf0f253efae8c2accab98fa47e4853c6ef45859001431a7ac55fda992f7478c2d70b38254707dc16f1f9a62319a78838050663e8c4d588c5c22eb

    • SSDEEP

      393216:UKhvE4jIizm33wREw+TJR7jIizm33wREw+TJRpCjIizm33wREw+TJR:Umc4jaA4JR7jaA4JRkjaA4JR

    Score
    7/10
    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      PAIcom/PAIcom/Guna.UI.dll

    • Size

      620KB

    • MD5

      8845f94e4d8778b218326f448a2c36ae

    • SHA1

      cafe090dc1e4ad6e7a10d9f9ffc234ebfccd8c27

    • SHA256

      89175777fea2c8cf638173b9019731b01efe394a6c80a596012a767b0a10eb30

    • SHA512

      f46a94a448ca04fcc3bbfb0af8c38ea0f994f6a24e82fe2b27442062b3f031f1d6222fec6cccc05b8d01fe39a3d8d0fcce1452331dab7d2e01a931d093e3c59e

    • SSDEEP

      6144:g5iT6oKOEfZ/SuFlcH/1oq6uyT9rKvbKefPiPv3LfuDX8VSF8NpXU:p+oKGIcHxyT1CbKOPGvbfmRqxU

    Score
    1/10
    • Target

      PAIcom/PAIcom/PAIcom-Debug.exe

    • Size

      500KB

    • MD5

      99704e067859ccdc79bfe8b0dd82d028

    • SHA1

      aacfff319573448136bc011776f64d88c4633419

    • SHA256

      e837085873d6dadead55017efb7ccf2f3cb53d608b23340c9bcc3cb1c7f58d7c

    • SHA512

      1b833b4a1e3fb7e9440687f6d95eb1cac9b6df8e4ba066998789f12fc771179b2ea2e61d1e82a70b0503f21a292c14708c2980cc49dd0d0f98ca3b441dc46efd

    • SSDEEP

      12288:MZEBZMZGdJ+C1fjoUpg6URJJkM7tQ5qTWlL++gdHkIjcRb:MZEBGZWsCpjoUdikM7tQGe

    Score
    3/10
    • Target

      PAIcom/PAIcom/PAIcom.exe

    • Size

      59.8MB

    • MD5

      8cda69ad7ddbefb27fc0896e186c5dde

    • SHA1

      038ba33b62a71b4d234bca6f36fc854f32212287

    • SHA256

      ce4c19e71cc81384379846b79cbc4e3153d8b639355b4b95fa8cad32b28589af

    • SHA512

      2bb40ae549a9dbcd257e61a7e5640843b83f327d51f42d4a2790ec7513356445c9d6e221e8edf58a77bcecd9722e091003526c120bc0f045739296f8ada6e636

    • SSDEEP

      1572864:SEExeiBvL4+a8Jv+tODgsCkYphN4C+iVwUTJ2:SZ4oU4JW8yFNnv9T

    Score
    6/10
    • Legitimate hosting services abused for malware hosting/C2

    • Target

      PAIcom/PAIcom/chrome.bat

    • Size

      23B

    • MD5

      e3f471d7ff9e231036ebd4433823f10e

    • SHA1

      9163ae67e2d9ea37a27a5eb335cf216eb1304ad1

    • SHA256

      5b2e24c08279e3891a486c5a63b30262e592800f58f58651c73a0d7b00238bac

    • SHA512

      504714ee51573b998cdf84e3f3a0db9671cb67b73e89b779fdd54cd902b791eb2d44883380f1f59c9e0569f6ec97f30ef18345c143240d36c19e22908c909d23

    Score
    1/10
    • Target

      PAIcom/PAIcom/commands.bat

    • Size

      80B

    • MD5

      1a3a28a2e36ad5cbc3526ec2978f8654

    • SHA1

      5e4ab39a83e9267822a8455be3df4bed5a0f20a7

    • SHA256

      7935d34499196acf5ebcc14d16ddca59ba22e85c46458fad7604a2d46a398120

    • SHA512

      dfb2b0d2d44edc223488c479e93d4e4b682954094cab012bff2a36e5a3e855cb613d4f16f2178dac0db43e7455de77d6bb1dd29e8207422b8a131b582f0e5d90

    Score
    1/10
    • Target

      PAIcom/PAIcom/exit.bat

    • Size

      23B

    • MD5

      27377e613c1cea099ef2ffd3198ab730

    • SHA1

      310a2a657c490106c26b665a5a2cba891f1fb6e3

    • SHA256

      17e55524045d62522bb85244e891964d4b20c026b11b2426a18795b4d1e44f5f

    • SHA512

      ef87a7fbb5640d4a521c66600358b80d360026bd10cff8dbc732121f588ed2eb40864c92d387682ede23cbc036ff07a89573bbda04e6dea1f07f34fce8ef6d14

    Score
    1/10
    • Target

      PAIcom/PAIcom/invisible.bat

    • Size

      49B

    • MD5

      741dfab74afe3e291f5ea5fbde92cc07

    • SHA1

      72ac991bfb1dcb8c48bcccc0d1c28b9e18e7a0f4

    • SHA256

      273a67a2c31f24d48f78b425c33384b8683f7f69d240d238f1fd84d77ffa8e77

    • SHA512

      6d1fc255910c1699884ef5575b43ab1b7d04726212f01206a8b5fc0a77238e5181fa09c4a436281fb3e18f4bec312cd7b0a458dd4285356d9065f87a5f9b6d36

    Score
    1/10
    • Target

      PAIcom/PAIcom/mod-helper.exe

    • Size

      432KB

    • MD5

      6f3e60c61934d832d7c1a93a803343b2

    • SHA1

      c3ea3dec969f2c5c74e5beb043e7aa555f62c999

    • SHA256

      0ca5312c7c777f2136cb95c49cf8f8160f89abcae00b0ca1a844626beee6341c

    • SHA512

      f837fb68e93980eebb78a80966515547325614810793f6060cd4aa54aaa548074e85f44522b68c015a393e96b76d210cce74f4dc1a62d86663b08d7dccf6c77a

    • SSDEEP

      6144:gzGNA8LrGKDoU8NA8LrGKDoU8NA8LrGKDoUP:8s8d8d8

    Score
    3/10
    • Target

      PAIcom/PAIcom/mute.exe

    • Size

      1.3MB

    • MD5

      aaf297274650e6ada9a174a2cd13eee9

    • SHA1

      2d0790b136ae314650c178ad00a91f2f50cc8535

    • SHA256

      95fd0e7e4ae30ce3b0c000c07bb97057ea2a211926132e993ebe6835365b6db6

    • SHA512

      5b31c5be0964ae8774953f29106f856aac6ff904285b32f7aca84268786a031522ce95b065af316023c000fc8149a8818192601d8a6e064c2f6ec678a802407e

    • SSDEEP

      24576:jVavLoNBTA/aqztcrIEoul9WPAbJxOWA5hLjOKQZuoc1/8j4kzUuqSoR:jVavLoTTA/aqztcrIEoul9WPAbJxOWwW

    Score
    1/10
    • Target

      PAIcom/PAIcom/online.bat

    • Size

      46B

    • MD5

      9bd5395d26615107df280433a30c3bdb

    • SHA1

      57961025310ff8e7ff0d0cd209f85290d3821366

    • SHA256

      094ba85653d892350bc074864ef3089c83127891f6abe91f1fd82390ec33fdbd

    • SHA512

      0d319d467221fd4b57479342dd31097922e943a0267712c1bbe5ffa02fb9437cd802f8773ad802e68a9be598d4b179ab831b3c157f24d293c468b4a463d7e8b1

    Score
    1/10
    • Target

      PAIcom/PAIcom/privileges.exe

    • Size

      1.2MB

    • MD5

      6f256948e600cf051d082be1645233fe

    • SHA1

      e56713abea655ba30e2005755deb292987bb32c8

    • SHA256

      d55c89ab6cf5bf0a7823666d5081bbba6b7dcf2ecbc3991cc4367fa08b2bd7a5

    • SHA512

      5a9ecfd324e4e5e429b0b10a1b3de64efdd0d5dbe222cbca54acc447fd1f07ff802ae9ed40099df3562ea2a34d091bea71103834440e028d7741721e4e5f468c

    • SSDEEP

      24576:kYWfmde3WThB+faXexi41hmVxg1gb/tbP8e8SplH70yPh:rWfmde0IfNxS3/tb8e8SXJ

    Score
    1/10
    • Target

      PAIcom/PAIcom/skins.exe

    • Size

      12.2MB

    • MD5

      c518b106d322a31d2f608a9c97f57e67

    • SHA1

      dc10e43d8af64eccf13115e2b5dae25eb3e019a2

    • SHA256

      b79403a0495b916ec3a3153bba1fdbdd49f74c20eabd64adf34480699ce8f8b2

    • SHA512

      2b7e4d5590917ff780c06d306012cd7bf76b116fc0f141a9ac99f8b4d16016d731d0e8c886090225975dbd1d23c66f75a683f55ae9cfb8354156d22f0d000d92

    • SSDEEP

      196608:kMqWkmeGOejqygprDJPAX9a2FIxRnp9MOJsSwYi9uSKNvawcbSZIe:xA79ygprDJPC9FIxhBSRY1Nwbat

    Score
    3/10
    • Target

      PAIcom/PAIcom/smug.bat

    • Size

      43B

    • MD5

      976cacad1d9c690f63b5450f5e79bc3b

    • SHA1

      c08734f1383c762e394004aeb4b67d4553c74601

    • SHA256

      8e15940c3bde3e855b964a1c265cf19847f1e11138e1c49dcd7e059f19a81c90

    • SHA512

      98235c28da1bd9dc8522bce40ae929b9635f98495c092883406b1245d7293728810a8c5c3a6f8a7d6ba718e73a97019ddb3399f9f0a42ff7c50f671b4db6b27e

    Score
    1/10
    • Target

      PAIcom/PAIcom/steam.bat

    • Size

      34B

    • MD5

      beb642d83777b5632d01b12f1b7de945

    • SHA1

      7c72da4c48fe178a87aacc3031db420f30183b63

    • SHA256

      93d4ef7b160ded75ea681ac114100ec28ecbd4f8b44762d33b39449954ac70cf

    • SHA512

      3e82498954dd98dea227184415006c7d7be5db11f66a8129d4262fc9c9ca048c1b520d41179bc8ab036a90409ecf7a4cf6898d9cad5aed3e417fdc5a4bce54f2

    Score
    1/10
    • Target

      PAIcom/PAIcom/steam2.bat

    • Size

      47B

    • MD5

      56b59bd7c9c7ba59edc8378fceca6421

    • SHA1

      c55a2b05ef71c2fbffac043759931ff96c1a8f8d

    • SHA256

      4393211c9336b80c7b0535a8200190a9bcbeecdca404fdb175ab38b38b324c1f

    • SHA512

      3cbc5a37cf2c183167e27c3a1e35b4f4490c1c1fa941dbf475aaae84494c17fec5ba24e5783c00e2d544647443bada60293a8a98fec005dd41645314cf0b0225

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

agilenet
Score
7/10

behavioral1

agilenetdiscovery
Score
7/10

behavioral2

agilenetdiscovery
Score
7/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
6/10

behavioral8

discovery
Score
6/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10