3d4c345b9b6c298b218274cfe2141b2f2842b113534a557100c1671a8b7edb76

Sharing

Copy URL

Twitter E-mail

General

Target

Malware_pack_2.zip
Size

62.5MB
Sample

240907-vzzaxsxeqd
MD5

ab07bd7fa8fae3d6a772bceead6f6139
SHA1

eb6264f322b43a5efda1916aa22a017f08a3306c
SHA256

3d4c345b9b6c298b218274cfe2141b2f2842b113534a557100c1671a8b7edb76
SHA512

74d7f15603f2eb09b8ea577fc378efa47afb5417aaa54f88a2b425a5650e6d6f2db1a3aca1fa9df4dffe287dc50d64cdd790704eb1d1cb187913f28c8f9046a9
SSDEEP

1572864:EflnQbz0AkYG9iWbxDl7P7+Ph56glTbRrQlmW7C:gu/k/9iml7P7+PqobFQlLC

Score

9^/10

Malware Config

Targets

- Target
  
  Malware_pack_2.zip
- Size
  
  62.5MB
- MD5
  
  ab07bd7fa8fae3d6a772bceead6f6139
- SHA1
  
  eb6264f322b43a5efda1916aa22a017f08a3306c
- SHA256
  
  3d4c345b9b6c298b218274cfe2141b2f2842b113534a557100c1671a8b7edb76
- SHA512
  
  74d7f15603f2eb09b8ea577fc378efa47afb5417aaa54f88a2b425a5650e6d6f2db1a3aca1fa9df4dffe287dc50d64cdd790704eb1d1cb187913f28c8f9046a9
- SSDEEP
  
  1572864:EflnQbz0AkYG9iWbxDl7P7+Ph56glTbRrQlmW7C:gu/k/9iml7P7+PqobFQlLC
Score

1^/10
behavioral1
- Target
  
  Malware_pack_2/000.zip
- Size
  
  119KB
- MD5
  
  d113bd83e59586dd8f1843bdb9b98ee0
- SHA1
  
  6c203d91d5184dade63dbab8aecbdfaa8a5402ab
- SHA256
  
  9d3fe04d88c401178165f7fbdf307ac0fb690cc5fef8b70ee7f380307d4748f8
- SHA512
  
  0e763ff972068d2d9946a2659968e0f78945e9bf9a73090ec81f2a6f96ac9b43a240544455068d41afa327035b20b0509bb1ad79a28147b6375ed0c0cf3efec5
- SSDEEP
  
  3072:QxpL6ECUOVjuZ6HwZ3KMh8N73lLrKG+PE9g4CN33:2961UwjuDZn65nxIE9y33
Score

1^/10
behavioral2
- Target
  
  Malware_pack_2/Antivirus Platinum.zip
- Size
  
  699KB
- MD5
  
  ff84853a0f564152bd0b98d3fa63e695
- SHA1
  
  47d628d279de8a0d47534f93fa5b046bb7f4c991
- SHA256
  
  3aaa9e8ea7c213575fd3ac4ec004629b4ede0de06e243f6aad3cf2403e65d3f2
- SHA512
  
  9ea41fe0652832e25fe558c6d97e9f9f85ccd8a5f4d00dbcc1525a20a953fbd76efb64d69ce0fdd53c2747159d68fcb4ac0fa340e0253b5401aebc7fb3774feb
- SSDEEP
  
  12288:pKAT6gPoHT7CzZy7fmzVyaF3zA0mKz8doC3m/LuXCC32H+REYWzTdjhoMlX1Q4QM:2gPoHT7CtEfwyaFDAjKz8Bm/LYC+3uYi
Score

1^/10
behavioral3
- Target
  
  Malware_pack_2/ColorBug.zip
- Size
  
  28KB
- MD5
  
  34071c621da9508f92696709d71bb30a
- SHA1
  
  5817a14b8da5da5aecd59f5016c2b02fbbe2f631
- SHA256
  
  ff2e6648e019087c2ec3c0f9eab548a761122b696caca171ab88e414ba5615cd
- SHA512
  
  eb4c3b5ce9a4d6e979565d44c1a1432272bd2b9d1b83ca6b03ddc9982a5a6c341126ba71bbfd0e8d443ffa93265b6d205c187f586ff0bcb708965d2db6c98b45
- SSDEEP
  
  384:Z6HvcubW5F4mPGngeY4S8kep2sx1skClNcnK5VYeymm7/rrYC8Feuumu+lZRmdV5:Z6Pcu65SfY4SdsCbWVjOuGR2l
Score

3^/10

execution
behavioral4
- Target
  
  Malware_pack_2/DesktopPuzzle.zip
- Size
  
  121KB
- MD5
  
  6ec216cae1f0e898635d296bbb1a7539
- SHA1
  
  8725949a62c581e4c55d7338dcf3f67997840278
- SHA256
  
  431b9b7321f734a3f11b23e638199ff1f0d9abe9374ec299484d9e47f20b4ee2
- SHA512
  
  b619a5e8ccc0473d99453108085b1678a75dc816bbeb1d5301cd265ff8aee18e214d4e7b877d0d5d13921238d45581cb89021c4dbfb9ba2f3bddb4d4f297ddfe
- SSDEEP
  
  3072:01kEMS3saEQjgn5hxLSYS+Bj3RAY+lslaDmf1Uswq6CYft89z:01caEQjgxK+fZlBHYftKz
Score

1^/10
behavioral5
- Target
  
  Malware_pack_2/FakeActivation.zip
- Size
  
  275KB
- MD5
  
  6db8a7da4e8dc527d445b7a37d02d5d6
- SHA1
  
  4fcc7cff8b49a834858d8c6016c3c6f109c9c794
- SHA256
  
  7cc43d4259f9dbe6806e1c067ebd1784eaaf56a026047d9380be944b71e5b984
- SHA512
  
  b1b4269da8a0648747c4eee7a26619b29d8d1182fe12446c780091fef205a7b5e6fb93c9b74c710cca5d2e69600579b9d470e31a32689ecc570d0c4bbe4fe718
- SSDEEP
  
  6144:slA1Q2B6SIHODfBeO6706bWyFyA3tvZqfgP6mJJtkvnBM1KgHWR:iCQ2B3IHO1e3WeGoHJJtkvnBOi
Score

1^/10
behavioral6
- Target
  
  Malware_pack_2/Happy Antivirus.zip
- Size
  
  1.6MB
- MD5
  
  974918541aa75f380aa6cb4d8bd3c4bd
- SHA1
  
  d0a6a3a301cf5330b00281ee8ff04ed9c3455fc7
- SHA256
  
  d703fc0de3f07684528bc1931479815a4b9cd7b66fedbb753ca21314a6a300d6
- SHA512
  
  db829bba3372a6e452d03d24e998ee91d28e3816c9d1a8d81330d450b24dc695e15d2612ec69729beafb28d95271ba55b6be8b95dbe7f4b15f4f65bf5b5279b5
- SSDEEP
  
  49152:pe9rvkVDuuk8/JWXY/+XyxN7kHBRcuA7/:pedkVDuuk8/YIsy7AHE
Score

1^/10
behavioral7
- Target
  
  Malware_pack_2/InternetSecurityGuard.zip
- Size
  
  2.5MB
- MD5
  
  c5afbb8da79525ba74aa0fdc5bb5d17a
- SHA1
  
  19a7bb8f31f40592c350555eb450924193aa5aef
- SHA256
  
  5f3c2e1ad778441373cbfdc5d07884376175a9409e260e60edd292a95f9bc4ca
- SHA512
  
  36cd962ae3c4c0bec993a1c379130ffbd5ef475e234e4ccfebd51f4e52ff6861bc3c1ee6ab20df4e8a1b04f4ba7f2f9437c9bcfbad9573cffc74a4680ddec589
- SSDEEP
  
  49152:TYlQo7QjNMZJRM4KEInWDwuK9fhCvLtoLCd:COjN6M4nU9p2toud
Score

1^/10
behavioral8
- Target
  
  Malware_pack_2/MEMZ 3.0 (1).zip
- Size
  
  15KB
- MD5
  
  230d7dcb83b67deff379a563abbbd536
- SHA1
  
  dc032d6a626f57b542613fde876715765e0b1a42
- SHA256
  
  a9cd3d966d453afd424d9ac54df414b80073bb51d249f4089185976fb316e254
- SHA512
  
  7dff68e3f9be9320872ccb105b2e87f15b23807af96ca195a38a249d868468632c3d5811d9a51295ec89fe702d821c9466f93994993951d1238f07f096fb7d77
- SSDEEP
  
  384:+gTgSLZ5WpPu3944wiiNIw2nbI6B/PvpITFkvbWa:+cvLZ5n9Sb9ytp6kl
Score

1^/10
behavioral9
- Target
  
  MEMZ 3.0/MEMZ.bat
- Size
  
  12KB
- MD5
  
  13a43c26bb98449fd82d2a552877013a
- SHA1
  
  71eb7dc393ac1f204488e11f5c1eef56f1e746af
- SHA256
  
  5f52365accb76d679b2b3946870439a62eb8936b9a0595f0fb0198138106b513
- SHA512
  
  602518b238d80010fa88c2c88699f70645513963ef4f148a0345675738cf9b0c23b9aeb899d9f7830cc1e5c7e9c7147b2dc4a9222770b4a052ee0c879062cd5a
- SSDEEP
  
  384:nnLhRNiqt0kCH2LR0GPXxGiZgCz+KG/yKhLdW79HOli+lz3:nLhRN9t0SR4iZtzlREBWhuF
Score

7^/10

bootkit discovery execution persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral10
- Target
  
  MEMZ 3.0/MEMZ.exe
- Size
  
  12KB
- MD5
  
  a7bcf7ea8e9f3f36ebfb85b823e39d91
- SHA1
  
  761168201520c199dba68add3a607922d8d4a86e
- SHA256
  
  3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
- SHA512
  
  89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
- SSDEEP
  
  192:HMDLTxWDf/pl3cIEiwqZKBktLe3P+qf2jhP6B5b2yL3:H4IDH3cIqqvUWq+jhyT2yL
Score

7^/10

bootkit discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral11
- Target
  
  Malware_pack_2/Movie.mpeg.zip
- Size
  
  375KB
- MD5
  
  711743bfcffbc075f3df90412d33b1f4
- SHA1
  
  5a8157aea7d2b424f07673597be661a44517e653
- SHA256
  
  0c5bb6b0098682f3cc63b95bd2f218d6186bd8f4e322b3a048107f20602afb2b
- SHA512
  
  969e3699b5ccbf70c19c251e487b843160f8a24f284b85a6ac96e917114f0bf45eac8f3bff8837a66c4fdcbf6f71ae4e11e81317f7f89e03b5dc468ce2fefff2
- SSDEEP
  
  6144:zk0gUeiDOm+YiE8ZtuKsFcxWSmycwbZFa3fPPG7ye3B95/HqXTVF5Ca0s4V:w0gUeKCZjsjSlXVF2e7y2rvqDPEaP4
Score

1^/10
behavioral12
- Target
  
  Malware_pack_2/NavaShield.zip
- Size
  
  9.3MB
- MD5
  
  b05e1b131299f3d57323bdca54b00570
- SHA1
  
  82ebeb46687e7b285f588c056e52ccaab87e464d
- SHA256
  
  3adb8147e461a11add25101d78205b61b54b6993022c8014b9a55b3197ca39c9
- SHA512
  
  35580e1580cc2dc5a50afdb1e3453517fa3955f7737c177a83bf2bbb9d000a7a5f060b032200e0440c4478400ac8b1788e018fc7c88ed150b96282146e2f2457
- SSDEEP
  
  196608:RIqrrCcUdFJp1YNYbsVNCpsF98DOV9Qz7FFEClC6j2LzfFXkoZc1kXa:FCcUdFX5gNL8oQz7FFECl3j2ffF0L1Ua
Score

1^/10
behavioral13
- Target
  
  Malware_pack_2/Petya.A.zip
- Size
  
  128KB
- MD5
  
  1559522c34054e5144fe68ee98c29e61
- SHA1
  
  ff80eeb6bcf4498c9ff38c252be2726e65c10c34
- SHA256
  
  e99651aa5c5dcf9128adc8da685f1295b959f640a173098d07018b030d529509
- SHA512
  
  6dab1f391ab1bea12b799fcfb56d70cfbdbde05ad350b53fcb782418495fad1c275fe1a40f9edd238473c3d532b4d87948bddd140e5912f14aff4293be6e4b4c
- SSDEEP
  
  3072:7P2YmowJWNmYv5lnTc8R+igbpBgBXtzXW4Dg/PJLDEuUYBAald:r2YnzNmYBlI8hgdBgBXpXxDg/PJLDEH4
Score

1^/10
behavioral14
- Target
  
  Malware_pack_2/Security Central.zip
- Size
  
  882KB
- MD5
  
  32e630865a498a6fe5bf4d8dd593dccd
- SHA1
  
  05217c896a53c77c7f751de72875a7315232c293
- SHA256
  
  62243c2840d5fbeef1cce73dbe4929727afe174968b91faba3848b89ab550d7f
- SHA512
  
  baa4ba5e61406848bcd2683fbd8d480c0ab22954af9b9933284dfc4fb2e9361fe0244efae3ce9d171b5510b8030bb510fe788d8ae3fe476b29fc8cea815ac244
- SSDEEP
  
  24576:+EH0fyd4HKpzkOSWV6Lgn+DRGEZGXDyg+6:DRd4qpIOSWVYg+DUNzL
Score

1^/10
behavioral15
- Target
  
  Malware_pack_2/Security Defender 2015.zip
- Size
  
  459KB
- MD5
  
  1e23b530fefbf0e4c6696ce8a0874081
- SHA1
  
  585ae1e314118bd4cbf15d2a66a6b708d2e46735
- SHA256
  
  5daf5731d28583a37a7d574d1d32ca89e2ed2dcc448cf0ebcdc6d43bc4981a92
- SHA512
  
  2312469eb3fb93f311bf28c14d2f5ad39e3ddd3ad4aa19306f8b276d4f401972fdc5e7659f388c08dacd739a8162b05d06e052f4342edf1c1dd9aecdc32560f0
- SSDEEP
  
  12288:43DuMOagxhLiZEfyNX/rFLzXqBaW71tc99onYZ:vog/LiZdX/p3icXon2
Score

1^/10
behavioral16
- Target
  
  Malware_pack_2/SmartDefragmenter.zip
- Size
  
  376KB
- MD5
  
  541d8406002aa2750a2cf59480e71d94
- SHA1
  
  ac40c4715cca6967e2af789cee246b5a0d533a9f
- SHA256
  
  ddf1b79f563d94bb3ddb46b37aa010d95403dc7a1debfc9476a8ab449472b738
- SHA512
  
  9d3f5fd405be3a76b9d0150e58a2af24cd609a1b7b63bac9e68350a0b153a42bf4941c5d2d8d752ee5d9d6dcc690250811a9c688e2efcc458abef71580add73b
- SSDEEP
  
  6144:MdZTQDqwhWbeXTbAf4KINkYLcwpO/ZuY2EwbJ2Fgzz+n6tBN+Pz9BQBa4oQRMgs:yZw1DbAf4KIqM4cewFQ2z+6XNk3QVRM5
Score

1^/10
behavioral17
- Target
  
  Malware_pack_2/VineMEMZ-Original.exe
- Size
  
  39.6MB
- MD5
  
  b949ba30eb82cc79eeb7c2d64f483bcb
- SHA1
  
  8361089264726bb6cff752b3c137fde6d01f4d80
- SHA256
  
  5f6a8f0e85704eb30340a872eec136623e57ab014b4dd165c68dd8cd76143923
- SHA512
  
  e2acd4fe7627e55be3e019540269033f65d4954831a732d7a4bd50607260cd2a238832f604fa344f04be9f70e8757a9f2d797de37b440159a16bf3a6359a759b
- SSDEEP
  
  786432:1fhwEXgLYTou24XbHzjkgV5bQAH/AbkP1hn0qPQPrhBPC7wYqljbdPIa:dqgb84DPn5vhbIPdZaWljbdPIa
Score

9^/10

bootkit credential_access discovery persistence ransomware spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Credentials from Password Stores: Windows Credential Manager
  Suspicious access to Credentials History.
  credential_access stealer
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral18
- Target
  
  Malware_pack_2/WannaCrypt0r.zip
- Size
  
  3.3MB
- MD5
  
  e58fdd8b0ce47bcb8ffd89f4499d186d
- SHA1
  
  b7e2334ac6e1ad75e3744661bb590a2d1da98b03
- SHA256
  
  283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a
- SHA512
  
  95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c
- SSDEEP
  
  49152:0x8KJHkctwJdVlgBq+q1vqtWdhQIajy4AsOLgVv+L3QXz+B7m1qyapDgJmeiTLW:0x8KJX+dVHvtzaj3xWgw79icXW
Score

1^/10
behavioral19
- Target
  
  Malware_pack_2/Windows Accelerator Pro.zip
- Size
  
  1009KB
- MD5
  
  a42319a2a4e6e8a3ab825933b417a747
- SHA1
  
  d27bec4e51652aa5a0e3e9bc27aae3a7a79638a5
- SHA256
  
  6e6f0f4912aeadc81622c01e62cac6bbf02cd34052cdca2da582c92005275105
- SHA512
  
  48c9eeb57e3c75ebf77ec3744c019eea2ced66ad260536718b0b8599fbc9612ea5456b19be7b30928c089e438336360249e8738eacb2cb9410449dfa55de68c2
- SSDEEP
  
  24576:PxK9h6pIKZZRYJa0vMQeB30e1bFS6xZUXQnBWFZW6ri:PChGZHMvMQ40eBdZnBHEi
Score

1^/10
behavioral20
- Target
  
  Malware_pack_2/Winlocker.VB6.Blacksod.zip
- Size
  
  1.6MB
- MD5
  
  713f3673049a096ea23787a9bcb63329
- SHA1
  
  b6dad889f46dc19ae8a444b93b0a14248404c11d
- SHA256
  
  a62c54fefde2762426208c6e6c7f01ef2066fc837f94f5f36d11a36b3ecddd5f
- SHA512
  
  810bdf865a25bde85096e95c697ba7c1b79130b5e589c84ab93b21055b7341b5446d4e15905f7aa4cc242127d9ed1cf6f078b43fe452ad2e40695e5ab2bf8a18
- SSDEEP
  
  49152:2OiR+zJsyziTwWQRtQWgpn8QbX1ncWFwUGVF6VpHk:2OVdzVW4tQWgp8QT1XFwUGKPk
Score

1^/10
behavioral21
- Target
  
  Malware_pack_2/YouAreAnIdiot.zip
- Size
  
  223KB
- MD5
  
  a7a51358ab9cdf1773b76bc2e25812d9
- SHA1
  
  9f3befe37f5fbe58bbb9476a811869c5410ee919
- SHA256
  
  817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612
- SHA512
  
  3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d
- SSDEEP
  
  6144:M9iMNCHRNLhitoVak4jaChlNY4SWn0m3/ottG+DM:7IURthAXk4jBhKWl3/otc+DM
Score

1^/10
behavioral22
- Target
  
  Malware_pack_2/zip bomb.zip
- Size
  
  41KB
- MD5
  
  1df9a18b18332f153918030b7b516615
- SHA1
  
  6c42c62696616b72bbfc88a4be4ead57aa7bc503
- SHA256
  
  bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa
- SHA512
  
  6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80
- SSDEEP
  
  768:hzyVr8GSKL6O3QOXk/0u3wqOghrFCezL1VFJdbq2QTJTw02Q:hGx8DKXE//ZhhCirFi2cwK
Score

1^/10
behavioral23