General

  • Target

    ABCDA45.4.rar

  • Size

    1.2MB

  • Sample

    240908-gyps7s1bqp

  • MD5

    13c189bf367b8f7def68ba3c5121a080

  • SHA1

    31599a2ee0eb2026a8d26104334ac13437f742d4

  • SHA256

    5c36b516e47c99d218a211d0e5323ca94425977d25362f584acb2a1a4e9bdd8e

  • SHA512

    778d3ed90546be1ba503b3641a243f40683ca5aa9342b53be8c738e51ad66de7ffd594920570fe922256f0da1fe84411d81876d023f315af9ea46fb41fec3cfa

  • SSDEEP

    24576:9NmjdalhdDcHGGeixPVEnWvbBs8Bv2wghBZDzVeBfkwV78jLZhHdwzmBAnjatafv:9NmZ37eEPVEWRxgFnwlkwV78jbMmB2tn

Score
7/10

Malware Config

Targets

    • Target

      pkooit/WXDSRN.exe.v

    • Size

      439KB

    • MD5

      dc0da3a93abf27a4b8479b655a88b662

    • SHA1

      dbbdf148a62b7032af35a3488f295226a04264ef

    • SHA256

      3456fcfdfa1c52ef7c765e325a858e8a0281735b930d15c7986306f9425bf595

    • SHA512

      66c742f350dfd111f27191973e175db379a4714152b3c6494e3420a15af2e7f770c9399c8a3eca79b4163a5ceae8c26c3263a2628031f60dc37d0069461c1868

    • SSDEEP

      6144:mKQBGiA3eHJuwBZ4U/D3bnRKC5rsP/NHxbV9BLqrgqwWJM3yyG:YciRHQwv/D3bn75rY1HxbV9B2kvgYyyG

    Score
    7/10
    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Target

      pkooit/libcurl.dll

    • Size

      268KB

    • MD5

      826eb1d1a7b917f6dee249f37af24361

    • SHA1

      c18f330f5b1ba64442fd7602de2113680753641c

    • SHA256

      10e8ac3fe4d3e6ace7f19a10a1df4409c104f8943d9a0f3b6fd7107620dc9310

    • SHA512

      968671772d9b604646a14a61d5d81a1abe9d244583ed4dabb919275dc186ad63a9a4451c3fbd2d9a02b2362feb3fb6d78e60115ae05bb5c263a9a75729d8b335

    • SSDEEP

      6144:Cx/olbmPZ0OnHmt5e5UebJbBfQ/w8s3BMPn6lhXSFeMh2UAWTBNBJEUa:CtQmRznHm25UIbBMw8whMRAWTDBra

    Score
    7/10
    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Target

      pkooit/libeay32.dll

    • Size

      1.7MB

    • MD5

      d5b3b79c526f7c6450644762d9354185

    • SHA1

      84454ffad57c1efb996a2d43aecf03a04a8fb307

    • SHA256

      05db795353977fa9918cfddb3f9df6a863038565e3a0fde0b60f7dc7a5d62226

    • SHA512

      666f94624fa7a1601d474833220d4b91b3110ae4c8cc550647355a656db2b5edc26475eab3f811c8844efdd04548baab3f5fa8b52e03aef554c1865591c0cb1e

    • SSDEEP

      12288:2jt5/IUcQzHoeA6K0NJJMRLCIht15yD+b02Ab8FJJUl:2j//BcQroejNJm5315yqDFJGl

    Score
    7/10
    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Target

      pkooit/msvcp100.dll

    • Size

      411KB

    • MD5

      03e9314004f504a14a61c3d364b62f66

    • SHA1

      0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d

    • SHA256

      a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f

    • SHA512

      2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d

    • SSDEEP

      12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8

    Score
    3/10
    • Target

      pkooit/msvcr100.dll

    • Size

      752KB

    • MD5

      67ec459e42d3081dd8fd34356f7cafc1

    • SHA1

      1738050616169d5b17b5adac3ff0370b8c642734

    • SHA256

      1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067

    • SHA512

      9ed1c106df217e0b4e4fbd1f4275486ceba1d8a225d6c7e47b854b0b5e6158135b81be926f51db0ad5c624f9bd1d09282332cf064680dc9f7d287073b9686d33

    • SSDEEP

      12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5

    Score
    3/10
    • Target

      pkooit/ssleay32.dll

    • Size

      231KB

    • MD5

      83502d796852329cdfc906fee2b5ede4

    • SHA1

      23c223804f01f9a0b2a9879077aa2bce7d963092

    • SHA256

      cfdf8b760afdfe34c0ee943faf9452b4de438836e03990f983883c1f51be5e26

    • SHA512

      d965334342905fdbd6411e27eeefadcad3e28c9294f56dc8e6265e688c3a0da5976fda5961523ad8c237e3a8c605d9c7427deefbf72937ff02494f1ecf946335

    • SSDEEP

      6144:1tuPYBz4tt1ic+5uvNt0ZI0+UrHHZ7N3sEUWh5quGt/zvkLEaa8ZESWC5lQmSUzh:1t9Bz4f1ic+5ult0/lrHHZ79pJh5qpt0

    Score
    7/10
    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

MITRE ATT&CK Enterprise v15

Tasks