Overview
overview
10Static
static
3Set-up.exe
windows7-x64
10Set-up.exe
windows10-2004-x64
10config.exe
windows7-x64
1config.exe
windows10-2004-x64
3mfc100u.dll
windows7-x64
1mfc100u.dll
windows10-2004-x64
1msvcp100.dll
windows7-x64
1msvcp100.dll
windows10-2004-x64
1msvcr100.dll
windows7-x64
1msvcr100.dll
windows10-2004-x64
1opengl64.exe
windows7-x64
1opengl64.exe
windows10-2004-x64
1plugins/Cr...32.dll
windows7-x64
3plugins/Cr...32.dll
windows10-2004-x64
3plugins/Cr...64.dll
windows7-x64
1plugins/Cr...64.dll
windows10-2004-x64
1plugins/Fl...32.dll
windows7-x64
3plugins/Fl...32.dll
windows10-2004-x64
3plugins/Fl...64.dll
windows7-x64
1plugins/Fl...64.dll
windows10-2004-x64
1plugins/Mi...io.exe
windows7-x64
1plugins/Mi...io.exe
windows10-2004-x64
plugins/NvStWiz.exe
windows7-x64
3plugins/NvStWiz.exe
windows10-2004-x64
3plugins/St...er.exe
windows7-x64
1plugins/St...er.exe
windows10-2004-x64
3plugins/ca...ll.dll
windows7-x64
3plugins/ca...ll.dll
windows10-2004-x64
3plugins/ca...RT.dll
windows7-x64
3plugins/ca...RT.dll
windows10-2004-x64
3plugins/ca...es.dll
windows7-x64
3plugins/ca...es.dll
windows10-2004-x64
3General
-
Target
extract.rar
-
Size
20.2MB
-
Sample
240910-sz21psscnc
-
MD5
fc154e8e90e53b7edcdec1303221c87b
-
SHA1
6cf240924796bbdd0aee650d73fc3c0b8f3048aa
-
SHA256
dd142b47e5bb1625c1b8b0ede73b41101d63e59116d21029ab64794809709675
-
SHA512
e08d32ed5ee0ee53c491f4a4405fa5824aba1bf7d13fe4fa8ead6d15046117ffccbdfd7ef22aefac48c720653ee34893cddad120d365cda935f5f64f6d099f3c
-
SSDEEP
393216:7NqvvpKx/8smzmI9HsfgQKi/F9rUFiImz/SB70dgkxyveYvxetGeVV94:cvvMx/8sqvHsfgQKmDIi6agHJesyVi
Static task
static1
Behavioral task
behavioral1
Sample
Set-up.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Set-up.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
config.exe
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
config.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
mfc100u.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
mfc100u.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
msvcp100.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
msvcp100.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
msvcr100.dll
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
msvcr100.dll
Resource
win10v2004-20240910-en
Behavioral task
behavioral11
Sample
opengl64.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
opengl64.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
plugins/CryptoPP530Fips32.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
plugins/CryptoPP530Fips32.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
plugins/CryptoPP530Fips64.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
plugins/CryptoPP530Fips64.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
plugins/FlowSshC32.dll
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
plugins/FlowSshC32.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
plugins/FlowSshC64.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
plugins/FlowSshC64.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
plugins/Microsoft.VisualStudio.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
plugins/Microsoft.VisualStudio.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
plugins/NvStWiz.exe
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
plugins/NvStWiz.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
plugins/StartupHelper.exe
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
plugins/StartupHelper.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
plugins/cache/ICQLiteShell.dll
Resource
win7-20240729-en
Behavioral task
behavioral28
Sample
plugins/cache/ICQLiteShell.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
plugins/cache/ICQRT.dll
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
plugins/cache/ICQRT.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
plugins/cache/Language/LiteRes.dll
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
plugins/cache/Language/LiteRes.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
cryptbot
forv14pn.top
-
url_path
/v1/upload.php
Targets
-
-
Target
Set-up.exe
-
Size
6.3MB
-
MD5
334beed5851da0d5cb75bc243ba1b375
-
SHA1
8e62bd80ecbbd392623bfd9145c2c52f5f072624
-
SHA256
e809f6469c269f3bf3aec45124bb5cecd37d41aa431bb57f9ed11c9bc789b2d9
-
SHA512
906311a3f6d7ba22f5e95975df71b4d27815491404c00856767ecbde1da7115cbbddc4e234fd38c3e901175db38f8f3526d2662ac62c81a1b461f1ae02a3896a
-
SSDEEP
98304:6tUNUi7mZ4QaiCDV8SpHR6gda7J2FvyJ/Ve:6ziqZ4QaN8SRR6gd6cFI/Ve
Score10/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
config.prx
-
Size
364KB
-
MD5
14934caca84d5fe0288f27efb31dcbf8
-
SHA1
98c8c659488a5782679112e0ffb089422a664ac5
-
SHA256
7fa86147035627bae39576bcbe619d045e94a48c4db8ca131968c20bb4de4a36
-
SHA512
9a239132a46fe578fa04ff727d8c28f9e1d179e7154619670a22a403819f337af0a96ebd7081d04d53910a12bbdc548b3cd2b2a285931c92f1c149ad5d846a6a
-
SSDEEP
3072:rbT9vTZFNSlIbVf7o3Cyi7igb/Js0S6uZZspiDbZHNjWOnNxFiKey1ISQlXflY:fRvNvvbhOq7F3S/qpiDlNCONvmXdY
Score3/10 -
-
-
Target
mfc100u.dll
-
Size
5.3MB
-
MD5
85ed13922df97474af9979ca456c6748
-
SHA1
d79cdd200b6543e06d18ed67e44c7bba50de7d85
-
SHA256
4c33d4179fff5d7aa7e046e878cd80c0146b0b134ae0092ce7547607abc76a49
-
SHA512
dcf9bb66a621d49d036f418337c2c454c3a3212c3d008c2dfe764b374ffaed1ce7ea3c6fb30f0c30a64ae3b901146fe474427e9bf4931e01e1a5cb5dcf2b5033
-
SSDEEP
98304:H0g27TTwiMfeEA5KFLOAkGkzdnEVomFHKnPA:H0g2H8kEHFLOyomFHKnPA
Score1/10 -
-
-
Target
msvcp100.dll
-
Size
593KB
-
MD5
d029339c0f59cf662094eddf8c42b2b5
-
SHA1
a0b6de44255ce7bfade9a5b559dd04f2972bfdc8
-
SHA256
934d882efd3c0f3f1efbc238ef87708f3879f5bb456d30af62f3368d58b6aa4c
-
SHA512
021d9af52e68cb7a3b0042d9ed6c9418552ee16df966f9ccedd458567c47d70471cb8851a69d3982d64571369664faeeae3be90e2e88a909005b9cdb73679c82
-
SSDEEP
12288:koBFUsQ1H5FH3YUTd/df0RA7XkNvEKZm+aWodEEiblHN/:dFUsQ1H5FHdGKkNvEKZm+aWodEEcHN/
Score1/10 -
-
-
Target
msvcr100.dll
-
Size
809KB
-
MD5
366fd6f3a451351b5df2d7c4ecf4c73a
-
SHA1
50db750522b9630757f91b53df377fd4ed4e2d66
-
SHA256
ae3cb6c6afba9a4aa5c85f66023c35338ca579b30326dd02918f9d55259503d5
-
SHA512
2de764772b68a85204b7435c87e9409d753c2196cf5b2f46e7796c99a33943e167f62a92e8753eaa184cd81fb14361e83228eb1b474e0c3349ed387ec93e6130
-
SSDEEP
12288:QgzGPEett9Mw9HfBCddjMb2NQVmTW75JfmyyKWeHQGoko+1:HzJetPMw9HfBCrMb2Kc6dmyyKWewGzB1
Score1/10 -
-
-
Target
opengl64.dll
-
Size
17.7MB
-
MD5
0a84667145e7efef026c888d4b768126
-
SHA1
27673e1bd7c55bba6eaa37620d3b3820ce45d46a
-
SHA256
dd575f3c64382193610815909bd2c52490244ecbbb9bba6eef5fe4f0bb43bb4d
-
SHA512
3e964c996ed358787c4dfdb965a00b38b4118c804ae1bf8d32aeb7d936584e72c188e3fa0d27d1c2ffd3be13dca8045b08b28b15070812c195d82d1bf23a2604
-
SSDEEP
393216:PXhbUNnoBP98OQ//aXUszfTBHCOUZ2UenCDkOH2:PXhNB4nlW
Score1/10 -
-
-
Target
plugins/CryptoPP530Fips32.dll
-
Size
1.2MB
-
MD5
9a7234078559093e06c9d32148ed95a3
-
SHA1
40361dad15b9b5ae2757a21d1ce6a61c3c37e891
-
SHA256
32f5d0a454c26e8aa6f4cad58f3782337cc97cfe2305bbfe564437e5f0d51bbc
-
SHA512
9a2c3761d799999a691cd605f11c4014f604afa9a46b3b4c9999eef177f0e703ca2ed52c22824cba613559ce37bd134c566d54a4e51141828816b02a4f3da05b
-
SSDEEP
24576:4pPfSOTjS+katpqQTutqG3kGP7NS0LdbiAJ:4VnTu+kNQqqG3kIE0Ldb3J
Score3/10 -
-
-
Target
plugins/CryptoPP530Fips64.dll
-
Size
1.9MB
-
MD5
5421d49c2b1eabcbf9fc3cd5b3a4a7d2
-
SHA1
0028edceb5be4fd315b460b37f499667564a1367
-
SHA256
f555d9a75aff39ea48a8c51a833833f7892060a3421c57546640bd560e87e67b
-
SHA512
92ad7321a80d3e718e0c625bdf6d4fb122bc661e6b955744d513f043fd7733e39e13ab7a994a4bb140eec3c1b3d72ddddd9dc12d98a83811bbf1ab2266946e20
-
SSDEEP
24576:3nn521M2+LQvsrfqPmckkcltu9Wl0iY9Cu4biY7DvCQ4Rze4:3n521M12cPY9Cu4j7WQ4Rzz
Score1/10 -
-
-
Target
plugins/FlowSshC32.dll
-
Size
5.7MB
-
MD5
c4c176f948aaefdbac2007be7540f807
-
SHA1
fab53fea6bf9b66edf37c05f96d0113e7b3ff151
-
SHA256
b7ce745085da1ea321ba210178f90c7fbda7419a64452a887219b6fdc7ef762c
-
SHA512
f0883c2f65189a9992af98fc05947df34a43740d4c22196a2d3922edfe7e4fb2bcd75226a24b9482d2be5961eeb63a015a329a3a524f25d7e8c6acba31ab80bf
-
SSDEEP
49152:XMZDDtZO0oV8BPKzv694e7rnSmRw6DKnByzYC3rkOmcdbzKgZI9cji115OVcrDom:cno0w8BPW694evnSmG6oY013S26vCL4M
Score3/10 -
-
-
Target
plugins/FlowSshC64.dll
-
Size
7.7MB
-
MD5
0a86f2e157f36783f412379b8b94a1a6
-
SHA1
f679118d538d8c0aab0d8693f8b9b86bc9ccef2e
-
SHA256
27056202300c852631354871960619ad713baf02f06d080afb1ccaba3ce6bc69
-
SHA512
ea8101c2c5dfe11859cfc3539a82b66692920aec8fbe8d64ee5a32475247f71ca98482e8c20b297811ff3d235738e9c20ace33142e4833162068cb1f67c523bf
-
SSDEEP
49152:EpBqTfDVWxBameIwNZP81iXc6WOptqQbFYdzyCs7Cqy1mZ1PVJLnbd1AYLik7J3g:QE7kBvoXZgx+JLbdXxiflHsvhq75b5
Score1/10 -
-
-
Target
plugins/Microsoft.VisualStudio.VsWebProtocol
-
Size
661KB
-
MD5
91acf072fe60b3ef9867faec1a7a8cb0
-
SHA1
f5beee29187c4573acbf5a9105b6b475b6565f61
-
SHA256
1f49adc807a564e7c1ecf32f58074a1230a6fe4764e8f54ce7ffa8c2e880dcca
-
SHA512
6e096399e0afeb7c5f1a2a60204b887e946b3b6bc926fc5a78a97592a202954ec5e83ececc3ab1f66a2343db10c2974c15462837df342b0c5f6ad4594bd21b37
-
SSDEEP
6144:iMuijXEeWt742E+F94FQoS+LZjXEmItnl9:HukEeWtEQr4Fi+LxEmItl9
Score1/10 -
-
-
Target
plugins/NvStWiz
-
Size
432KB
-
MD5
9e82e3b658393bed3f7e4f090df1fbe7
-
SHA1
bfff954b8ef192c01af9fb5d9141a21279cb9c31
-
SHA256
c2ad5bd189df04b39be18dec5cd251cf79b066010706ad26d99df7e49fd07762
-
SHA512
de6a1e62d4e33f807d9c04f355a762717eedbcf540e747a97ba824871d4a1f144f4929141df333711d42af01e441dbbcecbb25a6a4f8ec073a024d94197b776b
-
SSDEEP
6144:9S4bS5XFvti0A0YqsAtMZDeJmdzh8KL5g3AepeV2fbRahYzUM3:9SMCXFFe0YqsAtEeJKCqN2jRahYp
Score3/10 -
-
-
Target
plugins/StartupHelper
-
Size
364KB
-
MD5
14934caca84d5fe0288f27efb31dcbf8
-
SHA1
98c8c659488a5782679112e0ffb089422a664ac5
-
SHA256
7fa86147035627bae39576bcbe619d045e94a48c4db8ca131968c20bb4de4a36
-
SHA512
9a239132a46fe578fa04ff727d8c28f9e1d179e7154619670a22a403819f337af0a96ebd7081d04d53910a12bbdc548b3cd2b2a285931c92f1c149ad5d846a6a
-
SSDEEP
3072:rbT9vTZFNSlIbVf7o3Cyi7igb/Js0S6uZZspiDbZHNjWOnNxFiKey1ISQlXflY:fRvNvvbhOq7F3S/qpiDlNCONvmXdY
Score3/10 -
-
-
Target
plugins/cache/ICQLiteShell.dll
-
Size
56KB
-
MD5
05e61539b8917fca37c03756bbdd043d
-
SHA1
5a72e0e528260de0ea5b34badb9e5f9873cb4245
-
SHA256
515c8e0b93f0fef15da3e2573ad92b7e7840374140e65e5d73df63d8e22cb3e8
-
SHA512
565d57783e6044d6e7e2026c79dbd897e637c5e1d96e7930dc704ef2b6d801669b38f0c26382f00e67e26668439274941e937a0ade54666de50b5d84f6da7e97
-
SSDEEP
768:YEGJ9blT7XZBSbHwJU+tGR0KZUyGKZ0ZgwmF1+3UVambg:YEGJ9bln5o0KZjGKZ0Z1mF1+3UVayg
Score3/10 -
-
-
Target
plugins/cache/ICQRT.dll
-
Size
32KB
-
MD5
1aedcb8994d6ad63ef9dcb87016e028f
-
SHA1
f5b891aa15c6353b681bdb7e2d96c6ac8a5f02d7
-
SHA256
53e1f40144bab532f9700ff25ec3d5c6a39784a98e17fada583b4ee6d9dd5dbc
-
SHA512
89c0f408797c4d78afc52335a9e162345c614e1e419f55487cb358c14f7a69ec82138a7e6250be3133233386ba3659d241e80ab63c9b972b6c8b26b0424cb0c8
-
SSDEEP
384:+qtTeds1tkMAp4TxCW9su5UcSu93ggoXUQQIPGEANHl:FTedukelF95RjQUUPpANHl
Score3/10 -
-
-
Target
plugins/cache/Language/LiteRes.dll
-
Size
735KB
-
MD5
88962410244bc5c03482b82a7e3cb5e1
-
SHA1
4622be2d3deda305bf0a16c0e01bc2ecf9d56fad
-
SHA256
afa884228afc5c05f4b47e90b6de42854d5a8886ec5ed15a253faeccd5309036
-
SHA512
c6e7667f91c1439e33ad4d9e2052b7c9fcc3ca2c7688d9e2bc0550b71a5762b76aa76427331df0217429d9bd984925997c7a8d009f25e44e2776c5ce7cc9d98c
-
SSDEEP
6144:x9Ej/jb82/HRoXO1q2pt+Mc1/PDPicsUzM+gYESoE/wOuET8F62bH5vnGfcJvl+b:fqptG/PDPo0no2Iq8F6CHBTWqU
Score3/10 -