General
-
Target
.zip
-
Size
3.0MB
-
Sample
240911-gjbm2awemg
-
MD5
f4daf015246f6a42787dbe3d6dc6b3f9
-
SHA1
2046f7c8105af96f889cd42281d29c1e3412bd7d
-
SHA256
729fa433582f3574ce99d37869a6fc0bc8bd56fc5230d7a9d50a4d4699c485f1
-
SHA512
a21823d02d150a1480b5ac0e95a85890fbe869a95c5910c733bb6f825215d4e0727a104432cf910abdf54165fae332eb839e56ac6d90abadb41e9edef57bf56c
-
SSDEEP
49152:mczpoHHC9CkKfUBvDD+JpqU4Fz7kos/jPaG2B0FGI5RrBY79yKZmr:mc9DCDyDDmz4ZkD/jJ2dLsr
Static task
static1
Behavioral task
behavioral1
Sample
ArainsToolser/arpReport.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ArainsToolser/arpReport.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
ArainsToolser/arphadump.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
ArainsToolser/arphadump.dll
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
ArainsToolser/arpReport.exe
-
Size
189KB
-
MD5
e9d05f7176aab86c6754ba89cb06d768
-
SHA1
f0e80278eab18ed61dcb473fb42419186fcc8b35
-
SHA256
6840e6e2a2b4555db025c331b41d426387e8d6397fd5917fad29d3893fb1886f
-
SHA512
100b1020ac2d67b10d5ff7f7b3423b0706fa0250c90dad9d0155064e52ab6bb2226e8cd9be4ea5e8eba91b91d5f399e82ec166fef0a9fef3cccc35963113fda1
-
SSDEEP
3072:SJg3FNLpWK6weGrE8tU3xvz0tcK4hYanD9EvQiorztXkF6ODVgCl4LDVXcCSfHR9:SJgVV8K6VGrE8y3CtcKn6yv8zRkDVK5w
-
Detects PlugX payload
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Deletes itself
-
-
-
Target
ArainsToolser/arphadump.dll
-
Size
7.2MB
-
MD5
e4ac1288b36eb34ec356012716573a5c
-
SHA1
dfaf779547b3989d72f75a91dbba20a3a15d4b96
-
SHA256
9e10d98024db6f6748433918288232cc1e55bea916146729be40dc0e53615393
-
SHA512
5f6921a62bee16a695215ead02fa10f6ae7ec844c9826a063824487519e03b0c674f6802273f13cb23e1daca2f7e9b9b723359d2b9aa9183821ec1234a334463
-
SSDEEP
98304:WfGAF3IZQRiTozYnHctd8/YTqOHyjt7ygsOMW6:4uRoznfq1NsM
Score3/10 -