8e781ea5416de0e510bf1f4bd43f432a8849c058307390e7b95de5d689058268 | Triage

Sharing

General

Target

Tools.zip
Size

84.2MB
Sample

240912-k2nl4azgkh
MD5

c4422ae48275aef4285e6d9b6e3579e0
SHA1

477044c9d0dec845570fd96794f66d186058cfea
SHA256

8e781ea5416de0e510bf1f4bd43f432a8849c058307390e7b95de5d689058268
SHA512

3e842a812fd924bf66f74a6d6ee0bf54e19a90ae5e9d61aedcbeb35a9693b69bfd2be4a858e0619229644f69953bd3999657aaf30de77f3366f30845bcc8dc4f
SSDEEP

1572864:lUnbERndUnSJbQASbL4YtzisF+miRov+3Y91JZqnhXwqHT2HSYkz43kyAzRu7axb:lUnbgneSJbGbriMiSvp99ypz0vuNyaue

Score

7^/10

discovery link pdf

Malware Config

Targets

- Target
  
  Tools/SQLi_Dumper_v.8.5_Cracked_By_LautheKing/SQLi v.8.5.exe
- Size
  
  2.3MB
- MD5
  
  f558500b09118c2d5482c0097d41b986
- SHA1
  
  ebdd90df103acb0a28a46b4affde511f5b0bb6d0
- SHA256
  
  4081a78ba280d28c56551983e515486a1dacf9ba26a3e76a71060982cc9e5ed7
- SHA512
  
  d4bfd969d7e8e0ff7aedf55ea69398ced8bd81dd2bde7e87a79d6890fa4b38d0275ceb8c72e20336d97bff2252cd904e27f8023b93dacf961d7345d18e0e7441
- SSDEEP
  
  49152:k25iWOXWlIIb6fMID2u41715Kqao5ZPbnk4uJnmcBVbqk4uJnm:k2cRXW++6fMIiL1J5KCjPbk4uJnmcB/e
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  Tools/TSP Dork generator - by Lh Production/TSP Dork generator.exe
- Size
  
  206KB
- MD5
  
  560cb4c22eef8363ad5a68115c1e1d68
- SHA1
  
  ed7de753e52433abbfc9c40b4d93c17989e7af0e
- SHA256
  
  f408d849ff9173f5d155c2f62ee6fd206c0c3a343ee42699baeb9c44a4787030
- SHA512
  
  cf4f8944784662d27bb4056982e334941531039cc39ab8f3e828cda68f8833c6e0a318aeb278166d8377ecd6a40281bf2f77a611bf073e78da877e229cd7a0a0
- SSDEEP
  
  3072:LY6bBJJZVf4eavHmqzlawtKV3CZlQgpxC+e0ua2SnXRfaHBYYit3AqwrKHbNK9tZ:3Lj/PcUDBCSKBb
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Tools/TSP Dork generator - by Lh Production/YouTube.lnk
- Size
  
  1KB
- MD5
  
  686c7f583ea8b588077a0ce49f4dab41
- SHA1
  
  a66feb429902206e1b0247107a63dcea9be32f0b
- SHA256
  
  e18918ce19299f7ef793997d91dfc7cedd2d2691b1b28628595f026954b8ad80
- SHA512
  
  51f42139baed534c3d70c9e5f600de644d0b27129ff3c64da2bf10646e05a27e3008fb3c3e007c7f5cad781b6689b2699310478228dd9a1270b9b6efda969a45
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6
- Target
  
  Tools/WinPcap_4_1_3.exe
- Size
  
  893KB
- MD5
  
  a11a2f0cfe6d0b4c50945989db6360cd
- SHA1
  
  e2516fcd1573e70334c8f50bee5241cdfdf48a00
- SHA256
  
  fc4623b113a1f603c0d9ad5f83130bd6de1c62b973be9892305132389c8588de
- SHA512
  
  2652d84eb91ca7957b4fb3ff77313e5dae978960492669242df4f246296f1bedaa48c0d33ffb286b2859a1b86ef5460060b551edca597b4ec60ee08676877c70
- SSDEEP
  
  24576:UBOldyR6ORWsaM2QROxa6jsqUENfJjNK/CG6niqiL:2KzqWsayROxa6QDENuaG+ifL
Score

7^/10

discovery
- Loads dropped DLL
behavioral7 behavioral8
- Target
  
  Tools/proxychecker/Colorful.Console.dll
- Size
  
  88KB
- MD5
  
  5f3d2cfbc21591b8feef1efa3e59a4d0
- SHA1
  
  15d1ad963a13b6c8ae28c26e7dc1cc3da2bc3bb8
- SHA256
  
  f31d4fd7e729fc6cf4ecab972b6b1ee897918a325b1ca572030966f831e768fb
- SHA512
  
  05135188c3b75cf642e4e1e833d01c24d2ce2c2b1ae71b0edf048e453a4716226d7af582365d2f6ab803b4b0fe83ce67d4c39125963fc50d597c30e56ae74a2f
- SSDEEP
  
  1536:hLeJYLqthWMjfBiRlijZFgWHdQe9nLClbWG:hxLqtQMv7d9nLqCG
Score

1^/10
behavioral10 behavioral9
- Target
  
  Tools/proxychecker/ProxyChecker.exe
- Size
  
  17KB
- MD5
  
  5124f28ec4d487207b9ce6362c7b0d9b
- SHA1
  
  6fdee551cca4898c77d7ad91519b977b229b2317
- SHA256
  
  bd939a75151715536dccde6471b64a0ab6436184bd5ff4f3d89fce976a1f5561
- SHA512
  
  fb729549e62a4ebe67113cff6c28b24b22b3a326076e57073639ca0f57435b5c8d76e8b9e1c6ba0f75307011568ec78d9446b905a508ec1715059217388eced2
- SSDEEP
  
  384:kLRaVeNRqcSJAdDv27sZQ5XD2EBnJSnKr8l1IKZa5Cc1G:kLFNRqvqOsZQ5XLBnJSn28lZU5Cc1G
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Tools/proxychecker/xNet-Ameliorated.dll
- Size
  
  74KB
- MD5
  
  44d7396d8b6fbd8f1e9ff4d0278bb767
- SHA1
  
  7c8dc050381d2e19b989943f961fee45bd225b69
- SHA256
  
  16ea0eab1ffe6b3b05abf1b04baa7c2695885795c5bfecb6cfcfa595a0fa7b30
- SHA512
  
  320573c76b448b6f625917d26cec738c94431d274e340a9a0ac5401535a75faa9ebb65616fd23a069de39e4634baf79a67527eccf7bbd197e8f3cb823ec4d93c
- SSDEEP
  
  1536:CpGjP8+k8PDYivFAS537WYRwFH1+KZ3etqp:CpwJgYAScYRwFH1+KZ3etqp
Score

1^/10
behavioral13 behavioral14
- Target
  
  Tools/rdp/RDP Forcer 1.5/AxInterop.MSTSCLib.dll
- Size
  
  293KB
- MD5
  
  0f809467f7e99aa1b6572a9adfdad685
- SHA1
  
  f0dc9956841a1df5b8fc006d16a1e21e7687b5dc
- SHA256
  
  b9d3566e580ce6ec6fcd77d3bef3912a8e1995cc3dece3178c27c503ef00e495
- SHA512
  
  ec1d8259818ff98070ab6fcdbc3329bce51bb68b7c78ac74a0227da44da8a648f481c0e8cb1f18d5002955556e913b371b000acfea57573ec7626c6497e8d972
- SSDEEP
  
  6144:xM+MqDWxDTXd01gDbF7r16IFe8IBAHLVuS7YTso1C+cC1Z:xcpZhos
Score

1^/10
behavioral15 behavioral16
- Target
  
  Tools/rdp/RDP Forcer 1.5/ForcerX15+.exe
- Size
  
  733KB
- MD5
  
  fbde9d854a7f3064786abfad8d413faf
- SHA1
  
  0755b3590934af35f4b801858577bcb94cde13b9
- SHA256
  
  bd3141d88e2d0e01a974f61d1e1489f06d22464f2e0d50682ce1a780cbbb96a6
- SHA512
  
  7b263ed19a0e7e9a55ceff036a97ebdc595f248f52d2a0279bafc080fecceed6a5cae9640a678cd5cfc75c421afe84591ea68062ce39bc50d9b5681ec8d498c3
- SSDEEP
  
  12288:x8hC6y43u/6UnnxOC1PCZXOYLvqH1rmz4IX5kqavTdR9NHNziR1:YC5PQJqRmz3XlGTv9lNziH
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Tools/rdp/RDP Forcer 1.5/Interop.MSTSCLib.dll
- Size
  
  519KB
- MD5
  
  938c86e094644536a8e5293447310d18
- SHA1
  
  926af64ec50877f073a2346455c72c1ee97a1874
- SHA256
  
  ab589186acb951ffe19821a8210dc1baf34dd040d7dfc2ca57e2b07a42c11a29
- SHA512
  
  f4428be43661795ef0c01100e8d71a82a4d8e60f79e7000adc31526d88930d6eef2032d29bf2f2c53e087a2f97ba03946c046c0f111b2a3d22d3f592e0f1966d
- SSDEEP
  
  12288:cb0pCf4dmzcB63g1+LEZSPINWjsxKnwlN7Yx2H0tyDg5OvvP4kiSkoEDJnVmMvle:cb0pCf4dmzcB63g1+LEZSPINWjsxKnwS
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Tools/rdp/RDP Forcer 1.5/KPortScan 3.0/KPortScan 3.0/KPortScan3.exe
- Size
  
  191KB
- MD5
  
  c0a8af17a2912a08a20d65fe85191c28
- SHA1
  
  0fbc897bf6046718524d05b6bc144c3785224802
- SHA256
  
  080c6108c3bd0f8a43d5647db36dc434032842339f0ba38ad1ff62f72999c4e5
- SHA512
  
  bd6b67a2f285a5634c5d38f742d5528a661414d3fb88f8065433f6a6a1a3a3f707dede9be7bda9bac9327240422c2314081d0a9eb9b6bc61687465ac96868ef9
- SSDEEP
  
  3072:ywYXnaz7fOTkQTwokTqLIOt6r+9dEPlUIbrMOFTfM0OZhEt3hjOrX7a0K2gY7fq2:N+naz7OTkNPTqLIOt6r+9dEPlUIbrMOE
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Tools/rdp/RDP Forcer 1.5/KPortScan 3.0/KPortScan 3.0/QtCore4.dll
- Size
  
  2.4MB
- MD5
  
  438717377b9df0f53f283c9e4aa722cc
- SHA1
  
  c413917dfcb816799613c6f86b55952c887ff711
- SHA256
  
  a679cf46e128d028de22fb9ed8432e5107e53f8e7e6fb7f5e169b3eeab8f000a
- SHA512
  
  03c10588ec47bce9b6c40fedffcaa775b84bb691450789000c17e7df02554036ee336d382524b35bfa67dbc4ae4b95d3d1807d61f46016427856f60850383f3f
- SSDEEP
  
  49152:vfGCzRdEZK8hyX2ntJsv6tWKFdu9CeTxLyvL/6mShMZtmjNUVrciV5P+7QVg07Tl:vf8KF2tJsv6tWKFdu9CIK
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Tools/rdp/RDP Forcer 1.5/KPortScan 3.0/KPortScan 3.0/QtGui4.dll
- Size
  
  8.0MB
- MD5
  
  37957facc9afbdfbd119c8372c9cf0e3
- SHA1
  
  1f5584ae75e947ffcbe00dc17bc423bf3f906ad0
- SHA256
  
  bf52fec00b4f640d07bea3850096cc77983fca518bbec8122997b7ca561205f1
- SHA512
  
  24ef6418f904b646d31912e0f350a0eb10147015bbd4b3710aba62c5a1da5d001600d9a381beb8d871d30cc0b07cf2fdb034f81f60810d8c14899cacdf68ad4d
- SSDEEP
  
  98304:ixT4yTZMEMrIJCZxMvwQoVgN1617/PO1IQlS4Xsmw2zZQvkfsnXWP:ixbZxDJ9vv7617VQlSesn
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Tools/rdp/RDP Forcer 1.5/KPortScan 3.0/KPortScan 3.0/QtNetwork4.dll
- Size
  
  982KB
- MD5
  
  5c6afae60414546cef0a9b759da93912
- SHA1
  
  928aba35960a17b9ee3a3e2f2f890b8aa6842e6b
- SHA256
  
  99757ec661fd7de3b22fb641f25cf1565aae13daf8d31c6686c6c7cbd2be6fc9
- SHA512
  
  bbd7aae541c5677317f68472c4be008164909f6395c43e554c4b070fb398ec680f496505644de0a706f831bc850e770c60c699d5aa0d5a7e0e19c5fc48e5c727
- SSDEEP
  
  12288:BQ4LHoNwBkUx/0RpieLY+EZ8R2/hGT/YOt2ck/qTpQ39NM7LMi7nR4djiz0R6H2j:zr/k60RpizZ83/T6CTeNuMwR4djip8L
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  Tools/rdp/RDP Forcer 1.5/csrs.exe
- Size
  
  270KB
- MD5
  
  6df085a6dbc5f6dcb504c272e08f883a
- SHA1
  
  cd1f3bc06a9e7f060a9459186fa04d1e6064bb1c
- SHA256
  
  f1f91a4172379c7952d6ce16c9df13eabac4b969c3fca3006fa30c866a96c60b
- SHA512
  
  b53c620bbd5c5976221cff20314c1180766b4402f6dab2f6029e44ccce5ac115bea28b12f11ee2344dbf6111a0c4e3bd9868e62593feaabb96c9d9a8e1ae3e1d
- SSDEEP
  
  3072:lajUJwRNDPi+Y+CvN9kqQAQxATeXme7O+3FOkYSURaFhLaVyO+XBIX1Ib23aifgc:laMwRNDPi+Ynsm+O+3FjbURQMmCY2
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  Tools/rdp/RDP Forcer 1.5/freerdp-client.dll
- Size
  
  234KB
- MD5
  
  307fc3856c7986f567ab9bb46b36a557
- SHA1
  
  2152d303c500179d3c85a24767e4487cfa1aa248
- SHA256
  
  d3efe3a97d7417a8097ef5da4be68e91be93c94be9d8be0420a2f82bf611b1cb
- SHA512
  
  9a892ae1472d4ecca8963a292d311e9ca1f0990ce67fee7bbc0df93a1927803c966321797aec2a68401cdf1958057d6edd6f6f25da75080c4a1859d956d36873
- SSDEEP
  
  3072:NYUbmiAGaYuctHBUnRmdHjsEsN915Z0Os3I+rt2dBpEKjSf082k43R0Qg8NghlHI:NuiALcpOG0NJZ0PI+rtIB3Schi4ir2M
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32