General
-
Target
virus.exe
-
Size
12.1MB
-
Sample
240919-htaddswfrq
-
MD5
25dd8518d2e82a3499e4debd50a32b8e
-
SHA1
41e478e694d757bffe72620b3d38ecb4fd9371ff
-
SHA256
7352c2f8c31df74fb2c70b7ce7d6bb9969bce5fe898c004981309bdea3ebbac2
-
SHA512
8965b0f8dc8480de97b7064802cefa24690f21b9452c348b478cdb0d1e49658aec9511a4fe502dfb97f919e603ec981cf1fcce7c899d4ca6a16ba40e5551d988
-
SSDEEP
393216:SGV2CSQhZ2YsHFUK2Jn1+TtIiFQS2NXNsI8VbTToP:NYQZ2YwUlJn1QtIm28IKzo
Behavioral task
behavioral1
Sample
virus.exe
Resource
win10-20240404-en
Malware Config
Extracted
berbew
http://f/wcmd.htm
http://f/ppslog.php
http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d
http://tat-neftbank.ru/kkq.php
http://tat-neftbank.ru/wcmd.htm
http://crutop.nu/index.php
http://crutop.ru/index.php
http://mazafaka.ru/index.php
http://color-bank.ru/index.php
http://asechka.ru/index.php
http://trojan.ru/index.php
http://fuck.ru/index.php
http://goldensand.ru/index.php
http://filesearch.ru/index.php
http://devx.nm.ru/index.php
http://ros-neftbank.ru/index.php
http://lovingod.host.sk/index.php
http://www.redline.ru/index.php
http://cvv.ru/index.php
http://hackers.lv/index.php
http://fethard.biz/index.php
http://ldark.nm.ru/index.htm
http://gaz-prom.ru/index.htm
http://promo.ru/index.htm
http://potleaf.chat.ru/index.htm
http://kadet.ru/index.htm
http://cvv.ru/index.htm
http://crutop.nu/index.htm
http://crutop.ru/index.htm
http://mazafaka.ru/index.htm
http://xware.cjb.net/index.htm
http://konfiskat.org/index.htm
http://parex-bank.ru/index.htm
http://kidos-bank.ru/index.htm
http://kavkaz.ru/index.htm
http://fethard.biz/index.htm
http://master-x.com/index.php
http://kaspersky.ru/index.php
http://adult-empire.com/index.php
http://virus-list.com/index.php
http://kaspersky.ru/index.htm
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
virus.exe
-
Size
12.1MB
-
MD5
25dd8518d2e82a3499e4debd50a32b8e
-
SHA1
41e478e694d757bffe72620b3d38ecb4fd9371ff
-
SHA256
7352c2f8c31df74fb2c70b7ce7d6bb9969bce5fe898c004981309bdea3ebbac2
-
SHA512
8965b0f8dc8480de97b7064802cefa24690f21b9452c348b478cdb0d1e49658aec9511a4fe502dfb97f919e603ec981cf1fcce7c899d4ca6a16ba40e5551d988
-
SSDEEP
393216:SGV2CSQhZ2YsHFUK2Jn1+TtIiFQS2NXNsI8VbTToP:NYQZ2YwUlJn1QtIm28IKzo
-
Adds autorun key to be loaded by Explorer.exe on startup
-
Cobalt Strike reflective loader
Detects the reflective loader used by Cobalt Strike.
-
Detect Blackmoon payload
-
Detects MyDoom family
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Legitimate hosting services abused for malware hosting/C2
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1