240921-vtmd6stelh_pw_infected[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

240921-vtmd6stelh_pw_infected.zip
Size

696KB
MD5

90c28ea4eaf9928eedd3ebc225895b9d
SHA1

7503004a3b8c22d791ea4a8fb046caa84581129f
SHA256

164de4cfdb3dfa4e616a5910b00ce35b2e27289e67fa35d8c4919e9ff481f830
SHA512

efc106b8a1741da3fc3303d7dc9849408ff949a6bf7629ed74ce734ea166c4d67925c164e0c113f60b3dfeb4fc64c55ea00c2aab863462f45a794906322496e8
SSDEEP

12288:WVqseDilOFgi47S0o1ANC8t+xbGY/IfjcIAXJ2iZi9aATdEJTupCxB/mOmaleS7a:sFsIOFMuONCllIfjcIqEa1JKpCxqF0Qd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Athena.exe

Files

240921-vtmd6stelh_pw_infected.zip
.zip

Password: infected
Athena.exe
.exe windows:6 windows x64 arch:x64

3ed832f60ef37befb7c2fab86ae680f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

kernel32

Sleep
SetLastError
FormatMessageW
MoveFileExA
WaitForSingleObjectEx
GetCurrentProcessId
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
GetEnvironmentVariableA
GetModuleHandleW
ReleaseSRWLockExclusive
GetConsoleWindow
GetLastError
VirtualProtectEx
CloseHandle
Process32Next
SleepConditionVariableSRW
GetCurrentThreadId
CreateToolhelp32Snapshot
WakeAllConditionVariable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
OpenProcess
LoadLibraryExA
GetStdHandle
SetConsoleTitleA
SetConsoleTextAttribute
WriteProcessMemory
Process32First
QueryPerformanceCounter
GetSystemDirectoryA
CreateEventA
WaitForSingleObject
SetEvent
DeleteCriticalSection
FreeLibrary
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetTickCount
AcquireSRWLockExclusive

user32

DispatchMessageA
GetWindowRect
GetClipboardData
EmptyClipboard
CloseClipboard
GetSystemMetrics
OpenClipboard
SetClipboardData
ReleaseDC
SetCursorPos
IsIconic
SetForegroundWindow
ReleaseCapture
RegisterClassExA
SetProcessDPIAware
GetCursorPos
GetClientRect
SetWindowLongW
SetCursor
GetAsyncKeyState
MoveWindow
TranslateMessage
LoadIconA
PeekMessageA
PostQuitMessage
UpdateWindow
GetWindowThreadProcessId
IsWindowVisible
PostThreadMessageA
SetWindowsHookExA
FindWindowA
GetWindowLongW
AdjustWindowRectEx
GetKeyState
UnregisterClassA
DestroyWindow
GetDC
SetWindowPos
MonitorFromWindow
EnumDisplayMonitors
ScreenToClient
SetWindowTextW
WindowFromPoint
ShowWindow
GetCapture
SetWindowLongA
ClientToScreen
IsChild
TrackMouseEvent
GetMonitorInfoA
GetForegroundWindow
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
SetFocus
BringWindowToTop
SetCapture
LoadCursorA

gdi32

GetDeviceCaps
CreateSolidBrush

advapi32

CryptCreateHash
CryptReleaseContext
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptAcquireContextA

shell32

ShellExecuteA

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
_Strxfrm
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
_Xtime_get_ticks
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?id@?$numpunct@D@std@@2V0locale@2@A
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Random_device@std@@YAIXZ
_Query_perf_counter
_Thrd_detach
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?uncaught_exceptions@std@@YAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??Bid@locale@std@@QEAA_KXZ

imm32

ImmSetCompositionWindow
ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmAssociateContextEx

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
__current_exception_context
__current_exception
memmove
memchr
strrchr
_CxxThrowException
memset
memcpy
strchr
__std_exception_copy
__std_exception_destroy
__std_terminate
memcmp
strstr

api-ms-win-crt-heap-l1-1-0

calloc
_set_new_mode
malloc
realloc
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_beginthreadex
system
terminate
_errno
__sys_errlist
__sys_nerr
_configure_narrow_argv
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_initialize_onexit_table
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
exit

api-ms-win-crt-string-l1-1-0

isspace
isblank
strcspn
toupper
strpbrk
strspn
strcmp
_strdup
strncmp
strncpy
tolower
isalnum

api-ms-win-crt-stdio-l1-1-0

fclose
_read
_write
fseek
_lseeki64
fwrite
_fileno
_close
fputc
_open
__p__commode
_wfopen
__stdio_common_vsprintf
fread
feof
__stdio_common_vswprintf
__stdio_common_vsscanf
fputs
__stdio_common_vfprintf
_fseeki64
_popen
fopen
fgets
fflush
__acrt_iob_func
_pclose
ftell
_set_fmode

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

strtod
strtoll
strtoull
wcstombs
strtol
strtoul
atoi

api-ms-win-crt-time-l1-1-0

_localtime64
_time64
_gmtime64
strftime

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen
acosf
_dsign
ceilf
_fdsign
cosf
_ldsign
floorf
fmodf
sinf
sqrtf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

api-ms-win-crt-filesystem-l1-1-0

_access
_fstat64
_unlink
_stat64

ws2_32

getpeername
ioctlsocket
freeaddrinfo
getaddrinfo
WSACreateEvent
recv
listen
recvfrom
getsockname
connect
bind
accept
select
__WSAFDIsSet
socket
htonl
htons
gethostname
WSAEnumNetworkEvents
WSAIoctl
WSAEventSelect
WSAResetEvent
setsockopt
WSAWaitForMultipleEvents
closesocket
WSASetLastError
WSACloseEvent
WSAGetLastError
sendto
WSACleanup
WSAStartup
getsockopt
send
ntohs

wldap32

ord27
ord32
ord33
ord35
ord45
ord79
ord30
ord50
ord211
ord46
ord217
ord143
ord200
ord301
ord41
ord26
ord60
ord22

normaliz

IdnToAscii
IdnToUnicode

crypt32

CertCloseStore
CertOpenStore
CertFreeCertificateChain
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain

Sections

.text
Size: 935KB - Virtual size: 934KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 338KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

3ed832f60ef37befb7c2fab86ae680f0

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

kernel32

user32

gdi32

advapi32

shell32

msvcp140

imm32

d3dcompiler_47

dwmapi

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

ws2_32

wldap32

normaliz

crypt32

Sections

.text Size: 935KB - Virtual size: 934KB

.rdata Size: 338KB - Virtual size: 338KB

.data Size: 5KB - Virtual size: 9KB

.pdata Size: 43KB - Virtual size: 43KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 935KB - Virtual size: 934KB

.rdata
Size: 338KB - Virtual size: 338KB

.data
Size: 5KB - Virtual size: 9KB

.pdata
Size: 43KB - Virtual size: 43KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB