Overview

overview

6

Static

static

6

Impactor.exe

windows10-1703-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    Impactor_0.9.56.zip

  • Size

    18.5MB

  • MD5

    0bba628fa4372447b440fb94035ae51e

  • SHA1

    f5c820a58f1e2ef5aa5564729b00224414e402f4

  • SHA256

    3506f81c2783cd9b02d82ce0928f3b005d58a248cf15887d24590dced0617e18

  • SHA512

    087a9a46901d7090d20e9d2e811dedee5af1165d30e9ee5d750f144e70a0af9692f27e434e3328097992424f23d1f926c3e7e3edceee212b2c3241d00d03911d

  • SSDEEP

    393216:Up9na7NkOEESTzvnSmpFH3knVpZ77d0KQ2CozNZQKwa5KRgpgSJhzH:Aa7NkOEES/v/FUnl7RbNRN9gSJRH

Score
6/10

Malware Config

Signatures

  • Requests dangerous framework permissions 1 IoCs
  • Unsigned PE 5 IoCs

    Checks for missing Authenticode signature.

Files

  • Impactor_0.9.56.zip
    .zip
  • AdbWinApi.dll
    .dll windows:6 windows x86 arch:x86

    776334619bd19ec23e3a7a275473b5a7


    Headers

    Imports

    Exports

    Sections

  • AdbWinUsbApi.dll
    .dll windows:6 windows x86 arch:x86

    72b8c869f01047191838df5f58e88dd8


    Headers

    Imports

    Exports

    Sections

  • Impactor.dat
    .zip
  • busybox.armeabi
    .elf linux arm
  • busybox.x86
    .elf linux x86
  • extender.ipa
    .zip
  • Payload/Extender.app/AppIcon29x29.png
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/AppIcon40x40.png
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/AppIcon60x60.png
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/AppIcon76x76@2x~ipad.png
    .png
  • Payload/Extender.app/AppIcon76x76~ipad.png
    .png
  • Payload/Extender.app/AppIcon83.5x83.5@2x~ipad.png
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/Default-Landscape.png
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/Default-Portrait.png
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/Default.png
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/Extender
    .macho macos arch:arm64
  • Payload/Extender.app/Extender.dat
    .zip
  • zip3.txt
  • Payload/Extender.app/Extender.dylib
    .dylib macos arch:arm64
  • Payload/Extender.app/Extender.pem
  • Payload/Extender.app/Info.plist
    .xml
  • Payload/Extender.app/PlugIns/Extender.VPN.appex/Extender.VPN
    .macho macos arch:arm64
  • Payload/Extender.app/PlugIns/Extender.VPN.appex/Extender.VPN.dat
    .zip
  • zip3.txt
  • Payload/Extender.app/PlugIns/Extender.VPN.appex/Extender.VPN.dylib
    .dylib macos arch:arm64
  • Payload/Extender.app/PlugIns/Extender.VPN.appex/Extender.VPN.pem
  • Payload/Extender.app/PlugIns/Extender.VPN.appex/Info.plist
    .xml
  • Payload/Extender.app/PlugIns/Extender.VPN.appex/_CodeSignature/CodeResources
    .xml
  • Payload/Extender.app/_CodeSignature/CodeResources
    .xml
  • Payload/Extender.app/ar.lproj/Localizable.strings
  • Payload/Extender.app/changes.png
    .png
  • Payload/Extender.app/changes7.png
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/changes7s.png
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/de.lproj/Localizable.strings
  • Payload/Extender.app/el.lproj/Localizable.strings
  • Payload/Extender.app/en.lproj/Localizable.strings
  • Payload/Extender.app/es.lproj/Localizable.strings
  • Payload/Extender.app/fr.lproj/Localizable.strings
  • Payload/Extender.app/he.lproj/Localizable.strings
  • Payload/Extender.app/home.png
    .png
  • Payload/Extender.app/home7.png
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/home7s.png
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/iOS7-Default-Landscape.png
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/iOS7-Default-Portrait.png
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/install.png
    .png
  • Payload/Extender.app/install7.png
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/install7s.png
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/it.lproj/Localizable.strings
  • Payload/Extender.app/ja.lproj/Localizable.strings
  • Payload/Extender.app/ko.lproj/Localizable.strings
  • Payload/Extender.app/manage.png
    .png
  • Payload/Extender.app/manage7.png
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/manage7s.png
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/nl.lproj/Localizable.strings
  • Payload/Extender.app/pl.lproj/Localizable.strings
  • Payload/Extender.app/pt-PT.lproj/Localizable.strings
  • Payload/Extender.app/pt.lproj/Localizable.strings
  • Payload/Extender.app/ru.lproj/Localizable.strings
  • Payload/Extender.app/search.png
    .png
  • Payload/Extender.app/search7.png
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/search7s.png
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/[email protected]
    .png
  • Payload/Extender.app/sv.lproj/Localizable.strings
  • Payload/Extender.app/th.lproj/Localizable.strings
  • Payload/Extender.app/tr.lproj/Localizable.strings
  • Payload/Extender.app/unknown.png
    .png
  • Payload/Extender.app/vi.lproj/Localizable.strings
  • Payload/Extender.app/zh-Hans.lproj/Localizable.strings
  • Payload/Extender.app/zh-Hant.lproj/Localizable.strings
  • run.armeabi
    .elf linux arm
  • run.x86
    .elf linux x86
  • su.armeabi
    .elf linux arm
  • su.x86
    .elf linux x86
  • supersu.apk
    .apk android arch:arm arch:x86

    eu.chainfire.supersu

    .MainActivity


  • Impactor.dll
    .dll windows:4 windows x86 arch:x86

    f04a7de02865203390658bd45b48d122


    Headers

    Imports

    Exports

    Sections

  • Impactor.exe
    .exe windows:4 windows x86 arch:x86

    e09cbf76574fe075f2c44d09748c4195


    Headers

    Imports

    Sections

  • Impactor.pem
  • WinSparkle.dll
    .dll windows:5 windows x86 arch:x86

    4507e40cf23f097d52b0ef3f70b350b7


    Headers

    Imports

    Exports

    Sections