Overview

overview

8

Static

static

5

zapret-winws/1.cmd

windows7-x64

5

zapret-winws/1.cmd

windows10-2004-x64

5

zapret-winws/2.cmd

windows7-x64

5

zapret-winws/2.cmd

windows10-2004-x64

5

zapret-win...rt.dll

windows7-x64

1

zapret-win...rt.dll

windows10-2004-x64

1

zapret-win...64.sys

windows10-2004-x64

1

zapret-winws/all.cmd

windows7-x64

5

zapret-winws/all.cmd

windows10-2004-x64

5

zapret-win...n1.dll

windows7-x64

5

zapret-win...n1.dll

windows10-2004-x64

5

zapret-win...or.vbs

windows7-x64

1

zapret-win...or.vbs

windows10-2004-x64

1

zapret-win...st.cmd

windows7-x64

5

zapret-win...st.cmd

windows10-2004-x64

5

zapret-win...te.cmd

windows7-x64

8

zapret-win...te.cmd

windows10-2004-x64

8

zapret-win...el.cmd

windows7-x64

8

zapret-win...el.cmd

windows10-2004-x64

8

zapret-win...rt.cmd

windows7-x64

4

zapret-win...rt.cmd

windows10-2004-x64

4

zapret-win...op.cmd

windows7-x64

1

zapret-win...op.cmd

windows10-2004-x64

1

zapret-win...te.cmd

windows7-x64

1

zapret-win...te.cmd

windows10-2004-x64

1

zapret-win...ve.cmd

windows7-x64

1

zapret-win...ve.cmd

windows10-2004-x64

1

zapret-win...rt.cmd

windows7-x64

1

zapret-win...rt.cmd

windows10-2004-x64

1

zapret-win...op.cmd

windows7-x64

1

zapret-win...op.cmd

windows10-2004-x64

1

zapret-win...ws.exe

windows7-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    129858d6b84c33ddb57b913f236d6e3e4e282233b2724cfc35b381788cc1eba2

  • Size

    1.1MB

  • Sample

    241009-sf8n5ssbkb

  • MD5

    798e9551723984de583c4cdfe5a23de0

  • SHA1

    f613c9afa3200a8da364d135b58c679e5a82f1d9

  • SHA256

    129858d6b84c33ddb57b913f236d6e3e4e282233b2724cfc35b381788cc1eba2

  • SHA512

    235581b177b34ea873624b04fd4ace725dd1577dbe96ccec0adda9b3c3b89291b596fd3f9cc6b9355650b27a15a0aa59cbda29d873dda92ebb55f395922ba4ae

  • SSDEEP

    24576:gHnjKp3YMe+HMQFmgP1UULAuURg++evub3ZvlZyMBdY/V5p3i:gDKpde+sqmiA5Ftvub3Zvloz/Vf3i

Score
8/10
evasionexecutionpersistenceupx

Malware Config

Targets

    • Target

      zapret-winws/1.cmd

    • Size

      148B

    • MD5

      b5ec55dd0d83a7822d1262078f2c1a55

    • SHA1

      d53a59d2722f617f4a18625d3600f8befa66104c

    • SHA256

      dcfefd4ce292e764604f461c00b0db5b1aed5f994823ef25fd5faa8663b6970f

    • SHA512

      4a24bfc6349bdaf5ffbc95f007dd899480b517cced8a129192f8cd8d83b1373348bd27d0384beb7b46cf245dfc150c043d894c457ed6b1fafdf9d19849e96708

    Score
    5/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      zapret-winws/2.cmd

    • Size

      704B

    • MD5

      5c26d17967b7a5f9418381036b186250

    • SHA1

      59e699e912a4eddb333a8620b2899d7deeb16abd

    • SHA256

      75331e1c64004866ba5634b58d4a237dd9bf50516ccd2d99071bee4704a4d3a9

    • SHA512

      461232ff76a1c4661b449b43a817165b7e142088c9f367fa4512f32b8542097621d0e82018935033f9bed90ab5269cff9d40f90a45aae16a1e648c6fbf487c4f

    Score
    5/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      zapret-winws/WinDivert.dll

    • Size

      46KB

    • MD5

      b2014d33ee645112d5dc16fe9d9fcbff

    • SHA1

      aa69498562d350f2de06954b133e59fac1e57002

    • SHA256

      c1e060ee19444a259b2162f8af0f3fe8c4428a1c6f694dce20de194ac8d7d9a2

    • SHA512

      37014a018b9cd91b2eaeeccc7c5af3838fcae4d4fe6bb50c7ae32cd5c99423965a3e3efb29499324f6885b8f0c2ee2952cb75ab73db4e8960811abcb46801f15

    • SSDEEP

      768:Qjf2rf/kxpxI+JEw2VWHDDjQSQX4zTtllgwBqWocwTicI:YuT/CXHDvVQatonTic

    Score
    1/10
    behavioral5behavioral6

    • Target

      zapret-winws/WinDivert64.sys

    • Size

      91KB

    • MD5

      89ed5be7ea83c01d0de33d3519944aa5

    • SHA1

      4c9b9c74529399abacc2284de1dead5f2332ee9b

    • SHA256

      8da085332782708d8767bcace5327a6ec7283c17cfb85e40b03cd2323a90ddc2

    • SHA512

      be6530fa0e26441441028b530cd6fc4f900448916e137f92613a1f886c16399d415ddd17f7f8847258cc19c63b1510f2f3068942203c50486e48eed838f9f138

    • SSDEEP

      1536:AsmCCzg4Klt7jh//NiRMwoGK0tmdsAXixJz48dJ/zuXR:Atzilt/iR5ojGmdsAXoz4k/8R

    Score
    1/10
    behavioral7

    • Target

      zapret-winws/all.cmd

    • Size

      664B

    • MD5

      10ef318b18f1976e3d3b6f9a3b1879bf

    • SHA1

      50afa980ceb0b66be5d4a86ce2f7f9a942c0084a

    • SHA256

      22919cc412fb8a9778a9152b2323504535a686d94d8a78c8fd17c9917b57f321

    • SHA512

      fd2b0c85ae995cb03af2a79634ab0ba20295f8565e2d7db713e24921c7dcfecf0bb35db570b532a89288c61cc9c58075de541d352c05471009434232694ae338

    Score
    5/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral8behavioral9

    • Target

      zapret-winws/cygwin1.dll

    • Size

      998KB

    • MD5

      c50b50303fae4afe7248307339a00d13

    • SHA1

      1b4a3f7666172809bd0d88f793ee855bd4b92938

    • SHA256

      712c39a069541afa69cfcbe01b422bd67b4201eee7e94cc1327d4ed8b4fa2167

    • SHA512

      123d06a0a5f891851e372881860b9d7fb8c453dcdbbca5970b9b2bf205f08f0a724595c6892f4afbbb4f85292a886dddffbf0d36dfe18d4b6eea7a5d12451762

    • SSDEEP

      24576:YbYJZPZf7KMuiA7Q4lsXBmStxacrFhG+wTGiPoy1u7MHltI:YAZfmM/A7Uk6xhpmGkoy1u7MH0

    Score
    5/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral10behavioral11

    • Target

      zapret-winws/elevator.vbs

    • Size

      338B

    • MD5

      a0771738725f59e58c1827f393b28bd3

    • SHA1

      120c4777e4d3f0c2e2bacf51924dc1c0f4cc5fcc

    • SHA256

      510eb28ef36bcab2e83d57ff5e3a5fda79303ec9aa2442b39fe9a8790b0c138c

    • SHA512

      a9500508e06ed0720598d5fc0de78ec054e925ff8ab6015bcfc8317da70ed6b8843055c8d7f6c9c992ce03e54e4298c88cb54d912a67ab04ee106b90d7f30392

    Score
    1/10
    behavioral12behavioral13

    • Target

      zapret-winws/preset_russia_autohostlist.cmd

    • Size

      784B

    • MD5

      260c8b9613747ad616a4e9955df3002e

    • SHA1

      edd50faffc52ca876fbcf38b423a340237ad98d4

    • SHA256

      802dd99d42533800204573913b40d1a9c113da8175db0c37bea4bea38ae1473d

    • SHA512

      9e8dfe100a474e6df9b8cd269c4fafa4b9aaeae28aff0f466a8ed4e1f4fad8501551b83301d2004f74fa578c82051e0bdaa1e8e6170c173545e377e587fd93bb

    Score
    5/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral14behavioral15

    • Target

      zapret-winws/service_create.cmd

    • Size

      439B

    • MD5

      9ad68202b56eda9a58dd27ca81837453

    • SHA1

      4257694d7a5ae28ef13051588ad500dab8468877

    • SHA256

      cd8dd82e233cf00a738f4fb8756df529813279018d11453e9c0f0f7556cdd054

    • SHA512

      ea1f44cfd23ee3ce50defdc3c05116d109a7af1ff6a2f63f74970d199e451bda018bee7b5bff1904d30f7b7fa2ec832f2770c002a14e8f15f8606f76f0f4a74d

    Score
    8/10
    evasionexecutionpersistenceupx
    behavioral16behavioral17

    • Target

      zapret-winws/service_del.cmd

    • Size

      95B

    • MD5

      b3d359f405ae243691eb88bab81b420d

    • SHA1

      863f1367cc66fbd460baa4cda424ab8217b8df06

    • SHA256

      731955a4e6dec99139bcde6ac6f6815bf8c13c3b9e9a951021a17dd64aa4163e

    • SHA512

      c410fecaaadb78536cc5324cbe7c76dc33a4bea9035ce88d8acf4fc546658e9e97037e820bcad02f1904ad5531c260e93751e4f0653abf3ca7a88720c71b3a69

    Score
    8/10
    evasionexecution
    behavioral18behavioral19

    • Target

      zapret-winws/service_start.cmd

    • Size

      38B

    • MD5

      d1c3c45da175b318fe11bdd65ec96913

    • SHA1

      00da2e971dd2cc034b56355e5e0c6d210044bb44

    • SHA256

      f396eb4c1c1c2801f294bdfd4e19c89d6b7ed7b0c5512aebd89d965a3fe46c8a

    • SHA512

      96cfc9839bb5d1a4b7939556e8a9cee1f1ad9b39413d8f7ee88e0c36fa1de8ac4e74d25bb60bb079254ef5802e8ffa34f5a49463f68da19d692f52e8d511b799

    Score
    4/10
    behavioral20behavioral21

    • Target

      zapret-winws/service_stop.cmd

    • Size

      38B

    • MD5

      5533593bf6aae9330b67e0ae8c68b3f4

    • SHA1

      39d7c7a6f6e64486a36de804175a381372406aad

    • SHA256

      1d5dd1ef31643bc269bbfa3886ceb45acde1612840c3501535b09e6240b8c7d5

    • SHA512

      a33eea7e551b05650d84ce012955be04d0c998cf6abd7de182a296c279080c2fd8c87690e9ddd4e16728e3fa4827a039baa0aa4c0316d052a868ef9cf4903cd2

    Score
    1/10
    behavioral22behavioral23

    • Target

      zapret-winws/task_create.cmd

    • Size

      364B

    • MD5

      eb3d95ff89d498f84bf232ec4eb582dc

    • SHA1

      79b73e5e546b3b11f412108229d9f0b9f428b9ee

    • SHA256

      181f4f14327a92b3fe2fa40cb360a31b27520fd57aba7a7481d7c2210b0ee3eb

    • SHA512

      cf8fd1e2966847e26c92525a8a895ffd8b21e3af222c7ae279fffe36d073be505d83bdcd926e213274858317b00a21921f854d9a0bb4680f3b4d634b3b69ca07

    Score
    1/10
    behavioral24behavioral25

    • Target

      zapret-winws/task_remove.cmd

    • Size

      124B

    • MD5

      23c2e95aac5e3bc4390327a97af1afc4

    • SHA1

      e37dfa4a0c7ae50db2f787f38fa45384d388a028

    • SHA256

      26ccde6d01eb826f4cc5371925ecf771698f015ac9e905c4659acaff6fde6928

    • SHA512

      93e56f786421724c229bde84b3b46a059d06a99d934ea4250167c0d7cc2a0c9d0e0422cd7fd39131eb17a2229bd3becea88379756d4752a4931e5c671779753e

    Score
    1/10
    behavioral26behavioral27

    • Target

      zapret-winws/task_start.cmd

    • Size

      56B

    • MD5

      bd5e60dc6bcbbf7172bfae77eba9c79c

    • SHA1

      7c675e520ef04653a1890a8074b1b19745d44757

    • SHA256

      62191a8a552eafdaab7aeecc7bb4d6a39edd311ac3d1de513414980c5cc7619a

    • SHA512

      15fa1c284c9d1c87b61b2aaa2149a7e1ee314b5512a319ce3e605054ca36d8fbd0c57868eb5206568ecc9309229682c6ab905c9be1678d2e079a800dc0f31f33

    Score
    1/10
    behavioral28behavioral29

    • Target

      zapret-winws/task_stop.cmd

    • Size

      56B

    • MD5

      c943869c5f5ada3a54dcbdbab5534f0d

    • SHA1

      7da129bb7eab9d9616adf59107b456f90d50e59c

    • SHA256

      b1af7bd278739a9c461465a9022f90a4af14ab307edc17d7c02e52a22fffa6a7

    • SHA512

      7bc0bbd32575bfb60e7d6ad9481c6d99435f1470a774bd713cd33b53476ed115b1d50fda31d970423408a7d46438f7fba65b1804de325e1b67a1dfa402502332

    Score
    1/10
    behavioral30behavioral31

    • Target

      zapret-winws/winws.exe

    • Size

      234KB

    • MD5

      8c624e64742bc19447d52f61edec52db

    • SHA1

      1e700e2dd61b5d566a651433dc86bd95a6d54449

    • SHA256

      13fd7a9c6f7c98239a61a212f69211a0f19159b2e8cdae8b1efc57d35cdcd5ad

    • SHA512

      f676f7aa863fd13494186d4be597c19e49dc8245f6a98a2e9e2f1d09aa9e4cbf7a87c552e49359347b24b46cd1eddfb6edcfcbd6f4ff4d24888831ff182c952a

    • SSDEEP

      3072:v8eKEoQ4poZkFUIIggeAtqCijmtvzb20QTE7Eh2mS89QB+5Us6V:vtp5GoZ7+VAtqw7S0R7E9Ou8V

    Score
    5/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
5/10

behavioral1

upx
Score
5/10

behavioral2

upx
Score
5/10

behavioral3

upx
Score
5/10

behavioral4

upx
Score
5/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

upx
Score
5/10

behavioral9

upx
Score
5/10

behavioral10

upx
Score
5/10

behavioral11

upx
Score
5/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

upx
Score
5/10

behavioral15

upx
Score
5/10

behavioral16

evasionexecutionpersistenceupx
Score
8/10

behavioral17

evasionexecutionpersistenceupx
Score
8/10

behavioral18

evasionexecution
Score
8/10

behavioral19

evasionexecution
Score
8/10

behavioral20

Score
4/10

behavioral21

Score
4/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

upx
Score
5/10