General
-
Target
BlackBullet2.5.1.7z
-
Size
31.0MB
-
Sample
241026-z546kszflq
-
MD5
d45deae0b8f65d68f197fc989d2c7b5b
-
SHA1
f3bc5e33990a3536a105019c59715988671caf5c
-
SHA256
30263649fa9032042bd4f1828fd41e6dc096be790c60c886741b4ae0fb86bd22
-
SHA512
2fe2efa862434701a478774071034b40652d53445ecd33d33b8c1fc229b8e0c86cce8ac94858d5db8c96fd51974d2d5fc6769e8cba7c665223eef38346b36afe
-
SSDEEP
786432:RqpSnNVdchlA4UoMeTsblVWmX05cNkPEhgLHLapDYWq:FnNbulUoMeY8Z5pLapDYWq
Malware Config
Targets
-
-
Target
BlackBullet2.exe
-
Size
6.6MB
-
MD5
65b716d641a1a0f1d4652d4201bde84e
-
SHA1
39b49bb45ad3204daf92fa9d5545a2e8a5f083d9
-
SHA256
934d3d466a25472f639188ea088a2c01198bdcbe418841cfa65b85cf97f100d5
-
SHA512
95f37ba7612650b331802cf7a14dfcc544f7d18d479067e156652fd428ce72fe6cdfd41f22dd5a8c81828e182156b34f85f15f31bb587b18633a9ae97bfb75e7
-
SSDEEP
98304:uhRqWnKpGc6sz3vNJzQLJco5h7D4TEBRmwf76t:cApGc6ojz6TDEaV+t
Score10/10-
Detect ZGRat V2
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Zgrat family
-
Loads dropped DLL
-
-
-
Target
Data/BB2.exe
-
Size
247KB
-
MD5
0f71306382369d8d08598bee5403bcb5
-
SHA1
b4530c2d598c9d48d18e53cb26b87a07ab4108a1
-
SHA256
dc0f37fdd2414feba7fc57d18fe8407cb4d891e139a462f75758ef97f61694cd
-
SHA512
07644af616316c155ae20220aafe83d2a6b911d73f9af7bd3a3ffbe8a4517d0cb5c41bbbca32d5d0e0772ad54bdeed44705e1c903af450724dccfb4e2f3e7fc5
-
SSDEEP
1536:f7f9h0UPJP/CpICdikMLMLv5PFNg1qrX+VIOlnToIfPgIxYnPf8O9:TliUPXC8k1nJrX+fNTBf7i9
Score10/10-
Detect ZGRat V2
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Zgrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
-
-
Target
Data/BlackBullet2.exe
-
Size
6.6MB
-
MD5
65b716d641a1a0f1d4652d4201bde84e
-
SHA1
39b49bb45ad3204daf92fa9d5545a2e8a5f083d9
-
SHA256
934d3d466a25472f639188ea088a2c01198bdcbe418841cfa65b85cf97f100d5
-
SHA512
95f37ba7612650b331802cf7a14dfcc544f7d18d479067e156652fd428ce72fe6cdfd41f22dd5a8c81828e182156b34f85f15f31bb587b18633a9ae97bfb75e7
-
SSDEEP
98304:uhRqWnKpGc6sz3vNJzQLJco5h7D4TEBRmwf76t:cApGc6ojz6TDEaV+t
Score10/10-
Detect ZGRat V2
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Zgrat family
-
Loads dropped DLL
-
-
-
Target
Data/Documentation/OLD USER GUIDE (1.1.5).pdf
-
Size
521KB
-
MD5
cc99b10d3e676e70bb31423c2df1798b
-
SHA1
0d151451d16631e1deb684287da54aab88e85560
-
SHA256
1fc2c2afcd18d7510ee4e65bf9b0180826dabab613cba1dbb798348a88d47f5d
-
SHA512
9211537b31aa3c000060d82b524b2c3589d4cd5468a3b3bcb084743ac1e24761ef1edc0a136c5962668bf657973b136e2d222d9ae387efa3b4751b040b1dbda8
-
SSDEEP
12288:hov8MKgQBXDijBCPbIzXVl9UoxojPqiGGoynTJ9A2nQ:hov8MKCjcPbILP9Uoxoj7IyXAX
Score3/10 -
-
-
Target
Data/Documentation/SELENIUM CONFIGS HANDBOOK.pdf
-
Size
167KB
-
MD5
4be53fa513da244f73f53d4304a24ca4
-
SHA1
5097d76833fb29fdf1bdd0eaddd37692b98928d1
-
SHA256
50b2c26d365832ae317e15cffdda06febb0b3a7077fbcebbf1fa96c5beff4965
-
SHA512
34e20adc33fefaf5bfbcd477eccc0db65e8487822a1c4f0bb2de68bdc8dfe6632a542b524de0bacc71a1b2564efcefcc548b1ceb69e491438f553e1347988829
-
SSDEEP
3072:2bC9ASTWakWCy0d07BCRBCdP85v/IHsNxgtFM5MSUT+r3NK+YemCMqZMkWQ1w:EmASRkWZa8+v/IHsjIu6SUirdK+aqGkc
Score3/10 -
-
-
Target
Data/DotNetZip.dll
-
Size
447KB
-
MD5
087f511d832b839f1f4c7285d65c7ec7
-
SHA1
4af23240d46bc8335df815ce8618d2aac11b65c1
-
SHA256
7dd20a2291b05323bba04be4ae656d7635ae5e68a5a6fa2b9f86e27841846a31
-
SHA512
51c2e911bc5804f420d8ab67b9ff13918528a30a47228457e149d247fe360a9d51ff91416099d6f3d5da91d594e7b76e9c64e5ce645ed79c1f60d75f5f123f36
-
SSDEEP
6144:ZRYYIiJaeEWfTXQyu8+yi4ZiwAEsFdnQ6uw2lQc2RGtSV41OJDsTDDr1LUe6GNxo:ZF9agBr6ilLS4msT1oe6kf+
Score1/10 -
-
-
Target
Data/bin/AngleSharp.dll
-
Size
1.2MB
-
MD5
ec22828da8a4053f8b4b23fcb5b3fde0
-
SHA1
eb04f6f3727e88f9742fea9022216d96d4c78cad
-
SHA256
7bbf3c452caaf914ccc56a45e6c3bdb21b4b5bf8a4c2c2633a6ec46c97ea885f
-
SHA512
82bfb08305a286719b555007aad46867e2fdecb64ac0dedf74e89dc9607626c83d5cb91fa34f2c312c85ab4b4cf4dff66834d38a9bb1ef72f15b5fe712c840a2
-
SSDEEP
12288:C4uqz0ko3MMQkxy4cSlOgJCsJ9gLsWv56SdF5qzjLsXURUy58LU:C4uq4mmxbXOgXhWvcckqBI
Score1/10 -
-
-
Target
Data/bin/AntiCaptchaLibrary.dll
-
Size
35KB
-
MD5
7f1f5e8f97c0e8d6a6c110d7e992d3e7
-
SHA1
c02864f9a6b1947885b9fd0641231fe07976b7e1
-
SHA256
1a3ef40cfce664828534e83188b1054f4e8a3befdfbe9391e402b4c96181c784
-
SHA512
2758b1db468c3371e6c61bec903f002bfe287af5d5c6bfd8062def1e5db494d4cfc7e2b2c93688a105d5cfdf28a03f65a38be093038d27890e589534b5c025a1
-
SSDEEP
384:Yo/nZrCjK27VjnH/r+BZS5UURjRt4vtyqnMqr8DsJ95LhNBveU1ObhzFxOu2:PZrCjlrH/FUvtyqmDshNwU1Obhy5
Score1/10 -
-
-
Target
Data/bin/DeCaptcherLibrary.dll
-
Size
12KB
-
MD5
df02db790400b829b51f831e5ed451b4
-
SHA1
c88ece5d07cc95649464dace9cda332d19d8c174
-
SHA256
e0f83dac5ade8fc434a69dffe75e90267749efeeffdee80033bba6babf03d2e3
-
SHA512
3a31ea4e12cfd9fa69b49d13b9b6d3433c889267c5987b47f59c272b5cd7d2cf613861641a864e88b7a38acf863d176d09c74dd58d6382794e7e2da58df86a45
-
SSDEEP
192:aPYPZX1GCgtJpe2ZD7EHbWtRl0pKXtxGkZwv1I287ehq:QQ1G/tKyD+bKRl7XtD4+77ec
Score1/10 -
-
-
Target
Data/bin/DeathByCaptcha.dll
-
Size
26KB
-
MD5
3495203999b4a2c1a91a6c2e7903e0db
-
SHA1
49a5e2e9a7f0335eb6c428e509b374358083a63a
-
SHA256
fdd3c336e835f01fa052cf23c1b5a8070d510ffa3c8ee12187c1ea46a08287d1
-
SHA512
15c81b522e6913d03fbf1fbf8879f3387a3d26cd844b93f8a3ba52dfafcaf51bd642d10478697d0f4d46b81bde25488687295c052c0cc3084587d27fa217f303
-
SSDEEP
768:2xaLahFQbdto5IQtRFz4coUhNWYaGPgLV++4aa78Wj0VRTc:2xaLCFQ0lz4co0N4LLVSZ78xRY
Score1/10 -
-
-
Target
Data/bin/Extreme.Net.dll
-
Size
108KB
-
MD5
36da665396a78b0d47fb3744503c92da
-
SHA1
e7e75d1344a298ff830edd350a7b5e1ec97c4862
-
SHA256
5ab95c5660476bf562509859cae8fac1c8509bc6410076c57b4641b4e9b48b00
-
SHA512
074346db1eab9a1981a866ba9e909a38aac689424c655ee5a40a43f1978bf39bf2edba967d41a6beb2f878bbf182575da9444d18988f93f459f1ffd1906c4be4
-
SSDEEP
3072:D6IHdHxH9qABqjGgXMUYonzdfXv80YH1B6GjNXqMG4ih3lbpU:DH9RdrOXb
Score1/10 -
-
-
Target
Data/bin/ICSharpCode.AvalonEdit.dll
-
Size
612KB
-
MD5
b4d5d46e50006e87b30e7d514e95173c
-
SHA1
bd3ba298eb7e4cdbfdf29e3992be7d32a4e792eb
-
SHA256
058f38f33f3f99f904ab9588447a234346c859718404b4e8a523673ed19cdbe7
-
SHA512
38ff7cada6cfa56af812a1d859aac4fb8b94df50454a9fecc55e4fdb159339f6ba885d0b57fe8c522227dd9280cda0ca21c6a073b6552923fa33f6e77d8f3bc5
-
SSDEEP
6144:Oo7n6u1n5vp9yRUmqtM0yRrl0pjoeUy8b01vKbZ/gAGl0gUEdYC:OoLDnwmW0yRr88bwKKdf
Score1/10 -
-
-
Target
Data/bin/ImageTypers.dll
-
Size
12KB
-
MD5
073692a3d622aeb6e479bb7860303672
-
SHA1
9ed416f417c69ad59e597fbd0c2520bd2265dc7d
-
SHA256
e4916cd8b7e60bc83a0bb38a4c1a45ece2a4c814a5bd6f73c3b8888b68c46a6a
-
SHA512
16da7be6858210ca0df2f4142a1aaf0e7b6c9b29735bf99ca6642789fcdd9bea228f07cb50af80689963e66ce152e6f55d1d64ca84ee892eaeb201540ab11fe9
-
SSDEEP
192:y8drzLklvkfk1ezqAmAXPDgpyItaRV9CPm8hgFgmlxk90oXZ+PVZCRVNFWt:yCrzLkhkfkwzqAmAXPSyItaRV9CPJCFT
Score1/10 -
-
-
Target
Data/bin/IronPython.Modules.dll
-
Size
726KB
-
MD5
621192db357916f2261989a49fa2c6bd
-
SHA1
c32bc90cdd7d8261ac4702fdf30d0e30cc1d80b8
-
SHA256
87525121d7826dcfc76963ab8bd7996b9644bf4f148d1296757eb702a43da51f
-
SHA512
a7985ae16c4a4e931daddaa93b4cf4c4cad89c961261afd14765366a2ae46e5cf62ab153bf8dc6a20626c570a1eca8083dc4b68cfd72741619fd5f41143f1ef2
-
SSDEEP
12288:S9FB+o9rBYvjexGLpDgy1+8pIe6K3OLdIfehae5mq+GDN8:cBYvvI/OJmXN8
Score1/10 -
-
-
Target
Data/bin/IronPython.SQLite.dll
-
Size
621KB
-
MD5
b7efbf654402c78226b8d69ad0011bbb
-
SHA1
52cc6c9a2a40339ec840cc599240f405e425da14
-
SHA256
5a6e2eda86e863e155f67cebef095355b7ea7b1dcd97d87e4058f0a5ac60d798
-
SHA512
496396a301eebc6504dbc57842920649d12dc239c47f81a06079aa8b18ff506545614be5a6f92334c4279eb99b57682cc8033fd99edaf28f041db619993be575
-
SSDEEP
12288:KmVPzrnoxe8/53HzsWzjF//HfKNhcPMeulFC05G:KmVPz4eq3wWHRPfKoclFV
Score1/10 -
-
-
Target
Data/bin/IronPython.Wpf.dll
-
Size
7KB
-
MD5
f1e1a1058a95c27cc453f8559e4ab3ed
-
SHA1
be9b16843dc5fa44e933eb89c06611525eb35d9d
-
SHA256
4061499b5e66c9309352a660a457ac95c8fa98229a8bbccc648deb85f5ff7cc7
-
SHA512
839aff22b659498f3ce9782048aff2dc328e7523994539478a1e0074cab955555b6787a0dc9d89c4501a461305ae455abb89d65b7822a63d1f9611346aebfb1d
-
SSDEEP
96:SCE/DsInFiClHAua+5oGob8E1P5H2zhAdyHY4r0HKsDlgXZi3dxttrp7RnjY:SCErsIF/lHnb5joZ4zhAdyHIeXc5/Rj
Score1/10 -