General

  • Target

    241108-b33b7svmcm_pw_infected.zip

  • Size

    14.8MB

  • MD5

    02a543e645436acb260918d441ded13a

  • SHA1

    601325df3bf004ceb36fdd7186ed6adde331c83b

  • SHA256

    75d167249768d3b15728389b25c65e97f6ad92610b26b7d65fe8e2db83c41e4d

  • SHA512

    f93390ca1e0d558d82a71204ae6853d9e55d0cda7670fc9b3e24e3f8a620d0fe942b863fd11bc8dedcc0e43937ddaee71c6c0cef94d8ad7a090c538efed9f855

  • SSDEEP

    393216:B8M2uCQmYGT/IdmgL1zWArD+sVnrzKdVnB:TCQmYGMf5hr6dVB

Malware Config

Extracted

Family

socelars

C2

http://www.iyiqian.com/

http://www.xxhufdc.top/

http://www.uefhkice.xyz/

http://www.fcektsy.top/

Extracted

Family

redline

Botnet

1.22

C2

95.211.185.27:42097

Signatures

  • Detect Fabookie payload 1 IoCs
  • Fabookie family
  • RedLine payload 1 IoCs
  • Redline family
  • SectopRAT payload 1 IoCs
  • Sectoprat family
  • Socelars family
  • Socelars payload 1 IoCs
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Unsigned PE 16 IoCs

    Checks for missing Authenticode signature.

Files

  • 241108-b33b7svmcm_pw_infected.zip
    .zip

    Password: infected

  • f75d6ee676e63208489f05cd8c82d44fdda74b5752963e3967071f2d2d080113
    .zip

    Password: infected

  • 1038157f6d8e0bc282524fefbc0825825ea32d47b23072bae22534c6c9803e3d
    .zip
  • 6c5db6dce13ded4e0e6c7e9a526b063e.exe
    .exe windows:5 windows x86 arch:x86

    aa21a6d00a5d2896042e00aa2e960393


    Code Sign

    Headers

    Imports

    Sections

  • DusBrowserInst.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • IDWCH2.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • Litever01.exe
    .exe windows:5 windows x86 arch:x86

    aa21a6d00a5d2896042e00aa2e960393


    Headers

    Imports

    Sections

  • NAN.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • anyname.exe
    .exe windows:5 windows x86 arch:x86

    c6135ffdfa8b888ab780237cbe8d7634


    Headers

    Imports

    Sections

  • app.exe
    .exe windows:5 windows x86 arch:x86

    aa21a6d00a5d2896042e00aa2e960393


    Headers

    Imports

    Sections

  • askinstall50.exe
    .exe windows:6 windows x86 arch:x86

    4f0608b5638c60342069764638589dcf


    Headers

    Imports

    Sections

  • farlab_setup.exe
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

  • inst002.exe
    .exe windows:5 windows x86 arch:x86

    b900dc5ab09e702140c5c289f35fb91f


    Headers

    Imports

    Sections

  • jamesnew.exe
    .exe windows:5 windows x86 arch:x86

    eb97e4fc5518ac300a92a11673825e0b


    Headers

    Imports

    Sections

  • justdezine.exe
    .exe windows:5 windows x86 arch:x86

    aa21a6d00a5d2896042e00aa2e960393


    Headers

    Imports

    Sections

  • md3_3kvm.exe
    .exe windows:5 windows x86 arch:x86

    09d0478591d4f788cb3e5ea416c25237


    Headers

    Imports

    Sections

  • mixseven.exe
    .exe windows:5 windows x86 arch:x86

    aa21a6d00a5d2896042e00aa2e960393


    Headers

    Imports

    Sections

  • redcloud.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • udptest.exe
    .exe windows:5 windows x86 arch:x86

    aa21a6d00a5d2896042e00aa2e960393


    Headers

    Imports

    Sections

  • vguuu.exe
    .exe windows:6 windows x64 arch:x64

    0e0b1327b851d652046461e0a8be7593


    Headers

    Imports

    Sections