General

  • Target

    c6897ee5e6e0c63e0cf1866460859894664359d397f9d453546adf12c7794818

  • Size

    94.7MB

  • MD5

    b9b414f4e571e0c4f9da77661c1249ad

  • SHA1

    b01cb7b103fee5354a15726d5f88427fc93c9018

  • SHA256

    c6897ee5e6e0c63e0cf1866460859894664359d397f9d453546adf12c7794818

  • SHA512

    8861e3879418ceb6a689dc9cd7ec47616a8e36cf138f4f02bc4952bb92105e09273d7676bbf548351feef904a0f4ed9b86499f70cca611e4ae06377f9333910b

  • SSDEEP

    1572864:65IMON8lnLEZ6+pqWdAeC8NgZtzPUlAddpvapy4jnuMnmF7Fdh1kIC+qYlkVcsgk:UBLEg+pqWdSPtIIapyguMSJfOICIkusz

Malware Config

Signatures

  • Detects Echelon Stealer payload 1 IoCs
  • Echelon family
  • Themida packer 3 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Detects Pyinstaller 1 IoCs
  • Unsigned PE 6 IoCs

    Checks for missing Authenticode signature.

Files

  • c6897ee5e6e0c63e0cf1866460859894664359d397f9d453546adf12c7794818
    .rar
  • Bird.exe
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • Crystal.exe
    .exe windows:4 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • Install.exe
    .exe windows:5 windows x86 arch:x86

    d3a683e5c9bc8c05c0c2f946c056969b


    Headers

    Imports

    Exports

    Sections

  • Minecraft_v4.4.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • NewHacks.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Setup.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • Software patch v2.0.5.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • file3.exe
    .exe windows:5 windows x86 arch:x86

    4cfda23baf1e2e983ddfeca47a5c755a


    Headers

    Imports

    Sections

  • forcenitro2.4.1.exe
    .exe windows:5 windows x64 arch:x64

    bb2292057634957dfa559b6eef7b52d8


    Headers

    Imports

    Sections

  • forcenitro2.4.1.pyc
  • nitro_gen.exe
    .exe windows:4 windows x86 arch:x86

    d5d9d937853db8b666bd4b525813d7bd


    Headers

    Imports

    Sections