Overview

overview

10

Static

static

5

17-10-2024...QW.exe

windows7-x64

17-10-2024...QW.exe

windows10-2004-x64

17-10-2024...er.exe

windows7-x64

7

17-10-2024...er.exe

windows10-2004-x64

7

17-10-2024...ys.exe

windows7-x64

9

17-10-2024...ys.exe

windows10-2004-x64

9

17-10-2024...er.exe

windows7-x64

3

17-10-2024...er.exe

windows10-2004-x64

3

17-10-2024...er.exe

windows7-x64

3

17-10-2024...er.exe

windows10-2004-x64

3

17-10-2024...re.exe

windows7-x64

10

17-10-2024...re.exe

windows10-2004-x64

10

17-10-2024...ix.exe

windows7-x64

1

17-10-2024...ix.exe

windows10-2004-x64

3

17-10-2024...nt.exe

windows7-x64

10

17-10-2024...nt.exe

windows10-2004-x64

10

17-10-2024...re.exe

windows7-x64

5

17-10-2024...re.exe

windows10-2004-x64

5

17-10-2024...NG.dll

windows7-x64

3

17-10-2024...NG.dll

windows10-2004-x64

3

17-10-2024...op.exe

windows7-x64

7

17-10-2024...op.exe

windows10-2004-x64

7

17-10-2024...er.exe

windows7-x64

7

17-10-2024...er.exe

windows10-2004-x64

7

17-10-2024...an.exe

windows7-x64

3

17-10-2024...an.exe

windows10-2004-x64

3

17-10-2024...ie.exe

windows7-x64

5

17-10-2024...ie.exe

windows10-2004-x64

5

17-10-2024...oe.exe

windows7-x64

7

17-10-2024...oe.exe

windows10-2004-x64

7

17-10-2024...ge.exe

windows7-x64

6

17-10-2024...ge.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17-10-2024__20.rar

  • Size

    7.5MB

  • Sample

    241116-2hf7cayrhp

  • MD5

    af0a5688054ac46c39bcb08893fd3271

  • SHA1

    9449d03e29e513b574e0c2c1ce6d7614269fd618

  • SHA256

    2e402d9779e3b3399479a69016a0912d2b5f705f33c2aa98dd2c819ac0829e28

  • SHA512

    3f94010b119c4175e5853c9d72f247affdc06cccc5760ae762ae7c4ade22b28d6d5bac8c50e52345bf3eb698d94363d664b1ef4fba628527ca9eaa0f910a570d

  • SSDEEP

    196608:cihJZXvjXIzcOjPPzt3o9XQwbpJA7gqQFA:BJFvbIzcuPPz2WYLa

Score
10/10
mydoomdiscoveryevasionpersistenceprivilege_escalationupxworm

Malware Config

Targets

    • Target

      17-10-2024 #20/AQW.exe

    • Size

      340KB

    • MD5

      043a8a47c624f21ab77920c5804c9ec0

    • SHA1

      a5e382f2d6bf0d0ed87467423f0982875cfe6dad

    • SHA256

      9d6f95d020fb7a0c4505db9c02b1f6c24730f62c9b509b23755b2cc832f2f452

    • SHA512

      96ef4d6f32832e256563fbcf88249512f4d8d3af694df2b56b4a0484d87061f4c02db98e96732d6205db137e60b46a65928ddfd760fb2f524ee48ff16adef412

    • SSDEEP

      6144:zJFzjKA8e+966JhHQpCV9oSHz2wYlJhib2CbAy+jUbJjsFRWmf4y:zJFKZJJQpCrB2wYnhibzAR5j

    Score
    1/10
    behavioral1behavioral2

    • Target

      17-10-2024 #20/Adobe Reader.exe

    • Size

      40KB

    • MD5

      417abe62696fb26013631a4ceccd4cf0

    • SHA1

      2c2428dcf3b8a3385176322458914b466246a0ed

    • SHA256

      abfe2cb54b9576e0ecf67ade15b1ced533e8abc1d930098e62c1e09dbe8f96f3

    • SHA512

      d9e6b5b21273bd2fb206b8f23bb65c3cc529df91c1f7b40560e0afd685bfdef5f4d0af6c9765d2bb191a9b9d79391fe1592749e09896f901b83fd12ee2267007

    • SSDEEP

      768:qTVbxjgQNQXtckstOOtEvwDpjAaD3TUogs/VXpAPWRiw:qTJu9cvMOtEvwDpjppVXzRx

    Score
    7/10
    discoveryupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      17-10-2024 #20/Barys.exe

    • Size

      88KB

    • MD5

      445eb194754c27879a63d35759596e10

    • SHA1

      ef51ac6434866bbd9f9b3fa41fbf226809526f13

    • SHA256

      a361730e2bff765a6bc2e2c6710678656ea3572c8b9cb1f9eabbc61533fb66b0

    • SHA512

      24e8a785343b3f3cd8c2de41815933411037583c5560d683e81562eca947279dda29f57d439faf0eca9b716e6c744796e92954ab3ee0e7aae110e71da16b1dd5

    • SSDEEP

      768:K6DRUfhSsK5bCUK4gnPuoQlWNIK9tSsXB64cdrtA+ygQ7n+DV7xZxIjVK:5DGY5bfKBPBGWUsE4QrtFQyp6

    Score
    9/10
    discoveryevasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral5behavioral6

    • Target

      17-10-2024 #20/Butcher Crypter.exe

    • Size

      300KB

    • MD5

      43482d098e195b656e54977dce80b5f0

    • SHA1

      11e3b1480b1d28585d41a8977b40aab6edc15e33

    • SHA256

      ddaef6b4bb022511ab3aee39fedd3d8281398492ff302043f3a26695926a167b

    • SHA512

      10443b57b097513fa11e3f4a454caf5e33e79308e21dba02af06671f45bbcce0e4f459d6db4f7a67882294505fce950275c146a6973aea1f2990e774c65941c8

    • SSDEEP

      3072:gjobicvNyopVpCV0dCvsBpID5n+nJNqRhnuNqRN9zQkLkjgqTCkigqTNFmFnNIWF:gjlcvNyoJCGCvsBpIen

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      17-10-2024 #20/Dynamer.exe

    • Size

      300KB

    • MD5

      3d14e249798b97a38b92b59ec8709e20

    • SHA1

      0e5f6bce278cb65d25460c546aca7e8851c593c3

    • SHA256

      9f331203b8fbd9504846742588da5a6ddd5baa804caca846940f92c2afd8bcf9

    • SHA512

      7caf9307a03defb601e7764ea823a91ea5c3627c9061585212c835ca0d983b976251b6fb2df4dada8c9c98720e9ecbe16390a4fddddbc828c2df6f56b3a66ab3

    • SSDEEP

      6144:0GEunZZ5HulrrATBqvexlJBV1Ls2mimvp3VD8dbsJUHArzneXFk:0jUmnATsYJBV1Ls2LMpB8aUH0zneFk

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      17-10-2024 #20/Explore.exe

    • Size

      80KB

    • MD5

      553375ee3d12ffb4afea182b7e24c520

    • SHA1

      6c52ed0ffcec61ee86c9c21a37f3eec4c69102af

    • SHA256

      6e9970819ef7836eed0d96d9844395ed087abbf017ff7f732559cb176281f642

    • SHA512

      b279600bf9ea58d1ac87ac9cfb1bd6f2b3340e828b7cd11f01a00961142d8f8db605c265a7ad1c2f378918af8a74a415fd86d2c11c607c7aad648cffeb2e44e2

    • SSDEEP

      768:MpQNwC3BESe4Vqth+0V5vKwQNwC3BE3bqNmCRh5EMy:keT7BVwxfv9eTAGv5zy

    Score
    10/10
    discoveryevasion

    • Modifies visibility of file extensions in Explorer

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery

    • Drops file in System32 directory

    behavioral11behavioral12

    • Target

      17-10-2024 #20/FloodFix.exe

    • Size

      129KB

    • MD5

      18be2a15a560abae88f24f6838ae0660

    • SHA1

      90116726649d3a24da545d040f379a9348c1252e

    • SHA256

      b04e7b0ef27bc4e2a732fa290a85207644acfaea848d414efe05fd4897a235c3

    • SHA512

      1112c459258f823b2ba6686c3bd726da4abc2644d5e91860962de9ec4f25c9547dc2c9d5bf94c68dbc4a4c8057eb8b685aa0ceb8eac26b403c05b58eac3df435

    • SSDEEP

      3072:i26YVIn67K17wz2lQBV+UdE+rECWp7hKYb2SE:kp8K1ABV+UdvrEFp7hKY8

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      17-10-2024 #20/Flyagent.exe

    • Size

      29KB

    • MD5

      05d2ca103f78fad50c5c5e346a53ccb0

    • SHA1

      8dfaaddbce919c74ef2d60a70936d8fbd97c3287

    • SHA256

      3c2ace077b2c126a3188d787a1369fd80424c55ec39b81c898094495608ababf

    • SHA512

      3e7c846900c0f713c63a87ea0eb755a8df11e20c5d1dd97714efc76ea2e294135c7c6d329f7be77471c21ebf6f595d915056d9d1418f3e8c738917316b3cdd17

    • SSDEEP

      768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/rK:AEwVs+0jNDY1qi/qW

    Score
    10/10
    mydoomdiscoverypersistenceupxworm

    • Detects MyDoom family

    • MyDoom

      MyDoom is a Worm that is written in C++.

      wormmydoom

    • Mydoom family

      mydoom

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral15behavioral16

    • Target

      17-10-2024 #20/InstallCore.exe

    • Size

      648KB

    • MD5

      3fadf66f0f9432432a0bad6af05f7200

    • SHA1

      d57d6f9039f9b587ec2e2ccb4a09ac727ff367ca

    • SHA256

      279c602046d1c4f0188411231470119491af54a7779d4cae21db6ad870460ade

    • SHA512

      ba8f00a6a2b3b13c0a60f764338d8ce7b9ccbbe998b7e8da8d7c6db9422a22383f6a380e29a21b7e1881ab1dc4bd90b1c8618b2c37f8748978b3e08f76135341

    • SSDEEP

      12288:QyMJfsGJQEGWkDQOY5t41H8Dulsr/6c0mnRuYWiUcgNBXGzk+cyBmRvM:QyMJfsVEGdR1AulsbxuD4aB2o4B

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral17behavioral18

    • Target

      17-10-2024 #20/MSRATING.exe

    • Size

      247KB

    • MD5

      3a9852bb371618fff6dd2077cc3bcda0

    • SHA1

      c9a397542fb99c3a099a1daf57a6a3c8ab725774

    • SHA256

      96595d260e0aa74b7c4064ef3cb5eebced8a40ddd7066ed1cbc3cc126a72f88b

    • SHA512

      f955d565d3f7da84c6f21b0375b05396b057cb1c5550711b19ec16dd370136dfa1378dca3fdc6b63592097cb15e3f17b5bddbd4d1a974592192142d0de3445ab

    • SSDEEP

      3072:iypmMoKGWunhATmKH3rim09M4dUe8LrqI9FU2b:uNn+/7iPM4d9ohv

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      17-10-2024 #20/MulDrop.exe

    • Size

      437KB

    • MD5

      40e4282c65ce4cfeb5e566c6a3a713e0

    • SHA1

      a3d786888ee84957cbea5d6879d7915a2f0ecd16

    • SHA256

      68473e5f20e5a30b4bfffe86da83a30e5faada6b8824f894aad776b0b1f8106e

    • SHA512

      0fc7e4c3155299580a6a497cc52cb504c124e16f8147b7c9a95b4fe6521481cf927512e5339dff0d78dda55e1c3c92de97a3b4b44fa3ff6b323de99a5dd2b09b

    • SSDEEP

      6144:hH71iYqhwk9/U3ZfFAxljjF0OQTPGo/o51BeLZ+gneQX9c9wPetx3VC7wiywNA3R:BDqhwss3M/mjHqTeLcgeg9cWWT0RuR

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral21behavioral22

    • Target

      17-10-2024 #20/TSULoader.exe

    • Size

      303KB

    • MD5

      46d42dd869b812c8c1561af6de78bf40

    • SHA1

      3f8b650243ff76a5fff9aae09bdce8e0c78a5be3

    • SHA256

      92b90a6751e008ef749ec7b4ea338344ceb8fe03038a89835f0ed8b5d78e1649

    • SHA512

      380ddf54eb3ecfd78f4b3aae0b62c722540d5440cd5184973c20726e774ad0f52b66f3dd45c253bf2c4c1a1ce5cc594fd918d59df4967659a6c94ec0f08c5717

    • SSDEEP

      6144:vrkp9uEo2S1YnQmCX492DkwNP3qpYFqrtZJ9jEvyQzjBR2JYRcK7uY2:vrk/u6/eIo49PJ9YvBzlS

    Score
    7/10
    discovery

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral23behavioral24

    • Target

      17-10-2024 #20/UtilMan.exe

    • Size

      184KB

    • MD5

      39104e19c78fe4dfa91ce0fc94452680

    • SHA1

      5828a04b7414f3a0e3e1be381449a38a4c8c8281

    • SHA256

      05bf98c4a5ad8a594d9df4a69826ca683bc45439a9ed507734b882292223a3de

    • SHA512

      cf2dad8281fe40f96ea01cd36472f4cbdb01c9d13c0878ba198a13afe7faf9aedb880e5ef8d08a6fdc63497f37fe71e66a736cce94143633f01bc5fe3f0275f4

    • SSDEEP

      3072:oQ1oVVeIS0IERIIkIOhKDgEmeOSTAzrlX/T4iQy8srFCQuE:ojVVeIdkIDOSTEV4fy8sZC

    Score
    3/10
    discoverypersistenceprivilege_escalation
    behavioral25behavioral26

    • Target

      17-10-2024 #20/Zombie.exe

    • Size

      37KB

    • MD5

      3766e7d299fd60b99b57a8f23e3ecf80

    • SHA1

      634ac90a3e3e964e75e52071fefb96b51c824611

    • SHA256

      d091ab54c8cb7db4189a8556381b8ad9d5717be97be373caa18adaa3476eaa40

    • SHA512

      06f65b5ddc6e914ef844a71925c866bcb6e216dd5144bb28a7361801e8b555c65d327ce9adc18cb791a5a93f53ac9b1fe26bf68ad9b403a4128eb27a1c0c70d1

    • SSDEEP

      384:QOlIBXDaU7CPKK0TIhfJJ1Evd5BvhzaM9mSIEvd5BvhzaM9mSsxmMxm9+9T6My2X:kBT37CPKKdJJ1EXBwzEXBwdcMcI9daFo

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral27behavioral28

    • Target

      17-10-2024 #20/app stroe.exe

    • Size

      752KB

    • MD5

      50b1390fe325207d2a96fc991b065030

    • SHA1

      ee5f6c76400f1eafec18a674774e31faad150009

    • SHA256

      eb2714d855c5896df7f2bb2c09e1db57c38e7e154c07cb96c5c9e4ec7f9422f2

    • SHA512

      c77b1ceb70553f8250ec09e89a76c9e89c4df6bad444887559adda45effbdb6d80bf1de000d7468f2bdfd16f3015e84cfbd3070d359ed444284ca0e3d369660a

    • SSDEEP

      12288:zhDMjlZ8RZ7QwkMSiakDdUlftrIzoJ3fVR1hj8bgn8mYvTbV9rwvjlDtghOcv:5PRZAiakEfdSQhCgn85vTJ9iwOcv

    Score
    7/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral29behavioral30

    • Target

      17-10-2024 #20/assemblychange.exe

    • Size

      30KB

    • MD5

      175c688bf30251e792e35e0213a06e50

    • SHA1

      cfa483bad18370db8f3c35d25b7091927bfc54f6

    • SHA256

      923349b1ce543ac8058d836d614a61c87994aac500767de52335806a083df328

    • SHA512

      e4f1e38afc17d7df2aa0b800e9fa3abc696940140ca8f1316a3586cab8f795b00196b61c147029b9635f3fc2df9a1f637ceefa9f839baccf30acbd054d9bb52e

    • SSDEEP

      768:BeO7mXLw57JCUVn47ilcOfByTcYrFDzu2LjG:BeO7mXLw57JCUVn47SZyTcYrFDzu2LjG

    Score
    6/10
    discoverypersistence
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Accessibility Features

1
T1546.008

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Accessibility Features

1
T1546.008

Defense Evasion

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Modify Registry

5
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Network Share Discovery

1
T1135

Peripheral Device Discovery

1
T1120

Query Registry

4
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

upx
Score
5/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

discoveryupx
Score
7/10

behavioral4

discoveryupx
Score
7/10

behavioral5

discoveryevasion
Score
9/10

behavioral6

discoveryevasion
Score
9/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discoveryevasion
Score
10/10

behavioral12

discoveryevasion
Score
10/10

behavioral13

Score
1/10

behavioral14

discovery
Score
3/10

behavioral15

mydoomdiscoverypersistenceupxworm
Score
10/10

behavioral16

mydoomdiscoverypersistenceupxworm
Score
10/10

behavioral17

discoveryupx
Score
5/10

behavioral18

discoveryupx
Score
5/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
7/10

behavioral22

discovery
Score
7/10

behavioral23

discovery
Score
7/10

behavioral24

discovery
Score
7/10

behavioral25

discoverypersistenceprivilege_escalation
Score
3/10

behavioral26

discoverypersistenceprivilege_escalation
Score
3/10

behavioral27

discoveryupx
Score
5/10

behavioral28

discoveryupx
Score
5/10

behavioral29

discovery
Score
7/10

behavioral30

discovery
Score
7/10

behavioral31

discoverypersistence
Score
6/10

behavioral32

discoverypersistence
Score
6/10