Overview
overview
10Static
static
10virussign....b0.exe
windows7-x64
10virussign....b0.exe
windows10-2004-x64
10virussign....60.exe
windows7-x64
7virussign....60.exe
windows10-2004-x64
7virussign....40.exe
windows7-x64
7virussign....40.exe
windows10-2004-x64
7virussign....e0.exe
windows7-x64
7virussign....e0.exe
windows10-2004-x64
7virussign....00.exe
windows7-x64
10virussign....00.exe
windows10-2004-x64
10virussign....90.exe
windows7-x64
7virussign....90.exe
windows10-2004-x64
7virussign....40.exe
windows7-x64
7virussign....40.exe
windows10-2004-x64
7virussign....10.exe
windows7-x64
5virussign....10.exe
windows10-2004-x64
5virussign....60.exe
windows7-x64
7virussign....60.exe
windows10-2004-x64
7virussign....c0.exe
windows7-x64
10virussign....c0.exe
windows10-2004-x64
10virussign....d0.exe
windows7-x64
7virussign....d0.exe
windows10-2004-x64
7virussign....b0.exe
windows7-x64
10virussign....b0.exe
windows10-2004-x64
10virussign....10.exe
windows7-x64
7virussign....10.exe
windows10-2004-x64
7virussign....e0.exe
windows7-x64
7virussign....e0.exe
windows10-2004-x64
7virussign....20.exe
windows7-x64
7virussign....20.exe
windows10-2004-x64
7virussign....c0.exe
windows7-x64
7virussign....c0.exe
windows10-2004-x64
7General
-
Target
virussign.com_20241117_LimitedFree.zip
-
Size
31.1MB
-
Sample
241117-vn1plsvblc
-
MD5
bfc2999b29b852cbf97de11290116c93
-
SHA1
1b62ac8a846efb68ea1275b20c245ca5df597e2c
-
SHA256
79651e8616f701122275edd7444d7f62478bc2a786d204ec2c59e9f01a5d417b
-
SHA512
d4ed417241039a3837822a01c9b85d7857cc6e10b404fc1f0a0f08ec08525de805382ec1f4be8c53009fb37c52bde0055cd7f24a876721cd3e1729121ebbf215
-
SSDEEP
786432:6GVKoV8yuSCrLsVszCN7jCAuMhzHOOhJ/BcI:9VKoW7rLsVsU7j1nhzHOOhJ/BcI
Behavioral task
behavioral1
Sample
virussign.com_b1d2087d1d88f80870106373da2011b0.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
virussign.com_b1d2087d1d88f80870106373da2011b0.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
virussign.com_b4a073dab1d51b27d63f81649310ab60.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
virussign.com_b4a073dab1d51b27d63f81649310ab60.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
virussign.com_b793dc2ed636fdaee1a701e05fde1640.exe
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
virussign.com_b793dc2ed636fdaee1a701e05fde1640.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
virussign.com_ba1f70e629bc3e70fba35036be583ce0.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
virussign.com_ba1f70e629bc3e70fba35036be583ce0.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
virussign.com_bcab6f30045483fd648d1924aba88b00.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
virussign.com_bcab6f30045483fd648d1924aba88b00.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
virussign.com_bf4239be7de1ad8dddc78d1aff0d6090.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
virussign.com_bf4239be7de1ad8dddc78d1aff0d6090.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
virussign.com_c251643a9964695966b3f7a545401440.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
virussign.com_c251643a9964695966b3f7a545401440.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
virussign.com_c3fa4d199e50171575cfa553fd205a10.exe
Resource
win7-20241010-en
Behavioral task
behavioral16
Sample
virussign.com_c3fa4d199e50171575cfa553fd205a10.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
virussign.com_c527d92958bc1247a6471765e5449c60.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
virussign.com_c527d92958bc1247a6471765e5449c60.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
virussign.com_c7d033cce29ec681f70bfb5f2ec867c0.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
virussign.com_c7d033cce29ec681f70bfb5f2ec867c0.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
virussign.com_ca6b0e41f6273b8c6a022729b7a7efd0.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
virussign.com_ca6b0e41f6273b8c6a022729b7a7efd0.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
virussign.com_ccf2dfc7e36c604f207bf823231b57b0.exe
Resource
win7-20241023-en
Behavioral task
behavioral24
Sample
virussign.com_ccf2dfc7e36c604f207bf823231b57b0.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
virussign.com_cf449b9fd99f5da93cbb91c84e64e710.exe
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
virussign.com_cf449b9fd99f5da93cbb91c84e64e710.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
virussign.com_d2157a5e0405795aa865f9264e231ee0.exe
Resource
win7-20240729-en
Behavioral task
behavioral28
Sample
virussign.com_d2157a5e0405795aa865f9264e231ee0.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
virussign.com_d4dd384ae38fed77098536c5b075c320.exe
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
virussign.com_d4dd384ae38fed77098536c5b075c320.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
virussign.com_d7c1eea17ae01e04b622ede80b6732c0.exe
Resource
win7-20241023-en
Behavioral task
behavioral32
Sample
virussign.com_d7c1eea17ae01e04b622ede80b6732c0.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Extracted
berbew
http://crutop.nu/index.php
http://crutop.ru/index.php
http://mazafaka.ru/index.php
http://color-bank.ru/index.php
http://asechka.ru/index.php
http://trojan.ru/index.php
http://fuck.ru/index.php
http://goldensand.ru/index.php
http://filesearch.ru/index.php
http://devx.nm.ru/index.php
http://ros-neftbank.ru/index.php
http://lovingod.host.sk/index.php
http://www.redline.ru/index.php
http://cvv.ru/index.php
http://hackers.lv/index.php
http://fethard.biz/index.php
http://ldark.nm.ru/index.htm
http://gaz-prom.ru/index.htm
http://promo.ru/index.htm
http://potleaf.chat.ru/index.htm
http://kadet.ru/index.htm
http://cvv.ru/index.htm
http://crutop.nu/index.htm
http://crutop.ru/index.htm
http://mazafaka.ru/index.htm
http://xware.cjb.net/index.htm
http://konfiskat.org/index.htm
http://parex-bank.ru/index.htm
http://kidos-bank.ru/index.htm
http://kavkaz.ru/index.htm
http://fethard.biz/index.htm
http://tat-neftbank.ru/kkq.php
http://tat-neftbank.ru/wcmd.htm
http://f/wcmd.htm
http://f/ppslog.php
http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d
Targets
-
-
Target
virussign.com_b1d2087d1d88f80870106373da2011b0.vir
-
Size
872KB
-
MD5
b1d2087d1d88f80870106373da2011b0
-
SHA1
8b6c761cd06d8e8e025ce85d48f3e9dffb9b7bba
-
SHA256
1427b7aebb298e1f9e488982e3c6d22f53e23c185c0a33bfc6478679e72fdcbc
-
SHA512
86177f6c5c14caae72c1bb999f53567d519767bae056f6610e07ff76c034dbbffe06d9fae909bdb187828d7ed7d081568afe9fe718520333e86035bbbf1954af
-
SSDEEP
24576:RHDDHFh2kkkkK4kXkkkkkkkkhLX3a20R0v50+Y:NDxbazR0v
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Berbew family
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
virussign.com_b4a073dab1d51b27d63f81649310ab60.vir
-
Size
468KB
-
MD5
b4a073dab1d51b27d63f81649310ab60
-
SHA1
86dee899d11513345890ac7a1a21c00ae1748376
-
SHA256
c63c4e473b61d00146f93f17884e433eaa77dc9268e511c6ea391f1865f9d60e
-
SHA512
360a9e4ea0f4ebf3cd64920fefce623c72ae38a3d363c6743de1817627bf8665156a28f3e71a41a5502bd360fd9342a34cfba0938c5ddf40b6c3ef640abc4f02
-
SSDEEP
3072:4belogxaIU57tbYZPAcfmbfD/n2DnsIHHQmyeQVqAf5Fkki3uPulp:4b4oCc7tCPdfmbfradwf5C73uP
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
virussign.com_b793dc2ed636fdaee1a701e05fde1640.vir
-
Size
2.6MB
-
MD5
b793dc2ed636fdaee1a701e05fde1640
-
SHA1
23741caf22809c1bfb9b9d803a070f45b95dfa26
-
SHA256
4e243bfc150e3df8b0b6c3f274c51e21a61c58b261c4ee963ff3cc1b000b55c9
-
SHA512
d4f0e7a3aea5cb7216cb7fa0a290845fcf92413c83edd3de3302ffda45a52ee3a28c7faa6da9391be03f7818441b68b96c1c95548e28dc1419eb79f469b92e94
-
SSDEEP
49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LB+B/bS:sxX7QnxrloE5dpUpJb
Score7/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
virussign.com_ba1f70e629bc3e70fba35036be583ce0.vir
-
Size
468KB
-
MD5
ba1f70e629bc3e70fba35036be583ce0
-
SHA1
5777344c00bc8da674c3ec28bb4b3870a506dca8
-
SHA256
31792fa6ebc508394aecbdec49f7df51b638478a9d86dc36b1b07bcd16c2e00e
-
SHA512
3bfbe448c5d3709c2cf2c79bdc51e1b6b373a08992e830b682e3921bf51477334f8a2a14bd1961d5372837042f05d974fed73b2a10a89c4e30fe1af05444ffa8
-
SSDEEP
3072:4belogxaIU57tbYZPzcfmbfD/n2DjsIH9QmyeQVqAf5+kOi3uxulE:4b4oCc7tCP4fmbfHa7wf5P13ux
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
virussign.com_bcab6f30045483fd648d1924aba88b00.vir
-
Size
52KB
-
MD5
bcab6f30045483fd648d1924aba88b00
-
SHA1
e9bff6e0d6859df746a003132c25936832fc8072
-
SHA256
ca5a471acdfaaa050e6a790b58543ebbdef104050ba16b0234405cb5382adef0
-
SHA512
80b8c15e71f0081c133da08df052081d66ebe3121d730fb0fb590a2a900facc228b8f8639eaf07886757972b60665ebbdd8f8b408479005e7465cca9279043ef
-
SSDEEP
1536:1xzQub4dB1O+FTpvLI/fBju0ofLsj/MAdKZ:vQZ5FTpDI/5mfLs/MRZ
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Berbew family
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
virussign.com_bf4239be7de1ad8dddc78d1aff0d6090.vir
-
Size
468KB
-
MD5
bf4239be7de1ad8dddc78d1aff0d6090
-
SHA1
87505e3bfa1893eeb43070969a288c3d83fcbae5
-
SHA256
aafd95539aa218c88c493fdfd1ad05642fbe46c2f7896d35ed8173d133bc1e50
-
SHA512
754da815b1baba9cecca5060007a7cd5a568af41b4aa8c2baace00d76820d183ca242c19c8f237ec1b86b4b9269d4f8999acd173823831f351c8518f875474d7
-
SSDEEP
3072:vlnhogBkrq8Upb/qPz59XfoqfhK588XhmHexViz2gi4WC+NHalZ:vlhonTUp2P19XfmV702gLl+NH
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
virussign.com_c251643a9964695966b3f7a545401440.vir
-
Size
468KB
-
MD5
c251643a9964695966b3f7a545401440
-
SHA1
932ae0dfb6049425a5d6a38f533afabf55907d03
-
SHA256
d80bf5ab9b5db38e92d57e5899ffa68d64fbf7c06189194405392d0451f431f7
-
SHA512
fd3cf249b12d6304fdd2e4ab5b8c9292b14348d79267deb1d639ebb75d6693a0f989212a4dc274ff72c0327e7993717a91d06ecf51563dbc6ff0ce2c723a7cdd
-
SSDEEP
3072:loAoogIIgd5KtbY3Pztjcf8/GCfv43pnrjHeLT+a/NEKxD7U5pl+:lobo5bKtQPJjcfBZup/Nrl7U5
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
virussign.com_c3fa4d199e50171575cfa553fd205a10.vir
-
Size
83KB
-
MD5
c3fa4d199e50171575cfa553fd205a10
-
SHA1
8bbb0225d1d81fc16ed74ebd010605d61d201e17
-
SHA256
ae19e02b8b99b3ba9035ff2e990be900768a46c70fa48710a8c61cc878e186ea
-
SHA512
97f4d61dc3631b68f403dffbf05239d30a7561a8ec322c442e32965dbe77257656b3c51a29a5c9658028070e88f2deb52105c569ae091dabf434e5d459d365e3
-
SSDEEP
1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+jK:LJ0TAz6Mte4A+aaZx8EnCGVuj
-
-
-
Target
virussign.com_c527d92958bc1247a6471765e5449c60.vir
-
Size
2.6MB
-
MD5
c527d92958bc1247a6471765e5449c60
-
SHA1
84fba87a0998698d3b6040dcfb83667a3eb2109b
-
SHA256
e9b4211e90f2c15e783c73a5998e3284b75b4afe70dae956e6dab0eb17732125
-
SHA512
1fdcac718581fa8fbdf15b3d3cdb0c2cf06f6a9a56facab47cf1841578264a1a6014cc51c07488939005852a569ae8c4c45b61b54e0b99d4d1f0bc78c1daa8da
-
SSDEEP
49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBXB/bSq:sxX7QnxrloE5dpUpUbV
Score7/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
virussign.com_c7d033cce29ec681f70bfb5f2ec867c0.vir
-
Size
1024KB
-
MD5
c7d033cce29ec681f70bfb5f2ec867c0
-
SHA1
91b13955ad9e9c77d8310f10ab92146ad09525b3
-
SHA256
34157d74d915d474a6c888fc9de5441d0b08e39b5a24eda20988139100ad7703
-
SHA512
7c623a430ec44501d190a298fbe5f2d8e90245e5549fe6d7d89f6d8d75f3200b19d0793c4a7ca286c68d3fe234d88068b6ee32f21a63f9e6e667e3cf48e159e3
-
SSDEEP
24576:fym0BmmvFimm0Xcr6VDsEqacjgqANXcolMZ5nNxvM0oL8v8WQ:eiTWVDBzcjgBNXcolMZ5nNxvM0oLoQ
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Berbew family
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
virussign.com_ca6b0e41f6273b8c6a022729b7a7efd0.vir
-
Size
54KB
-
MD5
ca6b0e41f6273b8c6a022729b7a7efd0
-
SHA1
5e0d21098a203223ee7572808364085cba6bcd5d
-
SHA256
993b235bdbbc30ac6f56f1f38c8193d9bf510dbb2f35379dea5f02dae33908ce
-
SHA512
2b04e49c6ef1fd2e206a660b285abf953c4675aaaccf7a1d972063cb88eb40eff30484efc9d57ca73e91b5ee04c29d9a1c7549bb7d061f7861005c53ff3c2dca
-
SSDEEP
1536:DqMA6C1VqaqhtgVRNToV7TtRu8rM0wYVFl2g5u58dO0xXHQEyYfdhNhFO5h3xhIN:+MA6C1VqaqhtgVRNToV7TtRu8rM0wYVb
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
virussign.com_ccf2dfc7e36c604f207bf823231b57b0.vir
-
Size
90KB
-
MD5
ccf2dfc7e36c604f207bf823231b57b0
-
SHA1
764fd98b97131b972ef6e117b7bf829c0fb9e2e8
-
SHA256
aba02a27aed406ac007c2006a0429c197299fe7cfb1be22abc2ce69478986267
-
SHA512
2da0316deee82434c2b7bac9326ee77b64ff7c4f1fd9c64790b6733398dd597c1a12ddfb2d6843e2cdbc8c38f451a1c2c0c5bab91b1266dd073bd0ae2bc3611a
-
SSDEEP
1536:82PzLifjNdvaZS7BoTtdUhi5ort73O34NkGTXDfOOQ/4BrGTI5Yxj:DbgNdvaZSKaiOrt7+AT7U/4kT0Yxj
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Berbew family
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
virussign.com_cf449b9fd99f5da93cbb91c84e64e710.vir
-
Size
7KB
-
MD5
cf449b9fd99f5da93cbb91c84e64e710
-
SHA1
3cdef0031a939b31cb4b9a6ad1bf9ca88a155751
-
SHA256
087300bc42aa885c126aa1771a2f80691399efae7543a8f493f5059548163957
-
SHA512
24bbe2217b79f6e920d75ca986bce35c9daad0558205324f6470292629ac3431a2f2f0a85567bd87d022ac00625dac1d2e46e004fd2a8e9e4403e3e53073705f
-
SSDEEP
96:Ge32tdsBxRlRIWb9pXc1eG6PcGma1JIwIdzwzc:GjdsXyWb9pkeG7yJIwczw
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
virussign.com_d2157a5e0405795aa865f9264e231ee0.vir
-
Size
468KB
-
MD5
d2157a5e0405795aa865f9264e231ee0
-
SHA1
edaf7c0ec10f3772b0b505ef68b39ab2c4c4e845
-
SHA256
8c1ca0e54f6fe46c514ed01eb31308e9272d796fbf78007278bc5e617096aa2f
-
SHA512
9551cfecec41cbd0973a9ed5d5cb41f0cf2f36ae5f0364c3aea0924ad81097fc236bacc5c5def4cf3bc10cac8a427bcf1c22021d9866a030b265dc3faefa5d09
-
SSDEEP
3072:McG1ogIOhd5UEbYVPvtNcf8+nynzwgpwTmHeKftKraa88Rgu9Alb:McwoybUE2PFNcfDcenraL4gu9
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
virussign.com_d4dd384ae38fed77098536c5b075c320.vir
-
Size
2.6MB
-
MD5
d4dd384ae38fed77098536c5b075c320
-
SHA1
ed8690d654532965db51c6145dab0c7454284a7b
-
SHA256
687a990253af6ef1eb5a4d36b657237874f0dbafa795e2d74b7ca6ea5bd56ac9
-
SHA512
353e67dfac140206f4d97f38d66fe6dab74dfca0734cf63117dc02beb81f0906860907ac6113b5fe6c7f20d77a9d4a0977f3f4d71d09f69efe531492513a91d4
-
SSDEEP
49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LB/B/bSq:sxX7QnxrloE5dpUpgbV
Score7/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
virussign.com_d7c1eea17ae01e04b622ede80b6732c0.vir
-
Size
468KB
-
MD5
d7c1eea17ae01e04b622ede80b6732c0
-
SHA1
4f693d86d4b77962bf66dbe56f3cc77d18e0c158
-
SHA256
039b6823caa5f077f5c48a0d76e51d9301739f709b6d13cd65428928fab925be
-
SHA512
e44d9d1202fb862b0e63de37bff3d4cb263d9d3b41048e1c0d74c67052c1522354242aba45c06d9606e9945b7606ed4bdf4b29880765e8ae382dbbe9a4237fd1
-
SSDEEP
3072:FsokogIDIEB5tCI+PKwjbfD/ECL6ICpD2mHeu2iREZc5i6qY/7lv:FsHoe05tOPHjbf7KccEZgpqY/
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1