Overview
overview
10Static
static
10Remouse.Mi...cg.exe
windows11-21h2-x64
3SecuriteIn...dE.exe
windows11-21h2-x64
10SecuriteIn...ee.dll
windows11-21h2-x64
10SecurityTa...up.exe
windows11-21h2-x64
4Treasure.V...ox.exe
windows11-21h2-x64
3VyprVPN.exe
windows11-21h2-x64
10WSHSetup[1].exe
windows11-21h2-x64
3Yard.dll
windows11-21h2-x64
10b2bd3de3e5...2).exe
windows11-21h2-x64
10b2bd3de3e5...3).dll
windows11-21h2-x64
10b2bd3de3e5...4).dll
windows11-21h2-x64
10cd9ccf8681...f7.exe
windows11-21h2-x64
10cobaltstri...de.exe
windows11-21h2-x64
10default.exe
windows11-21h2-x64
10ec4f09f82d...d3.exe
windows11-21h2-x64
10efd97b1038...ea4.js
windows11-21h2-x64
3emotet_exe...04.exe
windows11-21h2-x64
10emotet_exe...23.exe
windows11-21h2-x64
10eupdate.exe
windows11-21h2-x64
7f4f47c67be...3f.exe
windows11-21h2-x64
10fb5d110ced...9c.exe
windows11-21h2-x64
6fee15285c3...35.exe
windows11-21h2-x64
10file(1).exe
windows11-21h2-x64
1file.exe
windows11-21h2-x64
7gjMEi6eG.exe
windows11-21h2-x64
10good.exe
windows11-21h2-x64
5hyundai st...1).exe
windows11-21h2-x64
10hyundai st...10.exe
windows11-21h2-x64
10infected d...er.exe
windows11-21h2-x64
10inps_979.xls
windows11-21h2-x64
1jar.jar
windows11-21h2-x64
10june9.dll
windows11-21h2-x64
10General
-
Target
241105-dtxrgatbpg_pw_infected.zip
-
Size
132.7MB
-
Sample
241204-np1bxatqgz
-
MD5
136b5aad00be845ec166ae8f6343b335
-
SHA1
e51860dfb734c9715b6c9b74d9c582abe03ca90c
-
SHA256
38bc13ef112b2f17d4d1a80243fac6a521b5d58228984aae0752d79487fa3b66
-
SHA512
ed56b1afa85e304d6973d69e289631f15955d1619c6943a376d7d319018057d1a6fa0aa340ea6d43037ee17014f13e74e5ebddaf3aec62bf8e2da6b20b14ce42
-
SSDEEP
3145728:m2t5SZQXkJuAwd3u5d5VO4Z9WSXL5qgP47khuJWCvcICllCCrE/z:m6ClwdeyqWSXVqeU5J7CvCCrgz
Static task
static1
Behavioral task
behavioral1
Sample
Remouse.Micro.Micro.v3.5.3.serial.maker.by.aaocg.exe
Resource
win11-20241007-en
Behavioral task
behavioral3
Sample
SecuriteInfo.com.Generic.mg.cde56cf0169830ee.dll
Resource
win11-20241007-en
Behavioral task
behavioral4
Sample
SecurityTaskManager_Setup.exe
Resource
win11-20241007-en
Behavioral task
behavioral5
Sample
Treasure.Vault.3D.Screensaver.keygen.by.Paradox.exe
Resource
win11-20241007-en
Behavioral task
behavioral6
Sample
VyprVPN.exe
Resource
win11-20241007-en
Behavioral task
behavioral7
Sample
WSHSetup[1].exe
Resource
win11-20241007-en
Behavioral task
behavioral8
Sample
Yard.dll
Resource
win11-20241007-en
Behavioral task
behavioral9
Sample
b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb (2).exe
Resource
win11-20241007-en
Behavioral task
behavioral10
Sample
b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb (3).dll
Resource
win11-20241007-en
Behavioral task
behavioral11
Sample
b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb (4).dll
Resource
win11-20241007-en
Behavioral task
behavioral12
Sample
cd9ccf8681ed1a5380f8a27cd6dc927ab719b04baa6c6583a0c793a6dc00d5f7.exe
Resource
win11-20241007-en
Behavioral task
behavioral13
Sample
cobaltstrike_shellcode.exe
Resource
win11-20241007-en
Behavioral task
behavioral14
Sample
default.exe
Resource
win11-20241007-en
Behavioral task
behavioral15
Sample
ec4f09f82d932cdd40700a74a8875b73a783cbaab1f313286adf615a5336d7d3.exe
Resource
win11-20241007-en
Behavioral task
behavioral16
Sample
efd97b1038e063779fb32a3ab35adc481679a5c6c8e3f4f69c44987ff08b6ea4.js
Resource
win11-20241007-en
Behavioral task
behavioral17
Sample
emotet_exe_e1_ef536781ae8be4b67a7fb8aa562d84994ad250d97d5606115b6f4e6e2992363f_2020-11-17__174504.exe
Resource
win11-20241007-en
Behavioral task
behavioral18
Sample
emotet_exe_e3_93074e9fbde60e4182f5d763bac7762f2d4e2fcf9baf457b6f12e7696b3562c1_2020-11-17__182823.exe
Resource
win11-20241007-en
Behavioral task
behavioral19
Sample
eupdate.exe
Resource
win11-20241007-en
Behavioral task
behavioral20
Sample
f4f47c67be61d386e7d757ff89825fa630dd5cc4ed600b5471f9cc18c21e983f.exe
Resource
win11-20241007-en
Behavioral task
behavioral21
Sample
fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
Resource
win11-20241007-en
Behavioral task
behavioral22
Sample
fee15285c36fa7e28e28c7bb9b4cd3940ef12b9907de59d11ab6e2376416d35.exe
Resource
win11-20241007-en
Behavioral task
behavioral23
Sample
file(1).exe
Resource
win11-20241007-en
Behavioral task
behavioral24
Sample
file.exe
Resource
win11-20241007-en
Behavioral task
behavioral25
Sample
gjMEi6eG.exe
Resource
win11-20241007-en
Behavioral task
behavioral26
Sample
good.exe
Resource
win11-20241007-en
Behavioral task
behavioral27
Sample
hyundai steel-pipe- job 8010(1).exe
Resource
win11-20241007-en
Behavioral task
behavioral28
Sample
hyundai steel-pipe- job 8010.exe
Resource
win11-20241007-en
Behavioral task
behavioral29
Sample
infected dot net installer.exe
Resource
win11-20241007-en
Behavioral task
behavioral30
Sample
inps_979.xls
Resource
win11-20241007-en
Behavioral task
behavioral31
Sample
jar.jar
Resource
win11-20241007-en
Malware Config
Extracted
zloader
main
26.02.2020
https://airnaa.org/sound.php
https://banog.org/sound.php
https://rayonch.org/sound.php
-
build_id
19
Extracted
revengerat
XDSDDD
84.91.119.105:333
RV_MUTEX-wtZlNApdygPh
Extracted
revengerat
Victime
cocohack.dtdns.net:84
RV_MUTEX-OKuSAtYBxGgZHx
Extracted
zloader
25/03
https://wgyvjbse.pw/milagrecf.php
https://botiq.xyz/milagrecf.php
-
build_id
103
Extracted
revengerat
samay
shnf-47787.portmap.io:47787
RV_MUTEX
Extracted
zloader
09/04
https://eoieowo.casa/wp-config.php
https://dcgljuzrb.pw/wp-config.php
-
build_id
140
Extracted
zloader
07/04
https://xyajbocpggsr.site/wp-config.php
https://ooygvpxrb.pw/wp-config.php
-
build_id
131
Extracted
cobaltstrike
305419896
http://47.91.237.42:8443/__utm.gif
-
access_type
512
-
beacon_type
2048
-
host
47.91.237.42,/__utm.gif
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
60000
-
port_number
8443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS7zRQv7EhhTkbgDrCNBsNay7lzQFmcC/GWwjOq93nKwPSszjIKgtW8nwhtoRhr6MFZx4DSYFdeuJDrtJNcTZz2C/LgZzhSQJmhiEqCkVqPPCfK1C6S4PzDrzy9L794rPLOuoewlGAXgiH5/Ae2aC5k2wedRNfes3DJZDDCaJJYwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0)
-
watermark
305419896
Extracted
revengerat
INSERT-COIN
3.tcp.ngrok.io:24041
RV_MUTEX
Extracted
revengerat
YT
yukselofficial.duckdns.org:5552
RV_MUTEX-WlgZblRvZwfRtNH
Extracted
revengerat
system
yj233.e1.luyouxia.net:20645
RV_MUTEX-GeVqDyMpzZJHO
Extracted
njrat
0.7d
HacKed
srpmx.ddns.net:5552
c6c84eeabbf10b049aa4efdb90558a88
-
reg_key
c6c84eeabbf10b049aa4efdb90558a88
-
splitter
|'|'|
Extracted
xred
xred.mooo.com
-
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
http://xred.site50.net/syn/SUpdate.ini
https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
http://xred.site50.net/syn/Synaptics.rar
https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
http://xred.site50.net/syn/SSLLibrary.dll
Extracted
njrat
0.7d
HACK
43.229.151.64:5552
6825da1e045502b22d4b02d4028214ab
-
reg_key
6825da1e045502b22d4b02d4028214ab
-
splitter
Y262SUCZ4UJJ
Extracted
revengerat
Guest
178.17.174.71:3310
RV_MUTEX-HxdYuaWVCGnhp
Extracted
emotet
Epoch1
12.163.208.58:80
45.33.35.74:8080
87.106.253.248:8080
192.241.146.84:8080
190.115.18.139:8080
65.36.62.20:80
170.81.48.2:80
83.169.21.32:7080
185.232.182.218:80
190.2.31.172:80
77.106.157.34:8080
82.230.1.24:80
202.4.58.197:80
201.213.177.139:80
78.249.119.122:80
123.51.47.18:80
77.90.136.129:8080
60.93.23.51:80
152.169.22.67:80
190.117.79.209:80
60.108.144.104:443
213.197.182.158:8080
82.76.111.249:443
209.236.123.42:8080
190.24.243.186:80
177.74.228.34:80
191.182.6.118:80
96.245.123.149:80
61.197.92.216:80
1.226.84.243:8080
111.67.12.221:8080
216.47.196.104:80
185.94.252.27:443
70.116.143.84:80
187.162.248.237:80
217.13.106.14:8080
80.11.164.185:80
35.143.99.174:80
190.190.148.27:8080
219.92.13.25:80
70.32.115.157:8080
96.227.52.8:443
51.75.33.127:80
95.9.180.128:80
174.113.69.136:80
119.106.216.84:80
111.67.77.202:8080
91.105.94.200:80
178.250.54.208:8080
98.13.75.196:80
2.36.95.106:80
186.70.127.199:8090
116.202.23.3:8080
202.134.4.210:7080
50.28.51.143:8080
45.33.77.42:8080
67.247.242.247:80
137.74.106.111:7080
85.214.26.7:8080
181.30.61.163:443
77.238.212.227:80
185.215.227.107:443
186.103.141.250:443
50.121.220.50:80
74.136.144.133:80
104.131.41.185:8080
61.92.159.208:8080
104.131.103.37:8080
51.15.7.189:80
185.94.252.12:80
94.176.234.118:443
212.71.237.140:8080
5.196.35.138:7080
45.46.37.97:80
70.32.84.74:8080
199.203.62.165:80
38.88.126.202:8080
51.159.23.217:443
155.186.0.121:80
51.38.124.206:80
181.129.96.162:8080
64.201.88.132:80
92.24.50.153:80
189.2.177.210:443
45.16.226.117:443
76.168.54.203:80
185.178.10.77:80
220.109.145.69:80
192.81.38.31:80
68.183.170.114:8080
177.73.0.98:443
138.97.60.141:7080
192.241.143.52:8080
217.199.160.224:7080
185.183.16.47:80
177.129.17.170:443
5.189.178.202:8080
74.58.215.226:80
51.255.165.160:8080
12.162.84.2:8080
149.202.72.142:7080
87.106.46.107:8080
188.135.15.49:80
68.183.190.199:8080
172.104.169.32:8080
68.69.155.181:80
72.47.248.48:7080
Extracted
emotet
Epoch3
71.57.180.213:80
185.86.148.68:443
168.235.82.183:8080
181.113.229.139:443
181.134.9.162:80
217.199.160.224:8080
105.209.235.113:8080
216.75.37.196:8080
97.104.107.190:80
203.153.216.182:7080
107.161.30.122:8080
41.106.96.12:80
202.5.47.71:80
201.235.10.215:80
105.213.67.88:80
115.79.195.246:80
179.5.118.12:80
212.112.113.235:80
139.59.12.63:8080
177.37.81.212:443
81.17.93.134:80
46.32.229.152:8080
66.61.94.36:80
172.96.190.154:8080
176.9.93.82:7080
5.79.70.250:8080
190.212.140.6:80
37.46.129.215:8080
115.165.3.213:80
201.213.177.139:80
187.64.128.197:80
92.24.51.238:80
185.208.226.142:8080
50.116.78.109:8080
46.105.131.68:8080
181.114.114.203:80
190.190.15.20:80
198.57.203.63:8080
188.251.213.180:443
185.142.236.163:443
182.176.95.147:80
143.95.101.72:8080
181.164.110.7:80
113.161.148.81:80
51.38.201.19:7080
31.146.61.34:80
75.139.38.211:80
157.7.164.178:8081
203.153.216.178:7080
212.156.133.218:80
81.214.253.80:443
87.106.231.60:8080
190.164.75.175:80
77.74.78.80:443
179.62.238.49:80
78.189.60.109:443
177.32.8.85:80
195.201.56.70:8080
190.53.144.120:80
75.127.14.170:8080
177.144.130.105:443
178.33.167.120:8080
192.210.217.94:8080
192.241.220.183:8080
188.0.135.237:80
74.208.173.91:8080
182.187.139.200:8080
172.105.78.244:8080
41.185.29.128:8080
197.83.232.19:80
87.252.100.28:80
115.78.11.155:80
192.163.221.191:8080
91.83.93.103:443
139.99.157.213:8080
Extracted
icedid
knockaddress.xyz
Extracted
trickbot
100001
tar2
66.85.183.5:443
185.163.47.157:443
94.140.115.99:443
195.123.240.40:443
195.123.241.226:443
-
autorunName:pwgrab
Extracted
hawkeye_reborn
10.1.2.2
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
castor123@
245f77ec-c812-48df-870b-886d22992db6
-
fields
map[_AntiDebugger:false _AntiVirusKiller:false _BotKiller:false _ClipboardLogger:true _Delivery:0 _DisableCommandPrompt:false _DisableRegEdit:false _DisableTaskManager:false _Disablers:false _EmailPassword:castor123@ _EmailPort:587 _EmailSSL:true _EmailServer:smtp.yandex.com _EmailUsername:[email protected] _ExecutionDelay:10 _FTPPort:0 _FTPSFTP:false _FakeMessageIcon:0 _FakeMessageShow:false _FileBinder:false _HideFile:false _HistoryCleaner:false _Install:false _InstallLocation:0 _InstallStartup:false _InstallStartupPersistance:false _KeyStrokeLogger:true _LogInterval:10 _MeltFile:false _Mutex:245f77ec-c812-48df-870b-886d22992db6 _PasswordStealer:true _ProcessElevation:false _ProcessProtection:false _ScreenshotLogger:false _SystemInfo:false _Version:10.1.2.2 _WebCamLogger:false _WebsiteBlocker:false _WebsiteVisitor:false _WebsiteVisitorVisible:false _ZoneID:false]
-
name
HawkEye Keylogger - RebornX, Version=10.1.2.2, Culture=neutral, PublicKeyToken=null
Extracted
zloader
05/05
https://rswtgmhf.pw/wp-config.php
https://fwgdhdln.icu/wp-config.php
-
build_id
181
Extracted
zloader
June08
June
http://snnmnkxdhflwgthqismb.com/post.php
http://nlbmfsyplohyaicmxhum.com/post.php
-
build_id
149
Extracted
zloader
nut
12/11
https://tfbuildingjoinery.co.uk/robots.php
https://globalpacificproperties.com.au/terms.php
https://www.loonybinforum.com/errors.php
https://luminousintent.com.au/wp-smarts.php
https://espazioabierto.com/wp-smarts.php
https://racriporrosepo.tk/wp-smarts.php
-
build_id
233
Targets
-
-
Target
Remouse.Micro.Micro.v3.5.3.serial.maker.by.aaocg.exe
-
Size
9.5MB
-
MD5
edcc1a529ea8d2c51592d412d23c057e
-
SHA1
1d62d278fe69be7e3dde9ae96cc7e6a0fa960331
-
SHA256
970645912c0c0b6eb857236e6bcbfcafcb0eaf0f19d2b278c5b180ee31bb8a5d
-
SHA512
c8d9fc14c74c87284ed92d7879e5968129572b8fc4e921f48a14b82b98f26737f89daa87213cd9068fa53a8ef84b8e07f1ce053f06790d417ff8dc621b346cab
-
SSDEEP
196608:xQc+2jD8ZyCMeiA24G4jLonzU04DjmLy8OVKLlVT7H39:2c+cD4DMvA24PLMzU0+mLyJVKfX9
Score3/10 -
-
-
Target
-
Size
372KB
-
MD5
2c959a0f9af72398f115f839397c3396
-
SHA1
80b078a6b74a17e6147321f3b3104bf91b4262f2
-
SHA256
cc0c949be6493aa98619cd591e6b4a0488eef3227b53fbaeac4309fab9efd206
-
SHA512
511bd3992e5345c7d2b0a728f2f8ce7d18ebbc46ee41afaa4a6e4dfa937c28ca799361d286196b327e01df81981bfbc88b15ca1ad0d49fdaad46436e5735170c
-
SSDEEP
3072:/drfV7YqW8waq6ciakIC/BwdrZ4P8Y5gla79yQ1yAnYgoFC3Wxl2G7mr3HWJtRIn:FrV7YqW83q6ciH/B6QZn8nTI
-
Icedid family
-
IcedID First Stage Loader
-
-
-
Target
SecuriteInfo.com.Generic.mg.cde56cf0169830ee.29869
-
Size
486KB
-
MD5
cde56cf0169830ee0059ee385c0c5eaf
-
SHA1
08aacb48ffcdc6b49af18d01155982984de230f7
-
SHA256
cb762227729d0faadc4c33a4a55b513673a9c76284773535b0e07d7e47d8413e
-
SHA512
234ddd4191c1abdfe04d9cc1afe2fed2901ef4d38404d0568a356218bc62096d200dd8ec28c8980da4a5852b0a481bf698b244f51d13560b303285b99105b3dd
-
SSDEEP
6144:o3uSkuqpikJJ0Zkt5GSd2OwuXz//71gJtpdY2/jF6qA6VSFzH0ZUH:vJuqIIoU5HdeuD//+3JcDqSFzz
-
Zloader family
-
-
-
Target
SecurityTaskManager_Setup.exe
-
Size
2.9MB
-
MD5
444439bc44c476297d7f631a152ce638
-
SHA1
820fcb951d1ac8c2fda1a1ae790f52eb1f8edf2e
-
SHA256
bc2d5417a6bf47d53c20c280f6e4b1a3e00dc0b6bbd3e26b2e591fd2f2dc4cc3
-
SHA512
160f4b095d37a9f4c6279a4a19f072e170c5f819d0e8e588b2503711b9e2eaac9567b48a9e42bf15af50ba60e64ef97a64e003230369aec0b032cb2030fdca00
-
SSDEEP
49152:4s+HgXcROcfipeyNcRmyQLCUOE+N+2JLKmltavtaKhGiD79l+90U:4s+9ROcapelxQLGEjscg6939l+V
Score4/10 -
-
-
Target
Treasure.Vault.3D.Screensaver.keygen.by.Paradox.exe
-
Size
10.5MB
-
MD5
8103aad9a6f5ee1fb4f764fc5782822a
-
SHA1
4fb4f963243d7cb65394e59de787aebe020b654c
-
SHA256
4a5da8ebf650091c99c7a9d329ecb87533c337ab9e5642ff0355485ed419ec40
-
SHA512
e65b7d2bdfda07a2ca22d109d39d98395915ee9ec486c44f358885e03bc3e9f9be0ce81706accbe412243ef8d62b9e364f6b1961cfe4469f3c3892821fccfae8
-
SSDEEP
196608:CQq8NSRYBrs7LgUGCdpV9KhK7ByrkisRdslNn9YOa5QfKJIJM0hI/oVytz:CQq8NkYBCPGCdpbyK7ByrkikdsGOynq2
Score3/10 -
-
-
Target
VyprVPN.exe
-
Size
1.6MB
-
MD5
f1d5f022e71b8bc9e3241fbb72e87be2
-
SHA1
1b8abac6f9ffc3571b14c68ae1bc5e7568b4106c
-
SHA256
08fb58bfaee81d99cbb71bf71ba8f2ab4f107563c5b0c3f20484d096b337e50d
-
SHA512
f16130958a3ff33b21623881cbdeec018dd031b4aeb01bbb676c4bdeb1ec1d4f7d312efab48b4125eaaf6ea1c8b0aa4e037b1959af1f10c2a55fbc2da9f3924f
-
SSDEEP
24576:nTadGsNY1i8fWCsSpqq5M0bOk61uyG2CWm3U9X+Y0ttcN0sH2U9:nsGsm1qSp/MzRuI19X+Y0w39
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
WSHSetup[1].exe
-
Size
898KB
-
MD5
cb2b4cd74c7b57a12bd822a168e4e608
-
SHA1
f2182062719f0537071545b77ca75f39c2922bf5
-
SHA256
5987a6e42c3412086b7c9067dc25f1aaa659b2b123581899e9df92cb7907a3ed
-
SHA512
7a38be8c1270b1224be4975ad442a964b2523c849f748e5356156cdce39e494c64ca80b0d99c1d989d77f072902de8972e0b113894c9791fb0cabf856dbba348
-
SSDEEP
12288:vI3h+hoVEZnvy/hF4CMWZrU7S/iAfMIItotPP2rbPCrF7:vu+hIE9BYO7S/iAOtc4be
Score3/10 -
-
-
Target
Yard.dll
-
Size
400KB
-
MD5
3cf481ccbb1019894fcbacb554f3bda1
-
SHA1
63c11153ab0afb36703723c5121cd0e9b48ac6e8
-
SHA256
c8c5815fe4a06a752e51f79332a393db1f91a8e39b67899aa996e4ca76cfa675
-
SHA512
628e34581b3ebc7645639f2e6da19ce15afb794cc032e99d895841eecef0bd372da27895a9485bb18630864b921c1239fa6e4904d6bd6f54ca80a220a3fe66d0
-
SSDEEP
6144:eUtz+achtLV3moKNkmxl2w3tgLCEpakLVF7Lsno1oVb67Yf2zBo3:Lz8ht5l0SuYLsAodqo2zBO
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Zloader family
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-
-
-
Target
b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb (2).exe
-
Size
209KB
-
MD5
417457ac3e000697959127259c73ee46
-
SHA1
e060125845cc1c4098f87632f453969ad9ec01ab
-
SHA256
d74e9aa01bffcb4944742f93ad5b87d4c057f4faad008f04f7397634fe3f234d
-
SHA512
7e2dac573db052dc03d89499d9e879bc530e94f3d1235898064aa87e99aee8fced1ac4aeeba342b77afd1480e0584a238ad7cd79cdef9c562bb89d65ba365b31
-
SSDEEP
3072:tnwDl1lJiIPMUMEhTo6pWmuRdIDAP2Oh0oF14tO/m92B96W5ryx0d:y1DUUMETotmubnP2O314am92
-
Zloader family
-
-
-
Target
b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb (3).exe
-
Size
187KB
-
MD5
561d814286baee1b2e815c06e39d6e4e
-
SHA1
12defd78c0cd18d77a5ee085684e6e3c26ed42e9
-
SHA256
f1987289f7a42f8ef652f6f6504991dbf0cd00a92653c544f67f1f25d4361ffc
-
SHA512
01aa8a343625339321e55b5264a1f7f5c15309eccaaf78964e4e6a37c70416c35f64e874afbbaa5e8481c6687cee7fde3382404a24d920711707b8a5359e420b
-
SSDEEP
3072:f4xfbcuY2y7gVX63XkuOTfg36TGqxJnEIQVZWZZpXgA4rtTcclLJruMUx+nU9Ei8:fEk2y7oX6EpfhJnEIUZWLpA5QclLJrT9
-
Zloader family
-
Suspicious use of SetThreadContext
-
-
-
Target
b2bd3de3e5b0e35313263bef4b1ca49c5478d472f6d37d1070a57b1f6aa4f7bb (4).exe
-
Size
183KB
-
MD5
6d2864f9d3349fc4292884e7baab4bcc
-
SHA1
b4e7df23ccd50f4d136f66e62d56815eab09e720
-
SHA256
2b5e50bc3077610128051bc3e657c3f0e331fb8fed2559c6596911890ea866ba
-
SHA512
dcfc50105df4ea00add6dc3d121baa3ff93180a0be71e444e89e3a8249d1fd2103eb34aa61aa57ada45c5a86ed5783a67e10f21eeb9dda802a49f627aaa0cec0
-
SSDEEP
3072:V+EdIHvacHR4IJ1/eIvfHJKsopu5Zu1yiJ1nE8dFZfdcn0TctjCQ9gXaj0jjh3DL:V+aKvac72IfHJmpu5g1yUpE8dFZls0o6
-
Zloader family
-
Suspicious use of SetThreadContext
-
-
-
Target
cd9ccf8681ed1a5380f8a27cd6dc927ab719b04baa6c6583a0c793a6dc00d5f7.exe
-
Size
1.1MB
-
MD5
82b5c0acec3a7946f002c9e555a7125f
-
SHA1
f48992935c658b5685fedc7c8d5ee4b12c19ba6a
-
SHA256
cd9ccf8681ed1a5380f8a27cd6dc927ab719b04baa6c6583a0c793a6dc00d5f7
-
SHA512
e802adf79040570783e77643b4b75853c61e583272aaafc85f7df29fc9b1b42d37753e172a6865082701fde423ce2aa3f19ab3e346126bf0ffb1fae3b360bbd0
-
SSDEEP
24576:9S3tM1EQlFuyzJlvD6gJWa7npqKp6hpKNAaQC:4zQlFfJ96WWa7806OYC
Score10/10-
Revengerat family
-
Drops startup file
-
Suspicious use of SetThreadContext
-
-
-
Target
cobaltstrike_shellcode.exe
-
Size
219KB
-
MD5
8e4d8b8796d2188324a0cfd6fdc8de92
-
SHA1
9e7a053d34eb00e732e470bc28cc1fa4aa030b8f
-
SHA256
1ae532cc0fa2e16cac4f23e289741e256cf517afbbb536aeeb0d7cd601bc05a1
-
SHA512
db4ced8b71b63a7bd48a5bf96270e99c7380865ec31e875b9e0862535298828f4bbae3a4feeb52ef507a8ba461b744c1ce338e3ed191e90cb7079f209ecdbcf3
-
SSDEEP
6144:b5E/nRS7UwaWiVDSYOY0iZ4i1GrTxI43ZB:b5lUpDSCFfApP
Score10/10-
Cobaltstrike family
-
-
-
Target
default.exe
-
Size
211KB
-
MD5
f42abb7569dbc2ff5faa7e078cb71476
-
SHA1
04530a6165fc29ab536bab1be16f6b87c46288e6
-
SHA256
516475caf3fbd1f0c0283572550528f1f9e7b502dce5fb6b89d40f366a150bfd
-
SHA512
3277534a02435538e144dea3476416e1d9117fcddef3dcb4379b82f33516c3e87767c3b0d2b880e61a3d803b583c96d772a0bdeecbfc109fe66444e9b29216af
-
SSDEEP
6144:zia1vcaEaA+HPsISAzG44DQFu/U3buRKlemZ9DnGAeWBES+:zHctWvVSAx4DQFu/U3buRKlemZ9DnGAn
-
Buran
Ransomware-as-a-service based on the VegaLocker family first identified in 2019.
-
Buran family
-
Detects Zeppelin payload
-
Zeppelin Ransomware
Ransomware-as-a-service (RaaS) written in Delphi and first seen in 2019.
-
Zeppelin family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (6069) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Deletes itself
-
Executes dropped EXE
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
ec4f09f82d932cdd40700a74a8875b73a783cbaab1f313286adf615a5336d7d3
-
Size
917KB
-
MD5
d592e787314d1c327dbc2da117e1dc59
-
SHA1
ba3a26eaa200d53129e304078309758bbb3c95f1
-
SHA256
ec4f09f82d932cdd40700a74a8875b73a783cbaab1f313286adf615a5336d7d3
-
SHA512
1e805105ab482c752bd24afa028daa3e7bd83f0258510a6fa2ea0c90eb44d1eec590c926982252dbf3a28bb070befbaea5e78c00d556bd9b380a3c79f1480cf7
-
SSDEEP
24576:Hk5FAciH/EjiQXFPQ0NQaScQqYLQnasbbTq4cSJG:Hk5O/EjiuFP32CYL/wnqlUG
Score10/10-
Detected Djvu ransomware
-
Djvu family
-
-
-
Target
efd97b1038e063779fb32a3ab35adc481679a5c6c8e3f4f69c44987ff08b6ea4.js
-
Size
920KB
-
MD5
4339e3b6d6cf2603cc780e8e032e82f6
-
SHA1
195c244a037815ec13d469e3b28e62a0e10bed56
-
SHA256
efd97b1038e063779fb32a3ab35adc481679a5c6c8e3f4f69c44987ff08b6ea4
-
SHA512
a87c47c998f667eb8ac280f4e6dc3df182d721c44267c68ee042c17e8168115e38f2e1d59c6928ca595bb93b3bfd112cbd7bffb0ee6ff8ca81f469056f26ff87
-
SSDEEP
12288:obIkK9q/oPvPrNAuPfZpAvJvqWTe57Zb8Pyfdyr4G8HdsNhAwpC:obDcnrNtPfZpYvqWTeDQIdyrb8HqhNpC
Score3/10 -
-
-
Target
emotet_exe_e1_ef536781ae8be4b67a7fb8aa562d84994ad250d97d5606115b6f4e6e2992363f_2020-11-17__174504._exe
-
Size
505KB
-
MD5
cbe9aa4dce4217491cf9bffae2c66537
-
SHA1
2b7a15303157f8b9f1cce01e5e7a130628eb2c22
-
SHA256
ef536781ae8be4b67a7fb8aa562d84994ad250d97d5606115b6f4e6e2992363f
-
SHA512
71e2736fafa1be308ef341a937a1c6d0dc5a311952bfb9bfbd492c2e16950508f1aea5e63a8e3614c9a35cdc6a684d3ff6e2dba38fe483af74508d3df41262a5
-
SSDEEP
6144:DaRhOv5KaMqEZD+m6eewOmkGOYQ87wwzcCgZi3lzAOAWPcnLiG8Ztkq66ti9pdZx:wOKhDD6yUGOYQto3lzAOATStkfxeY
-
Emotet family
-
Executes dropped EXE
-
Drops file in System32 directory
-
-
-
Target
emotet_exe_e3_93074e9fbde60e4182f5d763bac7762f2d4e2fcf9baf457b6f12e7696b3562c1_2020-11-17__182823.exe
-
Size
448KB
-
MD5
6becbc70725f55f6e6dbe66f383f82bf
-
SHA1
7ea5f70e20171e23ccec3c18da638b78dcadfc5c
-
SHA256
93074e9fbde60e4182f5d763bac7762f2d4e2fcf9baf457b6f12e7696b3562c1
-
SHA512
e3d8815ea584ec745bc103494e123ca489bdc8b8599745548acab449b9630a7e4a8d47c63db752aee63d18d1fec10f961f2f9c4cdc2324c26460c80421e09957
-
SSDEEP
12288:ZfzaBuiszJbE9mO4sl9kHAOyQkNvOzxrq:ZbMmO4sl9gR2Ot2
-
Emotet family
-
Executes dropped EXE
-
Drops file in System32 directory
-
-
-
Target
eupdate.exe
-
Size
87KB
-
MD5
ccfaeed043685c189ef498c3c6f675e7
-
SHA1
6973b66e83db7f6d9ba957a6f9cca60a4983f0e8
-
SHA256
5d81fc6ab3e6c7bd353ee53297478fc10abfc7f851359f81a65dea74c70156ff
-
SHA512
ab8f2d33ec8300d87423f53243f45b720e27d59ab7839d7dcb9d37572c1f4e34536221bfda25dee939218475f44915cac2cf4e9270881af15f53d916bd9dc204
-
SSDEEP
1536:ZzfLlsKsEJQgrsOCvojaWr2mACx9lRMgzIY/M0t4T5y5cum:Z7wngrsOCvov2mACDP/IY00eVyc
Score7/10-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
f4f47c67be61d386e7d757ff89825fa630dd5cc4ed600b5471f9cc18c21e983f.exe
-
Size
332KB
-
MD5
1e0ff1a8078820c5c10652e406d51bef
-
SHA1
e191fdbe58b527301eb4bd244a2258ba1cad0182
-
SHA256
f4f47c67be61d386e7d757ff89825fa630dd5cc4ed600b5471f9cc18c21e983f
-
SHA512
eb1a011724b988362aa52bdcb69d2886b736dbbe72fe9e53fa3530eeec6bb4089519896a88af48df8e99c7010930fb84cd33599e57f8477e8748cf5259e428a0
-
SSDEEP
6144:R+xWEy53Bhj8sW4y9wTeT10hFPascnojIXTvUv7ohqfp2:RSw53Bhj8sW4ya6T6hFPasco4cv7o7
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Bazarbackdoor family
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
-
Size
19KB
-
MD5
6029c37a32d7e4951449e197d4850213
-
SHA1
6ed7bb726b1e04d6858c084bc9bf475a13b77c95
-
SHA256
fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c
-
SHA512
bf3639710e259aa38d0cd028071408bdd41c01ee1bd0ea70a16ada78b848c63886854ed40407242e3a68fd9b5444fce2e6ddc050e0c8a2f578b00f43b6c52b6f
-
SSDEEP
384:EB8JbJPKd1Bf3rNeD9k4NcKlb5sCSvyP5CtrCzYcHe+Z:EBCNPKd155ulNzxoUzYcHe+Z
Score6/10-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
fee15285c36fa7e28e28c7bb9b4cd3940ef12b9907de59d11ab6e2376416d35.exe
-
Size
660KB
-
MD5
b44c5540e020963aca89f3b9a96beb35
-
SHA1
14a6e46be7863db3090d81a18d4e080ac005f437
-
SHA256
fee15285c36fa7e28e28c7bb9b4cd3940ef12b9907de59d11ab6e2376416d350
-
SHA512
63ffac732d6b6b469f6072efa0b4ad0ef224072418b18ed879fe914c3cb64b6714ca4948c5d1816218d611865a1f1747121e126a407acbcc038b4615f9b7fd31
-
SSDEEP
12288:96zG7KjQ+oJLVaRwYdNKxRBUU8vg0whwRKCV50robF7z:9l7eoFsRjdN6BUUP01RKC8EbF/
-
Trickbot family
-
-
-
Target
file(1).exe
-
Size
16KB
-
MD5
9ca9044bbac6aa39072da89d05cb3dcf
-
SHA1
7cb6ec980704bf7eb109918a1cb037deed4341fe
-
SHA256
3ac39ece6e1953f03e88fdfb942bf9f0dcb8d1da643cbd9677032f2ac7861d03
-
SHA512
5f6cfae5220c219455a180ee6a6fe094fe73475be6acdef24f33476a995097c355af0cf147fd6b986ca3bd84eee0b4928a6d08cabfab63f101259e05d037d9bd
-
SSDEEP
384:9jmvn8X19vieB6gb9oDPlMNcLlb5sVKRye5Ct:9jmvni19TBDclMNEho
Score1/10 -
-
-
Target
file.exe
-
Size
101KB
-
MD5
88dbffbc0062b913cbddfde8249ef2f3
-
SHA1
e2534efda3080e7e5f3419c24ea663fe9d35b4cc
-
SHA256
275e4633982c0b779c6dcc0a3dab4b2742ec05bc1a3364c64745cbfe74302c06
-
SHA512
036f9f54b443b22dbbcb2ea92e466847ce513eac8b5c07bc8f993933468cc06a5ea220cc79bc089ce5bd997f80de6dd4c10d2615d815f8263e9c0b5a4480ccb4
-
SSDEEP
1536:fkSJkZlpqwZoMoG5XoZnOZBX7D/3BINVRX3FjBqa8D3tSYS9h:MXlpqwZoMz5XoZncB/3BINZjy9SYS
Score7/10-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
-
-
Target
gjMEi6eG.exe
-
Size
23KB
-
MD5
9ab1a677fb73e7c5a41d151c4c21f69e
-
SHA1
10219ed34a3f76ca7fe30eb27a1a78d83c9ada37
-
SHA256
2027c43348230de4a40e7ec590d692f744f36cdb13eb65f599983158e920cdb9
-
SHA512
0c9f2e1555c36a3742a2ec604faf9a89bfd856946024596912bc116ad7f4fd15ee67969704956d30d70e7b6cb3a626168c309add57469adb03d389df0596f3c5
-
SSDEEP
384:nY324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZtd:wL2s+tRyRpcnuQ
-
Njrat family
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
good.exe
-
Size
143KB
-
MD5
b034e2a7cd76b757b7c62ce514b378b4
-
SHA1
27d15f36cb5e3338a19a7f6441ece58439f830f2
-
SHA256
90d3580e187b631a9150bbb4a640b84c6fa990437febdc42f687cc7b3ce1deac
-
SHA512
1cea6503cf244e1efb6ef68994a723f549126fc89ef8a38c76cdcc050d2a4524e96402591d1d150d927a12dcac81084a8275a929cf6e5933fdf62502c9c84385
-
SSDEEP
3072:VMb/kbqjO/3FxV8l8wiEXHPV9r99rWhzAxH7wpjv4z:VMxo3Z8BvV9rL6h2H7wJ4
-
-
-
Target
hyundai steel-pipe- job 8010(1).exe
-
Size
721KB
-
MD5
0999a03694a1c97a43ac0de89cbf355e
-
SHA1
0c8fdd4c3b40c4827662baa0c89b5b50d8f0cf1d
-
SHA256
8a9bcb387cd155170986cd1938beb317ee1ee511bcb6175a6d292bd976cca15b
-
SHA512
6515a13d561d2adb08fd53dba80ecd7ee264b66080848e0c845f63313eb9a828c6be8014d6db47f8ac910e24848dd74c57aae00a92ebe9b4efd97676e0365fe9
-
SSDEEP
12288:wdnX6tet6u5CB6m6FQgsPQCjyEtbK7DSQDnwjAR7EOP9uSlcC3ro:QXUim6m6FyPJzcQjNSuYro
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
Hawkeye_reborn family
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
M00nd3v_logger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
hyundai steel-pipe- job 8010.exe
-
Size
721KB
-
MD5
0999a03694a1c97a43ac0de89cbf355e
-
SHA1
0c8fdd4c3b40c4827662baa0c89b5b50d8f0cf1d
-
SHA256
8a9bcb387cd155170986cd1938beb317ee1ee511bcb6175a6d292bd976cca15b
-
SHA512
6515a13d561d2adb08fd53dba80ecd7ee264b66080848e0c845f63313eb9a828c6be8014d6db47f8ac910e24848dd74c57aae00a92ebe9b4efd97676e0365fe9
-
SSDEEP
12288:wdnX6tet6u5CB6m6FQgsPQCjyEtbK7DSQDnwjAR7EOP9uSlcC3ro:QXUim6m6FyPJzcQjNSuYro
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
Hawkeye_reborn family
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
M00nd3v_logger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
infected dot net installer.exe
-
Size
1.7MB
-
MD5
6eb2b081d12ad12c2ce50da34438651d
-
SHA1
2092c0733ec3a3c514568b6009ee53b9d2ad8dc4
-
SHA256
1371b24900cbd474a6bc2804f0e79dbd7b0429368be6190f276db912d73eb104
-
SHA512
881d14d87a7f254292f962181eee79137f612d13994ff4da0eb3d86b0217bcbac39e04778c66d1e4c3df8a5b934cbb6130b43c0d4f3915d5e8471e9314d82c1b
-
SSDEEP
49152:znsHyjtk2MYC5GDbQ2cRQh9GexmCxBxVV56CmWQax:znsmtk2aj2cROGom6mGvx
Score10/10-
Xred family
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
inps_979.xls
-
Size
228KB
-
MD5
56fc044937a072471fdd8d63b874e04a
-
SHA1
738552f8db33ac0271aa860775815f3d1b291980
-
SHA256
59afe59cdbebf60434bd78270826ca9689c3765264dfcace312b89c606c0a962
-
SHA512
dbaf2e36ec17d474c829d847705de796bea153b784c8e894d4ff7bebb3bfcdf01447d97f217d9303e0eed5aa9b39046b75b2581331be28771582af2ea48c960b
-
SSDEEP
3072:bfMhNhd8o7Vym+BoOvuuUVZV/AHyhb3/7428JMPvjLJKHpEYC5ZNWehxleT0t:bfMhL70DBoOmf1FbAJMWEYC5Z3leA
Score1/10 -
-
-
Target
jar.jar
-
Size
81KB
-
MD5
9e8b6710fdd55ad0675295c2c3960732
-
SHA1
aed08772376bde9f848f335e77e2e3c3c230234d
-
SHA256
f2fb2d0c469abc0add346ef809ad86e0194400d391a2e5429b8cbeea2711bbad
-
SHA512
26f94b0b9766e9c244297cbe4af78f1b09087fbe471f099b5a77f5ca76fd5c905ee4d36188af67dbd6dc2c7f8402c882d0d2503a288af277840a1025562eac96
-
SSDEEP
1536:0GZABd/SAZR5RzfFMAjP/jg6X4bUdv/mIgQnXOunxgCfj:jZ0d//JfyAz/XIbCvOIgQemWCfj
Score10/10-
Qnodeservice family
-
Executes dropped EXE
-
-
-
Target
june9.dll
-
Size
491KB
-
MD5
f8a7273ef763776e5612ac1f47f6d405
-
SHA1
c51f2a884c024e442c1ae0d9bf9511c96a1fa02c
-
SHA256
c653365657fbf65429ad845d0a0d93106e972aca929739560ff4b4796bd2be08
-
SHA512
5ea060662350237d38d2c6a3c1da5fd7aeec6c05e71cdbb2725fcac47ad8e5c9568adc937329397108ab0cecdf29e9a811ab7e183884dd3044d7c5a6089f88aa
-
SSDEEP
12288:uDKxKMk8ChMNo+e8kGOK9ab4ozUWdBENcYcj6D9r6W3FaOi:uDjMk8IMNYnGOSSjgW41QEv1aO
-
Zloader family
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
2JavaScript
1Scheduled Task/Job
1Scheduled Task
1Windows Management Instrumentation
1Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Indicator Removal
1File Deletion
1Modify Registry
4Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1