Overview
overview
10Static
static
10Valid8Proxy.rar
windows7-x64
1Valid8Proxy.rar
windows10-2004-x64
1Valid8Prox...er.exe
windows7-x64
1Valid8Prox...er.exe
windows10-2004-x64
6Valid8Prox...r1.exe
windows7-x64
7Valid8Prox...r1.exe
windows10-2004-x64
7Valid8Proxy.pyc
windows7-x64
3Valid8Proxy.pyc
windows10-2004-x64
3Valid8Prox...er.exe
windows7-x64
7Valid8Prox...er.exe
windows10-2004-x64
7General
-
Target
Valid8Proxy.rar
-
Size
16.3MB
-
Sample
241204-zwzvha1mfw
-
MD5
b8cee40f531f0bb3bd060183ce70661b
-
SHA1
599e540a4f7c739776c0ba87eec4db2a7ecbcf5c
-
SHA256
15b88cd6893f3b2592b58b6daafb976225a3a73ab8e3bfab08c0c49024013849
-
SHA512
e3a98b3fb7dca428b548dcb092aaf4fb098ff199f73a90af3ef969c2b66fcfac23fe581880d148eb25b3e2f97f8672ab81461490c85fd4f33143b942b19553df
-
SSDEEP
393216:P9Lq099Q3X/IZDpR8VRCEU3kRlalcm8kmG:P9u09i3XgTKC30jw/Z
Behavioral task
behavioral1
Sample
Valid8Proxy.rar
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Valid8Proxy.rar
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Valid8Proxy/Data/Modules/Checker.exe
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
Valid8Proxy/Data/Modules/Checker.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Valid8Proxy/Data/Modules/Checker1.exe
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
Valid8Proxy/Data/Modules/Checker1.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Valid8Proxy.pyc
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Valid8Proxy.pyc
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Valid8Proxy/ProxyChecker.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Valid8Proxy/ProxyChecker.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
skuld
https://discord.com/api/webhooks/1313972820706856980/h57oX7AEwic5AO0sJB8QgnM6d0-QgiNptLLpBmeMmQMd9PWETyfgsSs3Cygz9JMsGONj
Targets
-
-
Target
Valid8Proxy.rar
-
Size
16.3MB
-
MD5
b8cee40f531f0bb3bd060183ce70661b
-
SHA1
599e540a4f7c739776c0ba87eec4db2a7ecbcf5c
-
SHA256
15b88cd6893f3b2592b58b6daafb976225a3a73ab8e3bfab08c0c49024013849
-
SHA512
e3a98b3fb7dca428b548dcb092aaf4fb098ff199f73a90af3ef969c2b66fcfac23fe581880d148eb25b3e2f97f8672ab81461490c85fd4f33143b942b19553df
-
SSDEEP
393216:P9Lq099Q3X/IZDpR8VRCEU3kRlalcm8kmG:P9u09i3XgTKC30jw/Z
Score1/10 -
-
-
Target
Valid8Proxy/Data/Modules/Checker.exe
-
Size
9.9MB
-
MD5
2e5f6d90c4dd26305e90ac8920173706
-
SHA1
589f18f5e5fbf4b9f90e1c4c249236397eaf9d43
-
SHA256
94ffb8c60d3264f267cf19a43ed109c766e22884747e7b9b86a2bf44911bc248
-
SHA512
6e59448b5f56d6f15e5e157f61bd5779df7ce5a7d941622e6f076d180cf55344ea5378c6a9000c27d2fac67d792dfb4771845ece5e6df60fda7b86a75285a250
-
SSDEEP
98304:nglet6sFODTir3/pi9Arhsmu+bP8EOWGgbZm9Fzl:ngxsFODGrschsmumP1xUz
Score6/10-
Adds Run key to start application
-
-
-
Target
Valid8Proxy/Data/Modules/Checker1.exe
-
Size
12.1MB
-
MD5
c80d62ea9392b55404d34513ea87aac8
-
SHA1
47fbed6b45f7ec59f64f2328cb5c2397102fcbf2
-
SHA256
0ec753374174c21ad50f39c68611bab1fc687c8359c2fe8d5cdb24c9c859fa77
-
SHA512
3f9a47489b66e8f9a093b69bbd7a4d3a4793fcab24a48a86233244b4a7204a7eaa4b0e93078632b4131f7275970189b7aeb41bc395a9798ce989b63f949c6511
-
SSDEEP
196608:99EaY7HakrIK63UtauZijIXMCHGLLc54i1wN+gPIcu9KYK39shSEo3PPyIkMeKOO:IPae63hucsXMCHWUjvcuId9/PyjrF
Score7/10-
Loads dropped DLL
-
-
-
Target
Valid8Proxy.pyc
-
Size
11KB
-
MD5
430e5da13005a3086397b5935ba25fbf
-
SHA1
ec1ee42e9ad3196edb2afe9ee73080c7d1cbc5be
-
SHA256
bd7f72d6e89b5dd538f5b6b9483971d4c5d004f197efbc305ea73625f173acb3
-
SHA512
a332f0c63a8c93da26c4af99a6fd5bf92e05eec6eb41fa5bc03b29d18da85dea33e2885dc76a6dbb97f2f91a711e5362dffc468b5d3e550bb7c4854be9a80cc0
-
SSDEEP
192:daQa99LRLnTXXXAXBXuX1JeKx+QtO8kRX4bjrlVPGNMaS54EVfuNhimXNVQEEFkE:daQaHxZkxqjTNQxZ2e0259y
Score3/10 -
-
-
Target
Valid8Proxy/ProxyChecker.exe
-
Size
582KB
-
MD5
82c493c58ad0ed2255d1500840d1d75c
-
SHA1
24b2997983add8d90e896af2dbdc32cf19895389
-
SHA256
325a912d9f9f4878cfc13a45a2da2494b4c4080c39d8a40166eb39c6ef3d24a0
-
SHA512
68f91fe3693dffdaadf28ad5dd3719cdfddff6e4729f48774ae336aef97908d8bc2c419aff65a7d4cbe24e2b85ea2f311dfec2de1136ed7fd7374d2d3ead8c88
-
SSDEEP
6144:oOaTmuaJ0GFRabVg8O1lFrRawLmKx85EJXlkc3rNPWyXJJy1LDR6qwYelXN1C4q1:oOSmvFobVgZtCKZX97NPWyXgteYILQ
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1