Overview

overview

10

Static

static

1

star0pti.zip

windows7-x64

8

star0pti.zip

windows10-2004-x64

1

star0pti/i...es.jpg

windows7-x64

1

star0pti/i...es.jpg

windows10-2004-x64

3

star0pti/python.txt

windows7-x64

1

star0pti/python.txt

windows10-2004-x64

1

star0pti/setup.bat

windows7-x64

10

star0pti/setup.bat

windows10-2004-x64

10

star0pti/star.py

windows7-x64

3

star0pti/star.py

windows10-2004-x64

3

star0pti/start.bat

windows7-x64

1

star0pti/start.bat

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    star0pti.zip

  • Size

    16KB

  • Sample

    241207-l151esxmfy

  • MD5

    86189cdc7796c94aff170a7d3b1fed50

  • SHA1

    cd70922492c1e4fbc93a993e42c06f8137199c2a

  • SHA256

    d7bd07a7eb03eb5504dc3709eaa3acaa46d0953e62a559643f0230a6512624f9

  • SHA512

    d180982f180b76d9fe86564ebebaee30b2886972525f29fd63f4cbf9f1ec4842907be01e4198581f16bbbc72712e46aaa36c26ce3f284a6152d8b00038db5267

  • SSDEEP

    384:J31/+iM2rU5eDwYvEVaK1V/MhcdCs5lFwKfDuKw3KofEMP1jVJabt2G:J4HqqGKT/MudCs5letKLiJVJa2G

Score
10/10
adwinddiscoveryexecutionpersistencetrojan

Malware Config

Targets

    • Target

      star0pti.zip

    • Size

      16KB

    • MD5

      86189cdc7796c94aff170a7d3b1fed50

    • SHA1

      cd70922492c1e4fbc93a993e42c06f8137199c2a

    • SHA256

      d7bd07a7eb03eb5504dc3709eaa3acaa46d0953e62a559643f0230a6512624f9

    • SHA512

      d180982f180b76d9fe86564ebebaee30b2886972525f29fd63f4cbf9f1ec4842907be01e4198581f16bbbc72712e46aaa36c26ce3f284a6152d8b00038db5267

    • SSDEEP

      384:J31/+iM2rU5eDwYvEVaK1V/MhcdCs5lFwKfDuKw3KofEMP1jVJabt2G:J4HqqGKT/MudCs5letKLiJVJa2G

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      star0pti/isaac nudes.jpeg

    • Size

      5KB

    • MD5

      2c6ae009ebdc8e3e219e5a0cbd8c86c2

    • SHA1

      ee5421b2f4c3a3bb0a4f9ab6920b509cf46a1e47

    • SHA256

      d5558e1855fc4d71fa1ca4579fb3cb92c96ae05ba5f4031cf1431e53e6a9cc6c

    • SHA512

      a430b254db853082ec500be1fbd7c9cbd4ac262fc98560153a9d1e0a47fb2e250478398ca521c960d7756bb574b3c5378621eb76595a686194bbfce9f6f94ea9

    • SSDEEP

      96:NSbZgvpNN29poHyVXPH40xxyVpfG+TTVnkKNYg4kSbjEGR2ZlBHgtVS21BQZxZ9q:NSbqMpoSVpmVpfVXN/5/BHgnSsBiLivf

    Score
    3/10
    behavioral3behavioral4

    • Target

      star0pti/python.txt

    • Size

      64B

    • MD5

      f568ff41e63833dd123721f7f01ffbd3

    • SHA1

      4c7ebcca38a65315b9605454ff0f265c32eb2919

    • SHA256

      b1ad06f80a817c3cacf81e702013b627c3e95803a79128c87c1a44f9d879abae

    • SHA512

      aa596003b6ecfeccf829e8cc18500caa8edede46cce494f4749bb3982a43449110f5db08bd26c32c8ed042d563fe908eeda5dbd1fa1ccfe507f9a9ca9293db68

    Score
    1/10
    behavioral5behavioral6

    • Target

      star0pti/setup.bat

    • Size

      8KB

    • MD5

      0d17d312203f1d1ebde2220059ef0e7a

    • SHA1

      b76d8b16fa0b19a1e1cef790899df37fd79ec5ee

    • SHA256

      bd7ba83939ec4eb9b93c71e235dadc323f6712897992fb2c41cf642fba64c932

    • SHA512

      6033bd2a00164c99759178b5b110ed8d02589bf604df70df51db77b6a4851fb74e64fd3b3133beb213a7d02301ce8a34b3eb98822d6184b207b9c2cc254088e0

    • SSDEEP

      96:pzz9S0elYeRDSXVA0RPgQ0NQriFxdEXTcbMDjMYZUbqwYcA0x/5BTPbiDcIj9g/N:lzQ0e6fV/zljT9DjMaDKRBY6n580wix

    Score
    10/10
    executionadwinddiscoverypersistencetrojan

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

      trojanadwind

    • Adwind family

      adwind

    • Class file contains resources related to AdWind

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral7behavioral8

    • Target

      star0pti/star.py

    • Size

      50KB

    • MD5

      782b30a2348d59e4dcc26f9986163cf8

    • SHA1

      fab67e59f92986513910d2fce542392ddc4ee6f3

    • SHA256

      c37e694a6351bec9a9a605aeae38b7523bf902760496295a711c7321e8227b37

    • SHA512

      e9ab3221b7c8130d9049878a636de529e85b93d9af04fd7da324bc23fd5929ae1a276d08acc960f7906aa3968ede08710933bee02975f99b65e222b6eb18bd32

    • SSDEEP

      384:IEkPsRW6FBN2P4O4JCtAJOO6ONixeqSNylIAlkhxqT0yIR73P1P2f+oMhItywPIL:IEhFBcZONodlIAlkj2YZd2E4m

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      star0pti/start.bat

    • Size

      14B

    • MD5

      37e1d7da2ce524aae81c4676f25e85b7

    • SHA1

      05922df17ac6b3eb7bca58532eb5177c7fd4730b

    • SHA256

      ddd86e10b7c0885caf5706b9a8c537463d8bfbdd634f176a3d9b38348def4d06

    • SHA512

      3bd238390fd37c45c06c758e9503c151874239793baf2fce96717e9562e54141c822e4a8778548600209f9fc5c4d9681a66c7ec3c5829d72f1813a1b5ba63603

    Score
    1/10
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Modify Registry

1
T1112

Credential Access

Discovery

Browser Information Discovery

1
T1217

Query Registry

2
T1012

Remote System Discovery

1
T1018

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks