General
-
Target
The-MALWARE-Repo-master.zip
-
Size
198.8MB
-
Sample
241213-176b4a1qej
-
MD5
af60ad5b6cafd14d7ebce530813e68a0
-
SHA1
ad81b87e7e9bbc21eb93aca7638d827498e78076
-
SHA256
b7dd3bce3ebfbc2d5e3a9f00d47f27cb6a5895c4618c878e314e573a7c216df1
-
SHA512
81314363d5d461264ed5fdf8a7976f97bceb5081c374b4ee6bbea5d8ce3386822d089d031234ddd67c5077a1cc1ed3f6b16139253fbb1b3d34d3985f9b97aba3
-
SSDEEP
6291456:wNl3aFW2h9/fiTwCzCLS6iilVkLZgAEtknRzq:wDaFd//Orcpi4VkL6AfRG
Malware Config
Extracted
njrat
0.7d
Geforce
startitit2-23969.portmap.host:1604
b9584a316aeb9ca9b31edd4db18381f5
-
reg_key
b9584a316aeb9ca9b31edd4db18381f5
-
splitter
Y262SUCZ4UJJ
Extracted
remcos
1.7 Pro
Host
nickman12-46565.portmap.io:46565
nickman12-46565.portmap.io:1735
-
audio_folder
audio
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
5
-
copy_file
Userdata.exe
-
copy_folder
Userdata
-
delete_file
true
-
hide_file
true
-
hide_keylog_file
true
-
install_flag
true
-
install_path
%WinDir%\System32
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%WinDir%\System32
-
mouse_option
false
-
mutex
remcos_vcexssuhap
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screens
-
screenshot_path
%AppData%
-
screenshot_time
1
-
startup_value
remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Extracted
revengerat
Guest
0.tcp.ngrok.io:19521
RV_MUTEX
Targets
-
-
Target
The-MALWARE-Repo-master/Trojan/ColorBug.exe
-
Size
53KB
-
MD5
6536b10e5a713803d034c607d2de19e3
-
SHA1
a6000c05f565a36d2250bdab2ce78f505ca624b7
-
SHA256
775ba68597507cf3c24663f5016d257446abeb66627f20f8f832c0860cad84de
-
SHA512
61727cf0b150aad6965b4f118f33fd43600fb23dde5f0a3e780cc9998dfcc038b7542bfae9043ce28fb08d613c2a91ff9166f28a2a449d0e3253adc2cb110018
-
SSDEEP
1536:ynqAKryDLrASOcRw52sjzIUK7RkYrJ2lrKX:SNdMT8Z8cX
Score6/10-
Adds Run key to start application
-
-
-
Target
The-MALWARE-Repo-master/Trojan/DesktopPuzzle.exe
-
Size
239KB
-
MD5
2f8f6e90ca211d7ef5f6cf3c995a40e7
-
SHA1
f8940f280c81273b11a20d4bfb43715155f6e122
-
SHA256
1f5a26f24a2bfdd301008f0cc51a6c3762f41b926f974c814f1ecaa4cb28e5e6
-
SHA512
2b38475550edee5519e33bd18fea510ad73345a27c20f6457710498d34e3d0cf05b0f96f32d018e7dc154a6f2232ea7e3145fd0ed5fb498f9e4702a4be1bb9c8
-
SSDEEP
3072:r/3qftCdbSFtY8Zf8pOk0rHitNWIekbnfFPsr24Cv/Eng9m3ihlCeKH6Fb6aX3WA:WoI/rC0k7ar68nimCYHe3qZr0SlC
Score3/10 -
-
-
Target
The-MALWARE-Repo-master/Trojan/DudleyTrojan.bat
-
Size
176B
-
MD5
6784f47701e85ab826f147c900c3e3d8
-
SHA1
43ae74c14624384dd42fcb4a66a8b2645b3b4922
-
SHA256
39a075e440082d8614dbf845f36e7a656d87ba2eb66e225b75c259832d2766bc
-
SHA512
9b1430a426bf9a516a6c0f94d3d20036a306fae5a5a537990d3bcf29ebf09a4b59043bbe7ef800513ea4ac7fe99af3cac176caa73cd319f97980e8f9480c0306
Score1/10 -
-
-
Target
The-MALWARE-Repo-master/Trojan/L0Lz.bat
-
Size
6KB
-
MD5
74f8a282848b8a26ceafe1f438e358e0
-
SHA1
007b350c49b71b47dfc8dff003980d5f8da32b3a
-
SHA256
fc94130b45112bdf7fe64713eb807f4958cdcdb758c25605ad9318cd5a8e17ae
-
SHA512
3f73c734432b7999116452e673d734aa3f5fe9005efa7285c76d28a98b4c5d2620e772f421e030401ad223abbb07c6d0e79b91aa97b7464cb21e3dc0b49c5a81
-
SSDEEP
192:tlYUT1jLPD5mZkRr3TfLQ4/zus8joPRJRqU1jXEmo:tlY85XW
Score8/10-
Modifies Windows Firewall
-
Drops startup file
-
Network Share Discovery
Attempt to gather information on host network.
-
-
-
Target
The-MALWARE-Repo-master/Trojan/LoveYou.exe
-
Size
22KB
-
MD5
31420227141ade98a5a5228bf8e6a97d
-
SHA1
19329845635ebbc5c4026e111650d3ef42ab05ac
-
SHA256
1edc8771e2a1a70023fc9ddeb5a6bc950380224b75e8306eb70da8eb80cb5b71
-
SHA512
cbb18a6667b377eb68395cfd8df52b7d93c4554c3b5ab32c70e73b86e3dedb7949122fe8eea9530cd53944b45a1b699380bf1e9e5254af04d8409c594a52c0e7
-
SSDEEP
384:o4LBivz/4RHCxN3IBUDzfGWCw2cKgDwg7dEsL9s+cLUoHl:o4LBu74Ro9ImnfGWJ2cKgsgZDW+cLUe
Score1/10 -
-
-
Target
The-MALWARE-Repo-master/Trojan/MEMZ.exe
-
Size
14KB
-
MD5
19dbec50735b5f2a72d4199c4e184960
-
SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822
-
SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
-
SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
-
SSDEEP
192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj
Score7/10-
A potential corporate email address has been identified in the URL: [email protected]
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
-
-
Target
The-MALWARE-Repo-master/Trojan/Mist/MistInfected_newest.exe
-
Size
22KB
-
MD5
1e527b9018e98351782da198e9b030dc
-
SHA1
647122775c704548a460d6d4a2e2ff0f2390a506
-
SHA256
5f7471c215b433f1b28dd4b328b99362099b6df7cb9e5c1d86a756388e0c7aeb
-
SHA512
4a11c811f30016218075d43a9f983fa7a484a06f22d625b1bd2d92b4cfabbfb142945ca0a9ca1cf91391a3e73c154f6121140d2f1d42aa35ad7f10817534a21b
-
SSDEEP
384:qosO55gUoO4D+DFBCd6GyhETw62O0OnYPL3p+:XsOkUoO4Dsbc22
Score8/10-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
The-MALWARE-Repo-master/Trojan/Mist/MistInstaller.exe
-
Size
83KB
-
MD5
8813125a606768fdf8df506029daa16f
-
SHA1
48e825f14522bd4d149ef8b426af81eec0287947
-
SHA256
323060680fed9a3205e3e36d2b62b7b5b6c6e6245e4555dcc733cf6ef390f41c
-
SHA512
9486a027029a27cbf0424760625c08d73aa62e28e45081751c5bada7c07ca05b4e44239da7774cf4f76298fb6b71769ae62595ae439b470c8308d39e1b2289d8
-
SSDEEP
1536:IyD2eyujEyC5YYafh1Mc8/gsWjcdjl9btC:I+2eytf3B9bQ
Score8/10-
Drops file in Drivers directory
-
-
-
Target
The-MALWARE-Repo-master/Trojan/Mist/MistInstallerRC.exe
-
Size
83KB
-
MD5
d81acaef0db08aac297d4bd3c58ddf50
-
SHA1
02e6ac2c001c639078c3e842132f91509a6f7466
-
SHA256
95d5594cac9cfa5826e1c0b12fec980ff8a01136364aed2831164b46cbb13ca1
-
SHA512
45b1f047816f4ba8e730cf6914331f9ced81c1e6614f594a748eb6469efb2f311f0ef86e3241cafb2794b580df14302f9cb279175bc1064e79c6c501fa2dc738
-
SSDEEP
1536:ryD2eyujEyC5YYafh1Mc8/gsWjcdjl9btC:r+2eytf3B9bQ
Score8/10-
Drops file in Drivers directory
-
-
-
Target
The-MALWARE-Repo-master/Trojan/PCToaster.exe
-
Size
411KB
-
MD5
04251a49a240dbf60975ac262fc6aeb7
-
SHA1
e211ca63af2ab85ffab1e5fbbdf28a4ef8f77de0
-
SHA256
85a58aa96dccd94316a34608ba996656a22c8158d5156b6e454d9d69e6ff38c3
-
SHA512
3422a231e1dadb68d3567a99d46791392ecf5883fd3bbc2cae19a595364dac46e4b2712db70b61b488937d906413d39411554034ffd3058389700a93c17568d2
-
SSDEEP
3072:quJFS5Aqu+WwjxeI/0gVnfKl0FA+aPobO24yNz88iu8vDYHTlI5EJD5Hbibfd6PK:/JM0mCsWq1/qpz+nF5c
Score3/10 -
-
-
Target
The-MALWARE-Repo-master/Trojan/Sevgi.a.exe
-
Size
203KB
-
MD5
b28505a8050446af4638319060e006e9
-
SHA1
d3ddca0f06af4df29a9f9fadb6bad8504add5525
-
SHA256
750e37d1fdd64e9ea015272a0db6720ac9a8d803dc0caad29d0653756a8e5b17
-
SHA512
889dc35054f5adc5b5445fc90dae5e19fe95ee04432f5230994124b73f9a1fc4bb050aac789f4934c84ed42d8c063b8219563e33a48b92f10294b7d8e426b9f9
-
SSDEEP
3072:M7PDcEPPhtIlT5ri9bOqStDvzvSheG3ivbV0EIU9j4szgGGl/2tdnpm7no3:qPDcEPZSTrsyLzSovp0PGUGkQnY7o3
Score6/10-
Adds Run key to start application
-
-
-
Target
The-MALWARE-Repo-master/Trojan/Spark/Spark.exe
-
Size
495KB
-
MD5
181ee63003e5c3ec8c378030286ed7a2
-
SHA1
6707f3a0906ab6d201edc5b6389f9e66e345f174
-
SHA256
55bfcb784904477ef62ef7e4994dee42f03d69bfec3591989513cccbba3fc8fe
-
SHA512
e9820f60b496d6631e054204c6fc5b525527d40a578faac1d5cdb116abcb4a35aacf4f4354ff092a2b455c5d9c2e0f29a761d737d9c9ad3d59d70b51d0583d92
-
SSDEEP
12288:ehny10sOqEl5yD4UmxYV1g1bT2kdSOSGL84Umxb:exZ5vYORMOJ/b
Score9/10-
Modifies boot configuration data using bcdedit
-
Enables test signing to bypass driver trust controls
Allows any signed driver to load without validation against a trusted certificate authority.
-
Loads dropped DLL
-
-
-
Target
The-MALWARE-Repo-master/Virus/MadMan.exe
-
Size
2KB
-
MD5
a56d479405b23976f162f3a4a74e48aa
-
SHA1
f4f433b3f56315e1d469148bdfd835469526262f
-
SHA256
17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23
-
SHA512
f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a
Score1/10 -
-
-
Target
The-MALWARE-Repo-master/Virus/WinNuke.98.exe
-
Size
32KB
-
MD5
eb9324121994e5e41f1738b5af8944b1
-
SHA1
aa63c521b64602fa9c3a73dadd412fdaf181b690
-
SHA256
2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a
-
SHA512
7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2
-
SSDEEP
384:4cr14oKDP9KDviKDeTngwz9zmDAQE4KDJKDv5KDPP4vWe:92FgwBzMAbb3
Score1/10 -
-
-
Target
The-MALWARE-Repo-master/Virus/Xpaj/xpaj.exe
-
Size
219KB
-
MD5
d5c12fcfeebbe63f74026601cd7f39b2
-
SHA1
50281de9abb1bec1b6a1f13ccd3ce3493dee8850
-
SHA256
9db7ef2d1495dba921f3084b05d95e418a16f4c5e8de93738abef2479ad5b0da
-
SHA512
132d8c08f40a578c1dc6ac029bf2a61535087ce949ff84dbec8577505c4462358a1d9ef6cd3f58078fdcae5261d7a87348a701c28ce2357f17ecc2bc9da15b4e
-
SSDEEP
6144:Gqmg/v4y/MqGs38KHF1SubUriPOKAJnP:jmgXxXGNKHC
Score7/10-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
The-MALWARE-Repo-master/Virus/Xpaj/xpajB.exe
-
Size
520KB
-
MD5
bd76fc01deed43cd6e368a1f860d44ed
-
SHA1
a2e241e9af346714e93c0600f160d05c95839768
-
SHA256
e04c85cd4bffa1f5465ff62c9baf0b29b7b2faddf7362789013fbac8c90268bf
-
SHA512
d0ebe108f5baf156ecd9e1bf41e23a76b043fcaac78ff5761fdca2740b71241bd827e861ada957891fbc426b3d7baa87d10724765c45e25f25aa7bd6d31ab4ec
-
SSDEEP
12288:Kbx6vZrcRsEQNMnnGpL0zTnPzCFjBL0C2k8apE:Kbx6vam9innGWzUB
Score7/10-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
The-MALWARE-Repo-master/Worm/Bezilom.exe
-
Size
28KB
-
MD5
8e9d7feb3b955e6def8365fd83007080
-
SHA1
df7522e270506b1a2c874700a9beeb9d3d233e23
-
SHA256
94d2b1da2c4ce7db94ee9603bc2f81386032687e7c664aff6460ba0f5dac0022
-
SHA512
4157a5628dc7f47489be2c30dbf2b14458a813eb66e942bba881615c101df25001c09afb9a54f88831fa4c1858f42d897f8f55fbf6b4c1a82d2509bd52ba1536
-
SSDEEP
384:1gc4XlUUWiY1SN6oHN64iKZz+ZBEKTzEv819YSHOuSsAR/+eR4517wNwEb:1nREWEFsI+wAJw2E
Score6/10-
Adds Run key to start application
-
-
-
Target
The-MALWARE-Repo-master/Worm/Blaster/607B60AD512C50B7D71DCCC057E85F1C
-
Size
15KB
-
MD5
607b60ad512c50b7d71dccc057e85f1c
-
SHA1
a657eb27806ffe43a0b30aa85f5c75dac0e41755
-
SHA256
3e363d76d3949cc218a83a2ee13603d643e3274d3cff71247e38b92bdb391cfa
-
SHA512
fc8035bb2c7cc28e091d5c2ae35f31771af3df5d12c54c643aff613e0483c0c82f918f78a35f09877d4f431cf9a4d2619b05ba50596d76cfa9f9c8e33a54bd7b
-
SSDEEP
192:46202U0W5+klkphhGp3KVdKIElJRBq/t/QHRzDG5VXPP:4aBLY5VdK/lJRBqt/QH85Vn
Score5/10-
Drops file in System32 directory
-
-
-
Target
The-MALWARE-Repo-master/Worm/Blaster/8676210e6246948201aa014db471de90
-
Size
6KB
-
MD5
8676210e6246948201aa014db471de90
-
SHA1
86b30d1a8b7515dcab6c8d2781b85c6983709dbf
-
SHA256
2e481059b9bc9686c676d69a80202eed5022c9a53ecd8cac215e70c601dd7fdc
-
SHA512
5130e6ea6c5e1924af7d630a7b1c6e614b1482edcad3117a8dc56371269260b97793a7ccdbf3249054815b7c3b9c364b30e73e0f8e4cc230502b01d0d2f70bda
-
SSDEEP
192:P+szB8G1PO6jgVFpXbWMBpbw/jsaW6HmI:P+szyLVFdbWsbKtWqmI
Score9/10-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Adds Run key to start application
-
-
-
Target
The-MALWARE-Repo-master/Worm/Blaster/8a17f336f86e81f04d8e66fa23f9b36a
-
Size
162KB
-
MD5
8a17f336f86e81f04d8e66fa23f9b36a
-
SHA1
f9465db9573fea92a9224b7600872e8a6d864cbf
-
SHA256
93bce533854e3dd53551048403450ae1f03f44c938b1bacaf3d58c45e7e4d957
-
SHA512
7ee88762e687403ff08d27c8bbe63f0b8524af0889f34ac044c7d8e0393f8735438da88e6dcf2e0826d48dd8648a3a48fc8c68c8a4b91dd55c995af9a8c5e5e4
-
SSDEEP
3072:6bhU1YeFd+bShONEk1ee1eeeemidw4kEPHQdTUQLeosRYghjudju2fZTiusOChCW:6bhUmeFd7W1ee1eeeem+LkEPHg6osRYg
Score9/10-
Contacts a large (19901) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
The-MALWARE-Repo-master/Worm/Blaster/DComExploit.exe.vir
-
Size
36KB
-
MD5
d68cf4cb734bfad7982c692d51f9d156
-
SHA1
fe0a234405008cac811be744783a5211129faffa
-
SHA256
54143b9cd7aaf5ab164822bb905a69f88c5b54a88b48cc93114283d651edf6a9
-
SHA512
eb25366c4bbe09059040dd17ab78914ff20301a8cd283d7d550e974c423b8633d095d8a2778cfb71352d6cb005af737483b0f7e2f728c2874dc7bdcf77e0d589
-
SSDEEP
384:fqiTD8SZzK3+RsiqnZImlYEyx1ml8z0iuKo9oMbNp8SNYLJJ:3D8kK3ViqZx1MuKo9od
Score1/10 -
-
-
Target
The-MALWARE-Repo-master/Worm/Blaster/SANS_ Malware FAQ_ What is W32_Blaster worm_.mht
-
Size
432KB
-
MD5
50a0ceff0b8383aefb4d8e50723af084
-
SHA1
f2f41eb01853a96ba3d85001948a8a93d1e681eb
-
SHA256
84073caf71d0e0523adeb96169c85b8f0bfea09e7ef3bf677bfc19d3b536d8a5
-
SHA512
4c493319d9e2b6b087590a2a46c5f0d50bd9b587b8b26034f943e9b5b4bb14c4cd96ed705fd1d62917a8c83a4a79caa79fb8a127658faeeda309569db6a3ae54
-
SSDEEP
6144:cQJvSJ6lq6yuGkSdgiaXulosdmpmdGdjI6uUD8ZN9Dts0n5gMQIn0j0HQDM/UH:Z4kSdRzWzpgGRIGM3WC5p2IG
Score5/10-
Drops file in System32 directory
-
-
-
Target
The-MALWARE-Repo-master/Worm/Bumerang.exe
-
Size
26KB
-
MD5
b6c78677b83c0a5b02f48648a9b8e86d
-
SHA1
0d90c40d2e9e8c58c1dafb528d6eab45e15fda81
-
SHA256
706fce69fea67622b03fafb51ece076c1fdd38892318f8cce9f2ec80aabca822
-
SHA512
302acca8c5dd310f86b65104f7accd290014e38d354e97e4ffafe1702b0a13b90e4823c274b51bcc9285419e69ff7111343ac0a64fd3c8b67c48d7bbd382337b
-
SSDEEP
768:K8uYMZTBv1/nGyURhRkCxnjC0VjDT9zG:KbTpBlUnRfhfT9
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
The-MALWARE-Repo-master/Worm/Fagot.a.exe
-
Size
373KB
-
MD5
30cdab5cf1d607ee7b34f44ab38e9190
-
SHA1
d4823f90d14eba0801653e8c970f47d54f655d36
-
SHA256
1517527c1d705a6ebc6ec9194aa95459e875ac3902a9f4aab3bf24b6a6f8407f
-
SHA512
b465f3b734beaea3951ff57759f13971649b549fafca71342b52d7e74949e152c0fbafe2df40354fc00b5dc8c767f3f5c6940e4ba308888e4395d8fd21e402b3
-
SSDEEP
6144:Bjrk71gCl5D0nIMpAP40ShG4TmvgFNwUQs4zTBrgDYZJPSLJXaUtjk10he1:S79l5DixAPzwjegFNwVJzTLPSLJXT
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Boot or Logon Autostart Execution: Port Monitors
Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.
-
Event Triggered Execution: Image File Execution Options Injection
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Boot or Logon Autostart Execution: Print Processors
Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
-
Impair Defenses: Safe Mode Boot
-
Modifies system executable filetype association
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Modifies WinLogon
-
Drops file in System32 directory
-
-
-
Target
The-MALWARE-Repo-master/Worm/Heap41A.exe
-
Size
451KB
-
MD5
4f30003916cc70fca3ce6ec3f0ff1429
-
SHA1
7a12afdc041a03da58971a0f7637252ace834353
-
SHA256
746153871f816ece357589b2351818e449b1beecfb21eb75a3305899ce9ae37c
-
SHA512
e679a0f4b7292aedc9cd3a33cf150312ea0b1d712dd8ae8b719dedf92cc230330862f395e4f8da21c37d55a613d82a07d28b7fe6b5db6009ba8a30396caa5029
-
SSDEEP
12288:gr3ZBIRB4heEAiRsdUaaSV2qmw0iOanTrA:8ZB2B4hlIMSIqDrA
Score8/10-
Adds policy Run key to start application
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
The-MALWARE-Repo-master/Worm/Mantas.exe
-
Size
40KB
-
MD5
53f25f98742c5114eec23c6487af624c
-
SHA1
671af46401450d6ed9c0904402391640a1bddcc2
-
SHA256
7b5dec6a48ee2114c3056f4ccb6935f3e7418ef0b0bc4a58931f2c80fc94d705
-
SHA512
f460775308b34552c930c3f256cef1069b28421673d71e3fa2712b0467485861a98285925ae49f1adea1faf59265b964c873c12a3bb5de216122ac20084e1048
-
SSDEEP
768:rz4RBkfbi/FG9Of8Ejex0a6zALVlXt32KtYFPYA3HxAnIIGSEsu:4Ciw9a8EG05zMt3jKYA3xAYns
Score6/10-
Adds Run key to start application
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
The-MALWARE-Repo-master/Worm/NadIote/Nadlote.exe
-
Size
240KB
-
MD5
57aecbcdcb3a5ad31ac07c5a62b56085
-
SHA1
a443c574f039828d237030bc18895027ca780337
-
SHA256
ab020413dce53c9d57cf22d75eaf1339d72252d5316617a935149e02fee42fd3
-
SHA512
7921f184411f898a78c7094176fa47368b1c6ba7d6a3f58df4332e6865325287f25622f1d13765fd08d499d34974461b2ee81319adc24ce3901cc72d132b3027
-
SSDEEP
6144:fFzclWnzp5DFV0FuS5hPGR/CnA1G+Ghgav/06hyTu:RcURxR/CnA0rhgaJy
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Network Share Discovery
Attempt to gather information on host network.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
-
-
Target
The-MALWARE-Repo-master/Worm/Netres.a.exe
-
Size
372KB
-
MD5
d543f8d2644b09445d9bc4a8a4b1a8c0
-
SHA1
72a7b4fb767c47f15280c053fba80de1e44d7173
-
SHA256
1c0e2b7981ffa9e86185b7a7aac93f13629d92d8f58769569483202b3a926ce5
-
SHA512
9cd77db4a1fe1f0ec7779151714371c21ed798091d9022cec6643c79b2f3c87554a0b7f01c4014e59d0d1a131922a801413d37236ef1c49506f8e1aa5b96e167
-
SSDEEP
6144:YEo6WDhsj7atyB3FATvzOdy9uyEP4TpDaO5pHCclI0SCVsMHAiBq2R:IzDhmatywCdy9uxPI75C0VVsUBq
Score3/10 -
-
-
Target
The-MALWARE-Repo-master/Worm/Nople.exe
-
Size
50KB
-
MD5
7d595027f9fdd0451b069c0c65f2a6e4
-
SHA1
a4556275c6c45e19d5b784612c68b3ad90892537
-
SHA256
d2518df72d5cce230d98a435977d9283b606a5a4cafe8cd596641f96d8555254
-
SHA512
b8f37ecc78affa30a0c7c00409f2db1e2fd031f16c530a8c1d4b4bffaa5d55ac235b11540c8a611ae1a90b748b04498e3954cfb1529236937ef693c6b20e893b
-
SSDEEP
768:7mlllC8F/EKXZ13YXcEWLwpjwRCzbaHRgIvkM:7ClCJKJRqcEiwpcsmgIvkM
Score3/10 -
-
-
Target
The-MALWARE-Repo-master/Worm/Vobfus/Vobus.exe
-
Size
384KB
-
MD5
966bb4bdfe0edb89ec2d43519c6de3af
-
SHA1
7aa402e5241ff1ca2aeabeeda8928579902ad81a
-
SHA256
ef12832d67a099282b6aad1bf2858375dd4b53c67638daf12a253bc9f918b77f
-
SHA512
71b8cf14055caee1322976dc0ac777bdd0f9058ee37d30d7967bdc28d80f66d0d478c939501be5f9c70245e5b161c69ad36721a7c6454fea9abe76786934db66
-
SSDEEP
3072:rtyFjchUoBENcPCkTaVYD3CbbTDMo6ZWbBrM/LqibDdjGRc32R7srGADv1FSJl:rqJVYD3KDN6ZWbBrM/GiDoO3IsrTvI
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
The-MALWARE-Repo-master/rogues/AdwereCleaner.exe
-
Size
190KB
-
MD5
248aadd395ffa7ffb1670392a9398454
-
SHA1
c53c140bbdeb556fca33bc7f9b2e44e9061ea3e5
-
SHA256
51290129cccca38c6e3b4444d0dfb8d848c8f3fc2e5291fc0d219fd642530adc
-
SHA512
582b917864903252731c3d0dff536d7b1e44541ee866dc20e0341cbee5450f2f0ff4d82e1eee75f770e4dad9d8b9270ab5664ffedfe21d1ad2bd7fe6bc42cf0e
-
SSDEEP
3072:15TDpNFVbxDSXJFFGhcBR1WLZ37p73G8Wn7GlDOg+ELqdSxo5XtIZjnvxRJgghaR:157TcfFPB6B3GL7g+me5aZjn5VlI9T/
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
The-MALWARE-Repo-master/rogues/SpySheriff.exe
-
Size
48KB
-
MD5
ab3e43a60f47a98962d50f2da0507df7
-
SHA1
4177228a54c15ac42855e87854d4cd9a1722fe39
-
SHA256
4f5f0d9a2b6ef077402a17136ff066dda4c8175ceb6086877aaa3570cabb638f
-
SHA512
9e3365c7860c4766091183d633462f1cc8c30d28871ae2cd8a9a086ce61c0bccf457f919db6826b708f0cf4f88e90f71185420edc4756b7d70137e2096f8797f
-
SSDEEP
768:18Gch4aqHnKckG0HrloMOInk3RicH0wDrF5X9gFEvkk3p:1hN/k/ZomkhewDR5NVvkk3p
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
8Active Setup
1Port Monitors
1Print Processors
1Registry Run Keys / Startup Folder
3Winlogon Helper DLL
2Browser Extensions
1Create or Modify System Process
3Windows Service
3Event Triggered Execution
3Change Default File Association
1Image File Execution Options Injection
1Netsh Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
8Active Setup
1Port Monitors
1Print Processors
1Registry Run Keys / Startup Folder
3Winlogon Helper DLL
2Create or Modify System Process
3Windows Service
3Event Triggered Execution
3Change Default File Association
1Image File Execution Options Injection
1Netsh Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
4Disable or Modify System Firewall
2Disable or Modify Tools
1Safe Mode Boot
1Indicator Removal
1Clear Persistence
1Modify Registry
17Pre-OS Boot
1Bootkit
1Subvert Trust Controls
3Code Signing Policy Modification
1Install Root Certificate
1SIP and Trust Provider Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Service Discovery
2Network Share Discovery
1Peripheral Device Discovery
2Query Registry
6Remote System Discovery
1System Information Discovery
6System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1