Overview
overview
10Static
static
10The-MALWAR...on.txt
windows7-x64
3The-MALWAR...2aed41
windows7-x64
3The-MALWAR...ka.exe
windows7-x64
7The-MALWAR...if.exe
windows7-x64
10The-MALWAR...il.exe
windows7-x64
8The-MALWAR...at.exe
windows7-x64
1The-MALWAR...98.exe
windows7-x64
1The-MALWAR...aj.exe
windows7-x64
7The-MALWAR...jB.exe
windows7-x64
7The-MALWAR...om.exe
windows7-x64
6The-MALWAR...1C.exe
windows7-x64
5The-MALWAR...90.exe
windows7-x64
8The-MALWAR...6a.exe
windows7-x64
8The-MALWAR...it.exe
windows7-x64
1The-MALWAR...ng.exe
windows7-x64
7The-MALWAR....a.exe
windows7-x64
10The-MALWAR...1A.exe
windows7-x64
8The-MALWAR...as.exe
windows7-x64
6The-MALWAR...te.exe
windows7-x64
7The-MALWAR....a.exe
windows7-x64
3The-MALWAR...le.exe
windows7-x64
3The-MALWAR...us.exe
windows7-x64
10The-MALWAR...er.exe
windows7-x64
7The-MALWAR...ff.exe
windows7-x64
3Analysis
-
max time kernel
150s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system -
submitted
13-12-2024 21:25
Static task
static1
Behavioral task
behavioral1
Sample
The-MALWARE-Repo-master/Trojan/WindowsXPHorrorEdition.txt
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral2
Sample
The-MALWARE-Repo-master/Trojan/XCSSETMacMalware/TrojanSpy.MacOS.XCSSET.A.6fa938770e83ef2e177e8adf4a2ea3d2d5b26107c30f9d85c3d1a557db2aed41
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral3
Sample
The-MALWARE-Repo-master/Trojan/Zika.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
The-MALWARE-Repo-master/Virus/Floxif/Floxif.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral5
Sample
The-MALWARE-Repo-master/Virus/Gnil/Gnil.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
The-MALWARE-Repo-master/Virus/Mabezat/Mabezat.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral7
Sample
The-MALWARE-Repo-master/Virus/WinNuke.98.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral8
Sample
The-MALWARE-Repo-master/Virus/Xpaj/xpaj.exe
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral9
Sample
The-MALWARE-Repo-master/Virus/Xpaj/xpajB.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral10
Sample
The-MALWARE-Repo-master/Worm/Bezilom.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral11
Sample
The-MALWARE-Repo-master/Worm/Blaster/607B60AD512C50B7D71DCCC057E85F1C.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral12
Sample
The-MALWARE-Repo-master/Worm/Blaster/8676210e6246948201aa014db471de90.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral13
Sample
The-MALWARE-Repo-master/Worm/Blaster/8a17f336f86e81f04d8e66fa23f9b36a.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral14
Sample
The-MALWARE-Repo-master/Worm/Blaster/DComExploit.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral15
Sample
The-MALWARE-Repo-master/Worm/Bumerang.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral16
Sample
The-MALWARE-Repo-master/Worm/Fagot.a.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral17
Sample
The-MALWARE-Repo-master/Worm/Heap41A.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral18
Sample
The-MALWARE-Repo-master/Worm/Mantas.exe
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral19
Sample
The-MALWARE-Repo-master/Worm/NadIote/Nadlote.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral20
Sample
The-MALWARE-Repo-master/Worm/Netres.a.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral21
Sample
The-MALWARE-Repo-master/Worm/Nople.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral22
Sample
The-MALWARE-Repo-master/Worm/Vobfus/Vobus.exe
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral23
Sample
The-MALWARE-Repo-master/rogues/AdwereCleaner.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral24
Sample
The-MALWARE-Repo-master/rogues/SpySheriff.exe
Resource
win7-20240903-en
windows7-x64
General
-
Target
The-MALWARE-Repo-master/Virus/Xpaj/xpaj.exe
-
Size
219KB
-
MD5
d5c12fcfeebbe63f74026601cd7f39b2
-
SHA1
50281de9abb1bec1b6a1f13ccd3ce3493dee8850
-
SHA256
9db7ef2d1495dba921f3084b05d95e418a16f4c5e8de93738abef2479ad5b0da
-
SHA512
132d8c08f40a578c1dc6ac029bf2a61535087ce949ff84dbec8577505c4462358a1d9ef6cd3f58078fdcae5261d7a87348a701c28ce2357f17ecc2bc9da15b4e
-
SSDEEP
6144:Gqmg/v4y/MqGs38KHF1SubUriPOKAJnP:jmgXxXGNKHC
Malware Config
Signatures
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PHYSICALDRIVE0 xpaj.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationCore.resources.dll xpaj.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll xpaj.exe File opened for modification \??\c:\Program Files (x86)\Microsoft Office\Office14\STSCOPY.DLL xpaj.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll xpaj.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.DataSetExtensions.Resources.dll xpaj.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_fi.dll xpaj.exe File opened for modification C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\stdole.dll xpaj.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll xpaj.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll xpaj.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll xpaj.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\ONBttnWD.dll xpaj.exe File opened for modification C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe xpaj.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_output\libdrawable_plugin.dll xpaj.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libtdummy_plugin.dll xpaj.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll xpaj.exe File opened for modification C:\Program Files (x86)\Common Files\System\ado\msadomd.dll xpaj.exe File opened for modification C:\Program Files\Internet Explorer\JSProfilerCore.dll xpaj.exe File opened for modification C:\Program Files\Java\jre7\bin\glib-lite.dll xpaj.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_el.dll xpaj.exe File opened for modification C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\sqlcecompact35.dll xpaj.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\System.ServiceModel.Resources.dll xpaj.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libscreen_plugin.dll xpaj.exe File opened for modification \??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\EXPSRV.DLL xpaj.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OneNoteSyncPC.dll xpaj.exe File opened for modification C:\Program Files (x86)\Windows Defender\MpOAV.dll xpaj.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\VVIEWDWG.DLL xpaj.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OARTCONV.DLL xpaj.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll xpaj.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACER3X.DLL xpaj.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll xpaj.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL xpaj.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll xpaj.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationFramework.resources.dll xpaj.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe xpaj.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\EMABLT32.DLL xpaj.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_sr.dll xpaj.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\hxdsui.dll xpaj.exe File opened for modification C:\Program Files (x86)\Internet Explorer\IEShims.dll xpaj.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\TWCUTLIN.DLL xpaj.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll xpaj.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\FSTOCK.DLL xpaj.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE xpaj.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClientsideProviders.resources.dll xpaj.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.Infopath.dll xpaj.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\DBGHELP.DLL xpaj.exe File opened for modification C:\Program Files\Mozilla Firefox\mozavcodec.dll xpaj.exe File opened for modification C:\Program Files\Java\jre7\bin\jdwp.dll xpaj.exe File opened for modification C:\Program Files\Java\jre7\bin\gstreamer-lite.dll xpaj.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\XPAGE3C.DLL xpaj.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\ACCDDSUI.DLL xpaj.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe xpaj.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libmpg123_plugin.dll xpaj.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_hevc_plugin.dll xpaj.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe xpaj.exe File opened for modification \??\c:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll xpaj.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Microsoft.Office.InfoPath.Client.Internal.CLRHost.dll xpaj.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsFormsIntegration.resources.dll xpaj.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll xpaj.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\libmod_plugin.dll xpaj.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll xpaj.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\ACCDDSF.DLL xpaj.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\vdk150.dll xpaj.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\NL7MODELS000A.dll xpaj.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\ink\Microsoft.Ink.dll xpaj.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2940 xpaj.exe