General

  • Target

    Release.zip

  • Size

    29.6MB

  • MD5

    9220681474c92d9b93fbfbae86e0fa7e

  • SHA1

    87fd1dd9b5f768470bbde35ae0338e00f82d49f5

  • SHA256

    489e6280f29987758b82c942f5313d1f94b9650957bec37a42c17b08052b097f

  • SHA512

    fdd51ce5fd978c78da29b2c64cf1ae18a3e788340fdea20b570d5e44e70fbf77a7a3b4fb20bb44debf175be47d4156086be0439b7cbb0d286529fb19958cc501

  • SSDEEP

    786432:3SVZYXn/T5tL4X/9qKsWHgBcTH2ehK78YoErYjmeM:3SzknrTL4X/5ABcTpxmMmF

Score
9/10

Malware Config

Signatures

  • CryptOne packer 1 IoCs

    Detects CryptOne packer defined in NCC blogpost.

  • Unsigned PE 3 IoCs

    Checks for missing Authenticode signature.

Files

  • Release.zip
    .zip

    Password: 3030

  • v1.1.0/NewI[Upd v1.1.0].exe
    .exe windows:5 windows x86 arch:x86

    Password: 3030

    be41bf7b8cc010b614bd36bbca606973


    Code Sign

    Headers

    Imports

    Sections

  • .data
  • .rdata
  • .reloc
  • .rsrc/DIALOG/105
  • .rsrc/DIALOG/106
  • .rsrc/DIALOG/111
  • .rsrc/GROUP_ICON/103
  • .rsrc/ICON/1
    .png

    Password: 3030

  • .rsrc/ICON/2
    .png

    Password: 3030

  • .rsrc/ICON/3
    .png

    Password: 3030

  • .rsrc/ICON/4.ico
  • .rsrc/ICON/5.ico
  • .rsrc/ICON/6.ico
  • .rsrc/MANIFEST/1
    .xml
  • .text
  • CERTIFICATE
  • [0]
  • [1]
  • v1.1.0/README.docx.lnk
    .lnk
  • v1.1.0/autoexec/bin
    .dll regsvr32 windows:5 windows x86 arch:x86

    Password: 3030

    a9fd3e7f71a802c8eee0a502f46de991


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • v1.1.0/locales/hi.pak
  • v1.1.0/locales/libGLESv2.dll
    .dll windows:5 windows x64 arch:x64

    Password: 3030

    b3384e5182b61c941805b07b7dc28efe


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • v1.1.0/locales/locales/af.pak
  • v1.1.0/locales/locales/am.pak
  • v1.1.0/locales/locales/ar.pak
  • v1.1.0/locales/locales/bn.pak
  • v1.1.0/locales/locales/ca.pak
  • v1.1.0/locales/locales/cs.pak
  • v1.1.0/locales/locales/da.pak
  • v1.1.0/locales/locales/de.pak
    .ps1
  • v1.1.0/locales/locales/el.pak
  • v1.1.0/locales/locales/en-GB.pak
  • v1.1.0/locales/locales/en-US.pak
  • v1.1.0/locales/locales/es-419.pak
  • v1.1.0/locales/locales/es.pak
  • v1.1.0/locales/locales/et.pak
  • v1.1.0/locales/locales/fa.pak
  • v1.1.0/locales/locales/fi.pak
  • v1.1.0/locales/locales/fil.pak
  • v1.1.0/locales/locales/fr.pak
  • v1.1.0/locales/locales/gu.pak
  • v1.1.0/locales/locales/he.pak
  • v1.1.0/locales/locales/hi.pak
  • v1.1.0/locales/locales/hr.pak
  • v1.1.0/locales/locales/hu.pak
  • v1.1.0/locales/locales/id.pak
  • v1.1.0/locales/locales/it.pak
  • v1.1.0/locales/locales/ja.pak
  • v1.1.0/locales/locales/kn.pak
  • v1.1.0/locales/locales/ko.pak
  • v1.1.0/locales/locales/lt.pak
  • v1.1.0/locales/locales/lv.pak
  • v1.1.0/locales/locales/ml.pak
  • v1.1.0/locales/locales/mr.pak
  • v1.1.0/locales/locales/ms.pak
  • v1.1.0/locales/locales/nb.pak
  • v1.1.0/locales/locales/nl.pak
  • v1.1.0/locales/locales/pl.pak
  • v1.1.0/locales/locales/pt-BR.pak
  • v1.1.0/locales/locales/pt-PT.pak
  • v1.1.0/locales/locales/ro.pak
  • v1.1.0/locales/locales/ru.pak
  • v1.1.0/locales/locales/sk.pak
  • v1.1.0/locales/locales/sl.pak
  • v1.1.0/locales/locales/sr.pak
  • v1.1.0/locales/locales/sv.pak
  • v1.1.0/locales/locales/sw.pak
  • v1.1.0/locales/locales/ta.pak
  • v1.1.0/locales/locales/te.pak
  • v1.1.0/locales/locales/th.pak
  • v1.1.0/locales/locales/tr.pak
  • v1.1.0/locales/locales/uk.pak
  • v1.1.0/locales/locales/ur.pak
  • v1.1.0/locales/locales/vi.pak
  • v1.1.0/locales/locales/zh-CN.pak
  • v1.1.0/locales/locales/zh-TW.pak
  • v1.1.0/locales/resources/app.asar.unpacked/node_modules/btime/binding.node
    .dll windows:6 windows x64 arch:x64

    Password: 3030

    0242ceb286e744ddd6dd8e963da637ee


    Headers

    Imports

    Exports

    Sections

  • v1.1.0/locales/resources/app.asar.unpacked/node_modules/get-fonts/binding.node
    .dll windows:6 windows x64 arch:x64

    Password: 3030

    2a1b9a0a23b390c22659b30f7660d0da


    Headers

    Imports

    Exports

    Sections

  • v1.1.0/locales/resources/app.asar.unpacked/node_modules/vibrancy-win/binding.node
    .dll windows:6 windows x64 arch:x64

    56e83fb6e818a708f7895cf9d6058c3a


    Headers

    Imports

    Exports

    Sections

  • v1.1.0/locales/resources/pl.pak
  • v1.1.0/locales/resources/pt-BR.pak
  • v1.1.0/locales/resources/pt-PT.pak
  • v1.1.0/locales/resources/resources.pak
  • v1.1.0/locales/resources/ro.pak
  • v1.1.0/locales/resources/ru.pak
  • v1.1.0/locales/resources/sk.pak
  • v1.1.0/locales/resources/sl.pak
  • v1.1.0/locales/resources/snapshot_blob.bin
  • v1.1.0/locales/resources/sr.pak
  • v1.1.0/locales/resources/sv.pak
  • v1.1.0/locales/resources/sw.pak
  • v1.1.0/locales/resources/ta.pak
  • v1.1.0/locales/resources/te.pak
  • v1.1.0/locales/resources/th.pak
  • v1.1.0/locales/resources/tr.pak
  • v1.1.0/locales/resources/uk.pak
  • v1.1.0/locales/resources/ur.pak
  • v1.1.0/locales/resources/v8_context_snapshot.bin
  • v1.1.0/locales/resources/vi.pak
  • v1.1.0/locales/resources/vk_swiftshader.dll
    .dll windows:5 windows x64 arch:x64

    6d7b823ac45e01133a6ba8c35160fef1


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • v1.1.0/locales/resources/vk_swiftshader_icd.json
  • v1.1.0/locales/resources/vulkan-1.dll
    .dll windows:5 windows x64 arch:x64

    49ed29c3ff417b26c7cd92ecc9b7dcb3


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • v1.1.0/runtimes/win-arm64/native/WebView2Loader.dll
  • v1.1.0/runtimes/win-x64/native/WebView2Loader.dll
    .dll windows:5 windows x64 arch:x64

    aaa8a1994a594e4746a652eda600aebf


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • v1.1.0/runtimes/win-x86/native/WebView2Loader.dll
    .dll windows:5 windows x86 arch:x86

    608537c42a46a95b31cc1ef01ab6eeb0


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • v1.1.0/scripts/Dex.lua
    .js
  • v1.1.0/scripts/Infinite Yield.lua
    .js
  • v1.1.0/scripts/Sine Wave.lua
  • v1.1.0/scripts/Spinning Donut.lua
  • v1.1.0/scripts/UNCCheckEnv.lua
    .js
  • v1.1.0/workspace/.tests/appendfile.txt
  • v1.1.0/workspace/.tests/getcustomasset.txt
  • v1.1.0/workspace/.tests/isfile.txt
  • v1.1.0/workspace/.tests/listfiles/test_1.txt
  • v1.1.0/workspace/.tests/listfiles/test_2.txt
  • v1.1.0/workspace/.tests/loadfile.txt
  • v1.1.0/workspace/.tests/readfile.txt
  • v1.1.0/workspace/.tests/writefile
  • v1.1.0/workspace/.tests/writefile.txt
  • v1.1.0/workspace/IY_FE.iy