Overview
overview
10Static
static
107zS8A52FD1...f3.exe
windows7-x64
67zS8A52FD1...f3.exe
windows10-2004-x64
67zS8A52FD1...62.exe
windows7-x64
107zS8A52FD1...62.exe
windows10-2004-x64
107zS8A52FD1...9a.exe
windows7-x64
37zS8A52FD1...9a.exe
windows10-2004-x64
77zS8A52FD1...8a.exe
windows7-x64
107zS8A52FD1...8a.exe
windows10-2004-x64
107zS8A52FD1...f5.exe
windows7-x64
107zS8A52FD1...f5.exe
windows10-2004-x64
107zS8A52FD1...68.exe
windows7-x64
77zS8A52FD1...68.exe
windows10-2004-x64
77zS8A52FD1...41.exe
windows7-x64
107zS8A52FD1...41.exe
windows10-2004-x64
107zS8A52FD1...cd.exe
windows7-x64
107zS8A52FD1...cd.exe
windows10-2004-x64
107zS8A52FD1...71.exe
windows7-x64
107zS8A52FD1...71.exe
windows10-2004-x64
107zS8A52FD1...9c.exe
windows7-x64
77zS8A52FD1...9c.exe
windows10-2004-x64
77zS8A52FD1...0d.exe
windows7-x64
107zS8A52FD1...0d.exe
windows10-2004-x64
107zS8A52FD1...ff.exe
windows7-x64
107zS8A52FD1...ff.exe
windows10-2004-x64
107zS8A52FD1...68.exe
windows7-x64
37zS8A52FD1...68.exe
windows10-2004-x64
37zS8A52FD1...-1.dll
windows7-x64
37zS8A52FD1...-1.dll
windows10-2004-x64
37zS8A52FD1...-6.dll
windows7-x64
37zS8A52FD1...-6.dll
windows10-2004-x64
37zS8A52FD1...-1.dll
windows7-x64
37zS8A52FD1...-1.dll
windows10-2004-x64
3General
-
Target
JaffaCakes118_4bb31847846180bf78033b5eb7761b874b114f6dd086862472915be761fc042a
-
Size
8.7MB
-
Sample
241225-b33yqstlcy
-
MD5
5eb1036bb35ae755376ba3d22001e238
-
SHA1
d72bdb22a8d47fa3d50a25ff9704feaf1393a8cc
-
SHA256
4bb31847846180bf78033b5eb7761b874b114f6dd086862472915be761fc042a
-
SHA512
9215f3fcf99d9f2ee43ef6e552123128520e2601bd17f664385bb01f050b4ad8fec7ad9316967a359ec79c404cc911a5d3861634310e116d55930e5aa97baecd
-
SSDEEP
196608:2sNwxyEw6x/zafOHy/8di4tBgTCuPTRjt4zmII65yQWK3esMyir7S3C2Y8JTW:2eqyP0/zamHZU6+Rjtsm165JeeirmS3
Behavioral task
behavioral1
Sample
7zS8A52FD1B/62a1ea227dc1c_17ee33ef3.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
7zS8A52FD1B/62a1ea227dc1c_17ee33ef3.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
7zS8A52FD1B/62a1ea23342ae_c77562.exe
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
7zS8A52FD1B/62a1ea23342ae_c77562.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
7zS8A52FD1B/62a1ea23da745_6e68c9a.exe
Resource
win7-20241023-en
Behavioral task
behavioral6
Sample
7zS8A52FD1B/62a1ea23da745_6e68c9a.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
7zS8A52FD1B/62a1ea243386e_a4f8a5d8a.exe
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
7zS8A52FD1B/62a1ea243386e_a4f8a5d8a.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
7zS8A52FD1B/62a1ea2501f48_0371f5.exe
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
7zS8A52FD1B/62a1ea2501f48_0371f5.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
7zS8A52FD1B/62a1ea2a20759_b7a66dc968.exe
Resource
win7-20241023-en
Behavioral task
behavioral12
Sample
7zS8A52FD1B/62a1ea2a20759_b7a66dc968.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
7zS8A52FD1B/62a1ea2b65292_c4804f5141.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
7zS8A52FD1B/62a1ea2b65292_c4804f5141.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
7zS8A52FD1B/62a1ea2d09364_3056ccd.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
7zS8A52FD1B/62a1ea2d09364_3056ccd.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
7zS8A52FD1B/62a1ea2df066e_add786971.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
7zS8A52FD1B/62a1ea2df066e_add786971.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
7zS8A52FD1B/62a1ea2f0beee_36a9ec29c.exe
Resource
win7-20241010-en
Behavioral task
behavioral20
Sample
7zS8A52FD1B/62a1ea2f0beee_36a9ec29c.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
7zS8A52FD1B/62a1ea2fb0309_1d35870d.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
7zS8A52FD1B/62a1ea2fb0309_1d35870d.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
7zS8A52FD1B/62a1ea319013f_e64e1ff.exe
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
7zS8A52FD1B/62a1ea319013f_e64e1ff.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
7zS8A52FD1B/62a1ea3215fd5_67a668.exe
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
7zS8A52FD1B/62a1ea3215fd5_67a668.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
7zS8A52FD1B/libgcc_s_dw2-1.dll
Resource
win7-20240729-en
Behavioral task
behavioral28
Sample
7zS8A52FD1B/libgcc_s_dw2-1.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
7zS8A52FD1B/libstdc++-6.dll
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
7zS8A52FD1B/libstdc++-6.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
7zS8A52FD1B/libwinpthread-1.dll
Resource
win7-20241023-en
Behavioral task
behavioral32
Sample
7zS8A52FD1B/libwinpthread-1.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
socelars
https://sa-us-bucket.s3.us-east-2.amazonaws.com/ujfreids61/
Extracted
smokeloader
pub1
Extracted
gcleaner
37.0.8.39
31.210.20.149
212.192.241.16
203.159.80.49
-
url_path
/software.php
/software.php
Extracted
smokeloader
pub3
Extracted
raccoon
8a83f2689674308992d5090432708aae
http://91.242.229.166/
-
user_agent
record
Targets
-
-
Target
7zS8A52FD1B/62a1ea227dc1c_17ee33ef3.exe
-
Size
157KB
-
MD5
13fd49b3e1c7abe59a321d34a983fa1d
-
SHA1
d68d156faa3dd348d89064c1b5026990b25d9c73
-
SHA256
9542ce09286e69fe0a1270f0b017639139ece09287496dfe07b7c44ad897c476
-
SHA512
ddd506fda604e68063268d644963650bc3e0fe987f59c52a08ed2c82ae5dedce1789a378645e8f7f851c74f75b8ee8ed80efb2c0c00ebdb6bfa5933d8ad0f4b6
-
SSDEEP
1536:xoMuhIJR1pTAco0UVi9P9z9Fb04gpmWjZlv8gogqrxMv:SyA0+KP9x504gpllEgOxY
Score6/10-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
7zS8A52FD1B/62a1ea23342ae_c77562.exe
-
Size
242KB
-
MD5
2db62b3e5088b61ead161e0482b2f6f2
-
SHA1
a13b707e24ae6269631ce1099263cbc793f4b2a1
-
SHA256
c277eac5a2f147b839219c2327a2d7e6c85be9dabe91c8a92b553e2cadc9e3c3
-
SHA512
9c287e38c61c28ee0fce45b8734a979d6c74dbdd8648327ac7f7d24e9a2c07736eff70f2f8ca33ddd6196d4b629865ae35abd0de8e784e989179618aa1d72774
-
SSDEEP
3072:LyNmHuLQGp1UZrvGclc9IkKU8enb53svodWYkLlMYSoJ7iNE:KSFYIj2b+BYAMAJ7iO
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
-
-
Target
7zS8A52FD1B/62a1ea23da745_6e68c9a.exe
-
Size
312KB
-
MD5
0cad21764fe956f3028096ff3ff37549
-
SHA1
09ceb67ca8d995e8811e6f0d13f7b01377f7f8c5
-
SHA256
f65a68dcc63bd141e3a6619ed81b9c0ff3a5492ebd73034f8c794681f1875e3e
-
SHA512
4733ea55c8aa918cd7dc35bfb97f5b9f59653244bae98caa3b9d4c7c60f8d7d249e8c20b191345923aa0db60137a0a04b8b20f589bef164076e2f8ec89529542
-
SSDEEP
6144:ypW7afwwJWPtN8bQITbbvLfL7C+E32tVEPv:0JUtN8bHTbvz7C+EUEPv
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
7zS8A52FD1B/62a1ea243386e_a4f8a5d8a.exe
-
Size
1.6MB
-
MD5
cc75df8a243cb6e1da5fadcd7c4a8c22
-
SHA1
ca94e6e283dadf7833e780cf8924a30012ed1b08
-
SHA256
c3e36a105ba6e93adadc98a053af88c78cdfe5c2936ced3766c4cfcdabb6d91f
-
SHA512
a801f713ed7ad4ffc7daa878585ea2992563407ce19f3e23b2a8c32a1f488e7848eb86c022d6bda0c7e02fdbf8b4c9f88c53aae5626fddd29a63e16d72ae63f8
-
SSDEEP
24576:IS4zsuLdn+4/xa0LGqMZVdq0+HEOpAV+fBVIyzX1qYDfaPPwpEDSMEv4MoQwSyqF:Izu4/xa0Ervq1JVtlVOmonVq5XD
-
Raccoon family
-
Suspicious use of SetThreadContext
-
-
-
Target
7zS8A52FD1B/62a1ea2501f48_0371f5.exe
-
Size
173KB
-
MD5
72968341a0de08313bc9ab626d212f91
-
SHA1
f893e4510e600ff3b6d33cea85571fa26c270606
-
SHA256
ef9863d5358896238ef682130b38511033fd9f14354263326dd000b39358c4b4
-
SHA512
1fe2a7a5fc1e32d4a581efd8148b66525adf3249c02fe3811b24f620c1e3c8af926cabca5ad07d59740e6480a0cb3833db87cc2354ac22cbade57924eaff6346
-
SSDEEP
3072:vEvswXh+XQDAWr1do5L3sGU7glVtmX9MrpiT:cvXh+AsWYxsGU7glnmX90w
Score10/10-
Smokeloader family
-
-
-
Target
7zS8A52FD1B/62a1ea2a20759_b7a66dc968.exe
-
Size
1.6MB
-
MD5
c4bc22a23300c3e7db1fae03e00610a5
-
SHA1
0f8d2471d510434d0338fa204c7863a5a6e17190
-
SHA256
d866f133333b259ea1aaaa838bd6f26a28798d440ce4531cd90b0497ea92d869
-
SHA512
fa629c9f18ff2cfd07c4da7065a544d84b4dc823c8b542863525eafcf9ad62a74f5f1fdbd6e1f0609135f258b0ffe01b136b614e8bd0d669d0a5ea4052bd3fc6
-
SSDEEP
24576:IAOcZwXYCK7Y8YO8BTZqQtraKaNiFIGoLsItGxeTqHvveUBym:m7MT89Zr2zuNoLtQxeTqvv
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
-
-
Target
7zS8A52FD1B/62a1ea2b65292_c4804f5141.exe
-
Size
288KB
-
MD5
f902561ae91aad8b234cddf38401cad1
-
SHA1
cc3e9aadce50c820f147b194ba558b2abf25c16b
-
SHA256
6bdf30e72d6f74a83a5ce0a84202aab030db0ffd61850fe9154eceaabc282e65
-
SHA512
c9170b3f855f2721c3f713776b65da69ac51ddf9109fa4a2bef18174ed96cbbb7c9faab5e57f44347a85d8a6b7d8e5958a23f4e19db5209fda4ea4860f5abd30
-
SSDEEP
3072:R+/i4EOpQnGVgi0DY+enMi8Qd0pRfI7aR+RLLMfppro5ydpjYUxGQ5:D4nVd0MMi/Gp2+R+RLLMfP0QpjYUsu
-
Gcleaner family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
-
-
Target
7zS8A52FD1B/62a1ea2d09364_3056ccd.exe
-
Size
3.7MB
-
MD5
e77f09a338e643ee05ad09e367eedf73
-
SHA1
6777cd291ece93e16aa95c3e60b63d46b1b142bd
-
SHA256
f32c3414f14e0b4c08183af08702736a2ed18c99101d5ee1bc5bc5e8ee3c8982
-
SHA512
53f59267e4bfe862e51edb0fd7d356485a7349e7ccd6439c6c88bda921a67909a36efd1690d06fe3c30c8a4433d5c4c1a34c30b928cb29ec45b08045ef4f5747
-
SSDEEP
98304:cTuZYsUpMZzlBC5ngscs0r0aAcsiddcE:Nb8KByng80gt
-
Detect Fabookie payload
-
Fabookie family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
7zS8A52FD1B/62a1ea2df066e_add786971.exe
-
Size
172KB
-
MD5
fa026e2025aee68f7a28808eba6f09af
-
SHA1
28033d304e34b1989d6e6214f962b937f7359856
-
SHA256
06760e7403eeb738fc2cd8c2c9d1597ce9628294332aa66d85f6630659a2486c
-
SHA512
8b206e0ee721a74dbd5f6da921f3e7ed176c048e4814768b5c620c5e90581e7d0279d2603033f5cc98917ad537a87ec459a39f057c8e2beb8d7204e282c2f038
-
SSDEEP
1536:BgNCgaC57gj3z3FL92Qwo5IUJcmH9y9gFtBP51/gpWDtHEOrA3z:uND570j3FL9rwo5r3H+8HgsDd7y
Score10/10-
Smokeloader family
-
Suspicious use of SetThreadContext
-
-
-
Target
7zS8A52FD1B/62a1ea2f0beee_36a9ec29c.exe
-
Size
752KB
-
MD5
900f331bf9be262f435df1bb572ee038
-
SHA1
637b3346cb8fd3f415de6b2b14b0dddb3f89df95
-
SHA256
b1ac45bc5a2dbd25ad6ccf46f8162ee261796616169d9878924b36ae0c6313f2
-
SHA512
f466cb8bee9911d36261fa230114b0edfb00c70cd256e4662781eaf5b6756062126afd81edf3618804e01c8ba8ff2fc3de6acde83c9528382248513d006ccdc5
-
SSDEEP
12288:VQi3IG+zy2Ac6m6UR0IVkmp1hf39Wkv8xwJA:VQiYG+zy2AzHIVXpdUMA
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
7zS8A52FD1B/62a1ea2fb0309_1d35870d.exe
-
Size
212KB
-
MD5
8595eb1a87c49b9b940b46524e1fdf87
-
SHA1
59622f56b46c724876fce597df797512b6b3d12d
-
SHA256
77596040b690af4836406a17c20a69cd5093fd0c470b89df209a26694141bd4c
-
SHA512
cd6a7e25982bdf24ebc34c15b1465dfd8ed7be51f6a8d529309f5aabc811e6a6dd7914c4d6353add01daef8c1f4aaee1002c3f39937998df21d3abadb50535d4
-
SSDEEP
6144:ZDSzP2zTFdXDMtNTVTK6cb5oW36fdaeSZC4:ZO2zxdX4tdJOdoe2LSZC
Score10/10-
Detects LgoogLoader payload
-
LgoogLoader
A downloader capable of dropping and executing other malware families.
-
Lgoogloader family
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
7zS8A52FD1B/62a1ea319013f_e64e1ff.exe
-
Size
1.4MB
-
MD5
72610bbb73a1f4d4e79ad7476a493ef8
-
SHA1
d63fa30ab6d612da64da1ceb3557ec7d4270100a
-
SHA256
fe3b8aa7ce7730aecb8f8477324fec6b024408fb335e3ce29ad9ec3b7f22bcaa
-
SHA512
9ee12fb68a582f2d520840c06c454ebaefe24f5b02601f9438b093573e420864b2612139037d9c60f159ecc598b1558f8473d40b4ca9cbe5130145fcbed3b680
-
SSDEEP
24576:k6pYjfuKDGp9FGF3KUK2pdAlLnbYt6GH7LPv1l1QUeRnHWON5bb7YrLs:TpMRGe/4ebLPv1leUQHXbb7iLs
-
Socelars family
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
7zS8A52FD1B/62a1ea3215fd5_67a668.exe
-
Size
78KB
-
MD5
923ba5913c151121517c52f609242616
-
SHA1
7976305e7afb69e70cca1b29b3e9436b2cd08e25
-
SHA256
5d4b830ec56d8bbfdb305e904e6c0f00fc1744a1c7c15e8c71265d08c3aa35e0
-
SHA512
7e03947d789f40aacd131287d445d0e3dbe95e9ff1e6ceea211009c3424ae55884365119aa46e1bef4cc0adba108a036d9c3330ef6f3acf2f97e0f83f7a0a202
-
SSDEEP
1536:6a9hRWNvAcqdJQG62hXkv09ADrXjJ85q2+3MbBvd2csWfcde20JxPeED:zr8v7qdJQGx/9ADrXja02VB12fe2WxGG
Score3/10 -
-
-
Target
7zS8A52FD1B/libgcc_s_dw2-1.dll
-
Size
113KB
-
MD5
9aec524b616618b0d3d00b27b6f51da1
-
SHA1
64264300801a353db324d11738ffed876550e1d3
-
SHA256
59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
-
SHA512
0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0
-
SSDEEP
3072:nti6N0WeF35Ro7hAWP6cagLSuf6LG3qSbKE4M:ti6N2F33wGJVuHuE
Score3/10 -
-
-
Target
7zS8A52FD1B/libstdc++-6.dll
-
Size
647KB
-
MD5
5e279950775baae5fea04d2cc4526bcc
-
SHA1
8aef1e10031c3629512c43dd8b0b5d9060878453
-
SHA256
97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87
-
SHA512
666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02
-
SSDEEP
12288:ZGRoW1chMjnv+gvJhb6bmpPSmCnh4o0v4Mc2jTrKoDSwq/3PmkfT4CmwcMcP1uE:uowcmBhKmlC4o0v4k1
Score3/10 -
-
-
Target
7zS8A52FD1B/libwinpthread-1.dll
-
Size
69KB
-
MD5
1e0d62c34ff2e649ebc5c372065732ee
-
SHA1
fcfaa36ba456159b26140a43e80fbd7e9d9af2de
-
SHA256
509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
-
SHA512
3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61
-
SSDEEP
1536:xPCESXKWzkxTz8uLfdkWr2sUX8YNKykl1wwwwUXrMZE4cYdz:x6baWwxH8EzSHYZE4cYdz
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1