Overview
overview
10Static
static
10virussign....f0.exe
windows7-x64
7virussign....f0.exe
windows10-2004-x64
7virussign....0c.exe
windows7-x64
10virussign....0c.exe
windows10-2004-x64
10virussign....01.exe
windows7-x64
virussign....01.exe
windows10-2004-x64
virussign....3f.exe
windows7-x64
1virussign....3f.exe
windows10-2004-x64
1virussign....1a.exe
windows7-x64
virussign....1a.exe
windows10-2004-x64
virussign....5b.exe
windows7-x64
10virussign....5b.exe
windows10-2004-x64
10virussign....e3.exe
windows7-x64
7virussign....e3.exe
windows10-2004-x64
7virussign....7e.exe
windows7-x64
10virussign....7e.exe
windows10-2004-x64
10virussign....07.exe
windows7-x64
10virussign....07.exe
windows10-2004-x64
10virussign....34.exe
windows7-x64
3virussign....34.exe
windows10-2004-x64
3virussign....9e.exe
windows7-x64
virussign....9e.exe
windows10-2004-x64
virussign....bf.exe
windows7-x64
10virussign....bf.exe
windows10-2004-x64
10virussign....88.exe
windows7-x64
7virussign....88.exe
windows10-2004-x64
7virussign....db.exe
windows7-x64
7virussign....db.exe
windows10-2004-x64
7virussign....f7.exe
windows7-x64
10virussign....f7.exe
windows10-2004-x64
10virussign....c2.exe
windows7-x64
virussign....c2.exe
windows10-2004-x64
General
-
Target
JaffaCakes118_7a65ea84978d653141d5fe65a05f59831cd7be417ae8c630a4e584647e92b35c
-
Size
827.4MB
-
Sample
241229-mt58aazkh1
-
MD5
2a8f42edc472950c862a87afa8bc7ea6
-
SHA1
d6dd452daaf2315066b301e7d97b8d30028bd334
-
SHA256
7a65ea84978d653141d5fe65a05f59831cd7be417ae8c630a4e584647e92b35c
-
SHA512
e11a975c43f531fce524f91a4ecd0d659032799bd75951883efb1c2161fa0cd5e8f14e0f7bfbd914ca58a10aac4c926e29da618f72cb4f997df16ed4aa3fbaa2
-
SSDEEP
12582912:RMY0yDKupYAcNSic1uZj0pukUisqfkj3vYyBJU77f/xxF86+lyGwlFu6CsZMth05:eeTzoSapDTZBCvnG6Z9lFXVut6OS+oPX
Static task
static1
Behavioral task
behavioral1
Sample
virussign.com_001d76c0f2266cf5275017fe1f500bf0.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
virussign.com_001d76c0f2266cf5275017fe1f500bf0.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
virussign.com_0050131715d61e9d072a3beed31a410c.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
virussign.com_0050131715d61e9d072a3beed31a410c.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
virussign.com_00565e577708a8439c9d885e085c3901.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
virussign.com_00565e577708a8439c9d885e085c3901.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
virussign.com_00689e80f9aaad22a716422b814f233f.exe
Resource
win7-20241023-en
Behavioral task
behavioral8
Sample
virussign.com_00689e80f9aaad22a716422b814f233f.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
virussign.com_0073654a4de7a00dfb7a4df7f9e4851a.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
virussign.com_0073654a4de7a00dfb7a4df7f9e4851a.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
virussign.com_007bfeb463de9ebee397b8e85562845b.exe
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
virussign.com_007bfeb463de9ebee397b8e85562845b.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
virussign.com_00a519bb1b7284727a665faeb741c5e3.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
virussign.com_00a519bb1b7284727a665faeb741c5e3.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
virussign.com_00a6f71a9d6feb05e9e6d489bb90dc7e.exe
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
virussign.com_00a6f71a9d6feb05e9e6d489bb90dc7e.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
virussign.com_00bf354c8d7adcda624dfbb6a3fe6807.exe
Resource
win7-20240729-en
Behavioral task
behavioral18
Sample
virussign.com_00bf354c8d7adcda624dfbb6a3fe6807.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
virussign.com_00e0a4e37515a8bf12e0f4d362720a34.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
virussign.com_00e0a4e37515a8bf12e0f4d362720a34.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
virussign.com_00e0f05fd0ab94ce7601fb13225e259e.exe
Resource
win7-20241023-en
Behavioral task
behavioral22
Sample
virussign.com_00e0f05fd0ab94ce7601fb13225e259e.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
virussign.com_00e8c6172aae832496ff5066c8282abf.exe
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
virussign.com_00e8c6172aae832496ff5066c8282abf.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
virussign.com_00fa4d04b04bf7c7e9ffb1714bb74688.exe
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
virussign.com_00fa4d04b04bf7c7e9ffb1714bb74688.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
virussign.com_011a0ee08993b0bcb944efb9e222d8db.exe
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
virussign.com_011a0ee08993b0bcb944efb9e222d8db.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
virussign.com_012157de815c5e4bf4535ea332b47cf7.exe
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
virussign.com_012157de815c5e4bf4535ea332b47cf7.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
virussign.com_0127bf5b597c936eb89344b860fa6dc2.exe
Resource
win7-20240729-en
Behavioral task
behavioral32
Sample
virussign.com_0127bf5b597c936eb89344b860fa6dc2.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
berbew
http://tat-neftbank.ru/kkq.php
http://tat-neftbank.ru/wcmd.htm
http://crutop.nu/index.php
http://crutop.ru/index.php
http://mazafaka.ru/index.php
http://color-bank.ru/index.php
http://asechka.ru/index.php
http://trojan.ru/index.php
http://fuck.ru/index.php
http://goldensand.ru/index.php
http://filesearch.ru/index.php
http://devx.nm.ru/index.php
http://ros-neftbank.ru/index.php
http://lovingod.host.sk/index.php
http://www.redline.ru/index.php
http://cvv.ru/index.php
http://hackers.lv/index.php
http://fethard.biz/index.php
http://ldark.nm.ru/index.htm
http://gaz-prom.ru/index.htm
http://promo.ru/index.htm
http://potleaf.chat.ru/index.htm
http://kadet.ru/index.htm
http://cvv.ru/index.htm
http://crutop.nu/index.htm
http://crutop.ru/index.htm
http://mazafaka.ru/index.htm
http://xware.cjb.net/index.htm
http://konfiskat.org/index.htm
http://parex-bank.ru/index.htm
http://kidos-bank.ru/index.htm
http://kavkaz.ru/index.htm
http://fethard.biz/index.htm
http://master-x.com/index.php
http://kaspersky.ru/index.php
http://adult-empire.com/index.php
http://virus-list.com/index.php
http://kaspersky.ru/index.htm
http://viruslist.com/wcmd.txt
http://viruslist.com/ppslog.php
http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d
http://f/wcmd.htm
http://f/ppslog.php
http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d
Extracted
urelas
218.54.31.226
218.54.31.165
Extracted
neconyd
http://ow5dirasuek.com/
http://mkkuei4kdsz.com/
http://lousta.net/
Extracted
agenttesla
Protocol: smtp- Host:
mail.mcltransindo.com - Port:
587 - Username:
[email protected] - Password:
mcltelv#06032019# - Email To:
[email protected]
Extracted
xred
xred.mooo.com
-
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
http://xred.site50.net/syn/SUpdate.ini
https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
http://xred.site50.net/syn/Synaptics.rar
https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
http://xred.site50.net/syn/SSLLibrary.dll
Extracted
xworm
104.245.126.72:55638
:55638
-
Install_directory
%AppData%
-
install_file
Defender.exe
-
telegram
https://api.telegram.org/bot6598373047:AAHwDmN1CXWUConr5AXtZNcmeqoatl5MIm0/sendMessage?chat_id=2001505415
Extracted
quasar
1.4.1
Office04
192.168.0.103:4782
4af63002-10c8-4aa5-8c63-b93df49aa916
-
encryption_key
27CFF25A872374DDAAA32E502C2DC500EFFE191D
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
virussign.com_001d76c0f2266cf5275017fe1f500bf0.vir
-
Size
226KB
-
MD5
001d76c0f2266cf5275017fe1f500bf0
-
SHA1
e92e2de0431ab6f001890544214925535dd79e4e
-
SHA256
c3dc11574446e9f6f6a68bc92e709b5377c712401907e149c0507192db955be5
-
SHA512
72831e33a2896262b59e4c515183d60fca6a3be99e0e55a21904021e304b9563830ac04d3cc167d8b54dfc894e869a24bebe20470ad90b2eea18acdb614ff240
-
SSDEEP
6144:R4lwZ40243s0gJvyTZaPYZeHF/tIzi+Tk98i9goc8VRtiZYj:qn0d8PJvyQYZelVIziveo/Rtii
Score7/10-
Loads dropped DLL
-
-
-
Target
virussign.com_0050131715d61e9d072a3beed31a410c.vir
-
Size
1.4MB
-
MD5
0050131715d61e9d072a3beed31a410c
-
SHA1
8e901e106b282ae12df7593112e37801b2ffe903
-
SHA256
b48eccb23d6c3697a8930d16fb5a41773b8f596d77be3eed282ce77854899456
-
SHA512
a416b19e9c088aa3771ebe7cba2f91d7ca64d2cb553ad290cb1ae8b70d95f65d1eca1a82fe597184062f2480b65833c099a3439cb3ed7d03ff24bb0e239e8178
-
SSDEEP
24576:GezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbBwlKenKB/ksiZdMzPxFh1GuzSYj:GezaTF8FcNkNdfE0pZ9oztFwI7ei11Z
-
Xmrig family
-
XMRig Miner payload
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
virussign.com_00565e577708a8439c9d885e085c3901.vir
-
Size
712KB
-
MD5
00565e577708a8439c9d885e085c3901
-
SHA1
4493fff8b6656d235cbfa9469e81857fc365f928
-
SHA256
257f64f00d9ae803841bd4621b265bdfcf08e046384911400fe2578c3c9b9059
-
SHA512
c6299a89e73e964d5dd6296a4420520c4da0e36057d8145f423b269c28dc6db6bba8c4b17cda60f3c045fec8bc1ebd5cbf79c0e69b93bacee78ee565d44edfdc
-
SSDEEP
12288:wqBF6oVTk26GXLNaGUnFsnvvSpjsvPmJLZwyTJ2GbNjOjN:vBF6727XL1+KvSjsvCDrAN
Score1/10 -
-
-
Target
virussign.com_00689e80f9aaad22a716422b814f233f.vir
-
Size
110KB
-
MD5
00689e80f9aaad22a716422b814f233f
-
SHA1
566ffb28a550d534790b39908079afeef53dbf4e
-
SHA256
af53073a2e8822a85be4057d6b1862771c0274d7ec5a0b31271cb9e95ec563ef
-
SHA512
dc4947da94bb829874995908ec5f63e40dda61f013c1d3b65d287ca62008768929a418700b2f66a25af131c8aa77a7d1e0d0e0e99901b29a1b953d60a3cd5290
-
SSDEEP
3072:tbCETB4dDyUuFbwmfFBouhvGK02VhqUIEH:hCVDyUuFbwmfFBouhvGK02VhqUn
Score1/10 -
-
-
Target
virussign.com_0073654a4de7a00dfb7a4df7f9e4851a.vir
-
Size
775KB
-
MD5
0073654a4de7a00dfb7a4df7f9e4851a
-
SHA1
2235dd2c7f1f504ee317d2253ab881086f882510
-
SHA256
1a4412182c5b7beb07783cf2b067581c2efe87cb2a58d13284b43e169ed10aa2
-
SHA512
ba34e9fe635a3402941a956bba2f5d34cb584464e8eb00c34b4f74fb9e0b9fc6ef18e980a82be63520990ee19b2f30a3f7c088d7904bf11b5b803f150840a751
-
SSDEEP
12288:wqBF6oVTk26GXLNaGUnFsnEV+43Ykj7MwunhhAan8wfrC4ne5ovdDjN1:vBF6727XL1+Ki+4in3Tnzfrte50N1
Score1/10 -
-
-
Target
virussign.com_007bfeb463de9ebee397b8e85562845b.vir
-
Size
434KB
-
MD5
007bfeb463de9ebee397b8e85562845b
-
SHA1
f55bb54a6341511aff404ffa98efc0bc1681c9f6
-
SHA256
940b24e2c55de6aa6ce0b5ba3e5e9b2994062f6003f01314b97cabc9d7151d0d
-
SHA512
215ba1e5134da92b94f255c2e16567ba6b099efdc4cc1b0ae2c3836b6b2fde28522cc3bd61b21371ed8b7e750c8125c61eeaffd9ea6b64cd20d66423eacc4bc4
-
SSDEEP
12288:HZxDmOQjkMmVY2gsvmQjBImVYymVY2gsv:L9Y2gsHYNY2gs
-
Adds autorun key to be loaded by Explorer.exe on startup
-
Berbew family
-
Xmrig family
-
XMRig Miner payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
virussign.com_00a519bb1b7284727a665faeb741c5e3.vir
-
Size
101KB
-
MD5
00a519bb1b7284727a665faeb741c5e3
-
SHA1
4ae2011819af55c9f94a4ffb042ce5d052930f6a
-
SHA256
9f8837466bc78d70a12537e035547b584efce0075db99ed37b6b213ef4a4b8c1
-
SHA512
c7feede61cd71af5d8646e9e0c950a48b60895f4aa3befb5b874b8db469e6b018de4826c4fdd1f294d350bba0c05ae82da772e09696a7dd334f8c26c53d70009
-
SSDEEP
1536:0GYU/W2FHG6jMauSV3ixJHABLrmhH7i9CO+WHg7zRZICrWaGZh7j:0fU/Wr6jMauSuiWNi9CO+WARJrWNZ1
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
-
-
Target
virussign.com_00a6f71a9d6feb05e9e6d489bb90dc7e.vir
-
Size
1.2MB
-
MD5
00a6f71a9d6feb05e9e6d489bb90dc7e
-
SHA1
5acccf16c169efa645ca9a75a8b611072ab94ecb
-
SHA256
e77100fd7247439b64dc73d87e57634e67cf14e58ab08db2f7fbdcc4fdf3a034
-
SHA512
c250d7758990dc4de400694624a18504724d5519fe67eee8c114b59bcf35b42b97ae04b376a2c290b724bf4bc6fd8cf7cbd154579d58ba53c8462b7241a34807
-
SSDEEP
24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjhMgQhCwbvjOuhiS+:Lz071uv4BPMkHC0INFWOuhp+
-
KPOT Core Executable
-
Kpot family
-
Urelas family
-
Xmrig family
-
XMRig Miner payload
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
virussign.com_00bf354c8d7adcda624dfbb6a3fe6807.vir
-
Size
1004KB
-
MD5
00bf354c8d7adcda624dfbb6a3fe6807
-
SHA1
30d5f3256baa66aa277f5d5e0e0bab86e8a288c0
-
SHA256
8f2d40aa8793bb1f289e2840b059b7ce9d1487c160d8f0e9e4e5053b6105d633
-
SHA512
1255c9097a0dcda17e455134293744fbdc37ad02fb8a44df225c5f6c035d4afd1372f6e8523018fe3d57528b3cd678ed1c14815004211b577ab355ca6d941bda
-
SSDEEP
24576:RVIl/WDGCi7/qkatXBF6727HeoPO+XC7A9GaFs1XllvxWUAI:ROdWCCi7/rahOYill
-
Xmrig family
-
XMRig Miner payload
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
-
-
Target
virussign.com_00e0a4e37515a8bf12e0f4d362720a34.vir
-
Size
606KB
-
MD5
00e0a4e37515a8bf12e0f4d362720a34
-
SHA1
d8a4bb480d1c0995cc63d73b00fcbf7ae36b8f5e
-
SHA256
99865dc550f094797f92e7b7c1c7d61f647f01b7f3644539153c8c1bd17deb9f
-
SHA512
38ec195e08220727d61e8c1ce0ded9df250bfaeebb797a65e5e669cc3863e0f996b4e35661915695b69bed8cc0ce07f85705dc810c2f8b39520709bc1428e792
-
SSDEEP
6144:RqlIyFESWu0SWuGSL2seZ5tDlYFGJx/Gw7vl:ty4seZaGXGwDl
Score3/10 -
-
-
Target
virussign.com_00e0f05fd0ab94ce7601fb13225e259e.vir
-
Size
748KB
-
MD5
00e0f05fd0ab94ce7601fb13225e259e
-
SHA1
5ff89ebc5bd387c29d134f035e7ba6848f874750
-
SHA256
16a81c9b421f34da2235ec48130e70185d8e925dc3f8f3a3891421ed5f0765e1
-
SHA512
404757c195eeb6e2956727575918adb4be313e60262415345ae96dc4b7448aa993c015c0055831a20b611beb638bb31d633d3e0820ed0a5c71c61365e89da2b5
-
SSDEEP
12288:wqBF6oVTk26GXLNaGUnFsnEV+43Ykj7MwunhhAan8wfrC4ne5kNjl:vBF6727XL1+Ki+4in3Tnzfrte5kz
Score1/10 -
-
-
Target
virussign.com_00e8c6172aae832496ff5066c8282abf.vir
-
Size
128KB
-
MD5
00e8c6172aae832496ff5066c8282abf
-
SHA1
ecbc64509f0f604d7877066e53e0116e122899a2
-
SHA256
7a5ca7cdd82bb3d066397bb48c95a9d40d59c1b1725f7566048f5142c99f085d
-
SHA512
9cf9704ce2d0907043bad5a84df7cf9cf8348b2da23975ab73a36bc9778d7bc568298f828b92a22d94e2d0f003d5ea39374226302e54c199c81551c1bf04a5fe
-
SSDEEP
1536:zMtcFRfsQw267SdDke1Hoy+GsHQjILQ9FKGXllUDtM60TD4ruhiZlrQIFiglF9xu:zXU/21IsHKG7UDd0pCrQIFdFtLQ
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Berbew family
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
virussign.com_00fa4d04b04bf7c7e9ffb1714bb74688.vir
-
Size
508KB
-
MD5
00fa4d04b04bf7c7e9ffb1714bb74688
-
SHA1
ec7c25e560fbfda8f3ae83bd67824c505fe71ae4
-
SHA256
2c610fe3c5e17ca7280991967a80f2bb0a6008cea326439bc8320196dd07848a
-
SHA512
06823d209875a6ba7eedf66b09f7de5a0135f843ef0ed0fd353bfc7069a850f47883a130ec7547170eacd4a1a2701e7828476c8957bff487530363ac4b056bb4
-
SSDEEP
12288:lXa8s0fUDw52+TuIr+grnSQvtSKDd9qcsX3n0A8:lq8nfUGuIr+eSoR9qPnM
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
virussign.com_011a0ee08993b0bcb944efb9e222d8db.vir
-
Size
624KB
-
MD5
011a0ee08993b0bcb944efb9e222d8db
-
SHA1
a77a497a6bcbc3985fef9d412e850ab47b51a5f7
-
SHA256
e53bfce71f72f97a918b370c3c6befbfd423a693c464f6c68cfa866f387ba2ed
-
SHA512
14cd2c8556cc6bc54810bded27fcaa5a7ee6963de82c46a6a12750ecf5afbc422257d35eca11cf0aa72a62b0b7e4d27ed53516fe56ed8b1ca54a58f61ce3e4dd
-
SSDEEP
12288:7QhAHV4KWkcsZQX9aLisvNeOVQ5zCD4TyWN9VysX7rdGrr5Mv:7+X9aLisvNeOVQ5zY4xN9VyU7
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
virussign.com_012157de815c5e4bf4535ea332b47cf7.vir
-
Size
117KB
-
MD5
012157de815c5e4bf4535ea332b47cf7
-
SHA1
8cbe1465ce8b2bd65f40b0d0a6be97746ace877c
-
SHA256
44989161b9103a1dc8df8428b3881efa50b734f148cfdf6fd27d86a7c21b0f99
-
SHA512
64c30c1d92ba07b13d9ce9b7680dfce12181c590e003766952365ed459938282abd243c3af07bdef3c75598ac6409bfc49aca915f5b8f0e683ac9eb43a82b0d7
-
SSDEEP
1536:p40LmYP3qgfcLPG9LEe/QuruSs1KAhaFFfUN1Avhw6JCM:ZLmk3qZuPzqhaFFfUrQlM
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Berbew family
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
virussign.com_0127bf5b597c936eb89344b860fa6dc2.vir
-
Size
966KB
-
MD5
0127bf5b597c936eb89344b860fa6dc2
-
SHA1
6ca075593669a32a3f0a500c0c005eda0eacd739
-
SHA256
6bef917725df34c7b8e76b609e95c9b672938f72c1cf9c6b570f50c9d20b5576
-
SHA512
c577622c0c78cdf2d9ae66dd3054e41ea63ead75fe211bd2133275f3610d44ae320a440f3cae6755580be27e9fed566e1bcaec17fd2b7f4046875e488eb3ce9d
-
SSDEEP
12288:wqBF6oVTk26GF15CUqbGuC4DCjBSwVd+1bBTDQlfIkjY4C0ivWBD4Cg3CH:vBF6727F15qbrund+fT+gsYb0i+6vM
Score1/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1