Overview

overview

10

Static

static

10

Ultimate-D...AT.dll

windows7-x64

3

Ultimate-D...AT.dll

windows10-2004-x64

3

Ultimate-D...rp.exe

windows7-x64

6

Ultimate-D...rp.exe

windows10-2004-x64

6

Ultimate-D...eR.exe

windows7-x64

7

Ultimate-D...eR.exe

windows10-2004-x64

7

Ultimate-D...ub.exe

windows7-x64

3

Ultimate-D...ub.exe

windows10-2004-x64

3

Ultimate-D...eg.exe

windows7-x64

3

Ultimate-D...eg.exe

windows10-2004-x64

3

Ultimate-D...ib.exe

windows7-x64

1

Ultimate-D...ib.exe

windows10-2004-x64

3

Ultimate-D...eR.exe

windows7-x64

7

Ultimate-D...eR.exe

windows10-2004-x64

7

Ultimate-D...ub.exe

windows7-x64

3

Ultimate-D...ub.exe

windows10-2004-x64

3

Ultimate-D...60.exe

windows7-x64

1

Ultimate-D...60.exe

windows10-2004-x64

3

Ultimate-D...m3.exe

windows7-x64

6

Ultimate-D...m3.exe

windows10-2004-x64

6

Ultimate-D...42.exe

windows7-x64

3

Ultimate-D...42.exe

windows10-2004-x64

3

Ultimate-D...er.exe

windows7-x64

7

Ultimate-D...er.exe

windows10-2004-x64

7

Ultimate-D...rp.dll

windows7-x64

1

Ultimate-D...rp.dll

windows10-2004-x64

1

Ultimate-D...ox.exe

windows7-x64

3

Ultimate-D...ox.exe

windows10-2004-x64

3

Ultimate-D...it.dll

windows7-x64

1

Ultimate-D...it.dll

windows10-2004-x64

1

Ultimate-D...er.exe

windows7-x64

7

Ultimate-D...er.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ultimate-DDoS-Attack-Tools-Pack.zip

  • Size

    271.5MB

  • Sample

    250101-emzg6awphn

  • MD5

    cb04eafa537b7d68db170b7f58d395e8

  • SHA1

    986e8c8010382118675faa1b5bd2f94a55876605

  • SHA256

    55ac1d35b409793db31e2e7e3e7f25d899762c308f2777f540d596a8f9467cb1

  • SHA512

    31028203588fc5f9264c6b5c9ffed57cf3dd001c1fce5161de39d8c4b87d91922fe6e47c744e08071f286747a4ccd1ed610b25d5497da645b975de234e5f5bc2

  • SSDEEP

    1572864:2j+nhxiQRB5zwaxhIHxs1/lF3nw/3v5bvla2xM7Eyxgoj2yO:2j+hBkKuHxclF3if5bvla2x6E30O

Score
10/10
modiloaderdiscoveryupx

Malware Config

Targets

    • Target

      Ultimate-DDoS-Attack-Tools-Pack/BBHH-Ultra DoS/COMCAT.DLL

    • Size

      21KB

    • MD5

      3b180da2b50b954a55fe37afba58d428

    • SHA1

      c2a409311853ad4608418e790621f04155e55000

    • SHA256

      96d04cdfaf4f4d7b8722b139a15074975d4c244302f78034b7be65df1a92fd03

    • SHA512

      cf94ad749d91169078b8829288a2fc8de86ec2fe83d89dc27d54d03c73c0deca66b5d83abbeaa1ff09d0acac4c4352be6502945b5187ecde952cbb08037d07e8

    • SSDEEP

      384:23Fob3slaN3oF1fHICOoMzMv/QTIBjDVquODJXsUW7ftWs6:Yo7s28JnOxzMv/QsBjRqugXspd

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      Ultimate-DDoS-Attack-Tools-Pack/DaRKDDoSeR+5.6/CefSharp.lib

    • Size

      1.9MB

    • MD5

      b2ff2c84396125dafbfd74007e03eb0a

    • SHA1

      6e27cb62bfd1a534a2e65ea76835fb4e661a3d55

    • SHA256

      ba72876bf978152d115b5c92d65708a56f0158dba13874e07aa15f81f0550801

    • SHA512

      39248ba9670e124d3d0b7cf0fba13bd09de82a7ed323c8072f7684c726c4eaf155d1f5dc3307eb913df3a8cdf347a93c71928a10e432d55b8a56e8eb8a2e46bb

    • SSDEEP

      24576:ZS/HjpXQIeK/taIHjPDbAwFEBCp3JnR9DURFL4zHmse+4AYTW+V7EJu:ErtxFwA9Fr3JAFEXP4AYTz7

    Score
    6/10
    discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

    • Target

      Ultimate-DDoS-Attack-Tools-Pack/DaRKDDoSeR+5.6/DaRKDDoSeR.exe

    • Size

      227KB

    • MD5

      d1d319a8aadaf8624ae080293ca88e3c

    • SHA1

      363cd77f9804726680af021363d0969bc2ca8762

    • SHA256

      9c399d126842c3dd9cf653a8910fc906789c6a5b332971946de55782e8afad1e

    • SHA512

      b4c5189c602f2d9d6a78bfc754963e7cf8baea32ac728186dfe6c54ec40a138b43e3f974714672ab25ad2de67db6ec6c9dc7a204ff62836ae1ce3e8f64bd20d7

    • SSDEEP

      6144:l/xUSZuwnxJvjiyeFHDi+DZUdHDgKhfoXloecq7o:AARn39eFHDHCDfoXcq7o

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral5behavioral6

    • Target

      Ultimate-DDoS-Attack-Tools-Pack/DaRKDDoSeR+5.6/Stub.exe

    • Size

      128KB

    • MD5

      6d4bed5fe014b37ec088c7f6057deb9d

    • SHA1

      3433959711e4ae92a32cac45df51c7eda9e2085a

    • SHA256

      606412fefac7b53bb7e106358c3dfe3c245976e35757d0b1983a7020be9a563b

    • SHA512

      0c5045d5545f8ae2a01e7b57842ec8620d096bdbbe0051d9bb79941a6e0c8f779936f175ae08d0f3a971dfd69864b0f707ea896b97f9352b97a93c0c7225a09b

    • SSDEEP

      3072:mEYw98LPzR9mGOPQhXFCRVpmL+OT1cmO80y:mEYTrCmXFKpmLcmO

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      Ultimate-DDoS-Attack-Tools-Pack/DaRKDDoSeR+5.6/ffmpeg.dll

    • Size

      1.8MB

    • MD5

      26f56121184843056f1d6e6db3f9844b

    • SHA1

      f8d6c767cab3be5e55608cc5abd30a4c383759e9

    • SHA256

      3ad26e1c16b6f49c6136c0c1c02c5943437349a310a6bcc5a8a0f4924a6f4ae4

    • SHA512

      13a0898a6780f474ab4ffe8e46ca0227f03f2c4d26daaf4b61862eb7374a65d887b96a8672f21247e7f3aac4c49cce77521dd1564983b52f8716219aff894b9d

    • SSDEEP

      24576:2m3hIqxIdAtLA0Q9xtPUf0ZOxGI3ffWgR5vuv54Jdhx76g:2gWaW9xthIXWgR5vuv54Jdhx7n

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      Ultimate-DDoS-Attack-Tools-Pack/DaRKDDoSeR+5.6/lib.bin

    • Size

      275KB

    • MD5

      b9352fa2d673bf124116ba9e5639956e

    • SHA1

      f511f3b653fc0a7a3e49d1cc58c21c9a53fcf79b

    • SHA256

      58a0b8c13f085a3181fecc5d97cdfe5e35892af6b4b31d79657fc88512bb520d

    • SHA512

      eea7bd7ff2023e2239b6d5a5ba96d4ecdab4217ecdd6f7403947aa09b1dd54db533bde3b8ef2256cdb720086754c716842bf98810c135b4d72f281dfe5dd48df

    • SSDEEP

      6144:1PXVt3l07qcbU0ddapOpVXMpUvRz1Kxudx:FFt3lQbU05pm2z1KxY

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      Ultimate-DDoS-Attack-Tools-Pack/Dark DDoser 5.6/DaRKDDoSeR.exe

    • Size

      227KB

    • MD5

      8c000b02040499983ce946bb7e946c95

    • SHA1

      90ab84091ccd47894b64500235c5e8c760e4739b

    • SHA256

      bfa1be8513888e8db1c7c6a1861c5bbd5a47d207a968b3ff2f220844310ab0ab

    • SHA512

      eb4fc2637a17c54c9f77fc7366fee68f60c517dc5da1b3da0cc84e70ffddeaa5ddcae0046dbe0814f78281042cf2cfdaf9684d1ed04be778bf055ff50bbde3e2

    • SSDEEP

      6144:D/7UjZ3wnThvjiYeFHDi+DZUdHDgKh7oiloecq7o:0FgnhXeFHDHCD7oIcq7o

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral13behavioral14

    • Target

      Ultimate-DDoS-Attack-Tools-Pack/Dark DDoser 5.6/Stub.exe

    • Size

      128KB

    • MD5

      6d4bed5fe014b37ec088c7f6057deb9d

    • SHA1

      3433959711e4ae92a32cac45df51c7eda9e2085a

    • SHA256

      606412fefac7b53bb7e106358c3dfe3c245976e35757d0b1983a7020be9a563b

    • SHA512

      0c5045d5545f8ae2a01e7b57842ec8620d096bdbbe0051d9bb79941a6e0c8f779936f175ae08d0f3a971dfd69864b0f707ea896b97f9352b97a93c0c7225a09b

    • SSDEEP

      3072:mEYw98LPzR9mGOPQhXFCRVpmL+OT1cmO80y:mEYTrCmXFKpmLcmO

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      Ultimate-DDoS-Attack-Tools-Pack/Dark DDoser 5.6/ldap60.lib

    • Size

      275KB

    • MD5

      b9352fa2d673bf124116ba9e5639956e

    • SHA1

      f511f3b653fc0a7a3e49d1cc58c21c9a53fcf79b

    • SHA256

      58a0b8c13f085a3181fecc5d97cdfe5e35892af6b4b31d79657fc88512bb520d

    • SHA512

      eea7bd7ff2023e2239b6d5a5ba96d4ecdab4217ecdd6f7403947aa09b1dd54db533bde3b8ef2256cdb720086754c716842bf98810c135b4d72f281dfe5dd48df

    • SSDEEP

      6144:1PXVt3l07qcbU0ddapOpVXMpUvRz1Kxudx:FFt3lQbU05pm2z1KxY

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      Ultimate-DDoS-Attack-Tools-Pack/Dark DDoser 5.6/nssdbm3.bin

    • Size

      1.9MB

    • MD5

      b2ff2c84396125dafbfd74007e03eb0a

    • SHA1

      6e27cb62bfd1a534a2e65ea76835fb4e661a3d55

    • SHA256

      ba72876bf978152d115b5c92d65708a56f0158dba13874e07aa15f81f0550801

    • SHA512

      39248ba9670e124d3d0b7cf0fba13bd09de82a7ed323c8072f7684c726c4eaf155d1f5dc3307eb913df3a8cdf347a93c71928a10e432d55b8a56e8eb8a2e46bb

    • SSDEEP

      24576:ZS/HjpXQIeK/taIHjPDbAwFEBCp3JnR9DURFL4zHmse+4AYTW+V7EJu:ErtxFwA9Fr3JAFEXP4AYTz7

    Score
    6/10
    discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral19behavioral20

    • Target

      Ultimate-DDoS-Attack-Tools-Pack/Dark DDoser 5.6/vcruntime142.cfg

    • Size

      1.8MB

    • MD5

      26f56121184843056f1d6e6db3f9844b

    • SHA1

      f8d6c767cab3be5e55608cc5abd30a4c383759e9

    • SHA256

      3ad26e1c16b6f49c6136c0c1c02c5943437349a310a6bcc5a8a0f4924a6f4ae4

    • SHA512

      13a0898a6780f474ab4ffe8e46ca0227f03f2c4d26daaf4b61862eb7374a65d887b96a8672f21247e7f3aac4c49cce77521dd1564983b52f8716219aff894b9d

    • SSDEEP

      24576:2m3hIqxIdAtLA0Q9xtPUf0ZOxGI3ffWgR5vuv54Jdhx76g:2gWaW9xthIXWgR5vuv54Jdhx7n

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      Ultimate-DDoS-Attack-Tools-Pack/Dos Attacker Alpha 1.1/Black Mamba Dos Attacker.exe

    • Size

      376KB

    • MD5

      4fdb2d64ebf02ba076504269d3d0e2e6

    • SHA1

      6c428aaa2f5f7c11ef6feb1b87eb4492f9f48902

    • SHA256

      ae05c0818cef52933d1c9dccb5bc61c79d0c80e9ab32d429cc097ff2509d88d4

    • SHA512

      2e2357f94cb4b510f4849c1b1265b6a8ab4914e8a1ca2bd140ffdfa125aaaa3d8d5cf1ffe03990d8385d4c1f7b6feb9aa813b8bb670d9e8b88ec9e4038b29fd9

    • SSDEEP

      6144:W/pUPZGwnKPvjiweFHDi+DZUdHDgKhHot8sJAqRTqsTgMcq7o:RxpnkPeFHDHCDHoGMvpqsTgMcq7o

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral23behavioral24

    • Target

      Ultimate-DDoS-Attack-Tools-Pack/War Flooder/AngleSharp.dll

    • Size

      1.2MB

    • MD5

      bf331ab2e9bb06d900929de29c659ae8

    • SHA1

      de373addb4f889e950e875766028471937d91055

    • SHA256

      0b6d37c6113914decb8ae2142dee7cf476206036806821ac6dc63d69269f827b

    • SHA512

      8bb0cbea3ae1e064e3bba2eb6fd07a3eaceaf70b95de925622f35705c118977c36c17c47d6a1986e474f7962066390a693cfc5e0365bf1b4e573bd55229c01d9

    • SSDEEP

      12288:O4jGmiyY0D4qSCFgfNSlKPLCPI9Um8VccZZs0/4bh57RQ10oDpT:O4jGmxvSCF9KmPI9Um8VccZZs73oh

    Score
    1/10
    behavioral25behavioral26

    • Target

      Ultimate-DDoS-Attack-Tools-Pack/War Flooder/Qt5CoreVBox.cfg

    • Size

      1.8MB

    • MD5

      26f56121184843056f1d6e6db3f9844b

    • SHA1

      f8d6c767cab3be5e55608cc5abd30a4c383759e9

    • SHA256

      3ad26e1c16b6f49c6136c0c1c02c5943437349a310a6bcc5a8a0f4924a6f4ae4

    • SHA512

      13a0898a6780f474ab4ffe8e46ca0227f03f2c4d26daaf4b61862eb7374a65d887b96a8672f21247e7f3aac4c49cce77521dd1564983b52f8716219aff894b9d

    • SSDEEP

      24576:2m3hIqxIdAtLA0Q9xtPUf0ZOxGI3ffWgR5vuv54Jdhx76g:2gWaW9xthIXWgR5vuv54Jdhx7n

    Score
    3/10
    discovery
    behavioral27behavioral28

    • Target

      Ultimate-DDoS-Attack-Tools-Pack/War Flooder/WPFToolkit.dll

    • Size

      456KB

    • MD5

      195ed09e0b4f3b09ea4a3b67a0d3f396

    • SHA1

      01a250631397c93c4aab9a777a86e39fd8d84f09

    • SHA256

      aef9fcbb874fc82e151e32279330061f8f22a77c05f583a0cb5e5696654ac456

    • SHA512

      b801c03efa3e8079366a7782d2634a3686d88f64c3c31a03aa5ce71b7bf472766724d209290c231d55da89dd4f03bd1c0153ffeb514e1d5d408cc2c713cd4098

    • SSDEEP

      6144:ABk34hZ9hNZbkDu0WtH7epyiNrt3329rzSkmN0OE0QxlmGJcdBI8rO7le2LvFVNs:OhuUiNrt33sSkmN0OE0QyGJeBwL/G5

    Score
    1/10
    behavioral29behavioral30

    • Target

      Ultimate-DDoS-Attack-Tools-Pack/War Flooder/War Flooder.exe

    • Size

      306KB

    • MD5

      4e927374296b4b9d7b830b546e1ed370

    • SHA1

      43a6afc7ece508ee09fe23cdaaffa42b0179a5e4

    • SHA256

      db287f8e1738f812db54f673d3c7fa8852ac59bf881e16c2b87b2715a506c5fd

    • SHA512

      057d334f196812207280dc83dcf245d1a51353bc3187ff4bf3240229fa7ad8dc6a0b82d9f68483af0624099ad456a00ff26af8b9c40c6958fa05997fd460533c

    • SSDEEP

      6144:X/7USZdwnOpvjiweFHDi+DZUdHDgKhvoZgO4oSxJvusQcq7o:QAunyveFHDHCDvoSO4FQcq7o

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

upxmodiloader
Score
10/10

behavioral1

discovery
Score
3/10

behavioral2

discovery
Score
3/10

behavioral3

discovery
Score
6/10

behavioral4

discovery
Score
6/10

behavioral5

discovery
Score
7/10

behavioral6

discovery
Score
7/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

Score
1/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
7/10

behavioral14

discovery
Score
7/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

Score
1/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
6/10

behavioral20

discovery
Score
6/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
7/10

behavioral24

discovery
Score
7/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

discovery
Score
7/10

behavioral32

discovery
Score
7/10