General
-
Target
The-MALWARE-Repo-master.zip
-
Size
198.8MB
-
Sample
250104-bfacxavpgr
-
MD5
af60ad5b6cafd14d7ebce530813e68a0
-
SHA1
ad81b87e7e9bbc21eb93aca7638d827498e78076
-
SHA256
b7dd3bce3ebfbc2d5e3a9f00d47f27cb6a5895c4618c878e314e573a7c216df1
-
SHA512
81314363d5d461264ed5fdf8a7976f97bceb5081c374b4ee6bbea5d8ce3386822d089d031234ddd67c5077a1cc1ed3f6b16139253fbb1b3d34d3985f9b97aba3
-
SSDEEP
6291456:wNl3aFW2h9/fiTwCzCLS6iilVkLZgAEtknRzq:wDaFd//Orcpi4VkL6AfRG
Malware Config
Extracted
njrat
0.7d
Geforce
startitit2-23969.portmap.host:1604
b9584a316aeb9ca9b31edd4db18381f5
-
reg_key
b9584a316aeb9ca9b31edd4db18381f5
-
splitter
Y262SUCZ4UJJ
Extracted
remcos
1.7 Pro
Host
nickman12-46565.portmap.io:46565
nickman12-46565.portmap.io:1735
-
audio_folder
audio
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
5
-
copy_file
Userdata.exe
-
copy_folder
Userdata
-
delete_file
true
-
hide_file
true
-
hide_keylog_file
true
-
install_flag
true
-
install_path
%WinDir%\System32
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%WinDir%\System32
-
mouse_option
false
-
mutex
remcos_vcexssuhap
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screens
-
screenshot_path
%AppData%
-
screenshot_time
1
-
startup_value
remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Extracted
revengerat
Guest
0.tcp.ngrok.io:19521
RV_MUTEX
Extracted
danabot
51.178.195.151
51.222.39.81
149.255.35.125
38.68.50.179
51.77.7.204
Targets
-
-
Target
The-MALWARE-Repo-master/Banking-Malware/DanaBot.exe
-
Size
2.7MB
-
MD5
48d8f7bbb500af66baa765279ce58045
-
SHA1
2cdb5fdeee4e9c7bd2e5f744150521963487eb71
-
SHA256
db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1
-
SHA512
aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd
-
SSDEEP
49152:bbevayZlMTWkygVy0nQZfVY2BtZzpPL4PuQ65+6Dv7m0KXTn:bbexZlMQcEVY2BtZzpPL4WQI9U
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Danabot family
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
-
-
Target
The-MALWARE-Repo-master/Banking-Malware/Dridex/Dridex.JhiSharp.dll.9d75ff0e9447ceb89c90cca24a1dbec1
-
Size
148KB
-
MD5
9d75ff0e9447ceb89c90cca24a1dbec1
-
SHA1
ebae1054d69619e9e70c9b2e806edb9000d7feb9
-
SHA256
f2b33edb7efa853eb7f11cb8259243238e220fdc0bfc6987835ba1b12c4af1eb
-
SHA512
6df94dbe3681c1cb572d63e54a6753b3bae7075b86507f33f152795c6e61f1feac6742986d7c72a2834f28c85d0a1890bb31b5888b98b29754300dceb63e210d
-
SSDEEP
1536:t1hWmKdZ9WmQTt+6KK2Ml+dZyx6wVIWiwiuvro1d2C91q5nYaY4vV4KBmX:t1hYZQtTt+02G+dHgMuzWZ1qISVkX
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex family
-
Deletes itself
-
Network Share Discovery
Attempt to gather information on host network.
-
-
-
Target
The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexDroppedVBS.925da3a10f7dde802c8d87047b14fda6
-
Size
140KB
-
MD5
925da3a10f7dde802c8d87047b14fda6
-
SHA1
1fc59fbf692f690b9fe82cfafc9dcbd5aac31a68
-
SHA256
c94fe7b646b681ac85756b4ce7f85f4745a7b505f1a2215ba8b58375238bad10
-
SHA512
82588188de13f34cd751da7409f780c4fc5814da780fe8cad1fa73370414fb24b9822fc56f1f162d0db4a5c27159c225bc4d4fb061a87cb3c0d89b067353a478
-
SSDEEP
3072:X9z9zjy6WEba5uuoLPhiVF3NT5nNpytoQE:X9J9gu0td5nN4
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex family
-
Deletes itself
-
Network Share Discovery
Attempt to gather information on host network.
-
-
-
Target
The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexLoader.bin.exe.c26203af4b3e9c81a9e634178b603601
-
Size
212KB
-
MD5
c26203af4b3e9c81a9e634178b603601
-
SHA1
5e41cbc4d7a1afdf05f441086c2caf45a44bac9e
-
SHA256
7b8fc6e62ef39770587a056af9709cb38f052aad5d815f808346494b7a3d00c5
-
SHA512
bb5aeb995d7b9b2b532812be0da4644db5f3d22635c37d7154ba39691f3561da574597618e7359b9a45b3bb906ec0b8b0104cbc05689455c952e995759e188b6
-
SSDEEP
3072:Te8LOIa22GwayjbzJ4xgAW8NeN00w7Aoalm2HdTStgjuPaMe+H9tJA:iUOIa2sZjPJJQiw4igjAL
Score7/10-
Deletes itself
-
Network Share Discovery
Attempt to gather information on host network.
-
-
-
Target
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A. dbf96ab40b728c12951d317642fbd9da
-
Size
132KB
-
MD5
dbf96ab40b728c12951d317642fbd9da
-
SHA1
38687e06f4f66a6a661b94aaf4e73d0012dfb8e3
-
SHA256
daab430bb5771eaa7af0fbd3417604e8af5f4693099a6393a4dc3b440863bced
-
SHA512
a49cc96651d01da5d6cbb833df36b7987eafb4f09cc9c516c10d0d812002d06ae8edee4e7256c84e300dc2eadad90f7bb37c797bccdee4bad16fcaf88277b381
-
SSDEEP
3072:uItv1YJOQnVc2pEANuoUeyCx9CC5O86BJaoqsf:xrr2pEANuXCx9Jd6c
Score7/10-
Deletes itself
-
Network Share Discovery
Attempt to gather information on host network.
-
-
-
Target
The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.6164228ed2cc0eceba9ce1828d87d827
-
Size
152KB
-
MD5
6164228ed2cc0eceba9ce1828d87d827
-
SHA1
cea5bc473c948a78ce565b6e195e6e25f029c0c6
-
SHA256
7fa83f0588f0f50d0635313918137c05cb59aa672d842f864073aebb72c66195
-
SHA512
b53ac27397ce5453fa008d1a2e98f9f66be7d7f08375b92c88007544c09ab844d6c8eeceb2221c988e0a0d6ffc2a8a290e49715e3062a74bcd2310d41bffcc37
-
SSDEEP
3072:VqD/ri6AM4odK4J663POAQgG8rYKvh+5Nl:V0xlIBwPOA+8Zhu
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex family
-
Deletes itself
-
Network Share Discovery
Attempt to gather information on host network.
-
-
-
Target
The-MALWARE-Repo-master/Email-Worm/Amus.exe
-
Size
50KB
-
MD5
47abd68080eee0ea1b95ae31968a3069
-
SHA1
ffbdf4b2224b92bd78779a7c5ac366ccb007c14d
-
SHA256
b5fc4fd50e4ba69f0c8c8e5c402813c107c605cab659960ac31b3c8356c4e0ec
-
SHA512
c9dfabffe582b29e810db8866f8997af1bd3339fa30e79575377bde970fcad3e3b6e9036b3a88d0c5f4fa3545eea8904d9faabf00142d5775ea5508adcd4dc0a
-
SSDEEP
768:/9NC1eO7wvsgyjgLCtKbqvYGjaESiKMH6BJJE+XqYq7wvefY:/9NC1eOMFyjt2/wDrcq/Mveg
Score6/10-
Adds Run key to start application
-
-
-
Target
The-MALWARE-Repo-master/Email-Worm/Anap.a.exe
-
Size
16KB
-
MD5
0231c3a7d92ead1bad77819d5bda939d
-
SHA1
683523ae4b60ac43d62cac5dad05fd8b5b8b8ae0
-
SHA256
da1798c0a49b991fbda674f02007b0a3be4703e2b07ee540539db7e5bf983278
-
SHA512
e34af2a1bd8f17ddc994671db37b29728e933e62eded7aff93ab0194a813103cad9dba522388f9f67ba839196fb6ed54ce87e1bebcfd98957feb40b726a7e0c6
-
SSDEEP
192:nC34zPAmm2VkeyLffMhyyuyeYHOGFeDK6P6t6:U6oj7LLffMI/jqBo
Score3/10 -
-
-
Target
The-MALWARE-Repo-master/Email-Worm/Axam.a.exe
-
Size
11KB
-
MD5
0fbf8022619ba56c545b20d172bf3b87
-
SHA1
752e5ce51f0cf9192b8fa1d28a7663b46e3577ff
-
SHA256
4ae7d63ec497143c2acde1ba79f1d9eed80086a420b6f0a07b1e2917da0a6c74
-
SHA512
e8d44147609d04a1a158066d89b739c00b507c8ff208dac72fdc2a42702d336c057ae4b77c305f4ccdfe089665913098d84a3160a834aaebe41f95f4b4bfddeb
-
SSDEEP
192:33K8Vn5fAIBkPA9tQdEnhAv+mKqh1RwE9gCOMv8eIry2aZoa5qq/:33X54IB8SCY2W3qmSgaIrTDSqq/
Score7/10-
Drops startup file
-
Adds Run key to start application
-
-
-
Target
The-MALWARE-Repo-master/Email-Worm/Brontok.exe
-
Size
106KB
-
MD5
d7506150617460e34645025f1ca2c74b
-
SHA1
5e7d5daf73a72473795d591f831e8a2054947668
-
SHA256
941ebf1dc12321bbe430994a55f6e22a1b83cea2fa7d281484ea2dab06353112
-
SHA512
69e0bd07a8bdbfe066593cdd81acd530b3d12b21e637c1af511b8fee447831b8d822065c5a74a477fe6590962ceff8d64d83ae9c41efd930636921d4d6567f6f
-
SSDEEP
768:i9R/zAKUQfZw7j4KBHZD8f5R3ETmv48Xxh04UwQaMzl6G1gNov35BMC:0AcwPf5D8rUTmnX9maQ6SgM5
Score1/10 -
-
-
Target
The-MALWARE-Repo-master/Email-Worm/Bugsoft.exe
-
Size
32KB
-
MD5
70f549ae7fafc425a4c5447293f04fdb
-
SHA1
af4b0ed0e0212aced62d40b24ad6861dbfd67b61
-
SHA256
96425ae53a5517b9f47e30f6b41fdc883831039e1faba02fe28b2d5f3efcdc29
-
SHA512
3f83e9e6d5bc080fb5c797617078aff9bc66efcd2ffac091a97255911c64995a2d83b5e93296f7a57ff3713d92952b30a06fc38cd574c5fe58f008593040b7f0
-
SSDEEP
384:/TELevJlARz3z1AWoYbEz3QqRbViB3CoUEmeQo/o2Y0gsjDWK7L:/gLevJlARz3z1AWoYbEz3Ngk6WK7L
Score4/10 -
-
-
Target
The-MALWARE-Repo-master/Email-Worm/Duksten.exe
-
Size
9KB
-
MD5
900ebff3e658825f828ab95b30fad2e7
-
SHA1
7451f9aee3c4abc6ea6710dc83c3239a7c07173b
-
SHA256
caec6e664b3cff5717dd2efea8dcd8715abdcfe7f611456be7009771f22a8f50
-
SHA512
e325f3511722eee0658cfcf4ce30806279de322a22a89129a8883a630388ab326955923fa6228946440894bd2ef56d3e6dfda3973ea16cc6e463d058dd6e25ce
-
SSDEEP
192:SwPplT5bFhtWHIBAfU2Du6jWuo/TOvZQZPAb:dp3jsH+V2Du66V/TOx84b
Score6/10-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
The-MALWARE-Repo-master/Email-Worm/Funsoul.exe
-
Size
44KB
-
MD5
a13a4db860d743a088ef7ab9bacb4dda
-
SHA1
8461cdeef23b6357468a7fb6e118b59273ed528c
-
SHA256
69ee59cee5a1d39739d935701cfa917f75787b29e0b9bda9ada9e2642ade434c
-
SHA512
52909b5fcbf00ef4025f6051ee1b8a933fc2a0bd7a292fe25fac708f358e7c96d6d31ba263d07128d56bc614fcbd053b2fa1249024a8138baf30da8ac5f54806
-
SSDEEP
768:F/17QoluKpG4oELGtfeaWqoWhnVCjEat+ois5bfEGgQJNH:F/sKIbt1O+O5b1n
Score3/10 -
-
-
Target
The-MALWARE-Repo-master/Email-Worm/Gruel.a.exe
-
Size
100KB
-
MD5
b0feccddd78039aed7f1d68dae4d73d3
-
SHA1
8fcffb3ae7af33b9b83af4c5acbb044f888eeabf
-
SHA256
5714efd4746f7796bbc52a272f8e354f67edfb50129d5fdaa1396e920956d0d6
-
SHA512
b02b9476eeb9c43fcfef56949f867c1c88f152d65f3961a2838b8bff02df2383945aefb9a8c517ac78d79b5a9163c7677f5b6238f4624b1966994c9c09eb428d
-
SSDEEP
1536:ThBfyxwMz14BSSQGRwmkwmGDAzGC6TaPAlbv/g:1BKxwMz14wSQGGUDAATaPAlbv/g
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
The-MALWARE-Repo-master/Email-Worm/Happy99.exe
-
Size
9KB
-
MD5
02dd0eaa9649a11e55fa5467fa4b8ef8
-
SHA1
a4a945192cb730634168f79b6e4cd298dbe3d168
-
SHA256
4ebe3e1af5e147c580ecce052fe7d7d0219d5e5a2f5e6d8a7f7291735923db18
-
SHA512
3bf69de674737ca15d6ff7ce73396194f3631dc4b8d32cc570adeeacdc210acee50fd64c97172ce7cc77f166c681d2ccd55955b3aca9188813b7ff6f49280441
-
SSDEEP
192:nR81cIkA5Dbaj/CaFx40Z9HnLH8bzTbjt5BNUFO:RycyhqN4u9HnLH8bnbjtpl
Score5/10-
Drops file in System32 directory
-
-
-
Target
The-MALWARE-Repo-master/Email-Worm/Kiray.exe
-
Size
13KB
-
MD5
f22ae972aee081ec86faa30e73d9675f
-
SHA1
a559057e10f7e524688043ca283e2380739d6744
-
SHA256
166865fdb90e7964e7ea57a282343026d878230215e5694145f88a8afb56132f
-
SHA512
80c000c1ee73a402d0960ee768272096541786eacda7b938f9791ca3da067f5838c6850c74dff466cccde11851989062328b4a3d87b2eb99a6cac0efcf45f4c1
-
SSDEEP
384:XTm/Ye8zdTyBsyqAIZhgMFfpX5xqd1SJ5m:XHWsyqAggUnJI
Score7/10-
Modifies system executable filetype association
-
-
-
Target
The-MALWARE-Repo-master/Email-Worm/Klez.e.exe
-
Size
86KB
-
MD5
f2db87b351770e5995e9fcaad47d9591
-
SHA1
4c75bd93f458096fbc27fa852e16ce25a602f267
-
SHA256
3113fa9a3cf00ed423a2c686a2ffb19586f6a047747de65a93436a7dca8fcfa7
-
SHA512
608e74274b555a239534a9d43514e07cb8aad9b13baf4cc383e8c21ea4e9ebd36162dc0b4bf30a0975c334facf23d6e63742e2bbe4ba400e80d9f191893a84fc
-
SSDEEP
768:zXS6Lnze1gshn5ew/QuBdL/4Ckir4SWeq3HwFdkt+Afs2DBnoLK6KcgMvtD:TSSnze1gsJ55n/4CkOwwF+bho0st
Score7/10-
Executes dropped EXE
-
Drops file in System32 directory
-
-
-
Target
The-MALWARE-Repo-master/Email-Worm/Lacon.exe
-
Size
12KB
-
MD5
cb0f7b3fd927cf0d0ba36302e6f9af86
-
SHA1
32bdc349a35916e8991e69e9be1bd2596b6321cc
-
SHA256
9b3f73a12a793d1648f3209e1e3f10bbb548b1ec21d53b8ac060b7b95ae4ef1f
-
SHA512
e6152f3645d73c63f3f3aa9881fe8b404f9794b14a8ecaea659621828462baf042c13c88bb7f2c32277fa854ceda3056d09aa5603e92b107c6c8194464154252
-
SSDEEP
192:W+4C8fFkIp+ShIKIw4MUbLblp1E7qBalMyIl3PAHN0PhNx:W5kIp1IM4MUbPn1afIK4x
Score7/10-
Drops startup file
-
Adds Run key to start application
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
The-MALWARE-Repo-master/Email-Worm/Lentin/Lentin.d.exe
-
Size
26KB
-
MD5
d9ce0273f791da275ed2a69446413a87
-
SHA1
38cf7ea93d74fb770bfba766845cf29bef0169df
-
SHA256
aa2e8d70654e30cf11e2b57e92cea72a9823a048f75fc9029da04e1e4d8a9810
-
SHA512
a521b2a55207c9996c0399bc0403c0865c23bf7457b5cfa80d0bec2c2eeb898a30599d99dda15ece4aa5db405c46ea4183d4b3bac20a3d5836775efccedd0f8e
-
SSDEEP
384:EfhdE5u7Gd2xurrqotHeK5oeh94uKcAvl50HHMqn7VtN3F/n4tyyUGLtFly0s:SEc7KPrGotHeKzAXvWMO13ZerL/5s
Score7/10-
Modifies system executable filetype association
-
-
-
Target
The-MALWARE-Repo-master/Email-Worm/Magistr.exe
-
Size
107KB
-
MD5
9890349fe3c68f5923b29347bba021a4
-
SHA1
fa080a50486b205b75833a6b5c9505abb1e3b4df
-
SHA256
068f2ee28af7645dbf2a1684f0a5fc5ccb6aa1027f71da4468e0cba56c65e058
-
SHA512
aedd86837987cbe8c0b1cf3b4ca0c3a875e4cc9bcc8097c160d0d6070427ad9e1d871d5339ea95cc03499c39a6536b5a6b6d43372a49eeaf2e87bf755a3d3367
-
SSDEEP
3072:pRr1m0iQwTlFiIoXTLDCLLUsgULFsfMGdd64:Lk0LCwIi3DMUwFNGd04
Score3/10 -
-
-
Target
The-MALWARE-Repo-master/Email-Worm/Maldal.a.exe
-
Size
80KB
-
MD5
cbcd34a252a7cf61250b0f7f1cba3382
-
SHA1
152f224d66555dd49711754bf4e29a17f4706332
-
SHA256
abac285f290f0cfcd308071c9dfa9b7b4b48d10b4a3b4d75048804e59a447787
-
SHA512
09fdcb04707a3314e584f81db5210b2390f4c3f5efa173539f9d248db48ae26b3a8b240cf254561b0ecb764f6b04bb4c129832c6502d952d1960e443371ce2a9
-
SSDEEP
1536:wh6S2wzALFx8hkMsiUmxi6QPitAKQjY8c4B5h:dS212xlQvKCYx4B
Score5/10-
Drops file in System32 directory
-
-
-
Target
The-MALWARE-Repo-master/Email-Worm/Mari.exe
-
Size
44KB
-
MD5
6513e97cffb6656fd7b5a29859fe47d3
-
SHA1
9ea95b90f501fa4b1fd4798622e7d736413d56f5
-
SHA256
efb67be90882ded2d3e53e463ae175a4b4b5229ca6929b835fa7dd4687801144
-
SHA512
87b34e2f980f446b0372815ee54942d42439c6b063f934f78b8ac1f8f04c9a8a48a2674621e83f62d0d2eae59f134a9eb6e033c698da56ddb8b3919d1f4e59ec
-
SSDEEP
768:dcndMPZ6pdQgrnuRublkbjxLxm8rWezfsNH8I:yiB6p6JzfPI
Score3/10 -
-
-
Target
The-MALWARE-Repo-master/Email-Worm/MeltingScreen.exe
-
Size
17KB
-
MD5
4784e42c3b15d1a141a5e0c8abc1205c
-
SHA1
48c958deba25a4763ef244ac87e87983c6534179
-
SHA256
9d355e4f9a51536b05269f696b304859155985957ba95eb575f3f38c599d913c
-
SHA512
d63d20a38602d4d228367b6596454a0f5b2884c831e3a95237d23b882abd624de59ea47835636b06a96e216f1decf8c468caacd45e5d3b16a5eb9e87bc69eb97
-
SSDEEP
384:eHsipOITNe52uuCiuhwYW5t/QS5uoIjkg:PivNZuhi+wYW5toBoB
Score3/10 -
-
-
Target
The-MALWARE-Repo-master/Email-Worm/Merkur.exe
-
Size
44KB
-
MD5
e6f8f701d646b193139cf0a92229455f
-
SHA1
b7747d41fcf52c3611af1153e46183dacbb3c709
-
SHA256
7e89fabfdbe214bf6a6f9730f3e451e69f752b62bbd54c0a81d2aae2320abd2c
-
SHA512
135d69ed4b3acdeaf45639090cefd48fa02f9ff1fb168d249717d0e2d3295530b697d8ff3fea84fa20a66aeb99437e5b0f2a2c3936f2a109c1068816263003ae
-
SSDEEP
384:/T16PQm7lU7lnDSLOwglunEuMhlkW3YpCzkVei7kVrcwh8PDM9TkLJI4WvEfbqgJ:/hdmCJq1glWlOEDvEo2k/2w/mo
Score5/10-
Drops file in System32 directory
-
-
-
Target
The-MALWARE-Repo-master/Email-Worm/MsWorld.exe
-
Size
128KB
-
MD5
7bd8a009b84b35868613332fe14267ab
-
SHA1
d36d4753aab27c6c5e253b9926406f7f97dc69a6
-
SHA256
56511f0b28f28c23b5a1a3c7d524ee25a4c6df9ac2b53797c95199534f86bbd2
-
SHA512
ad8e121f601f6698d720181d486da828781f729ca7880fb35c6fc70f021197e4a508dc46d980108a168ef2c6c89a62f3140e676ff71a1e40ea3e397ad0c63261
-
SSDEEP
3072:6wzn3BP7bo4a8uqwE6WPSUQvdIeaiQFc/sz4Px8vy+sL:R3BPP9G4Qvd/aKk4p8q+s
Score3/10 -
-
-
Target
The-MALWARE-Repo-master/Email-Worm/MyDoom.A.exe
-
Size
22KB
-
MD5
53df39092394741514bc050f3d6a06a9
-
SHA1
f91a4d7ac276b8e8b7ae41c22587c89a39ddcea5
-
SHA256
fff0ccf5feaf5d46b295f770ad398b6d572909b00e2b8bcd1b1c286c70cd9151
-
SHA512
9792017109cf6ffc783e67be2a4361aa2c0792a359718434fec53e83feed6a9a2f0f331e9951f798e7fb89421fdc1ac0e083527c3d3b6dd71b7fdd90836023a0
-
SSDEEP
384:96ZQHXcE7hUHwT56cC9Kg65JdwGADkHw/Rjxtuu7VIGGwQWEqpD6:CavuHAUcW/ojwG6kHw/lxqbW
Score10/10-
Detects MyDoom family
-
MyDoom
MyDoom is a Worm that is written in C++.
-
Mydoom family
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
The-MALWARE-Repo-master/Email-Worm/MyPics.a.exe
-
Size
33KB
-
MD5
94ec47428dabb492af96756e7c95c644
-
SHA1
189630f835f93aaa4c4a3a31145762fcbbb69a32
-
SHA256
0ae040287546a70f8a2d5fc2da45a83e253da044bf10246ae77830af971b3359
-
SHA512
deff74df45328126ac4b501fc6a51835eeb21efa4ae6623328797d41caef6a247b47fc1c245fc8f1d434c0eea3b7c2801b65ed4957e91a50e7b73522502e0454
-
SSDEEP
384:Plt6WxQoI+LY61PZz4oKDP9KDviKD+phWD3bUTNRTDKUt73ncu7yMKrv6RtBL9SB:PxQJ631PuTpRTDLt73ncu7yvcTsE
Score3/10 -
-
-
Target
The-MALWARE-Repo-master/Email-Worm/NakedWife.exe
-
Size
72KB
-
MD5
da9dba70de70dc43d6535f2975cec68d
-
SHA1
f8deb4673dff2a825932d24451cc0a385328b7a4
-
SHA256
29ceeb3d763d307a0dd7068fa1b2009f2b0d85ca6d2aa5867b12c595ba96762a
-
SHA512
48bbacb953f0ffbe498767593599285ea27205a21f6ec810437952b0e8d4007a71693d34c8fc803950a5454738bea3b0bafa9ff08cd752bf57e14fedf4efb518
-
SSDEEP
768:/hsHJQIk8ML0sp0pvjew3TTlYh9SnxRL:/hsHk8su5jew33L
Score3/10 -
-
-
Target
The-MALWARE-Repo-master/Email-Worm/Nyxem.E.exe
-
Size
128KB
-
MD5
a0bdce2f937ffbb7ba548845b24749c0
-
SHA1
b79bbd469ae9cf3bb89adb354cd0a31ce8aceebc
-
SHA256
62f8364c46300bce2e75c4cc65039de3f060b854764dd90f0fa656efaf31bea9
-
SHA512
fd36fca722a6ff0b280f212232d92810f41e55d3832ddb14aa9eaeb269da8842ccb57709695860e502a0dc6529fcc63fdfd72de792b795b0d5f267deb45e3ea2
-
SSDEEP
1536:GTtdf/2cPTntySIv4qwBg4U4u2qUjcRMiEVwAZsznpQ2m2:artbt3Ii44fqUoRMiElinpZm2
Score5/10-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
The-MALWARE-Repo-master/Email-Worm/Pikachu.exe
-
Size
32KB
-
MD5
715614e09261b39dfa439fa1326c0cec
-
SHA1
52d118a34da7f5037cde04c31ff491eb25933b18
-
SHA256
e1dfc005d5403fb2f356276f0abe19df68249ce10e5035450926d56c2f8d3652
-
SHA512
fe905c388b0711f54941076a29b11f2b605655b4a3f409d9f0f077f2fe91f241401035310daa490afb6df50a6deff5456be5ee86984e7b9069506efa07af51ae
-
SSDEEP
384:JuttXvHydgJdONTjJJbIR1ozOtEZcrkTuztHTYhEWS6uyd:JaXfy2dmjJJcAaDkTEdjR6uy
Score3/10 -
-
-
Target
The-MALWARE-Repo-master/Email-Worm/Prolin.exe
-
Size
36KB
-
MD5
65eeb8a0fce412d7f236f8348357d1c0
-
SHA1
c31af321819481bcc15b2121f3b5c04481eaf525
-
SHA256
db0c7e3029fb2a048e7a3e74c9cbf3e8bcec06288b5eafac5aae678d8663bffc
-
SHA512
fad1b721a6420984e13d2278b1d6b5bd70442ab3517553682880a9a8d90f9d47000ad6069cb68d3218d01bc23f771936bcce2529b646501984b954ae9e9ce573
-
SSDEEP
768:/TiDhjVPgoa8G1RW7v4cweXAvgbAfMvAvcR885GhD:/Tit5IZwz4JeXBbdvlyh
Score4/10 -
-
-
Target
The-MALWARE-Repo-master/Email-Worm/Quamo.exe
-
Size
56KB
-
MD5
a1f722324492fda51077449ec2db2827
-
SHA1
e4d8d27d77f8c2f5282a899a48184c40939c1665
-
SHA256
fc2ced1d89845dcfae55b6e854cd0e622fdf98baeeb4a67a60852ecd1212f93b
-
SHA512
6c30ce6a2055300990a951ab487039d92985271a06123d81864495bebc88fb6790be81397f729be4dfb2667d5bad506f51ce93426e4f9369f93fe5c832d8c9e9
-
SSDEEP
1536:/eC4p0nWLutsr+dTIpqUWtlBNhcx5s7VVDo:WTpcWSZp3IGBVM
Score6/10-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1