Overview
overview
10Static
static
5000.exe
windows10-ltsc 2021-x64
Alerta.exe
windows10-ltsc 2021-x64
3Ana.exe
windows10-ltsc 2021-x64
ArcticBomb.exe
windows10-ltsc 2021-x64
5Bezilom.exe
windows10-ltsc 2021-x64
6BossDaMajor.exe
windows10-ltsc 2021-x64
ColorBug.exe
windows10-ltsc 2021-x64
6DesktopPuzzle.exe
windows10-ltsc 2021-x64
3FlashKiller.exe
windows10-ltsc 2021-x64
3Floxif.exe
windows10-ltsc 2021-x64
10FreeYoutub...er.exe
windows10-ltsc 2021-x64
7Gas.exe
windows10-ltsc 2021-x64
3HMBlocker.exe
windows10-ltsc 2021-x64
HorrorBob2.exe
windows10-ltsc 2021-x64
HorrorTrojan6.exe
windows10-ltsc 2021-x64
5IconDance.exe
windows10-ltsc 2021-x64
3Illerka.C.exe
windows10-ltsc 2021-x64
10LoveYou.exe
windows10-ltsc 2021-x64
3MistInfect...st.exe
windows10-ltsc 2021-x64
8MistInstaller.exe
windows10-ltsc 2021-x64
8MrsMajor3.0.exe
windows10-ltsc 2021-x64
10Nivdort.exe
windows10-ltsc 2021-x64
7Nostart.exe
windows10-ltsc 2021-x64
3PCToaster.exe
windows10-ltsc 2021-x64
PankozaDes....0.exe
windows10-ltsc 2021-x64
7PowerPoint.exe
windows10-ltsc 2021-x64
ROTANOTEDK...ve.exe
windows10-ltsc 2021-x64
8Sevgi.a.exe
windows10-ltsc 2021-x64
6Spark.exe
windows10-ltsc 2021-x64
SuperDeath2.exe
windows10-ltsc 2021-x64
5TaskILL.exe
windows10-ltsc 2021-x64
1VeryFun.exe
windows10-ltsc 2021-x64
6General
-
Target
Malware-Database.7z
-
Size
92.7MB
-
Sample
250110-xlpwfasngx
-
MD5
775a2ebd94c6a16e537104a81a1d25dd
-
SHA1
25c79d85b9b67f4eb9b77fc958f8e17938869de8
-
SHA256
92d84101f2334eacdaef3eb63b3770f3a20a8b1318a881138d6561e5d350207c
-
SHA512
ad1f2c6a71006cdb98038d1c1eba2d18bc6b29f97a966b5783950b850c34178e2ebdc69c13df6cd2e24d446066afd936d56c3af7ece42896441a4e0acee91f85
-
SSDEEP
1572864:hx+uwuNsTwOoHFXGFEjyjLWpHU1eUtxyoH4EQGIXlTQlE4RGcNWGyW0q:vvuFEjrpUf1H6rkE4pyW0q
Behavioral task
behavioral1
Sample
000.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral2
Sample
Alerta.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral3
Sample
Ana.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral4
Sample
ArcticBomb.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral5
Sample
Bezilom.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral6
Sample
BossDaMajor.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral7
Sample
ColorBug.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral8
Sample
DesktopPuzzle.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral9
Sample
FlashKiller.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral10
Sample
Floxif.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral11
Sample
FreeYoutubeDownloader.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral12
Sample
Gas.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral13
Sample
HMBlocker.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral14
Sample
HorrorBob2.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral15
Sample
HorrorTrojan6.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral16
Sample
IconDance.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral17
Sample
Illerka.C.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral18
Sample
LoveYou.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral19
Sample
MistInfected_newest.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral20
Sample
MistInstaller.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral21
Sample
MrsMajor3.0.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral22
Sample
Nivdort.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral23
Sample
Nostart.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral24
Sample
PCToaster.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral25
Sample
PankozaDestructive 2.0.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral26
Sample
PowerPoint.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral27
Sample
ROTANOTEDKSID-Destructive.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral28
Sample
Sevgi.a.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral29
Sample
Spark.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral30
Sample
SuperDeath2.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral31
Sample
TaskILL.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral32
Sample
VeryFun.exe
Resource
win10ltsc2021-20241023-en
Malware Config
Targets
-
-
Target
000.exe
-
Size
6.7MB
-
MD5
f2b7074e1543720a9a98fda660e02688
-
SHA1
1029492c1a12789d8af78d54adcb921e24b9e5ca
-
SHA256
4ea1f2ecf7eb12896f2cbf8683dae8546d2b8dc43cf7710d68ce99e127c0a966
-
SHA512
73f9548633bc38bab64b1dd5a01401ef7f5b139163bdf291cc475dbd2613510c4c5e4d7702ecdfa74b49f3c9eaed37ed23b9d8f0064c66123eb0769c8671c6ff
-
SSDEEP
3072:eaLA1++iCeFj0im6X/AXpT8vVMCcHVcdhghUuz1o9Y:fLJlC6j0CX4XmvWHVcd62uO9
Score8/10-
Disables Task Manager via registry modification
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
Sets desktop wallpaper using registry
-
-
-
Target
Alerta.exe
-
Size
111KB
-
MD5
e8ed8aaf35e6059ba28504c19ff50bab
-
SHA1
01412235baf64c5b928252639369eea4e2ba5192
-
SHA256
2d2a22db20a44474afbd7b0e6488690bad584dcae9789a5db776cc1a00b98728
-
SHA512
d007c96b2fad26763d27be8447ca65e0ab890deb6388b90cf83c0b3431e09b225f7424098927b54f15fe34eae953b61b45371b0df4b2d89c60be9c006ffe9034
-
SSDEEP
3072:AuDWghj8FVadgTtzB4QMW+ybdBl7Du1T:bDWqY2qTtCQfb3l+1
Score3/10 -
-
-
Target
Ana.exe
-
Size
2.1MB
-
MD5
f571faca510bffe809c76c1828d44523
-
SHA1
7a3ca1660f0a513316b8cd5496ac7dbe82f0e0c2
-
SHA256
117d7af0deb40b3fe532bb6cbe374884fa55ed7cfe053fe698720cdccb5a59cb
-
SHA512
a08bca2fb1387cc70b737520d566c7117aa3fdb9a52f5dbb0bb7be44630da7977882d8c808cbee843c8a180777b4ac5819e8bafda6b2c883e380dc7fb5358a51
-
SSDEEP
49152:OwVYlfBUDiZx8Fa/Q0NuB3btlnCItWNSwoy:OxPUDQmso0NuBZlnCItM
-
Adds policy Run key to start application
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
-
-
Target
ArcticBomb.exe
-
Size
125KB
-
MD5
ea534626d73f9eb0e134de9885054892
-
SHA1
ab03e674b407aecf29c907b39717dec004843b13
-
SHA256
322eb96fc33119d8ed21b45f1cd57670f74fb42fd8888275ca4879dce1c1511c
-
SHA512
c8cda90323fd94387a566641ec48cb086540a400726032f3261151afe8a981730688a4dcd0983d9585355e22833a035ef627dbd1f643c4399f9ddce118a3a851
-
SSDEEP
3072:2f9+exxxz0fAcQ8nJHG5VZYYycEIojDknqhclLD:4u68Mdbw0plL
-
-
-
Target
Bezilom.exe
-
Size
28KB
-
MD5
8e9d7feb3b955e6def8365fd83007080
-
SHA1
df7522e270506b1a2c874700a9beeb9d3d233e23
-
SHA256
94d2b1da2c4ce7db94ee9603bc2f81386032687e7c664aff6460ba0f5dac0022
-
SHA512
4157a5628dc7f47489be2c30dbf2b14458a813eb66e942bba881615c101df25001c09afb9a54f88831fa4c1858f42d897f8f55fbf6b4c1a82d2509bd52ba1536
-
SSDEEP
384:1gc4XlUUWiY1SN6oHN64iKZz+ZBEKTzEv819YSHOuSsAR/+eR4517wNwEb:1nREWEFsI+wAJw2E
Score6/10-
Adds Run key to start application
-
-
-
Target
BossDaMajor.exe
-
Size
1.9MB
-
MD5
38ff71c1dee2a9add67f1edb1a30ff8c
-
SHA1
10f0defd98d4e5096fbeb321b28d6559e44d66db
-
SHA256
730a41a7656f606a22e9f0d68782612d6e00ab8cfe1260160b9e0b00bc2e442a
-
SHA512
8347782951f2647fe433482cb13186653afa32ee9f5be83a138c4ed47ff34d8de66a26e74b5a28ea21c1529b2078401922a9a26803772677b70489967c10f3e9
-
SSDEEP
49152:veG3J7FtM9SbJakTiTBMGSARaspyyx979PSxgKFdGlYU:2GZxSoJrTiTBMGtRa8t7EFddU
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies system executable filetype association
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
ColorBug.exe
-
Size
53KB
-
MD5
6536b10e5a713803d034c607d2de19e3
-
SHA1
a6000c05f565a36d2250bdab2ce78f505ca624b7
-
SHA256
775ba68597507cf3c24663f5016d257446abeb66627f20f8f832c0860cad84de
-
SHA512
61727cf0b150aad6965b4f118f33fd43600fb23dde5f0a3e780cc9998dfcc038b7542bfae9043ce28fb08d613c2a91ff9166f28a2a449d0e3253adc2cb110018
-
SSDEEP
1536:ynqAKryDLrASOcRw52sjzIUK7RkYrJ2lrKX:SNdMT8Z8cX
Score6/10-
Adds Run key to start application
-
-
-
Target
DesktopPuzzle.exe
-
Size
239KB
-
MD5
2f8f6e90ca211d7ef5f6cf3c995a40e7
-
SHA1
f8940f280c81273b11a20d4bfb43715155f6e122
-
SHA256
1f5a26f24a2bfdd301008f0cc51a6c3762f41b926f974c814f1ecaa4cb28e5e6
-
SHA512
2b38475550edee5519e33bd18fea510ad73345a27c20f6457710498d34e3d0cf05b0f96f32d018e7dc154a6f2232ea7e3145fd0ed5fb498f9e4702a4be1bb9c8
-
SSDEEP
3072:r/3qftCdbSFtY8Zf8pOk0rHitNWIekbnfFPsr24Cv/Eng9m3ihlCeKH6Fb6aX3WA:WoI/rC0k7ar68nimCYHe3qZr0SlC
Score3/10 -
-
-
Target
FlashKiller.exe
-
Size
4KB
-
MD5
331973644859575a72f7b08ba0447f2a
-
SHA1
869a4f0c48ed46b8fe107c0368d5206bc8b2efb5
-
SHA256
353df4f186c06a626373b0978d15ec6357510fd0d4ac54b63217b37142ab52d3
-
SHA512
402662eb4d47af234b3e5fbba10c6d77bdfdb9ff8ecfdd9d204f0264b64ea97fc3b5c54469f537173a26c72b3733550854749649d649bc0153c8fe3faacc50a1
Score3/10 -
-
-
Target
Floxif.exe
-
Size
532KB
-
MD5
00add4a97311b2b8b6264674335caab6
-
SHA1
3688de985909cc9f9fa6e0a4f2e43d986fe6d0ec
-
SHA256
812af0ec9e1dfd8f48b47fd148bafe6eecb42d0a304bc0e4539750dd23820a7f
-
SHA512
aaf5dae929e6b5809b77b6a79ab833e548b66fb628afeb20b554d678947494a6804cb3d59bf6bbcb2b14cede1a0609aa41f8e7fe8a7999d578e8b7af7144cb70
-
SSDEEP
12288:l86GkvJFajbhjTpHjq0dfpT1Oc02XEfGdnGwVUNUnEnAE3F:l8lT9PdpwO0fkGwVUSnEnAoF
-
Floxif family
-
Detects Floxif payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
-
-
Target
FreeYoutubeDownloader.exe
-
Size
396KB
-
MD5
13f4b868603cf0dd6c32702d1bd858c9
-
SHA1
a595ab75e134f5616679be5f11deefdfaae1de15
-
SHA256
cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7
-
SHA512
e0d7a81c9cdd15a4ef7c8a9492fffb2c520b28cebc54a139e1bffa5c523cf17dfb9ffe57188cf8843d74479df402306f4f0ce9fc09d87c7cca92aea287e5ff24
-
SSDEEP
12288:jANwRo+mv8QD4+0V16nkFkkk2kyW9EArjaccoH0qzh4:jAT8QE+kHW9EAr+fr4i
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
Gas.exe
-
Size
18KB
-
MD5
e7af185503236e623705368a443a17d9
-
SHA1
863084d6e7f3ed1ba6cc43f0746445b9ad218474
-
SHA256
da3f40b66cc657ea33dbf547eb05d8d4fb5fb5cf753689d0222039a3292c937a
-
SHA512
8db51d9029dfb0a1a112899ca1f1dacfd37ae9dec4d07594900c5725bc0f60212ab69395f560b30b20f6e1dffba84d585ef5ae2b43f77c3d5373fe481a8b8fc3
-
SSDEEP
192:KtRj6/XFyk9YPdXTH08W8c3LXLtYmEBI9qHVDEV:WV6fFy2Ylz0TiBIw1Dc
Score3/10 -
-
-
Target
HMBlocker.exe
-
Size
48KB
-
MD5
21943d72b0f4c2b42f242ac2d3de784c
-
SHA1
c887b9d92c026a69217ca550568909609eec1c39
-
SHA256
2d047b0a46be4da59d375f71cfbd578ce1fbf77955d0bb149f6be5b9e4552180
-
SHA512
04c9fa8358944d01b5fd0b6d5da2669df4c54fe79c58e7987c16bea56c114394173b6e8a6ac54cd4acd081fcbc66103ea6514c616363ba8d212db13b301034d8
-
SSDEEP
768:xE09MOEzWGoOIx2qCZVZmj+Wg5VK2LDakrDZ5yS/wwHA49kszNAY1XKoJc4P1:t7w73bUNMMkrDry+6Ut
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
-
-
Target
HorrorBob2.exe
-
Size
11.9MB
-
MD5
9331b20120075b2685d3888c196f2e34
-
SHA1
1af7d3dc4576ef8aaa06fa3199cf422b7657950b
-
SHA256
98a804d373c7e0e4f80155df20358436e066ecf31c522c31df2ba46923ac68c2
-
SHA512
83636067d46b1362a6e0e5af56222d170d337fa7b0c4048b8f04c9df0ca35c3634a7254e6226886b00f9894e4353d6ac6b2e4e760bab320058cebe37c7c0cd7b
-
SSDEEP
196608:zHvwfYWqhZPHE5D7cdPNPi17S+IRTX7UYVlj0EcLnKXanF6eeBUsjD2ABShiFiJt:vZ8R7c5527SpRTXQYVlYEGnKKF6eeWgO
Score10/10-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-
-
-
Target
HorrorTrojan6.exe
-
Size
6.2MB
-
MD5
abb3a2f1580a738c96716509a0d9121d
-
SHA1
9843ed4836e3d08de2a7f73a9adf382dcbddea34
-
SHA256
32d2d9331da7f7745e9031538997cc1129b28af533dcb3ddcc81230f48b89226
-
SHA512
01eaec3d0e42408bd3b2331d5e73e0603b728ae513b401075cbb9d948a0870d9a4572cd3b454f6586c4727843b61070699c9f750a5aec3fe2c2e98b5e7d500ac
-
SSDEEP
98304:jaGNjTo0gBLMFwdvZE+j7AtaSQS+JBciIUDCyCMdKo1zuvpWMz7ZyvD39HaFdQ:jrnOLW+j8LQPLD16oGsvxHCdQ
-
-
-
Target
IconDance.exe
-
Size
301KB
-
MD5
7ad8c84dea7bd1e9cbb888734db28961
-
SHA1
58e047c7abecdd31d4e3c937b0ee89c98ab06c6a
-
SHA256
a4b6e53453d1874a6f78f0d7aa14dfafba778062f4b85b42b4c1001e1fc17095
-
SHA512
d34b087f7c6dd224e9bfe7a24364f878fc55c5368ce7395349ca063a7fd9ac555baed8431bfa13c331d7e58108b34e0f9d84482ce2e133f623dd086f14345adb
-
SSDEEP
6144:+gYw2itwtdpXQ9g64B8Ly7Cs1ApMTP8hyLrlre1:8w2itSyV4B9aMQYI
Score3/10 -
-
-
Target
Illerka.C.exe
-
Size
378KB
-
MD5
c718a1cbf0e13674714c66694be02421
-
SHA1
001d5370d3a7ee48db6caaecb1c213b5dfdf8e65
-
SHA256
cde188d6c4d6e64d6abfdea1e113314f9cdf9417bca36eb7201e6b766e5f5a7f
-
SHA512
ba0ddff47b618740dfcb63024435c36d895889dd3cf6b4559969283ba8100e8063f5c7767e56dfab67a2b5c96e4ae22e141e5b09e81be5cec9aa7ca7827b4b8a
-
SSDEEP
1536:IM64RFcdoYicOWtlo4yJDsE4KmtZxq3/1d+DSaumOY6eeLnAGTpZspibfaSuOypE:IMJkoY9lpoaKm2vacPESu/wK3+
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
-
-
Target
LoveYou.exe
-
Size
22KB
-
MD5
31420227141ade98a5a5228bf8e6a97d
-
SHA1
19329845635ebbc5c4026e111650d3ef42ab05ac
-
SHA256
1edc8771e2a1a70023fc9ddeb5a6bc950380224b75e8306eb70da8eb80cb5b71
-
SHA512
cbb18a6667b377eb68395cfd8df52b7d93c4554c3b5ab32c70e73b86e3dedb7949122fe8eea9530cd53944b45a1b699380bf1e9e5254af04d8409c594a52c0e7
-
SSDEEP
384:o4LBivz/4RHCxN3IBUDzfGWCw2cKgDwg7dEsL9s+cLUoHl:o4LBu74Ro9ImnfGWJ2cKgsgZDW+cLUe
Score3/10 -
-
-
Target
MistInfected_newest.exe
-
Size
22KB
-
MD5
1e527b9018e98351782da198e9b030dc
-
SHA1
647122775c704548a460d6d4a2e2ff0f2390a506
-
SHA256
5f7471c215b433f1b28dd4b328b99362099b6df7cb9e5c1d86a756388e0c7aeb
-
SHA512
4a11c811f30016218075d43a9f983fa7a484a06f22d625b1bd2d92b4cfabbfb142945ca0a9ca1cf91391a3e73c154f6121140d2f1d42aa35ad7f10817534a21b
-
SSDEEP
384:qosO55gUoO4D+DFBCd6GyhETw62O0OnYPL3p+:XsOkUoO4Dsbc22
Score8/10-
Drops file in Drivers directory
-
-
-
Target
MistInstaller.exe
-
Size
83KB
-
MD5
8813125a606768fdf8df506029daa16f
-
SHA1
48e825f14522bd4d149ef8b426af81eec0287947
-
SHA256
323060680fed9a3205e3e36d2b62b7b5b6c6e6245e4555dcc733cf6ef390f41c
-
SHA512
9486a027029a27cbf0424760625c08d73aa62e28e45081751c5bada7c07ca05b4e44239da7774cf4f76298fb6b71769ae62595ae439b470c8308d39e1b2289d8
-
SSDEEP
1536:IyD2eyujEyC5YYafh1Mc8/gsWjcdjl9btC:I+2eytf3B9bQ
Score8/10-
Drops file in Drivers directory
-
-
-
Target
MrsMajor3.0.exe
-
Size
381KB
-
MD5
35a27d088cd5be278629fae37d464182
-
SHA1
d5a291fadead1f2a0cf35082012fe6f4bf22a3ab
-
SHA256
4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69
-
SHA512
eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5
-
SSDEEP
6144:Th3idhONY259BH1DzJ5PzVNtGgc+F9TBd096cTKAsLEbqqbd+VWM8AHiKn9SlXNA:Th3iXPw9Tc6kVXMHHLEf8l7
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
-
-
Target
Nivdort.exe
-
Size
871KB
-
MD5
ed2cd14a28ff2d00a5cefcf6a074af8d
-
SHA1
5b3e04f8208d3de912413efce27372255d6b3fe9
-
SHA256
eea059174127860154f4dce1a7d8995a9a5056febf73819d63ddadb522ed6c8f
-
SHA512
e07a16daf102fd45ced2ba03dfb0e135e3129d143e2fd53d392158a90546a75e32b872710dccd160ee8f143e38f8ff74f2694e292cb530e70863abac51a4bf9a
-
SSDEEP
24576:3BgjXGPO1tWpi+2NfonQgvb6VBg3JJgn/+:Wj2stWpMoQqbWG5Gn/
-
A potential corporate email address has been identified in the URL: [email protected]
-
Executes dropped EXE
-
-
-
Target
Nostart.exe
-
Size
233KB
-
MD5
20fa439e1f64c8234d21c4bc102d25f8
-
SHA1
ba6fc1d9ba968c8328a567db74ef03eee9da97d8
-
SHA256
2f10f1384f3513f573a88e1771c740a973a5a304387e23aa4bf310794532fa8e
-
SHA512
19e9d62a852293ffa99a412ba8fa5dd0336a7753af4975e06cd53c02ee6f0058485160f8f8a64a8bca19d88eb426a4a2785885c02a494f33f2b6e383204a7f39
-
SSDEEP
3072:iwHcAxExO4fY0Jg8KXXSRZCavlSEEH9FZYlChQRp2Fgw/y2VRSjfoP4iylvAP9ly:xd8kAZCa9YHu8hQRCz/xJSloP9l
Score3/10 -
-
-
Target
PCToaster.exe
-
Size
411KB
-
MD5
04251a49a240dbf60975ac262fc6aeb7
-
SHA1
e211ca63af2ab85ffab1e5fbbdf28a4ef8f77de0
-
SHA256
85a58aa96dccd94316a34608ba996656a22c8158d5156b6e454d9d69e6ff38c3
-
SHA512
3422a231e1dadb68d3567a99d46791392ecf5883fd3bbc2cae19a595364dac46e4b2712db70b61b488937d906413d39411554034ffd3058389700a93c17568d2
-
SSDEEP
3072:quJFS5Aqu+WwjxeI/0gVnfKl0FA+aPobO24yNz88iu8vDYHTlI5EJD5Hbibfd6PK:/JM0mCsWq1/qpz+nF5c
Score7/10-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
PankozaDestructive 2.0.exe
-
Size
734KB
-
MD5
b172b2bcebd8e4797ceaf0503c5840ae
-
SHA1
ecaec7910a01b4a142741a0ff0d49c0a47acdfd1
-
SHA256
86b279800d7aa3025b59391f4f8bab2039c41258d0daf3d85365b0c3ddf05065
-
SHA512
f1e2a996be71155e1a101ad5e28c826ef61baaa4d5bb5a003b7038531e647d02438a4b82f67ab26d96c0b6af412b7e0b45b2568a8325beb1b90b81fb4266947a
-
SSDEEP
12288:/gyq+/b1bnZBkd87AzpF69TFDgfQzs9K2+9gF9DkWE0ozoS9nNcTgUKad0/zbTPQ:oyLdZBTszpWFDgYEcgFGrHnNcTgUKad7
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Modifies system executable filetype association
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
PowerPoint.exe
-
Size
136KB
-
MD5
70108103a53123201ceb2e921fcfe83c
-
SHA1
c71799a6a6d09ee758b04cdf90a4ab76fbd2a7e3
-
SHA256
9c3f8df80193c085912c9950c58051ae77c321975784cc069ceacd4f57d5861d
-
SHA512
996701c65eee7f781c2d22dce63f4a95900f36b97a99dcf833045bce239a08b3c2f6326b3a808431cdab92d59161dd80763e44126578e160d79b7095175d276b
-
SSDEEP
1536:3VrdxBvcGdDHHtWv8udA1JYREgJ/qEOpsChnU4V1lyqHv4vAmOG9HSDKRppppp5B:1H5D0dSgo7ppTV1lyqPOAmOG9HSOD
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
ROTANOTEDKSID-Destructive.exe
-
Size
17.9MB
-
MD5
8b93e46a7e9e681b2124ffe7647bbba1
-
SHA1
dee59152e78de697f1d23b350cd0f1e14b648960
-
SHA256
c9b88b16d87992287ef72834bae3ac45db9eba4e32dcc8db4756bf6349d97a25
-
SHA512
47618d6f367b99a0b9688dd2bdfba9e2999195c556dc8c4defb4284998093d737b586911de280dfaf51fe76ca628fc6d47096dd4077ce2224c4df3272439e138
-
SSDEEP
393216:3bAOuHdROJY4gVM5RdxEK1iLXXEhkrzu2WXJcC8d9SkdOt:3sOg0Y4qM5RXEKWNjWKCc/o
Score8/10-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
Sevgi.a.exe
-
Size
203KB
-
MD5
b28505a8050446af4638319060e006e9
-
SHA1
d3ddca0f06af4df29a9f9fadb6bad8504add5525
-
SHA256
750e37d1fdd64e9ea015272a0db6720ac9a8d803dc0caad29d0653756a8e5b17
-
SHA512
889dc35054f5adc5b5445fc90dae5e19fe95ee04432f5230994124b73f9a1fc4bb050aac789f4934c84ed42d8c063b8219563e33a48b92f10294b7d8e426b9f9
-
SSDEEP
3072:M7PDcEPPhtIlT5ri9bOqStDvzvSheG3ivbV0EIU9j4szgGGl/2tdnpm7no3:qPDcEPZSTrsyLzSovp0PGUGkQnY7o3
Score6/10-
Adds Run key to start application
-
-
-
Target
Spark.exe
-
Size
495KB
-
MD5
181ee63003e5c3ec8c378030286ed7a2
-
SHA1
6707f3a0906ab6d201edc5b6389f9e66e345f174
-
SHA256
55bfcb784904477ef62ef7e4994dee42f03d69bfec3591989513cccbba3fc8fe
-
SHA512
e9820f60b496d6631e054204c6fc5b525527d40a578faac1d5cdb116abcb4a35aacf4f4354ff092a2b455c5d9c2e0f29a761d737d9c9ad3d59d70b51d0583d92
-
SSDEEP
12288:ehny10sOqEl5yD4UmxYV1g1bT2kdSOSGL84Umxb:exZ5vYORMOJ/b
Score9/10-
Modifies boot configuration data using bcdedit
-
Enables test signing to bypass driver trust controls
Allows any signed driver to load without validation against a trusted certificate authority.
-
Loads dropped DLL
-
-
-
Target
SuperDeath2.exe
-
Size
7.3MB
-
MD5
391942faa157675018a6d26b6c631011
-
SHA1
5dd90332e1e1d632fd6e63f9aa2024e667aa5cd5
-
SHA256
9c027063879df3d477e9092a187c306c7d20eba956cf7517423d8eb2ad5960f2
-
SHA512
debba49b7fbab85f099e5ff10bd2c75105166f20eb63b058d580e9043f33f272f80096bbce181f71d2476b1fd8059d386c28435a032bfca7210d2cf36f007e4e
-
SSDEEP
196608:GJXjwzfuuvf08BjSDLpiWA/HTIKUI7RVt:KwzfuqBuDLpiWAfbR
-
-
-
Target
TaskILL.exe
-
Size
31KB
-
MD5
c261c6e3332d0d515c910bbf3b93aab3
-
SHA1
ff730b6b2726240df4b2f0db96c424c464c65c17
-
SHA256
4663715548c70eec7e9cbf272171493d47a75d2652e38cca870412ea9e749fe9
-
SHA512
a93bd7b1d809493917e0999d4030cb53ab7789c65f6b87e1bbac27bd8b3ad2aeb92dec0a69369c04541f5572a78f04d8dfba900624cf5bd82d7558f24d0a8e26
-
SSDEEP
768:Tyc7/ovNV004AjWU3GQelVUlidf+prtbjzjy1QVIibtYcFOKc6K:Tyc2z0ajWTQelzdGDbjzKQVIi7OKcl
Score1/10 -
-
-
Target
VeryFun.exe
-
Size
3.0MB
-
MD5
ef7b3c31bc127e64627edd8b89b2ae54
-
SHA1
310d606ec2f130013cc9d2f38a9cc13a2a34794a
-
SHA256
8b04fda4bee1806587657da6c6147d3e949aa7d11be1eefb8cd6ef0dba76d387
-
SHA512
a11eadf40024faeb2cc111b8feee1b855701b3b3f3c828d2da0ae93880897c70c15a0ee3aeb91874e5829b1100e0abafec020e0bf1e82f2b8235e9cc3d289be5
-
SSDEEP
49152:wshda+bFz6dmTTfO0JBhybeUXzELz/RkxI6Zxkxur4E5IReTD5GKHmDVJPY8:Js/4ibecELz/RkO6LF4hRq5GKHmBBY
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Event Triggered Execution
3Change Default File Association
1Component Object Model Hijacking
1Netsh Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Access Token Manipulation
1Create Process with Token
1Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Event Triggered Execution
3Change Default File Association
1Component Object Model Hijacking
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Access Token Manipulation
1Create Process with Token
1File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
1File Deletion
1Modify Registry
10Pre-OS Boot
1Bootkit
1Subvert Trust Controls
2Code Signing Policy Modification
1Install Root Certificate
1