Extracted

Extracted

Extracted

• • Target

    Malware-1-master/2530.exe

  • Size

    1.2MB

  • MD5

    568d17d6da77a46e35c8094a7c414375

  • SHA1

    500fa749471dad4ae40da6aa33fd6b2a53bcf200

  • SHA256

    0da56126ffb57acb5bb1a3ffa1c4c0c2605d257988b2d2964344b8f23173f615

  • SHA512

    7beb044f8bd366350b267c0fedc8466d2c5fd80b0f791f5697ce4577edced36b668401fd48df90b6c4ced05247d990c5e739e7232a2dcfc059dcc0c6a79d9427

  • SSDEEP

    12288:D+FwW6Se3oB/8WjH2fIGOVoDJLvfOqsUFY:D+qJSgZwEIGOVUJLnOqs+Y

  Score

  10^/10

  emotetbankerdiscoverytrojan

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet

  • Emotet family

    emotet

  • Drops file in System32 directory

  behavioral1behavioral2

• • Target

    Malware-1-master/2887140.exe

  • Size

    144KB

  • MD5

    fead887648bddd70a05cf7a7090411dd

  • SHA1

    250c0de3dc100d265ae495f045a2c47dad3520e9

  • SHA256

    dfaf75da62d0561d171217fe893bd818a72ebfccd9d7e7f4c046f5b3ca44794e

  • SHA512

    e1f15de084a78bf27a1c62b5d0d31fabd10be13983dca05962c40ea1e8b3f7bb617e92f44a78048d3484d16f5d4b9e42bc8c5a4b02fda0e0f5eb69368149920a

  • SSDEEP

    3072:buY0LMcTrgw6mo4bnGkbUyh/h39iN/Ko8LdKpZbZo:SY0IkImZUyh/h3MOc

  Score

  10^/10

  emotetbankerdiscoverytrojan

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet

  • Emotet family

    emotet

  • Drops file in System32 directory

  behavioral3behavioral4

• • Target

    Malware-1-master/32.exe

  • Size

    1.2MB

  • MD5

    568d17d6da77a46e35c8094a7c414375

  • SHA1

    500fa749471dad4ae40da6aa33fd6b2a53bcf200

  • SHA256

    0da56126ffb57acb5bb1a3ffa1c4c0c2605d257988b2d2964344b8f23173f615

  • SHA512

    7beb044f8bd366350b267c0fedc8466d2c5fd80b0f791f5697ce4577edced36b668401fd48df90b6c4ced05247d990c5e739e7232a2dcfc059dcc0c6a79d9427

  • SSDEEP

    12288:D+FwW6Se3oB/8WjH2fIGOVoDJLvfOqsUFY:D+qJSgZwEIGOVUJLnOqs+Y

  Score

  10^/10

  emotetbankerdiscoverytrojan

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet

  • Emotet family

    emotet

  • Drops file in System32 directory

  behavioral5behavioral6

• • Target

    Malware-1-master/5.exe

  • Size

    312KB

  • MD5

    0b0dc2b2ccd4b46b3381508f7209a582

  • SHA1

    a67a1619f96914e4e50e4f86f656ebb54021879a

  • SHA256

    66ae33003289d8c6c3dc7c45c1b01110b4820281061292ac076b1783700a1f2d

  • SHA512

    0715c2f6e01a923deb8bd5c4c70906942ee46dba6383bbd2edbde53e23a7b5c2ab8063e5f48a973925815f1dec18fe15c362fcf928d4f35d12dcf123f303cc37

  • SSDEEP

    3072:5ODQa/lz20bbn7yXO/7/rCaZXo3ZU+BfhYJMyTPkDDYvU:+Qahr7DZXSpnSs

  Score

  10^/10

  emotetbankerdiscoverytrojan

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet

  • Emotet family

    emotet

  • Drops file in System32 directory

  behavioral7behavioral8

• • Target

    Malware-1-master/96591.exe

  • Size

    1.2MB

  • MD5

    568d17d6da77a46e35c8094a7c414375

  • SHA1

    500fa749471dad4ae40da6aa33fd6b2a53bcf200

  • SHA256

    0da56126ffb57acb5bb1a3ffa1c4c0c2605d257988b2d2964344b8f23173f615

  • SHA512

    7beb044f8bd366350b267c0fedc8466d2c5fd80b0f791f5697ce4577edced36b668401fd48df90b6c4ced05247d990c5e739e7232a2dcfc059dcc0c6a79d9427

  • SSDEEP

    12288:D+FwW6Se3oB/8WjH2fIGOVoDJLvfOqsUFY:D+qJSgZwEIGOVUJLnOqs+Y

  Score

  10^/10

  emotetbankerdiscoverytrojan

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet

  • Emotet family

    emotet

  • Drops file in System32 directory

  behavioral10behavioral9

• • Target

    Malware-1-master/Amadey.exe

  • Size

    49KB

  • MD5

    871294e398217876017702c96d0e7854

  • SHA1

    35a22da1522bf86659576ed59235f8ed7029e79b

  • SHA256

    7fd898dde3a7ed047657e3dc81c3de50ed381857edc53744664332fd98476c54

  • SHA512

    047237e3a615839918fe32662524f2de5455734a01cbb2f66017c636f3d08207b3aead79cdff9a94729550ad7eddc2b5950d5e774fb25fba2d0d69e048ca7fe5

  • SSDEEP

    768:AN4a7os+Bd1CiSJfBFdiGOsSyS5/hhurlzdx:3a2xC5+YSyE/hgpzH

  Score

  7^/10

  defense_evasiondiscovery

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral11behavioral12

• • Target

    Malware-1-master/Download.exe

  • Size

    247KB

  • MD5

    6a97f4f16e7879967a5c02d143d0bd46

  • SHA1

    0898ccf65770813f69bf339462a05a8c6e17be69

  • SHA256

    de2274da8cf00dfc6e6e52db43f82210a1fb7fd30016ebdc81347fb2d1f248fa

  • SHA512

    0bc14103518a2e234f4e3f4ddc46e91a1ed21c2885fd4eb27d3cf8cd088e4fa4fffcc221ddb404f52794c57d6693b2ce080e797bf33f2322490030e0fce0ac27

  • SSDEEP

    3072:ZV3bDzHY2weWeFoyUWfMRBsfpVZynzK4ChhO2IGmXf3Ur3CvZJnodCKJYsUH+Iun:ZBbDzHY0UsfPwUIvOd1

  Score

  3^/10

  discovery
  behavioral13behavioral14

• • Target

    Malware-1-master/Illuminati.exe

  • Size

    1.1MB

  • MD5

    087b2505ac41831c753cf7d1e660c42c

  • SHA1

    dcae226923e062291f48de4d3416d38387815c67

  • SHA256

    f99e4c9a4dd14d402b16e36988b72f3fe7f34b42157f756dbd14b39c70059336

  • SHA512

    10d5f6f7c9f1df66a7afd3dcd2e70288d89bb75a2f6fffa3621b4a4192c40b290eb7c76392b0b282d80925b81d2271c3d1e96a4f406d1f1c0d069a5f6f96c086

  • SSDEEP

    24576:qqvM7STjLT5MSLMDPS2X0xCyj8pk3tgqdtKkkoMJJck:VwMfTvcS2kjPgUGfJ

  Score

  5^/10

  discoveryupx

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral15behavioral16

• • Target

    Malware-1-master/MEMZ-Clean.bat

  • Size

    9KB

  • MD5

    bbae81b88416d8fba76dd3145a831d19

  • SHA1

    42fa0e1b90ad49f66d4ab96c8cca02f81248da8b

  • SHA256

    5c3fde60c178ed0306dd3e396032acdc9bc55c690e27a926923dd18238bbd64c

  • SHA512

    f03ac63bbb504cb53dc896c2bec8666257034b1c4a5827a4ad75c434af05f1cd631a814cc8689e60210e4ca757e61390db8d222f05bf9f3a0fa7026bdf8c4368

  • SSDEEP

    192:XBOTDzoOgdlf7MAdTyQuHq2b1vXei2SLca5icrLJlz3:ss/tDyQuHZddL5Jlz3

  Score

  7^/10

  discoveryexecution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  behavioral17behavioral18

• • Target

    Malware-1-master/MEMZ-Clean.exe

  • Size

    12KB

  • MD5

    9c642c5b111ee85a6bccffc7af896a51

  • SHA1

    eca8571b994fd40e2018f48c214fab6472a98bab

  • SHA256

    4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5

  • SHA512

    23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

  • SSDEEP

    192:BCMfc/GinpRBueYDw4+kEeN4FRrfMFFp3+f2dvGhT59uay:AMfceinpOeRENYhfOj+eGdKa

  Score

  7^/10

  discovery

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  behavioral19behavioral20

• • Target

    Malware-1-master/MEMZ-Destructive.bat

  • Size

    13KB

  • MD5

    4e2a7f369378a76d1df4d8c448f712af

  • SHA1

    1192b4d01254a8704e6d6ae17dc2ec28a7ad5a49

  • SHA256

    5e2cd213ff47b7657abd9167c38ffd8b53c13261fe22adddea92b5a2d9e320ad

  • SHA512

    90e6eedca424e2ee37c78e0c0380db490c049b0378541812734c134510c40c6e4c48c4e213f395339ed99ff337ef087b6056ac5aafb246c1789ca6082dcabd2e

  • SSDEEP

    192:AOyUySl0UaDz2gWsIzlmj+BxZ3yqueWQx0lZicyC8Sh31xcjBzyxwn7AVhllz3:AVODaDSHMql3yqlxy5L1xcjwrlz3

  Score

  7^/10

  bootkitdiscoveryexecutionpersistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  behavioral21behavioral22

• • Target

    Malware-1-master/MEMZ-Destructive.exe

  • Size

    14KB

  • MD5

    19dbec50735b5f2a72d4199c4e184960

  • SHA1

    6fed7732f7cb6f59743795b2ab154a3676f4c822

  • SHA256

    a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

  • SHA512

    aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

  • SSDEEP

    192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj

  Score

  7^/10

  bootkitdiscoverypersistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  behavioral23behavioral24

• • Target

    Malware-1-master/Petya.exe

  • Size

    225KB

  • MD5

    af2379cc4d607a45ac44d62135fb7015

  • SHA1

    39b6d40906c7f7f080e6befa93324dddadcbd9fa

  • SHA256

    26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739

  • SHA512

    69899c47d0b15f92980f79517384e83373242e045ca696c6e8f930ff6454219bf609e0d84c2f91d25dfd5ef3c28c9e099c4a3a918206e957be806a1c2e0d3e99

  • SSDEEP

    6144:DCyjXhd1mialK+qoNr8PxtZE6x5v+k6f:rjXhd8ZlKOrMZE6x5b6f

  Score

  6^/10

  bootkitpersistence

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  behavioral25behavioral26

• • Target

    Malware-1-master/Software.exe

  • Size

    1.6MB

  • MD5

    db056b8fa628b67e11bd626192939d6b

  • SHA1

    248ca50f39de6b6180265d19fb6eedc68bf25afc

  • SHA256

    e7f04e85236f0caafe518bd96369313021969077dba1c4a6d42e694498dab04f

  • SHA512

    bca1856b4bb8342c0f6d5ee19edcb420c70e6b272f087d3f8f73daa00842fa00037840a5eb5655e1445af8d578d304874323b2889f75b27136df9366df596336

  • SSDEEP

    24576:ytb20pkaCqT5TBWgNQ7ayEYyM63uUOyok0ceJZwd/w9mML9eu4MaMUp46A:/Vg5tQ7ayExZO9k0waPLR4Ma25

  Score

  10^/10

  imminentdiscoveryspywaretrojan

  • Imminent RAT

    Remote-access trojan based on Imminent Monitor remote admin software.

    trojanspywareimminent

  • Imminent family

    imminent

  • Drops startup file

  • Suspicious use of SetThreadContext

  behavioral27behavioral28

• • Target

    Malware-1-master/WannaCry.EXE

  • Size

    3.4MB

  • MD5

    84c82835a5d21bbcf75a61706d8ab549

  • SHA1

    5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

  • SHA256

    ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

  • SHA512

    90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

  • SSDEEP

    98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB

  Score

  10^/10

  wannacrydefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealerworm

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Wannacry family

    wannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    defense_evasion

  • Sets desktop wallpaper using registry

    ransomware
  behavioral29behavioral30

• • Target

    Malware-1-master/Win32.EvilClusterFuck.exe

  • Size

    64KB

  • MD5

    2e84f71165225ba0f7f8187c0b2f0f37

  • SHA1

    3c9bf036163ede4b7f9152d04d1a83b7253dd029

  • SHA256

    c9b98408ca67d08e1986d1855c4d99944caad5580533d18496cd8de86dd0885f

  • SHA512

    82c39aaef6103877c8472a55eab6270d57f4d7c46830aedf5fbb5661d7e3fd7aee2e172cdc830cba22cd9034f37784a8cc34f70a5918491bccf148ee923db389

  • SSDEEP

    768:S5ohpPUa2T1VZj4jkVQu7MKquVspXKCxiJrFnMWDmLfe9NZ+OAhaptX/71tXHHi4:tcd1Pl7ZVsw3rFiLfe9NZmAP5ZC6N+

  Score

  3^/10

  discovery
  behavioral31behavioral32