metasploit | 9b4b27c8b2021412fdb2a54214f9348304fad7557ff06b1a12c993a0557e558b

Sharing

Copy URL

Twitter E-mail

General

Target

VirusPack.rar
Size

455.6MB
Sample

250118-zvzs4strhv
MD5

a9be3a00ae892ade8284d678ff004401
SHA1

d63b39b54884ad136d8a4795ef357b81ad767a06
SHA256

9b4b27c8b2021412fdb2a54214f9348304fad7557ff06b1a12c993a0557e558b
SHA512

b45159be634a5e803b83233d43d7451d96117c640c2168b7a654f6dd8d47d78962be69c6dd350cf21a20248619a835d8eefd1fedd72bc3a5eadb3fcebb9d882a
SSDEEP

6291456:YFlMHSXJeFtBaFyEOXZlrpR+84Bs0Zkm/tCatb1i6qIwoeUOmr:mlMHSQtCoXZRpR+8YV5/gatb1yI/r

Score

10^/10

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  VirusPack/Darkness.last.mod (2)/Darkness.last.mod/misc.cpp
- Size
  
  6KB
- MD5
  
  4770444fdc75d9baac93b3bc29bfa51f
- SHA1
  
  9af906123b03965fc14042a5c7fefeef3d52084a
- SHA256
  
  a25f984d8d5b85a271ad4a1ba58fdd50e92f51c37ddde57689cb0a408a6a60bb
- SHA512
  
  cdd7aa7f4ef23b16816d8db728d5b00c1c48f2d930c79d93c523eb04687a2e0a81c7bad53b7bae1b6f1318e2e8e14adb734115ff8dbccbce2e767bb851dc5b5d
- SSDEEP
  
  192:NrpSy1HZYKi6bWmpbdNyeJ41k0k8ltoW1WB2h6ynF:NB5YKi6bWmFPyP1/GW1WB2h6yF
Score

1^/10
behavioral1
- Target
  
  VirusPack/Darkness.last.mod/Darkness.last.mod/Agent_X.plg
- Size
  
  6KB
- MD5
  
  efac5f4b81bd852573c25172c8f064fb
- SHA1
  
  d24ae2a39733ef06431399c768c54cae7232c2d3
- SHA256
  
  e193f03f109b2079b0d3ecc9a05a24b9b4e4c9d9eadc4d7c20c5a623ab463467
- SHA512
  
  30d1c43f6a6bfc1f68f1689242f9e67efeb7ed623ec18c41563d7e4494f4a58c7ff13e9e8ef8da80bafeaf8163a0ff0bbc2f55f16bb385ebdb4583ed3266435c
- SSDEEP
  
  96:sV4FEM6Y2/CNgyCGUF0zL9knkOQVWJdDJkI4JUdPIsizxNpcqHctReL3OHlzTFC1:sV9RGCqqkc7zHu
Score

4^/10

discovery
behavioral2
- Target
  
  VirusPack/Darkness.last.mod/Darkness.last.mod/misc.cpp
- Size
  
  6KB
- MD5
  
  4770444fdc75d9baac93b3bc29bfa51f
- SHA1
  
  9af906123b03965fc14042a5c7fefeef3d52084a
- SHA256
  
  a25f984d8d5b85a271ad4a1ba58fdd50e92f51c37ddde57689cb0a408a6a60bb
- SHA512
  
  cdd7aa7f4ef23b16816d8db728d5b00c1c48f2d930c79d93c523eb04687a2e0a81c7bad53b7bae1b6f1318e2e8e14adb734115ff8dbccbce2e767bb851dc5b5d
- SSDEEP
  
  192:NrpSy1HZYKi6bWmpbdNyeJ41k0k8ltoW1WB2h6ynF:NB5YKi6bWmFPyP1/GW1WB2h6yF
Score

1^/10
behavioral3
- Target
  
  VirusPack/Dbot.v3.1/MD5ChecksumTest.exe
- Size
  
  44KB
- MD5
  
  3a83507faf3e5503ce01c6ba85eea12a
- SHA1
  
  f1d3231acb466464c8fba3ddc519fa6ee8a92d11
- SHA256
  
  bcf601038f640baecc01f9962fcd970d7addc6cad5f1398f52bcfb1265a62455
- SHA512
  
  c62136e2813129071a0b7ca66ee6ddc5eaf6ff4408aec7b229df397e3b38b7888a3e11bf3999f6913dd9afc81f97cad0c74a1c87751247e76fc5de30f96acffd
- SSDEEP
  
  768:F8ASUJqitkupZhPmj782cR6m8v2wlAAkQ13G2SPs0Ft5:FVSqDtk33LcEmIZAAd3G2is0Ft5
Score

3^/10

discovery
behavioral4
- Target
  
  VirusPack/Dbot.v3.1/misc.cpp
- Size
  
  11KB
- MD5
  
  d94d1bf054f578c3996ac05c85f08bdc
- SHA1
  
  9f55b8d19b6e4d973e25179fbe4ccb0ec14360af
- SHA256
  
  c38bd611f9d266737e8d4437ef93c801f62d3e3b02a15c2168ae4cf4456ff3e2
- SHA512
  
  5b84164b9252b1a985a8b49727532546bc57c4f70de54bda154466d3facc4e505e0fea6460085228a516c6d843f30e5d341a62ef1bcd83da514bb85533b9d797
- SSDEEP
  
  192:9qQQpAx5o9KM8NF2B7AO9hfVGlUd3tjTW1WB2h6ynQrwTW1WB2hL3Y:QNpAE90rwNd3dW1WB2h6yQGW1WB2hLo
Score

1^/10
behavioral5
- Target
  
  VirusPack/Dwighlight_Stealer/Builder/Project1.exe
- Size
  
  576KB
- MD5
  
  40769d252b95c68161f9a5e6a78e9512
- SHA1
  
  895beaff585485ac583dbaaa8f8264d65e2af8b9
- SHA256
  
  c01de1cd53cdace8f26f5f104d6d03b29efa0baec78d8a9c7cb834f05eb75b88
- SHA512
  
  0fcdc482ed63c4014c6b4317d62e2d38dcdad7a65146228677c89d91f842941998c7d430a09f6a5308426ba7605abdd809eaf5abebd703d482263960709ce871
- SSDEEP
  
  12288:nE8NvvNsfIOUTg0CnlmDegD+VqvmTGYctRfILEo1LR:n9TsfI9w9gD+svtHe1
Score

3^/10

discovery
behavioral6
- Target
  
  VirusPack/Dwighlight_Stealer/Stub/Stub.dpr
- Size
  
  10KB
- MD5
  
  5d012dda03a5768e90b95287e0a20c6c
- SHA1
  
  4293412dedef9d6874686ba496915eea7394e26f
- SHA256
  
  a273cb0b5330b17052e2f5dc177fde5c01e1c58f29ef6af7cc0ab7b110a414dd
- SHA512
  
  a84adc04d6856d12dcfc35a1d8b2ed3b0daf4c1c3a20ee50294ec8ab8992bdf1d3bc091e6aabc993c9d2799c89a860d0338ce5bd8ab0c872fb1335fb25fc89c8
- SSDEEP
  
  192:6AvshzB15OgeRXUDgDGpj0L0MC4FC8NzoGESwXLavQf6Acel75:6j350UDgSpoL84FC8N79Ar
Score

3^/10

execution
behavioral7
- Target
  
  VirusPack/Dwighlight_Stealer/Stub/Stub.exe
- Size
  
  388KB
- MD5
  
  567fa3360bba3a8e1fea784650a28294
- SHA1
  
  6036a6ab3d9e7228f011d3d9f4ebfdbfc7006f10
- SHA256
  
  99214ee080c0405d4e119b410b35dd4191c4a4184a10aa286f9948cb1d3ad5b8
- SHA512
  
  c8b1c8d1e8e918cc1bf1d42b2173ea692379b6f825e94587e3ec7e131a5697329613eb8f7e1352b3b15f447ffbd89a2d14bb23bbb8fa944ae30cdef6d6553cf8
- SSDEEP
  
  6144:sn/TWukYTu0PjQLx7xhLbNS3e2OlU/ieMzO10pyqm/loUC+Lfu9tAl:cTWupu0P0LDCqHeMfUCgf0m
Score

7^/10

discovery spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral8
- Target
  
  VirusPack/DynastryCrypterSource/DynastryCrypterSource/Darow's Crypter 2.0/Client/Classes/cFileDialog.cls
- Size
  
  10KB
- MD5
  
  187b6eaeecedc076353022837f441069
- SHA1
  
  8ee493776b8246314117fcb812bfe3cf95c7ca46
- SHA256
  
  78baf7d04ad0240836e7fac0083251b13841d93c1e54e60e55cc27e473941bc2
- SHA512
  
  e869f7b7d7401f5112963a2eddeb1941e42560eaec990e6500eb936cff98e51ccd7cf712f95ad3994712408913d278e86849a096888929632c4c743e5c1c0623
- SSDEEP
  
  192:aA8QcZQhfnMwNb0PaoFzXj12u1XUysnXvsmh1:18rUfMwNb0FP1pXUJXvsmz
Score

1^/10
behavioral9
- Target
  
  VirusPack/DynastryCrypterSource/DynastryCrypterSource/Darow's Crypter 2.0/Client/Forms/Module2.bas
- Size
  
  19KB
- MD5
  
  d17cf3dafb6d19f900545e4a9388dc8b
- SHA1
  
  473f89f77158fe8cd8c22989d587f0ea0ab3e528
- SHA256
  
  1a3e061e8d9bfe92da262eef4c9e59643747958b5735bea73dc3cecfb78559ce
- SHA512
  
  de129a741d937b10daf6059b208f131c8ac2dbad9e11aed5aeafe0b0686b52e8313ed8549be3db328ff572e88452cbbd82934c497275d75a47e8079298d2275e
- SSDEEP
  
  384:Uy4vi0jQPAhEpHEBHZOImoxnhFncV3OCVTJLN1kS6DWa/sNNnfXnVVB0VXXgSnD5:UyZch8HqBnrncVXVTiunvnVVaVXXZnDJ
Score

1^/10
behavioral10
- Target
  
  VirusPack/DynastryCrypterSource/DynastryCrypterSource/Darow's Crypter 2.0/Client/Forms/fDynastyCrypt.frm
- Size
  
  27KB
- MD5
  
  f66c4a945fd7be030b60e8595d5207c6
- SHA1
  
  730a6ace8f067f467f8f61534b39340962132ce8
- SHA256
  
  e0cc9e9d370c72f813d79fed4fb04a533448a225f77498397d6f631b5df63745
- SHA512
  
  89b4f2f8736fbd3660badcaea283d5f582750a9de73e0dd1dd786f40250e0399e98f85304e171b986dca14c33dceb66f40246fa2da86f93d34db1811582143ef
- SSDEEP
  
  384:JoEpj45hn076SRWxFbXoSc0NNBc6lVdYYhcJF4fSCt1i:JoEi5hn07tR6bXoS/NBc6lVdhcP4FtA
Score

1^/10
behavioral11
- Target
  
  VirusPack/DynastryCrypterSource/DynastryCrypterSource/Darow's Crypter 2.0/Client/Forms/frmLogin.frm
- Size
  
  2KB
- MD5
  
  93bcafe48cb2e1c77d8cce5e2f49183a
- SHA1
  
  434ec5873a5c382943e49c68101c6f93e83a24ef
- SHA256
  
  88d12bd10897e6f1f61df1b8514d1629743e176311a4b5848a12c802af4c6f79
- SHA512
  
  275697f016bbe79f6dfbebee5c1e1ab16585f9d45461d4226a8922ac82efa7d6b9a17aa64410e2f9712c268bf2d1d83bd8562d80ed9752cb4753a1aa3b239942
Score

1^/10
behavioral12
- Target
  
  VirusPack/DynastryCrypterSource/DynastryCrypterSource/Darow's Crypter 2.0/Client/Forms/mLoginSys.bas
- Size
  
  6KB
- MD5
  
  2b8e107a65afcfb62ed938ccf6e385b3
- SHA1
  
  0885b1b6028fafd260f05ffdd86ed536028ac262
- SHA256
  
  ef2a6674fd826e2c207a8870e0cd6e555b9dc9c5d9ae17a0ca18932c02770597
- SHA512
  
  47e4caa6db734256c9076655c060c93358947c08ffd56a50276438ff02fc2414b7a4e8057b296655d538ed093b9e423e2ce110c5c839d55b936a24485649b3f0
- SSDEEP
  
  192:I8KP5XOnqBF2zRCbop1l/X5l/NGl/8XQ+yK5e7//j:I8WX2p1N5rGqXy
Score

1^/10
behavioral13
- Target
  
  VirusPack/DynastryCrypterSource/DynastryCrypterSource/Darow's Crypter 2.0/Client/Module1.bas
- Size
  
  2KB
- MD5
  
  82d1db24e5ccbed38d51aee3fc8684a4
- SHA1
  
  34442888fea379ed6699987b8409b074d5256220
- SHA256
  
  ca1e01ac35ecc2d8a42c5a15553f6a55053949b964e5e4cd6ff77e7a7f258329
- SHA512
  
  169b5a082bc1fde7c6f1ac34cf1f8fe86188734b229a0e6a1346b2e5761f3556fc414079bde52024ea6ebe0ce9325fb0fa1a144a5ca2f1dd93766d1688261242
Score

1^/10
behavioral14
- Target
  
  VirusPack/DynastryCrypterSource/DynastryCrypterSource/Darow's Crypter 2.0/Client/Modules/clsTrans.cls
- Size
  
  7KB
- MD5
  
  2d6411efa0377e6b7927a96293e9b218
- SHA1
  
  76f35ce51edcae95203159619cc4d2b588986b72
- SHA256
  
  a7fdecd5ca896456a5fd3a22cb30218aa4864f3f8550955be1dfa8bb09d5fa3c
- SHA512
  
  b9a32fb83e483f939bc399250147df2fd733ef604dcf10299fb66d9ba5954eab2a1666c538056816d4237b561632fe42e344458e06a0b1f25f1452a70e6fd220
- SSDEEP
  
  192:aA1TWffyUnrLl+ZXLQXAfFIdgA+mNdf1/tKDjEdj:11KqUWo+mzfwj2
Score

1^/10
behavioral15
- Target
  
  VirusPack/DynastryCrypterSource/DynastryCrypterSource/Darow's Crypter 2.0/Client/Modules/mAddSection.bas
- Size
  
  6KB
- MD5
  
  c35c2525825a235be438b4c6422e1cff
- SHA1
  
  cd88669752e5dc013fb04247a8ed780c15e5f141
- SHA256
  
  1c89207d3b12f1ea4a816b42186ed9ac548b10e53c7c26cdf2b1246047a7722d
- SHA512
  
  c048700cb42a005a118d18badfdf00ff3c8972832112d3e42860ea2dd8da004824d0f0d3f61161634678eff9187bf61e7009b03514f2d5057542d5793acd23b5
- SSDEEP
  
  96:lX/rrHZeEX7o38Nc+Z6tspNra26Ib3SHSwem3pyo9NNpCQMqdRsXOZ:lvvEiWW6GMILSHwm3h9NzCQMqdRsXOZ
Score

1^/10
behavioral16
- Target
  
  VirusPack/DynastryCrypterSource/DynastryCrypterSource/Darow's Crypter 2.0/Client/Modules/mFullClone.bas
- Size
  
  6KB
- MD5
  
  fce301feeb56b5c1e9dd243843fa4084
- SHA1
  
  5db62a2094f25fa4e188f67ff1a070b3726c6b12
- SHA256
  
  5c5fcce65cd6ac8e5b25f91e442d6b9a0cdfafcced4c2c60163062876b493e49
- SHA512
  
  e9ba9bb939edc08ce7b6d773cd5d497138547bccf9d227303d8b1e658f9fbd65d55204e6e3f2d0d3e3fc50dc22c4deaf007d880b6f15be75da1da3b915feb436
- SSDEEP
  
  192:ow7KsuJKYi/fghqQ/SYrSiUmcVQjq0UqrEqhk+Ybq2YbNoT:nKZKf/mcKjlUqrEqW+Ybq2YbE
Score

1^/10
behavioral17
- Target
  
  VirusPack/DynastryCrypterSource/DynastryCrypterSource/Darow's Crypter 2.0/Client/Modules/mIconChanger.bas
- Size
  
  6KB
- MD5
  
  f260c413200a5d5eb5584f178e2b8ce8
- SHA1
  
  7b7f4ad0d9a0d5725d8291a87b85e2be2a3e931b
- SHA256
  
  702c8fdd9c89f068f57899517577083ea697172e0ab5270de648c033bcc30289
- SHA512
  
  3f29893ea444dbd9e14641bb698c8fafba12fe768472365b914caccc292b965ed674b8daca19fea6dd706cbe3d693d252eb9a2e262d18ed39f487379aa36c6ec
- SSDEEP
  
  192:7YkYg8pKrsuwg7KsAEgRkh09BNBiO+WfeH8dqvE8y6p:UfgFRKAqBNBiO+WfeH8djh6p
Score

1^/10
behavioral18
- Target
  
  VirusPack/DynastryCrypterSource/DynastryCrypterSource/Darow's Crypter 2.0/Client/Modules/mRC4.bas
- Size
  
  1KB
- MD5
  
  1402ab8c71ad358285400fafa0628a21
- SHA1
  
  fa84a8c44b7affb1ea45afa7c64292e4cebb8608
- SHA256
  
  a3ee0586f34bc832460407be5619e90d98f25d9f76b38a6bdd47c2c1d0a80550
- SHA512
  
  40b20c5b904a1dba3f9110970039f4d375815405e040cfae0e4768a8a9c83de9508352a00fa19379255546080cbc0186fffdd215cb7b76bafc3c53760fc32bd6
Score

1^/10
behavioral19
- Target
  
  VirusPack/DynastryCrypterSource/DynastryCrypterSource/Darow's Crypter 2.0/Client/Modules/mRePE.bas
- Size
  
  7KB
- MD5
  
  d4c480d79b815e3e7947627d29b92086
- SHA1
  
  a5737f99a46d236bb0d4e22a1c79f9e41a578b34
- SHA256
  
  33e92fda596d48c7f1f572e615af07a9c09aeccb4fb694296f6b19ade7b35065
- SHA512
  
  919ca2fd44953fdabcd047b0019329f22c649fc4a0826a7d418bf42d8b60c65d1a2efd74a6e2c15ccb41c03ce8d310996b651daaf03db164f91b7fded0876625
- SSDEEP
  
  96:jGsS4yJeVLi2NZSMNnOJzD2+8a2NCOWRg39vvmMaSpcLq35po9DG9JlRbY:5h7mzDFO935po9K9+
Score

1^/10
behavioral20
- Target
  
  VirusPack/DynastryCrypterSource/DynastryCrypterSource/Darow's Crypter 2.0/Client/Trans/UserControl1.ctl
- Size
  
  9KB
- MD5
  
  5cba04870f66cffd71677459e008a19a
- SHA1
  
  6e5c7ae817e22f741a2b08ec0cd7c958ca3bc582
- SHA256
  
  8d3ec7d6bec4a57197eb20e5051867367f6b0735d84094eeaf8c45ab017d7241
- SHA512
  
  de990c36771c2bb9d0ff8770f0b347a5e4e2ef519cabce37a619befff8e03466f5f5b37d848cc725423bc7c7b40c7c08e3237955b168175adca5a2bf1441dae7
- SSDEEP
  
  96:tsH/s3TpOXJa3XxDtjqmDuN/QPAmuIzjp+J787NqZNS/QVwqvjl8foKL2fHAZsCH:A/OTpOZuXxPiNu7NiNwb
Score

1^/10
behavioral21
- Target
  
  VirusPack/DynastryCrypterSource/DynastryCrypterSource/Darow's Crypter 2.0/Client/clsBlowfish.cls
- Size
  
  41KB
- MD5
  
  000df0860c176f8470346808069ea01d
- SHA1
  
  200a8561d1e01ff64b086d94fa8e3ae1ad0be255
- SHA256
  
  5b24e877f91beb0559a6797811586752f65d03f9a19ed38dd85a5353a735df68
- SHA512
  
  3515c633b31d630a27c267936128df57213b35dd51f21d61f4bb0b2d45bf8d768cece08ea39ca079b48d48ea59704480e238b809b63b2605af4260ffab179ebb
- SSDEEP
  
  384:1tchGYc5SK+srO8m8D0FZUt+1sKbh8W+SqORFKcHbivqnECbVXJ2NN1NEkf3:1th+oLm8DWpqOjKcHbivqnEC2jF3
Score

1^/10
behavioral22
- Target
  
  VirusPack/DynastryCrypterSource/DynastryCrypterSource/Darow's Crypter 2.0/Generator/Generated/Module1.bas
- Size
  
  2KB
- MD5
  
  82d1db24e5ccbed38d51aee3fc8684a4
- SHA1
  
  34442888fea379ed6699987b8409b074d5256220
- SHA256
  
  ca1e01ac35ecc2d8a42c5a15553f6a55053949b964e5e4cd6ff77e7a7f258329
- SHA512
  
  169b5a082bc1fde7c6f1ac34cf1f8fe86188734b229a0e6a1346b2e5761f3556fc414079bde52024ea6ebe0ce9325fb0fa1a144a5ca2f1dd93766d1688261242
Score

1^/10
behavioral23
- Target
  
  VirusPack/DynastryCrypterSource/DynastryCrypterSource/Darow's Crypter 2.0/Generator/Generated/clsBlowfish.cls
- Size
  
  41KB
- MD5
  
  000df0860c176f8470346808069ea01d
- SHA1
  
  200a8561d1e01ff64b086d94fa8e3ae1ad0be255
- SHA256
  
  5b24e877f91beb0559a6797811586752f65d03f9a19ed38dd85a5353a735df68
- SHA512
  
  3515c633b31d630a27c267936128df57213b35dd51f21d61f4bb0b2d45bf8d768cece08ea39ca079b48d48ea59704480e238b809b63b2605af4260ffab179ebb
- SSDEEP
  
  384:1tchGYc5SK+srO8m8D0FZUt+1sKbh8W+SqORFKcHbivqnECbVXJ2NN1NEkf3:1th+oLm8DWpqOjKcHbivqnEC2jF3
Score

1^/10
behavioral24
- Target
  
  VirusPack/DynastryCrypterSource/DynastryCrypterSource/Darow's Crypter 2.0/Generator/mEncRC4.bas
- Size
  
  1KB
- MD5
  
  654d77fa5f81ee496802086deab418ad
- SHA1
  
  a2cee107c93f55637fd217a68beaaa790fe6840e
- SHA256
  
  ca7f95582b1cc45a76b8d88cc57d0bca8b41dfdaaa5ff71185e5273b4d1914ae
- SHA512
  
  8c6ef776a619d908317a4c9fc77c2ef655d979def30234e8230c82365cf714c8e108af86552beb2c7b20b9a0cb7fc1c8792211f679f94becde61927c47ad64ac
Score

1^/10
behavioral25
- Target
  
  VirusPack/DynastryCrypterSource/DynastryCrypterSource/Darow's Crypter 2.0/Generator/mLoginSys.bas
- Size
  
  6KB
- MD5
  
  75835772382817ea633923d87691fe78
- SHA1
  
  75d074c19282c85675e5b44a1ca2c2003e6df3e9
- SHA256
  
  eb1c90501f15383e0ab27d479c567d3eb0257231355fcbd38d3558ffbfe33ca7
- SHA512
  
  18575482635311e689a9d62f49203bc3f3f85afd89d351e8e575a85f1650f07be13391a5b03c4b85ffc66b48f5c622c14bce5a4418e391e6fd9aed7a188c035d
- SSDEEP
  
  192:I8KP5XOnqBF2zRbbop1l/X5l/NGl/8XQ+yK5H0//j:I8WXDp1N5rGqXY
Score

1^/10
behavioral26
- Target
  
  VirusPack/DynastryCrypterSource/DynastryCrypterSource/Darow's Crypter 2.0/Generator/mPe.bas
- Size
  
  15KB
- MD5
  
  79db14010d3f77d097e5c17901612d96
- SHA1
  
  478bc94c67f140f47ff4f4be9b5a22e9a5aec709
- SHA256
  
  d422e71ba751d745c4c1de06dbfb1a4605838f2aaeb92f24ddefd2c0a4607e82
- SHA512
  
  8c33f00ac1b307364ac1550d18b69c7d087fc854a18b33db625abc4c4c3681007510fddb6dfe6f5833850b70aa8b384b3f200971f78c69e4e3307b982e04b587
- SSDEEP
  
  192:oAGfXhsJzCgNUO2YMW5Lw8ws0LPNgDXbGybP8NWdS+OACWivJfK7:UfXyVTyXs6KFbutg
Score

1^/10
behavioral27
- Target
  
  VirusPack/DynastryCrypterSource/DynastryCrypterSource/Darow's Crypter 2.0/Generator/mStringObf.bas
- Size
  
  3KB
- MD5
  
  8ab9cce7c4179339f20f3da27bf2978f
- SHA1
  
  07b74c10ff9774d092afe094ced1ff923f32e96a
- SHA256
  
  c68de42baed439a03b9392462b47d45fcf3eae0d30e50d29b51e9c9794c81417
- SHA512
  
  0920f76565c8a957837ca1c62656a55efa79b51f06beae402d11b0d1925ebf82a002c4e6ddff3720c65fe168961945200f74ff69484c2f37fdc8519f2c5916bd
Score

1^/10
behavioral28
- Target
  
  VirusPack/FBIRAT_Fuck_Hack_Hound/FBIClient/FBIClient.plg
- Size
  
  70KB
- MD5
  
  4619ab753b634b63fce3614e1d59682f
- SHA1
  
  5b17a10dc1922ebc5b63f152d8641ef289e13291
- SHA256
  
  0c4d2a0e0853623208cf5184de28323a3b9545968673845e3215b039694a3dfc
- SHA512
  
  ed6b80cc8111f597f8298c11f8e19e306ff094259bc4026012e1fe2c0e5d5531c364b2f0947ff9b41b12de1d6cd10a0dab9d13326f9ce4d6f05f587802fec899
- SSDEEP
  
  192:gDzOJXNGYoJheMRO511mMTOZLZqQw+nSk8e3S8QDruwoezM2EaX2MwT5y4U5nS00:gDzOfGReWOxm0OrqUScShucMe2jyjST
Score

4^/10

discovery
behavioral29
- Target
  
  VirusPack/FBIRAT_Fuck_Hack_Hound/FBIClient/Name.exe.bak
- Size
  
  132KB
- MD5
  
  5fef03a6231865c1ec6bdd40a4991a2d
- SHA1
  
  124cd4344caa1508267e2e3dde1668c2d7a4f085
- SHA256
  
  c87931bdea96f2d7eb38bd93adac990f6a6d632431e1f729751d6df26c283044
- SHA512
  
  f885004c2f6045d5e104922fabd9fd64ece308d1ddf6a87232ce86f2538ac613b70cee5a460531686dac70c699952047f1413e75236a84916bc09e6dddbf59c3
- SSDEEP
  
  1536:FMnljdvdexaLcuHvl4vSy55T9EoDcfohn7h505cz0vRtblXqyvUMGraRqQK:FVx3wdmj1iVfohn7veJvRthB9Gu
Score

3^/10

discovery
behavioral30
- Target
  
  VirusPack/FBIRAT_Fuck_Hack_Hound/Injection/Injection.plg
- Size
  
  1KB
- MD5
  
  89c4632dbc6ccfc077178f989b216fde
- SHA1
  
  2cb78515f9280fef096d856a86bb476b0f1aa46e
- SHA256
  
  439e53132f492a5db8d7cb0b844325a15b5b40e7f697421d77cabf0f240c6136
- SHA512
  
  47a4be42bad02b0d94b6b4efac35a3bf19e08ac80d2c943763de38462aea5eead7fe34ef81e5992c0b273a5064040c99d0d84abffec32399220c9718ae4aee2f
Score

4^/10

discovery
behavioral31
- Target
  
  VirusPack/FBIRAT_Fuck_Hack_Hound/Injection/Server/Server.plg
- Size
  
  2KB
- MD5
  
  977a529a906cdd6f02b7dedf8585d989
- SHA1
  
  b098eeefec490e6798419d9bc1f8dba0299eb8bb
- SHA256
  
  d9df1ab6d8ddadd6fafaf4dd6ecb4930d29f008af77a518b6eeb5878032a2a4b
- SHA512
  
  f91b9a21b609b710d93b00558fad24b5524472124bd7cba333aa4083abfa2426710dce5c2d0d56419e1800d6e790717aa8314de52387b970ba8623333d5351bb
Score

4^/10

discovery
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32