Overview

overview

10

Static

static

10

infected20...01.zip

windows7-x64

infected20...01.zip

windows10-2004-x64

infected20...01.zip

android-9-x86

infected20...01.zip

android-13-x64

infected20...01.zip

macos-10.15-amd64

infected20...01.zip

ubuntu-18.04-amd64

infected20...01.zip

debian-9-armhf

infected20...01.zip

debian-9-mips

infected20...01.zip

debian-9-mipsel

1�L�iŚ.pyc

windows7-x64

1�L�iŚ.pyc

windows10-2004-x64

1�L�iŚ.pyc

android-11-x64

1�L�iŚ.pyc

android-13-x64

1�L�iŚ.pyc

macos-10.15-amd64

1�L�iŚ.pyc

ubuntu-18.04-amd64

1�L�iŚ.pyc

debian-9-armhf

1�L�iŚ.pyc

debian-9-mips

1�L�iŚ.pyc

debian-9-mipsel

DHL_PT5638...53.bat

windows7-x64

8

DHL_PT5638...53.bat

windows10-2004-x64

8

DHL_PT5638...53.bat

android-9-x86

DHL_PT5638...53.bat

android-13-x64

DHL_PT5638...53.bat

macos-10.15-amd64

1

DHL_PT5638...53.bat

ubuntu-18.04-amd64

DHL_PT5638...53.bat

debian-9-armhf

DHL_PT5638...53.bat

debian-9-mips

DHL_PT5638...53.bat

debian-9-mipsel

helper.bat

windows7-x64

8

helper.bat

windows10-2004-x64

8

helper.bat

android-11-x64

helper.bat

android-13-x64

helper.bat

macos-10.15-amd64

1

Resubmissions

21-01-2025 13:35

250121-qvptgawqbk 10

21-01-2025 11:58

250121-n5b91ssqem 10

21-01-2025 11:44

250121-nwlr4a1qhs 10

21-01-2025 11:07

250121-m7zbws1kfn 10

17-07-2024 20:08

240717-ywvp4swhjk 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    infected2024071401.zip

  • Size

    54.3MB

  • Sample

    250121-n5b91ssqem

  • MD5

    1deae7b244bd725828d39c59ccb36f5b

  • SHA1

    af1298cefef18ddae3bc472b61828d4b8ee30594

  • SHA256

    c56c00ca3f42026f17affef76b3752f268d1498f862b3143985ca7c1d33feb39

  • SHA512

    15d37132af78f43b79da983fdd7db5a6716d9eded87568e1c1a24a8241f5e4e0f7de22b6c72a0640dd027ddc50f2f24fdb0ec5b8a2ed606588e2ce80aa873bbe

  • SSDEEP

    1572864:ZCPcetzLnPM24Z4Ienxa/x4AW+kTpM/vpnT:M3LnPHxACSkTpqvpnT

Score
10/10
blankgrabberandroiddiscoveryexecutionlinuxmacos

Malware Config

Targets

    • Target

      infected2024071401.zip

    • Size

      54.3MB

    • MD5

      1deae7b244bd725828d39c59ccb36f5b

    • SHA1

      af1298cefef18ddae3bc472b61828d4b8ee30594

    • SHA256

      c56c00ca3f42026f17affef76b3752f268d1498f862b3143985ca7c1d33feb39

    • SHA512

      15d37132af78f43b79da983fdd7db5a6716d9eded87568e1c1a24a8241f5e4e0f7de22b6c72a0640dd027ddc50f2f24fdb0ec5b8a2ed606588e2ce80aa873bbe

    • SSDEEP

      1572864:ZCPcetzLnPM24Z4Ienxa/x4AW+kTpM/vpnT:M3LnPHxACSkTpqvpnT

    Score
    3/10
    discovery
    behavioral1behavioral2behavioral3behavioral4behavioral5behavioral6behavioral7behavioral8behavioral9

    • Target

      1�L�iŚ.pyc

    • Size

      857B

    • MD5

      0d05ea9df13972dc4ded98244e029da4

    • SHA1

      439cc2f447bc7a5ea554279491664e0ba699333d

    • SHA256

      aa18b36e8260dbfaffe4191216319556ae73c8654f358315aba43e87a9193317

    • SHA512

      5217184928a86a04b8ce4f5380882ff49ac5aa4bdcbf70090abe8be479038806e5aabcf7fc2c65d35662c77c1776233c90f09a4ff3c41061f981f68db63b778f

    Score
    1/10
    behavioral10behavioral11behavioral12behavioral13behavioral14behavioral15behavioral16behavioral17behavioral18

    • Target

      DHL_PT563857935689275783656385FV-GDS3535353.bat

    • Size

      6KB

    • MD5

      60186cd9a2e82835bc143c1fb4662b7e

    • SHA1

      880c7f14743f9759b30bcc28085949122f54c20e

    • SHA256

      b66081b0e5dfe21e03d1043700d7c05e65bda96ad33a6370c374217d5ae84405

    • SHA512

      98ca66c502178601cf1d568fb4b5ef122564f548eae2c82c9979207ea69398212f2b35571f3cc0696ec9edb70174a016c00ddd12fc26140d63196188e6f0f8b7

    • SSDEEP

      192:jOJVeUYLAKLt+IS0y+80TJco4Ga5y0p8te:QeAKZZS280FL3aw0aE

    Score
    8/10
    execution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution
    behavioral19behavioral20behavioral21behavioral22behavioral23behavioral24behavioral25behavioral26behavioral27

    • Target

      helper.bat

    • Size

      27KB

    • MD5

      8d987e2f2fef6f2bd726d392bac46c55

    • SHA1

      64ab8a696b52189d5fd809da924d1dc36e07d7c3

    • SHA256

      10e4a6b54cc0cf4d18dde8b69e0b305abe487e07ed990c5bff82ce30b217b910

    • SHA512

      a8c48da620cfc0b4ea55efba87a98625e4b1eaf4553006a259fc5915836afcdee413180d1dcfc40ab8830741257f5ab723d4536788b0d751a6ba8a28cbfcdf45

    • SSDEEP

      768:AZWM6xwaPdP30trmRblevg8heVbaEUdLQdy6VTRZE3mn:ZM6xzR30ZmRb4YI2TILQdy6VTRL

    Score
    8/10
    execution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution
    behavioral28behavioral29behavioral30behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

blankgrabber
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

execution
Score
8/10

behavioral20

execution
Score
8/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

execution
Score
8/10

behavioral29

execution
Score
8/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10