ammyyadmin | a31ab95f1cd95d696e7b127f5d750cde6a227bbc8f12202bfde6889f8bddfea5

Sharing

Copy URL

Twitter E-mail

General

Target

master.zip
Size

379.9MB
Sample

250217-zp9q5atjgq
MD5

0bd94bb6c549b638b77f03fe3f748c23
SHA1

51585b4e6478353f5bc2323042bb4084aea6c142
SHA256

a31ab95f1cd95d696e7b127f5d750cde6a227bbc8f12202bfde6889f8bddfea5
SHA512

73998d9862f48fd6df007ea2cbad18875cbfde3ef542d39cec12ecf3d1b63a216b131c6d106b30d46c2be19ebd3046a05f89ad6875777ec4604b13702a019fe7
SSDEEP

6291456:xxBKdd2oT5xgBb3A25P7dgkXUGnwQtfdHMq64d2ISdiUkG7zuyKtvOB80Wpx:dY8G5xgp3Z5OmdHvdMNkG7FKtE80Wz

Malware Config

Extracted

Family

gafgyt

185.165.29.25:444

185.165.29.111:444

103.9.77.253:4444

107.174.34.68:23

107.174.34.70:23

179.43.146.30:23

185.145.131.236:23

185.145.131.173:23

185.145.131.243:23

185.165.29.24:444

198.167.140.187:53

185.165.29.41:444

185.165.29.47:444

69.90.132.142:53

185.165.29.39:444

77.247.178.189:23

185.165.29.127:666

Extracted

Family

redosdru

http://mazi.av666.us/NetSyst96.dll

http://123.184.40.33:19162/NetSyst96.dll

http://118.193.139.50:1237/NetSyst88.dll

http://qingxiaofeng.f3322.org:65520/STU.dll

http://211.141.154.154:8088/NetSyst96.dll

http://mazi.av666.us/NetSyst88.dll

Extracted

Family

mirai

Botnet

MIRAI

scan.oneneo.xyz

xo.midnight.pm

Extracted

Family

mirai

Botnet

MIRAI

scan.oneneo.xyz

cnc.oneneo.xyz

lana.midnight.pm

xo.midnight.pm

Extracted

Family

mirai

Botnet

MIRAI

scan.oneneo.xyz

xo.midnight.pm

Extracted

Family

mirai

Botnet

MIRAI

cnc.oneneo.xyz

scan.oneneo.xyz

lana.midnight.pm

xo.midnight.pm

Extracted

Family

mirai

Botnet

MIRAI

scan.oneneo.xyz

xo.midnight.pm

Extracted

Family

mirai

Botnet

MIRAI

cnc.oneneo.xyz

scan.oneneo.xyz

lana.midnight.pm

xo.midnight.pm

Extracted

Family

mirai

Botnet

MIRAI

cnc.oneneo.xyz

scan.oneneo.xyz

lana.midnight.pm

xo.midnight.pm

Extracted

Family

pony

http://www.munchiesdelight.com/vent/panel/gate.php

http://acgfinancial.gq/alozspongoogle/gate.php

Attributes

payload_url
http://www.munchiesdelight.com/vent/panel/shit.exe

Extracted

Family

xorddos

http://info1.3000uc.com/b/u.php

tt1.v5zz.com:3560

192.168.1.131:3826

abcd.com:8080

Attributes

crc_polynomial
EDB88320

xor.plain

Extracted

Family

mirai

Botnet

WHOSGHOST

network.bigbotpein.com

krebs.bigbotpein.com

Targets

- Target
  
  some-samples-master/000c817925bc84f700337ac1307bb1b1
- Size
  
  16KB
- MD5
  
  000c817925bc84f700337ac1307bb1b1
- SHA1
  
  f915dfe7bf6721ad96cdde36774a68dcffab2f19
- SHA256
  
  79dfcff48dbafb3622d04cd48638db5154894868c73a186e9d84f3877ac3e9f5
- SHA512
  
  c795e2ed9da16c070802a464074076922e346ed5569add1b269e5e8d271f524b336a099a5f7a0ae6f5f2032ead5d112bbab7d02e20398ca45c8839b6d835a6bf
- SSDEEP
  
  192:Pz2UUXOUM+6Bk4CfLEb6ehNXNlsqBsXw++nnl2:qUMOU36G4KwRB++nM
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  some-samples-master/00c5a99a4a45fd4fa41f2a1dcf8690ff
- Size
  
  26KB
- MD5
  
  00c5a99a4a45fd4fa41f2a1dcf8690ff
- SHA1
  
  361360530c69e6bb690c3c9fa7354fc72b9c4fb5
- SHA256
  
  0dc915c0f17404fabb244cea87c7c12d2a4c9d0030c64fca01676cf4abe4a18a
- SHA512
  
  738caee1197900c2bd30bef6aa994565794b8a60413d4827668acb6c44e8fec61eccd80ed6e1b207ece097ae569fa2e317c9707056a167c72357064009e0022e
- SSDEEP
  
  768:lyiZEE9fZxX1fSgytkpkakPkSkCkGkvkYkPkLm1P:lyCfPlxckpkakPkSkCkGkvkYkPkc
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  some-samples-master/00d2876c4ad4ef3bfefe452f55da9432
- Size
  
  143KB
- MD5
  
  00d2876c4ad4ef3bfefe452f55da9432
- SHA1
  
  44f948995f0f1484e6722a6813a5637a98fc4b04
- SHA256
  
  1854f945faf9c07d8df37e7083ca9704ba84a7d6de3cca87d710b0ded208528c
- SHA512
  
  635c37149356f4b9dc27865e26264fdb5280cd3b33e9c2257859cec189ff9232e1d19454de430cd84e286b5704e74117f8ee5ef2928693af8557a6beec70bb92
- SSDEEP
  
  1536:YwhO+/yubrJhy6aBL8d4D/W0FDujXYvlA+FasPl/4pseLdA1UW+cw:7/yubrS6aR8QfFDmXYLaCJ4pseLSUbcw
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  some-samples-master/010c1e2ffb9d2fc30a429b7db204ed7b
- Size
  
  110KB
- MD5
  
  010c1e2ffb9d2fc30a429b7db204ed7b
- SHA1
  
  3e7fde0e06a1501ae3a0112a232be5a40e7b9587
- SHA256
  
  e1d92e9f8c983b930a849a969176bd5d59e52b00beb9375362e37712d50e5948
- SHA512
  
  edcec9be97385bfebb8e97c4a8c16faaf355117c349f26d28044231b897e1f76b22c55783ef7ffa772b6a7582da59e3ebf33430d62996d65eee78a91ccc5ce36
- SSDEEP
  
  3072:S8i0mdVztjCiJOeLG6mzUSyFdJpqeAsfc0dUSLXh:CdVbOVPQkeAsfc0dUSLXh
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral7
- Target
  
  some-samples-master/0138333b333805fa0baf93f6d0ccf342
- Size
  
  3KB
- MD5
  
  0138333b333805fa0baf93f6d0ccf342
- SHA1
  
  a77bf28547fc0f7da297353b88239c416a8be4c0
- SHA256
  
  7b4e065405ee4c2a4823ed3fed74da74fb72bb7067fbc3a8f763b9f375efba4c
- SHA512
  
  b3de560b49414189c5f0a674eaf07e51857d1dc73b0b3d4fe70827edbcfc92d70252b105d9b438c24f751102b6fd0fe898dbcaee1e4664d27440368c9a1205fe
Score

3^/10

discovery
behavioral8 behavioral9
- Target
  
  some-samples-master/0157d50dcd839afb5ec4b79cae965360
- Size
  
  594KB
- MD5
  
  0157d50dcd839afb5ec4b79cae965360
- SHA1
  
  0b242dacfe6eddff8577757fbd3ae7015cea88b6
- SHA256
  
  ada5ca4ebe5438dee510890f2b38dfebe7e157e3c836956e34ba35dbc97df983
- SHA512
  
  c514bbd5dd8bae7d189c297db90c81a5586d671d558e96473e581c383c72206f4b4a4c696d864a91e624e0cac1b3f4ff29a5fe9c58656ebfd4454d1fcec96d9c
- SSDEEP
  
  12288:JfiAGWqrP8W75vfDnZFn7ZMhGqSBJU/QYhDcbNLvwFoe7HrN+wetk6:R3GWlelF7SPUJYVUNbwFDwwet
Score

1^/10
behavioral10 behavioral11
- Target
  
  some-samples-master/015f8027e55c523a326dd06a1082b5f4
- Size
  
  23KB
- MD5
  
  015f8027e55c523a326dd06a1082b5f4
- SHA1
  
  2b4658fdfb3123f234556d25dbaaada5b9f5b88f
- SHA256
  
  598c726aa6e96b1f7ef222a2fc7e312e3c045444b80235dd4eb17d2a9e2121d2
- SHA512
  
  7d41e6b374c5febbffb8b7785620bfb408e4a892f1159edf5fdab187fbda99cc8e0b967b89b48382367dec2492b3a55386397dc833aed6b941450971c562e89f
- SSDEEP
  
  384:3IzPNkJ+Jizu1p8dd/VcpQNxX+n4aiAajqRLi2kcXQew:36PNkJ+JczdLcyQMAamLw
Score

3^/10

execution
behavioral12 behavioral13
- Target
  
  some-samples-master/019be7ae89b0e13eb1b0f1ceb1d355fc
- Size
  
  26KB
- MD5
  
  019be7ae89b0e13eb1b0f1ceb1d355fc
- SHA1
  
  d5513cbc461f95f7e259ad08849faf9d4cf3088e
- SHA256
  
  47619323518591f2482b75c9984e075e2044785d4285c78a0638f98ba1cfa1cb
- SHA512
  
  52ba714efd17e8d1d5a607501bdd58e195eb12af0c03c790d9efff3ab056c465220f316465b4f65c7ffe0448f8337b5b410d3a8cbeb30f0630db9a1599edb519
- SSDEEP
  
  768:lyiCE9fZHA68NXDV8NXDD8NXDJ8NXDS8NXD58NXDM8NXDc8NXDM8NXDi8NXD5x1P:lycfZA1DcDmD4DdDIDDDzDDDNDl
Score

3^/10

execution
behavioral14 behavioral15
- Target
  
  some-samples-master/01ac76f3ad93c942aa0c88ff747d06fd
- Size
  
  26KB
- MD5
  
  01ac76f3ad93c942aa0c88ff747d06fd
- SHA1
  
  71f31b211d9af9d41faeb7deb9fba084a5c7c089
- SHA256
  
  0a8792a23722606b21d23279188a58a8d5cef9f1e189e09be1c6afc276857dd4
- SHA512
  
  279ffab45c72a22497ca4ea67d2ad0beb02ea6eeb5ed7a6c7e4ffc26662bdf89726819eecbbb97d62d73e8658e825b8daa5649d537d605e71ab38842ad5dcc93
- SSDEEP
  
  768:lyi04SE9fZAsoxnxZxRxYxnxYxnxoxQx0v1P:lyuPfW/xnfSxSxiqi
Score

3^/10

execution
behavioral16 behavioral17
- Target
  
  some-samples-master/01c3927bd930a986d3eb6b8662527ed5
- Size
  
  2KB
- MD5
  
  01c3927bd930a986d3eb6b8662527ed5
- SHA1
  
  f6c032d87337a6dbb136f6ce054a920c9150e701
- SHA256
  
  49da9650347b53181635b049d46f92dd731d072696fd50a6a5d3bd5eea58f7c4
- SHA512
  
  d49c41be2372fa7c9f544a79b9866c5ed79d4874ebfb890e5118611289f2576dff4f759913e22a3f8ef5ba6028e84dce8199a04212c2b151ecc627e2d48584d8
Score

3^/10

execution
behavioral18 behavioral19
- Target
  
  some-samples-master/01cf52ba3d0b385551b1d9fcad2e7b59
- Size
  
  171KB
- MD5
  
  01cf52ba3d0b385551b1d9fcad2e7b59
- SHA1
  
  45d68fa808741a479bf9ab1fa6637524c8dda522
- SHA256
  
  7ef5fdf3711473be955049aae0088177c8be78024e5ee446d2cbc86c4d1fe23f
- SHA512
  
  7f1527c564d7acad396229ba58c02b4ef08aa117b9713e14144848e3622f0a4ebe2d5b5642b3397e430a76c453e0c8afc49122f0d303e7af1fcbf409e5845d04
- SSDEEP
  
  3072:S4kXFwsIdF1UfHySW6z0hGWc8xnobN2Yls2nmuho4amFahRMUSNHHUWfuvIyfkMN:Sr1wsIdF1UfHyx6z0hGWc8xnobN2Ylsz
Score

3^/10

discovery
behavioral20 behavioral21
- Target
  
  some-samples-master/01d8f0b4a1bef3acef8ec448a640bbb5
- Size
  
  23KB
- MD5
  
  01d8f0b4a1bef3acef8ec448a640bbb5
- SHA1
  
  439066a263d5606bafd618fac95ba444abf8ef91
- SHA256
  
  51107d115e4db53cfe524f3c117239f9aa29491416da843df3eda1b88674ea6b
- SHA512
  
  32ed6c8fe966900fe3477aac1d31cf73a992796df658255db7b4d69e81edefcfda81b256558144f1d7bfdb8fcb5b7f2377f8f07c7811ffdcb6b4d55acf96cd79
- SSDEEP
  
  384:3IzPNkJ+Jizu19IbIxB4s/VcpQGCxX+n4aiAajqRLi2kcXQew:36PNkJ+JcSIkx7ciQMAamLw
Score

3^/10

execution
behavioral22 behavioral23
- Target
  
  some-samples-master/01e080585e79879ea4e54844a2737d84
- Size
  
  11KB
- MD5
  
  01e080585e79879ea4e54844a2737d84
- SHA1
  
  1c2d8d126706957d316bd293d7ec54f18f61ec22
- SHA256
  
  80384e6d5c2d8f2ce64115b2e1b320513deaa08e5fc03f1b97807ada21937940
- SHA512
  
  95bda0feb277affebd2265162d47f5dd5cc039270083699d3690b1b5d3a08a30bf690fbc0d14394a71933d0a0111e403d3a4009d18a49bd9f53d611403e8e8ee
- SSDEEP
  
  192:TiqsJ3PqkDPkGYziiodcFm5b0bTqixwujunS10NA5XvXfxEFYVtjtqSMunoQq9i/:TifPHPkGYcdcFm5b0bTqixwujunSGNm1
Score

3^/10

discovery
behavioral24 behavioral25
- Target
  
  some-samples-master/01ed8720e305d7f53ee7cf91f1e4ca8e
- Size
  
  82KB
- MD5
  
  01ed8720e305d7f53ee7cf91f1e4ca8e
- SHA1
  
  39258cbf87dd414a8e81f60ee023ce1d138b3080
- SHA256
  
  c9e6b16ee832c784cacf282d87b1e59f5a863a774a42e9a2dea19ba759a495f8
- SHA512
  
  c0554a0835902297cca0853a5f881bbe6e7caed5f4051c405003767163a58927fcdf78063f50243b7fd86e340756f51b036cdaa18e4a608125aa1ca51fd7aa60
- SSDEEP
  
  1536:sryWV9WlDhl/UAwzeszexze6zeu3WgZOaxhlYolyIjL:sr4BF3EaxhlYolyIjL
Score

3^/10

discovery
behavioral26 behavioral27
- Target
  
  some-samples-master/02150a19ad62efe92ebb7bc8a15daa4f
- Size
  
  26KB
- MD5
  
  02150a19ad62efe92ebb7bc8a15daa4f
- SHA1
  
  6e69a1857c0b7108bccf179acadf31c087885193
- SHA256
  
  eb5d4c3950fff8263d753a281eb1951564a78678739db8f421004ecc10f4ad4d
- SHA512
  
  013f70c1715367ecf56504cf31b6aa93172348992bbe9474f4982aae3ff15ad278ffc457e2aaac0a1d22162589b08396b5fa4d88ebfca4fc76211b547fbedb37
- SSDEEP
  
  384:lyi2EUE2CpfZ3Q6eJn50/WTe/WT0/WTh/WTc5/WTY/WTn/WTa/WTb/WTD/WTFENB:lyi2hE9fZAv4x5axnwZgacEN1P
Score

3^/10

execution
behavioral28 behavioral29
- Target
  
  some-samples-master/02169ba27d563c5b0bcf3cae3910a0f6
- Size
  
  2KB
- MD5
  
  02169ba27d563c5b0bcf3cae3910a0f6
- SHA1
  
  c47b3c8f107a3b99e69bb1eeb016752c7ed4ce0f
- SHA256
  
  ea4c6a858f420c0b2d21f17f9e61c84624212e9d63330c3cb9cea0e67a18e58d
- SHA512
  
  6aa0357ada024d06a7ee6fdc3eefc9c2196150cc004e48a77fa3f11f95841806b42b64ed19eeaea75debc6eb8b22f52564c8b802c886ddb2942e95fdc2d9f6e9
Score

3^/10

execution
behavioral30 behavioral31
- Target
  
  some-samples-master/027159c684c78666d4a1eac52f89cd57
- Size
  
  45KB
- MD5
  
  027159c684c78666d4a1eac52f89cd57
- SHA1
  
  a5ca1a423a315178d2c42c83b69904341331ce7c
- SHA256
  
  aaeb7d68c5c0a07e5f685611c23ad04fc15230ff68ecf5f4f96e06c6e029f2d6
- SHA512
  
  114ddda46e7a7426e8906d42994919165640b0a02b7bd83b939ebc31b4a7f229016181a0d04bcef14c96dc6a47be2e74b6b6f63babcaf2536ef44ded7e5c127b
- SSDEEP
  
  768:SyoGShpjcIK5NYSOndi+ZdBh+3w+gFj8I4opa7m5wGEo8iU9D:S/Gz58jrL2+qg07m5giU5
Score

3^/10

discovery
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Reads system routing table

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32