Overview

overview

10

Static

static

10

The-MALWAR...ot.exe

windows7-x64

10

The-MALWAR...ll.exe

windows7-x64

10

The-MALWAR...BS.exe

windows7-x64

10

The-MALWAR...in.exe

windows7-x64

7

The-MALWAR....A.exe

windows7-x64

7

The-MALWAR....A.exe

windows7-x64

10

The-MALWAR....A.dll

windows7-x64

7

The-MALWAR...r.xlsm

windows7-x64

10

The-MALWAR...36c859

windows7-x64

1

The-MALWAR...caa742

windows7-x64

1

The-MALWAR...c1a732

windows7-x64

1

The-MALWAR...57c046

windows7-x64

1

The-MALWAR...4cde86

windows7-x64

1

The-MALWAR...460a01

windows7-x64

1

The-MALWAR...ece0c5

windows7-x64

1

The-MALWAR...257619

windows7-x64

1

The-MALWAR...fbcc59

windows7-x64

1

The-MALWAR...54f69c

windows7-x64

1

The-MALWAR...d539a6

windows7-x64

1

The-MALWAR...4996dd

windows7-x64

1

The-MALWAR...8232d5

windows7-x64

1

The-MALWAR...66b948

windows7-x64

1

The-MALWAR...f9db86

windows7-x64

1

The-MALWAR...ea2485

windows7-x64

1

The-MALWAR...us.exe

windows7-x64

6

The-MALWAR....a.exe

windows7-x64

3

The-MALWAR....a.exe

windows7-x64

7

The-MALWAR...ok.exe

windows7-x64

10

The-MALWAR...y.html

windows7-x64

3

The-MALWAR...ft.exe

windows7-x64

4

The-MALWAR...en.exe

windows7-x64

6

The-MALWAR...min.js

windows7-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    The-MALWARE-Repo-master.zip

  • Size

    198.8MB

  • Sample

    250225-rwrj5azps8

  • MD5

    af60ad5b6cafd14d7ebce530813e68a0

  • SHA1

    ad81b87e7e9bbc21eb93aca7638d827498e78076

  • SHA256

    b7dd3bce3ebfbc2d5e3a9f00d47f27cb6a5895c4618c878e314e573a7c216df1

  • SHA512

    81314363d5d461264ed5fdf8a7976f97bceb5081c374b4ee6bbea5d8ce3386822d089d031234ddd67c5077a1cc1ed3f6b16139253fbb1b3d34d3985f9b97aba3

  • SSDEEP

    6291456:wNl3aFW2h9/fiTwCzCLS6iilVkLZgAEtknRzq:wDaFd//Orcpi4VkL6AfRG

Score
10/10
danabotdarkcometdridexmodiloadermydoomnjratremcosrevengeratwipelockgeforceguestguest1111hostaspackv2bankerbotnetdefense_evasiondiscoveryexecutionmacromacro_on_actionpersistencestealertrojanupx

Malware Config

Extracted

Family

darkcomet

Botnet

Guest1111

C2

193.242.166.48:1605

Mutex

DC_MUTEX-2QRLPN3

Attributes
  • InstallPath

    Windupdt\winupdate.exe

  • gencode

    Rb5l52XcV9no

  • install

    true

  • offline_keylogger

    false

  • password

    313131

  • persistence

    true

  • reg_key

    winupdater

rc4.plain

Extracted

Family

njrat

Version

0.7d

Botnet

Geforce

C2

startitit2-23969.portmap.host:1604

Mutex

b9584a316aeb9ca9b31edd4db18381f5

Attributes
  • reg_key

    b9584a316aeb9ca9b31edd4db18381f5

  • splitter

    Y262SUCZ4UJJ

Extracted

Family

remcos

Version

1.7 Pro

Botnet

Host

C2

nickman12-46565.portmap.io:46565

nickman12-46565.portmap.io:1735
Attributes
  • audio_folder

    audio

  • audio_path

    %AppData%

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    5

  • copy_file

    Userdata.exe

  • copy_folder

    Userdata

  • delete_file

    true

  • hide_file

    true

  • hide_keylog_file

    true

  • install_flag

    true

  • install_path

    %WinDir%\System32

  • keylog_crypt

    true

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • keylog_path

    %WinDir%\System32

  • mouse_option

    false

  • mutex

    remcos_vcexssuhap

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screens

  • screenshot_path

    %AppData%

  • screenshot_time

    1

  • startup_value

    remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Extracted

Family

revengerat

Botnet

Guest

C2

0.tcp.ngrok.io:19521

Mutex

RV_MUTEX

Extracted

Family

danabot

C2

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204
rsa_pubkey.plain

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://erpoweredent.at/3/zte.dll

Targets

    • Target

      The-MALWARE-Repo-master/Banking-Malware/DanaBot.exe

    • Size

      2.7MB

    • MD5

      48d8f7bbb500af66baa765279ce58045

    • SHA1

      2cdb5fdeee4e9c7bd2e5f744150521963487eb71

    • SHA256

      db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1

    • SHA512

      aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd

    • SSDEEP

      49152:bbevayZlMTWkygVy0nQZfVY2BtZzpPL4PuQ65+6Dv7m0KXTn:bbexZlMQcEVY2BtZzpPL4WQI9U

    Score
    10/10
    danabotbankerbotnetdiscoverytrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot family

      danabot

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

      botnet

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1

    • Target

      The-MALWARE-Repo-master/Banking-Malware/Dridex/Dridex.JhiSharp.dll.9d75ff0e9447ceb89c90cca24a1dbec1

    • Size

      148KB

    • MD5

      9d75ff0e9447ceb89c90cca24a1dbec1

    • SHA1

      ebae1054d69619e9e70c9b2e806edb9000d7feb9

    • SHA256

      f2b33edb7efa853eb7f11cb8259243238e220fdc0bfc6987835ba1b12c4af1eb

    • SHA512

      6df94dbe3681c1cb572d63e54a6753b3bae7075b86507f33f152795c6e61f1feac6742986d7c72a2834f28c85d0a1890bb31b5888b98b29754300dceb63e210d

    • SSDEEP

      1536:t1hWmKdZ9WmQTt+6KK2Ml+dZyx6wVIWiwiuvro1d2C91q5nYaY4vV4KBmX:t1hYZQtTt+02G+dHgMuzWZ1qISVkX

    Score
    10/10
    dridexbotnetdiscovery

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Deletes itself

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery
    behavioral2

    • Target

      The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexDroppedVBS.925da3a10f7dde802c8d87047b14fda6

    • Size

      140KB

    • MD5

      925da3a10f7dde802c8d87047b14fda6

    • SHA1

      1fc59fbf692f690b9fe82cfafc9dcbd5aac31a68

    • SHA256

      c94fe7b646b681ac85756b4ce7f85f4745a7b505f1a2215ba8b58375238bad10

    • SHA512

      82588188de13f34cd751da7409f780c4fc5814da780fe8cad1fa73370414fb24b9822fc56f1f162d0db4a5c27159c225bc4d4fb061a87cb3c0d89b067353a478

    • SSDEEP

      3072:X9z9zjy6WEba5uuoLPhiVF3NT5nNpytoQE:X9J9gu0td5nN4

    Score
    10/10
    dridexbotnetdiscovery

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Deletes itself

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery
    behavioral3

    • Target

      The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexLoader.bin.exe.c26203af4b3e9c81a9e634178b603601

    • Size

      212KB

    • MD5

      c26203af4b3e9c81a9e634178b603601

    • SHA1

      5e41cbc4d7a1afdf05f441086c2caf45a44bac9e

    • SHA256

      7b8fc6e62ef39770587a056af9709cb38f052aad5d815f808346494b7a3d00c5

    • SHA512

      bb5aeb995d7b9b2b532812be0da4644db5f3d22635c37d7154ba39691f3561da574597618e7359b9a45b3bb906ec0b8b0104cbc05689455c952e995759e188b6

    • SSDEEP

      3072:Te8LOIa22GwayjbzJ4xgAW8NeN00w7Aoalm2HdTStgjuPaMe+H9tJA:iUOIa2sZjPJJQiw4igjAL

    Score
    7/10
    discovery

    • Deletes itself

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery
    behavioral4

    • Target

      The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A. dbf96ab40b728c12951d317642fbd9da

    • Size

      132KB

    • MD5

      dbf96ab40b728c12951d317642fbd9da

    • SHA1

      38687e06f4f66a6a661b94aaf4e73d0012dfb8e3

    • SHA256

      daab430bb5771eaa7af0fbd3417604e8af5f4693099a6393a4dc3b440863bced

    • SHA512

      a49cc96651d01da5d6cbb833df36b7987eafb4f09cc9c516c10d0d812002d06ae8edee4e7256c84e300dc2eadad90f7bb37c797bccdee4bad16fcaf88277b381

    • SSDEEP

      3072:uItv1YJOQnVc2pEANuoUeyCx9CC5O86BJaoqsf:xrr2pEANuXCx9Jd6c

    Score
    7/10
    discovery

    • Deletes itself

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery
    behavioral5

    • Target

      The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.6164228ed2cc0eceba9ce1828d87d827

    • Size

      152KB

    • MD5

      6164228ed2cc0eceba9ce1828d87d827

    • SHA1

      cea5bc473c948a78ce565b6e195e6e25f029c0c6

    • SHA256

      7fa83f0588f0f50d0635313918137c05cb59aa672d842f864073aebb72c66195

    • SHA512

      b53ac27397ce5453fa008d1a2e98f9f66be7d7f08375b92c88007544c09ab844d6c8eeceb2221c988e0a0d6ffc2a8a290e49715e3062a74bcd2310d41bffcc37

    • SSDEEP

      3072:VqD/ri6AM4odK4J663POAQgG8rYKvh+5Nl:V0xlIBwPOA+8Zhu

    Score
    10/10
    dridexbotnetdiscovery

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Deletes itself

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery
    behavioral6

    • Target

      The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.97a26d9e3598fea2e1715c6c77b645c2

    • Size

      628KB

    • MD5

      97a26d9e3598fea2e1715c6c77b645c2

    • SHA1

      c4bf3a00c9223201aa11178d0f0b53c761a551c4

    • SHA256

      e5df93c0fedca105218296cbfc083bdc535ca99862f10d21a179213203d6794f

    • SHA512

      acfec633714f72bd5c39f16f10e39e88b5c1cf0adab7154891a383912852f92d3415b0b2d874a8f8f3166879e63796a8ed25ee750c6e4be09a4dddd8c849920c

    • SSDEEP

      12288:2oXYZawPO7urFw4HLLDOeLSwg4ULeHOuCqA8:2oXYFIuh5HjhSwiJ8

    Score
    7/10
    discoverypersistence

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral7

    • Target

      The-MALWARE-Repo-master/Banking-Malware/Zloader.xlsm

    • Size

      93KB

    • MD5

      b36a0543b28f4ad61d0f64b729b2511b

    • SHA1

      bf62dc338b1dd50a3f7410371bc3f2206350ebea

    • SHA256

      90c03a8ca35c33aad5e77488625598da6deeb08794e6efc9f1ddbe486df33e0c

    • SHA512

      cf691e088f9852a3850ee458ef56406ead4aea539a46f8f90eb8e300bc06612a66dfa6c9dee8dcb801e7edf7fb4ed35226a5684f4164eaad073b9511189af037

    • SSDEEP

      1536:0sqG3SkDNIVXnR8TeYSSkCXgN+Uu+j6XJaRqWD/0ACKNONUhfy:0sNrxWXnCjiubXKD/EQA

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral8

    • Target

      The-MALWARE-Repo-master/Botnets/FritzFrog/001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859

    • Size

      8.7MB

    • MD5

      799c965e0a5a132ec2263d5fea0b0e1c

    • SHA1

      a15c5a706122fabdef1989c893c72c6530fedcb4

    • SHA256

      001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859

    • SHA512

      6c481a855ee6f81dd388c8a4623e519bfbb9f496dada93672360f0a7476fb2b32fd261324156fd4729cef3cbe13f0a8b5862fe47b6db1860d0d67a77283b5ad8

    • SSDEEP

      98304:VqGMOLT5E2Dy8Ji6LrDl3bTMsEplZ1GW5w+Aw:wGMOLTmaHjLXl3bTMsEpf1x5

    Score
    1/10
    behavioral9

    • Target

      The-MALWARE-Repo-master/Botnets/FritzFrog/041bc20ca8ac3161098cbc976e67e3c0f1b672ad36ecbe22fd21cbd53bcaa742

    • Size

      8.7MB

    • MD5

      76fe4fdd628218f630ba50f91ceba852

    • SHA1

      6e90f2fe619597115e5b8dd8b0d1fb0c8ad33fa4

    • SHA256

      041bc20ca8ac3161098cbc976e67e3c0f1b672ad36ecbe22fd21cbd53bcaa742

    • SHA512

      7956505ae0d8479a92ddf97bb09a757566ef526934ee06b4273f0fc450e4da9204808ffa4f4674f4e6e313eb718a7c65f258ef8d23b9769b8aa12d47610d8011

    • SSDEEP

      98304:f27or8Dynb9c4EHv9/fW/NQXPvTCaedHuaJE3fSdCnKg27Xk:f27or8DyO4UnwQfvTCXdHua4No

    Score
    1/10
    behavioral10

    • Target

      The-MALWARE-Repo-master/Botnets/FritzFrog/0ab8836efcaa62c7daac314e0b7ab1679319b2901578fd9e95ec3476b4c1a732

    • Size

      8.7MB

    • MD5

      0263de27fd997a4904ee4a92f91ac733

    • SHA1

      da090fd76b2d92320cf7e55666bb5bd8f50796c9

    • SHA256

      0ab8836efcaa62c7daac314e0b7ab1679319b2901578fd9e95ec3476b4c1a732

    • SHA512

      09ef02532eb7c3a968c1d04bf1f3aa9a4bf400f8485d3be596d7db3aed5f705fc1f85a1f6218397a70830ad747aa03c61b9c5b1cca24c2620cdbb3e5361db194

    • SSDEEP

      98304:bKwGam/zeDrZCDcryHlc5Qp+FLk0h6u9SrS2D8t7Xk:bKwGam/z4C3FKQ8FLTh6u9S4

    Score
    1/10
    behavioral11

    • Target

      The-MALWARE-Repo-master/Botnets/FritzFrog/103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046

    • Size

      8.6MB

    • MD5

      ae747bc7fff9bc23f06635ef60ea0e8d

    • SHA1

      64315e834f67905ed4e47f36155362a78ac23462

    • SHA256

      103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046

    • SHA512

      e24914a58565a43883c27ae4a41061e8edd3d5eef7b86c1c0e9910d9fbe0eef3e78ed49136ac0c9378311e99901b1847bcfd926aa9a3ea44149a7478480f82b2

    • SSDEEP

      98304:rDSceJ/GqDu6P0ypQ0Qv5knSTH20ejwBcHjI7Xk:rDSceJ/GqD18RZv5knS720e7s

    Score
    1/10
    behavioral12

    • Target

      The-MALWARE-Repo-master/Botnets/FritzFrog/2378e76aba1ad6e0c937fb39989217bf0de616fdad4726c0f4233bf5414cde86

    • Size

      8.7MB

    • MD5

      3a371a09bfcba3d545465339f1e1d481

    • SHA1

      7f5712878929aab6a2ab297072a5a5f3d3c15a01

    • SHA256

      2378e76aba1ad6e0c937fb39989217bf0de616fdad4726c0f4233bf5414cde86

    • SHA512

      35efc5129316ea697f1f4591c37e70c74b643942cdb3cb1aac6a0f14f5d133da39c0c393439490bc059361e9feeacee3d4056f88700f56dfe1088ba0ab22613b

    • SSDEEP

      98304:f/VrKprvLVtb8E0dD71puy219CZ2gT3/3Khbw+Aw:3VrKpjROndH1puy219CZBShb

    Score
    1/10
    behavioral13

    • Target

      The-MALWARE-Repo-master/Botnets/FritzFrog/30c150419000d27dafcd5d00702411b2b23b0f5d7e4d0cc729a7d63b2e460a01

    • Size

      8.6MB

    • MD5

      819b0fdb2b9c8a440b734a7b72522f12

    • SHA1

      f3aff7e1c44d21508eb60797211570c84a53597a

    • SHA256

      30c150419000d27dafcd5d00702411b2b23b0f5d7e4d0cc729a7d63b2e460a01

    • SHA512

      fee2c0dbbc91e2486e409e8b6a877c6ec500e6c7c0491d4c44d37006c30de79b95dd4640c7c8c8efcc920abccbdb659a590fde1e2526126279b7486778d08b5a

    • SSDEEP

      98304:zhPTaS9ki2kJxOU/ci9Z6uHFg3+QIEvRihdF7Xk:dPTaS9kitnEi9Z6uHq3+XE8z

    Score
    1/10
    behavioral14

    • Target

      The-MALWARE-Repo-master/Botnets/FritzFrog/3205603282a636979a55aa1e1be518cd3adcbbe491745d996ceb4b5a4dece0c5

    • Size

      8.7MB

    • MD5

      8f0cb7af15afe40ed85f35e1b40b8f38

    • SHA1

      525f97d6e7e3cbb611a1cf37e955c0656f4b3c06

    • SHA256

      3205603282a636979a55aa1e1be518cd3adcbbe491745d996ceb4b5a4dece0c5

    • SHA512

      bd9e97b4042d89e081eced5781149b0d8e28a6e9d35c2a449a21aee26765ed8eea560434ba5e9a897c4e4c89d7a2b8997e31ad4ac2202a940b8731a5f447170d

    • SSDEEP

      98304:xFjhn+LznCFajBKs/Q1N4KGWISZOLor5lkFIGGw+Aw:Hjhn+HCS4s41N4KGWISZd5lrGG

    Score
    1/10
    behavioral15

    • Target

      The-MALWARE-Repo-master/Botnets/FritzFrog/453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619

    • Size

      8.7MB

    • MD5

      682ac123d740321e6ba04d82e8cc4ed8

    • SHA1

      088a8c8c2b7f9db92ec0ae39e1dc77c8707d3895

    • SHA256

      453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619

    • SHA512

      26ddc0a1b91337de2314465f82f3a02ec478f32708fa91b7cdf75fc235eda7b3cf7c495616145dc29fc081ac4398cab5aac0d42978ea694fa183518533fcf4ad

    • SSDEEP

      98304:i7ihKiuH4QpmHh/vN0SyDbQy5lZGJJRgOX5f4y+n47Xk:i7ihKiuH4QIha1PQaZGTRgOXxR

    Score
    1/10
    behavioral16

    • Target

      The-MALWARE-Repo-master/Botnets/FritzFrog/5fb29fb0136978b9ccf60750af09cec74a257a0ca9c47159ca74dbba21fbcc59

    • Size

      8.7MB

    • MD5

      97cfb3c26a12e13792f7d1741309d767

    • SHA1

      a010f85cdda9f83cbc738eb1b41cd621f3d6018e

    • SHA256

      5fb29fb0136978b9ccf60750af09cec74a257a0ca9c47159ca74dbba21fbcc59

    • SHA512

      162028b9e93bb4718427304a96767880da7094c99ae6145e61a562f09dae0ce6726b2dfac95782990f50fa9bfc9f82b1aacb9e7b12442094137872fa8a3f3379

    • SSDEEP

      98304:yM1SkPCVk8rOmgYcGrr69gRQTI6xmiiLuSESStOAco7Xk:yM1SkPCVkIgcWAQ06xniLuSExR

    Score
    1/10
    behavioral17

    • Target

      The-MALWARE-Repo-master/Botnets/FritzFrog/6fe6808b9cfe654f526108ec61cb5211bb6601d28e192cadf06102073b54f69c

    • Size

      8.7MB

    • MD5

      3fe7b88a9ba6c5acee4faae760642b78

    • SHA1

      bae245bc98c516604838c6ce5a233f066de44a50

    • SHA256

      6fe6808b9cfe654f526108ec61cb5211bb6601d28e192cadf06102073b54f69c

    • SHA512

      02abc8d4fe280306a9ac6a25d28cf174a8d51a43d98b6837bc129701d8c0ab486eebaeef11062b58c455627d4de7c8782b3828aa02891fe439ca1ca617038f95

    • SSDEEP

      98304:g4K0/V2eKEDj+VK61qXXiQqwMwUa/f0OstejSUVv7Xk:g4K0/V2eKM+D4SQbMwX/f0Oskz

    Score
    1/10
    behavioral18

    • Target

      The-MALWARE-Repo-master/Botnets/FritzFrog/7745b070943e910e8807e3521ac7b7a01401d131bf6c18a63433f8177ed539a6

    • Size

      8.7MB

    • MD5

      d4e533f9c11b5cc9e755d94c1315553a

    • SHA1

      9e15020cd2688b537bae18e5f291ee8cbe9a85e7

    • SHA256

      7745b070943e910e8807e3521ac7b7a01401d131bf6c18a63433f8177ed539a6

    • SHA512

      149226355b2e5c3fac403289b5e66bd4164a7aee76d8dc8f1d698c509db7a081bad9d4172cc950bb0e6e6909e0073d551dcde82cbeaaf61a9c1b02c9ba48fb38

    • SSDEEP

      98304:H27or8Dynb9c4EHv9/fW/NQXPvTCaedQuMBiHAUU4C7Xk:H27or8DyO4UnwQfvTCXdQuMoUj

    Score
    1/10
    behavioral19

    • Target

      The-MALWARE-Repo-master/Botnets/FritzFrog/7f18e5b5b7645a80a0d44adf3fecdafcbf937bfe30a4cfb965a1421e034996dd

    • Size

      8.7MB

    • MD5

      b2e0eede7b18253dccd0d44ebb5db85a

    • SHA1

      ee5db9590090efd5549e1c17ec1ee956ef1ed3d1

    • SHA256

      7f18e5b5b7645a80a0d44adf3fecdafcbf937bfe30a4cfb965a1421e034996dd

    • SHA512

      5608fe7bde5072de7c98bacfe7beb928e6073be87c0fbccd8075c808d9a7c642abe254f6eb620d627f5324e35821fc9b41a31970264abcc472adfbe2c214a9fe

    • SSDEEP

      98304:zbc+G4RTwJg0GTvmF3D4cQ1XmkPF0ihOehaOE3Ok7Xk:zbc+G4RTwJGOzfQYkPGihOekj

    Score
    1/10
    behavioral20

    • Target

      The-MALWARE-Repo-master/Botnets/FritzFrog/90b61cc77bb2d726219fd00ae2d0ecdf6f0fe7078529e87b7ec8e603008232d5

    • Size

      8.7MB

    • MD5

      100bff2f4ee4d88b005bb016daa04fe6

    • SHA1

      36e5f8f70890601aa2adaffb203afd06516097f0

    • SHA256

      90b61cc77bb2d726219fd00ae2d0ecdf6f0fe7078529e87b7ec8e603008232d5

    • SHA512

      a1cb52bc6edaa7f8bb216d2a5f3deb0b8468c64b43931ef570c05e6a9872c63f00aff50d69686fdc2ea25d3d83da4bf9d78f5e6910643163570d0bd6279c6e16

    • SSDEEP

      98304:wRINZeR9Zy031d3eDi2dZQT3/S1GVlOre53ziKZ7Xk:wRINZeR9Zx1CFDQD/SQVlOrKr

    Score
    1/10
    behavioral21

    • Target

      The-MALWARE-Repo-master/Botnets/FritzFrog/9384b9e39334479194aacb53cb25ace289b6afe2e41bdc8619b2d2cae966b948

    • Size

      8.6MB

    • MD5

      4842d5cc29c97aa611fba5ca07b060a5

    • SHA1

      f93772038406f28fa4ca1cfb23349193562414b2

    • SHA256

      9384b9e39334479194aacb53cb25ace289b6afe2e41bdc8619b2d2cae966b948

    • SHA512

      cf1cb3f0291f3e0c3b47ff3ee9074b624e2d9781f9637d14ede0628ebb4b8b0fe13e16583f6a933a3e20872ec084dc812237f021757efe2a6d527a0a1723b5c8

    • SSDEEP

      98304:JcZJWD3qZL7I9lysBfU9OWQcIImfWoezuA+dTlwO0Fz7Xk:JcZJWTqZLGlHsHQl3fNezuAI5g

    Score
    1/10
    behavioral22

    • Target

      The-MALWARE-Repo-master/Botnets/FritzFrog/985ffee662969825146d1b465d068ea4f5f01990d13827511415fd497cf9db86

    • Size

      8.7MB

    • MD5

      c947363b50231882723bd6b07bc291ca

    • SHA1

      7b9a425f09da9be5dda5facff18c5fd15eed253a

    • SHA256

      985ffee662969825146d1b465d068ea4f5f01990d13827511415fd497cf9db86

    • SHA512

      45f511f6fe78bba853789f85549c8ac591b7812e2fc969a13148bbd1112fa356f6a1ee88a22a907e7f62ef79a0d14d75681eecd2a17f027d105afd381f161184

    • SSDEEP

      98304:vM6uc5LRC1PApsX8mygFiQS8Mi0e6oIOPxOGdG20t7Xk:vM6uc5LRCepmPEQXMir6oIOPoCM

    Score
    1/10
    behavioral23

    • Target

      The-MALWARE-Repo-master/Botnets/FritzFrog/d1e82d4a37959a9e6b661e31b8c8c6d2813c93ac92508a2771b2491b04ea2485

    • Size

      8.7MB

    • MD5

      aa55272ad8db954381a8eab889f087cf

    • SHA1

      d7df26bf57530c0475247b0f3335e5d19d9cb30d

    • SHA256

      d1e82d4a37959a9e6b661e31b8c8c6d2813c93ac92508a2771b2491b04ea2485

    • SHA512

      5590c039eb50708fe8fe417a5b5adf1d9019db0590dee119d0907bb588114bcbeb980c5ec7f3f77e85aefcbba76c1560e8b81069434ef5774ca60b1e28dbac20

    • SSDEEP

      98304:WjLz0rgRnuINVhcBSTDQaQqfViO7tauT8Xu4RM7Xk:WjLz0rgRXVzP5QkViitauT8Y

    Score
    1/10
    behavioral24

    • Target

      The-MALWARE-Repo-master/Email-Worm/Amus.exe

    • Size

      50KB

    • MD5

      47abd68080eee0ea1b95ae31968a3069

    • SHA1

      ffbdf4b2224b92bd78779a7c5ac366ccb007c14d

    • SHA256

      b5fc4fd50e4ba69f0c8c8e5c402813c107c605cab659960ac31b3c8356c4e0ec

    • SHA512

      c9dfabffe582b29e810db8866f8997af1bd3339fa30e79575377bde970fcad3e3b6e9036b3a88d0c5f4fa3545eea8904d9faabf00142d5775ea5508adcd4dc0a

    • SSDEEP

      768:/9NC1eO7wvsgyjgLCtKbqvYGjaESiKMH6BJJE+XqYq7wvefY:/9NC1eOMFyjt2/wDrcq/Mveg

    Score
    6/10
    discoverypersistence

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral25

    • Target

      The-MALWARE-Repo-master/Email-Worm/Anap.a.exe

    • Size

      16KB

    • MD5

      0231c3a7d92ead1bad77819d5bda939d

    • SHA1

      683523ae4b60ac43d62cac5dad05fd8b5b8b8ae0

    • SHA256

      da1798c0a49b991fbda674f02007b0a3be4703e2b07ee540539db7e5bf983278

    • SHA512

      e34af2a1bd8f17ddc994671db37b29728e933e62eded7aff93ab0194a813103cad9dba522388f9f67ba839196fb6ed54ce87e1bebcfd98957feb40b726a7e0c6

    • SSDEEP

      192:nC34zPAmm2VkeyLffMhyyuyeYHOGFeDK6P6t6:U6oj7LLffMI/jqBo

    Score
    3/10
    discovery
    behavioral26

    • Target

      The-MALWARE-Repo-master/Email-Worm/Axam.a.exe

    • Size

      11KB

    • MD5

      0fbf8022619ba56c545b20d172bf3b87

    • SHA1

      752e5ce51f0cf9192b8fa1d28a7663b46e3577ff

    • SHA256

      4ae7d63ec497143c2acde1ba79f1d9eed80086a420b6f0a07b1e2917da0a6c74

    • SHA512

      e8d44147609d04a1a158066d89b739c00b507c8ff208dac72fdc2a42702d336c057ae4b77c305f4ccdfe089665913098d84a3160a834aaebe41f95f4b4bfddeb

    • SSDEEP

      192:33K8Vn5fAIBkPA9tQdEnhAv+mKqh1RwE9gCOMv8eIry2aZoa5qq/:33X54IB8SCY2W3qmSgaIrTDSqq/

    Score
    7/10
    discoverypersistence

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral27

    • Target

      The-MALWARE-Repo-master/Email-Worm/Brontok.exe

    • Size

      106KB

    • MD5

      d7506150617460e34645025f1ca2c74b

    • SHA1

      5e7d5daf73a72473795d591f831e8a2054947668

    • SHA256

      941ebf1dc12321bbe430994a55f6e22a1b83cea2fa7d281484ea2dab06353112

    • SHA512

      69e0bd07a8bdbfe066593cdd81acd530b3d12b21e637c1af511b8fee447831b8d822065c5a74a477fe6590962ceff8d64d83ae9c41efd930636921d4d6567f6f

    • SSDEEP

      768:i9R/zAKUQfZw7j4KBHZD8f5R3ETmv48Xxh04UwQaMzl6G1gNov35BMC:0AcwPf5D8rUTmnX9maQ6SgM5

    Score
    10/10
    defense_evasiondiscoverypersistence

    • Modifies WinLogon for persistence

      persistence

    • Modifies visibility of file extensions in Explorer

      defense_evasion

    • Modifies visiblity of hidden/system files in Explorer

      defense_evasion

    • Disables RegEdit via registry modification

      defense_evasion

    • Disables cmd.exe use via registry modification

      defense_evasion

    • Drops file in Drivers directory

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral28

    • Target

      The-MALWARE-Repo-master/Email-Worm/BubbleBoy.html

    • Size

      12KB

    • MD5

      bb7b91d1685db89b58ac01a72921e632

    • SHA1

      4a1dd457983a7f1bbc7943eb5fca3da6d93d4176

    • SHA256

      940a563df059604ac0dc6a92a845da2f04236b86887208b89969b70c6781c3f8

    • SHA512

      09e26d197b22a4553e2e87a9ee0957700766c2dcd11157b5b71744d67abfa30d71d45c7bf1081bf9337527e3b8aabde99b09bd2bd30aa302329ebf480078307e

    • SSDEEP

      192:W1VoVk8X2TrWAXaR06qVoVk8X2TrWAXaR06LV:Giui2TSw6qiui2TSw6LV

    Score
    3/10
    discovery
    behavioral29

    • Target

      The-MALWARE-Repo-master/Email-Worm/Bugsoft.exe

    • Size

      32KB

    • MD5

      70f549ae7fafc425a4c5447293f04fdb

    • SHA1

      af4b0ed0e0212aced62d40b24ad6861dbfd67b61

    • SHA256

      96425ae53a5517b9f47e30f6b41fdc883831039e1faba02fe28b2d5f3efcdc29

    • SHA512

      3f83e9e6d5bc080fb5c797617078aff9bc66efcd2ffac091a97255911c64995a2d83b5e93296f7a57ff3713d92952b30a06fc38cd574c5fe58f008593040b7f0

    • SSDEEP

      384:/TELevJlARz3z1AWoYbEz3QqRbViB3CoUEmeQo/o2Y0gsjDWK7L:/gLevJlARz3z1AWoYbEz3Ngk6WK7L

    Score
    4/10
    discovery
    behavioral30

    • Target

      The-MALWARE-Repo-master/Email-Worm/Duksten.exe

    • Size

      9KB

    • MD5

      900ebff3e658825f828ab95b30fad2e7

    • SHA1

      7451f9aee3c4abc6ea6710dc83c3239a7c07173b

    • SHA256

      caec6e664b3cff5717dd2efea8dcd8715abdcfe7f611456be7009771f22a8f50

    • SHA512

      e325f3511722eee0658cfcf4ce30806279de322a22a89129a8883a630388ab326955923fa6228946440894bd2ef56d3e6dfda3973ea16cc6e463d058dd6e25ce

    • SSDEEP

      192:SwPplT5bFhtWHIBAfU2Du6jWuo/TOvZQZPAb:dp3jsH+V2Du66V/TOx84b

    Score
    6/10
    discoverypersistence

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral31

    • Target

      The-MALWARE-Repo-master/Email-Worm/Emin.js

    • Size

      2KB

    • MD5

      d9fd66a813b647e9461e654ba80db7bc

    • SHA1

      075344db68a3b4bb3f549c0cb79c672aaed70b87

    • SHA256

      3db96ebba9a6875bb058a3a2a4457165103f8ed51183cf4d79a525c959602499

    • SHA512

      55eafa2716d45a629aadb1422dd240609faa9f55c7ec4488569e6fb15298a586b7ed5a95060329e76dd4b272edce8954ea18be5f238d4cac70fbf59a391bb09f

    Score
    3/10
    execution
    behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

JavaScript

1
T1059.007

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Modify Registry

7
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Network Share Discovery

1
T1135

Peripheral Device Discovery

1
T1120

Query Registry

3
T1012

Remote System Discovery

1
T1018

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macroupxaspackv2macro_on_actionguest1111geforcehoststealerguestmydoomdarkcometnjratmodiloaderremcosrevengeratwipelock
Score
10/10

behavioral1

danabotbankerbotnetdiscoverytrojan
Score
10/10

behavioral2

dridexbotnetdiscovery
Score
10/10

behavioral3

dridexbotnetdiscovery
Score
10/10

behavioral4

discovery
Score
7/10

behavioral5

discovery
Score
7/10

behavioral6

dridexbotnetdiscovery
Score
10/10

behavioral7

discoverypersistence
Score
7/10

behavioral8

discovery
Score
10/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

discoverypersistence
Score
6/10

behavioral26

discovery
Score
3/10

behavioral27

discoverypersistence
Score
7/10

behavioral28

defense_evasiondiscoverypersistence
Score
10/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
4/10

behavioral31

discoverypersistence
Score
6/10

behavioral32

execution
Score
3/10