General
-
Target
RNSM00262.7z
-
Size
23.5MB
-
Sample
250227-2f7xaaspy6
-
MD5
e362b1154d8a96e7c7d8315620310767
-
SHA1
0beb8dd3b2a42bcff82038ddd2fa9d1b33f27127
-
SHA256
de0bf2df04a896629563c8142a4a3916ee98a445c954da5da7c6752aa9ed78ca
-
SHA512
8c8e465c314aa10111c886148584678026ffa2e3475b26ac71aaded7ca083c0aa6b9ec39e60727da1389de87a99e021b16bba1360d9559b014ec820f307a20d7
-
SSDEEP
393216:/IOvKjleYNBvQpcycoDrN8vAaBweucwAXWh7BaGxYMxB2Oz/ehBAX1Q902lY852f:/IUKBb/v7wtAX8QGuMnz/aAX1Q+2u8Uf
Static task
static1
Behavioral task
behavioral1
Sample
RNSM00262.7z
Resource
win10v2004-20250217-en
Malware Config
Extracted
http://fyreport.com/inst.php?id=skytraf01
Extracted
http://report22new.com/inst.php?id=t_a_d_01
Extracted
http://reportandwin.com/inst.php?id=abs_15
Extracted
sendsafe
UNREGISTERED
91.220.131.40:50001
91.220.131.40:50002
-
service_name
Enterprise Mailing Service
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
RNSM00262.7z
-
Size
23.5MB
-
MD5
e362b1154d8a96e7c7d8315620310767
-
SHA1
0beb8dd3b2a42bcff82038ddd2fa9d1b33f27127
-
SHA256
de0bf2df04a896629563c8142a4a3916ee98a445c954da5da7c6752aa9ed78ca
-
SHA512
8c8e465c314aa10111c886148584678026ffa2e3475b26ac71aaded7ca083c0aa6b9ec39e60727da1389de87a99e021b16bba1360d9559b014ec820f307a20d7
-
SSDEEP
393216:/IOvKjleYNBvQpcycoDrN8vAaBweucwAXWh7BaGxYMxB2Oz/ehBAX1Q902lY852f:/IUKBb/v7wtAX8QGuMnz/aAX1Q+2u8Uf
-
Blackshades family
-
Blackshades payload
-
Modifies WinLogon for persistence
-
Sality family
-
Sendsafe family
-
SendSafe payload
-
Executes dropped EXE
-
Checks whether UAC is enabled
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-