Overview

overview

10

Static

static

9

[N]-Actari...23.zip

windows7-x64

1

[N]-Actari...23.zip

windows10-2004-x64

10

[3]-Eye-Of...2].exe

windows7-x64

10

[3]-Eye-Of...2].exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    [N]-Actarine_Invoke-23.zip

  • Size

    17.6MB

  • Sample

    250304-y1wg7sznt5

  • MD5

    2cb35fbef22bf7626350e74dd63c1242

  • SHA1

    5c5168baf43a4596c224eb2ba89a5543fae0d071

  • SHA256

    b85952a2c6253c6905764fed283b7aa1f5d9844c8889e52294898216d0da0b5c

  • SHA512

    bef633a9b63a41753eec918768973a2048d196345aed7409081a10d53a9adb0297dc94012d2ba4110915075718d6436f02d55a9f2038c873b464a3468fe55f43

  • SSDEEP

    393216:tQObseg0jbJtHwrLgYK2Q8AlIR9KkedO4Qs+4wvFJ8/vx:t755er8YK/tlImke0KXw9J8Xx

Score
10/10
cryptonediscoverypacker

Malware Config

Targets

    • Target

      [N]-Actarine_Invoke-23.zip

    • Size

      17.6MB

    • MD5

      2cb35fbef22bf7626350e74dd63c1242

    • SHA1

      5c5168baf43a4596c224eb2ba89a5543fae0d071

    • SHA256

      b85952a2c6253c6905764fed283b7aa1f5d9844c8889e52294898216d0da0b5c

    • SHA512

      bef633a9b63a41753eec918768973a2048d196345aed7409081a10d53a9adb0297dc94012d2ba4110915075718d6436f02d55a9f2038c873b464a3468fe55f43

    • SSDEEP

      393216:tQObseg0jbJtHwrLgYK2Q8AlIR9KkedO4Qs+4wvFJ8/vx:t755er8YK/tlImke0KXw9J8Xx

    Score
    10/10
    discovery

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      [3]-Eye-Of_Morriah[2].exe

    • Size

      633KB

    • MD5

      573c3aa20cab92c93663f0e475323557

    • SHA1

      647598a3a90b23787b83f0c23ba26a8b4b779592

    • SHA256

      9ebea5ecb5f86bccf0564f563a35665876e5bcb1b66285a19965af5f24534b4a

    • SHA512

      06fbf4dfea02ac62c81c9e47581d779891e2da9113ed45f349af2e4c52b86da9701a807872a5cfc059c5553de63bab3a24953a06a63d82cf8bf877c3dc538694

    • SSDEEP

      6144:WTTzzJeyp1RnC7HJnIApeX9vLSaXmWFiB3WOk6f7h9WgFER0u+GIIIIIIIhIIIIw:GTzNeypHnC7HdeXZEWFTOk6fmBm5GV

    Score
    10/10
    discovery

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks