General

  • Target

    [N]-Actarine_Invoke-23.zip

  • Size

    17.6MB

  • MD5

    2cb35fbef22bf7626350e74dd63c1242

  • SHA1

    5c5168baf43a4596c224eb2ba89a5543fae0d071

  • SHA256

    b85952a2c6253c6905764fed283b7aa1f5d9844c8889e52294898216d0da0b5c

  • SHA512

    bef633a9b63a41753eec918768973a2048d196345aed7409081a10d53a9adb0297dc94012d2ba4110915075718d6436f02d55a9f2038c873b464a3468fe55f43

  • SSDEEP

    393216:tQObseg0jbJtHwrLgYK2Q8AlIR9KkedO4Qs+4wvFJ8/vx:t755er8YK/tlImke0KXw9J8Xx

Score
9/10

Malware Config

Signatures

  • CryptOne packer 1 IoCs

    Detects CryptOne packer defined in NCC blogpost.

  • Unsigned PE 4 IoCs

    Checks for missing Authenticode signature.

Files

  • [N]-Actarine_Invoke-23.zip
    .zip

    Password: 7482

  • [3]-Eye-Of_Morriah[2].exe
    .exe windows:6 windows x64 arch:x64

    Password: 7482

    bc84427dd015272779b3d034cd29d1bb


    Code Sign

    Headers

    Imports

    Sections

  • autoexec/bin
    .dll regsvr32 windows:5 windows x86 arch:x86

    Password: 7482

    a9fd3e7f71a802c8eee0a502f46de991


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • locales/hi.pak
  • locales/locales/af.pak
  • locales/locales/sk.pak
  • locales/locales/sl.pak
  • locales/locales/sr.pak
  • locales/locales/sv.pak
  • locales/locales/sw.pak
  • locales/locales/ta.pak
  • locales/locales/te.pak
  • locales/locales/th.pak
  • locales/locales/tr.pak
  • locales/locales/uk.pak
  • locales/locales/ur.pak
  • locales/locales/vi.pak
  • locales/locales/zh-CN.pak
  • locales/locales/zh-TW.pak
  • locales/resources/app.asar.unpacked/node_modules/btime/binding.node
    .dll windows:6 windows x64 arch:x64

    Password: 7482

    0242ceb286e744ddd6dd8e963da637ee


    Headers

    Imports

    Exports

    Sections

  • locales/resources/app.asar.unpacked/node_modules/get-fonts/binding.node
    .dll windows:6 windows x64 arch:x64

    Password: 7482

    2a1b9a0a23b390c22659b30f7660d0da


    Headers

    Imports

    Exports

    Sections

  • locales/resources/app.asar.unpacked/node_modules/vibrancy-win/binding.node
    .dll windows:6 windows x64 arch:x64

    Password: 7482

    56e83fb6e818a708f7895cf9d6058c3a


    Headers

    Imports

    Exports

    Sections

  • locales/resources/tr.pak
  • locales/resources/uk.pak
  • locales/resources/ur.pak
  • locales/resources/v8_context_snapshot.bin
  • locales/resources/vi.pak
  • locales/resources/vk_swiftshader.dll
    .dll windows:5 windows x64 arch:x64

    Password: 7482

    6d7b823ac45e01133a6ba8c35160fef1


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • locales/resources/vk_swiftshader_icd.json
  • locales/resources/vulkan-1.dll
    .dll windows:5 windows x64 arch:x64

    Password: 7482

    49ed29c3ff417b26c7cd92ecc9b7dcb3


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • runtimes/win-arm64/native/WebView2Loader.dll
  • runtimes/win-x64/native/WebView2Loader.dll
    .dll windows:5 windows x64 arch:x64

    Password: 7482

    aaa8a1994a594e4746a652eda600aebf


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • runtimes/win-x86/native/WebView2Loader.dll
    .dll windows:5 windows x86 arch:x86

    608537c42a46a95b31cc1ef01ab6eeb0


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • scripts/Dex.lua
    .js
  • scripts/Infinite Yield.lua
    .js
  • scripts/Sine Wave.lua
  • scripts/Spinning Donut.lua
  • scripts/UNCCheckEnv.lua
    .js
  • tier0_s64.dll
    .dll windows:6 windows x64 arch:x64

    0cb93c77c0be071ba89ceffc11936dea


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • vstdlib_s64.dll
    .dll windows:6 windows x64 arch:x64

    fc1bd3a6b5fb78109fdb804d6e5ad673


    Headers

    Imports

    Exports

    Sections