Overview

overview

10

Static

static

5

My-Skidded...in.zip

windows7-x64

1

My-Skidded...in.zip

windows10-2004-x64

10

Resubmissions

12/03/2025, 21:28

250312-1bn3yatwgv 10

12/03/2025, 21:24

250312-z9fzjsvpx2 10

12/03/2025, 21:22

250312-z8by7stvf1 6

12/03/2025, 21:20

250312-z63n5stvb1 7

11/03/2025, 00:00

250311-aaawtasr13 5

10/03/2025, 21:57

250310-1t6eyazlx6 10

09/03/2025, 01:58

250309-cdv29swybs 10

08/03/2025, 06:55

250308-hp35xatjt9 10

08/03/2025, 04:53

250308-fh1ebssky5 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    My-Skidded-malwares-main.zip

  • Size

    106.4MB

  • Sample

    250312-z9fzjsvpx2

  • MD5

    d01f58a973cfceca5abbb124f8e580ff

  • SHA1

    b60fd4d18c92322819300af17bc44e798d0ddef4

  • SHA256

    d5395f121277d2b38f4173c7df0a20a3de99edfcfe2aa697080cc81170eb76ab

  • SHA512

    81d6c94f56d53cd7fa29f5c1d9f8077a176b07b9a2c859b8525f6451660fb906dd960b71358ff870019990f541e816489c131a96b1fb2b7c66178a04ed35904d

  • SSDEEP

    3145728:Sg2PlA+mrMHCwbc/bAjXC0P5JCe94RWQRVBCXD7:SJlmxTAj7PtGR9RVBE3

Score
10/10
asyncratdcratnjratremcosstormkittyaugust crypter toolz grace stubdefaulthackedkosomk 555чучундраdefense_evasiondiscoveryexecutioninfostealermacromacro_on_actionransomwareratstealertrojanupxvmprotect

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

чучундра

C2

hakim32.ddns.net:2000

safety-bronze.gl.at.ply.gg:4444
Mutex

27b92504703b09d3ee2dae0873e8e3f3

Attributes
  • reg_key

    27b92504703b09d3ee2dae0873e8e3f3

  • splitter

    |'|'|

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

192.168.1.42:5552

Mutex

bf7b1fe7a7644171a9985ea45221c25c

Attributes
  • reg_key

    bf7b1fe7a7644171a9985ea45221c25c

  • splitter

    |'|'|

Extracted

Family

njrat

Version

0.7d

Botnet

kosomk 555

C2

dovelabobzgnan.ddns.net:5552

Mutex

a8c0d4cf5cfc2cc1149b5e071c2ab5df

Attributes
  • reg_key

    a8c0d4cf5cfc2cc1149b5e071c2ab5df

  • splitter

    |'|'|

Extracted

Family

remcos

Botnet

AUGUST CRYPTER TOOLZ GRACE STUB

C2

teamfavour222.ddns.net :6767

odogwuvisual123.duckdns.org:6767
Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    -YFLE4M

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot7293375371:AAFwIvNWcuknS3y3mtsx4yNSSTkj8NCF_ko/sendMessage?chat_id=5795480469
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Extracted

Path

C:\$Recycle.Bin\ZSZFYCMB-DECRYPT.txt

Ransom Note
---= GANDCRAB V5.0.3 =--- ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED*********************** *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE WILL BE DECRYPTION ERRORS***** Attention! All your files, documents, photos, databases and other important files are encrypted and have the extension: .ZSZFYCMB The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. The server with your key is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- | 0. Download Tor browser - https://www.torproject.org/ | 1. Install Tor browser | 2. Open Tor Browser | 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/5907796f4e66e270 | 4. Follow the instructions on this page ---------------------------------------------------------------------------------------- On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free. ATTENTION! IN ORDER TO PREVENT DATA DAMAGE: * DO NOT MODIFY ENCRYPTED FILES * DO NOT CHANGE DATA BELOW ---BEGIN GANDCRAB KEY--- lAQAAEFGxHpk/p7kUlFFQAYIz80X1t9IJVgHqt2/20SZjyyT9NJW+6JJArrOCzYcUqjdFjqgkWNxIkksk6E+dCohLqU4s4AnhTFNza7iDX3LQK3Cx/z/mY5vcVAK/gv54BCz1zP349JXAdByUBI6lE8hot109SPHQYFcNL77hUo093O7YvcnQX6r1e3RMlh0GnIPEGc/bMgP/RpSYby4pUCbQ7V6Yl03QoBiUzMx5HJ5p98LBXysYELiBJUQ/OlU4/1XzfxtBlDQ7qhEvkbryZYwSdoIW8E+8ckN5855GA7cXGLNfH+3IFC/X4aY5uACbLKgwejZy1B5/djBRtAYuMYJKYp40cS4v3TGRcQr8uX+HTIb6pbhqYcG1jJef8BFJfliknFL5ZvWwg+W8HScDZXtac3BKU8+L30FmlqraRBeLXehZCYyDOAsFttZZP7heI5sdPCC3Zexas2ZxGlxOyo1mbC/h7nkDKboAkZyYEDE6Jl6szhpHzHWigkyjRO8/3Vi1kxHHZX6fEn3SemNtx0ovqeFDtkxnXacwv76YcauAB13SNCrkiIrx+yAtfLqr2gByoDgRYxXlRVB5o3F1h0JztSnbypWRuhPmerX/9SBg43gI1UyP2OxusZHiF/VKw5XuC9SaBEPDpfX6BJ6b0hUyM12dg4vW4INXrcza46ddtSlNtIBo0UOkVGOFCSS5svZ0HV95YCSWJqxu5vxY6Nx6ixyrWnw6LVGJzsHa7Ppypf9hncLR6Fc7ubWKNVfBUe12intqWvT+uAFtwj5AtBYt3kEkK/epkY3hNEyaBOVgQsmz7yuc1jEJccCsfrJ78s1tdJihcdJE46GpEmW0vzWTfGT33IR9f5iruRx+za+LAUlb6SVGHBwmfcIRsL9eAmRaONOHsSid9Em286aiYdxmWI54/eMUsSZCd5PXq6HkbGFMz1hCHvKYg8YraT4dyyHHd/QQAqhJ0ZosxxG+JVT8cBOuv7Y6QhclONYuGRoHwi8lrgj2p9S3ne6BufJTWoYwJbjeX6xV5bnvArnlmOBLyRZoajeTutZASpYfmISRq19YGexA/6g+qOoOLz5FtmyVOdRDirpddO26KG5S/EenRKIhKWC909sKE4+VEDRRgcIQtqfAl+Ptbnc3c2GqLF9gqxlR2ufwuLMIS4910CNPXS1DmnYU2FPeqrRinavDZewhw9MA+dr6pvbxT6qCfGP3GQuHbwWf3LMh0/2FKG1BSO57201ezcFPVbn0wHfuj1UwdQJsKubphuF8CX4x7aiAPzRlgxw5gPN5mNsBw7aNXOqG8MZ86RVNIxLwxRDfKGy4RxYu0vaxEOkh9D07SbqJ/bGV9JPsNepUt4n646AP05jXMrFbeSaJb65OvVL9+dgcAxREH7c1RO4sPC0B/a+Ddd9sna2MiUeiEfFoEBshsaGXNt6NLNoU47pwmurcavmY/uCBfLqJ3/3yOVdOCZezNpw5f35gkScX/CDNp+xtc1tX5Vr/9htIqnoQeLIZxVzFJ0NAvJXhVH9qMmOF0mw/f03MSMwGvpQBdG6YIP14JgP+kCae8T8Uy2ekzBH3EbTUnu7RoO7u/jigLd8Z4+AkaWg8eXvK8TxVdpo5ZfReqZzZWgD3kaDqLKjKiiVSrnDXLvfpWWyFtsn2fyonnE/yXCZJU2eauDpTyBMYjyjvSfMdnBQOQpyASEG8vbXAY6zpBk42/KBuHASS6czuIVjuMO/JUf1osP7SRHqw8ugZFZv74nsnWZUMQgAKtDbGsbono6vmvkwuwHb2yppTrlME9XviT8n+WPh5nfVXKtKizgx3j4vJIauVvxHAAhpzicLw23pIGhahDrPbFDgdGRuq+9jv4IixVIyri39ic57dXClXrBslLMMhM3z1JirV2XaxAMcG+gC6KT6nZeWYfN1ceCxd8UP8P/NhJSz1qzAaSu5BXCbMVE2Xpo2wul+rUhHoTMZgv/haBiiq3MkAeQxtwqJ/jqVUuCg67BUBi+KjvXgvz8oDV3vvs4LIrQcWhFKBLhJMPAsKQCAXzWWU9TfeS/Nx4tmFwlow3fgEE/vNyM+aQLeXggZHjufaQnreqlpF+jFLG7skwvIq5LOgSvHo1c7Uz3nCz8naaYEqvybDtWTnh8NbsBeDj1JSXLgOu17oNeyZoj1xLPPvOs8CSFZT8Tm8qQ8V1+yZWvCLBSXVamCrary8LcAP+PWFb2/Xph3DgsQ/76CxAUc2m50jmWBpf/jtIU= ---END GANDCRAB KEY--- ---BEGIN PC DATA--- wfKD6iudumBkmpL8IRr4U4exEVaoOXLtwDwmOrT1y1YWvOiWMx5GYaRdvZZbTpFRvXYJ7nNWrrfYTHmHhh5qBJzzs9MC7736UkGSDDniUJJG8/LFF//kmGmoAZAGLo2j5/wd2UrxMJK+iqKhTkS3ArgAxrZOOOiXrbnhbWMkLHQnbYuWlMClYZxYU6SDxpopRo5r292AV1KIZBZV4APBuUHcKSIr2MWMI0O1MKIP2IpKLE2TS5wNmoQoAHZIP7k/TfrG1tVzlDb3jcZAB3gql9dnWN0lCD4xdg7bDNQrvH1xSi3FCw+6kfktKtizqdynr7r154JiurEmkUXB5eKt/2Y2FushGtJYalrVBiPt+BHQEd8b9CcQ4t64O6b3Y5NyPYz32XaispQRTRkqF1PXJPcJ15EHwNAoARPLnK8+Au5ZALyfhGEwg6hrKQ3vxBFKwg70Zi7pABFI3vXLMOap1wQZNHQURl2KYDmn1lvgAn90mSDf7SyGQSZnn7Ivlsuw7HIKVYbpfzf2fBccdMBnP2lNhH9XQ3DC3qZBEuHtJEioBZ9MNJGhHpcOfb/LRc8P54k7V/HuibORzJL9NXYEh8sz/ewORahtHP+ZbmbW4eJPXp1eNtQ19EJhJFLe2qhgw2mJLRMzwAtbfjn5E2ENiW4EkrJfTw== ---END PC DATA---
URLs

http://gandcrabmfe6mnef.onion/5907796f4e66e270

Targets

    • Target

      My-Skidded-malwares-main.zip

    • Size

      106.4MB

    • MD5

      d01f58a973cfceca5abbb124f8e580ff

    • SHA1

      b60fd4d18c92322819300af17bc44e798d0ddef4

    • SHA256

      d5395f121277d2b38f4173c7df0a20a3de99edfcfe2aa697080cc81170eb76ab

    • SHA512

      81d6c94f56d53cd7fa29f5c1d9f8077a176b07b9a2c859b8525f6451660fb906dd960b71358ff870019990f541e816489c131a96b1fb2b7c66178a04ed35904d

    • SSDEEP

      3145728:Sg2PlA+mrMHCwbc/bAjXC0P5JCe94RWQRVBCXD7:SJlmxTAj7PtGR9RVBE3

    Score
    10/10
    asyncratdcratnjratremcosstormkittyaugust crypter toolz grace stubdefaulthackedkosomk 555чучундраdefense_evasiondiscoveryexecutioninfostealermacromacro_on_actionransomwareratstealertrojanupxvmprotect

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Njrat family

      njrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Stormkitty family

      stormkitty

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Async RAT payload

      rat

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Modifies Windows Firewall

      defense_evasion

    • Office macro that triggers on suspicious action

      Office document macro which triggers in special circumstances - often malicious.

      macromacro_on_action

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks