General
-
Target
zapret-discord-youtube-main.zip
-
Size
1.3MB
-
Sample
250328-3bgpzavqz4
-
MD5
62464cea8027f437706fb099fadd9d97
-
SHA1
4b48c04e06055c315e6c9c143b1ab53b8a76f06c
-
SHA256
6340e23e4c3bdebc2accf31f84539e84ca37a2bbcadd16c86d35621723f2024f
-
SHA512
5540b3c04f27679934f9a2d30b044c2ef36475b68ab397e291547769e525d05e097ea37e9356d262b337f1d06c66deaaa99261a5010425f585b7c4d8b3ed217a
-
SSDEEP
24576:czdlejXO95NorTSqGx0cAj/Ko3ibh15bvLoHcDjY294tcRqKK9DDe:4uTQ5NorTHGxnUta5bvLokMbHK0+
Malware Config
Targets
-
-
Target
zapret-discord-youtube-main/bin/WinDivert.dll
-
Size
46KB
-
MD5
b2014d33ee645112d5dc16fe9d9fcbff
-
SHA1
aa69498562d350f2de06954b133e59fac1e57002
-
SHA256
c1e060ee19444a259b2162f8af0f3fe8c4428a1c6f694dce20de194ac8d7d9a2
-
SHA512
37014a018b9cd91b2eaeeccc7c5af3838fcae4d4fe6bb50c7ae32cd5c99423965a3e3efb29499324f6885b8f0c2ee2952cb75ab73db4e8960811abcb46801f15
-
SSDEEP
768:Qjf2rf/kxpxI+JEw2VWHDDjQSQX4zTtllgwBqWocwTicI:YuT/CXHDvVQatonTic
Score1/10 -
-
-
Target
zapret-discord-youtube-main/bin/WinDivert64.sys
-
Size
91KB
-
MD5
89ed5be7ea83c01d0de33d3519944aa5
-
SHA1
4c9b9c74529399abacc2284de1dead5f2332ee9b
-
SHA256
8da085332782708d8767bcace5327a6ec7283c17cfb85e40b03cd2323a90ddc2
-
SHA512
be6530fa0e26441441028b530cd6fc4f900448916e137f92613a1f886c16399d415ddd17f7f8847258cc19c63b1510f2f3068942203c50486e48eed838f9f138
-
SSDEEP
1536:AsmCCzg4Klt7jh//NiRMwoGK0tmdsAXixJz48dJ/zuXR:Atzilt/iR5ojGmdsAXoz4k/8R
Score1/10 -
-
-
Target
zapret-discord-youtube-main/bin/cygwin1.dll
-
Size
2.8MB
-
MD5
a1c82ed072dc079dd7851f82d9aa7678
-
SHA1
52f26fa1aee39476f1c13438aec8bf969c78da45
-
SHA256
103104a52e5293ce418944725df19e2bf81ad9269b9a120d71d39028e821499b
-
SHA512
22993e7cee1e7aa69ffe45adf3a329abced7e53d54ffea96dab42fe273c81522252c7b7e98e5af36d2fdec0346c51540e977c6e56b8c08835bac86fa6d04ca59
-
SSDEEP
49152:hGniafRcs02/oSqCmB5RMiCwDjUZQjuhKv+TLRlURxKc+tKaZrpu8dhcy1u7MHz:YniGRcsVJqCmB5RMiCwDIS4TBrppUy1J
Score1/10 -
-
-
Target
zapret-discord-youtube-main/bin/winws.exe
-
Size
160KB
-
MD5
ce31295ca4629486752a0e016b4ad2c4
-
SHA1
3160c21001e83a0a4605a9724184978a83feb39f
-
SHA256
b7d354441b7382eed2cf7dd174e35bc99ea06e7643e12cb79335234f90473795
-
SHA512
37b359c8ec95aafa8e6b89280110bad92ec442ad0126068123b63848949925e03b5564c54cce13f5d8249ae0c550beb255758e9ab74ff962ce40eb770fddc3b9
-
SSDEEP
3072:zcOv6W8ccyHxIHqQRX+u3m9av7WtYgag/IENfeRh2KHz:zcZItim9aDWWgzIQ2RPz
Score1/10 -
-
-
Target
zapret-discord-youtube-main/check_updates.bat
-
Size
1KB
-
MD5
8ea8e2f841c62cb8a800e0ecb601850f
-
SHA1
fd456492a252ec263ed828ccb90935d4df5c9cb6
-
SHA256
d9e6be50f0960b1c38ed7771e710f1af359b53fe1390e7dc8524438ea3885585
-
SHA512
a5379aa37a1a04ac60d24a085abb2eddfaa97d511141b0764f34d86e67b3462ad627f4585dded8477676c228418a34e3f986147d6f43277caed526a0a554cc77
Score8/10-
Command and Scripting Interpreter: PowerShell
Powershell Invoke Web Request.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
zapret-discord-youtube-main/discord.bat
-
Size
763B
-
MD5
6717bd1f6b165e102781520c134539b2
-
SHA1
34a10b8027a3075bbafc8dee67b55f30eda73706
-
SHA256
23cb4f303ba73362219093bf5a1f4bd26416322ad5901b41b1f95eaa6c549f7a
-
SHA512
96b844294b1f777823c67b12757853c6b7a9feeb3d6d624bbc88376f480d1f80dcf38b457a01a85f7060363048e8991c59cdfee3ea881f264a8c8bf25897db64
Score8/10-
Command and Scripting Interpreter: PowerShell
Powershell Invoke Web Request.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
zapret-discord-youtube-main/general (ALT).bat
-
Size
881B
-
MD5
f1f093d295672e44ba0e9c160517ce2b
-
SHA1
c39c995961b18082d27f93aee7da26c9db6e0591
-
SHA256
c6c4fcc026faa76ba0fbe5e09ad852152f98710fc69652bb95633c08fb345ed3
-
SHA512
bbaf66e31c246e19c1e0ebbd8ac2090c7ec6be9518f0ef86f0952b7ee053ae70bbe7a611e91147fc6094c31dd25e85e9ece93f2ef326abe9aa87b67b4d51446e
Score8/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Powershell Invoke Web Request.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
zapret-discord-youtube-main/general (ALT2).bat
-
Size
870B
-
MD5
aa023ad5d76803b531db70c5d18273a9
-
SHA1
9dc75213c405e1cf41e06793e2c15943f3cf0995
-
SHA256
07d8100bbe17c082f1ef2d973e49233b9e81b91174bc8bfc6072e55d46208975
-
SHA512
ccbea661836b872d99a0c9c88ba5ada905d40521696a7c6b9a7108841e74a369c9985c7bee545a11a7a5df87181e2d5a95226972984d22ddf52578cde19b4394
Score8/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Powershell Invoke Web Request.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
zapret-discord-youtube-main/general (ALT3).bat
-
Size
835B
-
MD5
f486c3558523a3478e1c126581538b7f
-
SHA1
00aeab26710981b37a1585bf00dc712be4b920ab
-
SHA256
08f739b65a4d520b18b10f7de54704944263706fbe4357b538a7af5fb5a83819
-
SHA512
61194ddc7756012ddc199ef26496a649586470c6d58255395240893f50a10b5ca1c650e1d74070e667181aee1d16b234cfcfe9036a6954fa8a1f58b18a97e9b3
Score8/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Powershell Invoke Web Request.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
zapret-discord-youtube-main/general (ALT4).bat
-
Size
859B
-
MD5
e5911da32574f3bbd19b3e828abf0524
-
SHA1
b0da5765137e5fa966dae2dd0f7d9e8c2f9aa320
-
SHA256
0d4a4b2c526f972197b7c4f8ecfa2d0397e0224cee8f92961221c36363b7e014
-
SHA512
7e7cbeb66ec2e48eda4c302bef79a198797c57314caa55d423f91f5c8ae1b6967d4425df184d042f39c00f222a6023b06d08aead78ce989b2f71721dc8dc28f7
Score8/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Powershell Invoke Web Request.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
zapret-discord-youtube-main/general (ALT5).bat
-
Size
746B
-
MD5
669686d65e0390aefe3119e63cbbbf1a
-
SHA1
5b23d970b3917e9edd3378920499b82f88dcd6fa
-
SHA256
248dc6dd8c92681e8c728aa9e6960807ecbf4089276ec5ba2ec1a50034d4d282
-
SHA512
5d6025a4b10bd08539461efe619447f1bc046d879184d19aac830ddd95cc46666ba73ed02195b9b6f2c0bc3bdea9dab83a4715ce475eb5b80880bf57afde0a40
Score8/10-
Command and Scripting Interpreter: PowerShell
Powershell Invoke Web Request.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
zapret-discord-youtube-main/general (FAKE TLS MOD).bat
-
Size
802B
-
MD5
53e51f23bd243c77f9a69e4a0362ab90
-
SHA1
75c26190df226ee33c0d0046b871ab4a05b732a6
-
SHA256
caf0c0b62e5ad8f08a069f4261459902ce663fe69dfd1e5f314745d75fb9a781
-
SHA512
c33e9fb03053fd523627392d63ac69ce9805deea10076623ce45b1678554c961059c7339387e91450fcf6b71c7d231b22fc21bbca133432f4161ea5f0098a86e
Score8/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Powershell Invoke Web Request.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
zapret-discord-youtube-main/general (МГТС).bat
-
Size
875B
-
MD5
27854f466b42cf42b841e44e92cfe7af
-
SHA1
e0eeded80e6566f75bf9d0c1c24c2b2b79b2f193
-
SHA256
307cf9e871de38f35f6e709f323f2fc81c7a763d9c98843ee8e3dede3657fd2f
-
SHA512
bc0c8a089fe98c35aaa72e2827b52cf437bbc0a6bd4bafbb7ff91a58a3739023ea70f7911741ece839965862088af5072990dab94ada3938f89dc7991e8fe1ce
Score8/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Powershell Invoke Web Request.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
zapret-discord-youtube-main/general (МГТС2).bat
-
Size
852B
-
MD5
f621e10d2bcd88542842294d9ab20d87
-
SHA1
c80ec9ec1181a64f0c13f7d32681f3897ffd808b
-
SHA256
788298a81f532cff8d3550609644c01ac1f1135daa6d119f1baaa57e7edf6dae
-
SHA512
070e8dd205780925c883cd4840d05a8df543c238e38e5f3a239383f5abe216a035f2a6728c0793ac1c5982c7628b117180afbf179b00a82c1210a285e7f34a6d
Score8/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Powershell Invoke Web Request.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
zapret-discord-youtube-main/general.bat
-
Size
881B
-
MD5
6b4358459c9f14de50036671b561b117
-
SHA1
14ac682b781e59bb59129da04a15819a23e1f63e
-
SHA256
19854433f5d5e55eb0588104327d7edf76d34b8b9b43bfa83c1bb6e36a2ca3f1
-
SHA512
c2fab643b55a654b0dfbecf13766da14d6c366c393757f6a26e0c975af3a79d538985f0947a6c7d06aefd2aa9aeddba04ad16e5b9f23d8f89fc26ce6a376a5c5
Score8/10-
Command and Scripting Interpreter: PowerShell
Powershell Invoke Web Request.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
zapret-discord-youtube-main/service_install.bat
-
Size
3KB
-
MD5
283f64774d027af0ae0a59ecc3397916
-
SHA1
8be1681203250a584152f5ea024cbb1764e3cb34
-
SHA256
e11174d83067e63382106099d9e6636ad361294f982dcad3b5cfe4479b679361
-
SHA512
25b06ef5a6679578d39d5b44d1e788dbc8890b514b9613eee0eaf73f72ae2049aa74201049219cb2319019eb59d6db5cd732e1f4442725238869a4e41dc81da5
Score8/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Start PowerShell.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
zapret-discord-youtube-main/service_remove.bat
-
Size
428B
-
MD5
97b2922ed1cb49c24cd7952c60f03a0c
-
SHA1
450fd1b4dd6233d0ea1b75d7c2bad6778fa3683f
-
SHA256
92304d7be76311f4a5ed0c815b36587ab33f7a703147862efe63e7a55c09a3c1
-
SHA512
187a108256d07782093ef92d72600d6552f4bd5d79883fdcb341dbfbb8dc760088da1dfcb06f6183789dd855e47b7b622ef9bc9a00d2334e9d1c16470f6a9041
Score8/10-
Stops running service(s)
-
Command and Scripting Interpreter: PowerShell
Start PowerShell.
-