MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1026da21d95ab9bc3a5dff5163d8029ea6ca3413e586272074105e4727ab1342. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DCRat


Vendor detections: 17


Intelligence 17 IOCs 1 YARA 10 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1026da21d95ab9bc3a5dff5163d8029ea6ca3413e586272074105e4727ab1342
SHA3-384 hash: a178529e69094c87e723abfc22a72c513cc4acab83c2e884388273531ce97ea2b023771ae410068d671d1e3389e794e8
SHA1 hash: ccadc053294ab749b8588e96d970b2b9f68673eb
MD5 hash: 4cf736359926f19077a4c21300613900
humanhash: football-video-dakota-nuts
File name:4cf736359926f19077a4c21300613900.exe
Download: download sample
Signature DCRat
Create hunting rule
File size:3'817'342 bytes
First seen:2024-08-08 05:50:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fcf1390e9ce472c7270447fc5c61a0c1 (863 x DCRat, 118 x NanoCore, 94 x njrat)
ssdeep 98304:ubzJfmjiWIkSsHIDR6ToISNCEVmC0LyZG7:ulmjPZSsoYoISNV0BLI2
TLSH T16A06E0027E408A11F0194633C2FF555887B4AD126AA6E72F7EB9336D64123B37C1DADB
TrID 76.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
16.5% (.CPL) Windows Control Panel Item (generic) (57583/11/19)
3.0% (.EXE) Win64 Executable (generic) (10523/12/4)
1.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.2% (.EXE) Win32 Executable (generic) (4504/4/1)
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter abuse_ch
Tags:DCRat exe


Avatar
abuse_ch
DCRat C2:
http://cw35214.tw1.ru/L1nc0In.php

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://cw35214.tw1.ru/L1nc0In.php https://threatfox.abuse.ch/ioc/1307869/

Intelligence

File Origin
# of uploads :
1
# of downloads :
383
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
dcrat
Create hunting rule
ID:
1
File name:
4cf736359926f19077a4c21300613900.exe
Verdict:
Malicious activity
Analysis date:
2024-08-08 05:57:47 UTC
Tags:
rat dcrat remote darkcrystal stealer netreactor wmi-base64
Link:
https://app.any.run/tasks/eac4b237-6b0c-4ac3-9d95-47ece1ee57b7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.VBS.Encrypted.Gen.UNOFFICIAL
Create hunting rule

Win.Trojan.Uztuby-9855059-0
Create hunting rule

Win.Ransomware.Clinix-9868408-0
Create hunting rule

Win.Packed.Msilmamut-9950860-0
Create hunting rule

Win.Packed.Uztuby-9963900-0
Create hunting rule

Win.Packed.Uztuby-9969968-0
Create hunting rule

Win.Malware.Uztuby-9972880-0
Create hunting rule

Win.Trojan.DarkKomet-9976180-0
Create hunting rule

Win.Trojan.Uztuby-10010740-0
Create hunting rule

SecuriteInfo.com.Trojan.Rasftuby.Gen.14.10239.27368.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66b45cc9aa5b40be0a9fd9bf
Tags:
Encryption Execution Generic Network Other Static Stealth Trojan Msil
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file
Creating a process from a recently created file
Running batch commands
Creating a process with a hidden window
Using the Windows Management Instrumentation requests
Launching a process
Creating a file in the Program Files subdirectories
Creating a file in the Windows subdirectories
Creating a file in the %temp% directory
Sending a UDP request
DNS request
Unauthorized injection to a recently created process
Blocking the User Account Control
Blocking a possibility to launch for the Windows Task Manager (taskmgr)
Enabling autorun by creating a file
Verdict:
Malicious
Labled as:
Trojan.MSIL.Basic.8.Gen;Trojan.Uztuby
Link:
https://www.hybrid-analysis.com/sample/1026da21d95ab9bc3a5dff5163d8029ea6ca3413e586272074105e4727ab1342
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
HYPERSCRAPE
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/073a4e31-c782-4a49-9a92-c3fe3f711b0c
Result
Threat name:
DCRat
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1489847
Signature
AI detected suspicious sample
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Creates processes via WMI
Disable Task Manager(disabletaskmgr)
Disable UAC(promptonsecuredesktop)
Disables the Windows task manager (taskmgr)
Disables UAC (registry)
Drops executable to a common third party application directory
Drops executables to the windows directory (C:\Windows) and starts them
Found malware configuration
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Protects its processes via BreakOnTermination flag
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Searches for Windows Mail specific files
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Yara detected DCRat
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1489847 Sample: 8O0HluqnYp.exe Startdate: 08/08/2024 Architecture: WINDOWS Score: 100 68 cw35214.tw1.ru 2->68 72 Multi AV Scanner detection for domain / URL 2->72 74 Found malware configuration 2->74 76 Antivirus detection for URL or domain 2->76 78 16 other signatures 2->78 11 8O0HluqnYp.exe 3 7 2->11         started        14 aVBpGiZgfI.exe 2->14         started        17 aVBpGiZgfI.exe 2->17         started        signatures3 process4 file5 64 C:\hyperChaincrtdhcp\surrogatenetsvc.exe, PE32 11->64 dropped 66 C:\...\W484khEzBTOw1PD2BkAq8Rq.vbe, data 11->66 dropped 19 wscript.exe 1 11->19         started        22 wscript.exe 11->22         started        100 Multi AV Scanner detection for dropped file 14->100 signatures6 process7 signatures8 80 Windows Scripting host queries suspicious COM object (likely to drop second stage) 19->80 24 cmd.exe 1 19->24         started        process9 process10 26 surrogatenetsvc.exe 2 14 24->26         started        30 reg.exe 24->30         started        32 conhost.exe 24->32         started        file11 56 C:\Windows\en-US\aVBpGiZgfI.exe, PE32 26->56 dropped 58 C:\Windows\apppatch\...\aVBpGiZgfI.exe, PE32 26->58 dropped 60 C:\Users\user\Recent\aVBpGiZgfI.exe, PE32 26->60 dropped 62 2 other malicious files 26->62 dropped 86 Antivirus detection for dropped file 26->86 88 Multi AV Scanner detection for dropped file 26->88 90 Machine Learning detection for dropped file 26->90 96 6 other signatures 26->96 34 WmiPrvSE.exe 23 1002 26->34         started        39 schtasks.exe 26->39         started        41 schtasks.exe 26->41         started        43 13 other processes 26->43 92 Disable Task Manager(disabletaskmgr) 30->92 94 Disables the Windows task manager (taskmgr) 30->94 signatures12 process13 dnsIp14 70 cw35214.tw1.ru 185.114.247.170, 49709, 49711, 49712 TIMEWEB-ASRU Russian Federation 34->70 50 008f5c83956b93fb71...e31dc42e3712680.exe, PE32 34->50 dropped 52 e91fb7cf-6920-4a80-9f38-c17bfdb0c3ae.vbs, ASCII 34->52 dropped 54 779b6fd4-143d-4f75-92fc-6d9234796986.vbs, ASCII 34->54 dropped 82 Protects its processes via BreakOnTermination flag 34->82 84 Tries to harvest and steal browser information (history, passwords, etc) 34->84 45 wscript.exe 34->45         started        48 wscript.exe 34->48         started        file15 signatures16 process17 signatures18 98 Windows Scripting host queries suspicious COM object (likely to drop second stage) 45->98
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/1026da21d95ab9bc3a5dff5163d8029ea6ca3413e586272074105e4727ab1342
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1026da21d95ab9bc3a5dff5163d8029ea6ca3413e586272074105e4727ab1342/
Threat name:
ByteCode-MSIL.Trojan.Uztuby
Create hunting rule
Status:
Malicious
First seen:
2024-08-05 13:12:00 UTC
AV detection:
17 of 24 (70.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=catnuiozlk43yos575iwhwact2tmunat4wdcoiducbpeoj5lcnba._file
Verdict:
malicious
Result
Malware family:
dcrat
Create hunting rule
Score:
  10/10
Tags:
family:dcrat credential_access discovery evasion infostealer rat spyware stealer trojan
Link:
https://tria.ge/reports/240809-k4vhessfjf/
Behaviour
Modifies registry class
Modifies registry key
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
System policy modification
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Drops file in Program Files directory
Drops file in Windows directory
Checks whether UAC is enabled
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Disables Task Manager via registry modification
Credentials from Password Stores: Credentials from Web Browsers
DCRat payload
DcRat
Process spawned unexpected child process
UAC bypass
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/849f8943-7125-44b6-9b8c-1adb52ab2160
Unpacked files
SH256 hash:
bddf9d0f2ceef9bb584eacb437722c64c2a68da4359996e383c33927347dfc33
MD5 hash:
13b042434bcc0113ff58aa8385f06ee0
SHA1 hash:
ff47e5fc40f16aeb9b3e219447bcb3ea7d6374f3
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
ed2fb36037816de5a57570f225c4bd995e64209f42363a3f28ad35aefc5d2f05
MD5 hash:
3d24d232eeca6ad74edcd139cce66584
SHA1 hash:
fdab3d748889cd6fcb109de29725795bb826c0f2
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
fa87a4d361064286220241f1eeeea0a90c347d9fff1e5932987f1db87582e66e
MD5 hash:
79aa81567b5e10725e3e4adbf8383e8e
SHA1 hash:
ee7237e51d0ee85b021f9d5ca41540845393acb7
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
Parent samples :
faf8f7128b7208eca7740b99f169cbf0a9dc2c1d589dbbfdc4846f75406d1b6a
43824e5c1db3c8dfcc071806b4df30ac44467d2a9ef29c0346c528d21f88c96c
edfa4854459543300b21cfa4a7c56ccab6c5a31668c926a40840e947f0125710
658b0a01404144b5da03574e2a05b6c02030baa2276b9e047174c6ccb3e8918d
0c580f2f9f3e2c64e1a23ab9f81e37e47fee22704d46a7bf7741802694cae951
189a5a34e99c66355da0eb5c04636ac3a06404723cc2de86a22bda42aadeea21
cd652234e4620f37b2c74931cfa9bc463560d38976ea12f384c92c4827366434
b84321d7416c9898a381c39e94867b880aea15a68049795d81888371c70d16c3
cf4efad0b9d74151b09be4acfb12d1aea2a9e316b97a2eb7f4ca8ac12b0e6d8c
4c13d7949070e6361626b855d849afa3e4721b654a7906303bb5933645498c53
377f3033cdfdcf4b2bd6b9c2949abcb8d7973c2ade4115d1c622db274bfac687
34e740ecbaab29c15536abd6409bd10e1880a77eeb8a5a88e787051d4fd916a9
9e7a70da8b8fbd3193c3a9c10cb1b120802a8ef88e4e1c4c03945cd87dc0dd2f
e2955eb9de3b2d1d49eef7d0ff565d033429f0cb628439ef17571426758f58d8
942ce9bb5178d33eb90530cb614c3857f6b76723548e2e2865655072f47ecc62
66c9abad6488aa8867643b6c417c458ae6978ad86d4fa30ee40bd1f90683433c
3eeb9115c3888d0b1c4cfccc25bb48661b90f308bdcc1ea0c2a56a7030d5c547
54de552295e919218a7d43a1d0114bae169a79a1963113d615fd8bce428b385d
2774262a54ea6008d5b508f4d95eb811bd5d7dc50e1c0659d016ab33d966e729
edfa67a16bfdc33dc54dd105c07cf96d4595b34cfbf37e1cc249b1078a085653
425fea1071b9d17709b1c93a92ce8497bd4d8f42d17bf7f7dc47db9fede0133a
682a4c477758cc6b25d07c284879656f821722910a3eaa3c335afa6d50b79706
27fb772f0a2179eb3a713bdde7dd8877b3e208cc29743a97be71308309664e91
682282bf621bee4f2a2ec6b574b88f9b45685034fcc4db866e6777706b774bff
cebb491e8af42508a08b3d72e299bb73ce764dbe0697aa86d5e300ff50cfeb69
07ef2eee7e56c2338327d52269e755e7dc2bc82e2fb8781de0c1ea7857003d49
387d5d85440c9e1db680894c297350c26145221e3986ed01bd3b5bddd8cb923e
78e05cedaa8ac3d3361793ab8b19b6ba2147ea99cd6e406720e90dc5474fcda0
0cdd9cd133555f23cc30876c7ef36cca43834f4d6172a161436238cdc80c9e17
46380b549b3208615eddf824e872735af7f7463dd35d17db1f57bb3c9fb05499
2098a5c58be76612a56e5dc768ecffac4d8ca0c90f98d089838f299b5cc2990d
284f083103d1c160d9e4721ecce515646ce451a1b7ddf9dd89817904e21a4a2d
087437817d3d61d126cd0ca6d5d6babcd39fb5c85a48b95c023878d124051da4
738f3b29b73ecee8cb2f1439bfb37f537b00fea55329de4d5a9eb556f5124898
e75535592e23584ee41ae9338ea80eb8472ef608af0288c855185617e465341d
ca834f0de0a8eb1fa2beda59fc7a5dc9879886f9a066d6065ef621506b43590f
87f220dad3bbeec6f39ed3e74eaa5b63f91924104b238fd33b4c5d49cc88f1ac
5d3aa443debb15bdf756b94980e0a6bcbef950edd72941905f70eded5238590c
de00660d0d96ff67cb8e89a8d8525567327b109bc54b9042e5fdd516dcc0e51a
8709a2d366b5a25dafcda279a431d07da457676948024ee28e60e7848b7d24e4
a5f4363625928d7fb64087212bd9d094972260739b274f44b53bbbd5be6d19b7
1365414d90a8e9a059336e150f9123f59562c2c5b3a354f3d73f882773f04571
36b4c1632f6121f74305e5af623f983c9b97b01080470c7daae076dff51b8c20
0dacdf0e2ae577718cce67a4498ca419da614bf7b536c615528bb6e273717f54
bfe50b1ade213b5f699739f7e47b6860cdcf9b7b5ba8d0a6701d2f6cbbe0d1fc
dfdf2fdf2c2eb51f23f7cbe9003ae084e6a552032fadac0ee7b29d32876e3ac8
8d31ae46e123de0d23937d664298428e37b45a7a135a95d73f5887779ee48710
d979fd8848a2fe7df6ea8cb353086d8a28d7c2523b5e10222c19285ab40fa5f3
0b4aa6685967ac49d493aa595578c445dd75bf839dc95aa48604825c1eef0ee9
3fa6ddcabcb03763ef1887117e16ebdf0553a1cc2a16b58bdecaba0735d4e60a
b108df3575c8f9c77577486a92b52fe55bfb6508acca68b22250d8e1fc0494fb
7193ff366e3ef4c3c91c66be1f3c1d03701cf8c6a3034817749ba69650df187d
76fc0359cb26a2df509d072b2b5e925de39dc95d502f5173b45d11406bab815d
b473ef5a2e4a6af3a8fb6e05a5f337de350ed961465a87525a19074a419071e2
29c1eca587a0180b5cdfc0e939ef5b1bb201335d2dea2a1c6427ce37af68325a
7238e57350be305f25ca913714b571ee225a658bf5234d9e98cf72e176b8749b
00db2c26608e0e750b9262587d68d19dfd37e45b185a22b9438fb309ceb15cd9
a8733ea13062f65d6aaeb65f8836f9c57bc3c3af7c0d04b94bd072ed2f56b1d1
374290f4bc29e1d5a3295b8f23c281393075beae64db51cd5a5e96c03f9ef8b0
ad3cad3320c96364564203d96cc76ebea925dcc8de447195e0c1addb9f28e7e8
371427ad07be3f9c39773c3c0c4b95c86f63dc2e427835565b159f3686818bd0
9c8937d1ffc2a8ce23cbaddaa9e8b046d1460fc684d05b609fec3514ab14c39c
25228b9b7646e3a44d0c0458b2d9f4dde89cb36ca52f69ae317edad02678678c
90cd882d4b7aa3939307bcc71bc05d38e600cb22e8984985335df1feac12e44a
4ce4afc5fd856ed5951e35c3efd45fdc03662abf43050fddc564023ef40e6823
09ca6cbcafca3cb6da07a4aa1067854e5e2bd9ebc2f45f9bad3e40a3e78f7eec
0f2c744c9325bd8c8874af73a82add70c6206e047afef3be951fb6ebfe8c5576
cb5bd9dcab7d07c1775ad24d25f72e15b6d62d4c22ce95345ce95632bc68be63
cd526b1117e1c22762e6c48441856143ec31f33b8b8efaa13cb3ba37631c5972
633b3cade3eac35d244499864b7951091dc5d8cbac3cb6dd4fa87a214be9c41c
3d6b02a65aea0bc97ccae6bd8ca5a6f46f10e02715ab4f70ac8d292e1a221aef
de7afeddc29a1d624396c18da80702aa9ab9f8e5212446022a49b7f804252f0e
7cef1a964acbe38f4796b9ddbbd95e3fc19215594b2f3ab74483d58fe4bb93ad
a3d949b62016bc688520dfe0bf68075ca6666089eea641a62be626aecd1872ef
294003b3626890da222c7aeb34f7ac71cec614026c686fd88df269cc175a0e8c
3049dff59c007e4d95714d9e75a74a50e0ce1e012c0ea0e8dd0c4d457d99bf44
c0c7a64abcfa82be148050cddc9df53967c4072ee0871528bc86971b486a3053
af20afbe249de8d37ecdae69670fdced02fdfbbfdf7a1f2810e7628b52e29e4c
3ac5dd621c370ef1fd89c945b220fa1dc5a1ccaf30ef5300034acb5cfdfa3e11
497ac5eb72b62c3db2d5383bc2823bf38596e00d877ec7e9d572a94830f07a0e
af0e7981166891af0e066bc0eb1fb73ae36ba339e05e40510a526385b48ad00d
e23b924ff1c1b8a67aebc3b98711c63e12832e2bdd41ff8a52b15685bfabfc6d
a68bc10b645b0b5748702f6db2b275549a5214854c0bc1efcb4259930760aa2f
fcc7ce0c1cf2c3d90bef0d564fcb9ac13631d73dd516a4e32f01ecd3ea9bcda9
8d5514730f330a6f4ae9b1807f0c77ed15975d469c7c92c10c690ed681210ed4
d1a77a1cb9e4123494d9646d4d064289d6c96dd7a1ebde4dc0aab169c42018f0
007c244b9dac3fecd6d8df49314f664afaa4c1c823574108f77189c2925e9594
078a6edfe74bdca838f020373b45f18d1a89abe276d75eedba8cc4a0e8ac0acd
7eb02adb15e19f6a197a641d054d24d133f6d0880afbb8ff53a6629cbc666b67
3490a06a34fbdc0f9d3ae55ff159fe407bf962f67b56bde78a9ad0bb312a1610
7362f82084bcdf47b0927674ad678f66214e8d4f2783a0b9338ee4eb773c3474
feeeddd06c6b90360e7adf808b216628c585888af8e8b4179be7bb1a4e1e6994
94d6f5344b79742f145659d00c8e6d7113741ced8930b855dd6161b222f3e6c3
b003517c275f4ceb2bc2b54f77849c64818c7d37439201cab1cc2d91e8c66efd
cf2af3301f31bae02df162a5287f7671b353a4d7c704235e84661778a92c0b67
9c351c1e11a2e25b53edd78ca7bf03bd0c6afd2d0bfbeb5dad6cbe8f24edbd5c
014feb184c1838be5b8ca7761e5ddeafb5af92492718f13bcaedf5a736ce6377
b06c1166e2ceeb7def9f3d7efef3f22f2b004b5d36c785a4a4cb443b6e1281de
f41b0826792d64294cb3f67c11513610b4510d8efdf2f7ee66d434e3b7472343
f62010b7a1b10bb8cc3bcdfa7e4c96e4acc5e792d670916e0fd7372288a28510
74b7f7ab11694433db9e6f10265127cb9ab239983f0442d6aea1a475713018e3
6c29d8bad383d0c43571ca79bb4887596c18c54053e174bb4d551a717ac33dc0
75e9a0ab3a75f42cdae23e971e2f34f447aeed1bc9b0adf11d47cd2dc04a0835
5a47bbdd5a87677ce485cfa5eae97ce572dae896ec0fb306f8b4a2ad8d5f856c
0a0eebfca8553e921339c90b0060ceb6adcbc5f747696b1abecd376f50283911
079172ddcc7b1086b9bf972b21d0d579dbff695fde14811165a986efe322873a
6e333e5b68668934186d53525c24d2ed857c35e36b4d21102d06e52e6890ac5f
60f6c911f8b8f9579e3958699dcb7fb91ade66f3a9bdd435632c6d18006002c2
13f24a33b0bda605948ee337aac9f7095faeb536a0c1ba8d221a53af3822eec3
121d462ca9f33798e076d069ec6b84c5ae0573bbaac8df8dd78efbb7041bd30b
7b3cb0689a20b3d447c436253a2f44995562052e7f46094c93c12a375ebea0cb
4d460e49e0c569a7593cd7fd6e3a181b2e25dd7b98bd2906015007bd241b4d86
c3627f7a85532ddd721bc37ed3816ff0197641ff368ed20bd39c19aabeeb97db
8d34477674ccda710d5acd22a1ea3ce7c9e818d7b6d3b19200c896fcf42f5b4b
3f6feb2ff90be022f4b11b4e4be46768ce735fa4fda2fc731232fd1105a109da
3f7dbeb177934d53205b93a27b9f4262fe0f46aaf090326cb8e2069d90d0414c
c0edb4ab0c1ec04e092eebb05cccc48d35f615c0db2a1e0c4363565586c7e519
70c558209d7201e690991be17a01c6ef7f5b14775f2cfb288f0abafa43187fe2
3acf15dfd8e4a0fbe7404c2f8aadda1cff0aba5c058f5b5c3481bb44d8ff5b64
fea10c485839f80cc78106c2ef1d4a3ef70a5a0c208586be219a070bca061d6c
ce0545657884415ef34e052fcdf36506eee3f33315810fac1b7f7c615f439dcf
e0b4936809d8a75b5095ce25dfb12e14c825e9401d941356749bba86a26b6bbb
f9e07becd2faaba0a53f178a513cef474849c4d82a1e69a871c81617db614296
84f54e72011bbefa9480f3b556de2739efdd2910018230990ac5a1b580ff4993
4cb2a089b9b5c731fa3bca4d3e697271d948fed7882fb6ab86c3ebb3d86ab0ca
6e36e247d18636fd5a1790ec30a2700272016b7b18f92bb5e3afccd3f7850008
b7ca17d1cca0c38096119bcc28f57877024c68fe6d9d5f54433c1b02f0352fad
63533c321441c3186976b15172a575eda99ad7ec6a937073b7b36ec45cf3e1f5
da479ac3683eb1b6cc8cee9967b33d7a299fb551b9a8a1ddd5182469de37b2fb
74793488f23a075f3d4e966eeb3d523c152d6fde434a4712a2a700d3db7b65ac
a97a9f96d06d9e06dc3a0b49088553f0f3591e714cd905a6650ae02a28054351
01e7f777e19a70073e6e8d286263b12b59bf8cc9af1e0b0c9fa4244ff63c9dc0
327c974b8d165bfbdc0c4277bd3d68e24b6d55a6d970340662ff78468a9c4e29
5680eb1ffa1fac4f1c5a78024331ff7dd8982138d89d2df4ec56996b44c9cc99
4728a46d0432b4fa8c56c71597346276a69c9a38842725426a44364cc0655457
f35cac13d76f955a715a51f5029ec8e4539004f02a447eec2b84febd7a4f62af
327cf6e74f487f7a2b852c4698be5bb0c32500a77c7ad07061052e7e95bedd49
39c734ab91b8067c2458a620ce002b8bbe6f0e18176a7d98d022883ec73e67ec
818d5b7ce2bbd0ddcf6693b650106d1770e7ca6aa71b15a79d8906827da0c690
eced2aadf0074e3f52a0d9db1f2ca5d107a3d67be858da503cdbc42bd69b9083
4f22748956c9ec725df67a7729730ae3d56f88dc37db966abfc3a7557bbdb69a
a38d77ec66208f83f4065fe43bf51c96b587d2937b0d5f6d1abb1ab973de3751
41556fc8255feca7f1ddd424cec3c7e3f9007fea4f810db053a3886b4d7b8ec1
b58aef4c00cd53ff6c8dbd8dc77106cc4d3c9267dd6a85a60689a7d877d296eb
462662fa78d865d05b8ab25d9e3df1f033d3af7822055deacfcec845c8c7c9d1
a11e40b54e8ad5e3d24d075395267181f8cf0e12034bc2d38cfbd8a5dddc2b31
525b609b4fac8d454a86232d28999c3135fb2b3c10961723073f431fd75c2020
a0f0432f815889adb15907adaab5489844a71f5527bb07afb3d37f1a6ef948df
b31a48cc3055c0a4d94234ba2bf0844378550d8966cf0197a2cd140a945c8d33
3993abaf8f1b6758260ab97a7192a4dcce70c41ffb326db7f0e94dffaf647312
7949b1fd0ad6619b0571cc5811092164829d49c19ab062466497ec8d91fea232
cdbdad075c206d9c7b7507f5896dd87dd3a5df371bbf7113e0255bf9fdcf7ca9
bb2153f4393601174d491f9be952ec246a4f77e67b46e0ad7983d7270436b8f1
b0049161819d1b613e9bac0c0ab31c4926013efcb93041f2b8c56f5d34f2336a
f4a06ff1449d152e7db1ae642aba721b2764387e9bc8c2b9cf5ac3000433672c
4e6eb217528d9643d9a41ea4ef18d97e64d425d5c419738a82081e2577964de5
90528e80817e530236ab8110837e1afc510cd1b3a69e90787d8dd00eb471a40a
c4c2a82a7d454bb85fa22f12d2571639c1640ba4a6790d708f4a229f91a7a99b
a00f90db29e2c261c2b6bb00093c43659b577708e8afff72c97f17d41bb06e2e
ec8877718f6bace8cef59ee505e0cbed94a2f6531249d0801192b2de127cab85
9ca2e817ff19e5313105b3b468c5390aff48fabe778333d4d2d045659818e73a
b86a67a7dea558bd5719148ecc93ecb2c4f9270006ff304d860c866519c8ca15
550e199325198e2aeb1c1fe8228a37715962dcad001c447f29f226921e6a9f0e
b0cc835df649b790bf8fde133d284d4bf3b9c6fd65baaa6578f91b9b3fc33b5d
6dcc2f68713b9fd65e7cbd3c987632b67f4db83a27f7c1a4fc7b16b07f7e5306
4b3c55405763bd70c67aa1be3a5ff64ec09c0255d6151e94bfef3b230c295aa0
807f17e494839874f50bc0ba2f65991825199a8e25bb5fad4e8a347bcc48e5c6
ebdc00c1de3f168e1a3750f0561032d9e2c2a1bd745341f970dc1e395695f341
761b7ea565046ca0cfa9a64194e66240591a4a18027e750b2a301707aee33a59
80dd765c830f488c111c61f86d1f1b3822fb75b5d91c4abe23099bc7e2fa3f81
d5de28ab9d6c56d5eacee86451c92836f930ab3f4ff7851b467f4786657b754d
ebbf0823315707c04f814d68d3c3528354b522215ff0768303002115245b9e44
883deea17e26a18bb9c6a8d5184f6d4d326b84d16c3d43589fb4a7287bfb0dca
a1f1d8797ffd930f0a16f3a1bd96b58419bb05bcd304a6e4ec2ddc14c664c83c
dd71110a6b7fb79b2949280611957646f76503f1bda866b06e74b9a74e54dc89
c4fd4ed2f44625ba8af80b9e9751a005de4a3060eab685bb8e3e4b455b90e3ba
a80013d4175fe572cbeadb27d38a4fd397550d2b81532f6d800300c195536597
7d406ea4f3c94f86228662495df35517c89df991b672eb804d5ec796fa0a2a63
5e44dddfbb8bcddff6231529beff64d1f5a20be2fde1356dd7a0c4e82a72a468
452896fac3f4fea522f38b7974de9428b372bef3ccd30953ba7e808643312d11
4c940f9d7bd8b2397c93151446cf167acbde7afe5fb29205f3f58bf79d714ea0
43647972490c89b2f54bb84a4abdcf9037cc2f6d0768b9cdad9ec22deb935e11
29a955752a6b382e17a74244825f66d1cba8776f1c47ae908b1e9c9fc88a513d
c91ecca54c0cbdf3f8714d7c92ca6858d4ddb5957ab06f9ed33bb73e3b5f6207
e7cf9ae73751f92a53dbbc41b4939510e23352bf3a942e86b269c72b80cdb63c
SH256 hash:
f8ca1f141094e8eb66d0146f5018fd3ffe8d24b8db4fd17a1652613b614a1d2e
MD5 hash:
d25a5bff280a988497533d02a666cea8
SHA1 hash:
ed1ab3b09b55e4e1cba2d14d7c34e2a759470148
Detections:
dcrat_obs_grabber
Create hunting rule
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
98a097b8e1534f93a68b88ef132fd79a24f71f53523cc8581d448e4be42f2ccb
MD5 hash:
73dde8ce47e5fd6f4cf7acb621e5dd4c
SHA1 hash:
e03cad27143aa8ee39bbcf97061f44a033260b96
Detections:
dcrat_performance_counter
Create hunting rule
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
ab2f8ce18ad7728e3d79d38b37df402e0007d3dfe2b0b8fc9092b11146889f5b
MD5 hash:
ee1b0c096070c142feb6794eb7914db2
SHA1 hash:
d953aa2a7a87c1fbd98a88ec477edb9c02ad36b6
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
0e081d485fa501f82524fa71cf9c7c4552393d1c938bbce00bee5036ca43c153
MD5 hash:
f45ba88db90d8f7aeb054f6e41c5c8f6
SHA1 hash:
d885a71e1995af40fdefc255944961e61e3256f4
Detections:
dcrat_crash_logger
Create hunting rule
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
Parent samples :
04dfbc17a5d59fe23f729175cc485a86211b55190613d88247386e4baea05534
68b4f3aa874ed36af78042c8a7d25ae03a362b0b9eede86fe714451844325357
0c580f2f9f3e2c64e1a23ab9f81e37e47fee22704d46a7bf7741802694cae951
06c5043de5a30a81b57f1afdd651d8d8dcafa12a548bf22c129fc0ab1559a6d9
4c13d7949070e6361626b855d849afa3e4721b654a7906303bb5933645498c53
377f3033cdfdcf4b2bd6b9c2949abcb8d7973c2ade4115d1c622db274bfac687
34e740ecbaab29c15536abd6409bd10e1880a77eeb8a5a88e787051d4fd916a9
9e7a70da8b8fbd3193c3a9c10cb1b120802a8ef88e4e1c4c03945cd87dc0dd2f
66c9abad6488aa8867643b6c417c458ae6978ad86d4fa30ee40bd1f90683433c
3eeb9115c3888d0b1c4cfccc25bb48661b90f308bdcc1ea0c2a56a7030d5c547
669634a33853f70175e367b9519b29e5ac57ddeb412884c004875344ad2b5165
a87d18df4d58e31acb40b03e05c9de4a507991b1d4f3ba8cc22b599671fbf43a
425fea1071b9d17709b1c93a92ce8497bd4d8f42d17bf7f7dc47db9fede0133a
78e05cedaa8ac3d3361793ab8b19b6ba2147ea99cd6e406720e90dc5474fcda0
2098a5c58be76612a56e5dc768ecffac4d8ca0c90f98d089838f299b5cc2990d
284f083103d1c160d9e4721ecce515646ce451a1b7ddf9dd89817904e21a4a2d
087437817d3d61d126cd0ca6d5d6babcd39fb5c85a48b95c023878d124051da4
738f3b29b73ecee8cb2f1439bfb37f537b00fea55329de4d5a9eb556f5124898
ca834f0de0a8eb1fa2beda59fc7a5dc9879886f9a066d6065ef621506b43590f
87f220dad3bbeec6f39ed3e74eaa5b63f91924104b238fd33b4c5d49cc88f1ac
5d3aa443debb15bdf756b94980e0a6bcbef950edd72941905f70eded5238590c
7803d28b1cfcb0c4f3a63515fea88508357e02dc2ee982f7ff1f0c2f40af3649
6120c9db8e0c5d714fd87dcb35954c460439498928bc85978aef0fb377e43e1d
de00660d0d96ff67cb8e89a8d8525567327b109bc54b9042e5fdd516dcc0e51a
4e6333e4c4cb032d90a01f0499d63346da93f702ef1bc8aa6a0b0a8cad912354
460e3932c1f76c83aeb5f294a84c5a2343d05bf40afadd3edae8c561f26f9ab3
855be39c3b980dbc9be89124bbe9f3e4fb660cab6a4e84af15fba8379b9eb2a7
f2ea08890e2043e272efd3f728c3a129807097c24024730154a24fe7269d3fc9
a377c1c13801481e8dcc3c8a30c3df070ad73b9983e8c4fe85c058ac9034ee37
1365414d90a8e9a059336e150f9123f59562c2c5b3a354f3d73f882773f04571
0dacdf0e2ae577718cce67a4498ca419da614bf7b536c615528bb6e273717f54
d979fd8848a2fe7df6ea8cb353086d8a28d7c2523b5e10222c19285ab40fa5f3
3e5c92ebdbc350c5d12d8a684ae957f570f9fed8c4099415f1d9206c910886a5
3fa6ddcabcb03763ef1887117e16ebdf0553a1cc2a16b58bdecaba0735d4e60a
b108df3575c8f9c77577486a92b52fe55bfb6508acca68b22250d8e1fc0494fb
29c1eca587a0180b5cdfc0e939ef5b1bb201335d2dea2a1c6427ce37af68325a
a6a27d9ba682a107558cdb16fcd50ebbe3d112c8dab38e96d5926c522781cc81
7238e57350be305f25ca913714b571ee225a658bf5234d9e98cf72e176b8749b
9e34d822cb489de3ab2eca88ee132553044889c86713da88dd1458fd45e62604
3592f60e97f29ab2d4e60ed3604d154c4455f59c318723aa0d25dd6a5c255f66
374290f4bc29e1d5a3295b8f23c281393075beae64db51cd5a5e96c03f9ef8b0
ad3cad3320c96364564203d96cc76ebea925dcc8de447195e0c1addb9f28e7e8
9c8937d1ffc2a8ce23cbaddaa9e8b046d1460fc684d05b609fec3514ab14c39c
90cd882d4b7aa3939307bcc71bc05d38e600cb22e8984985335df1feac12e44a
4ce4afc5fd856ed5951e35c3efd45fdc03662abf43050fddc564023ef40e6823
94bd0998c7505445e3f74a8d902e4e768adc6304e0135075d0d856eae7c37ab1
cb5bd9dcab7d07c1775ad24d25f72e15b6d62d4c22ce95345ce95632bc68be63
092853fc5c2163fdafef345aff1be3116697804b6f81ef2374422822d1e78bfa
cd526b1117e1c22762e6c48441856143ec31f33b8b8efaa13cb3ba37631c5972
4b0446befa42f4a40fd06635aaa72fb34dfbaa7575fb1f811df6f4fad90f53b4
1026da21d95ab9bc3a5dff5163d8029ea6ca3413e586272074105e4727ab1342
a3d949b62016bc688520dfe0bf68075ca6666089eea641a62be626aecd1872ef
294003b3626890da222c7aeb34f7ac71cec614026c686fd88df269cc175a0e8c
19e2bde176b68e7b609977a3965b60bb74afc5810781e1545c1dc83beeb64672
9e90c1219aac375230e375f3d641f6b1edb2968acb41d542528ad744714c9b35
af20afbe249de8d37ecdae69670fdced02fdfbbfdf7a1f2810e7628b52e29e4c
3ac5dd621c370ef1fd89c945b220fa1dc5a1ccaf30ef5300034acb5cfdfa3e11
497ac5eb72b62c3db2d5383bc2823bf38596e00d877ec7e9d572a94830f07a0e
a68bc10b645b0b5748702f6db2b275549a5214854c0bc1efcb4259930760aa2f
fcc7ce0c1cf2c3d90bef0d564fcb9ac13631d73dd516a4e32f01ecd3ea9bcda9
0c0b4ee3d14fa4db0bc8268ed908480dd3b977fa3c98bcb930a52fc2839d35b4
d1a77a1cb9e4123494d9646d4d064289d6c96dd7a1ebde4dc0aab169c42018f0
007c244b9dac3fecd6d8df49314f664afaa4c1c823574108f77189c2925e9594
078a6edfe74bdca838f020373b45f18d1a89abe276d75eedba8cc4a0e8ac0acd
85768ff86e86155faadff2443ea1c9656fc479ffa5f0ae90c9b738bf31ff1080
7eb02adb15e19f6a197a641d054d24d133f6d0880afbb8ff53a6629cbc666b67
3055d261f05a0656b1b92d9fa8ed3a72111a3a5c6d036d13d3d3a304ca99b987
7362f82084bcdf47b0927674ad678f66214e8d4f2783a0b9338ee4eb773c3474
9c351c1e11a2e25b53edd78ca7bf03bd0c6afd2d0bfbeb5dad6cbe8f24edbd5c
f62010b7a1b10bb8cc3bcdfa7e4c96e4acc5e792d670916e0fd7372288a28510
74b7f7ab11694433db9e6f10265127cb9ab239983f0442d6aea1a475713018e3
6c29d8bad383d0c43571ca79bb4887596c18c54053e174bb4d551a717ac33dc0
75e9a0ab3a75f42cdae23e971e2f34f447aeed1bc9b0adf11d47cd2dc04a0835
0a0eebfca8553e921339c90b0060ceb6adcbc5f747696b1abecd376f50283911
079172ddcc7b1086b9bf972b21d0d579dbff695fde14811165a986efe322873a
6e333e5b68668934186d53525c24d2ed857c35e36b4d21102d06e52e6890ac5f
8d34477674ccda710d5acd22a1ea3ce7c9e818d7b6d3b19200c896fcf42f5b4b
3f6feb2ff90be022f4b11b4e4be46768ce735fa4fda2fc731232fd1105a109da
1ce99f60292aa8808687010e53feff56ab3af5af3d725d8a9008dd4a1cf252cb
70c558209d7201e690991be17a01c6ef7f5b14775f2cfb288f0abafa43187fe2
3acf15dfd8e4a0fbe7404c2f8aadda1cff0aba5c058f5b5c3481bb44d8ff5b64
fea10c485839f80cc78106c2ef1d4a3ef70a5a0c208586be219a070bca061d6c
fc5b0314dfd53a19bb905de5b758720df8a25857bdd1c5a72e5b1af7d4ff994a
da479ac3683eb1b6cc8cee9967b33d7a299fb551b9a8a1ddd5182469de37b2fb
74793488f23a075f3d4e966eeb3d523c152d6fde434a4712a2a700d3db7b65ac
01e7f777e19a70073e6e8d286263b12b59bf8cc9af1e0b0c9fa4244ff63c9dc0
327c974b8d165bfbdc0c4277bd3d68e24b6d55a6d970340662ff78468a9c4e29
4728a46d0432b4fa8c56c71597346276a69c9a38842725426a44364cc0655457
f35cac13d76f955a715a51f5029ec8e4539004f02a447eec2b84febd7a4f62af
39c734ab91b8067c2458a620ce002b8bbe6f0e18176a7d98d022883ec73e67ec
818d5b7ce2bbd0ddcf6693b650106d1770e7ca6aa71b15a79d8906827da0c690
eced2aadf0074e3f52a0d9db1f2ca5d107a3d67be858da503cdbc42bd69b9083
feff1bf844bab637c8574b49864ff122078ca8c15d0eea205657e28587c16eba
4f22748956c9ec725df67a7729730ae3d56f88dc37db966abfc3a7557bbdb69a
a38d77ec66208f83f4065fe43bf51c96b587d2937b0d5f6d1abb1ab973de3751
41556fc8255feca7f1ddd424cec3c7e3f9007fea4f810db053a3886b4d7b8ec1
a0f0432f815889adb15907adaab5489844a71f5527bb07afb3d37f1a6ef948df
3993abaf8f1b6758260ab97a7192a4dcce70c41ffb326db7f0e94dffaf647312
fd39a58ba08028b4464f587dfdf9de02bf3e68ed9d1ce834593d45acf6e13e0b
b0049161819d1b613e9bac0c0ab31c4926013efcb93041f2b8c56f5d34f2336a
e3c96368f6fbcd69a14db4389851e6c0422303c8d5e8e320a796632b98224598
4e6eb217528d9643d9a41ea4ef18d97e64d425d5c419738a82081e2577964de5
c4c2a82a7d454bb85fa22f12d2571639c1640ba4a6790d708f4a229f91a7a99b
a00f90db29e2c261c2b6bb00093c43659b577708e8afff72c97f17d41bb06e2e
ec8877718f6bace8cef59ee505e0cbed94a2f6531249d0801192b2de127cab85
9ca2e817ff19e5313105b3b468c5390aff48fabe778333d4d2d045659818e73a
1691f0ab36468cfed1f7ebead04c3b46c11c4d8614aed53ff7060e7e7d669a4c
b86a67a7dea558bd5719148ecc93ecb2c4f9270006ff304d860c866519c8ca15
8c17a09ac22963e933e3ecf786fc7c5d5450f79fec68768c15d647257387270e
550e199325198e2aeb1c1fe8228a37715962dcad001c447f29f226921e6a9f0e
b0cc835df649b790bf8fde133d284d4bf3b9c6fd65baaa6578f91b9b3fc33b5d
807f17e494839874f50bc0ba2f65991825199a8e25bb5fad4e8a347bcc48e5c6
ebdc00c1de3f168e1a3750f0561032d9e2c2a1bd745341f970dc1e395695f341
d5de28ab9d6c56d5eacee86451c92836f930ab3f4ff7851b467f4786657b754d
ebbf0823315707c04f814d68d3c3528354b522215ff0768303002115245b9e44
d99cf2cb4cb19eaa429333d14049d76583cc2321623a59f254082546cf22a733
a1f1d8797ffd930f0a16f3a1bd96b58419bb05bcd304a6e4ec2ddc14c664c83c
256963eb74c71e0a17b4857f1d6b4cde19803f5b3f6c7b1074bb67638873a44f
f29da44cb8b621f596ac80029f3b2bf08c7da29532eca778d0dbc1f69b68f49f
64a5d64cf3af0a6739ee706e3fb1d4a997fa5c32a52cc42167f673ab14bee3d4
e945de86856a0a84ba5655d2f379d7b6ecedfcd9d8a0bdf3ac0cb17161240521
8d1f945ab98dd2e36451a886f621535448aadeaebc7dddb5fa38eb5c047f4f4b
486f3560972827fb2f0faa5c4e9e4b95d76a7cac604ea71aa951ff031f6c31a8
164406a15fdde9b61ff47c268b9853bde4284f854b50975e2ccd648180d1dd97
2049b554fa0475b934d928927c95dbb42a979ad1e9356f0897ea83533575aec2
c22ffc1b974658f59a252e303a22ea383a888911c8147fbc470c3e8120029fc8
01cf3732fc2dda453bc38f2e3ee9d92d75e15c4559625bd1ffd209516128bf41
2d460e887cab8b04d177abcde12caaf3fc92da243a8774b04a46ae77fa0f2891
ec259063f9999d8569781cea00cbff7da90f088ed04c79c494754949d3e07fa9
05af274a83acfef260398e86ef52f2a889c6dd7d2818e54b20e90ee535019b5b
566c604f26742adb324f674132c9e3d7ae9015ad8e3301e7d5b9fc98b7c2e8f8
f2420fdc9492498195a8a0bae43cfbf7c721b18c43b55ccfecf941f06164b154
c91ecca54c0cbdf3f8714d7c92ca6858d4ddb5957ab06f9ed33bb73e3b5f6207
e7cf9ae73751f92a53dbbc41b4939510e23352bf3a942e86b269c72b80cdb63c
SH256 hash:
89dc4a49a1339de24b1b4d58497b9b444ff7cf84cc4849bd45081d5d9b71e7a2
MD5 hash:
b9cd3b9885097dc52d4a4092c6663296
SHA1 hash:
d4b82555fd1ef891fa3e3b275c833ba8e311da9d
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
5eed35ea2d619943bc72d4bd9f36eef2cf0c400945b01809b5f4bd0881b21c54
MD5 hash:
7d140d3cd6fe75c5ea81c2e825c84f2a
SHA1 hash:
d06b516d7013b34c90598cc326e13f14f2c0fc7a
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
14b6c23a210e776b71b37cf773303a479306ff9ede50819550e48b8d007d1f96
MD5 hash:
1ea58a9f3f24fd16ff63f5432c4afb02
SHA1 hash:
d027b435000e85dcb10711e1897879b17a87330e
Detections:
dcrat_reg_editor_plugin
Create hunting rule
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
42b00dfff36a087a0e7b96741ba7894477adc079685793781131084d8f258d12
MD5 hash:
0ff4a0fdd4f59394ce4f2348c2cb56be
SHA1 hash:
cf38b28aa4e40a39d50bb8f83135d8a4bac476ed
Detections:
dcrat_block_input_plugin
Create hunting rule
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
Parent samples :
6f0a08f005fcd2ded1fe6124656de735ba04d4b1d353c98440eceaa53140f0be
c54d820f7ddabf09562c1913c2099aceff06122699944496f1edf5b58f70eae9
04dfbc17a5d59fe23f729175cc485a86211b55190613d88247386e4baea05534
189a5a34e99c66355da0eb5c04636ac3a06404723cc2de86a22bda42aadeea21
cd652234e4620f37b2c74931cfa9bc463560d38976ea12f384c92c4827366434
b84321d7416c9898a381c39e94867b880aea15a68049795d81888371c70d16c3
6c17baf5dfdc7956459c13eab8e1bd537196f4e012c16a8ed8c9dc9762d6fc2e
4c13d7949070e6361626b855d849afa3e4721b654a7906303bb5933645498c53
377f3033cdfdcf4b2bd6b9c2949abcb8d7973c2ade4115d1c622db274bfac687
34e740ecbaab29c15536abd6409bd10e1880a77eeb8a5a88e787051d4fd916a9
9e7a70da8b8fbd3193c3a9c10cb1b120802a8ef88e4e1c4c03945cd87dc0dd2f
a8aa581a55d93a40301bfe2fcfc548c3d75241303134fdcd585bc8383a65acb9
4690a17fffe8940aab38a0e88ef7fef186a5995e4d00e2d0cccde30ceaafcb9c
dfb61558c4fe802041d53dc777e82106afc9377cf60567e797296b1cd74aa402
3eeb9115c3888d0b1c4cfccc25bb48661b90f308bdcc1ea0c2a56a7030d5c547
9c8b561cf27708f285da964826b1183608e75be698f6b5a4469faea8e535a760
f7873b3d8b8f6cf252b37ad3ee8a57b1754b82acc1d0840184af4ce4c237a0db
e341875335ab0192719a7a17c39dd43fe185be56d7dff52c8434525489523007
94b238a6c0c1757059b32035d7f7908b93a03c95cbcfb5c410380093a4ae3e00
425fea1071b9d17709b1c93a92ce8497bd4d8f42d17bf7f7dc47db9fede0133a
682a4c477758cc6b25d07c284879656f821722910a3eaa3c335afa6d50b79706
770eab290d4e855026a8f93e90190785ce6a5b772d6a46446b91d18bcea950a1
266126ef45c3eb686abbb96bb3dc4427f7772bb48b8e9ad1c502b43c63c92475
0032705a736c09ccb7d06c156ceceee2c5915f486a32df2cd0d00d8393c9e0f2
0714c021b42433c9bfecd7e4c92cff30901e7bea72f0cb499e15b04dbbbf6423
27fb772f0a2179eb3a713bdde7dd8877b3e208cc29743a97be71308309664e91
682282bf621bee4f2a2ec6b574b88f9b45685034fcc4db866e6777706b774bff
cebb491e8af42508a08b3d72e299bb73ce764dbe0697aa86d5e300ff50cfeb69
387d5d85440c9e1db680894c297350c26145221e3986ed01bd3b5bddd8cb923e
284f083103d1c160d9e4721ecce515646ce451a1b7ddf9dd89817904e21a4a2d
087437817d3d61d126cd0ca6d5d6babcd39fb5c85a48b95c023878d124051da4
738f3b29b73ecee8cb2f1439bfb37f537b00fea55329de4d5a9eb556f5124898
9084394a955e7b25bca70b2298e1e3359c5aab5189628b647eba18706ffd67c3
8394ffcfda6873fe25a4fc6546706229cc856e2c8ac1f4af6e038bf163ba5547
753774742cbc7f66f9a6c95adcbbbaaef355bd927533a40b61ec9cc44cecaa3b
e75535592e23584ee41ae9338ea80eb8472ef608af0288c855185617e465341d
0eaabbc6526d245393c83bd7167ce1af1b8ea62565bd24e4071fd5d85b42cba5
821cb2141c54e7f85c771ffb713132c64ab34c42d7dc495d932d4048349ecf19
0a0367e1f2d803ba830f19529ef49bcc840a1703724538006e608621c8d2912c
87f220dad3bbeec6f39ed3e74eaa5b63f91924104b238fd33b4c5d49cc88f1ac
5d3aa443debb15bdf756b94980e0a6bcbef950edd72941905f70eded5238590c
de00660d0d96ff67cb8e89a8d8525567327b109bc54b9042e5fdd516dcc0e51a
a5f4363625928d7fb64087212bd9d094972260739b274f44b53bbbd5be6d19b7
1365414d90a8e9a059336e150f9123f59562c2c5b3a354f3d73f882773f04571
0dacdf0e2ae577718cce67a4498ca419da614bf7b536c615528bb6e273717f54
ae869688bec81e7330c9b358632bb49f52c9f0c509f5bdaa68322716226eef8d
d979fd8848a2fe7df6ea8cb353086d8a28d7c2523b5e10222c19285ab40fa5f3
a887c9e1f514d97af106cbc3c0ef35790cc799aefb4d7d68a5e4c7e0eed74bd3
88ca97ed664243845afb3693bcbe5150e3628039e34f99b49df865442b60b4f1
19ab72819e1063bf5e8f6999bc4c68c65aa72fa52b62b9ae9643a5c2ea10c963
22cdd8b1c569a17884bd5ab6d67a77ada1309b849775b3967a91111f3ab0e400
09bbdf5b842a244123b81ba715cd80776f83fcff31994a07376112e3524135c5
32f71ef21a67f318a02518229fa4db7587b6bf021544df3082dcf888c4e49fad
3fa6ddcabcb03763ef1887117e16ebdf0553a1cc2a16b58bdecaba0735d4e60a
b108df3575c8f9c77577486a92b52fe55bfb6508acca68b22250d8e1fc0494fb
dc288149929d93cc33f1edfe82d4b92cb05c5b681e992dc18936df829b2b5e0e
b473ef5a2e4a6af3a8fb6e05a5f337de350ed961465a87525a19074a419071e2
a6a27d9ba682a107558cdb16fcd50ebbe3d112c8dab38e96d5926c522781cc81
2f77a20ba2eacdaf74acc2be52db30061d378a817ea3ac1812ef1c95f23f735e
7238e57350be305f25ca913714b571ee225a658bf5234d9e98cf72e176b8749b
00db2c26608e0e750b9262587d68d19dfd37e45b185a22b9438fb309ceb15cd9
0b80872ae84d5a7de900b51596d85e09361774ae22cd577ec4898b4350737a53
374290f4bc29e1d5a3295b8f23c281393075beae64db51cd5a5e96c03f9ef8b0
ad3cad3320c96364564203d96cc76ebea925dcc8de447195e0c1addb9f28e7e8
9c8937d1ffc2a8ce23cbaddaa9e8b046d1460fc684d05b609fec3514ab14c39c
25228b9b7646e3a44d0c0458b2d9f4dde89cb36ca52f69ae317edad02678678c
90cd882d4b7aa3939307bcc71bc05d38e600cb22e8984985335df1feac12e44a
4ce4afc5fd856ed5951e35c3efd45fdc03662abf43050fddc564023ef40e6823
cb5bd9dcab7d07c1775ad24d25f72e15b6d62d4c22ce95345ce95632bc68be63
092853fc5c2163fdafef345aff1be3116697804b6f81ef2374422822d1e78bfa
e7f193ed34c9c44b2e7ad602f0abb5eacf9ba78806cac5d8c81a9cf9f1a1477f
cd526b1117e1c22762e6c48441856143ec31f33b8b8efaa13cb3ba37631c5972
633b3cade3eac35d244499864b7951091dc5d8cbac3cb6dd4fa87a214be9c41c
1026da21d95ab9bc3a5dff5163d8029ea6ca3413e586272074105e4727ab1342
de7afeddc29a1d624396c18da80702aa9ab9f8e5212446022a49b7f804252f0e
7cef1a964acbe38f4796b9ddbbd95e3fc19215594b2f3ab74483d58fe4bb93ad
bc8c14e388292845423f694eee8c01accb528d4a8dab6faf396846f08098dfcd
d4a2585b8df04e3a9eff39a5f3cb38f7277d13a1fb2fa46701f25a15f14f3b9e
a3d949b62016bc688520dfe0bf68075ca6666089eea641a62be626aecd1872ef
294003b3626890da222c7aeb34f7ac71cec614026c686fd88df269cc175a0e8c
71692ef79be48ddd6f27fc7d11d32f58988d833974eca11740c92511b3b6edbf
19e2bde176b68e7b609977a3965b60bb74afc5810781e1545c1dc83beeb64672
5f89b33cedfe3e9f075dd2312b10580dd16b5fb1702fe1f1ce572a792ec9bf91
fcc7ce0c1cf2c3d90bef0d564fcb9ac13631d73dd516a4e32f01ecd3ea9bcda9
d1a77a1cb9e4123494d9646d4d064289d6c96dd7a1ebde4dc0aab169c42018f0
078a6edfe74bdca838f020373b45f18d1a89abe276d75eedba8cc4a0e8ac0acd
7eb02adb15e19f6a197a641d054d24d133f6d0880afbb8ff53a6629cbc666b67
3055d261f05a0656b1b92d9fa8ed3a72111a3a5c6d036d13d3d3a304ca99b987
7362f82084bcdf47b0927674ad678f66214e8d4f2783a0b9338ee4eb773c3474
757ddfaea3c3fe1d283195f096eebe58fb45d87359773e3a53a983d5b78a6f04
661b2c9879d7ae68512f820689f2198fdc2d71288ed0a6e747a0ae3f4a27f176
6c29d8bad383d0c43571ca79bb4887596c18c54053e174bb4d551a717ac33dc0
079172ddcc7b1086b9bf972b21d0d579dbff695fde14811165a986efe322873a
8d34477674ccda710d5acd22a1ea3ce7c9e818d7b6d3b19200c896fcf42f5b4b
3f6feb2ff90be022f4b11b4e4be46768ce735fa4fda2fc731232fd1105a109da
3f7dbeb177934d53205b93a27b9f4262fe0f46aaf090326cb8e2069d90d0414c
c0edb4ab0c1ec04e092eebb05cccc48d35f615c0db2a1e0c4363565586c7e519
70c558209d7201e690991be17a01c6ef7f5b14775f2cfb288f0abafa43187fe2
3acf15dfd8e4a0fbe7404c2f8aadda1cff0aba5c058f5b5c3481bb44d8ff5b64
ce0545657884415ef34e052fcdf36506eee3f33315810fac1b7f7c615f439dcf
5539d434ee526c3dd170b22ac661ded347391278c129f0f7571d683bdc0fb1db
e0b4936809d8a75b5095ce25dfb12e14c825e9401d941356749bba86a26b6bbb
f9e07becd2faaba0a53f178a513cef474849c4d82a1e69a871c81617db614296
bede23ca2e4d3eb802787a7098e718606abd5768e83dd7169b57c05f664a77bf
84f54e72011bbefa9480f3b556de2739efdd2910018230990ac5a1b580ff4993
4cb2a089b9b5c731fa3bca4d3e697271d948fed7882fb6ab86c3ebb3d86ab0ca
6e36e247d18636fd5a1790ec30a2700272016b7b18f92bb5e3afccd3f7850008
5ba161e67deaaeaea044b14dca79b7bea7050bd4ad76582c1e229d794e9d9029
bc4e72a6f1c09c44c778658efec7f0eb4d60d16e43527f72f9e5e98cb51667cd
b61b723de0b59c7c038675f8d76555a4e0e198e0e8234ef939c5f63ae55d58b5
fc5b0314dfd53a19bb905de5b758720df8a25857bdd1c5a72e5b1af7d4ff994a
b7ca17d1cca0c38096119bcc28f57877024c68fe6d9d5f54433c1b02f0352fad
63533c321441c3186976b15172a575eda99ad7ec6a937073b7b36ec45cf3e1f5
da479ac3683eb1b6cc8cee9967b33d7a299fb551b9a8a1ddd5182469de37b2fb
01e7f777e19a70073e6e8d286263b12b59bf8cc9af1e0b0c9fa4244ff63c9dc0
327c974b8d165bfbdc0c4277bd3d68e24b6d55a6d970340662ff78468a9c4e29
5680eb1ffa1fac4f1c5a78024331ff7dd8982138d89d2df4ec56996b44c9cc99
4728a46d0432b4fa8c56c71597346276a69c9a38842725426a44364cc0655457
f35cac13d76f955a715a51f5029ec8e4539004f02a447eec2b84febd7a4f62af
39c734ab91b8067c2458a620ce002b8bbe6f0e18176a7d98d022883ec73e67ec
ee9e68394df17b14d2190d46257445f427bc43d4e02be9f26bf6236b17fe0052
a38d77ec66208f83f4065fe43bf51c96b587d2937b0d5f6d1abb1ab973de3751
06e06f76364f957938f21dcba29b05d17da0597a9e18f3bedc2e0655e84a289f
b58aef4c00cd53ff6c8dbd8dc77106cc4d3c9267dd6a85a60689a7d877d296eb
ff9cc44e996069dfff874a512de5466e2c0ade9bca939ab235041ee301822586
a0f0432f815889adb15907adaab5489844a71f5527bb07afb3d37f1a6ef948df
3993abaf8f1b6758260ab97a7192a4dcce70c41ffb326db7f0e94dffaf647312
b0049161819d1b613e9bac0c0ab31c4926013efcb93041f2b8c56f5d34f2336a
90528e80817e530236ab8110837e1afc510cd1b3a69e90787d8dd00eb471a40a
a00f90db29e2c261c2b6bb00093c43659b577708e8afff72c97f17d41bb06e2e
ec8877718f6bace8cef59ee505e0cbed94a2f6531249d0801192b2de127cab85
9ca2e817ff19e5313105b3b468c5390aff48fabe778333d4d2d045659818e73a
b86a67a7dea558bd5719148ecc93ecb2c4f9270006ff304d860c866519c8ca15
550e199325198e2aeb1c1fe8228a37715962dcad001c447f29f226921e6a9f0e
b0cc835df649b790bf8fde133d284d4bf3b9c6fd65baaa6578f91b9b3fc33b5d
6dcc2f68713b9fd65e7cbd3c987632b67f4db83a27f7c1a4fc7b16b07f7e5306
4b3c55405763bd70c67aa1be3a5ff64ec09c0255d6151e94bfef3b230c295aa0
394fd362a6bc35e1883969937fdabd2acb05cf7226d4366ebfb2ce72566c1776
5e77f11a0205bd6b936833eeb03135df7d6de1d6bd8490e32c6843d89cd9023f
d5de28ab9d6c56d5eacee86451c92836f930ab3f4ff7851b467f4786657b754d
c4fd4ed2f44625ba8af80b9e9751a005de4a3060eab685bb8e3e4b455b90e3ba
107e5d98e41c2de3fc4d8844c85e6ccb2af6d35414a6b958eb39cb3feed64854
a80013d4175fe572cbeadb27d38a4fd397550d2b81532f6d800300c195536597
f2420fdc9492498195a8a0bae43cfbf7c721b18c43b55ccfecf941f06164b154
c91ecca54c0cbdf3f8714d7c92ca6858d4ddb5957ab06f9ed33bb73e3b5f6207
e7cf9ae73751f92a53dbbc41b4939510e23352bf3a942e86b269c72b80cdb63c
SH256 hash:
b8d5c76c41106fb29edb1bc2a454537dde434bd109c400ef5cba6f3c49499aec
MD5 hash:
ce8101fe6774edb84311d3cd8ad8265b
SHA1 hash:
c3c54c81f58e9282d673cc237a2a1894b2adff85
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
e8cdb5275b6042080801a634984a1a492baf30133f13072fb4de440c91639f87
MD5 hash:
e963d26096776a0a11af07072c54aabe
SHA1 hash:
add91921f2d666efed97b1974d1e97f8f3299e3e
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
ced608d5f5826533e8b2df84558a3c460ba46ae716a15f99e4b4b67fbc06c106
MD5 hash:
6eb8cc11833900eae9eab4125de7dc55
SHA1 hash:
ac475d0a76ed27798bebd7b66e5801a3feac9d35
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
549af59d1ecc26aedf766a97ad637d54c44f9cd9ff65b0a2d721bbe6de9e4f6f
MD5 hash:
1be959674d471890786e74d25fcf3ac7
SHA1 hash:
95861ddc4db62e2fc540ab3057ba2f1a1bfcad0e
Detections:
dcrat_bsod_protection
Create hunting rule
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
c06fc80b679dad3b8de3c54901d2594202bf5236b8b32d2425330057a2ccafbc
MD5 hash:
f565c14f3dad2a054486767409dc80dd
SHA1 hash:
9272cce634b68c9bfb782a69e937b9531cc5153b
Detections:
dcrat_hosts_editor
Create hunting rule
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
1d3cd947b6d7440490fec809ebaaff9d431df22bc16942d52f850291c7aa53e0
MD5 hash:
e81ea0050023a22bfc4186a50f7113ad
SHA1 hash:
8dbad5e1dc455ae288d6abd2f03e72a8db103d58
Detections:
dcrat_clipboard_logger
Create hunting rule
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
aad3ceccc82377ea7c838ba450fa2412e21ce6bfddd8bb5a229eab8608b80f1b
MD5 hash:
f515ad77d2e565ee0e068bb8acaa0daa
SHA1 hash:
8b58556625e1d2d7f95d64a3ca18e9fbcbdf0ba5
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
9ca5213d501a6d38cff84de9f06af906053cef25618d3bd72bee3409fcd9278c
MD5 hash:
06937615ba2922f4a41dcd248cb05c53
SHA1 hash:
83445bd39e95580218bb9b201c1c35b3c9055d3b
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
92bdba4a4c422f3600b94410dfe8f5d138d77b4c43bfe596eb13490510678ae7
MD5 hash:
f287472093bbe49417cc79dca29264b6
SHA1 hash:
8203ee26995d3e61e2662b6a0731b73bcd2a6822
Detections:
dcrat_message_on_start
Create hunting rule
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
3124387df0297125e4e31ab4bf1069c8871fae459e3355fc9a169d62b4399866
MD5 hash:
9e394060981e8afb9c64be071f013fe1
SHA1 hash:
8123b54b06ca1450961a7ad0ed1f81650df4f84c
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
4e7559a9539caf9238081cc71ca062ac4b5cf35c132ab2cff639f96f71878bb6
MD5 hash:
eee2cbc8116cf91009dcd705456753f4
SHA1 hash:
7119a961d3556cb1c912dec91e40b098b6b57f8e
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
019efeb5ca9d16afe113af74a11f810cf4baa1e45c2a39c274f099be725f5478
MD5 hash:
73929d7d4fc491a2c132c55d35e2e966
SHA1 hash:
6d264545418a0491f34a7f331430f8d8a9c5dae1
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
e454e5bd44d81665d7706370687c0bdad6a846e35d1d1ce709306c0913d829b6
MD5 hash:
7c1dec51136c0930a7aa5d548f062b4d
SHA1 hash:
6cea566cd86fd7572406f375a00d94c51afcb176
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
64fd100aa3a68d0940b1c49162e446d12cfea13e80d842ef51d8c9bd38e823a2
MD5 hash:
d3e64e5e16fb9481fac7940b0e3b8bd5
SHA1 hash:
6079bc012333fabd9ac0c7e4bd7b6f1b7f661a75
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
b1a323d3099196fbe86659cbfac457e5cac4e5748b2f6a9430540db05ee91cc0
MD5 hash:
e06eca1c80ce86ede04e5da8f328af27
SHA1 hash:
5aefeea892528f4b9878cbb96c0e6587f1a90c9b
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
a6961717611d5e276dc288c7a79e4b53db54326e46ca7b6c516247aaf1539071
MD5 hash:
8372644a8f15ad1bacabfdd948d22c02
SHA1 hash:
590024c7af62c018a8f123b3ee4000da9c76bb57
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
957c0d30279c38018739624d975ecf16a9df637f84a80da9add01588251a093a
MD5 hash:
42180c7544f20741715a475f0effff33
SHA1 hash:
4edc0d2594654e098bfade5e9105485c39fb2711
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
c49c50f931060151bd84353665347f29259e636b9177372ea7e3d2ae84318580
MD5 hash:
d7c4042f8dbf264d7cdad86bdbbe3e96
SHA1 hash:
38aa32fcc2d2f8b42f073c6c3b94ef89b01d9f14
Detections:
dcrat_disable_uac
Create hunting rule
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
81553070aa7188a758c06e565568ba4ff126dd371d314698984b12c175716648
MD5 hash:
5db660a143031d84873c89b09cbdc832
SHA1 hash:
38a5784678d8d93dd35fb1ec41e7e9d04d7712af
Detections:
dcrat_system_restore_points_cleaner
Create hunting rule
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
b225a93f0db5b75ee37cd632c437f90e25499db250f6541cf91dc694557321f6
MD5 hash:
64e05de0c7a1aac7532826c6ab18ef7c
SHA1 hash:
35a09cbe25b76dd0ba4fff984f16cbbc3c1a1a4e
Detections:
dcrat_telegram_notifier
Create hunting rule
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
1da954f73996f59218c5c33db305562b657171ec5dd48fae4edf8d473ea78d7f
MD5 hash:
307af8c8ebfb346c46304bcbe6f46392
SHA1 hash:
0e068943ea6ef46f44bea202e071c221a8b88efb
Detections:
dcrat_user_ping_counter
Create hunting rule
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
3c75b998c2cc0cbc91b25fb06749c45a71478363d4626624a12fb572307e153a
MD5 hash:
d44a8fce7ac0b0984c1cc450c3608c5f
SHA1 hash:
0a2fe0c31a43b9d73a92679fd06426b1a50b8a80
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
b656fa2da892837afd4d74b28f63aeb598819f63641891adcf7e9d032b39d1e2
MD5 hash:
5f2cd5af8a529e0a2dd3573d81348034
SHA1 hash:
023aaa781b482ffb035057fc9459b5ca86f69e68
Detections:
dcrat_usbspread
Create hunting rule
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
31d1c930871005d4da7e67478a2a44faef8842a135769114cb1ff65488671a2e
MD5 hash:
65c542e08ee66cd5954e6cd63a71b352
SHA1 hash:
b1e4e2ee05e63e084ec06300706b55f8f2267303
Detections:
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
SH256 hash:
1026da21d95ab9bc3a5dff5163d8029ea6ca3413e586272074105e4727ab1342
MD5 hash:
4cf736359926f19077a4c21300613900
SHA1 hash:
ccadc053294ab749b8588e96d970b2b9f68673eb
Detections:
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/16804901-b95c-4493-b449-95d17bd15c1d/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/1026da21d95a/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1026da21d95ab9bc3a5dff5163d8029ea6ca3413e586272074105e4727ab1342

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DotNet_Reactor
Create hunting rule
Author:@bartblaze
Description:Identifies .NET Reactor, which offers .NET code protection such as obfuscation, encryption and so on.
Rule name:maldoc_find_kernel32_base_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:PureCrypter
Create hunting rule
Author:@bartblaze
Description:Identifies PureCrypter, .NET loader and obfuscator.
Reference:https://malpedia.caad.fkie.fraunhofer.de/details/win.purecrypter
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SelfExtractingRAR
Create hunting rule
Author:Xavier Mertens
Description:Detects an SFX archive with automatic script execution
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_TRUST_INFORequires Elevated Execution (level:requireAdministrator)high
Reviews
IDCapabilitiesEvidence
GDI_PLUS_APIInterfaces with Graphicsgdiplus.dll::GdiplusStartup
gdiplus.dll::GdiplusShutdown
gdiplus.dll::GdipAlloc
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryExA
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetSystemInfo
KERNEL32.dll::GetStartupInfoW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::AllocConsole
KERNEL32.dll::AttachConsole
KERNEL32.dll::WriteConsoleW
KERNEL32.dll::FreeConsole
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateHardLinkW
KERNEL32.dll::CreateFileW
KERNEL32.dll::CreateFileMappingW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::MoveFileW
KERNEL32.dll::MoveFileExW

Comments