General
-
Target
pepsi (1).rar
-
Size
4.6MB
-
Sample
240704-vsk5qazelp
-
MD5
24fbf018a11b22640a6646ed78e32907
-
SHA1
daf5b5c6abb352fdf92f8140fa6bbb149e63b64d
-
SHA256
16f231990c877705303b2708571dab0f15f5fe42d3b974a987121fb62e03a98d
-
SHA512
46e81cd5e9ded9e95dda383302e79139659eb9e687aa2174237a389670b9d64a8626357af84c66698395654f87bf711c2b0b5e85a2e16afe98dd0439902fc3b9
-
SSDEEP
98304:fufbH84vWBTScaSPbBy3lkShla0chz2JoF/1Hq1mG54KdXXHsJ:WbH8OtcaJ1ZwpG4Hhm40XXMJ
Malware Config
Targets
-
-
Target
[DemonArchives]041e1bd3aed89526e86ed39e975c9421.exe
-
Size
465KB
-
MD5
041e1bd3aed89526e86ed39e975c9421
-
SHA1
342616ec46ee67d43aff67895abe521c61938657
-
SHA256
693bb007affbc34b35a0d1c57fc17ddde36ea6dac193d693c1550e0783a158c9
-
SHA512
091c125cca9bdf5974545b6d0dc5ae3fc1b432c79cbdd41a50bfab0e6914e0af88f52c128786dc36a70dd00a6de473565bce2d280c10ec0870df8639fd1e0320
-
SSDEEP
6144:p6ofQyPQ///NR5fKr2n0MO3LPlkUCmVs5bPQ///NR5frdQt383PQ///NR5fKr2nB:p60U/Ng1/Nmr/Ng1/NSf
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
[DemonArchives]05e8d74693b8989068ced3620ffe1027.exe
-
Size
462KB
-
MD5
05e8d74693b8989068ced3620ffe1027
-
SHA1
3918b2e9820824d2c339e605766f3e21d434dd0f
-
SHA256
e0933acdad775802a95545fb571c832fefe7d565a51ab3d4779a0a2512eba481
-
SHA512
7f193b4575bc99f63adff00ea358f7ed04bc4a2561bd4ad1ef47cda06077bcd08fd2a6cb0861847c503bc70428326897f14ebe8b0fb3462d972b8fd865fa5d4f
-
SSDEEP
6144:n3C9BRo7MlrWKo+lS0Le4xRSAoq78yoyfx93svqTP+t9lW:n3C9yMo+S0L9xRnoq7H9QYWq
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
[DemonArchives]0d9172d39becd60af945611179d03427.exe
-
Size
461KB
-
MD5
0d9172d39becd60af945611179d03427
-
SHA1
b9d0fcd222f498ba7996b299b96f1fc3be0be3ba
-
SHA256
3359a1c6c4fdb6f6ea3536d051f6b6ff2d6f40b597238c034894d01b9a64598c
-
SHA512
d57f82cd0a51dc203d242559a339901317a1984fcaf886be864dc7648ec7292b862dbf5d9b777e77d8fdaafa7b5b9378df357e940792a0b3166afe99bc841485
-
SSDEEP
6144:sccQS8mVhtEUgNQVizUgNQDVi3ULUgNQPi3UPUgNQViEUjUgN:sci8mVMNiUJ
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
[DemonArchives]0efbd60c76b047370f7ea76029558907.exe
-
Size
460KB
-
MD5
0efbd60c76b047370f7ea76029558907
-
SHA1
4cb490f46c723c9409b744d98adeb3d330bc8373
-
SHA256
11b39f4a9927435a5fd41565373f0e2df42e47a625dfbdd9925570565695e9dc
-
SHA512
428d131465b196c39c08280e6ce6aa04232b967d53d54644e6ae243949bbe4c809307fa4a93864a3b27df6f88b21ff3b97609bd993ea9f174933bd276ead4a67
-
SSDEEP
6144:adqWjSTYaT15f7o+STYaT15fKj+v3WTlcy6TR9Tb:QqTYapJoTYapI2mTlQTfT
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
[DemonArchives]13fba01ea039b8fbca8faa1d83da402b.exe
-
Size
463KB
-
MD5
13fba01ea039b8fbca8faa1d83da402b
-
SHA1
ed1a1e6442bcab7eb2b1fdf348874c001e33b177
-
SHA256
63a394f657aeecec1b4a662b9026a26892c74faa1e0f91cc48b83991dcaabcca
-
SHA512
0e3026fc6a8631b7860c1b224c8d70590701f554cf344d7a6f540cb099089fb5ff91268690324946ebac005dbdbc609bc89e9b16d85bb71b0c92ded3a536fdbb
-
SSDEEP
6144:vhbZ5hMTNFf8LAurlEzAX7oAwfSZ4sXUzQIlJZlllP:ZtXMzqrllX7XwfEIlJZDF
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
[DemonArchives]1403d46cde9b89a166e25b30225c09b4.exe
-
Size
465KB
-
MD5
1403d46cde9b89a166e25b30225c09b4
-
SHA1
0a11a825c7a49395c31d6b0fa8caa1cbf0dfa3db
-
SHA256
17b5e41a887d9df3b95042f1fd3be0fad8e06968c5817e444f64827a799be57a
-
SHA512
fd99ce7db8dbbbb231f39737612f7405eddd2eab785acbd6df09359daecb5d28229ae06afd03ddc2f7375eb111330342a9c06c4ecb6c1af4e25aa2bf6ac980f3
-
SSDEEP
6144:m+W+VaENu/NR5frdQt383PQ///NR5fKr2n0MO3LPlkUCmVs5bPQ///NR5fafhz:g+YL/Nmr/Ng1/NSf
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
[DemonArchives]152fac4a364c22199f1796d4389a2698.exe
-
Size
461KB
-
MD5
152fac4a364c22199f1796d4389a2698
-
SHA1
63e646695fe7204f1fd055a8cbb020148327ea3d
-
SHA256
b25d76adbfba5b7fcb1b2c0c31d12ae974d88e556aba1c72b2b3e1cc49d2d325
-
SHA512
d776511ae746abd967b249a838247f853af607c2afa8e6e2e1c61f7a098eb33693f11057af5c7d2e8e54246354a99ea868effb05b45d77dfb8dc4db1beecd9e8
-
SSDEEP
6144:PSR7RRsYlEj8772OrnEUgNQVizUgNQDVi3ULUgNQPi3UPUgNQViEUjUgN:PSHCgv2OUNiUJ
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
[DemonArchives]157c2fc0703dbf6f0871b3b3b6bb6c01.exe
-
Size
459KB
-
MD5
157c2fc0703dbf6f0871b3b3b6bb6c01
-
SHA1
13fbf94a6ad3e8cdda462dee4c3480381f24cfd2
-
SHA256
67194636e7bd62f0c1c863d9ec2c5794d5ccd1b076fd9d912ee39017c687d56e
-
SHA512
db25229952a2d5484f90c93e587fb4d9f88c128ae5f7d261ea62f1940e2adecf54694b169ad3052b13cc244a7558f2bd1d090d2dd87ce6ff221e27cb2984e933
-
SSDEEP
12288:eUhRqRVJMmmpNs/VXMmmg8MmmpNs/VXMmm:eUgVGEdAgxEdA
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
[DemonArchives]175cc462ae526bd0d86ef68ddcbb87e0.exe
-
Size
464KB
-
MD5
175cc462ae526bd0d86ef68ddcbb87e0
-
SHA1
227d3d30e9f15c8028822839d34d9b4ace38ccfd
-
SHA256
f2e71a66216f0e9f0f15a24bbb08cf22908c95542a2c7faa4045025d05cd9293
-
SHA512
c308d07743f6919cb12a9c96c36ade22992a135ead93ca5c7115835531a8938361140fa67f076fb0183ba64db7a64ea5271d8492bd0dbb6b167594444885819e
-
SSDEEP
6144:Zchc/LnvtdIEOIIIPCn4EOIuIPJEOOcHTETKEOIIIPC:jLQEVI2C4EVu2JEVcBEVI2C
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
[DemonArchives]18d11fd4e095277d76019021d90caa1b.exe
-
Size
464KB
-
MD5
18d11fd4e095277d76019021d90caa1b
-
SHA1
235a5c7980674efac10231b05e08476493e2326a
-
SHA256
5fcff40a207559c04b0cf0186eea8d7678430cd929ce495341f1954cee50bc8d
-
SHA512
f9abb3ac585f7ce43c132cf53248c8705a2460a1472d80ac6c2ea2ebf8889413ee3706c6bbc05d6dfc22a41c20f81e089761fe174f3fe534bf6c39168191759e
-
SSDEEP
6144:QKHMz8G7oPU4tfEOIIIPCn4EOIuIPJEOOcHTETKEOIIIPC:5e8hNEVI2C4EVu2JEVcBEVI2C
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
[DemonArchives]2c0cfdd77fed69f922dd84843bb9ecc4.exe
-
Size
456KB
-
MD5
2c0cfdd77fed69f922dd84843bb9ecc4
-
SHA1
6fd4bf7adf496bb8adc895c29f37ca223abe4e88
-
SHA256
0af557b9b767d1a5df7b110cb5b479690864d4e4bdcee0263fca8b02ad2f3fa3
-
SHA512
c7b72b539416fcc00f6ca30f4ec0b56451690813782986ad3b51325e672df2ddc93737fef9f5ca94a2827704c93292ebc9c11d1ded539413c326487bbf138492
-
SSDEEP
6144:CqppuGRYx4H712f/SBTpzZA6rXD40b+7TJDAMyz9GbkHWHLKuPKQsKxaDSA4b:CqpNtb1YIp9AI4FDAMyz9Gb5
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
[DemonArchives]2ccd09d08faa264e950fabf883c65725.exe
-
Size
465KB
-
MD5
2ccd09d08faa264e950fabf883c65725
-
SHA1
a8e48143aab34a56c8073b906dd115e4f8646a7b
-
SHA256
24f6711b378bd6b5def250f18429341b47839048fc184d2b47b2e3ba1974c659
-
SHA512
71468d003b5b4f69d50d8f867018d9923d66a69873bd49324d90cd18646fd590f8cca9cb3c535526ac1fdcb5326d2e4e663552d31aec4004e6fba61c2c39fadb
-
SSDEEP
6144:5t6cfBcKu/NR5frdQt383PQ///NR5fKr2n0MO3LPlkUCmVs5bPQ///NR5fafhz:LfBE/Nmr/Ng1/NSf
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
[DemonArchives]347354e00206bff25a9b8d0561ff442c.exe
-
Size
465KB
-
MD5
347354e00206bff25a9b8d0561ff442c
-
SHA1
93dae85ce75fcd2ec765329c447bf66ec1056b08
-
SHA256
1d718df8bc341e910a8caa51af9a40672cad833f080781d6107026e78c52cdb3
-
SHA512
0ddffd8ac5feb38da2038879867625cca90a9a608400232e5bfb99cb02ff2590e33de7d04d778c9e4e07313a37e5731bb7ae8b441c3116810755b0dfd197eb1c
-
SSDEEP
6144:g5X2p6jouUoDxu3njPX9ZAkvntd4ljd3rKzwN8Jlljd3njPX9ZAk3fs:+e6MuUowjP9ZtVkjpKXjtjP9Zt0
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
[DemonArchives]35636949f0e6dc44b9fc0744c00d80b5.exe
-
Size
464KB
-
MD5
35636949f0e6dc44b9fc0744c00d80b5
-
SHA1
3c5096d3a88c8230956321317813eea48a97967b
-
SHA256
e0ef325221fd1fa6bfdad20475a690f346d387cc5321aac638c9cc0a2134029f
-
SHA512
d1f61210a7968712c2255a0108e8bc34fa3996b03e68cad5afe455256693300cbb07a60b2486bb6c2f437f6b310533701b6fc64a1c3d81cb0a8962dce964e64d
-
SSDEEP
6144:ruYjXM0FEOIIIPCn4EOIuIPJEOOcHTETKEOIIIPC:rtMkEVI2C4EVu2JEVcBEVI2C
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
[DemonArchives]41cf422e40d6a52be96d623a2cb1e399.exe
-
Size
463KB
-
MD5
41cf422e40d6a52be96d623a2cb1e399
-
SHA1
91cbac1750e32f3f1940d6c71589e0448fdac383
-
SHA256
8dc8dabafd6102388412bdbd1e5338fd24c833d612b9842a609c68f98171ee78
-
SHA512
1e4ba51047b9f4c6f8eaed7ce47c91ee50e79efa4642daa489bc5e99f4ce09f848c448ebbf567afe8b226f01bfb4e8ef004baeca678a3c460b6eae1ae2644c8e
-
SSDEEP
12288:OpLShUUGynVVyFQIHS84m7G03r0+o3fi6nd:OFShrVitSrSQd
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (62) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
[DemonArchives]41f02289ff92022b89b12c690626f66b.exe
-
Size
458KB
-
MD5
41f02289ff92022b89b12c690626f66b
-
SHA1
415b3793e186c3293d07e96b8eb0bef9df5322d0
-
SHA256
eb48567db87c23b8de3e10310ed09e7d7e1395ac4975adc647ef68803068cdcb
-
SHA512
e81d90995810905e1d13ba03f1bf3a2337d0073b403e3cfb186aa0d278d75eb71d54c98f77594f3deb2bd35ec442cd2856fbd0a0eff65541e7e9f5e6805a93dc
-
SSDEEP
6144:cnod4RVN8zUq3EAl6yTMPlwxqX2/xWVkCN4zbgdJqMs+9D5htUhASnQSFk4T+vDU:ZV3XMPlD2/0mCYb8JpihnQzemoy+wu
Score7/10-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
[DemonArchives]43298e292a919a9a09f5fe0781e0120d.exe
-
Size
460KB
-
MD5
43298e292a919a9a09f5fe0781e0120d
-
SHA1
78c8e9f0163bd9a9abac534e2d9d33c27c6c2a03
-
SHA256
a14f88c94641f60e99b0ea958e202ba45b38e97dca49b6df148dde170823bf09
-
SHA512
fba13dc0620eee362dc9ba935d2e457715f1e6ad4ad4666ff2fdbb5fecd85bac3cda6078b2d3f14b3ee989c5a86a1267f5ca88a238a5a573f450b921b1297c61
-
SSDEEP
6144:zg9ERUPSxYfMWAYe9yXO+NMS5OIqyDuG3DnBMwI+4Wf+Aq8Iy80A8Negc0:zW1fM5YeW62Ogu2rHI+fkx84
Score1/10 -
-
-
Target
[DemonArchives]49eaf0fd74d11b5873771a5f03b6c213.exe
-
Size
461KB
-
MD5
49eaf0fd74d11b5873771a5f03b6c213
-
SHA1
2b058cdb1b858b1ce132a2490b7bb8d9028d75e2
-
SHA256
8246f85d4f1c04309d5caadec1d258914c32b957cfee0650c15e814427729168
-
SHA512
63bc0974466e1bae4a800fbee8a34514d74d465c184cfaaff5946f389c115a4ba5395debf3b1093a0c9d6c42f71cce9e25b725d8961cd00e36a36222236f186b
-
SSDEEP
6144:haiQsJe8INNNNNKIEUgNQVizUgNQDVi3ULUgNQPi3UPUgNQViEUjUgN:haizpNiUJ
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
[DemonArchives]4b12f9412040cc201c03c36cdf886652.exe
-
Size
461KB
-
MD5
4b12f9412040cc201c03c36cdf886652
-
SHA1
b149e1f7fa73716710d5868e784faea7c9b4d6d4
-
SHA256
e592de50506fc728c9aec82c06e436dc95f2d322c6a8955777fe5136ba726163
-
SHA512
6e73468776b868203c2371ef81c8879c87e6cc6d5f4667b38f0368fe069f80656ab3134f3d746c9f5e5767d273821dff6bf94744665f27f08bb07920e8877449
-
SSDEEP
6144:UffGg+zYEUgNQVizUgNQDVi3ULUgNQPi3UPUgNQViEUjUgN:UENiUJ
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
[DemonArchives]4ee12a4668bc517dfb7903c33fca84db.exe
-
Size
462KB
-
MD5
4ee12a4668bc517dfb7903c33fca84db
-
SHA1
fe12e1b7631f31feb17e275cfcdfd7880e8f4ab1
-
SHA256
d5053004bf1ebfe254a1324df1460614c42c0ee83eedddbcd571f0e6b4551db4
-
SHA512
22df2365b1aceae7e7ff8e771fadaa5744e45e49eeea2692811e786db7294eb9ae97e0ce2a2f995344e2b2110e3d81406cb9cf91a655b7867bc9a6e4ffd082e1
-
SSDEEP
12288:aTst31zji3wlwdYVL2LdDRZTB32vJ6EkIVbF1zza3fuMXyq9nV+:aItFji3wlwdYVL2LdDRZTB32vJ6EkIVR
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
[DemonArchives]6fc11c2b56f0b679432da37d640019aa.exe
-
Size
472KB
-
MD5
6fc11c2b56f0b679432da37d640019aa
-
SHA1
81f208f98017044c10663e1419a43a21a32d7162
-
SHA256
f50e41a4992c954a8f59a6984005f4cb1d937b7a825a13d56661ad4991d4a468
-
SHA512
c2d806a4230900d7b6cc8b94583908ec57c07e5067a13a04ff03250d3d08d6c661cd69b95ecf534f43e4a1861f67386248e8405b58dc9c046c00e1096cfddf6c
-
SSDEEP
3072:O8RinudiP52xx67lLdKiHDo8x4s+8guiKP9cG7iLf3X:DkgiPA6RsP8VdiKPtm
Score3/10 -
-
-
Target
[DemonArchives]868e4516f6c925b27604ba2546db7a75.exe
-
Size
457KB
-
MD5
868e4516f6c925b27604ba2546db7a75
-
SHA1
ed09f990577bc0a109b2571f9be9dbbbed71cb96
-
SHA256
d481b1d259b92694639bdf236cd94f60650abf3d325c1a338d75b8f36986d7c3
-
SHA512
cf03a31f715e47de8b2e3560d7b71f4b8580f79d3146ca239d4407ae8a27b172ada240b9e2eb49be6e10a131a2d7c3aa44a9fb54cd3d68f1c0c6a23202109651
-
SSDEEP
6144:BDh8VXVDHi8kc2IX8eNvAyne4DqGs2hMI8gLcRo8yroBaWq0fUCQtnB21Qhtql7z:MXxHi8kcRDbDquc28ys8WvfUCQtrhtAX
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Sets service image path in registry
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
[DemonArchives]97716733411b0e13c047bc6ad9d80bc9.exe
-
Size
463KB
-
MD5
97716733411b0e13c047bc6ad9d80bc9
-
SHA1
b7e40defe1c331fbfdea09e5c6c7c2cec2cacca5
-
SHA256
40c0b281f1cdf03c20a7a46aecdbea1b5ab99afefc46edd28332e25756593790
-
SHA512
49f5b41d6078ccb62a00530ef31da165ee5b7f54f7d99f93b4ac2d560829fd54433d579188b75463e7383ad8f1796fbdf2515ce9f9a363edda8378828f0a74d0
-
SSDEEP
12288:lIlc87eqqV5e+wBV6O+5OGjYWT1Iq5oBwzpMuz:lISqqHeVBxrGhT1Iq5IwNM
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
[DemonArchives]a32adf11dad6b5dc85e7e68d0d6d179f.exe
-
Size
459KB
-
MD5
a32adf11dad6b5dc85e7e68d0d6d179f
-
SHA1
679848ae202341b0ed8738664a84c32bd8146f83
-
SHA256
c64f72136930b9daeb57f4028bb60d2c7ed6f9b4e0c84f947e542c1721d302c1
-
SHA512
aef6dffb33b350121e0eeddf49772b42914add40fc925cfadbc0fb69f282b3381adc51782039962da6a624ddf7a78633a554cd8b6379c4e9e5aca327e3c24f01
-
SSDEEP
12288:El6RSXQjDMmmpNs/VXMmmg8MmmpNs/VXMmm:DSYUEdAgxEdA
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
[DemonArchives]a969ba0fde44f4f91afc9c5da97bb048.exe
-
Size
464KB
-
MD5
a969ba0fde44f4f91afc9c5da97bb048
-
SHA1
e58fcec4b22dc07b56034b829ae0a63de1353808
-
SHA256
0a11892b99dc635cb2a1fd0a442a90634f27987b9152c05f09e3ba1f9984a229
-
SHA512
d9df8961963cad8f28a4ea3317414e79a654d4bbcffe830e3290b95fdecad162e56b82a863deea70ea3ff7e25edce00c4b2e6fc5425c5cb2ef98a39a00bda9ae
-
SSDEEP
6144:XIoEOIIIPCn4EOIuIPJEOOcHTETKEOIIIPC:hEVI2C4EVu2JEVcBEVI2C
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
[DemonArchives]ab8cc49b86fe11014586862c3d572f6f.exe
-
Size
464KB
-
MD5
ab8cc49b86fe11014586862c3d572f6f
-
SHA1
50f8c6e4f16996902422286f769439f28dce289e
-
SHA256
e2bb47d2e1fe7f40881a2d1b80df98dfbad7f96ac27eb1c713d0445b4fb052fb
-
SHA512
a0b4ea0a08ff810c979fbb0878972b1617027967797e684809cc6c6faafc227e8cdd180f81db07701f5f7195f2fff4a1f7b6f15ab8ba28c2ace2e002435d6092
-
SSDEEP
6144:AwPc0gFTEOIIIPCn4EOIuIPJEOOcHTETKEOIIIPC:AwPc0gNEVI2C4EVu2JEVcBEVI2C
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
[DemonArchives]ac5179b32b67b9e9f040c9d3d3eb4fea.exe
-
Size
463KB
-
MD5
ac5179b32b67b9e9f040c9d3d3eb4fea
-
SHA1
d3f807860f822aa83db80cdc069868a3a01c29cf
-
SHA256
45e30fd4f9aa7e8b3c15f65d38dd2fb1604f4b1dfadc85da4f9580db83e8147d
-
SHA512
c28fe0a756a4c6bd4f08d7598b298adddd3c744c4b2dc0ce55028de68dc748d18ee5874277f7da7be40a6973c52e56593911dc469e3ecb893ea82830143c3bb1
-
SSDEEP
12288:P7IU4s5t6NSN6G5tb0fX5t6NSN6G5tTvz:P34Dc6C0ec6gvz
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
[DemonArchives]ac84bba60b6fcdb676f9bcd06bcd0781.exe
-
Size
464KB
-
MD5
ac84bba60b6fcdb676f9bcd06bcd0781
-
SHA1
f1210a020453a4dd17506f3d3aec14b435f5276a
-
SHA256
267132d6df74dcecc9c8c5e9b3c67e890cf468c55e9fc3ce9e94a3e94f2f5f01
-
SHA512
9ffe2a634a633bd913e5bb6002d749a0cda4d773dccc942f918d42a7acc4682ba4d831f5c209b6791d4223bebb4113af815ef75bdbe2753d1f33721b0255808e
-
SSDEEP
12288:0Ush0kSMtfMRijwo+anQK5EO1eu4R1aT2uVJ7z4:wJtqi0n8QIEHLR1e2un4
Score3/10 -
-
-
Target
[DemonArchives]b3a88f1ad37513516de948682398c8c2.exe
-
Size
459KB
-
MD5
b3a88f1ad37513516de948682398c8c2
-
SHA1
4832e1403c7b2adc37f29d840cf6a4a7e2431b87
-
SHA256
bb84450054ae811c706ea0617ac149426506ad32127adf4c7793a9aaaed66a1e
-
SHA512
dcb4b9b64ab857c17b513760d00ef6b8b99e650ac09aa585a3340dd721cdb4be0f6d9b6f032922584839fc485685ec63cede8173fc890457a6aa2506c3811c0b
-
SSDEEP
6144:4LvWqUS/MwGsmLrZNs/VKi/MwGsmLr5+Nod/MwGsmLrZNs/VKi/MwGsmLrRo68lS:6vWqJMmmpNs/VXMmmg8MmmpNs/VXMmm
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
[DemonArchives]b3e20590ef8ce92887ee416a37e49f2d.exe
-
Size
459KB
-
MD5
b3e20590ef8ce92887ee416a37e49f2d
-
SHA1
c62973b52e0f2d4717fe6398823ca0d66494324f
-
SHA256
ca1cf083faaca4db54dbe4d5aa214cb3d91b9fffd87bb20aab9587c42243f995
-
SHA512
7823c1e60d14faa5ea269e25cbe7473f9c2da4e18d158e22fdd3ca041654bfb712bd9550b917c5272bc079334caaedd332913c842eaaa615412dd1979ac5eb65
-
SSDEEP
6144:ayye4JO/MwGsmLrZNs/VKi/MwGsmLr5+Nod/MwGsmLrZNs/VKi/MwGsmLrRo68lS:0OMmmpNs/VXMmmg8MmmpNs/VXMmm
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
[DemonArchives]b4ecf1603a553cd497306860ccd246b6.exe
-
Size
464KB
-
MD5
b4ecf1603a553cd497306860ccd246b6
-
SHA1
6a7751fd0064b8b35b16a601dddb1da42f179166
-
SHA256
248a70749853dc0635e5a942b916b94a855be245dfb4a2cb11e7a2903d849c3a
-
SHA512
085619f5cfbdfd443d003db74e2edf94c0cc79c23304f5b2dbeecdbd9e45d1a652fd0eda3aea5749fdc197918160555974df4066ad1481c0a813d7db7c25cac3
-
SSDEEP
6144:8OrunoW+ZEOIIIPCn4EOIuIPJEOOcHTETKEOIIIPC:8KTZEVI2C4EVu2JEVcBEVI2C
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
[DemonArchives]b68cd84c0761df0567ad712b28274703.exe
-
Size
464KB
-
MD5
b68cd84c0761df0567ad712b28274703
-
SHA1
c37509f8842f8c3f5f330d93775accce1130a90b
-
SHA256
7090271892f5e37d7d00107a99163e4024b4d3b0ebb1c89cc2043d3174a255b1
-
SHA512
758c0c37d82765238274125bff642f78b69fe1bc8e08f2237ff1fffdd235fb4a2044c6f9d05a8fa8277d4a12261baee3d684de0c77d67dab2024eb6dbed22264
-
SSDEEP
6144:ZxROvvjILVzCEOIIIPCn4EOIuIPJEOOcHTETKEOIIIPC:mhEVI2C4EVu2JEVcBEVI2C
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
29Registry Run Keys / Startup Folder
29Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
29Registry Run Keys / Startup Folder
29Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Modify Registry
33Hide Artifacts
1Hidden Files and Directories
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify Tools
1Disable or Modify System Firewall
1