e72b0bdfcde42b79c8b9266fc25c37d62a2c536d33c32eb6dcb4e2a17961f2ff

Sharing

Copy URL

Twitter E-mail

General

Target

newdcnyash.zip
Size

40.4MB
Sample

240705-e5383asfnp
MD5

4422896ff80655f63352e0ca492cb4fd
SHA1

4d1bf726b99e97ee929c38d0aa34acacc28d9efb
SHA256

e72b0bdfcde42b79c8b9266fc25c37d62a2c536d33c32eb6dcb4e2a17961f2ff
SHA512

1ac2857083c3cc633d1b139c51e430490a7fb0345c0d37055a20cba81a8267761de5ddf1355476f446e5ab3a81c9e23a64479990a82bdbbce1a0ba79a3773634
SSDEEP

786432:9tbphYJA5SfnaWVVUaFWlktXz+Br+nSv+JyJ321lUfeicfEm7Zc51vyNz8AP1oZT:/ci6aWVWQWlkt+r+nvJyJ6lueKTJyNzK

Score

7^/10

Malware Config

Targets

- Target
  
  newdcnyash/DCRat.exe
- Size
  
  72KB
- MD5
  
  2c7d37e90dd8ab57d06dad5bc7956885
- SHA1
  
  da789c107c4c68b8250b6589e45e5a3cf7a9a143
- SHA256
  
  5ede5d774ab65f25357cf5a1fa5e354f6f2a9868651a0fa717485802b21b1939
- SHA512
  
  e74ae891771bfd9c6fcdfbe8e4f33f0d5f7c3457cd84b257500cdaf8fa8b16fe458a18db9b3a60591465982fc2871f4c3f2e7541c765f00a0516f805e7e9ca0f
- SSDEEP
  
  768:P7Zw33FNUf6Nhd/fQ1l+0vM0iT9HvMB90d24:zZ2FWSNhd/4131i89p4
Score

6^/10

motw phishing
- Mark of the Web detected: This indicates that the page was originally saved or cloned.
  phishing motw
behavioral1
- Target
  
  newdcnyash/data/7zxa.dll
- Size
  
  160KB
- MD5
  
  c6c778752b11c3e443c97c55e60720e8
- SHA1
  
  57b29fb5760885e1594a5e97eccf18017cbbf604
- SHA256
  
  863f6bf4f51e08a4604a4e175781b35c251bb204f479eac58af0db11c7f019a2
- SHA512
  
  8ef6ea70f0b3ff65ef2cac3668487f1fc121fdb945d10919db187e95ad22e5098b5357fbfa77caee5ce2394fa707c8c79e80703aad9937a93d8cf9a5a46a413c
- SSDEEP
  
  3072:7fGomNy4JTVoXxLYxNJeINgQnK2W2KQy4fClGZMQ06+V8+NB1RkFIEu3LB:GZnMWg0y4fk6+VLB1RbE6
Score

3^/10
behavioral2
- Target
  
  newdcnyash/data/DCRBC.exe
- Size
  
  26KB
- MD5
  
  14a56e4b7bd40512b49d6f72086e8fc1
- SHA1
  
  d8c05adc75d739a56c63d6596d460304eb219cc6
- SHA256
  
  86c45fb7473e5c1df78b8cbb2003033c37b4cb01a677c1ef30ca1573e84ec692
- SHA512
  
  3d5c2010963694262dcb08337f80190630d890565a25610c33983268afad11b0882fb5c7a03b5e629560d3fd1b9b3856d4896f5a272c53928c1fd10924e3b3f8
- SSDEEP
  
  384:7P0jnfJQhdPTfmUi5YbS8ISIfKfLOI87oRehG6VBVHCHljIhzqb:4YdxccSHSjfLOIyoRet9iHWhzm
Score

1^/10
behavioral3
- Target
  
  newdcnyash/data/DCRBT.exe
- Size
  
  23KB
- MD5
  
  32e2bc4f79c776b542f6775895beaf21
- SHA1
  
  38e1d82f7cd869d1a016a94dc747110e44e80ae2
- SHA256
  
  98ec5492a2f0aeba5b39a9f41498d98c73643bf6d8d177e5831fb0ad6e6f8521
- SHA512
  
  4ed797827b33fc922b1385c7b4e1cfdc12f7e00c8969b7ed6eeb6aa82f2656fa7f73c90c67ee1a1fdff2ac654504e214d4255eb37251736d30fa694e0b3094e9
- SSDEEP
  
  384:Ik67YLzFJSKaj1A5l055eRethRv1WGqvSqRehTLONKwzI:P3JJ/V5lU5e8thRNwvI5LSKw0
Score

1^/10
behavioral4
- Target
  
  newdcnyash/data/DCRLC.exe
- Size
  
  23KB
- MD5
  
  a1bccb81f525f46b8e0994157f0dbb58
- SHA1
  
  70ad20203e56b1fed9827d87c8cc8ba09008a49f
- SHA256
  
  574f0612cef481f5bde5667586f1bf1c4df4b7672cd6093b6a8f3b2cadc10725
- SHA512
  
  9fe2dc5e4f621142d43b0ec8ced708b6fcd41c70b5432315ac98de632ab4a9e95bafb93dd30415b877ed6b2351697389cedd9285bdda7e53545e933b6c8de3be
- SSDEEP
  
  384:Yc/k09yBB7RBADETZc3+QrB4EXZcs7xaaMrbTywSUIk:07XmES+QrB4EXZX7/cnnSk
Score

1^/10
behavioral5
- Target
  
  newdcnyash/data/Default.SFX
- Size
  
  313KB
- MD5
  
  a7993e5a520b17fec65435fb4838a08f
- SHA1
  
  18fe6286473a03735e7b701d4bfaf61ad35da7ad
- SHA256
  
  c39c4466f622b7320076076ea3eb13fa0f784b9b097dff46d802f905fc39d851
- SHA512
  
  f14be864388b6f077cad0e64367f16715adfb180f57677ba83866ea000961232d21db1093b7795f17d9d76626fad4e3a7d3dbd8eb00c3a294a9aa8f60ac0ab83
- SSDEEP
  
  6144:2TouKrWBEu3/Z2lpGDHU3ykJotX+t41/:2ToPWBv/cpGrU3yVtX+t4V
Score

1^/10
behavioral6
- Target
  
  newdcnyash/data/NCC3.dll
- Size
  
  72KB
- MD5
  
  aa84f91edd922e7b3bb979e663c94f1a
- SHA1
  
  da46b9962a6c6cceef38c3e11b8b5bc9c1b536fa
- SHA256
  
  38274608d5a4b53ec22f8099f798ba46ce0ed41db65a33dfb3853f0dbf849f6f
- SHA512
  
  88392fc77a0300ece306908867be38011530d9eefdf003452ba86d82f2fa4a61c2b27a199f376ac307c095beaa4f52cefcab59c8b28fa187c0bca13f55f2d98b
- SSDEEP
  
  1536:a44UF/3qab79HtYDAD5MPEBq9iNv6qfSOBHfVW:a44G3fRMPiuuv6qqOBHfVW
Score

3^/10
behavioral7
- Target
  
  newdcnyash/data/RarExt.dll
- Size
  
  544KB
- MD5
  
  1f3bb0f89e7cd67a76220ea2e3e7d8c6
- SHA1
  
  0286863ca947b00a4e3489f07e1cddf9faddb87a
- SHA256
  
  68ecb747f523d122c1c2094b3fb6035f7f76fbd948a97e3d42ee526824546fec
- SHA512
  
  a95611f7b4cc7a3e5b9412d0c7e16616039c7152102b35aa8f672f15d21ff2478486c7a411d25d8f8d7b713a9bbd50f2a68bd048a6296a72ed4404c6cbb468ff
- SSDEEP
  
  12288:6aw1L7U6Qu1rTGl74V7pt21DIwd2gOuy33SH9Bd3X3u1EZ:6aw1L7U6Qu1rTAEV7p1wd2ZuWA9Bd3XL
Score

3^/10
behavioral8
- Target
  
  newdcnyash/data/RarExt64.dll
- Size
  
  632KB
- MD5
  
  3e78ac1a5ca308b6efb1b457d5e4b147
- SHA1
  
  b7c96a18b2c9797a0871d15b55fd14d5608a5e16
- SHA256
  
  ad149a11b96939a6e129cff0c90ba6cac57ef3ed535649a73717d8223c48bbcb
- SHA512
  
  6c3b2ca1aee8580752930afdd4bd01f71e8fde72f06e2ed407b9394fe33f1e51f61a9ebfb36345fb9ab5d6b469bc32352258729fd52a5204d0243cf852850bb6
- SSDEEP
  
  12288:iBnnEQAdpv+cJtb6Sv7x87i3YhWOU9f/e3lgtoTEBd3X3un:ixEQAzlJteSv7Uae3EoTEBd3X38
Score

3^/10
behavioral9
- Target
  
  newdcnyash/data/WinCon.SFX
- Size
  
  282KB
- MD5
  
  aec7145167e9c207db5a932e615fbf87
- SHA1
  
  b1209de9aab490749ab8021277a4475c56b541b2
- SHA256
  
  88d0e8b4958660c5d4c57c81a7c198f5e52c1505104c0a4d57dc5ea02504564a
- SHA512
  
  36e9ca67c8912a98b524c8a8bc95f90cfe3678519e8c02b3fa13f55beaabc9f181f17a7b3dbe455b10cec691c2ec07170d45848c5761106f3ed6a07a8ce294c2
- SSDEEP
  
  6144:HKWzOebmBFftgnil/07Aai66iEGJ1BgIv:HVRyBFf+niNEAr62GHBgIv
Score

1^/10
behavioral10
- Target
  
  newdcnyash/data/Zip.SFX
- Size
  
  265KB
- MD5
  
  df73e45ff5feb3631f35bba82759a711
- SHA1
  
  33e9a5e44baa2f54c1eab23a4a1462845586bdfc
- SHA256
  
  e38c3c3b083a63e40d09903eed423bab2651620e89be308f91e1b2beb4e62283
- SHA512
  
  4f42a5fd17b290e390b877951c5c8ff687d176a4c572e8b86feee64d0c72de7fb708596ad80d5110b85175772a5908f162994fc3142b1000d7e2aa65b5705ff8
- SSDEEP
  
  3072:GpUWWln1EUWTQG9VnK+DMEMrvk1imdV8hXYKWF9j85WXuNSrq1k9jhQR8+t4Hk9I:g61E/QSnxoEMTlXEulock9X+t40VM
Score

1^/10
behavioral11
- Target
  
  newdcnyash/data/dnlib.dll
- Size
  
  1.1MB
- MD5
  
  de0069c4097c987bd30ebe8155a8af35
- SHA1
  
  aced007f4d852d7b84c689a92d9c36e24381d375
- SHA256
  
  83445595d38a8e33513b33dfc201983af4746e5327c9bed470a6282d91d539b6
- SHA512
  
  66c45818e5c555e5250f8250ea704bc4ca32ddb4d5824c852ae5dc0f264b009af73c7c1e0db1b74c14ee6b612608d939386da23b56520cac415cd5a8f60a5502
- SSDEEP
  
  24576:m+pL+hwfQvqx+yLjynb1YNzh/CNX7fegPeH3hid3Hc9ZEu5DkU6FPepU1VWv7fo0:sxvCLUJ
Score

1^/10
behavioral12
- Target
  
  newdcnyash/data/dotNET_Reactor.Console.exe
- Size
  
  34KB
- MD5
  
  69d18a3245f3c2fd02c82304c494e977
- SHA1
  
  049cda6bc59daeadfe82fce2197e0e15c2847a7b
- SHA256
  
  b55b0a652538836ed681c2afd985310fd39ad2f31ac159847fc46a6065f3232e
- SHA512
  
  5791cffbc2389eaaf18e4f31c320325d4bdfadf7ab00c847bfedccbea8fec26a3f4452877d00c95e0573e90306d7a2c988c00fcb7d495ac22955c7f64fb047c3
- SSDEEP
  
  768:5oOABBREOgrMTPrZwbiRPp7yMkZwuzZyiRYn7:5oHB2OlfZwbixp7yMkZwWZyien7
Score

7^/10
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral13
- Target
  
  newdcnyash/data/dotNET_Reactor.exe
- Size
  
  13.3MB
- MD5
  
  bd73df4cf427511993075f7a16e037a5
- SHA1
  
  63f116641b0655f53e93d62ae559d510ed5af134
- SHA256
  
  fa0a32d408a8df70ec44f3d2374b058f57b86ff49b8068b8c68f8505d3463970
- SHA512
  
  49ad63e65e1f6a454778c904727c948969145eb09457105093af463d933413a7d30437051c7ddb8ded0b46d38b2018a1a78c83af582ab6775bef870057a9dfc3
- SSDEEP
  
  393216:xfuP82nPJiP63TKZqkoPrSz4rkZD1K1fU:xqPIPgTxkqrV6YN
Score

7^/10
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral14
- Target
  
  newdcnyash/data/enc.vbe
- Size
  
  692B
- MD5
  
  f88125f6eafc7f4805913cf4077b2525
- SHA1
  
  404917f27f1522cac77f3433594ccd290957da21
- SHA256
  
  5981e508e89c65c445fca892e91b8ec39b1d8563804d0999d963d640aa592444
- SHA512
  
  748249fe186892c96971a63b5055738f2b6beb3e49ba950c834de188fd62da4710ad1a5264f8caead6277b327df299d58e76a4ce219fc30fbd0281b9d5a52f54
Score

1^/10
behavioral15
- Target
  
  newdcnyash/data/mpress.exe
- Size
  
  101KB
- MD5
  
  8b632bfc3fe653a510cba277c2d699d1
- SHA1
  
  d6a57aa17e5eb51297def9bac04e574c1e36d9c7
- SHA256
  
  2852680c94a9d68cdab285012d9328a1ceca290db60c9e35155c2bb3e46a41b4
- SHA512
  
  b9ea70ed984d3b4a42eceb9f34f222b722c4c1985b79b368d769fe0fd1f19f037ffebe2cf938aa98ed450337836a7469d911848448d99223995f7fb3a9304587
- SSDEEP
  
  3072:S0+mlNniJkkKcfqBOb65VgB183gUGQ340HpL:SvmlNn4kkeOAVA1rUGh0Hp
Score

1^/10
behavioral16
- Target
  
  newdcnyash/data/rar.exe
- Size
  
  623KB
- MD5
  
  300d43860dc6961bbece819912c930bc
- SHA1
  
  61cc9b17fae66451327e8f9a7103b9728eb5c95c
- SHA256
  
  792708ce3fec9da37408ce4179b118d79b4804878d233c602b490c3bd0eaf02a
- SHA512
  
  f74cd7c28e2a267e6b51fa2a8a36380f5766195f7216fd9ee1f76e708343520e9cb60f620fd86114b947589d9f8fdaaa209cf190a5d014bf251ab8bd182fd541
- SSDEEP
  
  12288:4zga+163KOqlPidmIaEPFSV+/sZy+/eZ+8q1wUg7OkrBgGvg:4zg116ddmIaEPFz/6yPZ++15rBgB
Score

3^/10
behavioral17
- Target
  
  newdcnyash/data/wrar.exe
- Size
  
  2.4MB
- MD5
  
  719e61c6e73b9bd856414664366fa049
- SHA1
  
  adcc056a20418517c2ac6d51579b5ab145180443
- SHA256
  
  14f3322fa4e6fce0a30f01bd53dac40f8f8d48991480de2bedd8c4ab6e2fa477
- SHA512
  
  9176b85e9f246b9e4060dda5d5383205dfc4eab73cc5fd2e4cc384d740c1b1b31284260015737e757577683b274a5ebf85df684d6896d62acaffce15ea3d4593
- SSDEEP
  
  49152:sKi8CSRyIo1eshtx6z3GZ9amzNQeyUHBdH3txTs9:sKH1RyFeiTyGZ9fKe9Bp9xk
Score

5^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral18
- Target
  
  newdcnyash/dcrat_updservice.exe
- Size
  
  3.7MB
- MD5
  
  e8cd1d045dc0651f65fc0698c32e9db4
- SHA1
  
  3c7c5b28e13b17fe8b43d89772a74db805190459
- SHA256
  
  2fc758f30ac6eb7bab95e8d6c7087846be4e553b5e4204086a16e2d11dbe751d
- SHA512
  
  a8f3d551223e2f1d8921bc39e20dd467925e929ab36727882ab4d64e3dda8a117e293e3acaff1a00207df54b2a10cff7228adcdde6f5ff2a664589c3fc07d41a
- SSDEEP
  
  98304:/ld7VSYM0kR0Dx/oJj0vd7oleVV8FTAtEJ+8B/8JX4ve:/ld7VSN70lAJIvKluWFTAOo82We
Score

7^/10

motw phishing
- Executes dropped EXE
- Mark of the Web detected: This indicates that the page was originally saved or cloned.
  phishing motw
behavioral19
- Target
  
  newdcnyash/lib/IIlIllIIlIllllIIIlIIlllIIIIIlIlllIIIIllllllIlIIlllIlIlIlllIIIlIIllIIIIlIllIlIlIlIlIlIIlllIlllIIllIIllIlIlllIlIIlllIIIIll.jar
- Size
  
  688KB
- MD5
  
  6696368a09c7f8fed4ea92c4e5238cee
- SHA1
  
  f89c282e557d1207afd7158b82721c3d425736a7
- SHA256
  
  c25d7a7b8f0715729bccb817e345f0fdd668dd4799c8dab1a4db3d6a37e7e3e4
- SHA512
  
  0ab24f07f956e3cdcd9d09c3aa4677ff60b70d7a48e7179a02e4ff9c0d2c7a1fc51624c3c8a5d892644e9f36f84f7aaf4aa6d2c9e1c291c88b3cff7568d54f76
- SSDEEP
  
  12288:sSn9gd/GXLtKb+Ozu5idmEfcHOPJZ7bw1kXn0yZLJZsDDpJSWB5qSEhQ:sMw/GXUb+euCVIOxRQIZOnuK
Score

1^/10
behavioral20
- Target
  
  newdcnyash/lib/IIllIIIIIlIlIIlIIIllIllllIIIlllIIIlIlIIlIlIllllIIlIIllIlIlIllIIIIIlIlllllllIIIIlIIlIIllIIIlIlIlllIIIIllllIllIIIIIIlIllII.jar
- Size
  
  1.5MB
- MD5
  
  9ea3f51be2154e9b797e575153310a19
- SHA1
  
  feaf787cd94bb60e8bfacad21b4346c358b55c0a
- SHA256
  
  97758e611a82fc721ab1a7d2542b3ec33b1124e03b4c4798720a4c3756470ed0
- SHA512
  
  a5cace6e7069909a2aa8bacbe5e8dca61ecb195f4696a7467a0d1ee0f7f6043afcb27c43c1e1b496cf14aa4dde9e2d61352145840bac3bcb996b0bf2c047db37
- SSDEEP
  
  24576:ebCwa5LBnj5dM/Exi6no6h6gXEQwY2I3A8zAovutKgSl8hDGFVmPhOmOlCtH775C:ZX5L1jrHLh6MFwvI3AOAUnxyPhV5775C
Score

1^/10
behavioral21
- Target
  
  newdcnyash/lib/IlIIIIllIIIIIIIIIllIlIllIIIlIIllIIlIIllIIlIlIIIIIIIIIIlllIIlIllIIIlIlIllIllIlIlIlIlIllIlIllIlllIIllIlIllIlIIlllIIIIIlIlI.jar
- Size
  
  16KB
- MD5
  
  b50e2c75f5f0e1094e997de8a2a2d0ca
- SHA1
  
  d789eb689c091536ea6a01764bada387841264cb
- SHA256
  
  cf4068ebb5ecd47adec92afba943aea4eb2fee40871330d064b69770cccb9e23
- SHA512
  
  57d8ac613805edada6aeba7b55417fd7d41c93913c56c4c2c1a8e8a28bbb7a05aade6e02b70a798a078dc3c747967da242c6922b342209874f3caf7312670cb0
- SSDEEP
  
  384:Paj1PXNyyQwsCxm7VXh3il27I8pdo63XNrqlY3ylWn4iczt3Z:e1/BQwsCxIVXhuF8pKaXNdXn4icz9Z
Score

1^/10
behavioral22
- Target
  
  newdcnyash/lib/IlIlIIIIIIlIIIIIIllIlIIlIllIllIlIIIlIllllIlIlllIIlIIllIllIIlIlllIIIllllIlIllIIIIIIIIIlIIlIllIIllIIlIllIIIIlIIllIllllIlIl.jar
- Size
  
  2.3MB
- MD5
  
  6316f84bc78d40b138dab1adc978ca5d
- SHA1
  
  b12ea05331ad89a9b09937367ebc20421f17b9ff
- SHA256
  
  d637e3326f87a173abd5f51ac98906a3237b9e511d07d31d6aafcf43f33dac17
- SHA512
  
  1cdca01ed9c2bc607207c8c51f4b532f4153e94b3846308332eccae25f9c5fddf8279e3063f44a75dd43d696eab0f9f340f9bf2f3ec805ab0f2f1de5135a426c
- SSDEEP
  
  49152:4AMVFST+K4IV+Okq5gza804uttBkBVSHytYziSEI6WoAgdGXL:0FfK4ql5Ivu8kuSEdAgd+L
Score

1^/10
behavioral23
- Target
  
  newdcnyash/lib/IllIIIIIIIlllIIIlIlIllIIIIIllIllIlIIlIllIlIIlIllIIlIlIlIlllllllIIlllllllIIlIIIlIlIlIIlIllllIlllIIllllIIlllllIllIIIlIlIlI.jar
- Size
  
  103KB
- MD5
  
  b47c87129ff035cbf60ad5fd15b9ce32
- SHA1
  
  8819ba0dbd3f9f2df2a3b18554d31386925dcabe
- SHA256
  
  c25b377d6776b3c6c538340cae263c4c3dea7c4f94961bbe323ff79c569fce3c
- SHA512
  
  d022b363dc6e4e183ae6ea44b5019d088bddf63b4f85ce4676775388c76df01e3e8a63a0ca03f0e4f1191c121a28393a5da47cd7dc05d84d12722f4835909cd6
- SSDEEP
  
  1536:CPj4aLCBcnn4xGrpR7H30x4LCyYVNMhKQHt0msLiWzO5SQJn4494m7MNy/mj:ETCBmnoCptBGvVNLQ6e5SQW494mIs+
Score

1^/10
behavioral24
- Target
  
  newdcnyash/lib/IllIIIIIIlIIIIIlIllIIIIlIlIIIIlIIllIIllIIlIlllIlIlIlIIIlllllIlllIllIIIlllllIlIlIlIlllIlIIllIlIIlIlIIllIlIIllIlIlIIIlIIIl.jar
- Size
  
  31KB
- MD5
  
  6c7ed18ba835a47b32bac14d83c90bc1
- SHA1
  
  6a8237ae3f6cccd788aa47b2ecc22f580e810a01
- SHA256
  
  7f2f1bbfad38be1382913af2b7c2622470fa3af976fbd1f386c189af8ad136fa
- SHA512
  
  9670ede560347dffbbb0761e2de817ddbc426daa0fd97a53b1fd3c8a031dd6d5c2b0c6cebb21d1dffd23b45e504895736634939f75c39c48d580542ccd7ea66c
- SSDEEP
  
  768:SfyBHlmRQDPgJPjdIVTCV9+n6cMJw297fjheItTE5oO6lKYW8dvdTWhe62C:SfYT6cMJw2ihy+
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral25
- Target
  
  newdcnyash/lib/IlllIIlllllIIllIIIlIIlIlIlIllllIlllIllllIIIIIlIllIIIIllIIlllIllIlIlIlIIIIllIllIIllllllIllIIlllIIIlIllllIlIllIIIIIIIIlIll.jar
- Size
  
  19KB
- MD5
  
  0a79304556a1289aa9e6213f574f3b08
- SHA1
  
  7ee3bde3b1777bf65d4f62ce33295556223a26cd
- SHA256
  
  434e57fffc7df0b725c1d95cabafdcdb83858ccb3e5e728a74d3cf33a0ca9c79
- SHA512
  
  1560703d0c162d73c99cef9e8ddc050362e45209cc8dea6a34a49e2b6f99aae462eae27ba026bdb29433952b6696896bb96998a0f6ac0a3c1dbbb2f6ebc26a7e
- SSDEEP
  
  384:dti5BMxSo4LgAAsJilYcmwPbEM0Av7wGkJXbhS1OaVKD6U2:DqoCgqyIMZwRJLQO5eU2
Score

1^/10
behavioral26
- Target
  
  newdcnyash/lib/lIIIIIIllIllllllIIlllIlIIIIlIIllllIIIIIIIIllIIIIIlIIIIIIIlllIIIIIIlIIIlIlIlIlIlIllIllIlIllIlIlIIllIlIIIIlllIllIIllIIlIIl.jar
- Size
  
  12KB
- MD5
  
  3e5e8cccff7ff343cbfe22588e569256
- SHA1
  
  66756daa182672bff27e453eed585325d8cc2a7a
- SHA256
  
  0f26584763ef1c5ec07d1f310f0b6504bc17732f04e37f4eb101338803be0dc4
- SHA512
  
  8ea5f31e25c3c48ee21c51abe9146ee2a270d603788ec47176c16acac15dad608eef4fa8ca0f34a1bbc6475c29e348bd62b0328e73d2e1071aaa745818867522
- SSDEEP
  
  192:LhR1Ygxt7I20RiT2dI03cIH8W6Bc4/kyOLZAy0ZH6AfkA8sFayhbD3D3KRe:1RNRI24AKBcW6BIyYreXf/iyhPD3KU
Score

1^/10
behavioral27
- Target
  
  newdcnyash/lib/lIIlIIlllIIIIIIlllIllIIIlIlIllIlllIlIllIllllIllIIIlIlIIIlIllIllIIlllIlllllIIIlIIlIIlIIIlIlllIIllIIIIlllIIIIlIIlllIlllllI.jar
- Size
  
  250KB
- MD5
  
  fe734f7ab030363362fe3d3ba5e8f913
- SHA1
  
  2e9d54e3b410557c51c3ea101d66efbb5266b80a
- SHA256
  
  03ead999502aefbf1380bd2e9c4a407acb7a92a7b2fe61f6995aba3fca85efd4
- SHA512
  
  303ecea5f3f1130f473cde0d78270090290b6f13311bf7459282257ac3097b2b6086db461183f2d8c97a9101372155bf59bbfa12a74925136d0a2a615b648b2a
- SSDEEP
  
  6144:N9O6oWKMhMhoC6S2eHrZdN6crK6Kj5HX0zrwvZC:bKy0Pj2eHFdNlrK5HkQvZC
Score

1^/10
behavioral28
- Target
  
  newdcnyash/lib/lIlllIIlIIlllIIllIIIlIIIIIlIlIlIIIIlIllIIlllIlllIllIlllIlIlIlllIIllIIllIIIlIllIIIlllIlllllIlIlIIlIIIIIllllIlIllIIllIllII.jar
- Size
  
  11.1MB
- MD5
  
  2dcf906085da2edec6170e8c0c612101
- SHA1
  
  71c88008e76cbf155edcf47bab2a640a23d9fce8
- SHA256
  
  5b754ac8c7642967cd79034d6f8640b938aa4ee41927bfc65481f1f0d1d4134b
- SHA512
  
  626f16064492110601e2c1d55d2c126977efabda4f15a6ad8e9f865eac3ac56cb22a5bc2c32502414604b197a17a809f4655c6648955c4e445b8c501d913123a
- SSDEEP
  
  196608:S7APtGPeWAJhcb7m4saCLmlPmoBb6yiVnCCCCmh4PIuK93gPVZIvUMD9SRY:oAPtGPevJ+bbsaUmlPb8y0na9hGKZgNe
Score

1^/10
behavioral29
- Target
  
  newdcnyash/lib/llIlIlIIlllIllIlllIlIIIlIIIIlllIIIllIllllIIIIIIIIlllIlIIlllIIllIIllIlIIIllIIIIlIIlIllllIlIlllIllIIIIlIIlllIlIlIllIIlIllI.jar
- Size
  
  50KB
- MD5
  
  d093f94c050d5900795de8149cb84817
- SHA1
  
  54058dda5c9e66a22074590072c8a48559bba1fb
- SHA256
  
  4bec0794a0d69debe2f955bf495ea7c0858ad84cb0d2d549cacb82e70c060cba
- SHA512
  
  3faaa415fba5745298981014d0042e8e01850fccaac22f92469765fd8c56b920da877ff3138a629242d9c52e270e7e2ce89e7c69f6902859f48ea0359842e2fb
- SSDEEP
  
  1536:1shuTqhiMtf/2PXkXgjYcO1556i/canPH1y3F95grf5CjdKBfn602ZhqsNgsSJ+y:nw1pywCjUfnX
Score

1^/10
behavioral30
- Target
  
  newdcnyash/lib/llIlIllIllIllIlIlllIlllIIIllllllIlIIlIllIlIlIlllIllIIIIIlllIIlIIlIllllIIIlllIllIIlIIIIIIlIlIIllIIIIlIlllIllIIlIlllIIIllI.jar
- Size
  
  262KB
- MD5
  
  cf99a6b63f45f7f20963e43b55766d26
- SHA1
  
  9e2f86dff86eb065fb6fcf776da8b148ebb21e60
- SHA256
  
  e29ee818b2e7ef9fb3ebae9a49a3d6613f18ea2b756a305eecf8a7fe083d1972
- SHA512
  
  af7302d350d45837e207dcc91bd95e5891b62f19c682a7443d65feeee0aa6f3d0040c9a67a990cd9a81dfc6b899ffabbb01b44bda830d5bb48332419e2b65930
- SSDEEP
  
  6144:GWfPxB8+tAS5JCQTYsoCDmy/iOYpTym+Xqc6GX5B/n:GoPzKSHC8VZnYpwHB/n
Score

1^/10
behavioral31
- Target
  
  newdcnyash/updatelauncher.bat
- Size
  
  89B
- MD5
  
  71db8073aea6b65d3f9e645600f40f89
- SHA1
  
  0689dc2689952987c83dcb5627dec48ce861648c
- SHA256
  
  10f58e38447bfcb3da550f9bd4cb991603bc877d74c7165860f797e7fec535e9
- SHA512
  
  86bf18f61e94f8362ff73a75506c3c55daa41a666501d0897a8667b463100e3782d9e5a633d92765c1bd177658c53acffed65eee0540f836c7896408347cf085
Score

7^/10

motw phishing
- Executes dropped EXE
- Mark of the Web detected: This indicates that the page was originally saved or cloned.
  phishing motw
behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Tasks

Sharing

General

Malware Config

Targets

Mark of the Web detected: This indicates that the page was originally saved or cloned.

.NET Reactor proctector

Suspicious use of NtSetInformationThreadHideFromDebugger

.NET Reactor proctector

Suspicious use of NtSetInformationThreadHideFromDebugger

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Modifies file permissions

Executes dropped EXE

Mark of the Web detected: This indicates that the page was originally saved or cloned.

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32