Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * ID: 2935
- * MalFamily: ""
- * MalScore: 10.0
- * File Name: "AZORult_68278fd6ff397394b1e9bd677bc56b77.exe"
- * File Size: 608768
- * File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- * SHA256: "1b50e39aed376d55fdf5a2e3e1a72beb5f2f9e6429e753acf6d35e895b479b0b"
- * MD5: "68278fd6ff397394b1e9bd677bc56b77"
- * SHA1: "f3180ae8e2a42416c86ab13df86a86625d0dac9c"
- * SHA512: "3168e150f71e1f3a2facc579f6b49900f17e4b88b76238bcb243c028174b6dbac1a09688772cfe47fa352f5df082bcdb7055b2481aacb044fe73b75f318aa7d8"
- * CRC32: "4E8A9A74"
- * SSDEEP: "6144:9qenBL4WQ42alSoruzk3LMrJ+TwAO2TIAOpTOzyx4//KyN7+UoWJF+gCTL90Sqrg:9BXQpaBYGLA+Tw90X14z+CT50Sq7fw"
- * Process Execution:
- "ntxjgBij.exe"
- * Executed Commands:
- * Signatures Detected:
- "Description": "SetUnhandledExceptionFilter detected (possible anti-debug)",
- "Details":
- "Description": "Behavioural detection: Executable code extraction",
- "Details":
- "Description": "Creates RWX memory",
- "Details":
- "Description": "Performs HTTP requests potentially not found in PCAP.",
- "Details":
- "url_ioc": "backupproject.host:80//index.php"
- "Description": "The binary likely contains encrypted or compressed data.",
- "Details":
- "section": "name: .rsrc, entropy: 7.56, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x00047c00, virtual_size: 0x00047bd0"
- "Description": "File has been identified by 17 Antiviruses on VirusTotal as malicious",
- "Details":
- "FireEye": "Generic.mg.68278fd6ff397394"
- "CrowdStrike": "win/malicious_confidence_100% (W)"
- "Symantec": "ML.Attribute.HighConfidence"
- "APEX": "Malicious"
- "Rising": "Trojan.Generic@ML.96 (RDML:YvAJXgHi5sKJMt3go9w+ng)"
- "TrendMicro": "Mal_HPGen-37b"
- "McAfee-GW-Edition": "BehavesLike.Win32.Generic.hc"
- "SentinelOne": "DFI - Suspicious PE"
- "Microsoft": "Trojan:Win32/Fuerboos.A!cl"
- "Endgame": "malicious (high confidence)"
- "AhnLab-V3": "Trojan/Win32.MalPacked.R287551"
- "Acronis": "suspicious"
- "VBA32": "BScope.Trojan.Yakes"
- "ESET-NOD32": "a variant of Win32/Kryptik.GWRD"
- "TrendMicro-HouseCall": "Mal_HPGen-37b"
- "Ikarus": "Trojan-Ransom.GandCrab"
- "Qihoo-360": "HEUR/QVM10.1.1ADB.Malware.Gen"
- "Description": "Collects information to fingerprint the system",
- "Details":
- * Started Service:
- * Mutexes:
- "Local\\_!MSFTHISTORY!_",
- "Local\\c:!users!user!appdata!local!microsoft!windows!temporary internet files!content.ie5!",
- "Local\\c:!users!user!appdata!roaming!microsoft!windows!cookies!",
- "Local\\c:!users!user!appdata!local!microsoft!windows!history!history.ie5!",
- "A81FB8C60-BBE6E186-FC9B5DB5-36DA4559-33946726"
- * Modified Files:
- "C:\\Users\\user\\AppData\\Local\\Temp\\Screen",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat"
- * Deleted Files:
- * Modified Registry Keys:
- "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\MediaResources\\msvideo"
- * Deleted Registry Keys:
- * DNS Communications:
- "type": "A",
- "request": "backupproject.host",
- "answers":
- * Domains:
- "ip": "31.41.44.35",
- "domain": "backupproject.host"
- * Network Communication - ICMP:
- * Network Communication - HTTP:
- * Network Communication - SMTP:
- * Network Communication - Hosts:
- * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement