93456df9f634dc0bb41689ae3f91b4c0005ead[...]c74.zip

ZIP Archive
|
MD5: 787b7c9e17f0ce8d757e999d6ada29d4
|
Size: 31.88 KB
|
application/zip

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	787b7c9e17f0ce8d757e999d6ada29d4
Sha1	cf8888a1b8610c11a4875368ce7d7b00c47eeb71
Sha256	d5c082bb80d91a4e52809184cbfbaf1e02072b8bea69a86481d706c0f535366e
Sha384	ec61292de298d34341d0d61158be3ca4fd455f01523ee7e724cb5b752a0c91e554733ec34b9cb3ee52476346ee75d9da
Sha512	daec6fc76467513458df26e11dcb0b2712bf37d4591b647e1da6d774b0e4e539d3dfaf3cfd5cacb87a6a6bcdcfdbbf123c313c9a8ab072a83faaf276abc0c89f
SSDeep	768:JfxfSMx6UhBhRnVDQCddb5lqpR6//7S0nGtVbDIgrcvgnaYEOb:CMx3vvnpQq2Rq/W0nuEgjnpb
TLSH	B6E2F11BAFF2661CD67250F175EE805200ACF651DB09253E8AE352B20A6AED7537C3E1

File Structure

Malware Configuration - DcRat config.

Config. Field0	Value
Key (AES_256)	UjhROUxGNUNxbUZRNTFvaDE4Wk90V3k5V2hnVlZPV1U=
Pastebin	-
Certificate	MIICMDCCAZmgAwIBAgIVAKLFT7KAMfd661OUJo25Zv9Os1U1MA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTI1MDMyNzE0MTAyMFoXDTM2MDEwNDE0MTAyMFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIgpnX2soUg4sV1SWCHlfsgfzvf90ztXr9RZe+LhN+2SgmAwE+AjfDfg8BFeBD/h3OFXKufG8PH75iUfL/Ld+gtZKrJdbfJWIViIUi5DFUHGoXYWAOlyoWpAvtkROhm0kgwJH13C6EjpykTxJO9WDHF15WZz2yb8XW+4Pw6qKmVVAgMBAAGjMjAwMB0GA1UdDgQWBBSKWpEwblg9BFzY1ec9fIUZrdPDTTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAFjRDXncETVy5S5IO69VGDwc9bp5ZfVt2k9h2PXJ6IXCoKCGr2gqd3bNTJp+Nge10/VwHbBQll2f53wWxHASveiYP/hxIKgMFdYO09gCkW3gkU5+K6lwbj2JIK3EX1gvhv/okaosWXyXz2P29tlm7wlbYlem1ozUo+vUSIIlbYmY
ServerSignature	ERZWSGmfd3WiVjcdF2QJQL9Eke7EN/nd1uvVwagXh9+myaNUsUhJC/T+GkkBfxPd4A2L6pZBYF1XNo8L94XIiGVMR4m/lnc7Qk1OVrvr+ektFQC/DDOOs8zBWZ/sQ+JAIDCa0SKvfmJ+BjMlO5nhg9ItXr0GAwD3EuwmF7BVU0Y=
Install	true
BDOS	false
Anti-VM	false
Install File	PrimeBetSportsbook.exe
Install-Folder	%AppData%
Hosts	luongsontv.tv,www.luongsontv.tv,luongsontv1.tv,www.luongsontv1.tv,www.luongsontv2.tv,luongsontv2.tv,luongsontv.io,www.luongsontv.io,apsom.org,www.apsom.org,www.luongsontv3.tv,luongsontv3.tv
Ports	80,443,1604,5555,6666,8080,8848
Mutex	PrimeBet_FootballSession_7C9F2A31
Version	1.0.7
Delay	1
Group	Global

Artefacts

Name0	Value
Key (AES_256)	UjhROUxGNUNxbUZRNTFvaDE4Wk90V3k5V2hnVlZPV1U=
CnC	luongsontv.tv
CnC	www.luongsontv.tv
CnC	luongsontv1.tv
CnC	www.luongsontv1.tv
CnC	www.luongsontv2.tv
CnC	luongsontv2.tv
CnC	luongsontv.io
CnC	www.luongsontv.io
CnC	apsom.org
CnC	www.apsom.org
CnC	www.luongsontv3.tv
CnC	luongsontv3.tv
Ports	80
Ports	443
Ports	1604
Ports	5555
Ports	6666
Ports	8080
Ports	8848
Mutex	PrimeBet_FootballSession_7C9F2A31

93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.zip (31.88 KB)

File Structure

Characteristics

Malware Configuration - DcRat config.

Config. Field0	Value
Key (AES_256)	UjhROUxGNUNxbUZRNTFvaDE4Wk90V3k5V2hnVlZPV1U=
Pastebin	-
Certificate	MIICMDCCAZmgAwIBAgIVAKLFT7KAMfd661OUJo25Zv9Os1U1MA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTI1MDMyNzE0MTAyMFoXDTM2MDEwNDE0MTAyMFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIgpnX2soUg4sV1SWCHlfsgfzvf90ztXr9RZe+LhN+2SgmAwE+AjfDfg8BFeBD/h3OFXKufG8PH75iUfL/Ld+gtZKrJdbfJWIViIUi5DFUHGoXYWAOlyoWpAvtkROhm0kgwJH13C6EjpykTxJO9WDHF15WZz2yb8XW+4Pw6qKmVVAgMBAAGjMjAwMB0GA1UdDgQWBBSKWpEwblg9BFzY1ec9fIUZrdPDTTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAFjRDXncETVy5S5IO69VGDwc9bp5ZfVt2k9h2PXJ6IXCoKCGr2gqd3bNTJp+Nge10/VwHbBQll2f53wWxHASveiYP/hxIKgMFdYO09gCkW3gkU5+K6lwbj2JIK3EX1gvhv/okaosWXyXz2P29tlm7wlbYlem1ozUo+vUSIIlbYmY
ServerSignature	ERZWSGmfd3WiVjcdF2QJQL9Eke7EN/nd1uvVwagXh9+myaNUsUhJC/T+GkkBfxPd4A2L6pZBYF1XNo8L94XIiGVMR4m/lnc7Qk1OVrvr+ektFQC/DDOOs8zBWZ/sQ+JAIDCa0SKvfmJ+BjMlO5nhg9ItXr0GAwD3EuwmF7BVU0Y=
Install	true
BDOS	false
Anti-VM	false
Install File	PrimeBetSportsbook.exe
Install-Folder	%AppData%
Hosts	luongsontv.tv,www.luongsontv.tv,luongsontv1.tv,www.luongsontv1.tv,www.luongsontv2.tv,luongsontv2.tv,luongsontv.io,www.luongsontv.io,apsom.org,www.apsom.org,www.luongsontv3.tv,luongsontv3.tv
Ports	80,443,1604,5555,6666,8080,8848
Mutex	PrimeBet_FootballSession_7C9F2A31
Version	1.0.7
Delay	1
Group	Global

Artefacts

Name0	Value	Location
Key (AES_256)	UjhROUxGNUNxbUZRNTFvaDE4Wk90V3k5V2hnVlZPV1U= Malicious	93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.zip > 93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.exe
CnC	luongsontv.tv Malicious	93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.zip > 93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.exe
CnC	www.luongsontv.tv Malicious	93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.zip > 93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.exe
CnC	luongsontv1.tv Malicious	93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.zip > 93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.exe
CnC	www.luongsontv1.tv Malicious	93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.zip > 93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.exe
CnC	www.luongsontv2.tv Malicious	93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.zip > 93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.exe
CnC	luongsontv2.tv Malicious	93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.zip > 93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.exe
CnC	luongsontv.io Malicious	93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.zip > 93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.exe
CnC	www.luongsontv.io Malicious	93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.zip > 93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.exe
CnC	apsom.org Malicious	93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.zip > 93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.exe
CnC	www.apsom.org Malicious	93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.zip > 93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.exe
CnC	www.luongsontv3.tv Malicious	93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.zip > 93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.exe
CnC	luongsontv3.tv Malicious	93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.zip > 93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.exe
Ports	80 Malicious	93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.zip > 93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.exe
Ports	443 Malicious	93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.zip > 93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.exe
Ports	1604 Malicious	93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.zip > 93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.exe
Ports	5555 Malicious	93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.zip > 93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.exe
Ports	6666 Malicious	93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.zip > 93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.exe
Ports	8080 Malicious	93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.zip > 93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.exe
Ports	8848 Malicious	93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.zip > 93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.exe
Mutex	PrimeBet_FootballSession_7C9F2A31 Malicious	93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.zip > 93456df9f634dc0bb41689ae3f91b4c0005eaddd062dc689e1c66db700188c74.exe

You must be signed in to post a comment.

93456df9f634dc0bb41689ae3f91b4c0005ead[...]c74.zip

ZIP Archive | MD5: 787b7c9e17f0ce8d757e999d6ada29d4 | Size: 31.88 KB | application/zip

ZIP Archive
|
MD5: 787b7c9e17f0ce8d757e999d6ada29d4
|
Size: 31.88 KB
|
application/zip