DigitalSide Threat Intel

update.pack

First submission 2024-10-15 05:01:02 Last sumbission 2024-10-15 05:21:02

File details

File type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 285.0 KB (291840 bytes)
Compile time: 2024-10-07 20:39:36
MD5: 9ae6451ef8b57a66983dc0496050f7c4
SHA1: c6b385ba97d10e98dc3b318f1083883dbea7f9fc
SHA256: 9c593359dd670a052b69353f80bef060a169f4df148a1e17686fb8190eab23a0
Import Hash : 5ce0d5a96a49e5bc172e9fc651bd9cca
Sections 6 .text .rdata .data .pdata .rsrc .reloc
Directories 4 import export resource relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 50/77 VT report date: 2024-10-15 03:55:09
Malware Type 1 trojan
Threat Type 2 tinukebot hzbmh

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://176.111.174.140/api/update.pack VirusTotal Report 176.111.174.140 VirusTotal Report 2024-10-15 05:21:03
hXXp://176.111.174.140/api/diamotrix.pack VirusTotal Report 176.111.174.140 VirusTotal Report 2024-10-15 05:01:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x30a1c 199680 71f5861fc005d6950ff537f0d74ca8c2efd7a45c 8852e271975cfdde4413c4fd57f45709
.rdata 0x32000 0xdf76 57344 f186687acb8163c898f9932f2e9d160669233094 914bee6ea3d00321ea479be86a5fc4ad
.data 0x40000 0xcc88 10240 190d83e7916ca7cb0941784d50a1e3927e768136 ecc65ebd16029be0e2aa2b26d94f182e
.pdata 0x4d000 0x3234 13312 09fbd34b947bde2720c2d3916696feffb3167f58 01002255959c9226f142a85a84a13c43
.rsrc 0x51000 0x288 1024 19e141e48aa5f73ab78fc250ed36168e32e50816 b2c856b073218d5fc79a1dd7114d8a5c
.reloc 0x52000 0x223e 9216 fa9301531436abd01694ee09efd2a93bc8cb17c3 9fffe7fa198ee6e41fc0189870ccbb43

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x51060 548

Anti debug functions 7

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
OutputDebugStringW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Binary
bot64.bin
Library
KERNEL32.dll
USER32.dll
mscoree.dll
ADVAPI32.dll
chrome.dll
WS2_32.dll
nss3.dll
ntdll.dll
MSVCRT.dll
child.dll
SHLWAPI.dll
PSAPI.DLL
GDI32.dll
KernelBase.dll
msedge.dll
secur32.dll
WININET.dll
opera_browser.dll
VERSION.dll
SHELL32.dll
Web Page
/api.php

Strings analysis - Possible IPs found 1

176.111.174.140

Strings analysis - Possible URLs found 1

http://schemas.microsoft.com/SMI/2005/WindowsSettings

Import functions

Function Address Souspicious Anti Debug
RegOpenKeyExA 0x180032000
RegQueryValueExA 0x180032008
RegCloseKey 0x180032010
Function Address Souspicious Anti Debug
CreateFileW 0x180032020
FlushFileBuffers 0x180032028
WriteConsoleW 0x180032030
SetStdHandle 0x180032038
ReadConsoleW 0x180032040
SetFilePointerEx 0x180032048
GetConsoleMode 0x180032050
GetConsoleCP 0x180032058
GetProcAddress 0x180032060
LoadLibraryA 0x180032068
GetSystemInfo 0x180032070
VirtualAlloc 0x180032078
VirtualFree 0x180032080
VirtualQuery 0x180032088
CloseHandle 0x180032090
HeapCreate 0x180032098
HeapAlloc 0x1800320a0
HeapReAlloc 0x1800320a8
HeapFree 0x1800320b0
Sleep 0x1800320b8
GetCurrentProcess 0x1800320c0
GetCurrentProcessId 0x1800320c8
GetCurrentThreadId 0x1800320d0
OpenThread 0x1800320d8
SuspendThread 0x1800320e0
ResumeThread 0x1800320e8
GetThreadContext 0x1800320f0
SetThreadContext 0x1800320f8
FlushInstructionCache 0x180032100
VirtualProtect 0x180032108
GetModuleHandleW 0x180032110
CreateToolhelp32Snapshot 0x180032118
Thread32First 0x180032120
Thread32Next 0x180032128
EnterCriticalSection 0x180032130
LeaveCriticalSection 0x180032138
lstrlenA 0x180032140
CreateFileA 0x180032148
WriteFile 0x180032150
GetModuleHandleA 0x180032158
Module32First 0x180032160
Module32Next 0x180032168
GlobalAlloc 0x180032170
GlobalLock 0x180032178
GlobalUnlock 0x180032180
GetFileSize 0x180032188
ReadFile 0x180032190
lstrcatA 0x180032198
CreateThread 0x1800321a0
InitializeCriticalSectionEx 0x1800321a8
DeleteCriticalSection 0x1800321b0
EncodePointer 0x1800321b8
DecodePointer 0x1800321c0
WideCharToMultiByte 0x1800321c8
GetLocaleInfoEx 0x1800321d0
MultiByteToWideChar 0x1800321d8
GetStringTypeW 0x1800321e0
RtlPcToFileHeader 0x1800321e8
RaiseException 0x1800321f0
RtlLookupFunctionEntry 0x1800321f8
RtlUnwindEx 0x180032200
GetLastError 0x180032208
GetCommandLineA 0x180032210
InitializeCriticalSectionAndSpinCount 0x180032218
GetCPInfo 0x180032220
IsProcessorFeaturePresent 0x180032228
GetStdHandle 0x180032230
GetModuleFileNameW 0x180032238
ExitProcess 0x180032240
GetModuleHandleExW 0x180032248
HeapSize 0x180032250
SetLastError 0x180032258
IsValidCodePage 0x180032260
GetACP 0x180032268
GetOEMCP 0x180032270
GetProcessHeap 0x180032278
IsDebuggerPresent 0x180032280
GetFileType 0x180032288
InitOnceExecuteOnce 0x180032290
GetStartupInfoW 0x180032298
GetModuleFileNameA 0x1800322a0
QueryPerformanceCounter 0x1800322a8
GetSystemTimeAsFileTime 0x1800322b0
GetTickCount64 0x1800322b8
GetEnvironmentStringsW 0x1800322c0
FreeEnvironmentStringsW 0x1800322c8
RtlCaptureContext 0x1800322d0
RtlVirtualUnwind 0x1800322d8
UnhandledExceptionFilter 0x1800322e0
SetUnhandledExceptionFilter 0x1800322e8
FlsAlloc 0x1800322f0
FlsGetValue 0x1800322f8
FlsSetValue 0x180032300
FlsFree 0x180032308
TerminateProcess 0x180032310
CompareStringEx 0x180032318
GetUserDefaultLocaleName 0x180032320
LCMapStringEx 0x180032328
IsValidLocaleName 0x180032330
EnumSystemLocalesEx 0x180032338
OutputDebugStringW 0x180032340
LoadLibraryExW 0x180032348
LoadLibraryW 0x180032350
Function Address Souspicious Anti Debug
freeaddrinfo 0x180032360
getaddrinfo 0x180032368
WSACleanup 0x180032370
WSAStartup 0x180032378
socket 0x180032380
shutdown 0x180032388
send 0x180032390
connect 0x180032398
closesocket 0x1800323a0

PE Exports 1 suspicious

Function Address
?ReflectiveLoader@@YA_KXZ 0x18001aedc

Related files by ImpHash 1 5ce0d5a96a49e5bc172e9fc651bd9cca

Name Latest seen MD5
bot64.bin 2024-10-18 07:23:02 9ef53eea53bc23a3501d4bae7fa76905