cc

First submission 2024-07-09 00:30:13

File details

File type: PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
Mime type: application/x-dosexec
File size: 3250.0 KB (3328000 bytes)
Compile time: 1970-01-01 01:00:00
MD5: f84d08aa136cff60ce8e8c45202190af
SHA1: 8f5ddea89835209e4508da1cdf68057fe104c1ce
SHA256: 7d03d75d38cc9ae688d780c8afd0eae3a6d4417f0227e9e115c0c6cc19f356aa
Import Hash : 6ed4f5f04d62b18d96b26d6db7c18840
Sections 3 UPX0 UPX1 UPX2
Directories 1 import

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 40/78 VT report date: 2024-07-08 23:15:39
Malware Type 2 trojan hacktool
Threat Type 3 reversessh supershell hacktoolx

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://43.143.246.38:8888/supershell/compile/download/cc VirusTotal Report 43.143.246.38 VirusTotal Report 2024-07-09 00:30:13

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
UPX0 0x1000 0x58c000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x58d000 0x32d000 3326976 c589eec3103f16cf4bd456be312a9e8665141e65 824cc06589e24c823471f20d4f041e46
UPX2 0x8ba000 0x1000 512 69a69563d612b92595bc6ae2685c1fab733d8db0 58b1830db9023db6c960ce5389aacb53

Strings analysis - File found

Data
e.dat
Database
a?*.db
Library
KERNEL32.dll
>.dll
g.dll

Strings analysis - Possible IPs found 1

2.5.4.3

Import functions

Name Latest seen MD5
BnWxM.exe 2022-08-02 21:31:02 44e041dc2e445fcd33cc89b8453d0539
FkSyDHJGjzKRHTp.exe 2022-08-28 12:59:02 21f894391eaac76010275132312ac5c8
1533572208.exe 2022-09-26 07:48:02 809b9513cecea98e925419a39a6244a2
smbscanlocal-6e08d39fe99ad508d7e0c7aed19ececd.exe 2022-10-15 05:08:04 6e08d39fe99ad508d7e0c7aed19ececd
softv2.exe 2022-10-21 04:31:04 624d887c50cd38398904002ffcbc732a
chrome10_.eff 2022-11-01 07:56:05 73b9004ff373f3b7b2f595541deb5a02
win8def.exe 2022-11-03 21:45:08 99fa3cf292e4c3534951b6ebd96a6802
win.exe 2023-01-20 20:32:40 eb61b390ea1d6a48148fc1d368ce0bb4
wupxarch-6162-dcb505dc2b9d8aac05f4ca0727f5eadb.exe 2023-02-26 08:37:02 dcb505dc2b9d8aac05f4ca0727f5eadb
clip.exe 2023-03-22 17:37:04 8d3942d2bfaf962a1177aee8d08ca079
huilang.exe 2023-03-24 03:15:05 f1ec2cf6256a7c8543586065a07da47a
w-9.exe 2023-06-05 07:27:02 2dbc44aae677e2661475da5b2a3aac2e
wr.exe 2024-05-22 12:53:02 e2a072228078e6f3cf5073f4af029913
fscan.exe 2024-05-29 14:55:03 cf903e4a1629aa0582fd0363b5786676
[win 2024-07-07 17:45:17 e42a8e96e08ce2e22fade2309798e4ad
sevchost.exe 2024-06-06 09:33:08 ce8a92812da2af7e020a136c9ffeb656
test.exe 2024-06-14 16:55:18 71687e0babe1e0575c7471b0e696e9d3
win.exe 2024-06-17 18:51:06 9b79217f96ca501755c420141029fb56
tool.exe 2024-07-07 15:24:22 34c704347497551c5593eeabebb7b6ce
1.exe 2024-07-07 15:26:04 ed44c98c40576ef50f6abcf6e40c71d7
win 2024-07-07 15:34:05 620f02a61ac141dd1cedb8750bb9d288
check.exe 2024-07-07 15:56:24 f5402c009b189b8558e0d8ca5542d5df
windows_update.exe 2024-07-07 16:01:04 14129aa32bbd6bf03d3cde8837119e2a
win.exe 2024-07-07 19:46:04 36dcf115331160b2f88e83e5b8d07036
regedit.exe 2024-07-07 17:04:09 35de9800099c79c9f3e197b01f3ce9ab
win.exe 2024-07-07 19:43:27 351c0fca05d6d3808ff61b30ace8680a
win 2024-07-07 19:49:25 8077ae512e46e4b90cce77649b4a0329
shell 2024-07-07 19:50:13 7f4c6117939347448b3312f326f1c26b
shell 2024-07-07 20:07:00 4a4821089d05159eb3bb0b99f3a6992e
win 2024-07-07 20:07:24 8caac258a7b7088223c93cdf8433a815
shell 2024-07-07 20:09:21 d95db9b54b09b369477a463e8318a84b
sync.exe 2024-07-09 00:02:09 69bf43760932bcccc3f1d58edc80bef9
cab.exe 2024-07-09 00:04:13 5aefab6d98b943df267e28b42b5871e0
svchost.exe 2024-07-09 00:06:10 cb146d2042ae0df2c95f3afde7256583
svhost.exe 2024-07-09 00:09:18 745fb7d63f32eb616ec46b61792f39b0
test.exe 2024-07-09 00:10:10 d19291fc64d40d67755f8a66e43200a3
sss.exe 2024-07-09 00:28:33 132311fd6b3d449f231b680640544b1b