ioc[.]one - OSINT Cyber Threat Intelligence Database

some APT malware samples

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Malware - T1587.001 Malware - T1588.001

Show in Graph

Common Information

Type	Value
UUID	9580c032-7e9c-4d84-96f0-5ecc02677810
Fingerprint	a195a9d36788a852
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 24, 2010, 1:59 a.m.
Added to db	Jan. 18, 2023, 7:45 p.m.
Last updated	Nov. 8, 2024, 11:29 a.m.
Headline	UNKNOWN
Title	some APT malware samples
Detected Hints/Tags/Attributes	28/2/49

Source URLs

	Redirection	Url
Details	Source	http://contagiodump.blogspot.com/2010/05/file-helper.html

URL Provider

Details	Provider	Source level domain
Details	blogspot.com	contagiodump.blogspot.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	psw.perfloger.dj
Details	Domain	1	heuristic.lookslike.win32.click
Details	Domain	5	trojan.heur.pt
Details	File	4	helper.dll
Details	File	31	helper.exe
Details	File	1	c:\windows\system32 download helper.exe
Details	File	1	helper.sys
Details	File	5	appmgmt.dll
Details	File	3	%systemroot%\system32\appmgmts.dll
Details	File	1	c:\documents and settings\default user\appmgmt.dll
Details	File	1	ntkernelsvc.exe
Details	File	1	c:\windows\system32 msv1_1.dll
Details	File	1	winddfsrv.exe
Details	File	2	msv1_1.dll
Details	File	5	win32.ps
Details	File	175	update.exe
Details	File	1	c:\windows\system32 file update.exe
Details	File	1	win32.rar
Details	File	1	c:\windows\system32 msups.dll
Details	File	1	msups.dll
Details	File	1	winddesrv.exe
Details	File	1	c:\windows\system32\winddesrv.exe
Details	File	6	win32.pas
Details	md5	1	cf795574914ac35c5a13f1fdeed9dcda
Details	md5	1	2d366e990f5a697ef826b30337c49f01
Details	md5	1	e40670e6a0ad1c41211f38b92bfe436a
Details	md5	1	8f7a931316dda9280c6e96a7a7d987df
Details	md5	1	b16511d5e61bb6daf11899d1447fafde
Details	md5	1	fa94a53e70acb072fb0bb866d2947066
Details	md5	1	d150786c232293664963ca1adb6a8675
Details	md5	1	97c6d92ed413be2d96246065ecd3ebf8
Details	sha1	1	8a36c7a67a548f866bc6ec70a248355e9154f68f
Details	sha256	1	47dda594816d244cc25b3878107550c1edd0c44168b19f647f3208701fd4ef6c
Details	IPv4	17	4.5.0.50
Details	IPv4	10	3.1.1.84
Details	IPv4	1	8.2.1.236
Details	IPv4	41	2.0.3.7
Details	IPv4	59	7.0.0.125
Details	IPv4	26	10.0.2.7
Details	IPv4	3	6.5.2.0
Details	IPv4	29	7.0.17.0
Details	IPv4	14	4.0.14.0
Details	IPv4	28	5.2.0.5
Details	IPv4	10	4.5.1.85
Details	Url	1	http://www.virustotal.com/analisis/47dda594816d244cc25b3878107550c1edd0c44168b19f647f3208701fd4ef6c-1273100794
Details	Url	1	http://www.virustotal.com/analisis/47dda594816d244cc25b3878107550c1edd0c44168b19f647f3208701fd4ef6c-1273204619
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters\ServiceDll
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppMgmt\Parameters\ServiceDll
Details	Windows Registry Key	1	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winDDEsrv