Sample details: 1504315bff1d291a244dd57c52d5f2d1 --

Hashes
MD5: 1504315bff1d291a244dd57c52d5f2d1
SHA1: 7606b78efef0739e8bc70f331a0e71bb7c6dfb35
SHA256: 7d7820ab10f1a0c653420c6b283607abe5e07c07adf78314e46dbf8d19d9f65d
SSDEEP: 1536:Xv5ssjVAeyMjM8tAgL1K4yvkO+1eTkOoPhl298z/qbN2mzPOLVYAjMTj80X:/5JjfymjLk4yvkO+gTk08GN2mSLVYAIp
Details
File Type: ELF
Yara Hits
YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://136.144.200.209/Demon.m68k
Strings
		N^NuNV
5lf>"y
5lN^NuNV
N^NuNV
N^NuNV
 OHWHQHy
N^NuNV
N^NuNV
N^NuNV
 @N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
LN^NuNV
HN^NuNV
N^NuNV
N^NuNV
N^NuNV
B@HAH@(
B@HAH@
<N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
 @N^NuNV
 @N^NuNV
 @N^NuNV
 @N^NuNV
N^NuNV
N^NuNV
NqNu"_ <
p7N@-@
N^NuNV
N^NuNV
N^NuNuNV
N^NuNV
p!N@-@
N^NuNV
N^NuNV
N^NuNuNV
N^NuNV
p?N@-@
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNuNV
"	p6N@-@
N^NuNuNV
p%N@-@
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
p*N@-@
N^NuNuNV
N^NuNV
N^NuNV
pBN@-@
N^NuNV
N^NuNV
N^NuNuNV
N^NuNuNV
N^NuNV
N^NuNV
N^NuNV
 @N^NuNV
 @N^NuNuNV
N^NuNuNV
N^NuNuNV
N^NuNV
N^NuNV
 @N^NuNV
N^NuNuNV
 @N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
 @N^NuNV
 @N^NuNuNV
N^NuNV
 @N^NuNV
N^NuNV
N^NuNV
N^NuNuNV
N^NuNuNV
N^NuNV
N^NuNV
N^NuNuNV
N^NuNV
N^NuNuNV
N^NuNuNV
N^NuNV
 @N^NuNuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
 @N^NuNuNV
N^NuNV
N^NuNV
N^NuNuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
 @N^NuNV
N^NuNV
N^NuNuNV
N^NuNV
 @N^NuNV
 @N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNuNV
N^NuNuNV
N^NuNuNV
HN^NuNuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
NqNuNV
"	pfN@-@
N^NuNuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNuNV
 @N^NuNuNV
"	prN@-@
N^NuNV
N^NuNV
 @N^NuNV
N^NuNuNV
N^NuNV
N^NuNV
 @N^NuNuNV
N^NuNV
N^NuNV
 @N^NuNV
N^NuNV
 @N^NuNuNV
 @N^NuNuNV
N^NuNuNV
N^NuNV
HN^NuNV
$N^NuNuNV
N^NuNV
NqNuNV
N^NuNV
p-N@-@
N^NuNV
N^NuNuNV
N^NuNV
N^NuNV
 @N^NuNuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
 @N^NuNuNV
N^NuNV
N^NuNV
f``R/.
fH`. .
 @N^NuNuNV
 @N^NuNuNV
 @N^NuNuNV
N^NuNV
 @N^NuNV
N^NuNV
N^NuNuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
 @N^NuNV
g `< .
 @N^NuNuNV
N^NuNuNV
N^NuNV
N^NuNuNV
N^NuNV
N^NuNV
 @N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNuNV
N^NuNuNV
N^NuNV
N^NuNV
N^NuNV
0N^NuNV
N^NuNV
N^NuNV
$_N^NuNuNV
N^NuNV
N^NuNV
N^NuNuNV
N^NuNV
N^NuNV
N^NuNuNV
 @N^NuNuNV
N^NuNuNV
 @N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNV
N^NuNuNV
N^NuNV
N^NuNuNV
N^NuNuNV
N^NuNuNV
N^NuNuNV
N^NuNuNV
N^NuNuNV
N^NuNuNV
N^NuNuNV
N^NuNV
N^NuNuNV
 @N^NuNV
eO#IgD
s$c58g
9699,,"1"54"C
|ite\jle.C
O,"nN =:DrOfByte&
","1204","10b16114f02d4f0ac7c356cba3c0dea0bf0486b1602d654745b7932c58e59695","1864","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190906012935.993","1204","10b16114f02d4f0ac7c356cba3c0dea0bf0486b1602d654745b7932c58e59695","1864","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->61440"
"20190906012935.993","1204","10b16114f02d4f0ac7c356cba3c0dea0bf0486b1602d654745b7932c58e59695","1864","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->61440"
"20190906012935.993","1204","10b16114f02d4f0ac7c356cba3c0dea0bf0486b1602d654745b7932c58e59695","1864","filesystem","ReadFile","SUCCESS","","hFile->0x000001d4","nNumberOfBytesToRead->12288"
"20190906012935.993","1204","10b16114f02d4f0ac7c356cba3c0dea0bf0486b1602d654745b7932c58e59695","1864","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->12288"
"20190906012935.993","1204","10b16114f02d4f0ac7c356cba3c0dea0bf0486b1602d654745b7932c58e59695","1864","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->268"
"20190906012935.993","1204","10b16114f02d4f0ac7c356cba3c0dea0bf0486b1602d654745b7932c58e59695","1864","filesystem","WriteFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToWrite->268"
"20190906012935.993","1204","10b16114f02d4f0ac7c356cba3c0dea0bf0486b1602d654745b7932c58e59695","1864","filesystem","DeleteFileW","FAILURE","","lpFileName->C:\cuckoo\dll\xmdzLr.dll"
"20190906012935.993","1204","10b16114f02d4f0ac7c356cba3c0dea0bf0486b1602d654745b7932c58e59695","1864","filesystem","MoveFileWithProgressW","FAILURE","","lpExistingFileName->C:\cuckoo\dll\xmdzLr.dll.exe","lpNewFileName->C:\cuckoo\dll\xmdzLr.dll"
"20190906012935.993","1204","10b16114f02d4f0ac7c356cba3c0dea0bf0486b1602d654745b7932c58e59695","1864","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190906012936.003","1204","10b16114f02d4f0ac7c356cba3c0dea0bf0486b1602d654745b7932c58e59695","1864","filesystem","ReadFile","SUCCESS","","hFile->0x000001d0","nNumberOfBytesToRead->268"
"20190906012936.003","1204","10b16114f02d4f0ac7c356cba3c0dea0bf0486b1602d654745b7932c58e59695","1864","filesystem","CreateFileW","SUCCESS","0x000001d0","lpFileName->C:\10b16114f02d4f0ac7c356cba3c0dea0bf0486b1602d654745b7932c58e59695","dwDesiredAccess->GENERIC_READ"
"20190906012936.003","1204","10b16114f02d4f0ac7c356cba3c0dea0bf0486b1602d654745b7932c58e59695","1864","filesystem","CreateFileW","SUCCESS","0x000001ec","lpFileName->C:\cuckoo\files\.gitignore","dwDesiredAccess->GENERIC_READ"
"20190906012936.003","1204","10b16114f02d4f0ac7c356cba3c0dea0bf0486b1602d654745b7932c58e59695","1864","filesystem","CreateFileW","SUCCESS","0x000001d4","lpFileName->C:\cuckoo\files\.gitignore.exe","dwDesiredAccess->GENERIC_READ | GENERIC_WRITE"
"20190906012936.003","1204","10b16114f02d4f0ac7c356cba3c0dea0bf0486b1602d654745b7932c5G y
7;4","1864","dihesyr
elf,"CFe`T
SVCkE\S.,"0y0000
,"lpGx
e->F:\
0b16015w
c0dca0BfT@
gb1602d654745b7932c58e59095"(l2wD
~f00z	
~jvC,g60|:x@za45#
&lz""b|&1
I|Ebvg0axI
$"@hbz=7<
g"-$":v
wmx[~f
0:,Lf1Nc
&$.,"g
0H03}L02Q
tVele+J
Fa.uc`~
N}M2E\OjRyd
S:oZEq6
>xI28R
"=|nzWbt
DnBEzm
|}"$C"
LnBe}rep
Js{AWz
^15 )z6V
-i-F{`
,.N<Pik(
/"A2C2I%
"OzmC]|}
X18$ .
B"=" ~"K"3XB_6=!$j02ASf2MCYc?%&oba
BY9?"s98e
B"^uqtFk
P0t  <00
B"b^eabeK,
ticDcRe
P49@B_6<"t:54SR
W]Gtm'i
L,.xVeleUX
X.< #.,"iT
+HduN0MH0<Y6
]2o%(i59C_
bfyL$Si;
-Z,(|UlmE[2"
0<  <1dSDt
@NeMc=
b&BiT$SD
L1<r!&13
08(&(1P0
4?S=BY9;
wklYlg
diLY",*SzC
@KrCIBVu$
xkzBzc
ealrl'+7
V8@0Ip
d!.&=44BE
*L2<!)<90AV=
 #h,E;B
B"-FHh
C^diq nf0F^
"8jI2OU
B_6=!$j02
esiIly|
feLKsq
mb^lov0}
|={M+c
~o|L}`
0iiLk+
}vhzWbt
E\OvryDeq
}Q4gts
+HduN8MH0<Y
bLbA=e
`MfxL82*I61
jT"QJOdN
+?*Xp`
xLx6*I61
xVele.X
dZq0*I60
p4pNb0
lrlDv`
~n~E~g
LS]SSUSQ
6rqzx{v
dv&x +w
2XxkzBzc
lmSQsdH-
,iwF|5
<ei&nimE
EGsL,*
tmS:oZt
L,.1"~jlYlg
,&~;C_
02xH03
5:LLa+L
xA0'xI2:{N.2Q
jetUt5
	{NAri
C6lcEci
]eKock
.G?RAq
94~H14qK6-xH3 M
"("jIBek1
SkE^S", !80=
"!"lpBx,eCA
.k:Q10b0'q19F^
$N0lc7c#$vcoA]
tMa=bf0<)vb<V03t
040603#y3;N00
5;cba7rpdh
98","0)v4/LpFG
EkCHSS"<3px=P
tlbgs\&v)td/
SFedCe
j+USlM|}
LemJ-U
xL"-jI0`P
1:xJd7T
ZgRv{!
K&Q232c
4bxJd2.Ha`
1~A5!n
19f02t%&0lCY
coa3c2u%a=B
b<602l'u4:
2n58e%(v98
4/,"fI}%st
@Ny]bUrM
~~&~E~f
W0`{F4
f8^d&d
5:CrN3
feLu\y
,.N^Zm
C0 iR+
emDVFl
sXOBJa
CEJ3jU
c;C#}O
BuTu\T
B">"RM6!
0<^*RM6(
",49u-CIsCjU
V00xB!
moiR!fN)
hF^2hd
tef('+
a<BvxM
69].VL2p
0mC'L3T
"[Ry[e'
fNYdJs5
"bneBb
"[Ry[e'
liSi\t
~/`0sY$
,.N^Zm
:k7rm~EC>:i
cnA#L0
yB*PXH 
'*eMK-_
B"dfy$
jT"JFl
,"diCe1
}NcXN3
z8~G*b
	ld/Y]
w2dZST
L!zbV63
2!<b1;V
rq?c0D
	4705M7{
" jI87U
jT&REiE
vdPWid
qr[ bd
ti-yVk
"_zmCM2
[xa`ZKEp6"
iKy%N16p
t,"C^Di
 iJJ _G|
~o|L}`
|:x@za45M
+kwCw@lz
4*\$<%J)
<h%EQ{mU^pM>k
|g}C`f
0|Z,%P
~jvC,g
*Hwey-
x:xDyGxo
BaE8@o@
jzwL,*w{COg[#
ll~Dwf90
lGh@g(p
@g\r1>
" l:91+%irJJAo+
AHn"n2
i-__pA$olM'b
~?-B-F{`
=D4zuOw
-6bBmSy@kHcD
lo|Ezt
X^O_68
ZE[Que
TNMmL}R
-i-F{C-4a3C
gaU}Vs
$RV+'n2
AChgNM
\tU2^j
wmx[~g3"
7sW57wBO3o dua2
t0mKne
M0lE!~<(EzMx4
	su"YL
'sy5Pe 
G2f"5S
!u~"J"
/-:xL|Xv3
@){jyA{
Heeu	?
,TI/2;
de+l'|LA
!%~0V&
  {5R0
W}irA,
{Lxo5"d[
"jFBe{
RiAlf)";lYl
UCckS[lrlWbt
umBKrG(
ll~Dwf
bCTlG~Dwf
"[3I3S~
nRZCb}]afVVZec{ARi)
lq@&Rqx
,6GhidJ
0>Etf A
0nF^4$t
H2ygTK
lmEG|"
\d8Gpas
*yJ02C
1~A5-M
Ehi`Hb
oHBqY%
OyreY%
:qK6'Q
~jlYlg
1{Jc>Y
IBe{T3
80H0>Q
Fly|H3
8~H13X
~o*Mlz
B[x?SESS
NANZCbm
lwFx[~g
0lEQ<b
B"`fY`e
*j(E/5
K"ihKBe%
7%teML,.wZip/
xEL,.q=CGe=S.
W'DV" 
e~oNB}W%sP
ll~Dwf
M0lGai
~n~D*n",j
gpe[Ks\
-2xozA~WC\"2
0hEI0fEp4<Vl
}l-@v3
"C5Mck
> 6n~E~f
ixD(ixe&
LSYb-ECS*f
P0t04P8
sXo_<7:
^9<64Q:
Z"<"9~<
wZi|JFFB
N^NuNV
N^NuNuNV
N^NuNV
A-JzE#
\=;Cn9M
2CcMEajF=a[
J>Gz)1
<+ (C\
xi bsd
7n&EVe
|-oa@	nt
Al YTd
b.-4=)
N^NuNV
N^NuNV
N^NuNuNV
N^NuNuNV
N^NuNuNV