Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.05 04:11
VST32License.exe
11.05 03:11
VST32License.exe
11.03 01:11
DocTromTinNhan.exe
11.01 06:11
MPDW-constraints.vbs
11.01 06:11
87f3f2.exe
11.01 06:11
Client-built.exe
11.01 06:11
norm.exe
11.01 06:11
chrome_131.exe
11.01 06:11
kjrhjijawdkrjhh.exe
11.01 09:11
Calibre_Installer.exe

Latest News
11.05 01:11
메가존클라우드-파이오링크, 클라우드 보안...
11.05 01:11
프로페셔널 헤어케어 브랜드 레삐, ‘20...
11.05 01:11
Chinese Group Accused ...
11.05 01:11
25년 정보보호 전자공시시스템 고도화 및...
11.05 01:11
KISA, 민원 응대 보호시스템 전사 확대
11.05 01:11
아늑샵, 2024년 4분기 '한국소비자인...
11.05 01:11
크라운슬립, 프리미엄 구스 이불 론칭 기...
11.05 01:11
Google Warns of Active...
11.05 12:11
안랩, 2024년 3분기 매출 685억,...
11.05 12:11
Southeast Asia’s Digit...

Dropped Files | ZeroBOX

Name	5fb478c762c52783_kidney Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Kidney
Size	70.0KB
Processes	2564 (66f25393e0294_STcryotr.exe#stealckiscry)
Type	data
MD5	`23e6b5021b4075cade27b2ab42bc0d86`
SHA1	`ba70ab5e0298bb735c939e278a2c05b2cfada02f`
SHA256	`5fb478c762c5278368a36d5b060ff1f3792e0543411dd5a2808112131c89d8fe`
CRC32	`2E296C19`
ssdeep	`1536:bhO4lTMG6hq/3dyQTgJPS2AtA+jD9Nys+clEzJU6EKhBpNh:bhO8Tv6hXGgJaGUN/+xC6EK9f`
Yara	None matched
VirusTotal	Search for analysis

Name	919b610d3e025a2b_j Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\280305\j
Size	420.3KB
Processes	812 (cmd.exe)
Type	data
MD5	`5e8fc7ccfc1079bcd10f164f4d979b54`
SHA1	`42bada3279113f4dfb38d4e3e0d8e538799cfa59`
SHA256	`919b610d3e025a2bcd9474b63fb091a82f9f0f61149754d30b587327a020a8ca`
CRC32	`6CD226FB`
ssdeep	`12288:xTqQ80rhSG+9ABibskMuZRylkObgx+LWVEyMPch6jY:9ph69AHjmRyKaQVEyP6jY`
Yara	None matched
VirusTotal	Search for analysis

Name	0ab1c06b8661c040_great Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Great
Size	74.0KB
Processes	2564 (66f25393e0294_STcryotr.exe#stealckiscry)
Type	data
MD5	`f1dbd79ee88c79c2e3c8df96a9bf574b`
SHA1	`991c49c967191b50a4c82c0332e6451f262d623e`
SHA256	`0ab1c06b8661c0405e9f762a5467490552d09ab80e525ce680e8873f0e619f83`
CRC32	`E2DA49AC`
ssdeep	`1536:r8TogMExqRpa3VlciWsiETp3nJeGp64RNHDbWlLys2EbrNJ6d8Nu:rlgMEGsVlciKEpJeMjbW/brNJUv`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsoEF80.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsoEF80.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	fe8beb4c28a29fd7_tragedy Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Tragedy
Size	18.3KB
Processes	2564 (66f25393e0294_STcryotr.exe#stealckiscry)
Type	data
MD5	`4bdbe8a20cf4d09e63b6fa9f25959595`
SHA1	`d4906db5d122a2802b3dcd97bda9c67f17fec12f`
SHA256	`fe8beb4c28a29fd71d5de4b29e076b5f8ec6d7d6ae0e2c4f287d673903dc6796`
CRC32	`78744C9B`
ssdeep	`384:QFDgBszEYSiHY/jDKglGuqauoxlLucqJ6ysP7w+eTwGV:e40UKgAta1lLucqIQ9`
Yara	None matched
VirusTotal	Search for analysis

Name	ab3924fb6a48cb13_laser Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Laser
Size	866.9KB
Processes	2564 (66f25393e0294_STcryotr.exe#stealckiscry)
Type	data
MD5	`b400a5aeb68a43458188671a00b6accb`
SHA1	`0a085b85e4e5311449bab03c4b082831869ee96f`
SHA256	`ab3924fb6a48cb137bb352c227a253cb4ba4c1f8ff86ecef6bc551b423345799`
CRC32	`C0D42534`
ssdeep	`12288:bV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:Bxz1JMyyzlohMf1tN70aw8501`
Yara	Malicious_Library_Zero - Malicious_Library Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	f5a2a68fc485ce7e_mate Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Mate
Size	85.0KB
Processes	2564 (66f25393e0294_STcryotr.exe#stealckiscry)
Type	data
MD5	`6d0103119508462a7207cc301efe0829`
SHA1	`b3aa1fd1a81ebb5412e9502351bc22f08a6ab2ed`
SHA256	`f5a2a68fc485ce7ecb4fe087a6e2d43825a84d88602b86c146f06fcb72d6670f`
CRC32	`181FB8C0`
ssdeep	`1536:o1iGmQQes9UujCUEhfMckBaa0gSyBnLFR2S9a8Qb7f6l/fkM57XWMmVEYmMw0Q:XxCpez8g1BBG8QbDsfkM5Kf7mMwr`
Yara	None matched
VirusTotal	Search for analysis

Name	d8b7c7178fbadbf1_rec.pif Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\280305\Rec.pif
Size	872.7KB
Processes	2664 (cmd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`18ce19b57f43ce0a5af149c96aecc685`
SHA1	`1bd5ca29fc35fc8ac346f23b155337c5b28bbc36`
SHA256	`d8b7c7178fbadbf169294e4f29dce582f89a5cf372e9da9215aa082330dc12fd`
CRC32	`388D364B`
ssdeep	`12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	bee93fe4c3b2636b_significance Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Significance
Size	5.8KB
Processes	2564 (66f25393e0294_STcryotr.exe#stealckiscry)
Type	data
MD5	`c938fbd3db2346576cfa2eeaff837c94`
SHA1	`34b1d2d98a427b44d1772723427bb94bcccdc9f2`
SHA256	`bee93fe4c3b2636b6d888309474bad75ac9b2729d5885f522b5ae1a5e3935819`
CRC32	`7925D99A`
ssdeep	`96:DxgUzr4tgOwVAfBzDICS09CAi6R7u+IhsObfS+NsPvj6ooxdofjxP3yGj1H0393:FHAeOqAFDw09CV/2nPvj6DdMP3r1HId`
Yara	None matched
VirusTotal	Search for analysis

Name	b17fd8e6d1c77f8b_means Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Means
Size	90.0KB
Processes	2564 (66f25393e0294_STcryotr.exe#stealckiscry)
Type	COM executable for DOS
MD5	`c21b35dabbe0920dffa97778fa6c1f10`
SHA1	`a54c05674334f312907c178269089b22fd0f6467`
SHA256	`b17fd8e6d1c77f8bcc9b3073374a6e6953aba3857d4c684b903abc283f1e0c39`
CRC32	`75C52AB6`
ssdeep	`1536:G+N3QlFvfwKfbEXjODF9od1cPeE5Kegv1ScLfrAfE9POlUoL/I+9:wJ1fZDF9Q6V5kv1hf0EihLI+9`
Yara	None matched
VirusTotal	Search for analysis

Name	2012a242ee43c3d3_moments.bat Submit file
Filepath	c:\users\test22\appdata\local\temp\moments.bat
Size	8.9KB
Processes	2564 (66f25393e0294_STcryotr.exe#stealckiscry) 2664 (cmd.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`5c466f0daaef6be8d818bb8233a9b6a6`
SHA1	`35c4b76d351de421bc4e3e03626d85de3023eec1`
SHA256	`2012a242ee43c3d3913bdd0bc2508cf3808b8ad2e2626cf9bc1c8e6dabafc8b9`
CRC32	`76654753`
ssdeep	`192:T1N6QKK6PhOh/P+HLUJMu3ESF2E5XnN4KNGAG6GpGdGrGQowYkLDBaqC:TL6a6PhMPr/3XZ5XOowYMC`
Yara	None matched
VirusTotal	Search for analysis

Name	fd8ad23a35ef3361_girls Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Girls
Size	83.0KB
Processes	2564 (66f25393e0294_STcryotr.exe#stealckiscry)
Type	data
MD5	`9cbee49b113718bca851dfdb1daf9259`
SHA1	`dac2fa6dd644ef16f589339b50b0a0ea8ca41f2f`
SHA256	`fd8ad23a35ef3361194b25ca07ff35385eae591e5031c710d95912e83bea1bc0`
CRC32	`32A6D578`
ssdeep	`1536:3GjRCihM8eCMVk1wprJkQOsoUK12apMbYD7TFsu+FpYWCDi4kG:2RthreC2kepSk1KcapE6Fx+PYle4kG`
Yara	None matched
VirusTotal	Search for analysis