analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

TelnetONU1.2.5b.zip

Full analysis: https://app.any.run/tasks/5ba5d1d6-5925-4d22-a69b-cb3d9d872da5
Verdict: Malicious activity
Analysis date: May 04, 2021, 10:41:02
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

D0ED974448F23325CB531251F320BDFF

SHA1:

3B8AA5A279877F5135310D379685358CBBDDBD72

SHA256:

AFFBBE6AA6445BBF95E5D501A533A9BEDD3C231F879AF590D9FB6C8FB8A06EDD

SSDEEP:

12288:LuiVFrDQgl/6N6ydTGLVHuW9tlYyM8RrLMuUintRooKX6usf:LXv/ypUOW9smRrIlWhBJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • factorymode.exe (PID: 3164)
      • TelnetONU.exe (PID: 2760)
      • TelnetONU.exe (PID: 1596)
      • getinfo.exe (PID: 3408)
      • decrypt.exe (PID: 1972)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 4088)

    • Starts CMD.EXE for commands execution

      • TelnetONU.exe (PID: 2760)

  • INFO

    • Manual execution by user

      • TelnetONU.exe (PID: 1596)
      • factorymode.exe (PID: 3164)
      • decrypt.exe (PID: 1972)
      • getinfo.exe (PID: 3408)
      • TelnetONU.exe (PID: 2760)
      • NOTEPAD.EXE (PID: 3056)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2021:04:28 10:34:14
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: TelnetONU1.2.5b/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
60
Monitored processes
11
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe telnetonu.exe no specs telnetonu.exe cmd.exe no specs cmd.exe no specs ping.exe no specs cmd.exe no specs getinfo.exe no specs factorymode.exe no specs decrypt.exe no specs notepad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
4088"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\TelnetONU1.2.5b.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
1596"C:\Users\admin\Desktop\TelnetONU1.2.5b\TelnetONU.exe" C:\Users\admin\Desktop\TelnetONU1.2.5b\TelnetONU.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
TelnetONU
Exit code:
3221226540
Version:
1,2,5
2760"C:\Users\admin\Desktop\TelnetONU1.2.5b\TelnetONU.exe" C:\Users\admin\Desktop\TelnetONU1.2.5b\TelnetONU.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
TelnetONU
Exit code:
0
Version:
1,2,5
1724cmd /c mkdir logC:\Windows\system32\cmd.exeTelnetONU.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2268cmd /c ping 192.168.1.1 -n 1 -l 128C:\Windows\system32\cmd.exeTelnetONU.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
3580ping 192.168.1.1 -n 1 -l 128C:\Windows\system32\PING.EXEcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
TCP/IP Ping Command
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
2468cmd /c del userpass.txtC:\Windows\system32\cmd.exeTelnetONU.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
3408"C:\Users\admin\Desktop\TelnetONU1.2.5b\getinfo.exe" C:\Users\admin\Desktop\TelnetONU1.2.5b\getinfo.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
getinfo Microsoft 基础类应用程序
Exit code:
0
Version:
1, 0, 0, 1
3164"C:\Users\admin\Desktop\TelnetONU1.2.5b\factorymode.exe" C:\Users\admin\Desktop\TelnetONU1.2.5b\factorymode.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
1972"C:\Users\admin\Desktop\TelnetONU1.2.5b\decrypt.exe" C:\Users\admin\Desktop\TelnetONU1.2.5b\decrypt.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Total events
927
Read events
878
Write events
0
Delete events
0

Modification events

No data
Executable files
8
Suspicious files
3
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
2760TelnetONU.exeC:\Users\admin\Desktop\TelnetONU1.2.5b\log\CmdLog-20210504114209.txttext
MD5:7D8D0716F3C7C9726025BF6AD0D016FE
SHA256:4461681FD76BDD44C5C196495FA092CF6C0E62D36DD6CDB004BC6C3AF29EF5F9
3408getinfo.exeC:\Users\admin\Desktop\TelnetONU1.2.5b\USER-PC.icrbinary
MD5:EED59AF6936C1CABF067BE2FEFFDF83E
SHA256:7DFCA7C33757BBAF7ECCBCAAB3FB4DBBBBA2ADEABBD45A82D9FEBF4728781597
4088WinRAR.exeC:\Users\admin\AppData\Local\Temp\TelnetONU1.2.5b\TelnetONU1.2.5b\TelnetONU1.2.5b\date.dlltext
MD5:CE930843B8DB4E0E69C1952A9919D945
SHA256:45CD2816B7F9CCEE5F9E4CD237ACE4912B476227876105D24FA91DD4FBD29C41
4088WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa4088.22739\TelnetONU1.2.5b\TelnetONU1.2.5b\TelnetONU--Usage Description of the ONU One-key Information Collection Tool R1.4.docxcompressed
MD5:2D75636822466BB21F8278ADD2838698
SHA256:AE637C8F8A1DB743D4C1688606A328F22EBBF77ED51E7417BB3B4372F50BB528
4088WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa4088.22739\TelnetONU1.2.5b\TelnetONU1.2.5b\factorymode.exeexecutable
MD5:D6544A7CD742A7BB37A7222E83FD9306
SHA256:6D75E5AA07A666E88DD45BEF12CED490AC89CF07FC3D7E03DECA3118E685788C
4088WinRAR.exeC:\Users\admin\AppData\Local\Temp\TelnetONU1.2.5b\TelnetONU1.2.5b\TelnetONU1.2.5b\decrypt.exeexecutable
MD5:252D0EEF5A1E7CEF6E789C488D1913E8
SHA256:D9E46A77A566B511FB154327637DA91546086E34E02BA41C82B1F86C6746BEB6
4088WinRAR.exeC:\Users\admin\AppData\Local\Temp\TelnetONU1.2.5b\TelnetONU1.2.5b\TelnetONU1.2.5b\TelnetONU.exeexecutable
MD5:B3B5281E07028FE5C4B25DF40D21B098
SHA256:C4C10F96465F1EAE85FF1F76AB76EAAAFB3B9C72E1839404DBEDF8605E303B75
4088WinRAR.exeC:\Users\admin\AppData\Local\Temp\TelnetONU1.2.5b\TelnetONU1.2.5b\TelnetONU1.2.5b\Cmd_Onu.txttext
MD5:1ADF01A5989482B9B4C7B5B1FAB42EFE
SHA256:9F16C34715995F2E89A79A5DC80450C7349A1543580EE2BC8B8715BA4353C87C
2760TelnetONU.exeC:\Users\admin\Desktop\TelnetONU1.2.5b\Cmd_Onu.txttext
MD5:1ADF01A5989482B9B4C7B5B1FAB42EFE
SHA256:9F16C34715995F2E89A79A5DC80450C7349A1543580EE2BC8B8715BA4353C87C
4088WinRAR.exeC:\Users\admin\AppData\Local\Temp\TelnetONU1.2.5b\TelnetONU1.2.5b\TelnetONU1.2.5b\factorymode.exeexecutable
MD5:D6544A7CD742A7BB37A7222E83FD9306
SHA256:6D75E5AA07A666E88DD45BEF12CED490AC89CF07FC3D7E03DECA3118E685788C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
TelnetONU1.2.5b.zip