Overview

overview

10

Static

static

DeepNude-4...pp.xml

windows10-2004-x64

1

DeepNude-4...gs.vbs

windows10-2004-x64

1

DeepNude-4...ls.scr

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DeepNude-4.1.8-main.zip

  • Size

    2.4MB

  • Sample

    221012-nv6qwaddek

  • MD5

    393285349700b96f0aa4294a4db95047

  • SHA1

    5fad2c4539688431be2b73cbb1f05c4124c74e96

  • SHA256

    7fa23980ef1ca0fe2cda5aedeb20e122c492f644063945dc451aa887262c1caf

  • SHA512

    7fc6ec0647dcac88b2105bb9b73670b25c399f47027c878a064ab0286ebebd8bee86b152a88301d3a1265dc12e37c27155f1d2a96b37982181857d76a79c0cbc

  • SSDEEP

    49152:yBW8n33SKhdPrPHMKfY5PyvRPquAcvM1SYvGWFh2Eo6gnl2hqojaNsIgVaYYjw8L:gW4LjkKfY5Py/JAxvGUUEodw5eyo7ne2

Score
10/10
bitratevasiontrojan

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://asamy11.com/cp.exe

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://asamy11.com/sv.exe

Targets

    • Target

      DeepNude-4.1.8-main/DeepNude 4.1.8/Barcs/App.config

    • Size

      180B

    • MD5

      1f6220b055ace7643304f9d04b89adc5

    • SHA1

      6a518097662f078094bc875f925114effa4201ff

    • SHA256

      dcea3feb399b1aa05de4d5c7aafdee5577c5a19fdb7d32243812cac45df5bfb2

    • SHA512

      b2f1afac2c5013f8a133e6b4421d235986ad279c72b8459adf5d8a161a71f73fb2f3ca2597d0c4474c99679312e8620ad375cf845ab2786e0a214d48c8243ead

    Score
    1/10
    behavioral1

    • Target

      DeepNude-4.1.8-main/DeepNude 4.1.8/Barcs/Nugets/logs.txt

    • Size

      6KB

    • MD5

      1d9bd12c265cc9578eb1dd95e34b82d5

    • SHA1

      8d1269c1c730cecf0ce8d3abb6701ea65d54a5a7

    • SHA256

      9a969502ede3d8641b68409c7b87c7cc18e1a447c5e5a6dd209486fa6f9749a4

    • SHA512

      70a24fa94f09bc507c143d0c39eb7221c91e4b375e25cff4b7af243fb932c6d066754527753a52caad97a2c2480c012fd5bc266b67c53d6f386b766734968962

    • SSDEEP

      192:i4uCdkOLyOlEcvdwdugngTTnH4TnHRqEI:iDCi1BgHnYnxXI

    Score
    1/10
    behavioral2

    • Target

      DeepNude-4.1.8-main/DeepNude 4.1.8/Ba‮nls.scr

    • Size

      59KB

    • MD5

      b242156243e162315223649f74781b47

    • SHA1

      62a05a78cc3e413556427174797b266056228e14

    • SHA256

      293dfd8fc8dbb5c9dae7f693dd7c8af5cc3b534080b75685738188ce4fa16a40

    • SHA512

      a29d16c282c3362cc306ab5adb8031c17e69738aa9cf6c86c4d8503469d44376f76659860b8678383900b9a9aaeeac39ef249b1718e8891e4465ea9f8e8c198c

    • SSDEEP

      384:J7dQrb1epzgNbvFAbBZUC6vZZBfNAAK/Voc+i0UzU1s4gQH7vn:hMbwiNL0ZUzlNAp/Vocb+

    Score
    10/10
    bitratevasiontrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • UAC bypass

      evasiontrojan

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion
    behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Hidden Files and Directories

2
T1158

Scheduled Task

1
T1053

Privilege Escalation

Bypass User Account Control

1
T1088

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

3
T1112

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Hidden Files and Directories

2
T1158

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks