Overview
overview
10Static
static
Software Y...64.exe
windows7-x64
10Software Y...64.exe
windows10-2004-x64
10Software Y...oid.py
windows7-x64
3Software Y...oid.py
windows10-2004-x64
3Software Y...ple.py
windows7-x64
3Software Y...ple.py
windows10-2004-x64
3Software Y...per.py
windows7-x64
3Software Y...per.py
windows10-2004-x64
3Software Y...ple.py
windows7-x64
3Software Y...ple.py
windows10-2004-x64
3Software Y...top.py
windows7-x64
3Software Y...top.py
windows10-2004-x64
3General
-
Target
Software_Yuki.zip
-
Size
1.4MB
-
Sample
221111-gdfd2abear
-
MD5
d8edde8e242fe61b58265c6a326ea435
-
SHA1
d8c50123a7d8bae21fbf1a826a06f6534f00039f
-
SHA256
19857840331c8cc15dca34f5ad42c9d413cedfa307707d9c3764f2e7b43fc500
-
SHA512
23a1ba690541d4d976407a120fe65cf9525409a1590750cfec821e41669d657fd56d89b2fac33f15dc93715d3477b467a5db0081159252038c0e3c3b348ff687
-
SSDEEP
24576:FAFUwIND8EcBD1YjTqnw4UFlxYYitUEoiIlPchl4itVnjLWibSm0Mus:FOai0jGSwzslPYl/uAz0fs
Static task
static1
Behavioral task
behavioral1
Sample
Software Yuki/Set_Yuki_x64.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Software Yuki/Set_Yuki_x64.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
Software Yuki/SoftwareDataDebug/examples/android.py
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
Software Yuki/SoftwareDataDebug/examples/android.py
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
Software Yuki/SoftwareDataDebug/examples/appium_example.py
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
Software Yuki/SoftwareDataDebug/examples/appium_example.py
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
Software Yuki/SoftwareDataDebug/examples/appium_helper.py
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
Software Yuki/SoftwareDataDebug/examples/appium_helper.py
Resource
win10v2004-20220901-en
Behavioral task
behavioral9
Sample
Software Yuki/SoftwareDataDebug/examples/appium_simple.py
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
Software Yuki/SoftwareDataDebug/examples/appium_simple.py
Resource
win10v2004-20220812-en
Behavioral task
behavioral11
Sample
Software Yuki/SoftwareDataDebug/examples/desktop.py
Resource
win7-20220812-en
Behavioral task
behavioral12
Sample
Software Yuki/SoftwareDataDebug/examples/desktop.py
Resource
win10v2004-20220901-en
Malware Config
Extracted
vidar
55.6
1325
https://t.me/seclab_new
https://koyu.space/@ofade
-
profile_id
1325
Targets
-
-
Target
Software Yuki/Set_Yuki_x64.exe
-
Size
686.6MB
-
MD5
3086921f1e7c9f7156ccbc08c9fa25a2
-
SHA1
80e78e6e4a9427729c977e30ee2cc84813542092
-
SHA256
2e2495ef2e8166ecf1015d54972ad676cf3deb5b8b0f32f434dfda48205b87ab
-
SHA512
81e2a221f6070bc255d53e3c4d09b6c681810d977d2d86e6f0f6758f59664bd5e158c3367b6b5ef2232c3f3f7016a02e18069ce06fd7c34817a8020e9ecac622
-
SSDEEP
24576:uv66t3q/zhIYCpnviF18f5xn/T8BlnpvgSHhD:JsqlRuxn/T8j6s
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
Software Yuki/SoftwareDataDebug/examples/android.py
-
Size
542B
-
MD5
9d06948472ef50cae816f2bc396572b9
-
SHA1
d7077b7370b6aa96de197556dad73fa42bc9cde5
-
SHA256
cd7fbe2d691ea6ebfec63a55408a7266c26ce467650d39cd43924b05ed681e2b
-
SHA512
0acf8fb10c7705e6eedf03b6e9ae19fa23983f9505fee4c7e7495d2f74405b6b86cd1e7fd205c655fe561207b3ffa6d66b5ca3466642eb667df78b199678a0dc
Score3/10 -
-
-
Target
Software Yuki/SoftwareDataDebug/examples/appium_example.py
-
Size
2KB
-
MD5
ea74819618a051e2536f122af645a599
-
SHA1
ebad572761ef4afd27f8f5f93f490836e57b8043
-
SHA256
a39c82e31d8fc14571cdb84ac06db6e27f338bfa5c6e7532e4bb1363391fc5cf
-
SHA512
44db269a386891df12e44a4f04c6312b0c996625692a15e3b961bbc5d7adaff2001718ba641b9b17d514495091a40bb47cf7a686cf4b188188d3601ea59079f9
Score3/10 -
-
-
Target
Software Yuki/SoftwareDataDebug/examples/appium_helper.py
-
Size
2KB
-
MD5
9e15789e5707991cb0089c95c5a540fe
-
SHA1
544e4c2d8d9d1f4c70d9652d8315c9e6918cbaf0
-
SHA256
567310f70edc643667c4e1dd4bfc37377283f49b1176460fa6bfe5e99fb3c66c
-
SHA512
cc4c7f05772715615fe31022a0491641ba75af71deefe6da6a299dc0c41f68987deb7fc99e9a07713b416060030316ee97a39e60a754ff51ded00d20294e7419
Score3/10 -
-
-
Target
Software Yuki/SoftwareDataDebug/examples/appium_simple.py
-
Size
1KB
-
MD5
db02d17fe9c460c8ddfe35e227d3c0d1
-
SHA1
729e66d40e35a2614e5955ce25367b44004a1693
-
SHA256
530150a40470a6ab4f3cc7a85b5e1b47b1c6e60fa0331780b9b03bc7846e29ad
-
SHA512
963ab8ec6fb2f710ab26c31992a54d1db0877b658a12d8a8bff4bd2e004e1d7d329907d58bd26ff06d507944a8ee1cdbd2e54b5260cdbff030c591aaf06ea033
Score3/10 -
-
-
Target
Software Yuki/SoftwareDataDebug/examples/desktop.py
-
Size
438B
-
MD5
590b81e3bad1a80c955c3604e7db73eb
-
SHA1
a09783cb6addff207a4edff0be058417f6b769de
-
SHA256
ebe2c5d92dc865fc03252506aa80e914c94f7b8a9d020541794e44adb94ac2d7
-
SHA512
193c41a5327a800e7a950b20cf312213b395b6ca692f707c3f6e3bf12ca026144deee3c6058c304c5644643c1847103b984859c6ae085d9ca96eafd8c9274968
Score3/10 -