Overview
overview
9Static
static
8Mbot repac...37.exe
windows7-x64
1Mbot repac...37.exe
windows10-2004-x64
1Mbot repac...ur.dll
windows7-x64
1Mbot repac...ur.dll
windows10-2004-x64
1Mbot repac...ok.exe
windows7-x64
1Mbot repac...ok.exe
windows10-2004-x64
1Mbot repac...ck.dll
windows7-x64
8Mbot repac...ck.dll
windows10-2004-x64
8Mbot repac...er.exe
windows7-x64
9Mbot repac...er.exe
windows10-2004-x64
3Mbot repac...10.exe
windows7-x64
9Mbot repac...10.exe
windows10-2004-x64
9Mbot repac...nd.exe
windows7-x64
1Mbot repac...nd.exe
windows10-2004-x64
1Mbot repac...lk.dll
windows7-x64
1Mbot repac...lk.dll
windows10-2004-x64
1General
-
Target
b93aaa33295a7b67f4b350268b6cfe9fbea7916f5e40918755dfd47af78828f9
-
Size
4.6MB
-
Sample
221126-mmvg7sda4y
-
MD5
351741174cd2477d0a6f61d4d6bfa454
-
SHA1
b6de248a416355b7a4043bc12ba79bc448ed7803
-
SHA256
b93aaa33295a7b67f4b350268b6cfe9fbea7916f5e40918755dfd47af78828f9
-
SHA512
640c4067abd9c450deb5f7ec93814c32115f3a84e054e7b200b831cc560628bf70f085047c7b36748f04f7934957a307f4f7e8433b6f7fa97491e37f69c031c0
-
SSDEEP
98304:0FzsFQm22Erv/8eOQMYCOFJob9tab05ue6OtLrMyDT/vtpQ:BH22EQR9ta7OtLgYvQ
Behavioral task
behavioral1
Sample
Mbot repack by DarkSideOfSoul/Atlava Dll Injector by Phoenix1337.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Mbot repack by DarkSideOfSoul/Atlava Dll Injector by Phoenix1337.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
Mbot repack by DarkSideOfSoul/Detour.dll
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
Mbot repack by DarkSideOfSoul/Detour.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
Mbot repack by DarkSideOfSoul/Hook.exe
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
Mbot repack by DarkSideOfSoul/Hook.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
Mbot repack by DarkSideOfSoul/mBotCrack.dll
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
Mbot repack by DarkSideOfSoul/mBotCrack.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral9
Sample
Mbot repack by DarkSideOfSoul/mBotLoader.exe
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
Mbot repack by DarkSideOfSoul/mBotLoader.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral11
Sample
Mbot repack by DarkSideOfSoul/mBot_vSRO110.exe
Resource
win7-20220901-en
Behavioral task
behavioral12
Sample
Mbot repack by DarkSideOfSoul/mBot_vSRO110.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral13
Sample
Mbot repack by DarkSideOfSoul/merrsend.exe
Resource
win7-20220901-en
Behavioral task
behavioral14
Sample
Mbot repack by DarkSideOfSoul/merrsend.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral15
Sample
Mbot repack by DarkSideOfSoul/psilk.dll
Resource
win7-20220901-en
Behavioral task
behavioral16
Sample
Mbot repack by DarkSideOfSoul/psilk.dll
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
Mbot repack by DarkSideOfSoul/Atlava Dll Injector by Phoenix1337.exe
-
Size
73KB
-
MD5
6843ef86496ed523983392599062c965
-
SHA1
7a0666c6a8f9379fc07cba26cb383a4921c1bde5
-
SHA256
9bb160e1f7ada754b40fbac56407caacaafd9a7d02f03af9e0355e8e263d72b4
-
SHA512
a426d5f9cc103cb6f22bcce3b9b07877a66e97bf671b928956afeccdf592dfe2b9269b2dd48c9b28c0a7ec4f27c8e949ffdd5fb6a84511b9da30a531bf963919
-
SSDEEP
1536:L+1QrC5pV23IrXWhBXcbDaEbTI02gDO9kOgPcG/cPnU18g:L0pVkEXWPJNhkOgPcG0fIH
Score1/10 -
-
-
Target
Mbot repack by DarkSideOfSoul/Detour.dll
-
Size
58KB
-
MD5
519fb61d24a6bb5ca730b9ecbd201593
-
SHA1
400f472c2fdc54bb36e16185a6c3d8ae2d00ff60
-
SHA256
c643712e9554395345268041e96450143a30a66638cb8f35f8307bb95b4aacc4
-
SHA512
fda314ff39f0a4e6cf3cb07f1f0750d238ac824c94eb8e02c66feb7a5f90758b1bfebf4694b665d60d4cbcd41aaedfc9f140bc44d85400cd7f0e767962984c0e
-
SSDEEP
768:W669srHegXVuwbVzAEsc3zMfJZLHDtPBCBGjqGkhdQJyRPRuXAWu5jZA:W6LrHVuk/x3ziJP4BGOdxRuvuvA
Score1/10 -
-
-
Target
Mbot repack by DarkSideOfSoul/Hook.exe
-
Size
12KB
-
MD5
ef18946a2c84761c004427de4bcc91f0
-
SHA1
1f92db61c82bab9e147d1bb3f8cb52d27883d30d
-
SHA256
2c7bea9edacb58def6642e98cf22b5c6a31b1b37e05dd9370b8085ab01f18f0b
-
SHA512
a6df16dcdd6bafc8bc9c3ba8f6f2107a596052b4da1856aaab67e70789a8dd2472b96dac2f5cbaedae5c14768f250f7abef79140861690389f9421518cbcac9e
-
SSDEEP
192:gNSfJHfaB/zQVyTe8u4Xc57e+JbIfuWgelZ1JJ9hqy2c:6OHfDM6ucUebIfuWnlnhd
Score1/10 -
-
-
Target
Mbot repack by DarkSideOfSoul/mBotCrack.dll
-
Size
416KB
-
MD5
e9ddc2b1b1e7d85d59dfd59c1d45c692
-
SHA1
d469b5d97c9e1eee2b56191643fb7de9a143ad3f
-
SHA256
760da9c1dfe9663cb1a49247b6d0be4b9f9a1ecbffc8494d71f1a856ee6ae112
-
SHA512
9019c4b982a090f5c6d50d86f7587a63ae9d18747037b4223d10f065665bb205dcf2a159ca3f815708c9e2e55be8770eb96fb035d22a78c6ba16effd3e507062
-
SSDEEP
6144:oXGSCXC2+SrIjjVSftNsxq8UmSAoKB8QKnDzxMntK08JcI55s4Kbdui7IWol4OVG:o2fC2jIvVSVNszOnytKPG/ZdZoTRe
Score8/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Mbot repack by DarkSideOfSoul/mBotLoader.exe
-
Size
2.5MB
-
MD5
b864c557c4131578a9685c414003377d
-
SHA1
7babee9d4d2925337d365a2b1a74f931f65f9713
-
SHA256
7991da35eaedb012559937785a75042dffb0112c38ed25d02d61aac3504b8fae
-
SHA512
0bac75953ed9dbd67656d04316d56be82c1c8db119c5ab1a1d1a5d17a4ea13afd933feb7ca1d97f16d5a18733b6b3ce6035dd992881f9c2cf90cb7c1f7819288
-
SSDEEP
49152:2jl1ZZdGyoXqeIELvYiCCA8hhsysIKedW8RmkeVWnVYjuc8mjHf:2jhGyo1IovYiCCpPmIVWuS/
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Mbot repack by DarkSideOfSoul/mBot_vSRO110.exe
-
Size
3.0MB
-
MD5
1c9e5f224771314c95a8902ebb177d5f
-
SHA1
652e3bef6d1d609e5e23f00c3c8bcbaa96953719
-
SHA256
4f17791bfbade207c01c4de9ed7d592c536eea6eee020623e378418ed4131717
-
SHA512
ba246b4f8644976bee4a6a6e5ee0f7682ff31772418153d9a63e3cbc6b3a46b386dfc5a1a5eada3746fd8012ce305a2fa993b412cc24ffea9279ebd82be845d1
-
SSDEEP
49152:0dXxm+8HV8+72BnIM7BM9NK/JHqN5KdXsmmwUhbcUPceEw7+j66FsoptheLLXE:WxcdYI+y9cAKlsVwObcU5Ew7BaBnh2X
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Mbot repack by DarkSideOfSoul/merrsend.exe
-
Size
5KB
-
MD5
7beeb35c3bde8caab110b5dc3a45218c
-
SHA1
fa36661a88ec5d68b9bec81dc7e216a3ed696aae
-
SHA256
62738c3e6e2dc132dbce415191383c64b76e460f80af5714d7ef4a4aceabc25a
-
SHA512
cd9ccae0d8124a8d7427e1074da7d0ee20a6646bba0bb01e3d177af714235b1466cba155365fe3ab8382d2bf780e0f95a7ace75e76b1c0e68800b425f0524795
-
SSDEEP
48:63P/t9LRlWFcalXAPBtToWuJLiliwvWcOJph+gOJDV3VkYf8l7ZWyA8ldjZ6FWSu:mXW/XAJyjJnnOJDREdWwPVCzNt
Score1/10 -
-
-
Target
Mbot repack by DarkSideOfSoul/psilk.dll
-
Size
87KB
-
MD5
f10823b20021569726929cbe2b3e9114
-
SHA1
b6c2d20b32bb5ed658e050dd046e307137fe24b2
-
SHA256
bcc0a22aabea03511150c83e0573ce73d0035d2df7fe3302d0cf499066aa6457
-
SHA512
cff9344b18d2ab2a19bdcab633a74a7eff8b3e3740d5293f695d57a7345cb0596cc56d0b6e151d876e190fabf1f051a879e9b52745a10bc63f48b16b68e4d894
-
SSDEEP
1536:l0ylvve3dQYQrk5cbGmQ5Rzyt0yMm0OFgzLa5k0II:SovGj8ycbGmQ5RzytVMm0OFga5r
Score1/10 -