de2be8ebd629be6b1175d3624d1d8e839c228a35bf29e3eacad572d37b94f85c

Sharing

Copy URL Twitter E-mail

General

Target

KRNLWRD.zip
Size

5.7MB
Sample

221220-srrvrsab87
MD5

ec1809ab5228539eb4a67eedde704cec
SHA1

bc1ef5f61e13ce4441ec2d97c4d3c13c5c24a208
SHA256

de2be8ebd629be6b1175d3624d1d8e839c228a35bf29e3eacad572d37b94f85c
SHA512

e0d6579f87de02bce194d5b41804b344200242a4c643dd3849c1da78381c964030713ce7c44f39746ea6bda6491c3040514666a9bb6bb4cfe18a4a10025fd665
SSDEEP

98304:KaMuYq1HaCKJnmx3jlBIMLppmWdg4lzpjPQ4GeaaByx8/hEp0TFkGaZp3j:ZnFaaxXz5lGeo8mp+uPZ5j

Score

3^/10

Malware Config

Targets

- Target
  
  KRNLWRD/Bunifu_UI_v1.5.3.dll
- Size
  
  236KB
- MD5
  
  2ecb51ab00c5f340380ecf849291dbcf
- SHA1
  
  1a4dffbce2a4ce65495ed79eab42a4da3b660931
- SHA256
  
  f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf
- SHA512
  
  e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b
- SSDEEP
  
  6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
Score

1^/10
behavioral1 behavioral2
- Target
  
  KRNLWRD/ScintillaNET.dll
- Size
  
  1.3MB
- MD5
  
  9166536c31f4e725e6befe85e2889a4b
- SHA1
  
  f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae
- SHA256
  
  ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163
- SHA512
  
  113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562
- SSDEEP
  
  24576:IJSShz305vgNF7/cOCPHPSVs4Eq+QTNX+cfQdS+2MMPishd/Ws5:ti0aNvoHqs4L95X+cfx/HGC
Score

1^/10
behavioral3 behavioral4
- Target
  
  KRNLWRD/injector.dll
- Size
  
  1.2MB
- MD5
  
  a1b9c6fdb702f4456a385ee93a1a77eb
- SHA1
  
  283b10148e08fa8bd6d8ec47f8e62c556fb768cc
- SHA256
  
  4cd782cfc5344a942f3f0a61c021122ded48b5e175de76f393419901708c04d4
- SHA512
  
  447ed5b2656fdb225c799270421b9e3459ac44ae7be06a84bd6c67c2304b8076eb562e3d191e8a43190338fa4e67a8b3cf7afd3eb788c707497cb090b98af0ca
- SSDEEP
  
  24576:F4L8ZNLC0RaGGeeh9dWHjQyAToCF+i15b1lpJyIOYCdcb65Jhz+:Fxf89ajQyAToCF+iVJyIHocb65Hz+
Score

3^/10
behavioral5 behavioral6
- Target
  
  KRNLWRD/krnl.dll
- Size
  
  3.6MB
- MD5
  
  dd2cead4e9dded0e029457061c4dcfd5
- SHA1
  
  4a67e3675db9a43d7af25bba8f9921227b624474
- SHA256
  
  bb8125901ca3caf7dd5f726085f21d08b2e3736f4109e0530da118e3dc54cb1b
- SHA512
  
  0ce64ac2ed544686b042b7bad3642b0c0a4a7cb50a9f0496ff50001d6f0db55d05c77e3d253545f5fe55159cb9564f5cca8daf65e77cb6135a6edfb87024fa85
- SSDEEP
  
  49152:WXmm0MY+MpOl4TMixzMiTBr3F6d7jQ/+K1thZA0Eryyatny1FVCuPzmcDo1zIvCc:WXmMKpOWoi1rVCYhg3zT17mE4lnXz4H
Score

3^/10
behavioral7 behavioral8
- Target
  
  KRNLWRD/krnl.exe
- Size
  
  1.5MB
- MD5
  
  b4d30c9b8d8285090d6a23f86c9d418e
- SHA1
  
  ec0749a7d4d0fe5ebcb6fe732a839c13f02bb4f8
- SHA256
  
  16a708453fef15c6949ef6278020b9df440bb5e93d2b644dacc37729f3e6c09f
- SHA512
  
  9e38805aedc2276e7fe457cb9b2f7d5432ea69049bfc1876969f072e6c73e067808072f74b9e3d97f4567ec7611e464500b229a08dd8c1737bb5ead60598cbd4
- SSDEEP
  
  12288:anWI3rG06x7+G70EE/0GGGGGGhGGGGxdoM43nwVkokblUI:anWuC0AC4ysGGGGGGhGGGGx1VpsL
Score

3^/10
behavioral10 behavioral9
- Target
  
  KRNLWRD/krnlss.exe.config
- Size
  
  202B
- MD5
  
  0ed4b3831ff5e91dff636145f68aac4c
- SHA1
  
  2d1140812945dc1b9e400a88c911803639cb2e49
- SHA256
  
  03962ae5a55dfc70e2717771a9a7aa37b956b2c5b4c62e3cff9fe24360250347
- SHA512
  
  4039d0272678777ba6fa496baf875050bd4c29352fffd37af8c3c07fb2abeedc54ba04a3dd085b491d848e951ccfcbd67ec7ba50a10ec0c624df45e98c18bf1c
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12