Resubmissions

04/01/2023, 05:51

230104-gj64yaeb36 9

04/01/2023, 05:39

230104-gcp7vahc91 9

General

  • Target

    Main-7.5-Bypass-ONLINE [28th December].zip

  • Size

    260.9MB

  • MD5

    534f967ef1778082d1e106697a8d527b

  • SHA1

    f987baab0b5dbd8ce6688da9ee0f06479f393eae

  • SHA256

    8b9de709437c077ab3f925ced38d7bdc35e22ec2068ab7d93c1f021b8b814371

  • SHA512

    38fc95dcd86b05da93b29875900c2d149cdff1f0b0b3a4ea6c9c8248caa2b45c35e59db356aae19885cbd690cebd66113b6cc87f842aa454f29ef584e716c682

  • SSDEEP

    6291456:w6t+uCO64VPuPi4EysglxgFkmmOFRiA9fCEEZ9Vy/A4okt9BB6:XD4bP4Fw4f7qTyvH6

Score
9/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 3 IoCs

    Detects file using ACProtect software.

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

Files

  • Main-7.5-Bypass-ONLINE [28th December].zip
    .zip
  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/AdbPath64.dll
    .dll windows x86

    c64cac39044626770353879245ea25e4


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Bunifu_UI_v1.53.apx
  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Bunifu_UI_v1.54.apx
  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Bunifu_UI_v1.55.apx
  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Bunifu_UI_v1.56.apx
  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Bunifu_UI_v1.57.apx
  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Bunifu_UI_v1.58.apx
  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Bunifu_UI_v1.59.apx
  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Bunifu_UI_v1.60.apx
  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Bunifu_UI_v1.61.apx
  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Fonts.exe
    .exe windows x64


    Headers

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Pathfinder.exe
    .exe windows x86

    ead364a9564def7dbab3c2916879f461


    Headers

    Imports

    Exports

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Pathfinder_Day.exe
    .exe windows x86

    ead364a9564def7dbab3c2916879f461


    Headers

    Imports

    Exports

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/Pathfinder_Week.exe
    .exe windows x86

    ead364a9564def7dbab3c2916879f461


    Headers

    Imports

    Exports

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/adb.exe
    .exe windows x86

    caa032ebd77577ef7b19d90ec9abfca3


    Headers

    Imports

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/api-ms-win-core-checktime-l1-0-86.dll
    .dll windows x86


    Code Sign

    Headers

    Exports

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/api-ms-win-core-digilocked-l1-1-0.dll
    .dll windows x86


    Code Sign

    Headers

    Exports

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/api-ms-win-core-errorhandler-l1-1-0.dll
    .dll windows x86


    Code Sign

    Headers

    Exports

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/api-ms-win-core-processcores-l1-1-0.dll
    .dll windows x86


    Code Sign

    Headers

    Exports

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/api-ms-win-core-sync-l1-2-0.dll
    .dll windows x86


    Code Sign

    Headers

    Exports

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/cjzc_patch2.apx
  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/cjzc_patch4.apx
  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/english.dll
    .dll windows x86


    Headers

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/helper.exe
    .exe windows x86

    a2af670719a0f32546f25d33e9c436f7


    Headers

    Imports

    Exports

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/path.dll
    .dll .ps1 windows x86
  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/path2.0.dll
    .dll windows x86


    Headers

    Exports

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/path_files/Hack.vmp.exe
    .exe windows x86

    50ac62d30edd8ef1473886d0d2d00975


    Headers

    Imports

    Exports

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/path_files/OldHack.vmp.exe
    .exe windows x64

    b9c3ebf614f5802a3dfc6b2eef8bff75


    Headers

    Imports

    Exports

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/path_files/PF.dll
    .dll windows x86

    6167cd6075165f2aef4ccefc614081b5


    Headers

    Imports

    Exports

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/path_files/StartHack.exe
    .exe windows x64


    Headers

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/path_files/StartOldHack.exe
    .exe windows x64


    Headers

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/prompt1.exe
    .exe windows x86

    768d2a1c9fec6851632cce17641ec571


    Headers

    Imports

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/prompt10.dll
    .7z
  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/prompt7.exe
    .exe windows x64

    f326f88ca83c9aacaa44acfb8884f1d4


    Headers

    Imports

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/prompt7x.exe
    .exe windows x64

    f326f88ca83c9aacaa44acfb8884f1d4


    Headers

    Imports

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/prompt8.dll
    .exe windows x86

    fcf1390e9ce472c7270447fc5c61a0c1


    Headers

    Imports

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/prompt8x.exe
    .exe windows x64


    Headers

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/prompt9.exe
    .exe windows x64


    Headers

    Sections

  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/sqlite64.apx
  • Main-7.5-Bypass-ONLINE [28th December]/Main-7.5-Bypass-ONLINE [28th December]/timer.exe
    .exe windows x64


    Headers

    Sections