royal | C[.]7z

Resubmissions

07-02-2023 21:14

230207-z3l7zsfa9w 10

07-02-2023 21:10

230207-z1fx7aff86 10

04-02-2023 03:46

230204-ebzc1sff9s 10

Sharing

Copy URL

Twitter E-mail

General

Target

C.7z
Size

872KB
MD5

cccc83f84ef321c7d604c17234c40f24
SHA1

7c9cd1a4d93077974869f421490303efb8823615
SHA256

4568f9dd1dc8fd256524e78f1d32d009eb0d5acbdc1a9d9507287832808e50e9
SHA512

2dacedd6f2146f459009aee0d43b9006e5ed8d269a31daa64fea669072660a9dabcc94e1a59ffcdf2c90b7127e2f97337cc5094b6e3c8fc1a274d3e2dffbcf7c
SSDEEP

24576:fOhM4s/+F8m6IuK4qzc9CzRAWyQnNEIOVzQiE/51PR1OoM:fOhMhG+K7zyC/TnoVQZ4oM

Score

10^/10

ransomware royal

Malware Config

Signatures

Royal Ransomware 1 IoCs

ransomware

Processes:

resource	yara_rule
static1/unpack001/1.exe	family_royal

Royal family
royal

Files

C.7z
.7z

Password: Malware123!!
1.bat
1.exe
.exe windows x86

Password: Malware123!!

b6698f73aa8eb2b95b67acb6e8329fa7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrIW

ws2_32

WSAStartup
shutdown
setsockopt
connect
send
recv
WSASetLastError
getservbyname
getservbyport
gethostbyaddr
inet_ntoa
inet_addr
WSAGetLastError
WSACleanup
gethostbyname
select
ntohs
getsockopt
ioctlsocket
bind
WSAIoctl
closesocket
ntohl
WSASocketW
socket
WSAAddressToStringW
htonl
htons

crypt32

CertOpenStore
CertCloseStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore

advapi32

CryptGetProvParam
CryptReleaseContext
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptDestroyKey
CryptSetHashParam
CryptAcquireContextW

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
wsprintfW

shell32

CommandLineToArgvW

iphlpapi

GetIpAddrTable

netapi32

NetApiBufferFree
NetShareEnum

rstrtmgr

RmShutdown
RmEndSession
RmStartSession
RmGetList
RmRegisterResources

bcrypt

BCryptGenRandom

kernel32

CompareStringW
HeapAlloc
HeapFree
GetModuleFileNameW
LCMapStringW
HeapReAlloc
GetConsoleOutputCP
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
GetModuleHandleExW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
LoadLibraryExW
SetConsoleCtrlHandler
ReadFile
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
GetLogicalDrives
FindFirstFileW
EnterCriticalSection
FindNextFileW
WriteFile
LeaveCriticalSection
FindClose
CreateFileW
ExitThread
Sleep
CloseHandle
CreateThread
lstrcmpiW
GetCommandLineW
lstrlenW
WaitForMultipleObjects
InitializeCriticalSection
InitializeConditionVariable
lstrlenA
WaitForSingleObject
DeleteCriticalSection
ExitProcess
CreateProcessW
WideCharToMultiByte
lstrcmpW
CancelIo
GetQueuedCompletionStatus
CreateIoCompletionPort
SleepConditionVariableCS
DecodePointer
GetFileSizeEx
GetCurrentProcess
WakeAllConditionVariable
GetProcessId
SetEndOfFile
CreateToolhelp32Snapshot
GetLastError
Process32NextW
Process32FirstW
GetNativeSystemInfo
SetFilePointerEx
MoveFileExW
FlushFileBuffers
SetLastError
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
FormatMessageA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualFree
GetEnvironmentVariableW
MultiByteToWideChar
GetACP
GetStdHandle
GetFileType
GetModuleHandleW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 499KB - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: Malware123!!

Password: Malware123!!

b6698f73aa8eb2b95b67acb6e8329fa7

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ws2_32

crypt32

advapi32

user32

shell32

iphlpapi

netapi32

rstrtmgr

bcrypt

kernel32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 499KB - Virtual size: 498KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 78KB - Virtual size: 78KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 499KB - Virtual size: 498KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 78KB - Virtual size: 78KB