Overview

overview

10

Static

static

10

SS Tools SafePvP.rar

windows10-1703-x64

3

Srenshare ...os.lnk

windows10-1703-x64

3

Srenshare ...mp.lnk

windows10-1703-x64

3

Srenshare ...SS.exe

windows10-1703-x64

3

Srenshare ...up.exe

windows10-1703-x64

7

Srenshare ...s-.url

windows10-1703-x64

1

Srenshare ...1).exe

windows10-1703-x64

7

Srenshare ...ew.exe

windows10-1703-x64

6

Srenshare ...in.exe

windows10-1703-x64

5

Srenshare ... 2.lnk

windows10-1703-x64

3

Srenshare ...er.exe

windows10-1703-x64

9

Srenshare ...ew.exe

windows10-1703-x64

6

Srenshare ...ew.exe

windows10-1703-x64

9

Srenshare ....5.exe

windows10-1703-x64

4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SS Tools SafePvP.rar

  • Size

    21.6MB

  • Sample

    230205-b22z2sbb3v

  • MD5

    168d85cb9b30c2065a2bdaf704b2ddef

  • SHA1

    4aed9ca176e5f9b9c5a5160cbb0b5c942ec59ea5

  • SHA256

    6cc0505bc3d39f9806d605ba115dd302da1f485554ec44c9c96286f5ea34d909

  • SHA512

    cd1bc78ee86480ac10f6af86254b4dd7f230d312ff403bd0dd32d910997de5bab79f3cc8a81862bdc268173e32d067179a74fd68616d90f445bc721eb2a64547

  • SSDEEP

    393216:na+3nVZeku6O6HTpwthhG239C8kQeJx8pYRdvptIQUmyjV7Cht74/YJbTZGRI:nPeILoYAAQeJxlpLyXyhGu

Score
10/10
discoverypyinstallerupx

Malware Config

Targets

    • Target

      SS Tools SafePvP.rar

    • Size

      21.6MB

    • MD5

      168d85cb9b30c2065a2bdaf704b2ddef

    • SHA1

      4aed9ca176e5f9b9c5a5160cbb0b5c942ec59ea5

    • SHA256

      6cc0505bc3d39f9806d605ba115dd302da1f485554ec44c9c96286f5ea34d909

    • SHA512

      cd1bc78ee86480ac10f6af86254b4dd7f230d312ff403bd0dd32d910997de5bab79f3cc8a81862bdc268173e32d067179a74fd68616d90f445bc721eb2a64547

    • SSDEEP

      393216:na+3nVZeku6O6HTpwthhG239C8kQeJx8pYRdvptIQUmyjV7Cht74/YJbTZGRI:nPeILoYAAQeJxlpLyXyhGu

    Score
    3/10
    behavioral1

    • Target

      Srenshare tool/Atajos/Iconos.lnk

    • Size

      1KB

    • MD5

      0468ff32e07210f510738a9c00e291b4

    • SHA1

      7acc174590401f5f1422b0d7a3e94aa34720c7e0

    • SHA256

      841a75dc08ab0ed06aac5c59cf28a301a73f3ed506c2260b181541a566cfff5b

    • SHA512

      a6944b4aa9615f132f93d7130633863f304e60ee6992fee33ecb6973c685db23eff8408d840a851c9b909ab876d34ec8a8f863f4e46ed2294565ac711c0fa3da

    Score
    3/10
    behavioral2

    • Target

      Srenshare tool/Atajos/Temp.lnk

    • Size

      1KB

    • MD5

      24d9910eab2f9926cfd38df08cf7a4a8

    • SHA1

      ef3b6f29da5d36a04e54993a6621847653e94419

    • SHA256

      b447737c3d7380f6539f73efd1da872459b6f28ca98a3637e8f3d42d1f0297e3

    • SHA512

      f7d5fb7c72350161a0767e6a291555f0991158c95993804cee37e006994aec536146faeb4c4a992804216bd015b151e16a70b6e53cc82e8b65202add973b3037

    Score
    3/10
    behavioral3

    • Target

      Srenshare tool/LandSS.exe

    • Size

      2.0MB

    • MD5

      6045504495a95cabe75d0f76f01f505a

    • SHA1

      9110a9336433e8eb218096a80be7253245cf1075

    • SHA256

      0483c0d37efd42d8c95fe962a67103b2d66db38cf0f4e5842ea6686434972cb8

    • SHA512

      fe18cd913811bc716b55a0afb56e5db22d41716972f9a46b845b7b63be0a9559c03af5015b1246b2ff4f744a1939585c60fbfbeecf161e8b28f174be89f9673f

    • SSDEEP

      49152:APEpksGULjU7cAGVRHxOOonAjZPeDaAVDjzP/V/Od:AcpkCfUIvVRjoSZCzVmd

    Score
    3/10
    behavioral4

    • Target

      Srenshare tool/Tools/Everything-1.4.1.935.x86-Setup.exe

    • Size

      1.4MB

    • MD5

      8dd3e60cbe81c3c5e7ac5c6c40e2f598

    • SHA1

      6806cbce18bd0d05a6d5ac9324b0002ce0850d17

    • SHA256

      07ec4ed8031a33e4d34b6eb9da65bb85c26d32e9297c4b28e948c7c7397dbda0

    • SHA512

      b691581ac4eeee554509f7b38cecda6ecd5cf33a7c34a5b48f74a45f0097f097ecf9ecf3a3fcdd0915404ae87c23439e586d03675918ad365f21a42c974b3242

    • SSDEEP

      24576:Zsq19uXicXMEkLOySYHi8AMXufXs8iv3OHb0+8TetBlrHryjHBRTmsI7owQioF:ylZXMEhySY6z8n3O70+jRLyjHbTm9oxB

    Score
    7/10

    • Loads dropped DLL

    behavioral5

    • Target

      Srenshare tool/Tools/Jitter Click Training-How fast can you click in 10 seconds-.url

    • Size

      49B

    • MD5

      58c0d8bd84053bb3f820bea4b558b6b1

    • SHA1

      7754c4d7998d673def3689076226526acc069fff

    • SHA256

      972fc3701d9bf87fe5e812d0b88b90e0583fe80852c4b37681b8e0a9d8b0c6e6

    • SHA512

      078d688c186767f5c948489f0b6007c34a0953d71dc4aa49aee021cdbaa8094024757322cb7aab0c2d690863003ba2f32440386ac2d7db4d95ee64a619b17636

    Score
    1/10
    behavioral6

    • Target

      Srenshare tool/Tools/Kangaroo (1).exe

    • Size

      7.1MB

    • MD5

      e665f6c07c06a741401696135113c5db

    • SHA1

      dc9dcbb4a912b4748d32d7ed508029aa2f2e2c6f

    • SHA256

      a55d1fe4b6dae91fb96f4faaa7bed1f05e2bd171dbda442ba8bc4a91da7527d2

    • SHA512

      fe94092cdacaba22647a012ae879a4dbd1a7906644f41e7a8a3400de828adaced98a13e38eff7fd2ee3eb4bbaf79df6f58792a91a30f94441c71af44dc082a21

    • SSDEEP

      196608:jtTITAAkNHVq2xWFrkBwcrXdWv82giEEti:juTAlqsWFrkBddX

    Score
    7/10

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral7

    • Target

      Srenshare tool/Tools/LastActivityView.exe

    • Size

      131KB

    • MD5

      4a0e27af4bc47aa761a1751caf69a3dd

    • SHA1

      0fb8f1dcd7f37deae356ecf4ec099ba66af5a0bf

    • SHA256

      d8a736232b6ebed152a20e922ea2798fda89069786fdd8d526013585215c3046

    • SHA512

      d600a995a63efdf96aa8c771464b889c4ceb9b9de66223983b125b17f6309cc56e32e35114481bab8ebcd1f61ce576baab5295f11aeeb035a687a1db7e58d1a8

    • SSDEEP

      3072:IvKB1ELeP2N+S0atKSPfptuaNH4XkOdL1E7Bd9f:IvpLe7S0EKSnptuaB4BS

    Score
    6/10
    discovery

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral8

    • Target

      Srenshare tool/Tools/Paladin.exe

    • Size

      8.2MB

    • MD5

      80efadf419e405d4a411d9d077a4f326

    • SHA1

      7491cf5b3af1d765af40ea182f923cac40392a71

    • SHA256

      673d13493ddcbb5f60c0d1d0db728cdd830857e46ecd73f6b9e277cfcf3ceefa

    • SHA512

      5a765e126a2e047e05b27f7d324bd19b96f06dc32a2f603682705c794bbf1fe04bbfada3b5ec6907cd4137d3b31aeafff709e2994b6bb3aa40059d15c78144bf

    • SSDEEP

      196608:lWvtYbs24beIZb4qj7A6o1tSSYj4WNNf+g5jny5mv68WHu6fyAB2V6gIYPc/2:hRUeChSm4WXmuTvv8yAcw8c/2

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral9

    • Target

      Srenshare tool/Tools/Process Hacker 2.lnk

    • Size

      1KB

    • MD5

      4a5c54b5a08d11f84154b9945097bf52

    • SHA1

      f68c6095eccbeb2efb3164ca3e3176c8f5aa0d8b

    • SHA256

      407b8951924e55136c90ea13db95d3307f2652ea52d93e2d4ad44af9346b5362

    • SHA512

      ee53c45b77bdd14a5d8a8ed0d9c530555ffd20a31aebecd8e29b9cbcf6dc3b02e3aeb704e42dfb892d01df6a11ca04738900a037a295c4d9ea13fea2ce571978

    Score
    3/10
    behavioral10

    • Target

      Srenshare tool/Tools/RegScanner.exe

    • Size

      59KB

    • MD5

      2e998efadda38ea838d22354d7f335b9

    • SHA1

      bc2cc88ba637eb84a70eb79a710313926f9056c1

    • SHA256

      a4fdda53e3bcd4e369baec3436e06acd6c210b8de950f439cf425db37c66e897

    • SHA512

      935757530f51e8d79da06070140e4fdf950be9411ca401333d3cdb15485d7ebaf61c577c9d467c22b78b18b8d0fa22d66d438ca3ba3630f8d4af448fa2eff75e

    • SSDEEP

      768:82dfLRvCbvubjBpiZrH6ENDk9fWcofmDybxH0mSJIVFh5rbipGeiWwQ:82NRv2aniZrNBVcof8qxH0RID7bipG6v

    Score
    9/10
    upx

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral11

    • Target

      Srenshare tool/Tools/USBDeview.exe

    • Size

      175KB

    • MD5

      6d2366810298100d37d9cf1a4acb1710

    • SHA1

      abf88097d17599c5d11ab4bbbe44484cde4d4cb9

    • SHA256

      ca67d7096e64f2a647b5734bd34f302a3a48fcc3b5e16598f2e5a5cc9100985f

    • SHA512

      7b3ef3b68b7a6aa04bf633a0d6eeb9623c12cad3605ce119f2d5ee8f7ae712ee7acc76518a8c0846d6054d1350d77f6dea96fa21c2ebe6d21d960a15129f1f28

    • SSDEEP

      3072:cygTTf2vyMtTPqWkxlm5mDCQdYiqwIa65t+9hBdz7Nqm7whNkeKr:UfQyiyJDCrtePNqATr

    Score
    6/10

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral12

    • Target

      Srenshare tool/Tools/UserAssistView.exe

    • Size

      30KB

    • MD5

      f36530f46a34516be38521ee9a134d28

    • SHA1

      47f0553e0a0febbef59fd9a32149497bbdd5229c

    • SHA256

      bc11c4150bbc6f8b2cf7bc96bedbb183c61d53ab8e4052b15d58bad6b6d1befa

    • SHA512

      5c1a1282ffc25409d0044770c80e92f7a89fb40567dbb24f64f46750083bb30b842a63ef58b8b9433fa5a5903a5aa7bf71ee941709365c6bc17a9f4d85b1ad5d

    • SSDEEP

      384:IecsPHRggjhCnMgZas8+oAEqPm63AovtX625wWMPODVDSt/U/BEUxhUp5Erzrbqu:HhCWSrPlX62arODxS1U/Br9nrbqUo

    Score
    9/10
    upx

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral13

    • Target

      Srenshare tool/Tools/luyten-0.4.5.exe

    • Size

      3.7MB

    • MD5

      810a0255f0a13a895172caeb3b8a47fa

    • SHA1

      b22532caf079fc1b2c81c29fd17d7065c773c542

    • SHA256

      8c37240aaddc1da68bcfd6570463c590cfa9fecb6bb250a9970a0061897ae341

    • SHA512

      a112b0e8ef1578f66578beeb40402e49c24398d3d2ce85a70dffaf4bade2a92a0b5b7e395fd0f25baffd7a038fa8cc03d521d840a1b5382aae4bedc5804b343d

    • SSDEEP

      98304:OjzDT2Hg0WbBhvc3YapZKNIvCjn2cEbTj:qDT2A0WbHvvap4IvCBKn

    Score
    4/10
    behavioral14

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

System Information Discovery

11
T1082

Query Registry

4
T1012

Process Discovery

1
T1057

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks