Overview

overview

10

Static

static

10

Srenshare ...in.lnk

windows7-x64

3

Srenshare ...in.lnk

windows10-2004-x64

3

Srenshare ...es.lnk

windows7-x64

3

Srenshare ...es.lnk

windows10-2004-x64

3

Srenshare ...ns.lnk

windows7-x64

3

Srenshare ...ns.lnk

windows10-2004-x64

7

Srenshare ...os.lnk

windows7-x64

3

Srenshare ...os.lnk

windows10-2004-x64

7

Srenshare ...ch.lnk

windows7-x64

3

Srenshare ...ch.lnk

windows10-2004-x64

3

Srenshare ...mp.lnk

windows7-x64

3

Srenshare ...mp.lnk

windows10-2004-x64

3

Srenshare ...SS.exe

windows7-x64

3

Srenshare ...SS.exe

windows10-2004-x64

3

Srenshare ...up.exe

windows7-x64

7

Srenshare ...up.exe

windows10-2004-x64

7

Srenshare ...s-.url

windows7-x64

1

Srenshare ...s-.url

windows10-2004-x64

1

Srenshare ...1).exe

windows7-x64

7

Srenshare ...1).exe

windows10-2004-x64

7

Srenshare ...ew.exe

windows7-x64

6

Srenshare ...ew.exe

windows10-2004-x64

6

Srenshare ...in.exe

windows7-x64

5

Srenshare ...in.exe

windows10-2004-x64

7

Srenshare ... 2.lnk

windows7-x64

3

Srenshare ... 2.lnk

windows10-2004-x64

3

Srenshare ...er.exe

windows7-x64

9

Srenshare ...er.exe

windows10-2004-x64

9

Srenshare ...ew.exe

windows7-x64

6

Srenshare ...ew.exe

windows10-2004-x64

6

Srenshare ...ew.exe

windows7-x64

9

Srenshare ...ew.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SS Tools SafePvP.rar

  • Size

    21.6MB

  • Sample

    230205-bz74aafg67

  • MD5

    168d85cb9b30c2065a2bdaf704b2ddef

  • SHA1

    4aed9ca176e5f9b9c5a5160cbb0b5c942ec59ea5

  • SHA256

    6cc0505bc3d39f9806d605ba115dd302da1f485554ec44c9c96286f5ea34d909

  • SHA512

    cd1bc78ee86480ac10f6af86254b4dd7f230d312ff403bd0dd32d910997de5bab79f3cc8a81862bdc268173e32d067179a74fd68616d90f445bc721eb2a64547

  • SSDEEP

    393216:na+3nVZeku6O6HTpwthhG239C8kQeJx8pYRdvptIQUmyjV7Cht74/YJbTZGRI:nPeILoYAAQeJxlpLyXyhGu

Score
10/10
discoverypyinstallerupx

Malware Config

Targets

    • Target

      Srenshare tool/Atajos/$Recycle.Bin.lnk

    • Size

      804B

    • MD5

      99ab386bb4fcf8da3ab110b46276a71b

    • SHA1

      3012ec50a2e4f1d4ae4663e3aa9f6292cc775d0b

    • SHA256

      0358484c8ed4908dd795d86df608c3e603749a7c2c06ce85c6ca814913a47487

    • SHA512

      1add8e04d1bb4ff2fc1c51005fdc871dda7eaf02c2c221ff1ee51ea0c67f0684e6c6e59fa17bc7312f783a0b875e461ddcd066d1c759b47af7b7c0866516fc64

    Score
    3/10
    behavioral1behavioral2

    • Target

      Srenshare tool/Atajos/Elementos recientes.lnk

    • Size

      1KB

    • MD5

      37ce2443e62c43d604b8b054aa8be9f5

    • SHA1

      b89a7ab20d266d719f8a4ad90fdcf3553274d63f

    • SHA256

      1c12279f54c4c0ab77f3fc721620b2d93ce111ad4bdc725e5ba464f179440e5b

    • SHA512

      3b39bfe4231a1c30f0828a9a99d1b5ba3644fba0246c7dae8d6dbf53f53f75176104b9c0522ac909312cdbc782584309c2161728d3a0620d7e9a890d4230f0bf

    Score
    3/10
    behavioral3behavioral4

    • Target

      Srenshare tool/Atajos/Folder Options.lnk

    • Size

      146B

    • MD5

      cb1da22e72fbb5588792d3b2c163e715

    • SHA1

      443da4f2641f68b4abda4fc553c9c21983003ce3

    • SHA256

      a16daa83da3944d5eed2a900711c997fa098deb63085c04187d85ade2dc3c820

    • SHA512

      7b09de4e0dfdb78f90276ea93f624e2b62537727a610e62fb8287a97beebe185ec41f9ddf7d871000bf9e01b6470e579d57ea7b3dc36539feff0e6b54403e204

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral5behavioral6

    • Target

      Srenshare tool/Atajos/Iconos.lnk

    • Size

      1KB

    • MD5

      0468ff32e07210f510738a9c00e291b4

    • SHA1

      7acc174590401f5f1422b0d7a3e94aa34720c7e0

    • SHA256

      841a75dc08ab0ed06aac5c59cf28a301a73f3ed506c2260b181541a566cfff5b

    • SHA512

      a6944b4aa9615f132f93d7130633863f304e60ee6992fee33ecb6973c685db23eff8408d840a851c9b909ab876d34ec8a8f863f4e46ed2294565ac711c0fa3da

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral7behavioral8

    • Target

      Srenshare tool/Atajos/Prefetch.lnk

    • Size

      1KB

    • MD5

      dc14c01f99b7fe7cdbff43b751ff0898

    • SHA1

      0c8702565828c0dde20420e5f02213694d3aded2

    • SHA256

      eded53a6cc2770e0253b08460fc80020c67fdef48ac3959bcc5dd1c43d68700e

    • SHA512

      1413c0fc9ebf32956bd677c930923f5e4a8caade655b11005091825aac7cd9b0f7364901daa8ecc1993a67d0bc27d4b550f9c7a2e8ebefa6cca7a73367f30eb0

    Score
    3/10
    behavioral10behavioral9

    • Target

      Srenshare tool/Atajos/Temp.lnk

    • Size

      1KB

    • MD5

      24d9910eab2f9926cfd38df08cf7a4a8

    • SHA1

      ef3b6f29da5d36a04e54993a6621847653e94419

    • SHA256

      b447737c3d7380f6539f73efd1da872459b6f28ca98a3637e8f3d42d1f0297e3

    • SHA512

      f7d5fb7c72350161a0767e6a291555f0991158c95993804cee37e006994aec536146faeb4c4a992804216bd015b151e16a70b6e53cc82e8b65202add973b3037

    Score
    3/10
    behavioral11behavioral12

    • Target

      Srenshare tool/LandSS.exe

    • Size

      2.0MB

    • MD5

      6045504495a95cabe75d0f76f01f505a

    • SHA1

      9110a9336433e8eb218096a80be7253245cf1075

    • SHA256

      0483c0d37efd42d8c95fe962a67103b2d66db38cf0f4e5842ea6686434972cb8

    • SHA512

      fe18cd913811bc716b55a0afb56e5db22d41716972f9a46b845b7b63be0a9559c03af5015b1246b2ff4f744a1939585c60fbfbeecf161e8b28f174be89f9673f

    • SSDEEP

      49152:APEpksGULjU7cAGVRHxOOonAjZPeDaAVDjzP/V/Od:AcpkCfUIvVRjoSZCzVmd

    Score
    3/10
    behavioral13behavioral14

    • Target

      Srenshare tool/Tools/Everything-1.4.1.935.x86-Setup.exe

    • Size

      1.4MB

    • MD5

      8dd3e60cbe81c3c5e7ac5c6c40e2f598

    • SHA1

      6806cbce18bd0d05a6d5ac9324b0002ce0850d17

    • SHA256

      07ec4ed8031a33e4d34b6eb9da65bb85c26d32e9297c4b28e948c7c7397dbda0

    • SHA512

      b691581ac4eeee554509f7b38cecda6ecd5cf33a7c34a5b48f74a45f0097f097ecf9ecf3a3fcdd0915404ae87c23439e586d03675918ad365f21a42c974b3242

    • SSDEEP

      24576:Zsq19uXicXMEkLOySYHi8AMXufXs8iv3OHb0+8TetBlrHryjHBRTmsI7owQioF:ylZXMEhySY6z8n3O70+jRLyjHbTm9oxB

    Score
    7/10

    • Loads dropped DLL

    behavioral15behavioral16

    • Target

      Srenshare tool/Tools/Jitter Click Training-How fast can you click in 10 seconds-.url

    • Size

      49B

    • MD5

      58c0d8bd84053bb3f820bea4b558b6b1

    • SHA1

      7754c4d7998d673def3689076226526acc069fff

    • SHA256

      972fc3701d9bf87fe5e812d0b88b90e0583fe80852c4b37681b8e0a9d8b0c6e6

    • SHA512

      078d688c186767f5c948489f0b6007c34a0953d71dc4aa49aee021cdbaa8094024757322cb7aab0c2d690863003ba2f32440386ac2d7db4d95ee64a619b17636

    Score
    1/10
    behavioral17behavioral18

    • Target

      Srenshare tool/Tools/Kangaroo (1).exe

    • Size

      7.1MB

    • MD5

      e665f6c07c06a741401696135113c5db

    • SHA1

      dc9dcbb4a912b4748d32d7ed508029aa2f2e2c6f

    • SHA256

      a55d1fe4b6dae91fb96f4faaa7bed1f05e2bd171dbda442ba8bc4a91da7527d2

    • SHA512

      fe94092cdacaba22647a012ae879a4dbd1a7906644f41e7a8a3400de828adaced98a13e38eff7fd2ee3eb4bbaf79df6f58792a91a30f94441c71af44dc082a21

    • SSDEEP

      196608:jtTITAAkNHVq2xWFrkBwcrXdWv82giEEti:juTAlqsWFrkBddX

    Score
    7/10

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral19behavioral20

    • Target

      Srenshare tool/Tools/LastActivityView.exe

    • Size

      131KB

    • MD5

      4a0e27af4bc47aa761a1751caf69a3dd

    • SHA1

      0fb8f1dcd7f37deae356ecf4ec099ba66af5a0bf

    • SHA256

      d8a736232b6ebed152a20e922ea2798fda89069786fdd8d526013585215c3046

    • SHA512

      d600a995a63efdf96aa8c771464b889c4ceb9b9de66223983b125b17f6309cc56e32e35114481bab8ebcd1f61ce576baab5295f11aeeb035a687a1db7e58d1a8

    • SSDEEP

      3072:IvKB1ELeP2N+S0atKSPfptuaNH4XkOdL1E7Bd9f:IvpLe7S0EKSnptuaB4BS

    Score
    6/10
    discovery

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral21behavioral22

    • Target

      Srenshare tool/Tools/Paladin.exe

    • Size

      8.2MB

    • MD5

      80efadf419e405d4a411d9d077a4f326

    • SHA1

      7491cf5b3af1d765af40ea182f923cac40392a71

    • SHA256

      673d13493ddcbb5f60c0d1d0db728cdd830857e46ecd73f6b9e277cfcf3ceefa

    • SHA512

      5a765e126a2e047e05b27f7d324bd19b96f06dc32a2f603682705c794bbf1fe04bbfada3b5ec6907cd4137d3b31aeafff709e2994b6bb3aa40059d15c78144bf

    • SSDEEP

      196608:lWvtYbs24beIZb4qj7A6o1tSSYj4WNNf+g5jny5mv68WHu6fyAB2V6gIYPc/2:hRUeChSm4WXmuTvv8yAcw8c/2

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral23behavioral24

    • Target

      Srenshare tool/Tools/Process Hacker 2.lnk

    • Size

      1KB

    • MD5

      4a5c54b5a08d11f84154b9945097bf52

    • SHA1

      f68c6095eccbeb2efb3164ca3e3176c8f5aa0d8b

    • SHA256

      407b8951924e55136c90ea13db95d3307f2652ea52d93e2d4ad44af9346b5362

    • SHA512

      ee53c45b77bdd14a5d8a8ed0d9c530555ffd20a31aebecd8e29b9cbcf6dc3b02e3aeb704e42dfb892d01df6a11ca04738900a037a295c4d9ea13fea2ce571978

    Score
    3/10
    behavioral25behavioral26

    • Target

      Srenshare tool/Tools/RegScanner.exe

    • Size

      59KB

    • MD5

      2e998efadda38ea838d22354d7f335b9

    • SHA1

      bc2cc88ba637eb84a70eb79a710313926f9056c1

    • SHA256

      a4fdda53e3bcd4e369baec3436e06acd6c210b8de950f439cf425db37c66e897

    • SHA512

      935757530f51e8d79da06070140e4fdf950be9411ca401333d3cdb15485d7ebaf61c577c9d467c22b78b18b8d0fa22d66d438ca3ba3630f8d4af448fa2eff75e

    • SSDEEP

      768:82dfLRvCbvubjBpiZrH6ENDk9fWcofmDybxH0mSJIVFh5rbipGeiWwQ:82NRv2aniZrNBVcof8qxH0RID7bipG6v

    Score
    9/10
    upx

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral27behavioral28

    • Target

      Srenshare tool/Tools/USBDeview.exe

    • Size

      175KB

    • MD5

      6d2366810298100d37d9cf1a4acb1710

    • SHA1

      abf88097d17599c5d11ab4bbbe44484cde4d4cb9

    • SHA256

      ca67d7096e64f2a647b5734bd34f302a3a48fcc3b5e16598f2e5a5cc9100985f

    • SHA512

      7b3ef3b68b7a6aa04bf633a0d6eeb9623c12cad3605ce119f2d5ee8f7ae712ee7acc76518a8c0846d6054d1350d77f6dea96fa21c2ebe6d21d960a15129f1f28

    • SSDEEP

      3072:cygTTf2vyMtTPqWkxlm5mDCQdYiqwIa65t+9hBdz7Nqm7whNkeKr:UfQyiyJDCrtePNqATr

    Score
    6/10

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral29behavioral30

    • Target

      Srenshare tool/Tools/UserAssistView.exe

    • Size

      30KB

    • MD5

      f36530f46a34516be38521ee9a134d28

    • SHA1

      47f0553e0a0febbef59fd9a32149497bbdd5229c

    • SHA256

      bc11c4150bbc6f8b2cf7bc96bedbb183c61d53ab8e4052b15d58bad6b6d1befa

    • SHA512

      5c1a1282ffc25409d0044770c80e92f7a89fb40567dbb24f64f46750083bb30b842a63ef58b8b9433fa5a5903a5aa7bf71ee941709365c6bc17a9f4d85b1ad5d

    • SSDEEP

      384:IecsPHRggjhCnMgZas8+oAEqPm63AovtX625wWMPODVDSt/U/BEUxhUp5Erzrbqu:HhCWSrPlX62arODxS1U/Br9nrbqUo

    Score
    9/10
    upx

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

System Information Discovery

18
T1082

Query Registry

8
T1012

Process Discovery

1
T1057

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks

static1

pyinstallerupx
Score
10/10

behavioral1

Score
3/10

behavioral2

Score
3/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
7/10

behavioral7

Score
3/10

behavioral8

Score
7/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
7/10

behavioral16

Score
7/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
7/10

behavioral20

Score
7/10

behavioral21

discovery
Score
6/10

behavioral22

discovery
Score
6/10

behavioral23

Score
5/10

behavioral24

Score
7/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

upx
Score
9/10

behavioral28

upx
Score
9/10

behavioral29

Score
6/10

behavioral30

Score
6/10

behavioral31

upx
Score
9/10

behavioral32

upx
Score
9/10