6cc0505bc3d39f9806d605ba115dd302da1f485554ec44c9c96286f5ea34d909

Sharing

Copy URL

Twitter E-mail

General

Target

SS Tools SafePvP.rar
Size

21.6MB
Sample

230205-bz74aafg67
MD5

168d85cb9b30c2065a2bdaf704b2ddef
SHA1

4aed9ca176e5f9b9c5a5160cbb0b5c942ec59ea5
SHA256

6cc0505bc3d39f9806d605ba115dd302da1f485554ec44c9c96286f5ea34d909
SHA512

cd1bc78ee86480ac10f6af86254b4dd7f230d312ff403bd0dd32d910997de5bab79f3cc8a81862bdc268173e32d067179a74fd68616d90f445bc721eb2a64547
SSDEEP

393216:na+3nVZeku6O6HTpwthhG239C8kQeJx8pYRdvptIQUmyjV7Cht74/YJbTZGRI:nPeILoYAAQeJxlpLyXyhGu

Score

10^/10

Malware Config

Targets

- Target
  
  Srenshare tool/Atajos/$Recycle.Bin.lnk
- Size
  
  804B
- MD5
  
  99ab386bb4fcf8da3ab110b46276a71b
- SHA1
  
  3012ec50a2e4f1d4ae4663e3aa9f6292cc775d0b
- SHA256
  
  0358484c8ed4908dd795d86df608c3e603749a7c2c06ce85c6ca814913a47487
- SHA512
  
  1add8e04d1bb4ff2fc1c51005fdc871dda7eaf02c2c221ff1ee51ea0c67f0684e6c6e59fa17bc7312f783a0b875e461ddcd066d1c759b47af7b7c0866516fc64
Score

3^/10
behavioral1 behavioral2
- Target
  
  Srenshare tool/Atajos/Elementos recientes.lnk
- Size
  
  1KB
- MD5
  
  37ce2443e62c43d604b8b054aa8be9f5
- SHA1
  
  b89a7ab20d266d719f8a4ad90fdcf3553274d63f
- SHA256
  
  1c12279f54c4c0ab77f3fc721620b2d93ce111ad4bdc725e5ba464f179440e5b
- SHA512
  
  3b39bfe4231a1c30f0828a9a99d1b5ba3644fba0246c7dae8d6dbf53f53f75176104b9c0522ac909312cdbc782584309c2161728d3a0620d7e9a890d4230f0bf
Score

3^/10
behavioral3 behavioral4
- Target
  
  Srenshare tool/Atajos/Folder Options.lnk
- Size
  
  146B
- MD5
  
  cb1da22e72fbb5588792d3b2c163e715
- SHA1
  
  443da4f2641f68b4abda4fc553c9c21983003ce3
- SHA256
  
  a16daa83da3944d5eed2a900711c997fa098deb63085c04187d85ade2dc3c820
- SHA512
  
  7b09de4e0dfdb78f90276ea93f624e2b62537727a610e62fb8287a97beebe185ec41f9ddf7d871000bf9e01b6470e579d57ea7b3dc36539feff0e6b54403e204
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6
- Target
  
  Srenshare tool/Atajos/Iconos.lnk
- Size
  
  1KB
- MD5
  
  0468ff32e07210f510738a9c00e291b4
- SHA1
  
  7acc174590401f5f1422b0d7a3e94aa34720c7e0
- SHA256
  
  841a75dc08ab0ed06aac5c59cf28a301a73f3ed506c2260b181541a566cfff5b
- SHA512
  
  a6944b4aa9615f132f93d7130633863f304e60ee6992fee33ecb6973c685db23eff8408d840a851c9b909ab876d34ec8a8f863f4e46ed2294565ac711c0fa3da
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7 behavioral8
- Target
  
  Srenshare tool/Atajos/Prefetch.lnk
- Size
  
  1KB
- MD5
  
  dc14c01f99b7fe7cdbff43b751ff0898
- SHA1
  
  0c8702565828c0dde20420e5f02213694d3aded2
- SHA256
  
  eded53a6cc2770e0253b08460fc80020c67fdef48ac3959bcc5dd1c43d68700e
- SHA512
  
  1413c0fc9ebf32956bd677c930923f5e4a8caade655b11005091825aac7cd9b0f7364901daa8ecc1993a67d0bc27d4b550f9c7a2e8ebefa6cca7a73367f30eb0
Score

3^/10
behavioral10 behavioral9
- Target
  
  Srenshare tool/Atajos/Temp.lnk
- Size
  
  1KB
- MD5
  
  24d9910eab2f9926cfd38df08cf7a4a8
- SHA1
  
  ef3b6f29da5d36a04e54993a6621847653e94419
- SHA256
  
  b447737c3d7380f6539f73efd1da872459b6f28ca98a3637e8f3d42d1f0297e3
- SHA512
  
  f7d5fb7c72350161a0767e6a291555f0991158c95993804cee37e006994aec536146faeb4c4a992804216bd015b151e16a70b6e53cc82e8b65202add973b3037
Score

3^/10
behavioral11 behavioral12
- Target
  
  Srenshare tool/LandSS.exe
- Size
  
  2.0MB
- MD5
  
  6045504495a95cabe75d0f76f01f505a
- SHA1
  
  9110a9336433e8eb218096a80be7253245cf1075
- SHA256
  
  0483c0d37efd42d8c95fe962a67103b2d66db38cf0f4e5842ea6686434972cb8
- SHA512
  
  fe18cd913811bc716b55a0afb56e5db22d41716972f9a46b845b7b63be0a9559c03af5015b1246b2ff4f744a1939585c60fbfbeecf161e8b28f174be89f9673f
- SSDEEP
  
  49152:APEpksGULjU7cAGVRHxOOonAjZPeDaAVDjzP/V/Od:AcpkCfUIvVRjoSZCzVmd
Score

3^/10
behavioral13 behavioral14
- Target
  
  Srenshare tool/Tools/Everything-1.4.1.935.x86-Setup.exe
- Size
  
  1.4MB
- MD5
  
  8dd3e60cbe81c3c5e7ac5c6c40e2f598
- SHA1
  
  6806cbce18bd0d05a6d5ac9324b0002ce0850d17
- SHA256
  
  07ec4ed8031a33e4d34b6eb9da65bb85c26d32e9297c4b28e948c7c7397dbda0
- SHA512
  
  b691581ac4eeee554509f7b38cecda6ecd5cf33a7c34a5b48f74a45f0097f097ecf9ecf3a3fcdd0915404ae87c23439e586d03675918ad365f21a42c974b3242
- SSDEEP
  
  24576:Zsq19uXicXMEkLOySYHi8AMXufXs8iv3OHb0+8TetBlrHryjHBRTmsI7owQioF:ylZXMEhySY6z8n3O70+jRLyjHbTm9oxB
Score

7^/10
- Loads dropped DLL
behavioral15 behavioral16
- Target
  
  Srenshare tool/Tools/Jitter Click Training-How fast can you click in 10 seconds-.url
- Size
  
  49B
- MD5
  
  58c0d8bd84053bb3f820bea4b558b6b1
- SHA1
  
  7754c4d7998d673def3689076226526acc069fff
- SHA256
  
  972fc3701d9bf87fe5e812d0b88b90e0583fe80852c4b37681b8e0a9d8b0c6e6
- SHA512
  
  078d688c186767f5c948489f0b6007c34a0953d71dc4aa49aee021cdbaa8094024757322cb7aab0c2d690863003ba2f32440386ac2d7db4d95ee64a619b17636
Score

1^/10
behavioral17 behavioral18
- Target
  
  Srenshare tool/Tools/Kangaroo (1).exe
- Size
  
  7.1MB
- MD5
  
  e665f6c07c06a741401696135113c5db
- SHA1
  
  dc9dcbb4a912b4748d32d7ed508029aa2f2e2c6f
- SHA256
  
  a55d1fe4b6dae91fb96f4faaa7bed1f05e2bd171dbda442ba8bc4a91da7527d2
- SHA512
  
  fe94092cdacaba22647a012ae879a4dbd1a7906644f41e7a8a3400de828adaced98a13e38eff7fd2ee3eb4bbaf79df6f58792a91a30f94441c71af44dc082a21
- SSDEEP
  
  196608:jtTITAAkNHVq2xWFrkBwcrXdWv82giEEti:juTAlqsWFrkBddX
Score

7^/10
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral19 behavioral20
- Target
  
  Srenshare tool/Tools/LastActivityView.exe
- Size
  
  131KB
- MD5
  
  4a0e27af4bc47aa761a1751caf69a3dd
- SHA1
  
  0fb8f1dcd7f37deae356ecf4ec099ba66af5a0bf
- SHA256
  
  d8a736232b6ebed152a20e922ea2798fda89069786fdd8d526013585215c3046
- SHA512
  
  d600a995a63efdf96aa8c771464b889c4ceb9b9de66223983b125b17f6309cc56e32e35114481bab8ebcd1f61ce576baab5295f11aeeb035a687a1db7e58d1a8
- SSDEEP
  
  3072:IvKB1ELeP2N+S0atKSPfptuaNH4XkOdL1E7Bd9f:IvpLe7S0EKSnptuaB4BS
Score

6^/10

discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral21 behavioral22
- Target
  
  Srenshare tool/Tools/Paladin.exe
- Size
  
  8.2MB
- MD5
  
  80efadf419e405d4a411d9d077a4f326
- SHA1
  
  7491cf5b3af1d765af40ea182f923cac40392a71
- SHA256
  
  673d13493ddcbb5f60c0d1d0db728cdd830857e46ecd73f6b9e277cfcf3ceefa
- SHA512
  
  5a765e126a2e047e05b27f7d324bd19b96f06dc32a2f603682705c794bbf1fe04bbfada3b5ec6907cd4137d3b31aeafff709e2994b6bb3aa40059d15c78144bf
- SSDEEP
  
  196608:lWvtYbs24beIZb4qj7A6o1tSSYj4WNNf+g5jny5mv68WHu6fyAB2V6gIYPc/2:hRUeChSm4WXmuTvv8yAcw8c/2
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral23 behavioral24
- Target
  
  Srenshare tool/Tools/Process Hacker 2.lnk
- Size
  
  1KB
- MD5
  
  4a5c54b5a08d11f84154b9945097bf52
- SHA1
  
  f68c6095eccbeb2efb3164ca3e3176c8f5aa0d8b
- SHA256
  
  407b8951924e55136c90ea13db95d3307f2652ea52d93e2d4ad44af9346b5362
- SHA512
  
  ee53c45b77bdd14a5d8a8ed0d9c530555ffd20a31aebecd8e29b9cbcf6dc3b02e3aeb704e42dfb892d01df6a11ca04738900a037a295c4d9ea13fea2ce571978
Score

3^/10
behavioral25 behavioral26
- Target
  
  Srenshare tool/Tools/RegScanner.exe
- Size
  
  59KB
- MD5
  
  2e998efadda38ea838d22354d7f335b9
- SHA1
  
  bc2cc88ba637eb84a70eb79a710313926f9056c1
- SHA256
  
  a4fdda53e3bcd4e369baec3436e06acd6c210b8de950f439cf425db37c66e897
- SHA512
  
  935757530f51e8d79da06070140e4fdf950be9411ca401333d3cdb15485d7ebaf61c577c9d467c22b78b18b8d0fa22d66d438ca3ba3630f8d4af448fa2eff75e
- SSDEEP
  
  768:82dfLRvCbvubjBpiZrH6ENDk9fWcofmDybxH0mSJIVFh5rbipGeiWwQ:82NRv2aniZrNBVcof8qxH0RID7bipG6v
Score

9^/10

upx
- Nirsoft
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral27 behavioral28
- Target
  
  Srenshare tool/Tools/USBDeview.exe
- Size
  
  175KB
- MD5
  
  6d2366810298100d37d9cf1a4acb1710
- SHA1
  
  abf88097d17599c5d11ab4bbbe44484cde4d4cb9
- SHA256
  
  ca67d7096e64f2a647b5734bd34f302a3a48fcc3b5e16598f2e5a5cc9100985f
- SHA512
  
  7b3ef3b68b7a6aa04bf633a0d6eeb9623c12cad3605ce119f2d5ee8f7ae712ee7acc76518a8c0846d6054d1350d77f6dea96fa21c2ebe6d21d960a15129f1f28
- SSDEEP
  
  3072:cygTTf2vyMtTPqWkxlm5mDCQdYiqwIa65t+9hBdz7Nqm7whNkeKr:UfQyiyJDCrtePNqATr
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral29 behavioral30
- Target
  
  Srenshare tool/Tools/UserAssistView.exe
- Size
  
  30KB
- MD5
  
  f36530f46a34516be38521ee9a134d28
- SHA1
  
  47f0553e0a0febbef59fd9a32149497bbdd5229c
- SHA256
  
  bc11c4150bbc6f8b2cf7bc96bedbb183c61d53ab8e4052b15d58bad6b6d1befa
- SHA512
  
  5c1a1282ffc25409d0044770c80e92f7a89fb40567dbb24f64f46750083bb30b842a63ef58b8b9433fa5a5903a5aa7bf71ee941709365c6bc17a9f4d85b1ad5d
- SSDEEP
  
  384:IecsPHRggjhCnMgZas8+oAEqPm63AovtX625wWMPODVDSt/U/BEUxhUp5Erzrbqu:HhCWSrPlX62arODxS1U/Br9nrbqUo
Score

9^/10

upx
- Nirsoft
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Checks computer location settings

Loads dropped DLL

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Checks computer location settings

Suspicious use of NtSetInformationThreadHideFromDebugger

Nirsoft

UPX packed file

Enumerates connected drives

Maps connected drives based on registry

Nirsoft

UPX packed file

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32