burger_client[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

burger_client.zip
Size

13.0MB
MD5

80d26e6c477e0986862d724c38d1c2f7
SHA1

0bbcba5fb6b0b0c495c4dd3ccd6d8e5b1a9c9521
SHA256

1f0276ec5a0bcfee3145fc24d1799d9f0ad32a143da76252a1e6a063cee36212
SHA512

f9576c95b14ab46ec925c619b25393546f79833d1d9dccbfb834122a98119c85dec792492883883371a2e2a35d89203e6065f2d4ad5426045405e37df6fae954
SSDEEP

393216:Pdf1QMXrNfYC7HNfYC7aNfYC7BnlB+gqC0FeQ2N+:PBzJfjfIfO+N+

Score

1^/10

Malware Config

Signatures

Files

burger_client.zip
.zip
BackupStorage/(Standard system devices)_ISS Dynamic Bus Enumerator_3.1.0.4572.zip
.zip
DriverInfo_8A6299E0-66D1-4F5C-AF84-8FDC2297F563.json
ISH_BusDriver.cat
ISH_BusDriver.sys
.exe windows x64

355d014df861e12b834c40e29e97abd7

Code Sign

cd:50:e2:2d:f8:14:f8:a4:87:1a:21:07:39:1a:f0:5c
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

31/03/2021, 00:00

Not After

31/03/2023, 23:59

Subject

CN=Intel Corporation,O=Intel Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:50:21:ba:6e:d8:5a:72:ad:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17/06/2021, 17:55

Not After

16/06/2022, 17:55

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:72:e9:62:e2:c1:ff:fe:a9:55:39:f9:b6:f1:b8:08:48:9c:2c:8f:b1:9d:85:ec:98:c1:f3:68:7a:4c:c8:8e
Signer

Actual PE Digest

d7:72:e9:62:e2:c1:ff:fe:a9:55:39:f9:b6:f1:b8:08:48:9c:2c:8f:b1:9d:85:ec:98:c1:f3:68:7a:4c:c8:8e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:32
Valid: false

d7:72:e9:62:e2:c1:ff:fe:a9:55:39:f9:b6:f1:b8:08:48:9c:2c:8f:b1:9d:85:ec:98:c1:f3:68:7a:4c:c8:8e
Signer

Actual PE Digest

d7:72:e9:62:e2:c1:ff:fe:a9:55:39:f9:b6:f1:b8:08:48:9c:2c:8f:b1:9d:85:ec:98:c1:f3:68:7a:4c:c8:8e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Intel Corporation,O=Intel Corporation,L=Santa Clara,ST=California,C=US

27/02/2023, 09:32
Valid: true

Chain 1

CN=Intel Corporation,O=Intel Corporation,L=Santa Clara,ST=California,C=US

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

MmGetSystemRoutineAddress
RtlCopyUnicodeString
IoWMIRegistrationControl
RtlInitUnicodeString
EtwUnregister
_vsnwprintf
IoGetDeviceInterfaces
KeQueryDpcWatchdogInformation
DbgPrintEx
swprintf_s
EtwWriteTransfer
EtwRegister
ExFreePoolWithTag

wdfldr.sys

WdfVersionUnbind
WdfVersionBind
WdfVersionUnbindClass
WdfVersionBindClass

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ish_busdriver.inf
BackupStorage/Intel Corporation_Intel(R) Serial IO GPIO Host Controller - INT3450_30.100.2132.2.zip
.zip
BackupStorage/Intel Corporation_Intel(R) Serial IO I2C Host Controller - A369_30.100.2132.2.zip
.zip
BackupStorage/Intel Corporation_Intel(R) Serial IO UART Host Controller - A328_30.100.2132.2.zip
.zip
BackupStorage/Intel Corporation_Intel(R) Wireless Bluetooth(R)_22.170.0.2.zip
.zip
BackupStorage/Intel(R) Corporation_Intel(R) Display Audio_10.27.0.11.zip
.zip
BackupStorage/Intel(R) Corporation_Intel(R) HID Event Filter_2.2.1.384.zip
.zip
BackupStorage/Intel_Intel(R) Management Engine Interface _2240.3.4.0.zip
.zip
BackupStorage/Logi_Logicool HID-compliant Unifying keyboard_5.92.28.0.zip
.zip
BackupStorage/Logicool_HID-compliant device_5.92.28.0.zip
.zip
BackupStorage/Logicool_Logicool HID-compliant Unifying Mouse_5.92.28.0.zip
.zip
BackupStorage/Realtek Semiconductor Corp._Realtek 8812AU Wireless LAN 802.11ac USB NIC_1030.38.304.2019.zip
.zip
DUState.dat
StateHistory/DUState 23-02-25 18-23-34.dat
StateHistory/DUState 23-02-25 18-28-56.dat
StateHistory/DUState 23-02-25 19-28-44.dat
StateHistory/DUState 23-02-25 19-29-01.dat
StateHistory/DUState 23-02-25 19-45-53.dat
StateHistory/DUState 23-02-25 19-47-10.dat
StateHistory/DUState 23-02-25 20-18-09.dat
StateHistory/DUState 23-02-25 20-50-44.dat
StateHistory/DUState 23-02-25 21-03-06.dat
StateHistory/DUState 23-02-25 21-03-20.dat
burger_client/8866F8A9-70C9-43A2-BFBE-EE00AA2DC417/44ED97C8-2D40-4A50-913D-673F6858B9AF
usercfg.ini

Sharing

General

Malware Config

Signatures

Files

355d014df861e12b834c40e29e97abd7

Code Sign

cd:50:e2:2d:f8:14:f8:a4:87:1a:21:07:39:1a:f0:5cCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

33:00:00:00:c4:50:21:ba:6e:d8:5a:72:ad:00:00:00:00:00:c4Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

d7:72:e9:62:e2:c1:ff:fe:a9:55:39:f9:b6:f1:b8:08:48:9c:2c:8f:b1:9d:85:ec:98:c1:f3:68:7a:4c:c8:8eSigner

Signature Validations

Verification

27/02/2023, 09:32 Valid: false

d7:72:e9:62:e2:c1:ff:fe:a9:55:39:f9:b6:f1:b8:08:48:9c:2c:8f:b1:9d:85:ec:98:c1:f3:68:7a:4c:c8:8eSigner

Signature Validations

Verification

27/02/2023, 09:32 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

wdfldr.sys

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

PAGE Size: 5KB - Virtual size: 5KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 76B

cd:50:e2:2d:f8:14:f8:a4:87:1a:21:07:39:1a:f0:5c
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

33:00:00:00:c4:50:21:ba:6e:d8:5a:72:ad:00:00:00:00:00:c4
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

d7:72:e9:62:e2:c1:ff:fe:a9:55:39:f9:b6:f1:b8:08:48:9c:2c:8f:b1:9d:85:ec:98:c1:f3:68:7a:4c:c8:8e
Signer

27/02/2023, 09:32
Valid: false

d7:72:e9:62:e2:c1:ff:fe:a9:55:39:f9:b6:f1:b8:08:48:9c:2c:8f:b1:9d:85:ec:98:c1:f3:68:7a:4c:c8:8e
Signer

27/02/2023, 09:32
Valid: true

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

PAGE
Size: 5KB - Virtual size: 5KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 76B