Overview
overview
7Static
static
7MultiBit/B...ng.dll
windows10-2004-x64
1MultiBit/B....3.dll
windows10-2004-x64
1MultiBit/B...on.dll
windows10-2004-x64
1MultiBit/B...on.dll
windows10-2004-x64
1MultiBit/B...el.dll
windows10-2004-x64
1MultiBit/B...or.dll
windows10-2004-x64
1MultiBit/B...el.dll
windows10-2004-x64
1MultiBit/B...on.dll
windows10-2004-x64
1MultiBit/L...et.dll
windows10-2004-x64
1MultiBit/MultiBit.exe
windows10-2004-x64
7MultiBit/Qt5Core.dll
windows10-2004-x64
3MultiBit/_asyncio.dll
windows10-2004-x64
3MultiBit/_bz2.dll
windows10-2004-x64
3MultiBit/_...32.dll
windows10-2004-x64
3MultiBit/_ctypes.dll
windows10-2004-x64
1MultiBit/_decimal.dll
windows10-2004-x64
3MultiBit/b...b2.pyi
windows10-2004-x64
3MultiBit/b...b2.pyi
windows10-2004-x64
3MultiBit/b...b2.pyi
windows10-2004-x64
3MultiBit/b...b2.pyi
windows10-2004-x64
3MultiBit/b...b2.pyi
windows10-2004-x64
3MultiBit/b...b2.pyi
windows10-2004-x64
3MultiBit/b...b2.pyi
windows10-2004-x64
3MultiBit/b...b2.pyi
windows10-2004-x64
3MultiBit/b...b2.pyi
windows10-2004-x64
3MultiBit/c...rt.pem
windows10-2004-x64
3MultiBit/d...47.dll
windows10-2004-x64
3MultiBit/libEGL.dll
windows10-2004-x64
1MultiBit/libeay32.dll
windows10-2004-x64
1MultiBit/m....typed
windows10-2004-x64
3MultiBit/python3.dll
windows10-2004-x64
3MultiBit/python39.dll
windows10-2004-x64
3Analysis
-
max time kernel
142s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
21-03-2023 14:43
Behavioral task
behavioral1
Sample
MultiBit/Bunifu.Licensing.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral2
Sample
MultiBit/Bunifu.UI.WinForms.1.5.3.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
MultiBit/Bunifu.UI.WinForms.BunifuButton.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral4
Sample
MultiBit/Bunifu.UI.WinForms.BunifuImageButton.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
MultiBit/Bunifu.UI.WinForms.BunifuPanel.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral6
Sample
MultiBit/Bunifu.UI.WinForms.BunifuSeparator.dll
Resource
win10v2004-20230221-en
Behavioral task
behavioral7
Sample
MultiBit/Bunifu.UI.WinForms.BunifuShadowPanel.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral8
Sample
MultiBit/Bunifu.UI.WinForms.BunifuTransition.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
MultiBit/Leaf.xNet.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral10
Sample
MultiBit/MultiBit.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
MultiBit/Qt5Core.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral12
Sample
MultiBit/_asyncio.dll
Resource
win10v2004-20230221-en
Behavioral task
behavioral13
Sample
MultiBit/_bz2.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral14
Sample
MultiBit/_cffi_backend.cp39-win32.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral15
Sample
MultiBit/_ctypes.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral16
Sample
MultiBit/_decimal.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral17
Sample
MultiBit/bitbox02/communication/generated/bitbox02_system_pb2.pyi
Resource
win10v2004-20230220-en
Behavioral task
behavioral18
Sample
MultiBit/bitbox02/communication/generated/btc_pb2.pyi
Resource
win10v2004-20230220-en
Behavioral task
behavioral19
Sample
MultiBit/bitbox02/communication/generated/common_pb2.pyi
Resource
win10v2004-20230221-en
Behavioral task
behavioral20
Sample
MultiBit/bitbox02/communication/generated/eth_pb2.pyi
Resource
win10v2004-20230220-en
Behavioral task
behavioral21
Sample
MultiBit/bitbox02/communication/generated/hww_pb2.pyi
Resource
win10v2004-20230220-en
Behavioral task
behavioral22
Sample
MultiBit/bitbox02/communication/generated/keystore_pb2.pyi
Resource
win10v2004-20230220-en
Behavioral task
behavioral23
Sample
MultiBit/bitbox02/communication/generated/mnemonic_pb2.pyi
Resource
win10v2004-20230220-en
Behavioral task
behavioral24
Sample
MultiBit/bitbox02/communication/generated/perform_attestation_pb2.pyi
Resource
win10v2004-20230221-en
Behavioral task
behavioral25
Sample
MultiBit/bitbox02/communication/generated/system_pb2.pyi
Resource
win10v2004-20230220-en
Behavioral task
behavioral26
Sample
MultiBit/certifi/cacert.pem
Resource
win10v2004-20230220-en
Behavioral task
behavioral27
Sample
MultiBit/d3dcompiler_47.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral28
Sample
MultiBit/libEGL.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral29
Sample
MultiBit/libeay32.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral30
Sample
MultiBit/mnemonic/py.typed
Resource
win10v2004-20230221-en
Behavioral task
behavioral31
Sample
MultiBit/python3.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral32
Sample
MultiBit/python39.dll
Resource
win10v2004-20230221-en
General
-
Target
MultiBit/bitbox02/communication/generated/mnemonic_pb2.pyi
-
Size
1KB
-
MD5
878ba6a31a34c344bfc3d7f916c21857
-
SHA1
9e56171ddcab1412974020af7adeda116d327a8c
-
SHA256
22ebfaa989850d8a759f23304d66bf975c15d9cd0b8cd59eeafa01a2a474da72
-
SHA512
dd20c9446b1b6a4b72668dbe563d21932745026cb1ab553e1e568ff6c0e5526e4eb9338136cb3d72ee46da7d98f117d721ff2d5f490fd857cb81232b4ab8e4ad
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 4272 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\MultiBit\bitbox02\communication\generated\mnemonic_pb2.pyi1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx