Resubmissions

28/04/2023, 22:53

230428-2vav4agg64 10

General

  • Target

    perm_unban_cherry.rar

  • Size

    5.4MB

  • Sample

    230428-2vav4agg64

  • MD5

    76c32c9619eb3ca1aada50dc465377e1

  • SHA1

    8c6852266cd1d802f2078d8833cb0e2c7d53fbff

  • SHA256

    6210c062555e80ebd5bcf1712c9f337f31d56e0a4cfbff7144b4f8e9f9b681b7

  • SHA512

    3ec08b84ec97977d864d61c67ad01e245f5256052bf5093149a69ab97ba3442f2595b633b714b55b563ca9d38b80a6a3410ed87a9a75f87c526c1202fbefaec6

  • SSDEEP

    98304:RLwyq1/YWn3dnWuC8hedC3+Tq03TQ5Lfnh9fwTagPOX93KSEpJGZk:ayq6WntnFj443+HT8f3c7ON3F4sZk

Malware Config

Targets

    • Target

      Bunifu.Core.dll

    • Size

      2.5MB

    • MD5

      d9f830dffedbb2bc371fa60784c01221

    • SHA1

      d6a778249e05ee04c2e5e386c31f88598338ab84

    • SHA256

      5f72650f6d3a4a9b77bcdd74159282fcf724bd34afb989df6b6e075ea1dd6bc3

    • SHA512

      e8e7c712638e0aace109e0587cc4421697e1c6cacb64ff5d56efbe570615d72e72b5dd3afadd468e59116b1ed1326b25c459d5f2110b9d643bfca750825efd61

    • SSDEEP

      49152:9mTi+XhlhlFZ5vG+2PkuAc1B/xWCcieUuebO0Syigfihlh5:9azHb9LcFW5ifLq9yigKhlL

    Score
    1/10
    • Target

      Bunifu_UI_v1.5.3.dll

    • Size

      323KB

    • MD5

      e0ef2817ee5a7c8cd1eb837195768bd2

    • SHA1

      426ea1e201c7d3dc3fadce976536edce4cd51bce

    • SHA256

      76e1d3ec95fdef74abaf90392dd6f4aa5e344922abf11e572707287d467f2930

    • SHA512

      5ad95dd7f0e712d543acfe7fd4539695f7e894988c0a2c44231c43e5ee29e743cb1ffe6bdf1fbdbdcfd3aa374f036113bcc6a1befd0114954093520bac47234c

    • SSDEEP

      3072:cF7t/92eSp+nuthzYeSRwwdrmMaXyXL5NQKCZIWD144HcH0CbBxyKfoYA05bC61h:eOthMswV7aXyXLSO4HcHByY35b9DYr

    Score
    1/10
    • Target

      DiscordRPC.dll

    • Size

      84KB

    • MD5

      696eb4e3427fb28b1b19465ee9609037

    • SHA1

      d35b5c6d4bf4dd15efe73bf5684642170ba64e88

    • SHA256

      db2e9346343257ba243adf620630f223dda14117cef4159228660395065e17a5

    • SHA512

      a8ee6a772e56642a6f0710c02abf20db024cd9c0c380f776cc1eeb8c16cb685814c2b4a58a8dfc29211b26c54666c415285ac2944ceb9f584964b7d3758cec78

    • SSDEEP

      1536:qsettJkKPb2F2xqXl6C4owjL++mvxsSFaLCj:qsAJkibG2xqX/4xjC+mhaLCj

    Score
    1/10
    • Target

      Guna.UI2.dll

    • Size

      1.9MB

    • MD5

      a6c5c5d8f6a0e33f789c1c9c070a38d6

    • SHA1

      f36efdf71e737c78e83d8d284ba03b5d5aff95f1

    • SHA256

      cf423a447e5c1dc8bc0b84ef005e2e942fa149ba4f9caf7e2f12f672cad55385

    • SHA512

      fd679781213be3b7ec6a39b2dacb2b96c356d4276e8b23995f243cbda88f56e311f2933244f50e50a27c72d664b67bb337ab0053c5e83fd934bbb67d6576a124

    • SSDEEP

      24576:sdNsB5K6Piv+Xv45K/+GEg4f7bP1/Ud4hCC18Xow1Ajg/nsad4hTaV+jXlo0HQ/F:mLbe1Ajg/nsad4FaV+j

    Score
    1/10
    • Target

      Loader.exe

    • Size

      4.4MB

    • MD5

      512a2ab76c3b1ebf06b061b27cf93661

    • SHA1

      2b63f89e9e780bc1a159ce872c54d3a2b217a812

    • SHA256

      e943ca870009360297ad12d0bf4dcf301abef1cb28a82c56b1e2eee1de7aa781

    • SHA512

      9c45036967c788035dc0aaa7d6067a95c95c4a609224f46f1bfdd7c9a6b0e825cf9d3437fc04a843ce18280fd2314723b70b81d692ca5c26eef25b49e73b4c1b

    • SSDEEP

      98304:i3aaoi1XvIrr9Uv7WAs3aaoi1XvIrr9Uv7WAz3c68lY2mzEn/HH3:KaqZnv7WnaqZnv7WwV2mzI/HX

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      Loader.exe.config

    • Size

      1KB

    • MD5

      c0911d7b16e774d79b85d170e367dfee

    • SHA1

      36761b772e82f4f7cef9f92c8290e7bb5ae05695

    • SHA256

      0f5b7f517b6f7858b412996be3777073e46059c40d5334ce9e3b5e5c2c62dbe0

    • SHA512

      e1078d5688969ee4b54e00994e6f84a1ed1153ea2749028000ed0403c3303fb00f7291e220991a61b44673fab1189e088008345c458fdca0e0b4c642b19d6007

    Score
    1/10
    • Target

      Siticone.UI.dll

    • Size

      1.3MB

    • MD5

      750c58af2e56b6addecffcf152520ab8

    • SHA1

      14995e7f1d12498606d9d209d78d55fe6fd87802

    • SHA256

      27c56a28cbde094157206da1bfcd7a395111ab97b8a5ff600b11c2175dcefb26

    • SHA512

      2179790e23f61b3dfea828457f8609279c70b1e071cddc73b1dbda02caa664e0aae2553fc24a4956f9e89c477d66b1a704bde26fa23bc6db26c19e18db00abb5

    • SSDEEP

      24576:QVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8gb:u8NlaVeuHFb

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks