Overview
overview
10Static
static
10Bunifu.Core.dll
windows7-x64
1Bunifu.Core.dll
windows10-2004-x64
1Bunifu_UI_v1.5.3.dll
windows7-x64
1Bunifu_UI_v1.5.3.dll
windows10-2004-x64
1DiscordRPC.dll
windows7-x64
1DiscordRPC.dll
windows10-2004-x64
1Guna.UI2.dll
windows7-x64
1Guna.UI2.dll
windows10-2004-x64
1Loader.exe
windows7-x64
10Loader.exe
windows10-2004-x64
10Loader.exe.xml
windows7-x64
1Loader.exe.xml
windows10-2004-x64
1Siticone.UI.dll
windows7-x64
1Siticone.UI.dll
windows10-2004-x64
1General
-
Target
perm_unban_cherry.rar
-
Size
5.4MB
-
Sample
230428-2vav4agg64
-
MD5
76c32c9619eb3ca1aada50dc465377e1
-
SHA1
8c6852266cd1d802f2078d8833cb0e2c7d53fbff
-
SHA256
6210c062555e80ebd5bcf1712c9f337f31d56e0a4cfbff7144b4f8e9f9b681b7
-
SHA512
3ec08b84ec97977d864d61c67ad01e245f5256052bf5093149a69ab97ba3442f2595b633b714b55b563ca9d38b80a6a3410ed87a9a75f87c526c1202fbefaec6
-
SSDEEP
98304:RLwyq1/YWn3dnWuC8hedC3+Tq03TQ5Lfnh9fwTagPOX93KSEpJGZk:ayq6WntnFj443+HT8f3c7ON3F4sZk
Behavioral task
behavioral1
Sample
Bunifu.Core.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Bunifu.Core.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
Bunifu_UI_v1.5.3.dll
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
Bunifu_UI_v1.5.3.dll
Resource
win10v2004-20230221-en
Behavioral task
behavioral5
Sample
DiscordRPC.dll
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
DiscordRPC.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
Guna.UI2.dll
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
Guna.UI2.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
Loader.exe
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
Loader.exe
Resource
win10v2004-20230221-en
Behavioral task
behavioral11
Sample
Loader.exe.xml
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
Loader.exe.xml
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
Siticone.UI.dll
Resource
win7-20230220-en
Behavioral task
behavioral14
Sample
Siticone.UI.dll
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
Bunifu.Core.dll
-
Size
2.5MB
-
MD5
d9f830dffedbb2bc371fa60784c01221
-
SHA1
d6a778249e05ee04c2e5e386c31f88598338ab84
-
SHA256
5f72650f6d3a4a9b77bcdd74159282fcf724bd34afb989df6b6e075ea1dd6bc3
-
SHA512
e8e7c712638e0aace109e0587cc4421697e1c6cacb64ff5d56efbe570615d72e72b5dd3afadd468e59116b1ed1326b25c459d5f2110b9d643bfca750825efd61
-
SSDEEP
49152:9mTi+XhlhlFZ5vG+2PkuAc1B/xWCcieUuebO0Syigfihlh5:9azHb9LcFW5ifLq9yigKhlL
Score1/10 -
-
-
Target
Bunifu_UI_v1.5.3.dll
-
Size
323KB
-
MD5
e0ef2817ee5a7c8cd1eb837195768bd2
-
SHA1
426ea1e201c7d3dc3fadce976536edce4cd51bce
-
SHA256
76e1d3ec95fdef74abaf90392dd6f4aa5e344922abf11e572707287d467f2930
-
SHA512
5ad95dd7f0e712d543acfe7fd4539695f7e894988c0a2c44231c43e5ee29e743cb1ffe6bdf1fbdbdcfd3aa374f036113bcc6a1befd0114954093520bac47234c
-
SSDEEP
3072:cF7t/92eSp+nuthzYeSRwwdrmMaXyXL5NQKCZIWD144HcH0CbBxyKfoYA05bC61h:eOthMswV7aXyXLSO4HcHByY35b9DYr
Score1/10 -
-
-
Target
DiscordRPC.dll
-
Size
84KB
-
MD5
696eb4e3427fb28b1b19465ee9609037
-
SHA1
d35b5c6d4bf4dd15efe73bf5684642170ba64e88
-
SHA256
db2e9346343257ba243adf620630f223dda14117cef4159228660395065e17a5
-
SHA512
a8ee6a772e56642a6f0710c02abf20db024cd9c0c380f776cc1eeb8c16cb685814c2b4a58a8dfc29211b26c54666c415285ac2944ceb9f584964b7d3758cec78
-
SSDEEP
1536:qsettJkKPb2F2xqXl6C4owjL++mvxsSFaLCj:qsAJkibG2xqX/4xjC+mhaLCj
Score1/10 -
-
-
Target
Guna.UI2.dll
-
Size
1.9MB
-
MD5
a6c5c5d8f6a0e33f789c1c9c070a38d6
-
SHA1
f36efdf71e737c78e83d8d284ba03b5d5aff95f1
-
SHA256
cf423a447e5c1dc8bc0b84ef005e2e942fa149ba4f9caf7e2f12f672cad55385
-
SHA512
fd679781213be3b7ec6a39b2dacb2b96c356d4276e8b23995f243cbda88f56e311f2933244f50e50a27c72d664b67bb337ab0053c5e83fd934bbb67d6576a124
-
SSDEEP
24576:sdNsB5K6Piv+Xv45K/+GEg4f7bP1/Ud4hCC18Xow1Ajg/nsad4hTaV+jXlo0HQ/F:mLbe1Ajg/nsad4FaV+j
Score1/10 -
-
-
Target
Loader.exe
-
Size
4.4MB
-
MD5
512a2ab76c3b1ebf06b061b27cf93661
-
SHA1
2b63f89e9e780bc1a159ce872c54d3a2b217a812
-
SHA256
e943ca870009360297ad12d0bf4dcf301abef1cb28a82c56b1e2eee1de7aa781
-
SHA512
9c45036967c788035dc0aaa7d6067a95c95c4a609224f46f1bfdd7c9a6b0e825cf9d3437fc04a843ce18280fd2314723b70b81d692ca5c26eef25b49e73b4c1b
-
SSDEEP
98304:i3aaoi1XvIrr9Uv7WAs3aaoi1XvIrr9Uv7WAz3c68lY2mzEn/HH3:KaqZnv7WnaqZnv7WwV2mzI/HX
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Loader.exe.config
-
Size
1KB
-
MD5
c0911d7b16e774d79b85d170e367dfee
-
SHA1
36761b772e82f4f7cef9f92c8290e7bb5ae05695
-
SHA256
0f5b7f517b6f7858b412996be3777073e46059c40d5334ce9e3b5e5c2c62dbe0
-
SHA512
e1078d5688969ee4b54e00994e6f84a1ed1153ea2749028000ed0403c3303fb00f7291e220991a61b44673fab1189e088008345c458fdca0e0b4c642b19d6007
Score1/10 -
-
-
Target
Siticone.UI.dll
-
Size
1.3MB
-
MD5
750c58af2e56b6addecffcf152520ab8
-
SHA1
14995e7f1d12498606d9d209d78d55fe6fd87802
-
SHA256
27c56a28cbde094157206da1bfcd7a395111ab97b8a5ff600b11c2175dcefb26
-
SHA512
2179790e23f61b3dfea828457f8609279c70b1e071cddc73b1dbda02caa664e0aae2553fc24a4956f9e89c477d66b1a704bde26fa23bc6db26c19e18db00abb5
-
SSDEEP
24576:QVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8gb:u8NlaVeuHFb
Score1/10 -