Overview

overview

10

Static

static

7

trojan-lea...35.exe

windows7-x64

8

trojan-lea...35.exe

windows10-2004-x64

8

trojan-lea...07.exe

windows7-x64

8

trojan-lea...07.exe

windows10-2004-x64

8

trojan-lea...NT.rar

windows7-x64

3

trojan-lea...NT.rar

windows10-2004-x64

3

trojan-lea...1).zip

windows7-x64

1

trojan-lea...1).zip

windows10-2004-x64

1

trojan-lea...ys.exe

windows7-x64

7

trojan-lea...ys.exe

windows10-2004-x64

7

trojan-lea...0S.z01

windows7-x64

3

trojan-lea...0S.z01

windows10-2004-x64

3

trojan-lea...0S.z02

windows7-x64

3

trojan-lea...0S.z02

windows10-2004-x64

3

trojan-lea...0S.z03

windows7-x64

3

trojan-lea...0S.z03

windows10-2004-x64

3

trojan-lea...0S.zip

windows7-x64

1

trojan-lea...0S.zip

windows10-2004-x64

1

trojan-lea...er.exe

windows7-x64

3

trojan-lea...er.exe

windows10-2004-x64

8

trojan-lea...re.zip

windows7-x64

1

trojan-lea...re.zip

windows10-2004-x64

1

trojan-lea...32.exe

windows7-x64

10

trojan-lea...32.exe

windows10-2004-x64

trojan-lea...32.exe

windows7-x64

trojan-lea...32.exe

windows10-2004-x64

trojan-lea...64.exe

windows7-x64

trojan-lea...64.exe

windows10-2004-x64

trojan-lea...ne.exe

windows7-x64

1

trojan-lea...ne.exe

windows10-2004-x64

1

trojan-lea...64.exe

windows7-x64

1

trojan-lea...64.exe

windows10-2004-x64

1

Resubmissions

09-05-2023 19:22

230509-x3fn4adg58 10

09-05-2023 19:14

230509-xxsrgaff7x 10

09-05-2023 19:14

230509-xxr5yadg42 7

09-05-2023 19:14

230509-xxrt6sff7w 8

09-05-2023 19:14

230509-xxrjeaff7v 8

09-05-2023 19:14

230509-xxqxwadg39 7

09-05-2023 19:14

230509-xxql4sff7t 10

09-05-2023 19:14

230509-xxqbcadg38 7

09-05-2023 19:10

230509-xvl6xadf64 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    trojan-leaks-main.zip

  • Size

    501.8MB

  • Sample

    230509-x3fn4adg58

  • MD5

    5989c04ee5327d6e7185985f4a7fb933

  • SHA1

    51826110b35fc7b0984eae57c8e143900b29a38f

  • SHA256

    eadaf26df948f0fd541f297e2f0bad435aa4bee5c97e4324ad767dacca77e29d

  • SHA512

    089b2cf3836852d52a8b1da951702d2e2101eee915ddfa72bd967123d1a52d98baae6c0f68f2fd24fb4f1a111b8bfcf6cc57421e76a11f5554a80d372e77587e

  • SSDEEP

    12582912:4vZS6yP56fA74t343nX8dn++/RNk8nnqKIEX1b62gOZsX:qZS6yDcJ43sd++//k8nnqKI214

Score
10/10
agilenetbootkitdiscoveryevasionexploitpersistenceransomwarespywarestealertrojanupx

Malware Config

Targets

    • Target

      trojan-leaks-main/0.950095298700035.exe

    • Size

      134KB

    • MD5

      aedbbccb355b4b671b260ddae4caf48a

    • SHA1

      fac537787c1c197c1eeff3776f18286c93fb62aa

    • SHA256

      f87e7c558f070aba0493468837fcc6dacd76e5cc855a7f460c798af6fe8f0120

    • SHA512

      09a412edfe005ab34006032fabcf7b12b18c1ff2aafdaa4a551a7da929c866532ff2d544dff55e2d6fbfbb52cca270481c9853652d6299eb077328d52dbee22a

    • SSDEEP

      3072:s4/hNEFqgwt4AfLKUM3/oY+IUTzrojcbWy:ARATu3/Agcb

    Score
    8/10
    bootkitevasionpersistence

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

    • Target

      trojan-leaks-main/0x07.exe

    • Size

      247KB

    • MD5

      733eb0ab951ae42a8d8cca413201e428

    • SHA1

      640ffb3ee44eb86afaea92e6c5aa158a5d4aafd1

    • SHA256

      52d6d769eb474d4138ac31e05634a6ca7a4ebef5920f8356c1cd70d9fa42c2fb

    • SHA512

      c7cdf77aa881c5dbb2abf17913dbf645fe88e16fa11fa055392d36ccf936fc43050c48feb631e193fe044123a190f123d2d6ff12234c0ff7c8c7c6e290209d8f

    • SSDEEP

      3072:xaWEHnqlm+0FEaJSq6+ouCpk2mpcWJ0r+QNTBfZnazJ9k3kxMC+89+aPyXiwQ9M1:cWCMm8aMldk1cWQRNTBhz3Yz/qc9M1

    Score
    8/10
    bootkitdiscoveryexploitpersistence

    • Drops file in Drivers directory

    • Possible privilege escalation attempt

      exploit

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Modifies boot configuration data using bcdedit

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral3behavioral4

    • Target

      trojan-leaks-main/AIDS_NT.rar

    • Size

      634KB

    • MD5

      6130816a444466d3ef237bfefae80c2c

    • SHA1

      bd5e7be0fd74d424191cf9dddf0f6b4e0a2871b0

    • SHA256

      52e0a1c02a0378774da69231586464c8c9fee1b36575786b5424fefda2f90418

    • SHA512

      e83d352d104eeb89731bc0578384b5265b6270169aa4d198567f87334114850cfd453963891b47d581948a7d2d0e9ba511c5c01b7b6d6835f1b2ca376269182a

    • SSDEEP

      12288:iA1HETk8ZRVmIUuSZmnoBXboLNy2f7MnLT9xaUnkLrCO2Hf6Y2A:iUG7YjVZhBXMLNP7oLBAH2/NV

    Score
    3/10
    behavioral5behavioral6

    • Target

      trojan-leaks-main/Abantes (1).zip

    • Size

      2.1MB

    • MD5

      406aa989db6c5b5cbe736f8aabd73042

    • SHA1

      608382d2558191b0b87aaaee3e870569954d538f

    • SHA256

      f476cd6127f6607fb58ef10bf36b6c89619f1f7d73cf0bfc1f0215b92135dd34

    • SHA512

      42dcc0a3748eeead6b5fd6daf40442dac43e02456557b3167b89800a911f7a896ad4342b03170ce25ced1f3183c46835b1eb2426d2134f2c3e6fc8dfb0d6c315

    • SSDEEP

      49152:CwmHvJlpSmfMs2eLLHcSpJdUGwr+2gjhugOpf6C9+VflO2qYVjmV:sHvJlpJkkLLH7pcGaDgJXxmV

    Score
    1/10
    behavioral7behavioral8

    • Target

      trojan-leaks-main/AjarSys.exe

    • Size

      5.8MB

    • MD5

      0816a1e816f9737a1fd3eaa7493aa075

    • SHA1

      682405e63e3cfa28f955ea4eee2890b93fa6414d

    • SHA256

      418f6ff813bbbbe5344b9f8fea28948259bcfd28d424f1354289f5071c85d6ca

    • SHA512

      640000c30a3c1e8d05bc5383daa405303596b8694e11a17a04a77e3cf0688a887f35a7f8d38ffea89e8a3ba6e36e63c4b39285b83bfffa55e9fab5cc595484a8

    • SSDEEP

      98304:wYOgp0AsZKigPWKQ/HVRBH9vYewem9lTTdxlN7/c3DgPY9rT6Bl1tF:wYL0rtC3Q/pdePbH7/0DIYNT6LbF

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral10behavioral9

    • Target

      trojan-leaks-main/AnCo250S.z01

    • Size

      24.0MB

    • MD5

      caf52c6eeabe95f8d3f8f8923a2977d6

    • SHA1

      5470d110ef71c8be4341a3f40d066b938b989b5c

    • SHA256

      1c94a2385b950919ba3760d551ddba9e471c6706a4b8b26504b1dd048d8abf37

    • SHA512

      175417b60d8c40c5761c858199aac5ac308085dcfeb4e4284542d0e2d3b92b4e218eedcae85f0a8e0fe9d1e9c018c05701241b449fd2191088d580de99f80941

    • SSDEEP

      393216:kJVfn85zXCJ5P3+ix6+fOigTl1odisR7QLMvLj0qO0SmUVWUdOVi3/dKtrvK9t2P:kWuSj+puodisRkQSmnfs3Kry9ti

    Score
    3/10
    behavioral11behavioral12

    • Target

      trojan-leaks-main/AnCo250S.z02

    • Size

      24.0MB

    • MD5

      5df1203bb287ca15a9e913cec9ec3880

    • SHA1

      1770e794fada020413beefcf188162394160b9be

    • SHA256

      7d99de4ee2ceb3f1b04e12aae16f00923fd03f75e16abed8b8941e4d6d1e1eeb

    • SHA512

      95c8b215ac7b2a6036965d4d5d31a854b0443a6b9cb339a918322b34ef2cf6a1ad014ff579178ff5ec158f854d1b2866dbb325ae4b0076698a7b328f4b0f97a5

    • SSDEEP

      393216:jDbc9ROt8uvFD6QTqzln5OJnrV+ewzYDDm/QudNNpynZoeEnLztCPYQgHRia5Gpu:jvswbTqzl8RcewzYDnmPpQzELzAwbHRx

    Score
    3/10
    behavioral13behavioral14

    • Target

      trojan-leaks-main/AnCo250S.z03

    • Size

      24.0MB

    • MD5

      fc4da9d715e9fb4f7d358194fad6f107

    • SHA1

      34222f1ffb6f76d17fdc6052d5c6b1e0bf658880

    • SHA256

      8d2003cf8b225cc2e8f29bf73c232faf5898631171123ff2c8d3f0523ef58ba6

    • SHA512

      c8ae7abaa4e15fe58d419870d597dc298219d96562d5405e3c6fc40908e81950e197d6d6978e77c9fdd46cd26e1341ac2dd6315ff196a5b90f52d9efbf70b316

    • SSDEEP

      393216:u3SBJFgGJMZXQHOLV7eMzOPLzTtUp7Qu+2qVN+Q/wMdIDc/DaEiTU9GVrQa/HE72:ISpgGJkQHOLV7enuUT+ird6EifrQcHVP

    Score
    3/10
    behavioral15behavioral16

    • Target

      trojan-leaks-main/AnCo250S.zip

    • Size

      9.9MB

    • MD5

      df853fc57bf707e18a5394d076da98c6

    • SHA1

      376cd14b63bbe4d0625e58b62a6eee68539752e5

    • SHA256

      fc1d3634589fdd995c90a34dd52b03e62addc5b6e3cdf675c3f3fb4ab1b6ef82

    • SHA512

      79eae21480454f2b3cb7286e16285c351967a7948b6e9700ef13d0f6db9ced4885ea9afc732825d7429f607bb5997d58f80c365345025a0db6351dcdc32d0ad5

    • SSDEEP

      196608:XvRhjKD6uRcdJ0KgdSy/RMPCRAnSD6b7WbgJzxoGG/xTQuT03DzGp4VFe+3V5d:5geuRNX9C6RYf1oGG50V2pPq5d

    Score
    1/10
    behavioral17behavioral18

    • Target

      trojan-leaks-main/Antivirus_Installer.exe

    • Size

      89KB

    • MD5

      70ec6f9bec87d67c435a2b8505a72629

    • SHA1

      8dae4c1727c73b3c1135b633e4db69e60ed522f1

    • SHA256

      1bfef2733f357e531be53b406b65661893b97a8b18a699b6e65f201dd0eeeae8

    • SHA512

      4a164019ae25e21007f2678bdf0e002b2e1eee115ddc4e101a909712d2bbaff3987339b6059c9db69988918296692839c47c49da9ca9ff3310a9e0088ab7d56c

    • SSDEEP

      1536:X7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfrwFOO:L7DhdC6kzWypvaQ0FxyNTBfrS

    Score
    8/10

    • Downloads MZ/PE file

    behavioral19behavioral20

    • Target

      trojan-leaks-main/Aramaware.zip

    • Size

      179KB

    • MD5

      d46345e6a112048ce7fb0cc1be021119

    • SHA1

      86744fb58f947c499650abd9867956ac77dcb333

    • SHA256

      fe4252a3a0c952a7bbce8bd9f20e13fbfae6e694989b117947dacc609505a0b6

    • SHA512

      249c8ab3adc3cecfcd4d569868e13904a014fb035ba8c24785d17769639a2b938ec8d271373f8c9718f1427def37d0615eb4313aed35127c4abad66fea132203

    • SSDEEP

      3072:GLbMP2OQnsmgzcoQicb0US51S5JZLS8GXHpgYyRX8AGTi0kndHJiz0d:GLUJcgz/cb4wvOaYOsAycHd

    Score
    1/10
    behavioral21behavioral22

    • Target

      trojan-leaks-main/BUG32.exe

    • Size

      3.0MB

    • MD5

      149cc2ec1900cb778afb50d8026eadf5

    • SHA1

      a7bc1bbc7bdc970757ec369ef0b51dc53989f131

    • SHA256

      817a695e53a1d6e24f2c701751b4d18468f20698f30fada420dfba6e21a09797

    • SHA512

      d617654478beb6325d86c108cddaff8f8d658a235d26b8e0282ed85dca826bdb62b0b67e749c7cd421dbae1d98084220e2f4d5779badb8fd7ab07ff333a35553

    • SSDEEP

      49152:Or2U5IahDUGN97rkqOAackLjQ0rZEAh3oA6wHE+K60Kk0aCLkfAZKt0OJTcL:4H2ahFNNrg3QbQoA6wHEnFN4IJu

    Score
    10/10
    evasionpersistencespywarestealertrojanransomware

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral23behavioral24

    • Target

      trojan-leaks-main/BaldiTrojan-x32.exe

    • Size

      4.2MB

    • MD5

      0aeaafa78906f0977c4af8963bcd84c2

    • SHA1

      59a4a0e73d646349c4dde83ceb996e20167cfcc0

    • SHA256

      822023abab19f62e0b5243390df4639cb7697dac75a323682f7478db477dee24

    • SHA512

      82ac5b2e225c30ee4f2197562b77ca1ec1b5c5cd438bf819d3b91adb9cca6421943afdf43b4748a3f9a321c30a274d145e248ac9da5bf76799440612ec13419d

    • SSDEEP

      98304:fKgez/S9bL+M0QVtYD0JCqfZlVcc9uNSwfrNaSQMU0qay9jT:uzk0mtyTqj6W4SGYSQcqD9P

    Score
    10/10
    evasionpersistenceransomwaretrojan

    • UAC bypass

      evasiontrojan

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Sets desktop wallpaper using registry

      ransomware
    behavioral25behavioral26

    • Target

      trojan-leaks-main/BaldiTrojan-x64.exe

    • Size

      4.2MB

    • MD5

      e2c4c4dd8c6a357eca164955a8fe040c

    • SHA1

      f4114815bce62efbc78c79f9a83ccf74a4ea075c

    • SHA256

      f3efe3b57a0f5cc46963dbd8832ceecd5768117685b4cee684b1235d9e74ebe5

    • SHA512

      389bf398f9f9f6ae7e6dfca835f5877befa4ebfee5938d4b50728d77fb0450b2eb2cb67e3f4d9abaaad77231754968b27c69a510448dfd7f52c63b1ce3a1c3e1

    • SSDEEP

      98304:3c9jNgez/S9bL+M0QVtYD0JCqfZlVcc9uNSwfrNaSQHbfU0qC:s95zk0mtyTqj6W4SGYSQ/qC

    Score
    10/10
    evasionpersistenceransomwaretrojan

    • UAC bypass

      evasiontrojan

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Sets desktop wallpaper using registry

      ransomware
    behavioral27behavioral28

    • Target

      trojan-leaks-main/Benzene.exe

    • Size

      55KB

    • MD5

      d6e6e2fb2e45c7a2ca6585d86b39d2d0

    • SHA1

      0f64d36122ea98d09b504041b5a511dc4a0b5275

    • SHA256

      942f4aca0316e529d0b7c721b774f37738fb99d27fb4adc034d08cb31fd72924

    • SHA512

      9493b05deed8e0bfdf590c60d7aa7894420b192fdfbd979d321aae9c9cc1d5104fa6125ae8139b12ba1e0c227727375fe046456733c20198f20508321d8adaa1

    • SSDEEP

      768:VglgFHa1vlmz3ggcRLgHLT0ztbjZMJfdZjpYwOxF3iCX85:3F69lmzQ5uT0nMJDjKwOxFZ85

    Score
    1/10
    behavioral29behavioral30

    • Target

      trojan-leaks-main/Benzene_x64.exe

    • Size

      234KB

    • MD5

      4abcf3f7124adbbb7aa59a1f128f5b16

    • SHA1

      64e82614e15cd9102f9ab594d05b0c17549b0618

    • SHA256

      40d98c6d729f998614934cec341440c11c9cbdfcb7bd9c649d83f915eeac4138

    • SHA512

      58a603da4a6a6be5f52fd4e33e87d1dfeb03c8404cf422b7afec0487723c9cf6c34d3b363e684ed9c3e13d8748ec8affeafd8b5e1df88f2393f66275b1b37fde

    • SSDEEP

      6144:8cpsByyZtP/Gxqw44Y5yjaGLqSKExm7WWIQ:8cpsBnZ1/GXc5YX2SKExNWf

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v6

Tasks

static1

upxagilenet
Score
7/10

behavioral1

bootkitevasionpersistence
Score
8/10

behavioral2

bootkitevasionpersistence
Score
8/10

behavioral3

bootkitdiscoveryexploitpersistence
Score
8/10

behavioral4

bootkitdiscoveryexploitpersistence
Score
8/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
7/10

behavioral10

Score
7/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
3/10

behavioral20

Score
8/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

evasionpersistencespywarestealertrojan
Score
10/10

behavioral24

evasionpersistenceransomwarespywarestealertrojan
Score
10/10

behavioral25

evasionpersistenceransomwaretrojan
Score
10/10

behavioral26

evasionpersistenceransomwaretrojan
Score
10/10

behavioral27

evasionpersistenceransomwaretrojan
Score
10/10

behavioral28

evasionpersistenceransomwaretrojan
Score
10/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10