eadaf26df948f0fd541f297e2f0bad435aa4bee5c97e4324ad767dacca77e29d

Target

trojan-leaks-main.zip
Size

501.8MB
Sample

230509-xvl6xadf64
MD5

5989c04ee5327d6e7185985f4a7fb933
SHA1

51826110b35fc7b0984eae57c8e143900b29a38f
SHA256

eadaf26df948f0fd541f297e2f0bad435aa4bee5c97e4324ad767dacca77e29d
SHA512

089b2cf3836852d52a8b1da951702d2e2101eee915ddfa72bd967123d1a52d98baae6c0f68f2fd24fb4f1a111b8bfcf6cc57421e76a11f5554a80d372e77587e
SSDEEP

12582912:4vZS6yP56fA74t343nX8dn++/RNk8nnqKIEX1b62gOZsX:qZS6yDcJ43sd++//k8nnqKI214

Score

10^/10

Malware Config

Targets

- Target
  
  trojan-leaks-main/Halloware (BerkayV).exe
- Size
  
  23.1MB
- MD5
  
  2701cf0c52d8d8d961f21f9952af15e7
- SHA1
  
  d8b9de327f95ba090e5606862003419388fc3dc7
- SHA256
  
  616830e93c33240ff157b4eeeab1d1a3e9891d6410139afdbd4d01f075da0933
- SHA512
  
  b4798cd526b116e943f3cba6f58175185898e374efd4ab7afe012495858c7997fb1fba1dac284ae4aa484dfc5f70b6240ad1281d90c9a3642e49edd95ab39110
- SSDEEP
  
  196608:puv1iLrYSZWLN0dLeGyI8bMU+Ns3tlHO8:UdiHZZWLN1cu3tlHF
Score

10^/10

discovery evasion exploit persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Modifies file permissions
  discovery
- Modifies system executable filetype association
  persistence
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  trojan-leaks-main/HorrorTrojan123.exe
- Size
  
  8.4MB
- MD5
  
  2b71cc65cc949cfce47107383f9bce29
- SHA1
  
  a57d725a4cb391d4ea02a3c4b5680935f72669cf
- SHA256
  
  a513325690cf5bf2302ccc34e2264a8a48270de49a1863c018afed246472e37a
- SHA512
  
  158d6e92839b4d83827832e870b4e3d2c8d388894dd5a194abbfcf4ad228fea7e83543b6278cedd6fb2b92801ba102178a962c4d4f0868e1aac62f50d668a824
- SSDEEP
  
  196608:5MBEQlWRG1ywPTazB6S5KJ7lsL2jXdFTOJkJlJ0dN:qBEQl2G1yzB6HJ7GSjXjGx
Score

1^/10
behavioral3 behavioral4
- Target
  
  trojan-leaks-main/InfiniteBlue.exe
- Size
  
  1.8MB
- MD5
  
  70b9c08114c970f97ba983227e0f08b4
- SHA1
  
  0c3c846828734aed1d74ea47253feef6f81940ac
- SHA256
  
  a38f8a7e057e205d3961095a025f5014c0da0567495f2ca5a15f26d89c481026
- SHA512
  
  dc223e4cbfe89a8d92b2042b1c8a0403b26adc7383317cbadc56602d1e9c02a4a80450ec5aa243fdb8ef3a0882a20af48c3ebb7165ca58dfe34c62691c36f5eb
- SSDEEP
  
  49152:RqrObhdGZu/xJrtcaXxfjDSVQEWnu3+w3JJn+:oExvFXpCQG3+OXn+
Score

1^/10
behavioral5 behavioral6
- Target
  
  trojan-leaks-main/Kirurg v2.exe
- Size
  
  453KB
- MD5
  
  293cd68ae4f5d9074dbf11a8e8534236
- SHA1
  
  e0a7ed5aa8f18ec2f29b8634dfaeb3568f96abff
- SHA256
  
  734e3a658ccdf3a5e9901f3424a113f437c9cf52506264ab08374c2243ea2dbb
- SHA512
  
  05713d51377136b76263f1c6b760c2af22fc7bc56b22ce26cec30428a332acec0d858bae3ff7024ea7200a20ea2f39000306dd2f405fe74d2ffb67739d3f66ed
- SSDEEP
  
  6144:Nu51x5V6IqM5i971oyNpPPC7HX3qemiV6PhkTrj1G60HRBlkZvaF4NTBfXZvWJ5:21nVPqui971oKA36biQNRoSWNTVpvWf
Score

1^/10
behavioral7 behavioral8
- Target
  
  trojan-leaks-main/Kirurg.exe
- Size
  
  10KB
- MD5
  
  50c55b0a2c48f5010b81153879bf58c5
- SHA1
  
  d1df6ee86302ce5fa4270acdb376493d5c60d67e
- SHA256
  
  7b90e3c35bd147455868f54df6951554bfbed2d5f4c0b185a8b1895b4e07538c
- SHA512
  
  f7d5b624b7ff2383d8f0f2fd6da9e921158ebac950e2288be64191e40d26631c27042ad7bfdf80a17fcae1996f01247b195d6d8faf6deb7bdbcbfa27d957f245
- SSDEEP
  
  192:gH4i/jQcfb2inwzjOh4cohVi07E5pz63JoZZub:gH4i7QcjxnCjDh407STub
Score

1^/10
behavioral10 behavioral9
- Target
  
  trojan-leaks-main/Kirurg_remsaterd.exe
- Size
  
  510KB
- MD5
  
  6dd7ecf13f87fa885fede29cd4d31127
- SHA1
  
  b9e133331ebccc6e97b90205de3801502637ce86
- SHA256
  
  50042ed8c6c60b2dd79a23bb6589f83cd6ac3971fba798e6d2a580d3fea8ebf2
- SHA512
  
  4cf4897f29b6e5048506ce30988052b7a600778a6648b9ab0eb2e5cc3f25521351cd70cbe5c5aac89a77c5b1af919f715cc163e400f38cadc25de9b8b77b23dc
- SSDEEP
  
  3072:nJvLB6pF8gO5sBWHYAraok57QbHk/CD+2UAYvU1Dzn+XwDaucnuvim695e/3lG:ncvAr5eQbH0w+pv6zn+XwDarnuvB/3
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral11 behavioral12
- Target
  
  trojan-leaks-main/LogonFuck.exe
- Size
  
  9.4MB
- MD5
  
  90a964fb43881a2f0a5f0051ac74fc3a
- SHA1
  
  7343f1f31347f263c505af1cbff1dab6b60b08bb
- SHA256
  
  d50704ad9301dc6a077940bb5d76645850fa6689f45bfceb219e019c313b345e
- SHA512
  
  2f6c32f371fcde66359b6b75285d17d521b95570fab881beebd2709f50ac9ec77129041d020934a45848880d79fc3dac441a404afdea116d9ec1b65713320df1
- SSDEEP
  
  196608:igxp6Kt8RxG2lMKeCA0AtnpV90HwvV1llI+5Y4bXyUNbARdbvSyT4/Lb4N5O8YsW:0RxG2l2CArzLvV15YCCaARZvv4/LbYOP
Score

1^/10
behavioral13 behavioral14
- Target
  
  trojan-leaks-main/Mythlas.exe
- Size
  
  125KB
- MD5
  
  1bccdb1cbbdb299f4053dbab4236dadc
- SHA1
  
  baf7c15c30c705fe99c4b5cbada6a46cd92cec22
- SHA256
  
  e65c793a31137ae75a6f30ae2933bd7cae74fcd4330b6c8770c14466bc3a878f
- SHA512
  
  c32b746081cf17dd1e29bf132350f753cd10636d37caddd3d3b8714675710c67420d08ff27e3d0f7aa71f0977316f62261cc5ca40badbb5d2bf76ee3972bcc3f
- SSDEEP
  
  3072:b8b9IcgZfL0eMOIWBL5NVBFyQwaBXrn2wsxTOr2UlvjqZGx/1KFXd:gWtBPVBxwaBb2+x1oXd
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral15 behavioral16
- Target
  
  trojan-leaks-main/Phsyletric.exe
- Size
  
  97KB
- MD5
  
  4db23cf50f64a83759db9df6ad222d65
- SHA1
  
  8ed2c2d8c8c0e5b953559adf6e8765f505cccdd2
- SHA256
  
  465f8bf12fe8fc53c9ef45e498b5f9d95b783c61096147bbc09182f6d19dd129
- SHA512
  
  615735ab5bbd78c1e72dc2c6b7066d0fe66894d29844e1557bf08af319c5c38c883ac8c5ecc248637d8d91b83aad731be5476a4826b5101a02810f27b2d89644
- SSDEEP
  
  3072:MbDwt25lOqFieKe/xzJdekGFq8YbFwIf6Psq1:MbDAEIq396Psq1
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral17 behavioral18
- Target
  
  trojan-leaks-main/Potassium.exe
- Size
  
  109KB
- MD5
  
  86d3f3f29362283921a9277bdfb73648
- SHA1
  
  55ab05f3a2251d9071c8d97c9a995b6799a85cb1
- SHA256
  
  b264d303e833f180f46a5b5f04c8a4ebd41db3e5aadb2e1e0058f2c2bf7b5a5c
- SHA512
  
  27b34ba3ce6e97b9940cb1ad76373815cc7867b474c1129e5a600965337a71a7785d3316304032816f367a6b91fa67f02c4b36f1e6ec72efd81716a87b69d93e
- SSDEEP
  
  3072:+/n7O+sxVkBqEx1KRgugPWsBs63n9fSrlex:+/n7VW+cE5ugPWKSrlex
Score

1^/10
behavioral19 behavioral20
- Target
  
  trojan-leaks-main/Protactinium.exe
- Size
  
  43KB
- MD5
  
  f6aa0dd947ff84db2c0e991aab776dcc
- SHA1
  
  73d377c8d4b7d04ac9fd6c47d74491d76ca6cf6e
- SHA256
  
  2ab5f10366ebad9e4af9369730495a6bd48ad278e78f880a54d583024491786d
- SHA512
  
  3d81ae0131c6fc531d0592259d5cf7296aa61487de785e5b534a696867ae9ef8abae19aa1b938a62db6492af38829dfdbeb7da0d69ba2253b26cb8dd41d8bc83
- SSDEEP
  
  384:1bGThpZmtWqjV0rABs4q56hDLApNEKYZWVOggl6k4+jQukJs0yjW:1bSutWvkBsXqApNTuB/7jeRH
Score

8^/10

bootkit evasion persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral21 behavioral22
- Target
  
  trojan-leaks-main/QSO J1228+3128.bat
- Size
  
  129KB
- MD5
  
  b9b35fbe7121c90f368b13e97bf574a7
- SHA1
  
  46c6fb9f06fffa4de1aacb73d4a3436664f79a8a
- SHA256
  
  cae015c5705155cc6e2f49263aacef3bc8e4bfd9c2f29886a077471cd5dac447
- SHA512
  
  79dcab087efb28845eae2124b559fb5d8188b9d86ae2bf2ac26bcc9a3d4b41acd656e061465900b86cddd0efff35fd987e562ddac5f266fcc2c67ee76a37a9e9
- SSDEEP
  
  3072:esyMBvZXdYcpRXphFVhyelsqYTsjLXQ83N83qxho7Y:ewRXqcjDFLyPZT83N83Wik
Score

8^/10

bootkit persistence
- Drops file in Drivers directory
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral23 behavioral24
- Target
  
  trojan-leaks-main/QSO J1228+3128.exe
- Size
  
  206KB
- MD5
  
  d5f741b0bb991604d5331de863d49d8b
- SHA1
  
  1c73d032211696e954259b48c3e83029d7852846
- SHA256
  
  adac36e4faab7c953354b50391774c9b01379cb4445de52f074464c58d751d1d
- SHA512
  
  a84b1acec34996a5047ff082985510cecf1d381b216e3b02dca2113b16500d417c6f89833ad93a3b1ba96b23cbcc8af5cd5d065fe6235d5273c1c8412538fa30
- SSDEEP
  
  3072:CKEiM0DPxUKQf5kv+Tx5DQdqRd+vKWbb1boDu8:WifPxDzvRdMdoh1D8
Score

8^/10

bootkit persistence
- Drops file in Drivers directory
- Sets file execution options in registry
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral25 behavioral26
- Target
  
  trojan-leaks-main/Rebcoana.exe
- Size
  
  1.2MB
- MD5
  
  edfad6bc3bc4d075a440b49baf575f56
- SHA1
  
  2d4c069a8549863ac4f9f18601e4e62170309b10
- SHA256
  
  db9091ba1e3f755972a5ca4bc0b3e76b77c3fd79a398313d5511b1bedffd46f6
- SHA512
  
  c4246c4a0117139c90a3b599959875aef9fde1035d0bb83298038b31cb2b7236c09484845f47cae670cf5d7b5548bdd7f6425741a025dfc7c3b59a9260c0093c
- SSDEEP
  
  24576:aNPqVZyrXMgZ+W7k/MP5u1QX8y8sJWlLIo0yyj01YA/L:p8XMhMk/MP5JX8ZYG3fa01YG
Score

5^/10
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral27 behavioral28
- Target
  
  trojan-leaks-main/Ruthenium/Ruthenium.exe
- Size
  
  36KB
- MD5
  
  a1f174ce74dbe0e84e2c2964b29de0fd
- SHA1
  
  d4dd4b86ec50b2ea2519f5472642d30301e20aa3
- SHA256
  
  5066c3a750eb6f07addf5cee1e6b00894c52e1c4fbf1702befcd5ac9bf1d83f3
- SHA512
  
  41edeab57b55b74a22ac46814f985a78704b35c14d330d5264765ce9a22d19762659a47cfce13fcef28f322ed0a018976585dd65270690422b64b4860a2ecd31
- SSDEEP
  
  384:x6j2tyffbHj9X8EY5Z3absnexUDoRGAGYk2zWfAozcQcgJgyBkAg+jdGb90kGj:SDD9hYbqbhFZkeWoecuiATjXp
Score

8^/10

bootkit evasion persistence
- Disables Task Manager via registry modification
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral29 behavioral30
- Target
  
  trojan-leaks-main/Suffocate-safety.exe
- Size
  
  592KB
- MD5
  
  a66a634984d867b4e7c6c94d3c3b5a5e
- SHA1
  
  aae20c9ea86f09cf2a38494af54bc42f93a05d8b
- SHA256
  
  1a0bc18ff66a0fcb2aaed91ca23b5cffff0c3ef45e5b9a30b0ccb3ad60b64c2d
- SHA512
  
  ec9a8c706a9488870ec39366bea3ca538628579896c0fbb7d532bc6c4d197354c44822dc3f5e910dbe6ec13b581312dd30aa360a0b61d6934865789687591244
- SSDEEP
  
  6144:rDkQaeZDEqsErE0jAC1drT1/B4y3VCHMHW98MNz7tLpu3Jdl18uUkUT5oOY2di:rIje5h1dH1/Gy3YHM29zEPtQmONw
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Change Default File Association

T1042

Registry Run Keys / Startup Folder

T1060

Winlogon Helper DLL

T1004

Privilege Escalation

Bypass User Account Control

T1088

Defense Evasion

Bypass User Account Control

T1088

Disabling Security Tools

T1089

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Modifies WinLogon for persistence

UAC bypass

Disables RegEdit via registry modification

Disables Task Manager via registry modification

Possible privilege escalation attempt

Checks computer location settings

Executes dropped EXE

Modifies file permissions

Modifies system executable filetype association

Drops file in System32 directory

Checks computer location settings

Executes dropped EXE

Writes to the Master Boot Record (MBR)

Writes to the Master Boot Record (MBR)

Disables RegEdit via registry modification

Disables Task Manager via registry modification

Writes to the Master Boot Record (MBR)

Drops file in Drivers directory

Sets file execution options in registry

Executes dropped EXE

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

Drops file in Drivers directory

Sets file execution options in registry

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

AutoIT Executable

Disables Task Manager via registry modification

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32