eadaf26df948f0fd541f297e2f0bad435aa4bee5c97e4324ad767dacca77e29d

Target

trojan-leaks-main.zip
Size

501.8MB
Sample

230509-xxqbcadg38
MD5

5989c04ee5327d6e7185985f4a7fb933
SHA1

51826110b35fc7b0984eae57c8e143900b29a38f
SHA256

eadaf26df948f0fd541f297e2f0bad435aa4bee5c97e4324ad767dacca77e29d
SHA512

089b2cf3836852d52a8b1da951702d2e2101eee915ddfa72bd967123d1a52d98baae6c0f68f2fd24fb4f1a111b8bfcf6cc57421e76a11f5554a80d372e77587e
SSDEEP

12582912:4vZS6yP56fA74t343nX8dn++/RNk8nnqKIEX1b62gOZsX:qZS6yDcJ43sd++//k8nnqKI214

Score

7^/10

Malware Config

Targets

- Target
  
  trojan-leaks-main/skidded/Quakeganza.exe
- Size
  
  364KB
- MD5
  
  754a2aedcf67ea7a42033e1ec45240dd
- SHA1
  
  04c00d8a8aedfcae241f5dcf1b5a2226dbe869d8
- SHA256
  
  a6ddede60a43769cb19f4fb8de41160c769ae5a58d6e72de6126c3502ed9991e
- SHA512
  
  040d52c5b810e083f34aa15f3f97c498364856842b105878c4b83d324150501354f0137fdc5a0e7322dd1e691aaad270dd19ff793e8d58e2185f3ed9dbbdfb5a
- SSDEEP
  
  3072:8GWCGPVHzzgd2HPVVf9AebuLFfK9s7IYNgDd9gGKI+LNTzxVMoyeZwoJtd1dOXxk:8frak9gorY6c8+xTzxVMoyeZDSbj0
Score

7^/10

bootkit persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2 behavioral3
- Target
  
  trojan-leaks-main/skidded/Unis.exe
- Size
  
  892KB
- MD5
  
  e72088233e9d7d1d9826a35604c49fd7
- SHA1
  
  fa8a5990e2e1b7fb8e23af3ae54be58fce2125c2
- SHA256
  
  d2e3b68594ba8a21eb03056554dcc6ed43030e6e2969caef6f205fe86390339c
- SHA512
  
  3fdf6da405782b8ab3105ae088b85f0616df27fb58042bc9e4adc458017e345e8bb4199ccc1b4682f8471bc463c888ff658513bb25ed0f1cc6027c0606cf69b5
- SSDEEP
  
  12288:GoSWNTlKOtLP3gagtWFvD34Isq0hZsEZy35LDSbtn6tfJtvDyG4G99:GoS2TlhtKidsd+EZV6NJdUA9
Score

3^/10
behavioral4 behavioral5 behavioral6
- Target
  
  trojan-leaks-main/skidded/Xazdes.exe
- Size
  
  1.9MB
- MD5
  
  62358643a1b4ebc547abba5d7bedf15a
- SHA1
  
  3d19eca4e3ae433ddc818fff65c24ff282e74b14
- SHA256
  
  44df18ae2425cd7ad00193348b986d9941039d521a7107a6861dce49ed884810
- SHA512
  
  caf43aabcd262e88be4770b966a66576b5847e84b8331e8d24a099350cf01de5214cc6e25bc526ce90213a7ef505699e56ab242a829fafd6c7650332dc336748
- SSDEEP
  
  24576:1YVU1CK2yyVGTwAvmHmAcY5tjmCEO+Ec0xMkU8JsU3AoZd0MUkOW8F:OVU1CK2ZGTwA9AjZd0MUkOW8F
Score

1^/10
behavioral7 behavioral8 behavioral9
- Target
  
  trojan-leaks-main/skidded/readme
- Size
  
  24B
- MD5
  
  6f86bb31f3a321f8ef4770cadc95eab3
- SHA1
  
  6498a71e8129909ef2203479cfff8fa2e640ec60
- SHA256
  
  745ea27dd884ecc7d70848e755e64c9e7bdeb3cb838956ed531cf0b0645469d4
- SHA512
  
  052a8ce00fd67c18f337a51e7a06c1908680ad37fa07195671f061281de4832a6d719fc68c2ad82e35d978e4ce2e962a4395f567f3457b2377825bc7aaf1ca8d
Score

1^/10
behavioral10 behavioral11 behavioral12
- Target
  
  trojan-leaks-main/skidded/shacoc.exe
- Size
  
  1.3MB
- MD5
  
  e0684c5466beb135743abbf544aeddd2
- SHA1
  
  4b8ae540737549f7d439c3035529ac2723f91f6e
- SHA256
  
  a9435c9fd4e67c1a07e219b81ff58b9eea077707ae3592e86bb84ca30bcfe8f7
- SHA512
  
  db26b00d3765892cad0500c80f9a0ae2a8893f1742bd7b09365288a0734c0f52617cef8d1ec1edf3aea6c9e1bb0ad1238710722437da7326812a8354d7d59ad0
- SSDEEP
  
  24576:kORDCeZxD7UxDXHXIyeJIoFpjUBPj3luQ5O3h3sMtbe:k5e4xDnIZKFMtbe
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral13 behavioral14 behavioral15
- Target
  
  trojan-leaks-main/skidded/tin.zip
- Size
  
  305KB
- MD5
  
  6997547bbe1d1f50fa94f90766c37ab1
- SHA1
  
  7379d3aff9c3f1f6e9ba6369e85679fedc61adc9
- SHA256
  
  9e49f298d49c4f9ae11fc9a4fd2cccfeb128f63651fe5b413ce02ae43959d151
- SHA512
  
  26f8415077dbf56ddea8f44194608f948b279d726ed88a607164d7030cbb18f76e1208b7197b7e99d7c59044fed4ae0b49cb34ee0b47a5669aaf3e22547dacef
- SSDEEP
  
  6144:xHbeIHZTRCy28KfAWENBXT7ua3R8OgWIqbrY+4UQKnzHsno4:tCI5ljOAWENR7AWZbrv4UpzHsno4
Score

1^/10
behavioral16 behavioral17 behavioral18
- Target
  
  trojan-leaks-main/sphenoidale (pass 123).7z
- Size
  
  614KB
- MD5
  
  f68c5a67270e8d8db4e9bc8b588504a7
- SHA1
  
  3476e0eec7e82c2250035b552000a1af856e94b7
- SHA256
  
  0dc0eb457c05547d5b912a752b278f43742d49af99ae3df0e9446009776396b1
- SHA512
  
  6eb527320e931321efdf75277684fe62ea27e0d6b4a97e50941a2a7f00446a65178f0e8728ae1b8e52dfdf7f1b60f6911ac8ffc622b8ebe82a4ab61162dbfd14
- SSDEEP
  
  12288:zZBOoVqGOXy4LcCVY/BJefPw43Q393KsDx5nl+9+SZwB0Ts:zn9hOXy+VYSo43i9rp+LZI0Ts
Score

3^/10
behavioral19 behavioral20 behavioral21
- Target
  
  trojan-leaks-main/sphenoidale GDI.exe
- Size
  
  16KB
- MD5
  
  13099517fde1e9a212f9e0cc66f36344
- SHA1
  
  357d389f133b905b64e58e5e5dbfdd8cf4cec25f
- SHA256
  
  f6dfe4cd3f4e3ef1157263f0f460def18220c8375baa2eca8b5e23b016598dcf
- SHA512
  
  0c63ad950c65d5ea5529a2496e1767d1fb480255717aa770c791e6d1dca48611b1ffa7dfd53420622ee8fa1130d747096edfd9db843fc6a9c7ef6911f1cd9dc7
- SSDEEP
  
  192:W5xFyjMSMnXgPUofzt67SLrMS3hQPOCOMz8vKYAGzFLPvXhf5UCS7Rkw3r:W5vrSGqx3COM+DxPPhBUCSz3r
Score

1^/10
behavioral22 behavioral23 behavioral24
- Target
  
  trojan-leaks-main/ő (en).bat
- Size
  
  13.2MB
- MD5
  
  6d68a0c760fc1547a9d9cd3ac25769dc
- SHA1
  
  aebfda195faa08af0752c4310538ae044416030b
- SHA256
  
  4ec225b822f1fbb27944ff3cb2856ba214de405d2a7589abfa3bd080c1534ac4
- SHA512
  
  ae45a2334f83562902d5549eddcb3475fd02685ee60401f736ed7e4b0d5a83a1f7566224059d5b28dc4b7e6dae0a9cab23f5629a5839b53c1be6e13e2b474f1a
- SSDEEP
  
  393216:WRP9XCHT+X/A8chntmnTTxhuDoDpY2nbh9gwSI:8l6e4nnt6LuE1/dhSI
Score

7^/10

bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral25 behavioral26 behavioral27
- Target
  
  trojan-leaks-main/ő (en).exe
- Size
  
  13.1MB
- MD5
  
  f281ea2b30b51ff08b9387382b2f5379
- SHA1
  
  ad54aeaeac284fa45d39805b2e465ec5f3346111
- SHA256
  
  0293181b3f8736138daa1b762a1d30bafb1731056ef19fdafa5fa6768601ce6f
- SHA512
  
  d5708ee42e78148e48b02bd60cceb6f8472457cd8cffe4bd66f35ec9fa122bfe9146331f395c5b679ee0586d9ffd1efce3979412e82934234859d98893d6b018
- SSDEEP
  
  393216:DRP9XCHT+X/A8chntmnTTxhuDoDpY2nbh9gwSI:9l6e4nnt6LuE1/dhSI
Score

7^/10

bootkit persistence
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral28 behavioral29 behavioral30

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Bootkit

T1067

Registry Run Keys / Startup Folder

T1060

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Executes dropped EXE

Adds Run key to start application

Writes to the Master Boot Record (MBR)

Writes to the Master Boot Record (MBR)

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Writes to the Master Boot Record (MBR)

Executes dropped EXE

Loads dropped DLL

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30