eadaf26df948f0fd541f297e2f0bad435aa4bee5c97e4324ad767dacca77e29d

Target

trojan-leaks-main.zip
Size

501.8MB
Sample

230509-xxql4sff7t
MD5

5989c04ee5327d6e7185985f4a7fb933
SHA1

51826110b35fc7b0984eae57c8e143900b29a38f
SHA256

eadaf26df948f0fd541f297e2f0bad435aa4bee5c97e4324ad767dacca77e29d
SHA512

089b2cf3836852d52a8b1da951702d2e2101eee915ddfa72bd967123d1a52d98baae6c0f68f2fd24fb4f1a111b8bfcf6cc57421e76a11f5554a80d372e77587e
SSDEEP

12582912:4vZS6yP56fA74t343nX8dn++/RNk8nnqKIEX1b62gOZsX:qZS6yDcJ43sd++//k8nnqKI214

Score

10^/10

Malware Config

Targets

- Target
  
  trojan-leaks-main/gif.7z
- Size
  
  16.1MB
- MD5
  
  2a3740dd732e5d92554571ab007edd51
- SHA1
  
  334b5a49f1f428688aa3660c4c86465412ec1a10
- SHA256
  
  33ae704c2fe1e4f0e0457e200da15b9ccbb14d7651c92dd32dbfd434ecca26e2
- SHA512
  
  f64d5128c33b39fcb054b4165c867f3c2ec8aa9052618a1e49b0fda27f80dc0368a6d655152218f8d3c86d601435bc7f2753087b7ca76fc964009f5f581e396a
- SSDEEP
  
  393216:3jSKhdo9F6lgdAHq1iBk43RUvbuUs9XEIhtwtcRF8gAnvX:TbTsaq1ck48buVXEIhtTKvX
Score

3^/10
behavioral1 behavioral2 behavioral3
- Target
  
  trojan-leaks-main/gif_GDIOnly.7z
- Size
  
  16.1MB
- MD5
  
  696b9a21516ed78106e262eeb29086cf
- SHA1
  
  cadbc4586697502f8cd9dee0f18b0c081f9063a9
- SHA256
  
  b9eaf06d6215682ca0cedf09193fedb54fd9112a0b8f4768e26c3eeb17e15b34
- SHA512
  
  af6201daf5e2b6046eeaaccf806e27c30cdcf9bc5d7b53e921635072e402c1214b8a542e5a1151df092c46c26e23b474a2434dd81e892171076e984d4e99f987
- SSDEEP
  
  393216:gZvl56w0jBSdkwRk3YtH+Wn6dC3eo88qQxwS2ecb49pQuti:gZCw0oG73YtH+k3z3xv23F
Score

3^/10
behavioral4 behavioral5 behavioral6
- Target
  
  trojan-leaks-main/hi2.0 source.rar
- Size
  
  140KB
- MD5
  
  0a805347184e8c5cff43fa497a22d968
- SHA1
  
  e53d6a56f58527d0b4e0a7d280217180c4bcc26f
- SHA256
  
  babeb3b0413027b516a0a07bcb17fc97ae7095183dc6d2f6c5e54fb6137de947
- SHA512
  
  4dd8fb00ea6fd79bf44e07a37aaa6a307ca6ff2516f6ffb3396c6a9c5fc81d4af70de4e55c7c31b5afa9207f2c5628b12a8a08ec6b4690ebe0b3488971b97440
- SSDEEP
  
  3072:RuG/txBjmtNH5WPrA0mZ9JhLfqMGWKIzHuxBvkHAG7D/I/SQm:RNjBj6aPUfpVqMzgpkgGXIi
Score

3^/10
behavioral7 behavioral8 behavioral9
- Target
  
  trojan-leaks-main/missing_pack.zip
- Size
  
  2.8MB
- MD5
  
  3d8503c62b30eb66f23db495125e560b
- SHA1
  
  187c2d0d1bf1a52dbddb8b42b0c8332bc10deecd
- SHA256
  
  b70804fe8e48ba9b6b41b4ced128a3b31e7c3ef8e954a9486cc9bfae73254de7
- SHA512
  
  756f34cd0307412d62837b30f9b1a03a38fe2c19fdd6aee929c88756fa27f32aa13aca53334cd54b84c666789fd5be8bcd2026a6aa4780c125f14937ca9dd0dd
- SSDEEP
  
  49152:tHvLEOnvjXc6pbgFBSb55vlwgGisSDTeqMJixJ/U1ZA2caREIQCOaPERoQrxJU1D:tHBrnSTO5vqgGiswwwoa2ceJQ/aPCrxy
Score

1^/10
behavioral10 behavioral11 behavioral12
- Target
  
  trojan-leaks-main/mrsmajor.exe
- Size
  
  361KB
- MD5
  
  83c5204bacb49b83afecea31beaf1f63
- SHA1
  
  b284a3c19ea6586be416eabdc3e9f6254a45b01c
- SHA256
  
  3aed3315e667eddd7fedb3aa2c65af9c56f9b360d4bc1f5381ed2b0fec28ad7b
- SHA512
  
  0ab6bc57cfab18d1028ed2bab44ca3b28526360228975b509d616ce9c72db677eaf8ed7af33dc120dc94e52280538b017c74cd4b8f72c6d08c495824f0c0dcb1
- SSDEEP
  
  6144:S/fAhvV6B8ErzPZp5wdz753RSvX+tgAUHATUDAvjX7QInd:SfAv6B8azBwdeX+tg3HATYAvb7/nd
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral13 behavioral14 behavioral15
- Target
  
  trojan-leaks-main/neptunium.exe
- Size
  
  1.3MB
- MD5
  
  94259b5ad79024a5b6f5388f18ec061f
- SHA1
  
  975251f1d30d9e0c41a88ff58eaa98283d0b2c01
- SHA256
  
  100b97224063dbaea25b4d53672b7e3fc81443aeef10151c47096ffb3c849334
- SHA512
  
  1b66ddb7fecf930680557ca2e036902b6ac60754fb5fecf5283ad66c45dadfe0a1f1a876ca4a8ced007008c03df0b1720011bf5be692c5cd8db2ce8f3c63ee82
- SSDEEP
  
  24576:ImaUgySjNqBEmg4KDPowWMCRd53M9MNMVBvtEMFlMoYMMMsMMMLUMgMMMMM3wMMN:2qqmg4kPowWMCRd53M9MNMVBvtEMFlMl
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral16 behavioral17 behavioral18
- Target
  
  trojan-leaks-main/pid8 (pass 123).rar
- Size
  
  11.1MB
- MD5
  
  80eea0f472708400da8260c915e20ba9
- SHA1
  
  51177d46e21b2f699bf13ffaeb690a048df72058
- SHA256
  
  667af183eff260fb7e82af0f033df6430c5b2d37e006b241630f69fc476e6fdc
- SHA512
  
  03efb0ce8c6d313eb7a3f45289b834567905b3d56af40f1f8130a6710380851a9ec883ef72b694d90d45e64de81bcfe0e3f7c10a3a17d072186c58c66d81e29b
- SSDEEP
  
  196608:fYrC+dzLeLLjzImSROlyEZn9GPmEfYGz+Mdh7R9N0UTkkzebcRxG5:fYrC+dz+jzIrOv9GPmE/KU7RYXJbcK5
Score

3^/10
behavioral19 behavioral20 behavioral21
- Target
  
  trojan-leaks-main/skidded/FosMeg.exe
- Size
  
  6.3MB
- MD5
  
  bbf4cdbeb5ca5502e83fb0f33b369039
- SHA1
  
  aac536a851b7a778a926a18bd48f7ed49aade999
- SHA256
  
  a4a74682c9e1da8f74cf55ba6d6182f8df6e0bc6e8779e326a8b430b7b5072f1
- SHA512
  
  054a99338018241620fab8dda716c57b923f1df76a41910495c6293735616fd3fa000958f5148d4016a4b948ca9105be75c48ce7da6d4762c4312563adb477a6
- SSDEEP
  
  98304:1nHLaZYRHMqoms1k7sygTN/A55IblUjUM2HaEXwrNqcCmgSJetrVTETuDFofo:1HOcFts1YMTN+yM3glJmgOTzA
Score

3^/10
behavioral22 behavioral23 behavioral24
- Target
  
  trojan-leaks-main/skidded/Moscovium.zip
- Size
  
  305KB
- MD5
  
  26258d50bd6fd56488bf7a69f5e7e2e4
- SHA1
  
  60ce4f9e88327195efcae090aa6b3f7b959a6190
- SHA256
  
  6ff64093b8f0cd450d9985af37970191933b6338954d13dfc6b635c0b6c4b348
- SHA512
  
  bf27e566f0dec645cc92ab8f2ca5b6bc413e81461701f53475d72cc473cb6a0c58fc10ee7bf601bee493df58779420148b174a432734d27cd471cffb944ca13f
- SSDEEP
  
  6144:IcZ1Ikp2n2yZLhNcymbiCTEmrnB5AEfMS2jSY5nGaMZTUbsdPiEhKa/XN1/T+t2u:5gN2GVNcy0LYmrngEfugarb9EhKYXN1S
Score

1^/10
behavioral25 behavioral26 behavioral27
- Target
  
  trojan-leaks-main/skidded/Murderer.exe
- Size
  
  21.9MB
- MD5
  
  8a27182879ba66cf5d07940b16bbb5a0
- SHA1
  
  0242ca81d92cd4ece24bc0f558a269f0baeaa8e2
- SHA256
  
  887889b8c147adec683a3d5dfa36bae2693b438b27b9b623aea7f16522174e3b
- SHA512
  
  7d68b338f20610b20e4f72104ae0d5b1abdc82821c606e03e8b2ae307b13ed010acef8eeba4cb1b5eda61ad324b4ff28a84870cc6901bc328ee519e4646432fe
- SSDEEP
  
  393216:WMT+rfHZlgMMH2RhoAZbBQbCVC9woa4KVbh6wHW8ALe4Lfj16ouWcXD:WZZaMi2R7BQbCVC9wioswHW8AvLZ6ouf
Score

3^/10
behavioral28 behavioral29 behavioral30

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Change Default File Association

T1042

Winlogon Helper DLL

T1004

Privilege Escalation

Bypass User Account Control

T1088

Defense Evasion

Bypass User Account Control

T1088

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Modifies WinLogon for persistence

UAC bypass

Disables RegEdit via registry modification

Disables Task Manager via registry modification

Executes dropped EXE

Loads dropped DLL

Modifies system executable filetype association

Enumerates connected drives

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30