eadaf26df948f0fd541f297e2f0bad435aa4bee5c97e4324ad767dacca77e29d | Triage

Resubmissions

09-05-2023 19:22

230509-x3fn4adg58 10

09-05-2023 19:14

230509-xxsrgaff7x 10

09-05-2023 19:14

230509-xxr5yadg42 7

09-05-2023 19:14

230509-xxrt6sff7w 8

09-05-2023 19:14

230509-xxrjeaff7v 8

09-05-2023 19:14

230509-xxqxwadg39 7

09-05-2023 19:14

230509-xxql4sff7t 10

09-05-2023 19:14

230509-xxqbcadg38 7

09-05-2023 19:10

230509-xvl6xadf64 10

Sharing

General

Target

trojan-leaks-main.zip
Size

501.8MB
Sample

230509-xxr5yadg42
MD5

5989c04ee5327d6e7185985f4a7fb933
SHA1

51826110b35fc7b0984eae57c8e143900b29a38f
SHA256

eadaf26df948f0fd541f297e2f0bad435aa4bee5c97e4324ad767dacca77e29d
SHA512

089b2cf3836852d52a8b1da951702d2e2101eee915ddfa72bd967123d1a52d98baae6c0f68f2fd24fb4f1a111b8bfcf6cc57421e76a11f5554a80d372e77587e
SSDEEP

12582912:4vZS6yP56fA74t343nX8dn++/RNk8nnqKIEX1b62gOZsX:qZS6yDcJ43sd++//k8nnqKI214

Score

7^/10

agilenet bootkit persistence upx

Malware Config

Targets

- Target
  
  trojan-leaks-main/InfiniteBlue.exe
- Size
  
  1.8MB
- MD5
  
  70b9c08114c970f97ba983227e0f08b4
- SHA1
  
  0c3c846828734aed1d74ea47253feef6f81940ac
- SHA256
  
  a38f8a7e057e205d3961095a025f5014c0da0567495f2ca5a15f26d89c481026
- SHA512
  
  dc223e4cbfe89a8d92b2042b1c8a0403b26adc7383317cbadc56602d1e9c02a4a80450ec5aa243fdb8ef3a0882a20af48c3ebb7165ca58dfe34c62691c36f5eb
- SSDEEP
  
  49152:RqrObhdGZu/xJrtcaXxfjDSVQEWnu3+w3JJn+:oExvFXpCQG3+OXn+
Score

1^/10
behavioral1 behavioral2 behavioral3
- Target
  
  trojan-leaks-main/Kirurg v2.exe
- Size
  
  453KB
- MD5
  
  293cd68ae4f5d9074dbf11a8e8534236
- SHA1
  
  e0a7ed5aa8f18ec2f29b8634dfaeb3568f96abff
- SHA256
  
  734e3a658ccdf3a5e9901f3424a113f437c9cf52506264ab08374c2243ea2dbb
- SHA512
  
  05713d51377136b76263f1c6b760c2af22fc7bc56b22ce26cec30428a332acec0d858bae3ff7024ea7200a20ea2f39000306dd2f405fe74d2ffb67739d3f66ed
- SSDEEP
  
  6144:Nu51x5V6IqM5i971oyNpPPC7HX3qemiV6PhkTrj1G60HRBlkZvaF4NTBfXZvWJ5:21nVPqui971oKA36biQNRoSWNTVpvWf
Score

1^/10
behavioral4 behavioral5 behavioral6
- Target
  
  trojan-leaks-main/Kirurg.exe
- Size
  
  10KB
- MD5
  
  50c55b0a2c48f5010b81153879bf58c5
- SHA1
  
  d1df6ee86302ce5fa4270acdb376493d5c60d67e
- SHA256
  
  7b90e3c35bd147455868f54df6951554bfbed2d5f4c0b185a8b1895b4e07538c
- SHA512
  
  f7d5b624b7ff2383d8f0f2fd6da9e921158ebac950e2288be64191e40d26631c27042ad7bfdf80a17fcae1996f01247b195d6d8faf6deb7bdbcbfa27d957f245
- SSDEEP
  
  192:gH4i/jQcfb2inwzjOh4cohVi07E5pz63JoZZub:gH4i7QcjxnCjDh407STub
Score

1^/10
behavioral7 behavioral8 behavioral9
- Target
  
  trojan-leaks-main/Kirurg_remsaterd.exe
- Size
  
  510KB
- MD5
  
  6dd7ecf13f87fa885fede29cd4d31127
- SHA1
  
  b9e133331ebccc6e97b90205de3801502637ce86
- SHA256
  
  50042ed8c6c60b2dd79a23bb6589f83cd6ac3971fba798e6d2a580d3fea8ebf2
- SHA512
  
  4cf4897f29b6e5048506ce30988052b7a600778a6648b9ab0eb2e5cc3f25521351cd70cbe5c5aac89a77c5b1af919f715cc163e400f38cadc25de9b8b77b23dc
- SSDEEP
  
  3072:nJvLB6pF8gO5sBWHYAraok57QbHk/CD+2UAYvU1Dzn+XwDaucnuvim695e/3lG:ncvAr5eQbH0w+pv6zn+XwDarnuvB/3
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral10 behavioral11 behavioral12
- Target
  
  trojan-leaks-main/LogonFuck.exe
- Size
  
  9.4MB
- MD5
  
  90a964fb43881a2f0a5f0051ac74fc3a
- SHA1
  
  7343f1f31347f263c505af1cbff1dab6b60b08bb
- SHA256
  
  d50704ad9301dc6a077940bb5d76645850fa6689f45bfceb219e019c313b345e
- SHA512
  
  2f6c32f371fcde66359b6b75285d17d521b95570fab881beebd2709f50ac9ec77129041d020934a45848880d79fc3dac441a404afdea116d9ec1b65713320df1
- SSDEEP
  
  196608:igxp6Kt8RxG2lMKeCA0AtnpV90HwvV1llI+5Y4bXyUNbARdbvSyT4/Lb4N5O8YsW:0RxG2l2CArzLvV15YCCaARZvv4/LbYOP
Score

1^/10
behavioral13 behavioral14 behavioral15
- Target
  
  trojan-leaks-main/Losinium.zip
- Size
  
  47KB
- MD5
  
  af26cbcd1f8d53417fb0fb5163a180f2
- SHA1
  
  b808b123acd40d5bdbd59525168cbd9572cc0975
- SHA256
  
  d92adb6b4df3437c6004ef894c282c9e30fe3f08b9851a62b345c67c750db114
- SHA512
  
  2f3c17e963a5449fc27bc4b2e4ae73cc0ba92548ebecb96cfe5a534d278e85bd5037c26d714bc1d109667c07b9edcea24f2b8a0be35d13db889d6aaa7147ef3c
- SSDEEP
  
  768:OXpNtLVtRHP65vJ1pabRCv/BbpeSGg0fhVYjgDK+5FTCSvaRnnhDcFRaEzNhAB:OVRP6HSbRCXB1qhfhajgDK+5FT1AcL8
Score

1^/10
behavioral16 behavioral17 behavioral18
- Target
  
  trojan-leaks-main/MFTW7.rar
- Size
  
  645KB
- MD5
  
  acd58ff2ff97c9a07a1dbfce43bc6337
- SHA1
  
  97ab1f4515abbd3bb33d5cb9d63ddc4d28ad4340
- SHA256
  
  ab53c50ea32a0e5629c0356c3af29ab1a8c7747420f3651f933680faf7b118e5
- SHA512
  
  9d18d1cac7c9bae067d6aff98a367232487c29e3527478161325e3e8fbfb132ee389e965ce7c89a84d85f6a14f52b75a29dba0287ed4aa16e7ceef8146c43c0a
- SSDEEP
  
  12288:22cT+bsBAWSc51NOcuacDqzpuA1PcQvR2cEanWL8r8vaXsr5/jeWd:GUsBAEpOZacYpNkQ1EL4r8aI/L
Score

3^/10
behavioral19 behavioral20 behavioral21
- Target
  
  trojan-leaks-main/MLG Antivirus.z01
- Size
  
  24.0MB
- MD5
  
  e9471986fe2646b2a6ba4726df234006
- SHA1
  
  cda1535f9242a5687a7348ac0a6258e44b4e1113
- SHA256
  
  b8f71926a8b3937d21ce20d8128ef8aed32804f0d0ab574f5cb62b5651b6950c
- SHA512
  
  91b1579a5659f3ac23798bfe03c5b39183d00c67561198f9c7a2f0103e589a23e3142a9b3b26ed010e26f38c047d632be239f9c125513225931afa4534deedd0
- SSDEEP
  
  393216:s+83OK/T/k3Pr5l3Ty2qnaUaCD63NbZrvezSRPrVF/5WUHnnyeTgdVjX1E04ML+T:6N/o3T5Wa3j3cqzvMUH7gT4MaWu1
Score

3^/10
behavioral22 behavioral23 behavioral24
- Target
  
  trojan-leaks-main/MLG Antivirus.zip
- Size
  
  19.2MB
- MD5
  
  e9784eabc542263d389d7f6a9e2f6766
- SHA1
  
  5aaeb8d83115d14dfba2ff892c8c773d575b2571
- SHA256
  
  ada3e76d07e5ba673e841b80aa7da569a213501d707514ae4125a981f74285d8
- SHA512
  
  ee9c0778d8c539d7459b53c90e05541d37c0d268117f88af8348f8aeea4673af422c23aca6d22375e3476a745e87eb8f6b31d7f59ef28062e60f8f52a60226d2
- SSDEEP
  
  393216:L9jEV5xDn8Ulo5L1ymCkZUMWKTly226Z0QC59QcIm/XsZrS6xZGXZUq:hjEHJG1ym7yE/26+QC59QCsZrrY9
Score

1^/10
behavioral25 behavioral26 behavioral27
- Target
  
  trojan-leaks-main/Mythlas.exe
- Size
  
  125KB
- MD5
  
  1bccdb1cbbdb299f4053dbab4236dadc
- SHA1
  
  baf7c15c30c705fe99c4b5cbada6a46cd92cec22
- SHA256
  
  e65c793a31137ae75a6f30ae2933bd7cae74fcd4330b6c8770c14466bc3a878f
- SHA512
  
  c32b746081cf17dd1e29bf132350f753cd10636d37caddd3d3b8714675710c67420d08ff27e3d0f7aa71f0977316f62261cc5ca40badbb5d2bf76ee3972bcc3f
- SSDEEP
  
  3072:b8b9IcgZfL0eMOIWBL5NVBFyQwaBXrn2wsxTOr2UlvjqZGx/1KFXd:gWtBPVBxwaBb2+x1oXd
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral28 behavioral29 behavioral30

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

bootkitpersistence

behavioral29

bootkitpersistence

behavioral30

bootkitpersistence