eadaf26df948f0fd541f297e2f0bad435aa4bee5c97e4324ad767dacca77e29d | Triage

Resubmissions

09-05-2023 19:22

230509-x3fn4adg58 10

09-05-2023 19:14

230509-xxsrgaff7x 10

09-05-2023 19:14

230509-xxr5yadg42 7

09-05-2023 19:14

230509-xxrt6sff7w 8

09-05-2023 19:14

230509-xxrjeaff7v 8

09-05-2023 19:14

230509-xxqxwadg39 7

09-05-2023 19:14

230509-xxql4sff7t 10

09-05-2023 19:14

230509-xxqbcadg38 7

09-05-2023 19:10

230509-xvl6xadf64 10

Sharing

General

Target

trojan-leaks-main.zip
Size

501.8MB
Sample

230509-xxrjeaff7v
MD5

5989c04ee5327d6e7185985f4a7fb933
SHA1

51826110b35fc7b0984eae57c8e143900b29a38f
SHA256

eadaf26df948f0fd541f297e2f0bad435aa4bee5c97e4324ad767dacca77e29d
SHA512

089b2cf3836852d52a8b1da951702d2e2101eee915ddfa72bd967123d1a52d98baae6c0f68f2fd24fb4f1a111b8bfcf6cc57421e76a11f5554a80d372e77587e
SSDEEP

12582912:4vZS6yP56fA74t343nX8dn++/RNk8nnqKIEX1b62gOZsX:qZS6yDcJ43sd++//k8nnqKI214

Score

8^/10

agilenet bootkit evasion persistence upx

Malware Config

Targets

- Target
  
  trojan-leaks-main/Ruthenium/Ruthenium.exe
- Size
  
  36KB
- MD5
  
  a1f174ce74dbe0e84e2c2964b29de0fd
- SHA1
  
  d4dd4b86ec50b2ea2519f5472642d30301e20aa3
- SHA256
  
  5066c3a750eb6f07addf5cee1e6b00894c52e1c4fbf1702befcd5ac9bf1d83f3
- SHA512
  
  41edeab57b55b74a22ac46814f985a78704b35c14d330d5264765ce9a22d19762659a47cfce13fcef28f322ed0a018976585dd65270690422b64b4860a2ecd31
- SSDEEP
  
  384:x6j2tyffbHj9X8EY5Z3absnexUDoRGAGYk2zWfAozcQcgJgyBkAg+jdGb90kGj:SDD9hYbqbhFZkeWoecuiATjXp
Score

8^/10

bootkit evasion persistence
- Disables Task Manager via registry modification
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2 behavioral3
- Target
  
  trojan-leaks-main/Solaris 2.0.z01
- Size
  
  24.0MB
- MD5
  
  785e18d17f4e2134d93c51fe3d5ee6b1
- SHA1
  
  aa00b501547ce619b158d7ea6bdad104b3db00a4
- SHA256
  
  9579c6d8e98d60688af84034100c1fb1e242f5c1b7a3ab44544200d600b85154
- SHA512
  
  9c4f1b0d3f654fe72c461b0eb248866882ec45c1bcdb2cdd9851a1996246e528d475a2b9730cc893d2ccb2b1b1961864225e5dc4e6db20cbd828547d3a178eae
- SSDEEP
  
  393216:liBze+O0D+RHt7n2TUw46vYVk+FAAznp157iqvpQzE6zOYImu3sUs+md46GYJAcj:lU0++JvwnQ/FAALBiopQzE6qYI9Pm66f
Score

3^/10
behavioral4 behavioral5 behavioral6
- Target
  
  trojan-leaks-main/Solaris 2.0.z02
- Size
  
  24.0MB
- MD5
  
  fddd853a10553794dfe98ced1c6c70c0
- SHA1
  
  0bc2e8fb07d61ad6dde77c4f2f824ac780e3b599
- SHA256
  
  e73bf0a50b65481e797bd551b2a9266bbf131c7d0e6a62d6c6dff3c929a3925b
- SHA512
  
  02c355609adefcd2afcf0e5ceee9e89658b1939d8f3de896c8366af9b4e43a13300269ca569eea727584c68aae88573023163eb24e95a9d9dc7e59bf2f5b0128
- SSDEEP
  
  393216:JY5k3DCsjBdBRBosyg1/XVV1z/DgwvWXW+SCmBZmqQe27coscMslu5TjPpXLj5mc:JYiZB5h/31z/xRbbBaj7wcMslu5Tzd5X
Score

3^/10
behavioral7 behavioral8 behavioral9
- Target
  
  trojan-leaks-main/Solaris 2.0.zip
- Size
  
  14.5MB
- MD5
  
  70689946db6aed0958f37ba2f17d8271
- SHA1
  
  620748231b1da670182d7a45660438390a2a7ef3
- SHA256
  
  2f42fc40a52387c55807f6b8317ae35b3cf8c1120f97554a6cf4b1201df0845e
- SHA512
  
  e866f509a8a268729e7514ff6cab303aae665996c35049b7397cb61c9b56c9c3dbfa50d134645e7875e7a5d783c6398edcb145f148f2c9fc252c4616d932555f
- SSDEEP
  
  393216:A0rTM0s4Ng/UC0pg7A/Vu6Y9G7Eu7AG5Nr:A0rTHsUG2jOMF7b5Nr
Score

1^/10
behavioral10 behavioral11 behavioral12
- Target
  
  trojan-leaks-main/Solaris2.0.z01
- Size
  
  24.0MB
- MD5
  
  801ccf0e8b77903cafa7d58365ee4cdc
- SHA1
  
  bb96046a0ee6671723b2153ce3dac51ecc7b4a57
- SHA256
  
  0f4ef30dd82c8ca2782924c1c57791aa6a496283f28066ffd5c19515b6bd699a
- SHA512
  
  55c3dea4ee1e0ee519b049a0250d404eda6dbbce237a2dbea4ec053e002d02857806eff83c624843d17edff2577b435f3051ec7f16521e63ac3e85ff4fd13cbe
- SSDEEP
  
  393216:21vdv9CB0VgIYO2u+TfFFcJWa1rKsZWuVtpRriqVejWsiqVsgZj553rihulzBswk:wFtg9Pu+TfF4Kd6bBv07ZjT7iQdB1r8T
Score

3^/10
behavioral13 behavioral14 behavioral15
- Target
  
  trojan-leaks-main/Solaris2.0.z02
- Size
  
  24.0MB
- MD5
  
  00e96b38de12d7358f4eb987ee53a027
- SHA1
  
  19db7ae7bd4756dc32f923879c900f6aa3bfb3ad
- SHA256
  
  79b8cec7cf9f9bc9866a14654ab933166612f13252655201af4b362fe877c7fc
- SHA512
  
  e43ed7982e50c9831f1d09e7f4bca4811f350fe14fc6b14c25f7fc6642738cfbab7a35e7b8cbfbe7668ab6c9de27b7b77aac60468936e3efd63cb24a05a0306a
- SSDEEP
  
  393216:xLpb/0E1oJE+chwL0SPubBOJTnmQaNylXhQQQ7E4CtmQJIKuWqWlou2g1u5XGYxO:x9b/1aJE+chwISGVOJTnLa0hQQicD/t5
Score

3^/10
behavioral16 behavioral17 behavioral18
- Target
  
  trojan-leaks-main/Solaris2.0.z03
- Size
  
  24.0MB
- MD5
  
  d19e1a3fa33eb99b88bdef433a482b7a
- SHA1
  
  d7aa9326acb930a7336d8f5273365f090fcf8d91
- SHA256
  
  7b4db109a1a9abed35b3cead4e8d970f014ad717c4c71d55d661cb737f9aac46
- SHA512
  
  9622150d42d4316afe1e2cdfb0443f284dc41e509e8e67bac09c8f5ec578cfbe2dc77cd6691d9e0fddaf5e3ade165b8739d40f1dff8963bf39c1668d8a20e2f0
- SSDEEP
  
  393216:9KvT+RPeq+eaI3tVYB+JyqrCm5thSPyRwfbEZyazrdfkwvwElAqSCqN4VG9dCITO:9KvTQUea4PBJywCm5D/RwTEZyHPqSpdk
Score

3^/10
behavioral19 behavioral20 behavioral21
- Target
  
  trojan-leaks-main/Solaris2.0.zip
- Size
  
  6.1MB
- MD5
  
  6b7d77d028d5b31dc426d1727a51e14b
- SHA1
  
  0a7280c8b5f3adefa25742eeb7be988d10d664ee
- SHA256
  
  cd0b689a82cbd70d02c42c5628879ca5239535cd1659f7d4c6f7e49f52ab2dce
- SHA512
  
  c8c6de28772b6b08b11e9f7444482c9a702c8f057180c47758b0d66306dbb47775310f4a828160574d853c94713824bc0cc7b8d614cb76092a33ea14411fc51d
- SSDEEP
  
  196608:L9VCmm3wfTCeEnJQgXMCJJ8KIJyvl2GJiG4IalGvdpx:L9VMgfTCdnXMYJ8KIOl2C4zlGt
Score

1^/10
behavioral22 behavioral23 behavioral24
- Target
  
  trojan-leaks-main/Suffocate-safety.exe
- Size
  
  592KB
- MD5
  
  a66a634984d867b4e7c6c94d3c3b5a5e
- SHA1
  
  aae20c9ea86f09cf2a38494af54bc42f93a05d8b
- SHA256
  
  1a0bc18ff66a0fcb2aaed91ca23b5cffff0c3ef45e5b9a30b0ccb3ad60b64c2d
- SHA512
  
  ec9a8c706a9488870ec39366bea3ca538628579896c0fbb7d532bc6c4d197354c44822dc3f5e910dbe6ec13b581312dd30aa360a0b61d6934865789687591244
- SSDEEP
  
  6144:rDkQaeZDEqsErE0jAC1drT1/B4y3VCHMHW98MNz7tLpu3Jdl18uUkUT5oOY2di:rIje5h1dH1/Gy3YHM29zEPtQmONw
Score

1^/10
behavioral25 behavioral26 behavioral27
- Target
  
  trojan-leaks-main/TheEchoOfFear (Special Edition).rar
- Size
  
  19.9MB
- MD5
  
  05ec3be64cdf7b7dee973bc65fd928e0
- SHA1
  
  0625bef37fc4a5e8ac3bd1bd976f49e6a71dfe86
- SHA256
  
  84bb8463d236b719e35e41d1d4c0cd5ac953d9ef5e7a4ccd2a06acb56dc49d30
- SHA512
  
  66b292668a06e951f558a4bd039a809113c187a022739743b881aef66d9c2e5fa8d2a331dff81c6272e867bd3378085466a5bb5ffcbbf398e933adb700d5cd5c
- SSDEEP
  
  393216:Qs0mJzpg1O2xFM5dOnD8Z838kOaMGnHl3M2q4G2oakr8YiOIxjmGR9jrj:+mj2O58D865OBGnFrqB8YjIxS8jrj
Score

3^/10
behavioral28 behavioral29 behavioral30

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistence

behavioral2

bootkitevasionpersistence

behavioral3

bootkitevasionpersistence

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30