eadaf26df948f0fd541f297e2f0bad435aa4bee5c97e4324ad767dacca77e29d

Target

trojan-leaks-main.zip
Size

501.8MB
Sample

230509-xxrt6sff7w
MD5

5989c04ee5327d6e7185985f4a7fb933
SHA1

51826110b35fc7b0984eae57c8e143900b29a38f
SHA256

eadaf26df948f0fd541f297e2f0bad435aa4bee5c97e4324ad767dacca77e29d
SHA512

089b2cf3836852d52a8b1da951702d2e2101eee915ddfa72bd967123d1a52d98baae6c0f68f2fd24fb4f1a111b8bfcf6cc57421e76a11f5554a80d372e77587e
SSDEEP

12582912:4vZS6yP56fA74t343nX8dn++/RNk8nnqKIEX1b62gOZsX:qZS6yDcJ43sd++//k8nnqKI214

Score

8^/10

Malware Config

Targets

- Target
  
  trojan-leaks-main/Phsyletric.exe
- Size
  
  97KB
- MD5
  
  4db23cf50f64a83759db9df6ad222d65
- SHA1
  
  8ed2c2d8c8c0e5b953559adf6e8765f505cccdd2
- SHA256
  
  465f8bf12fe8fc53c9ef45e498b5f9d95b783c61096147bbc09182f6d19dd129
- SHA512
  
  615735ab5bbd78c1e72dc2c6b7066d0fe66894d29844e1557bf08af319c5c38c883ac8c5ecc248637d8d91b83aad731be5476a4826b5101a02810f27b2d89644
- SSDEEP
  
  3072:MbDwt25lOqFieKe/xzJdekGFq8YbFwIf6Psq1:MbDAEIq396Psq1
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2 behavioral3
- Target
  
  trojan-leaks-main/Potassium.exe
- Size
  
  109KB
- MD5
  
  86d3f3f29362283921a9277bdfb73648
- SHA1
  
  55ab05f3a2251d9071c8d97c9a995b6799a85cb1
- SHA256
  
  b264d303e833f180f46a5b5f04c8a4ebd41db3e5aadb2e1e0058f2c2bf7b5a5c
- SHA512
  
  27b34ba3ce6e97b9940cb1ad76373815cc7867b474c1129e5a600965337a71a7785d3316304032816f367a6b91fa67f02c4b36f1e6ec72efd81716a87b69d93e
- SSDEEP
  
  3072:+/n7O+sxVkBqEx1KRgugPWsBs63n9fSrlex:+/n7VW+cE5ugPWKSrlex
Score

1^/10
behavioral4 behavioral5 behavioral6
- Target
  
  trojan-leaks-main/Profolent (pass 123).rar
- Size
  
  386KB
- MD5
  
  55f86de7e475231cf89e4f526ac6015f
- SHA1
  
  f891a3b5d78bbf798fb2c68c9bdff5122e45c474
- SHA256
  
  a739099ebb4811ec9309a545153f519401a86911c94749aecb89e5ec448197a1
- SHA512
  
  8d4888c9b79315700e4edb6c222d79a21e4f52fe9334ef474914feca5b104b285f56937d727924c06401a008233be034c6365bfbdaaaf39b3e0427907fce21c0
- SSDEEP
  
  6144:aGw/yW7wF9oNOV60f+aCAzYGMmLcsYLrta++kryCKuFhPCinkBjMUBeIh00rs+u:6wsR0f+axYlw++KnhPCOkJ58EeZ
Score

3^/10
behavioral7 behavioral8 behavioral9
- Target
  
  trojan-leaks-main/Protactinium.exe
- Size
  
  43KB
- MD5
  
  f6aa0dd947ff84db2c0e991aab776dcc
- SHA1
  
  73d377c8d4b7d04ac9fd6c47d74491d76ca6cf6e
- SHA256
  
  2ab5f10366ebad9e4af9369730495a6bd48ad278e78f880a54d583024491786d
- SHA512
  
  3d81ae0131c6fc531d0592259d5cf7296aa61487de785e5b534a696867ae9ef8abae19aa1b938a62db6492af38829dfdbeb7da0d69ba2253b26cb8dd41d8bc83
- SSDEEP
  
  384:1bGThpZmtWqjV0rABs4q56hDLApNEKYZWVOggl6k4+jQukJs0yjW:1bSutWvkBsXqApNTuB/7jeRH
Score

8^/10

bootkit evasion persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral10 behavioral11 behavioral12
- Target
  
  trojan-leaks-main/QSO J1228+3128.bat
- Size
  
  129KB
- MD5
  
  b9b35fbe7121c90f368b13e97bf574a7
- SHA1
  
  46c6fb9f06fffa4de1aacb73d4a3436664f79a8a
- SHA256
  
  cae015c5705155cc6e2f49263aacef3bc8e4bfd9c2f29886a077471cd5dac447
- SHA512
  
  79dcab087efb28845eae2124b559fb5d8188b9d86ae2bf2ac26bcc9a3d4b41acd656e061465900b86cddd0efff35fd987e562ddac5f266fcc2c67ee76a37a9e9
- SSDEEP
  
  3072:esyMBvZXdYcpRXphFVhyelsqYTsjLXQ83N83qxho7Y:ewRXqcjDFLyPZT83N83Wik
Score

8^/10

bootkit persistence
- Drops file in Drivers directory
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral13 behavioral14 behavioral15
- Target
  
  trojan-leaks-main/QSO J1228+3128.exe
- Size
  
  206KB
- MD5
  
  d5f741b0bb991604d5331de863d49d8b
- SHA1
  
  1c73d032211696e954259b48c3e83029d7852846
- SHA256
  
  adac36e4faab7c953354b50391774c9b01379cb4445de52f074464c58d751d1d
- SHA512
  
  a84b1acec34996a5047ff082985510cecf1d381b216e3b02dca2113b16500d417c6f89833ad93a3b1ba96b23cbcc8af5cd5d065fe6235d5273c1c8412538fa30
- SSDEEP
  
  3072:CKEiM0DPxUKQf5kv+Tx5DQdqRd+vKWbb1boDu8:WifPxDzvRdMdoh1D8
Score

8^/10

bootkit persistence
- Drops file in Drivers directory
- Sets file execution options in registry
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral16 behavioral17 behavioral18
- Target
  
  trojan-leaks-main/Quarknova.rar
- Size
  
  3.4MB
- MD5
  
  350a8c1d3cfb0fac236604b7aadc68bb
- SHA1
  
  5a4af05b89a457f457ef2fa21bb74a08ebe329fc
- SHA256
  
  5f52a913ac4f7089cd42d897982c135c222017fb62c209acd17ea982705cd0a0
- SHA512
  
  8093410a6a7a0c23115764bbde5078b1b118f8ebdf961c0812e715e6816d4cc61f53cc1ce8957102815544e877d393a11d14d05eaa0d2c9e0c196e57a5157e23
- SSDEEP
  
  49152:L6Hnpfu/0XTk8DYS2Yt1HSrOgwEVkVy5OYhAOSaoTX/BFCYV0uucKALFhJkpeX4/:WmS9DYtYVSrOPHOSaQBIJ5vQFcpeX42G
Score

3^/10
behavioral19 behavioral20 behavioral21
- Target
  
  trojan-leaks-main/Rebcoana README.txt
- Size
  
  631B
- MD5
  
  5872a083e7a8514afe1a78398846e1ff
- SHA1
  
  44e2438d3b56833748662346e5654c96fd380639
- SHA256
  
  9f75c8c5a703c78df97c61716f6afcb3afb82921195b86f600eaf153d2f092ab
- SHA512
  
  f5aed103b1556a5a19c5434c11a74ec6cdee0c8f781dfa18d1ef20303befbe859f2f5741046852db993cc8f85f99d98047bc00892a407aecb4a00bc91866750f
Score

1^/10
behavioral22 behavioral23 behavioral24
- Target
  
  trojan-leaks-main/Rebcoana.exe
- Size
  
  1.2MB
- MD5
  
  edfad6bc3bc4d075a440b49baf575f56
- SHA1
  
  2d4c069a8549863ac4f9f18601e4e62170309b10
- SHA256
  
  db9091ba1e3f755972a5ca4bc0b3e76b77c3fd79a398313d5511b1bedffd46f6
- SHA512
  
  c4246c4a0117139c90a3b599959875aef9fde1035d0bb83298038b31cb2b7236c09484845f47cae670cf5d7b5548bdd7f6425741a025dfc7c3b59a9260c0093c
- SSDEEP
  
  24576:aNPqVZyrXMgZ+W7k/MP5u1QX8y8sJWlLIo0yyj01YA/L:p8XMhMk/MP5JX8ZYG3fa01YG
Score

5^/10
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral25 behavioral26 behavioral27
- Target
  
  trojan-leaks-main/Ruthenium/PleaseReadme.txt
- Size
  
  1KB
- MD5
  
  bb9b7df61b11b81f835f40852866baaa
- SHA1
  
  b0a6bec298a693a708c31d7a2782198f735e8455
- SHA256
  
  1c4b7c6d442aa1218d3558d0ce8f9e1637422e3ca425e6622e8699e2eb53498c
- SHA512
  
  cfd3b1604ba58b7631597a9f262c290bdc375f0b67aa82cdd5933c6bababccd0304d71fbd8f6eb08dbfc999627ba9a4acce85802a2116a18e45c2ca90786c02f
Score

1^/10
behavioral28 behavioral29 behavioral30

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Writes to the Master Boot Record (MBR)

Disables RegEdit via registry modification

Disables Task Manager via registry modification

Writes to the Master Boot Record (MBR)

Drops file in Drivers directory

Sets file execution options in registry

Executes dropped EXE

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

Drops file in Drivers directory

Sets file execution options in registry

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

AutoIT Executable

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30