Overview

overview

10

Static

static

7

trojan-lea...64.exe

windows10-1703-x64

1

trojan-lea...64.exe

windows7-x64

1

trojan-lea...64.exe

windows10-2004-x64

1

trojan-lea...er.exe

windows10-1703-x64

trojan-lea...er.exe

windows7-x64

10

trojan-lea...er.exe

windows10-2004-x64

trojan-lea...ks.exe

windows10-1703-x64

1

trojan-lea...ks.exe

windows7-x64

1

trojan-lea...ks.exe

windows10-2004-x64

1

trojan-lea...ix.exe

windows10-1703-x64

6

trojan-lea...ix.exe

windows7-x64

6

trojan-lea...ix.exe

windows10-2004-x64

6

trojan-lea...E#.txt

windows10-1703-x64

1

trojan-lea...E#.txt

windows7-x64

1

trojan-lea...E#.txt

windows10-2004-x64

1

trojan-lea...V).exe

windows10-1703-x64

10

trojan-lea...V).exe

windows7-x64

10

trojan-lea...V).exe

windows10-2004-x64

10

trojan-lea...er.zip

windows10-1703-x64

1

trojan-lea...er.zip

windows7-x64

1

trojan-lea...er.zip

windows10-2004-x64

1

trojan-lea...on.zip

windows10-1703-x64

1

trojan-lea...on.zip

windows7-x64

1

trojan-lea...on.zip

windows10-2004-x64

trojan-lea...23.exe

windows10-1703-x64

1

trojan-lea...23.exe

windows7-x64

1

trojan-lea...23.exe

windows10-2004-x64

1

trojan-lea...n4.zip

windows10-1703-x64

1

trojan-lea...n4.zip

windows7-x64

1

trojan-lea...n4.zip

windows10-2004-x64

Resubmissions

09-05-2023 19:22

230509-x3fn4adg58 10

09-05-2023 19:14

230509-xxsrgaff7x 10

09-05-2023 19:14

230509-xxr5yadg42 7

09-05-2023 19:14

230509-xxrt6sff7w 8

09-05-2023 19:14

230509-xxrjeaff7v 8

09-05-2023 19:14

230509-xxqxwadg39 7

09-05-2023 19:14

230509-xxql4sff7t 10

09-05-2023 19:14

230509-xxqbcadg38 7

09-05-2023 19:10

230509-xvl6xadf64 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    trojan-leaks-main.zip

  • Size

    501.8MB

  • Sample

    230509-xxsrgaff7x

  • MD5

    5989c04ee5327d6e7185985f4a7fb933

  • SHA1

    51826110b35fc7b0984eae57c8e143900b29a38f

  • SHA256

    eadaf26df948f0fd541f297e2f0bad435aa4bee5c97e4324ad767dacca77e29d

  • SHA512

    089b2cf3836852d52a8b1da951702d2e2101eee915ddfa72bd967123d1a52d98baae6c0f68f2fd24fb4f1a111b8bfcf6cc57421e76a11f5554a80d372e77587e

  • SSDEEP

    12582912:4vZS6yP56fA74t343nX8dn++/RNk8nnqKIEX1b62gOZsX:qZS6yDcJ43sd++//k8nnqKI214

Score
10/10
agilenetbootkitdiscoveryevasionexploitpersistencetrojanupx

Malware Config

Targets

    • Target

      trojan-leaks-main/Benzene_x64.exe

    • Size

      234KB

    • MD5

      4abcf3f7124adbbb7aa59a1f128f5b16

    • SHA1

      64e82614e15cd9102f9ab594d05b0c17549b0618

    • SHA256

      40d98c6d729f998614934cec341440c11c9cbdfcb7bd9c649d83f915eeac4138

    • SHA512

      58a603da4a6a6be5f52fd4e33e87d1dfeb03c8404cf422b7afec0487723c9cf6c34d3b363e684ed9c3e13d8748ec8affeafd8b5e1df88f2393f66275b1b37fde

    • SSDEEP

      6144:8cpsByyZtP/Gxqw44Y5yjaGLqSKExm7WWIQ:8cpsBnZ1/GXc5YX2SKExNWf

    Score
    1/10
    behavioral1behavioral2behavioral3

    • Target

      trojan-leaks-main/CoViper.exe

    • Size

      286KB

    • MD5

      e20ee9bbbd1ebe131f973fe3706ca799

    • SHA1

      4e92e5cbe9092f94b4f4951893b5d9ca304d292c

    • SHA256

      f632b6e822d69fb54b41f83a357ff65d8bfc67bc3e304e88bf4d9f0c4aedc224

    • SHA512

      d50524992662aa84d5b4340525a25d915e91e464a725aa6851de206fd294aa7f4fcefe695ce463ce652b0a03874b75c0678b4c708d2b71f7c18804d1365d3458

    • SSDEEP

      6144:egtJZ0NSt7Jb/Is8vIfYg6KcZQV7GdRMrKUIvcgfoS3Qz89r:egWNStd7R8cYgsZK7qCrqfoS3Mcr

    Score
    10/10
    evasionpersistencetrojanupx

    • UAC bypass

      evasiontrojan

    • Disables Task Manager via registry modification

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral4behavioral5behavioral6

    • Target

      trojan-leaks-main/Cs_Hacks_Free_no_hacks.exe

    • Size

      105KB

    • MD5

      06ea97fe57005515dcac13901efb3d9d

    • SHA1

      48e42f95e5d7fc1a572f7d50e7e07af462b03f4c

    • SHA256

      5bb7129469665dc7125d27cbd97cc65c17c3cbed91beffc63214b65a970332f6

    • SHA512

      07b15e991c3f0d382052a2faedf6f634dfcdaf18051113fe1300118ac67223c16b218195734894f5477dc36ef3799acda7af8fc23ab990955468505bd74f82da

    • SSDEEP

      1536:BY9V5I5iTSrWc3YiyCmOJu3yUyJCbX40K78JZ:BYzgWcpyCnWbJZ

    Score
    1/10
    behavioral7behavioral8behavioral9

    • Target

      trojan-leaks-main/Glodrix.exe

    • Size

      416KB

    • MD5

      766e0dceb95f26a79300e786669fd4c3

    • SHA1

      56bd2f5f37d012059e44185a4405332891b8efb6

    • SHA256

      a2d0fcecb809ae416d8d532f7eb58505977aeb00c66f0d51b70025946bc599b3

    • SHA512

      9cc4ab1466de58815ea48350f5e31135d9acfce87ba58863eb5632b6b56b5b512cae5b9a512b0400f45e982ad711a3c637bd79a3fe721df9ab0e659b8dd2a204

    • SSDEEP

      6144:23nEFPjLXbeQHD0wyqwYxKk+CKEEwL1fFx++/BsPZ:EnEFPjLtHvyqwYg3Tsj6

    Score
    6/10
    bootkitpersistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral10behavioral11behavioral12

    • Target

      trojan-leaks-main/Halloware #READ ME#.txt

    • Size

      4KB

    • MD5

      8d8f7c8fa2e06769d04ec04609e99cc3

    • SHA1

      a08774b2b14decd4c54d15bd170396593224a44b

    • SHA256

      9f37c06f7e2a4ae7ea8df7195eba8ad83751696fd9b72e4793da64bc1e243f3d

    • SHA512

      3af260f8d1fa0c92e089b666a2bd6a935af0e33f4e76acbed69d77bb9a5e2909156d01616bfea88a7143432e3f97844bc580cc9010201ab713777609def67274

    • SSDEEP

      24:53jJcKGbe9h1b79qIeMdtFDBom9dNGdV92NKl1jAxltdJ7AT2dSWGd6lL+LeOGSS:53jJcpbexlqI/DBv43GSS

    Score
    1/10
    behavioral13behavioral14behavioral15

    • Target

      trojan-leaks-main/Halloware (BerkayV).exe

    • Size

      23.1MB

    • MD5

      2701cf0c52d8d8d961f21f9952af15e7

    • SHA1

      d8b9de327f95ba090e5606862003419388fc3dc7

    • SHA256

      616830e93c33240ff157b4eeeab1d1a3e9891d6410139afdbd4d01f075da0933

    • SHA512

      b4798cd526b116e943f3cba6f58175185898e374efd4ab7afe012495858c7997fb1fba1dac284ae4aa484dfc5f70b6240ad1281d90c9a3642e49edd95ab39110

    • SSDEEP

      196608:puv1iLrYSZWLN0dLeGyI8bMU+Ns3tlHO8:UdiHZZWLN1cu3tlHF

    Score
    10/10
    discoveryevasionexploitpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Possible privilege escalation attempt

      exploit

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Modifies file permissions

      discovery

    • Modifies system executable filetype association

      persistence

    • Drops file in System32 directory

    behavioral16behavioral17behavioral18

    • Target

      trojan-leaks-main/Holzer.zip

    • Size

      50KB

    • MD5

      46c66dccda54ac15c941e7589a5da5ca

    • SHA1

      49a4f3b61753f261fc5f3e7d69f599ac0a5e083e

    • SHA256

      f7f624d237f1d81858259c1783be9c7a605fe260b22092af064bc91035010fef

    • SHA512

      c4c96aebf3d0de7127e3e45c5670323781ed8ae4bc0413c6b35cb2f5e9ee8ccaf84d5dbf655b384a1cec4b8d8fcbe5970c43e79bad76cf9a17ada1b3717c57a2

    • SSDEEP

      1536:5dlKxgjOc91+xkuSL7/jVqFqGBh8tCxFngg/:PlJjOc9WkuoQtF1gg/

    Score
    1/10
    behavioral19behavioral20behavioral21

    • Target

      trojan-leaks-main/HorrorTrojan Special Edition.zip

    • Size

      2.3MB

    • MD5

      39f3387f2a647eb16a6d9883361ab32d

    • SHA1

      209003e572c22bbf1c6c779ece61a47cd5124939

    • SHA256

      3604db70903c42ad17faf4cc55cc4a561a800e1204c8e05762723a3be6b13594

    • SHA512

      552ec53d4ef69e143d07f5abb91894336402bc8512e8fa718185550e6d414feb57ac06c8786269fc8f948b51840304791b902b81e23136b41d5ab2c9bec21948

    • SSDEEP

      49152:sgycGFIrb7ioMZfZ1nnVdvaUk73LRXU9TZKKjUv6BtQB++xPS4:luFrf1nnVcUg7RE9FNUSBtQMOPS4

    Score
    1/10
    behavioral22behavioral23behavioral24

    • Target

      trojan-leaks-main/HorrorTrojan123.exe

    • Size

      8.4MB

    • MD5

      2b71cc65cc949cfce47107383f9bce29

    • SHA1

      a57d725a4cb391d4ea02a3c4b5680935f72669cf

    • SHA256

      a513325690cf5bf2302ccc34e2264a8a48270de49a1863c018afed246472e37a

    • SHA512

      158d6e92839b4d83827832e870b4e3d2c8d388894dd5a194abbfcf4ad228fea7e83543b6278cedd6fb2b92801ba102178a962c4d4f0868e1aac62f50d668a824

    • SSDEEP

      196608:5MBEQlWRG1ywPTazB6S5KJ7lsL2jXdFTOJkJlJ0dN:qBEQl2G1yzB6HJ7GSjXjGx

    Score
    1/10
    behavioral25behavioral26behavioral27

    • Target

      trojan-leaks-main/HorrorTrojan4.zip

    • Size

      2.9MB

    • MD5

      5e8e402412a6d563b5e56f5fdce5712c

    • SHA1

      0e4524483b798dd98d0e0e06a66270a0017de83c

    • SHA256

      449e8616a14832ff1258bb758114ded666f99dd091f3a820f3094ba6431d4ec0

    • SHA512

      b5df4509cd0ee6269afae32858a3b5cf4b70916936f6b022649f79c150ca888b241ca784f2daefb12767ef529f119c1019cef99834a5c1945cd668300db95320

    • SSDEEP

      49152:JKa31sIaKiVD+n4ceaymjIBjA9vRy9OYkOQFLCuWYA0MkoMiOc0Rh:NeFKiRaymjIB00kOQFLHWB0gpOc0z

    Score
    1/10
    behavioral28behavioral29behavioral30

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Hidden Files and Directories

1
T1158

Bootkit

1
T1067

Winlogon Helper DLL

1
T1004

Change Default File Association

1
T1042

Privilege Escalation

Bypass User Account Control

2
T1088

Defense Evasion

Bypass User Account Control

2
T1088

Disabling Security Tools

2
T1089

Modify Registry

8
T1112

Hidden Files and Directories

1
T1158

File Permissions Modification

1
T1222

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Process Discovery

1
T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

upxagilenet
Score
7/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

evasionpersistencetrojanupx
Score
10/10

behavioral5

evasionpersistencetrojanupx
Score
10/10

behavioral6

evasionpersistencetrojanupx
Score
10/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

bootkitpersistence
Score
6/10

behavioral11

bootkitpersistence
Score
6/10

behavioral12

bootkitpersistence
Score
6/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

discoveryevasionexploitpersistencetrojan
Score
10/10

behavioral17

discoveryevasionexploitpersistencetrojan
Score
10/10

behavioral18

discoveryevasionexploitpersistencetrojan
Score
10/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10