Resubmissions
09-05-2023 19:22
230509-x3fn4adg58 1009-05-2023 19:14
230509-xxsrgaff7x 1009-05-2023 19:14
230509-xxr5yadg42 709-05-2023 19:14
230509-xxrt6sff7w 809-05-2023 19:14
230509-xxrjeaff7v 809-05-2023 19:14
230509-xxqxwadg39 709-05-2023 19:14
230509-xxql4sff7t 1009-05-2023 19:14
230509-xxqbcadg38 709-05-2023 19:10
230509-xvl6xadf64 10General
-
Target
trojan-leaks-main.zip
-
Size
501.8MB
-
Sample
230509-xxsrgaff7x
-
MD5
5989c04ee5327d6e7185985f4a7fb933
-
SHA1
51826110b35fc7b0984eae57c8e143900b29a38f
-
SHA256
eadaf26df948f0fd541f297e2f0bad435aa4bee5c97e4324ad767dacca77e29d
-
SHA512
089b2cf3836852d52a8b1da951702d2e2101eee915ddfa72bd967123d1a52d98baae6c0f68f2fd24fb4f1a111b8bfcf6cc57421e76a11f5554a80d372e77587e
-
SSDEEP
12582912:4vZS6yP56fA74t343nX8dn++/RNk8nnqKIEX1b62gOZsX:qZS6yDcJ43sd++//k8nnqKI214
Malware Config
Targets
-
-
Target
trojan-leaks-main/Benzene_x64.exe
-
Size
234KB
-
MD5
4abcf3f7124adbbb7aa59a1f128f5b16
-
SHA1
64e82614e15cd9102f9ab594d05b0c17549b0618
-
SHA256
40d98c6d729f998614934cec341440c11c9cbdfcb7bd9c649d83f915eeac4138
-
SHA512
58a603da4a6a6be5f52fd4e33e87d1dfeb03c8404cf422b7afec0487723c9cf6c34d3b363e684ed9c3e13d8748ec8affeafd8b5e1df88f2393f66275b1b37fde
-
SSDEEP
6144:8cpsByyZtP/Gxqw44Y5yjaGLqSKExm7WWIQ:8cpsBnZ1/GXc5YX2SKExNWf
Score1/10 -
-
-
Target
trojan-leaks-main/CoViper.exe
-
Size
286KB
-
MD5
e20ee9bbbd1ebe131f973fe3706ca799
-
SHA1
4e92e5cbe9092f94b4f4951893b5d9ca304d292c
-
SHA256
f632b6e822d69fb54b41f83a357ff65d8bfc67bc3e304e88bf4d9f0c4aedc224
-
SHA512
d50524992662aa84d5b4340525a25d915e91e464a725aa6851de206fd294aa7f4fcefe695ce463ce652b0a03874b75c0678b4c708d2b71f7c18804d1365d3458
-
SSDEEP
6144:egtJZ0NSt7Jb/Is8vIfYg6KcZQV7GdRMrKUIvcgfoS3Qz89r:egWNStd7R8cYgsZK7qCrqfoS3Mcr
Score10/10-
UAC bypass
-
Disables Task Manager via registry modification
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
trojan-leaks-main/Cs_Hacks_Free_no_hacks.exe
-
Size
105KB
-
MD5
06ea97fe57005515dcac13901efb3d9d
-
SHA1
48e42f95e5d7fc1a572f7d50e7e07af462b03f4c
-
SHA256
5bb7129469665dc7125d27cbd97cc65c17c3cbed91beffc63214b65a970332f6
-
SHA512
07b15e991c3f0d382052a2faedf6f634dfcdaf18051113fe1300118ac67223c16b218195734894f5477dc36ef3799acda7af8fc23ab990955468505bd74f82da
-
SSDEEP
1536:BY9V5I5iTSrWc3YiyCmOJu3yUyJCbX40K78JZ:BYzgWcpyCnWbJZ
Score1/10 -
-
-
Target
trojan-leaks-main/Glodrix.exe
-
Size
416KB
-
MD5
766e0dceb95f26a79300e786669fd4c3
-
SHA1
56bd2f5f37d012059e44185a4405332891b8efb6
-
SHA256
a2d0fcecb809ae416d8d532f7eb58505977aeb00c66f0d51b70025946bc599b3
-
SHA512
9cc4ab1466de58815ea48350f5e31135d9acfce87ba58863eb5632b6b56b5b512cae5b9a512b0400f45e982ad711a3c637bd79a3fe721df9ab0e659b8dd2a204
-
SSDEEP
6144:23nEFPjLXbeQHD0wyqwYxKk+CKEEwL1fFx++/BsPZ:EnEFPjLtHvyqwYg3Tsj6
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
trojan-leaks-main/Halloware #READ ME#.txt
-
Size
4KB
-
MD5
8d8f7c8fa2e06769d04ec04609e99cc3
-
SHA1
a08774b2b14decd4c54d15bd170396593224a44b
-
SHA256
9f37c06f7e2a4ae7ea8df7195eba8ad83751696fd9b72e4793da64bc1e243f3d
-
SHA512
3af260f8d1fa0c92e089b666a2bd6a935af0e33f4e76acbed69d77bb9a5e2909156d01616bfea88a7143432e3f97844bc580cc9010201ab713777609def67274
-
SSDEEP
24:53jJcKGbe9h1b79qIeMdtFDBom9dNGdV92NKl1jAxltdJ7AT2dSWGd6lL+LeOGSS:53jJcpbexlqI/DBv43GSS
Score1/10 -
-
-
Target
trojan-leaks-main/Halloware (BerkayV).exe
-
Size
23.1MB
-
MD5
2701cf0c52d8d8d961f21f9952af15e7
-
SHA1
d8b9de327f95ba090e5606862003419388fc3dc7
-
SHA256
616830e93c33240ff157b4eeeab1d1a3e9891d6410139afdbd4d01f075da0933
-
SHA512
b4798cd526b116e943f3cba6f58175185898e374efd4ab7afe012495858c7997fb1fba1dac284ae4aa484dfc5f70b6240ad1281d90c9a3642e49edd95ab39110
-
SSDEEP
196608:puv1iLrYSZWLN0dLeGyI8bMU+Ns3tlHO8:UdiHZZWLN1cu3tlHF
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Modifies file permissions
-
Modifies system executable filetype association
-
Drops file in System32 directory
-
-
-
Target
trojan-leaks-main/Holzer.zip
-
Size
50KB
-
MD5
46c66dccda54ac15c941e7589a5da5ca
-
SHA1
49a4f3b61753f261fc5f3e7d69f599ac0a5e083e
-
SHA256
f7f624d237f1d81858259c1783be9c7a605fe260b22092af064bc91035010fef
-
SHA512
c4c96aebf3d0de7127e3e45c5670323781ed8ae4bc0413c6b35cb2f5e9ee8ccaf84d5dbf655b384a1cec4b8d8fcbe5970c43e79bad76cf9a17ada1b3717c57a2
-
SSDEEP
1536:5dlKxgjOc91+xkuSL7/jVqFqGBh8tCxFngg/:PlJjOc9WkuoQtF1gg/
Score1/10 -
-
-
Target
trojan-leaks-main/HorrorTrojan Special Edition.zip
-
Size
2.3MB
-
MD5
39f3387f2a647eb16a6d9883361ab32d
-
SHA1
209003e572c22bbf1c6c779ece61a47cd5124939
-
SHA256
3604db70903c42ad17faf4cc55cc4a561a800e1204c8e05762723a3be6b13594
-
SHA512
552ec53d4ef69e143d07f5abb91894336402bc8512e8fa718185550e6d414feb57ac06c8786269fc8f948b51840304791b902b81e23136b41d5ab2c9bec21948
-
SSDEEP
49152:sgycGFIrb7ioMZfZ1nnVdvaUk73LRXU9TZKKjUv6BtQB++xPS4:luFrf1nnVcUg7RE9FNUSBtQMOPS4
Score1/10 -
-
-
Target
trojan-leaks-main/HorrorTrojan123.exe
-
Size
8.4MB
-
MD5
2b71cc65cc949cfce47107383f9bce29
-
SHA1
a57d725a4cb391d4ea02a3c4b5680935f72669cf
-
SHA256
a513325690cf5bf2302ccc34e2264a8a48270de49a1863c018afed246472e37a
-
SHA512
158d6e92839b4d83827832e870b4e3d2c8d388894dd5a194abbfcf4ad228fea7e83543b6278cedd6fb2b92801ba102178a962c4d4f0868e1aac62f50d668a824
-
SSDEEP
196608:5MBEQlWRG1ywPTazB6S5KJ7lsL2jXdFTOJkJlJ0dN:qBEQl2G1yzB6HJ7GSjXjGx
Score1/10 -
-
-
Target
trojan-leaks-main/HorrorTrojan4.zip
-
Size
2.9MB
-
MD5
5e8e402412a6d563b5e56f5fdce5712c
-
SHA1
0e4524483b798dd98d0e0e06a66270a0017de83c
-
SHA256
449e8616a14832ff1258bb758114ded666f99dd091f3a820f3094ba6431d4ec0
-
SHA512
b5df4509cd0ee6269afae32858a3b5cf4b70916936f6b022649f79c150ca888b241ca784f2daefb12767ef529f119c1019cef99834a5c1945cd668300db95320
-
SSDEEP
49152:JKa31sIaKiVD+n4ceaymjIBjA9vRy9OYkOQFLCuWYA0MkoMiOc0Rh:NeFKiRaymjIB00kOQFLHWB0gpOc0z
Score1/10 -
MITRE ATT&CK Enterprise v6
Persistence
Bootkit
1Change Default File Association
1Hidden Files and Directories
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1