60541e6a43661f0ee2e70c0a7cedb86d44a874e5376949db7a2e1f604fa5cdf1

Sharing

Copy URL

Twitter E-mail

General

Target

ninjaripper171.7z
Size

3.1MB
Sample

230513-v4fpdabb6t
MD5

fb15ed3fe3077461bdd6427f161b0591
SHA1

f324ab82ec1b79b7a374b26fb9270ee0a5fa4991
SHA256

60541e6a43661f0ee2e70c0a7cedb86d44a874e5376949db7a2e1f604fa5cdf1
SHA512

0e36752bf751432755769146cddddc6c74e1318a8f538a436652b6343fda3999957690f8a1c4edad8d2090cb7471a6df8f02dfe5a2e6c57c3528d5abb9305daa
SSDEEP

98304:/JxVhGkdUWXXQ5sE5mPLhG6tHrVJFbj7yvk7YcJ:/JDhGkdUACsEks6tHrVnvEk7J

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  ninjaripper171.7z
- Size
  
  3.1MB
- MD5
  
  fb15ed3fe3077461bdd6427f161b0591
- SHA1
  
  f324ab82ec1b79b7a374b26fb9270ee0a5fa4991
- SHA256
  
  60541e6a43661f0ee2e70c0a7cedb86d44a874e5376949db7a2e1f604fa5cdf1
- SHA512
  
  0e36752bf751432755769146cddddc6c74e1318a8f538a436652b6343fda3999957690f8a1c4edad8d2090cb7471a6df8f02dfe5a2e6c57c3528d5abb9305daa
- SSDEEP
  
  98304:/JxVhGkdUWXXQ5sE5mPLhG6tHrVJFbj7yvk7YcJ:/JDhGkdUACsEks6tHrVnvEk7J
Score

8^/10

discovery persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1
- Target
  
  ninjaripper1.7.1/help_en.txt
- Size
  
  6KB
- MD5
  
  4ce3d676a98688ada50a2f708518eb06
- SHA1
  
  942ebb3286bc7a890346ef04b25f970a7f974171
- SHA256
  
  77644f37b055769b830a88c872577fdce3ce9ca3af392faa1f77b0ce642be6f1
- SHA512
  
  936df07fbebbbee3bc564f54bef9e59f05f4215cea46be6d2f7d7b96ab274ef5d2d6ac5539d11896fb05f4357f9e3c7b94ae9193a4409857d9b4caa5f2636e70
- SSDEEP
  
  192:BxecAaI6Feie0eWRkgWR/zQr99I1K9TLFOx1096:Bxeca6Fe2eW2gy/zQJ9I1K9XFOx1c6
Score

1^/10
behavioral2
- Target
  
  ninjaripper1.7.1/help_ru.txt
- Size
  
  10KB
- MD5
  
  30228788f6d7c3b968e1e7eb2280982a
- SHA1
  
  fba7fc5908fea43795bb7c7c61b1b29714f35e38
- SHA256
  
  9c92a6e30be0b9f6d664075a3a34a06d9ac2f3249831a07f7aa97434a78dd502
- SHA512
  
  c2f389cca138371cddb3a5aa455a076231056679fcff0e2c22461f9f740c72346f4cdf4adbf485fd3539505a17b42718cd1b6c243b24b3275286fd919c4cbe45
- SSDEEP
  
  192:l4Z4m6mMQWFS5eSVUHFXlkwjYi3z316SvPvGsqXaAzG+ZIiB7Cp7gFjTaFjqMe9:l4tMtFg7kj9XvG5s+Z1RM7e9
Score

1^/10
behavioral3
- Target
  
  ninjaripper1.7.1/ripdump.exe
- Size
  
  111KB
- MD5
  
  8d609911365949348777f5db224ebd75
- SHA1
  
  78a047d2dc6980c0c453c404f13fa13756a1123e
- SHA256
  
  1e6c5b07d3903ad9e1a715b4585e4d7dd1ab3995652fddea6f01ef4413f032af
- SHA512
  
  bebb763fba396eb2a68434551ef8ff83e9f4fd47ea4cb84662e895f4342b841353a4ee918accd1bc95ad5420255e0fd0716844d9eaf84cfd22090215b2f43a20
- SSDEEP
  
  1536:cw8sBGZ2acw+VWXEzzeOLOiYMJyQnsOxfifc7pesWjcdL+f+uXBdM:qqGEzTWUfZDhqopBL+fpf
Score

3^/10
behavioral4
- Target
  
  ninjaripper1.7.1/tools/3dmax_GIMS_importer/EvoGIMS_manualinstall.rar
- Size
  
  2.2MB
- MD5
  
  d60fcc515b25b17fe20249e91dc97cc0
- SHA1
  
  495104a81736240f8f9fc54ece428fab7e1e3c00
- SHA256
  
  c4d0978ecda8b0afa722d943693be1d8133aa4f55874ad3817b725d03749ff86
- SHA512
  
  6113f71d9a12fe573cf9d313b834111411ae5dd872e9e4f2a036ca54eca11dfc434e156285659db982ffe53fdcf668ca2754737a78f3ccc7b05bfce23b975449
- SSDEEP
  
  49152:EzSeVeGkYkiWv2XX+z758eppC0Bm8VLMhTMstpmrRJSCMBqRbbMZe7:EzlwGkdiWOXX+zFpTm2LMlPtsr+Wbbt
Score

3^/10
behavioral5
- Target
  
  ninjaripper1.7.1/tools/3dmax_GIMS_importer/EvoGIMS_webinstall.rar
- Size
  
  54KB
- MD5
  
  c8a6e9895a188cebd0afe7b9476eab5f
- SHA1
  
  0ba8b1ef3209857f5d387cd2524765b9799bec7e
- SHA256
  
  55964db21d610d79139c533303d336f855c9b709a9cfa5d1541a909946b87f19
- SHA512
  
  309d17e0d1caa791c7f81fedde019a5e62cf5b5e1fcd878d7b16d25c3901e98acf5ee67bb7c7f24963070a73832e1c917ee9402fba344bbb9501d3b0dfb07e89
- SSDEEP
  
  768:Tuu11RYB3uGtQZFtg5YioMmw+VKnIW+niTcnWqC120eWaV9j5MHt1u2KMkwTK9L:TrIB3uGtQU9aQN+nc6WpreBO34MJTuL
Score

3^/10
behavioral6
- Target
  
  ninjaripper1.7.1/tools/3dmax_GIMS_importer/nrImp_3Dmr.zip
- Size
  
  7KB
- MD5
  
  15b52f6e601296222eabdb35c26401a4
- SHA1
  
  66a7d6d02096f25050d3b39e01e1e579320b4973
- SHA256
  
  e3fd3ce63569c9bc78b679e82e166f0426531a686082b64d187266b1a5c4c4fd
- SHA512
  
  e259cf61c18e76075c66dbeebf4475528d4ff2561880d25c40bb8e43292c9c35e242b77f904dcee4df60631320d6bc898b8fb979c64a1d5b34334cc2fd3d9a8a
- SSDEEP
  
  192:7iqmEdcJHYi33jP6E7P6cpxhx7mljgAXQp+Fao8p4s:rteHYa3mEztx7mVXQkdPs
Score

1^/10
behavioral7
- Target
  
  ninjaripper1.7.1/tools/3dmax_maxscript_importer/ninja_importerb7_cl69.ms
- Size
  
  21KB
- MD5
  
  1f7a51d121613aade3f1094a5e653d43
- SHA1
  
  7321a3e07709fdf4f16c3fae3109dc6ff4f4b8c6
- SHA256
  
  b8feff8285bec9617cabf0c5c2b196cdf83255bf540b8e12e6a83e5359619ee0
- SHA512
  
  71c8c2c083cff74460481a32e92bf16ea6b34ae758f7d739204f328c4504122f07034e2b6500c8051c5e28e63fcad54f092861d7c7914245a98c39bb46c57384
- SSDEEP
  
  384:wF1s+Hy2Zk85s8I1Bo8uZD7vOl6eH2hCDchZ++sVebWGrKsIPaiXrlGg:wk7L85s8VjO5H2FmiWJs9+h
Score

3^/10
behavioral8
- Target
  
  ninjaripper1.7.1/tools/3dmax_maxscript_importer/ninja_ripper_1.3.ms
- Size
  
  18KB
- MD5
  
  cf0cbb596fd1ba36282c61c0283f31ba
- SHA1
  
  4f86042e06a318197a0f7af8bce0f5fdc9df8031
- SHA256
  
  552e9f63d32e86379c68cc865a0ba297a8f7fada90e02fd41c95f28d19ee8f2f
- SHA512
  
  559e313c08efb8cbb823a9fda278ed3c08a5aa7ab89e17a20ad1ae76efdcbea402e6843cf580064d027f4ce03e32d300f7cfb18bb3fcefae07b02898faa71970
- SSDEEP
  
  384:FQvc+Hy2Ck8vs8IIAKo8uZDPvOl6eOLFeBhZhvGWGdsJmrKz:Fx7u8vs8I/O5OLFe/GWosOg
Score

3^/10
behavioral9
- Target
  
  ninjaripper1.7.1/tools/3dmax_maxscript_importer/readme_for_ninja_importerb7_cl69.txt
- Size
  
  879B
- MD5
  
  d36ecebc78095c664be107b2c7fbed40
- SHA1
  
  0f86a6333216d8a1dfb728cbf4feae819b681286
- SHA256
  
  c2918cafb234a5d866a745323da94f0532cf305d3d9a94bb465bd17d43545c4c
- SHA512
  
  64560018e3760855a976b493921584f9b710f507050292199806be0755180372552ba8ade1f83c0a6ca72e1a41e0d262abab0dc387d12fdd780b655097e61d54
Score

1^/10
behavioral10
- Target
  
  ninjaripper1.7.1/tools/blender_ninjaripper_importer/blender-import-ninjaripper-master.zip
- Size
  
  15KB
- MD5
  
  f550e6a7f40e21d35f2d65402f829108
- SHA1
  
  0e41e7a9bbcaf65532cd873f14bffafce73abfe7
- SHA256
  
  503565f44c2f71ad73e3d745c85e57879327cc94d4e8ebf17b6e056547b03493
- SHA512
  
  e4f47dd3dea3514699556e0dcb3e2f285999c257622ff053060c8b4969e06d62f8417f42803ab04e34948dfb4e2380ad4b634f0e0b4230d6b9f7a11cd4d8f9e6
- SSDEEP
  
  384:KjA21gQXCBfmijlaPn6wdXcqKfUyLLfl4WRr61:KJzE+ijlun60XUfUyN4Ww1
Score

1^/10
behavioral11
- Target
  
  ninjaripper1.7.1/tools/noesis_importer/fmt_ninjaripper_rip.py
- Size
  
  20KB
- MD5
  
  70a426051a4f658f985c1c307703ecb9
- SHA1
  
  8713395909bf76c5fa1c101cea502c952b553621
- SHA256
  
  8a2b032423897a250bc215f889f601fecd70a013f5447ac3d4b73d5e4f31224d
- SHA512
  
  08a8cecd470cd0d04b1aa96cf54a949b68d4a49023a7ffd256472e1e25da5b655c8831ed1b60830e5705540132f3894d848c1ff464210f419519d125734e481e
- SSDEEP
  
  384:HYco1oM9Y6NhbO0GWb03WZ0XbZxLFrujP80IhjLQ2YYQ9yr70FqFbVJ0BoMTjeia:HY/vb29pjLyOEBBjez
Score

3^/10
behavioral12
- Target
  
  ninjaripper1.7.1/tools/noesis_importer/ninjaripper_noesis_modified_by_blackninja.zip
- Size
  
  6KB
- MD5
  
  ad230f7590e4bc5918f594a282440d20
- SHA1
  
  728476ed08ec121d0398956d1809743bf0664aa7
- SHA256
  
  e33d86b0a47676c32721cef9fb7353d0f688d133cbb3b532b319f4bd226dc4d1
- SHA512
  
  b855834f32af0e13283da137a4f58629f5dc0b689be4fd4f3c3446ef496da9a8ccc14a28e243e6584d54e44fb2718f7e8b8cd6ca73f7c512c21226a8ddf02d9d
- SSDEEP
  
  192:O+XVze+7xpJRTkeSGkd8X6v5w1BUDSbsD:O+VtxpTBkdADbsD
Score

1^/10
behavioral13
- Target
  
  ninjaripper1.7.1/whats_new.txt
- Size
  
  795B
- MD5
  
  d62001d7627c75686d4bddb5ed7bef42
- SHA1
  
  4ed05a034badcc3e92c72234abd6a9910d19d0ee
- SHA256
  
  8e4c1774ee9d6c5b008f512368c69911fdd80e5c90a622d4d5595ca7ff4fe8d0
- SHA512
  
  9edbdaca05ed535338669af162168ca6a0e8a61196616b3c6972eeb7f41d23595dce3c7ca67065c45184b2ef041008c5727472b6b1e41490d342389ae52508e1
Score

1^/10
behavioral14
- Target
  
  ninjaripper1.7.1/x64/NinjaRipper.exe
- Size
  
  568KB
- MD5
  
  8c6d5cf1ef2c29b96353fb26f464c54c
- SHA1
  
  9b94cd9836d314bbee4ff1a73fc5896eb0ce6a8d
- SHA256
  
  770db7ee89caff8399f896a914ef69bf9ec2d21fd2814576e5cdaec69a53f5e0
- SHA512
  
  152ec0711cff4db29dd1f7d95d31b7465b3cf0bddfdd4c1c954034d1abe67e2eaee35af4c051fa4bf6b2990d64444322b95c37c2d13491b4a60d351d99a8081d
- SSDEEP
  
  6144:lu6B47vTcKOhbgyXJdZaPPMluczxa2M9ykc0xRIinuw6C:s6GAdntOS
Score

1^/10
behavioral15
- Target
  
  ninjaripper1.7.1/x64/d3dwrap.dll
- Size
  
  154KB
- MD5
  
  5f2d762679a865b86821175306daa768
- SHA1
  
  36dcfb98abd00e2f7728d9cabab56d1ddd4a965d
- SHA256
  
  644f1535b71b7a61b16020c8feb3b5eb9d1ed53462f9f2fae858592b99693d7c
- SHA512
  
  6e3a06d10ea5ca6f6464abceb93ab5c4da02821d465b9ff667487535290c9c919306a725c476beb63845e853c4c200a017d01be8d754821dfc1c00a1de8b2365
- SSDEEP
  
  3072:95TE4DSGXBxJlTWqMDpDWmR7A4LZNwZm+1JGgct7:vTaaxJlT4pDn04tsJBch
Score

3^/10
behavioral16
- Target
  
  ninjaripper1.7.1/x64/injhelper.exe
- Size
  
  130KB
- MD5
  
  a20a515bf55bd15e6aaf201263ae0c70
- SHA1
  
  07feb65f7c36194b5309be1716684529083f6662
- SHA256
  
  07972939ccb955e298b133cfa6a34a819d062c4d5483ac69a54174a8566ed176
- SHA512
  
  af04eb8e8b24bdf0e66b7f1b664baea8e009baba3cfff1cd728d2d2e55cd56d93b2d08ee3163b1c6aca0ff72da3a5edd5af116ffda24cd161f9a56a4fc896bd9
- SSDEEP
  
  3072:8LrEFVhpuOgSJETdRUFuPDEHMpubUu/TI/q+ZMQirWJV:urwhpuOZeTd5PAHs0DbIiON
Score

1^/10
behavioral17
- Target
  
  ninjaripper1.7.1/x64/intruder.dll
- Size
  
  1.0MB
- MD5
  
  dee02d7dd4b822ab1204c4e14f8cb5c8
- SHA1
  
  5d0a06da3e259d6849459932471c2563e9a60b17
- SHA256
  
  3aa424f235d3ca6919745c88441e52e5b948b090610b7d64246e19beef85a3f5
- SHA512
  
  03442288cc6ccd97dfb3c37fc493a3faef9bad3f433ec0afde24bde8b941ec3d08d097ac4cbb72f65c206069be209793a310f331d79d317ba6ea98a0de864402
- SSDEEP
  
  12288:rpAJ9VYtR33pcHpNqRGkJb7SYfag//7ZN3Vp:rk9VYtRHpcJNqIkJb7Vfag/tD
Score

3^/10
behavioral18
- Target
  
  ninjaripper1.7.1/x86/NinjaRipper.exe
- Size
  
  547KB
- MD5
  
  d8d424a642fe52e5159aa52d34769cc0
- SHA1
  
  684302fb7e6406da5671448fe826293023408281
- SHA256
  
  8962947853edbc15e41f85d9e7468355a345f26e9ac9b70744f652b5beb85ed1
- SHA512
  
  5c261b5cbc2b8c9899058fba72a4939d3e889678b2cb8d366425d5b25ecfbb7da5d223f6bcf934cbd5c263242352d5700e231a4dd576ff71ae19e4e0f75d7e43
- SSDEEP
  
  6144:9dpBTuEa1Q40hPwBuczxa2M9ykc0xRIinuw6C9/Uy:9VTuEa1gEOSW/U
Score

1^/10
behavioral19
- Target
  
  ninjaripper1.7.1/x86/d3dwrap.dll
- Size
  
  126KB
- MD5
  
  bcd2b978b5b6e054329918191f5e4f59
- SHA1
  
  2ccb4a14a5f57a8b7f017d35f05c3f508cd00e77
- SHA256
  
  2ef4a920ec0565e29e5cf4150a2262177b65197a369929ea530835939839b8f7
- SHA512
  
  bf8ced021515aa74c15c02f64a477be66b96d78ed93b04d7e8946ddfd96326abdaa0e5c9aed0690e1378ee29997c29265e05834ec7653104c3a0736fd4eef57a
- SSDEEP
  
  1536:nsXiYT+/q1hsXI4j4zF/vuS0nk8Ng394CgZccjns8jcdvk+TKP6sDy:nsyYFDs44WYfnk7vk+TKP6sO
Score

3^/10
behavioral20
- Target
  
  ninjaripper1.7.1/x86/d3dx8d.dll
- Size
  
  677KB
- MD5
  
  06dcb937d1a7c534c9b745e7e9e62985
- SHA1
  
  265e38e54ffdde1363d7ce57ab39048960e5ea0a
- SHA256
  
  f6e4b6004ba3a6aa8d47f5d273e668123891da09dd3d907ce29d4aaae8ba984e
- SHA512
  
  56ecd076c0cf71fcb577e89cec3f7043a8d372e97efd23549114839d22a2488479623fa15868a97d8818170b151725720b666e822764eeccb0ceb0cdef4331cd
- SSDEEP
  
  12288:RAaluE+pH6ShnH5Ar1upSJPN74h7ZWyjhh2psN9bCoUy0d:RAaAE+pH6qnG74h0yjeogoo
Score

3^/10
behavioral21
- Target
  
  ninjaripper1.7.1/x86/injhelper.exe
- Size
  
  110KB
- MD5
  
  4829922348fd41185d6b18914c2e18d5
- SHA1
  
  07eb7ee71b038893c25daea89184f05bf8e073f4
- SHA256
  
  830429013177f9dbd109172a7b755a7c41f50084ae4468729e637aef64916d34
- SHA512
  
  cf6368923d7c1021b50e116934b8b488e5d6c140826c362b8538b9f2eff86dbc9726fdd82069b22d245b7a334e86dd6832c591fee060ff9a3bb620329ea5e705
- SSDEEP
  
  1536:3H/Hzaqa1jcxwCxpFHkjwy18hcOLbQsWjcdGn/4+/CeCm0A3G:vK9YxzHkwLbfGA+VCm0A3G
Score

1^/10
behavioral22
- Target
  
  ninjaripper1.7.1/x86/intruder.dll
- Size
  
  764KB
- MD5
  
  a8db7b9ecfe10c1b241b2bc8e87a8914
- SHA1
  
  332e3d9129ac2e281d5e733e55b7dcffee7620b8
- SHA256
  
  c24bf074fa8545418d1380ab8c9c673b9aa9dba22b0933ded7b38b5a47af48e3
- SHA512
  
  fe9cf48326a56f2f46774bda60f86d3a332b7aadd41e2c47d93c1d0b7ecb0b1732ae8dbae26c6498457aaa40f0256758a24588e4278b57d02e4258ac6cd5b1d1
- SSDEEP
  
  12288:oVVFsks6PuOexdrITqY/zvK32Lt8ciNVGdGZDkYXd:oV31PudAO32Lt8uDYt
Score

3^/10
behavioral23

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

T1042

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Executes dropped EXE

Modifies system executable filetype association

Registers COM server for autorun

Adds Run key to start application

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23