3f504f7015e51873898235bfac8108d2ea29cdb2dec27c76dd42395316e8ffb0

Resubmissions

01-06-2023 22:52

230601-2tdklagg99 7

01-06-2023 22:46

230601-2p7mwahc2w 7

Sharing

Copy URL

Twitter E-mail

General

Target

Paint tool Sai Angel Drawin.rar
Size

13.8MB
Sample

230601-2tdklagg99
MD5

2c5c59ff806568e1350503816564d3a0
SHA1

02835ba20a515bc408f023ce28c7c354ef36a5af
SHA256

3f504f7015e51873898235bfac8108d2ea29cdb2dec27c76dd42395316e8ffb0
SHA512

a420d20fc5a54a1c7d4572e5ae14db14ac2f33606f776b48752d64a0b463e2e01d01d57e9bc6d665352dd29a354ea87bfdcb3f7b72c8d1ff756ac72220ae2fcc
SSDEEP

393216:8nYZFcUni0wMCaqVW1ynBnl3GHPLlcipVauMwdkJf:8acKBr1qBn5GeSVauvex

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  Paint tool Sai Angel Drawin.rar
- Size
  
  13.8MB
- MD5
  
  2c5c59ff806568e1350503816564d3a0
- SHA1
  
  02835ba20a515bc408f023ce28c7c354ef36a5af
- SHA256
  
  3f504f7015e51873898235bfac8108d2ea29cdb2dec27c76dd42395316e8ffb0
- SHA512
  
  a420d20fc5a54a1c7d4572e5ae14db14ac2f33606f776b48752d64a0b463e2e01d01d57e9bc6d665352dd29a354ea87bfdcb3f7b72c8d1ff756ac72220ae2fcc
- SSDEEP
  
  393216:8nYZFcUni0wMCaqVW1ynBnl3GHPLlcipVauMwdkJf:8acKBr1qBn5GeSVauvex
Score

3^/10
behavioral1 behavioral2
- Target
  
  Paint tool Sai Angel Drawin/Paint Tool SAI/Sai.exe
- Size
  
  1.6MB
- MD5
  
  f8840c6ce81203775f436c7533a5448a
- SHA1
  
  236d89fb9c1517b2aca6c135792ad1d40bb24326
- SHA256
  
  91e5c38110ba2dace3d4d20b8f12f62c01af417c4d27873b36aff393cb6df6c3
- SHA512
  
  4c0944e883823904800ea99e2ebd8f73616af55f9efdf760e553fa4ee90dd419d6e23b1425609ca57e782c91dcb9cfb2cd6ac8a2c3191c503fbef476c9b14403
- SSDEEP
  
  24576:PjNgYD3KIzDlXdXYawBqUqS54iO+QAh76cINTRNCvo5N7QJ:BnHf9+QAYTTAo
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral3 behavioral4
- Target
  
  Paint tool Sai Angel Drawin/Paint Tool SAI/language.conf
- Size
  
  115KB
- MD5
  
  19641cb830e221fa1a255cda33bf0fac
- SHA1
  
  ff8812233908a17a31e9b50ad6f8fbceb6443b97
- SHA256
  
  19dd7ccbc5d4868de82879448939c32bf3ebe264e6e299b4a9c88626a9143945
- SHA512
  
  aaadabf99b3d4c855dc1a609d0c8a061f99b2934cc2dbe7ec083588c53d59282cf913ac86ae8f06ec1ff10f83e359381c2edc677cb821ebf7789fd2ba8ec513f
- SSDEEP
  
  1536:VycVZ9a/KEXCgyFEMRjPQ7WWXXV8WENCDnKNHD2EkL0Xy4cY:0cVZ9MXH+EMRDQ7WWXXVRMj4Y
Score

3^/10
behavioral5 behavioral6
- Target
  
  Paint tool Sai Angel Drawin/Paint Tool SAI/misc.ini
- Size
  
  8KB
- MD5
  
  c21ba21cbb8dfa53b3efddee87624d07
- SHA1
  
  77f307d7483f22e06d07f0638b382808b77484b8
- SHA256
  
  882e83bf0e9241841c31e5c194cae47dbdf3bb5f91f9c4f3b3ef7fe2afd0677a
- SHA512
  
  30dd678e3b2c267a68783cf05331cc8e67c7a24e01a76165a93b5f5e9427328af5603bffb61cc2646dad0081571c6f488e2d6b369bf762d93c079ab4cbfb420e
- SSDEEP
  
  96:WTSGJ70GReTtIEB9Eb2iGPG1c2Z+SuY5q2m1aFAfSvtcW:WT37/2ZB9Eb2RO1FZeY5HUa+SuW
Score

1^/10
behavioral7 behavioral8
- Target
  
  Paint tool Sai Angel Drawin/Paint Tool SAI/papertex.conf
- Size
  
  103B
- MD5
  
  5a066748f4f8dac2f70bb6302ebb2530
- SHA1
  
  7c00b7980609d40dbb3038e552720d627c0bf58c
- SHA256
  
  8a7ad59eb83b4b04bfd003364caa92e629e79bbdaed7abab61925334dd57556d
- SHA512
  
  977b650cf0868d41952bb8540c18a2dac6494537ef7ce04533ff881ed3d3c83ddb67a8db5ca4bf1b06f2ee2e55ab58c99b61ba9d1a290a2ffafb476f76ae0e07
Score

3^/10
behavioral10 behavioral9
- Target
  
  Paint tool Sai Angel Drawin/Paint Tool SAI/papertex/Al Agua A.bmp
- Size
  
  257KB
- MD5
  
  eb4116fcc59605182e8c76f4bb496958
- SHA1
  
  aca13dfd68436c4bf62c13901723f067e2b681a6
- SHA256
  
  43a13ec4f54eff7aaa77ab2a7a292cdbe58dbccdc6d37d95a1ad1528787c7559
- SHA512
  
  9279e02fbf2f437a450fccf5b03524eee4eed33c6e0d09cca4eee3015fb4f0ae714d11c12f13dd414031263282df8aecb4eaa7196674193d2d94c6c77c583dc6
- SSDEEP
  
  6144:JEiKyTU+zvgvE6ZZ1yqB/8mByfNbL7lcP91ZlKzQuUL38Rl6dfQ:JowYvhRUbfNvpS9NxuULMRwd4
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral11 behavioral12
- Target
  
  Paint tool Sai Angel Drawin/Paint Tool SAI/papertex/Al Agua B.bmp
- Size
  
  257KB
- MD5
  
  9dd71181ba3d048b1a3bcce15c2c3871
- SHA1
  
  0c49b850b83910efcf0127cb364777e419afa8b2
- SHA256
  
  7ac03b1f36bd2a0fc257f6a2302f62a97b1098130100e5a7613fa86e1849a499
- SHA512
  
  df4b23d5280b2c0bfe28ffebb688ccb4124ab51f3db1081934553d72d1755c163d70f8dcca132cd33ccb68df3e62f70d674586c5dded782dca8082b0687544bf
- SSDEEP
  
  6144:O10L7Y5/adMbaDOWgyGAIVWCHef4BBrvIDatYDRw22Bva:Od5/adsaaOGAiHefe7IOtn22Ra
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14
- Target
  
  Paint tool Sai Angel Drawin/Paint Tool SAI/papertex/Canvas.bmp
- Size
  
  257KB
- MD5
  
  77abf38ceb44ff0d9f32f1a28106cf40
- SHA1
  
  4384db29026828c4f7497d11a462cf9395646923
- SHA256
  
  56fd2208ac9082c2500b155f5dfd312b3289c53b2e5ae259d6b30e50982a5d76
- SHA512
  
  e3bd4c4fbf7728f389d41dcfa35d4785e77c4ea8323ed48e398a9f5706083b59c26239687308634a3e15117ebb4e78a2f433db967e013205ae3e5c04b9ba497a
- SSDEEP
  
  6144:XzbVhha7RgCzZoLQFYq9+pkzXrudzbVhha7RgCzZoLQFYq9+pkzXru5:XzqgIoLQFYq5udzqgIoLQFYq5u5
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral15 behavioral16
- Target
  
  Paint tool Sai Angel Drawin/Paint Tool SAI/papertex/Lienzo.bmp
- Size
  
  257KB
- MD5
  
  77abf38ceb44ff0d9f32f1a28106cf40
- SHA1
  
  4384db29026828c4f7497d11a462cf9395646923
- SHA256
  
  56fd2208ac9082c2500b155f5dfd312b3289c53b2e5ae259d6b30e50982a5d76
- SHA512
  
  e3bd4c4fbf7728f389d41dcfa35d4785e77c4ea8323ed48e398a9f5706083b59c26239687308634a3e15117ebb4e78a2f433db967e013205ae3e5c04b9ba497a
- SSDEEP
  
  6144:XzbVhha7RgCzZoLQFYq9+pkzXrudzbVhha7RgCzZoLQFYq9+pkzXru5:XzqgIoLQFYq5udzqgIoLQFYq5u5
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral17 behavioral18
- Target
  
  Paint tool Sai Angel Drawin/Paint Tool SAI/papertex/Papel.bmp
- Size
  
  257KB
- MD5
  
  3e940d47505ae20ae27a3023c1e4c5f0
- SHA1
  
  54d857a1756f7d86beab7fdb1b136e8cd579eeac
- SHA256
  
  6cfc0e01583bfd0a1b1598bb954077acd3502bc5c24524132e3a17dac129137c
- SHA512
  
  4e54e9be69330ca2b35871a898ac7cc6d90c3c5b9f1b0f67b796ec3b2e0a50fe7e2633523fb3d096b0733f806f6ea7f9b380b5ebdc7f5c2d11ad2a8054d4618b
- SSDEEP
  
  6144:9tLBKai7LLme60hsGPE5L9FUONQdY3X6Zfpv:wai72D0hsQkFUNEX4pv
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral19 behavioral20
- Target
  
  Paint tool Sai Angel Drawin/Paint Tool SAI/papertex/Paper.bmp
- Size
  
  257KB
- MD5
  
  3e940d47505ae20ae27a3023c1e4c5f0
- SHA1
  
  54d857a1756f7d86beab7fdb1b136e8cd579eeac
- SHA256
  
  6cfc0e01583bfd0a1b1598bb954077acd3502bc5c24524132e3a17dac129137c
- SHA512
  
  4e54e9be69330ca2b35871a898ac7cc6d90c3c5b9f1b0f67b796ec3b2e0a50fe7e2633523fb3d096b0733f806f6ea7f9b380b5ebdc7f5c2d11ad2a8054d4618b
- SSDEEP
  
  6144:9tLBKai7LLme60hsGPE5L9FUONQdY3X6Zfpv:wai72D0hsQkFUNEX4pv
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral21 behavioral22
- Target
  
  Paint tool Sai Angel Drawin/Paint Tool SAI/papertex/Watercolor A.bmp
- Size
  
  257KB
- MD5
  
  eb4116fcc59605182e8c76f4bb496958
- SHA1
  
  aca13dfd68436c4bf62c13901723f067e2b681a6
- SHA256
  
  43a13ec4f54eff7aaa77ab2a7a292cdbe58dbccdc6d37d95a1ad1528787c7559
- SHA512
  
  9279e02fbf2f437a450fccf5b03524eee4eed33c6e0d09cca4eee3015fb4f0ae714d11c12f13dd414031263282df8aecb4eaa7196674193d2d94c6c77c583dc6
- SSDEEP
  
  6144:JEiKyTU+zvgvE6ZZ1yqB/8mByfNbL7lcP91ZlKzQuUL38Rl6dfQ:JowYvhRUbfNvpS9NxuULMRwd4
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral23 behavioral24
- Target
  
  Paint tool Sai Angel Drawin/Paint Tool SAI/papertex/Watercolor B.bmp
- Size
  
  257KB
- MD5
  
  9dd71181ba3d048b1a3bcce15c2c3871
- SHA1
  
  0c49b850b83910efcf0127cb364777e419afa8b2
- SHA256
  
  7ac03b1f36bd2a0fc257f6a2302f62a97b1098130100e5a7613fa86e1849a499
- SHA512
  
  df4b23d5280b2c0bfe28ffebb688ccb4124ab51f3db1081934553d72d1755c163d70f8dcca132cd33ccb68df3e62f70d674586c5dded782dca8082b0687544bf
- SSDEEP
  
  6144:O10L7Y5/adMbaDOWgyGAIVWCHef4BBrvIDatYDRw22Bva:Od5/adsaaOGAiHefe7IOtn22Ra
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral25 behavioral26
- Target
  
  Paint tool Sai Angel Drawin/Paint Tool SAI/presetcvsize.conf
- Size
  
  1KB
- MD5
  
  6adc176c6caf3d298a81848d6172a316
- SHA1
  
  b5b9bcfabbf5567bc39ec38644b7a2e7fd71196b
- SHA256
  
  2e85080e6184ed8a818d535c74992f965a8ea719e657facba86031cde370ec95
- SHA512
  
  de2e623050a79f31d33e8277a43b0bace406ce22707026c39b5133619b057897a377142cb9c420deef9d94a1d7bcc7e184cc4cfc04547941a8141079a97671ad
Score

3^/10
behavioral27 behavioral28
- Target
  
  Paint tool Sai Angel Drawin/Paint Tool SAI/sai.sda
- Size
  
  9KB
- MD5
  
  3c611aa59f6fcfb13d0b8adcaa6b34c7
- SHA1
  
  934f3126347dd381f67d8487ee0f49525afc481e
- SHA256
  
  7916b54e2cf4b8259a3d282d1daa27128abf36d811d7954167392067267ecb20
- SHA512
  
  935774357247730848d17b0fcb8d592a987d37df473edb7a22da25c379ec59c8b947e72dc3459eb5ac630aedd383546ce97e3914bbc48a3ebb46e1d390bea214
- SSDEEP
  
  6:qAKKX0SPLF4Nt6XgNhcXJREFDKjHHT9w4d:qakSzcq/TnT64d
Score

3^/10
behavioral29 behavioral30
- Target
  
  Paint tool Sai Angel Drawin/Paint Tool SAI/sai.ssd
- Size
  
  281KB
- MD5
  
  a2c2f8a0c9580aaccbc5b0c5f5286815
- SHA1
  
  d06626b8d96a84067d07ff53d23e178c7a03f423
- SHA256
  
  8fd9113ea2e9edddb43930a991785cf06994445ee65f93b67c8a45e397f285b7
- SHA512
  
  a554f8ed088732f2a3fa4a30bb66aa615fb1a49dce98fa7c30cf83d5ae4084568d3cc4c634d12aa523203c2bdc782e6c2503ff6162c6df27383c62b2ec93105f
- SSDEEP
  
  6144:ZjWaDIXUjuMtJxgCCrjc/itCZxyCnYs98Sl0NFngXVP:MaDIXUjuIEj5tCZuE8SlWgV
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Writes to the Master Boot Record (MBR)

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32