Analysis Overview
SHA256
348774d6a58c13a8bab223f9a8dbac779e56ad5aab421aaaa6fa30b4c5956b63
Threat Level: Known bad
The file Gui.Gu.Ba.Huang.Plus.54.Trainer.Updated.2023.05.30-FLiNG.zip was found to be: Known bad.
Malicious Activity Summary
R77 family
r77 rootkit payload
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-06-04 04:39
Signatures
R77 family
r77 rootkit payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-06-04 04:39
Reported
2023-06-04 04:42
Platform
win10-20230220-en
Max time kernel
150s
Max time network
125s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Gui Gu Ba Huang Plus 54 Trainer Updated 2023.05.30.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Gui Gu Ba Huang Plus 54 Trainer Updated 2023.05.30.exe
"C:\Users\Admin\AppData\Local\Temp\Gui Gu Ba Huang Plus 54 Trainer Updated 2023.05.30.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | flingtrainer.com | udp |
| US | 104.21.35.160:443 | flingtrainer.com | tcp |
| US | 8.8.8.8:53 | 160.35.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.36.251.142.in-addr.arpa | udp |
| US | 52.168.112.66:443 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | 73.254.224.20.in-addr.arpa | udp |
Files
memory/3532-122-0x000002EBE1220000-0x000002EBE1254000-memory.dmp
memory/3532-125-0x000002EBE1280000-0x000002EBE1290000-memory.dmp
memory/3532-126-0x000002EBE1280000-0x000002EBE1290000-memory.dmp
memory/3532-127-0x000002EB80010000-0x000002EB80018000-memory.dmp
memory/3532-128-0x000002EBE1280000-0x000002EBE1290000-memory.dmp
memory/3532-129-0x000002EBE1280000-0x000002EBE1290000-memory.dmp
memory/3532-130-0x000002EBE1280000-0x000002EBE1290000-memory.dmp
memory/3532-131-0x000002EB80AB0000-0x000002EB80AE8000-memory.dmp
memory/3532-146-0x000002EBE1280000-0x000002EBE1290000-memory.dmp