2c21ca7f232beffd48a26b0efb80cbbe93345184f29eee2cf175c73d6822c204

General

Target

KRNLWRD.rar
Size

5.5MB
Sample

230708-ylldpahf49
MD5

79c6e7a622b2c1379a8144c9d1ddeee2
SHA1

f60e0fd39d41e2d4b0ed9fda16fc8f54e64d2b71
SHA256

2c21ca7f232beffd48a26b0efb80cbbe93345184f29eee2cf175c73d6822c204
SHA512

0c5c612929d1668ee7c40e210b0f8520c69f8917f1de8bf19fa932900c56a22ce1336f8dc5b7d410633f26f4157130a2583b3b94f0bc849a49b84decd3ae56a6
SSDEEP

98304:q1cOn9jxVE/jeMQychzOeGVffeVrkHUucEW18NdBhC7u1r1Cr9aQxUw:qOOdE3qhzXGVHeVr/mAuJ141H

Score

8^/10

discovery

Malware Config

Targets

- Target
  
  KRNLWRD/Bunifu_UI_v1.5.3.dll
- Size
  
  236KB
- MD5
  
  2ecb51ab00c5f340380ecf849291dbcf
- SHA1
  
  1a4dffbce2a4ce65495ed79eab42a4da3b660931
- SHA256
  
  f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf
- SHA512
  
  e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b
- SSDEEP
  
  6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
Score

8^/10

discovery
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  KRNLWRD/ScintillaNET.dll
- Size
  
  1.3MB
- MD5
  
  9166536c31f4e725e6befe85e2889a4b
- SHA1
  
  f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae
- SHA256
  
  ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163
- SHA512
  
  113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562
- SSDEEP
  
  24576:IJSShz305vgNF7/cOCPHPSVs4Eq+QTNX+cfQdS+2MMPishd/Ws5:ti0aNvoHqs4L95X+cfx/HGC
Score

1^/10
behavioral2
- Target
  
  KRNLWRD/injector.dll
- Size
  
  1.2MB
- MD5
  
  a1b9c6fdb702f4456a385ee93a1a77eb
- SHA1
  
  283b10148e08fa8bd6d8ec47f8e62c556fb768cc
- SHA256
  
  4cd782cfc5344a942f3f0a61c021122ded48b5e175de76f393419901708c04d4
- SHA512
  
  447ed5b2656fdb225c799270421b9e3459ac44ae7be06a84bd6c67c2304b8076eb562e3d191e8a43190338fa4e67a8b3cf7afd3eb788c707497cb090b98af0ca
- SSDEEP
  
  24576:F4L8ZNLC0RaGGeeh9dWHjQyAToCF+i15b1lpJyIOYCdcb65Jhz+:Fxf89ajQyAToCF+iVJyIHocb65Hz+
Score

3^/10
behavioral3
- Target
  
  KRNLWRD/krnl.dll
- Size
  
  3.6MB
- MD5
  
  fc60421668db13abf48ba5465e3ab495
- SHA1
  
  6b13d1a54e8b48202e21f67216ca67b7bc4df2d2
- SHA256
  
  a03e2456d3464bbfecd36969db85c24d313d6e5fb033861112f477e81373768b
- SHA512
  
  0a1de5cfd2599171036a365cf86ce421215dc7883012080cc65161935e9dc4b6e4a2b6176cf7239755c2fc85c39c0269fea054c0db5906df7b7f36d655a4d9e5
- SSDEEP
  
  49152:hkNojQZIux3HiL0d1iHMb/6ThRaIg1YYy1Oj7HqEawQrrrtBVi0EESW/JedjXwfs:5Xux3qI1isbSThRab1bymaj/LoEV0hy
Score

3^/10
behavioral4
- Target
  
  KRNLWRD/krnl.exe
- Size
  
  1.5MB
- MD5
  
  b4d30c9b8d8285090d6a23f86c9d418e
- SHA1
  
  ec0749a7d4d0fe5ebcb6fe732a839c13f02bb4f8
- SHA256
  
  16a708453fef15c6949ef6278020b9df440bb5e93d2b644dacc37729f3e6c09f
- SHA512
  
  9e38805aedc2276e7fe457cb9b2f7d5432ea69049bfc1876969f072e6c73e067808072f74b9e3d97f4567ec7611e464500b229a08dd8c1737bb5ead60598cbd4
- SSDEEP
  
  12288:anWI3rG06x7+G70EE/0GGGGGGhGGGGxdoM43nwVkokblUI:anWuC0AC4ysGGGGGGhGGGGx1VpsL
Score

3^/10
behavioral5
- Target
  
  KRNLWRD/krnlss.exe.config
- Size
  
  202B
- MD5
  
  0ed4b3831ff5e91dff636145f68aac4c
- SHA1
  
  2d1140812945dc1b9e400a88c911803639cb2e49
- SHA256
  
  03962ae5a55dfc70e2717771a9a7aa37b956b2c5b4c62e3cff9fe24360250347
- SHA512
  
  4039d0272678777ba6fa496baf875050bd4c29352fffd37af8c3c07fb2abeedc54ba04a3dd085b491d848e951ccfcbd67ec7ba50a10ec0c624df45e98c18bf1c
Score

1^/10
behavioral6