Resubmissions

26-10-2023 15:49

231026-s9ggraee74 10

11-10-2023 12:16

231011-pfymdseg4t 7

General

  • Target

    12034028745.zip

  • Size

    1.9MB

  • Sample

    231026-s9ggraee74

  • MD5

    538fe271670de8fff891469eeca0a627

  • SHA1

    38b49192df671dcdd45f06f9748563377893ec65

  • SHA256

    1f0ba2893758c9587f4eca17d0138a9508f30321e36f6b8a6c00358e0dd45f03

  • SHA512

    baed8c04399582c4a2f1c087f564ae51832d56af3703e8e5bd2220e278c1baafa230055edfc6aa10bbc7acce31563ca24762bb2d91a9546b4f636d8a7f5e3dad

  • SSDEEP

    49152:HQ+OAYllsVKFgVOgp4mvzHzOiHpEvXuPps7DcDZLja:HCHnJFgLumTzOUsuPy7DcDZna

Malware Config

Extracted

Family

bunnyloader

C2

http://37.139.129.145/Bunny/StealerLogs/BunnyLogs_

http://localhost/Bunny/StealerLogs/BunnyLogs_

Targets

    • Target

      454bd68088f17718527b300134cae3eed1c7db3ba7ed9e08d291ef7729229a79

    • Size

      615KB

    • MD5

      dbf727e1effc3631ae634d95a0d88bf3

    • SHA1

      c02d2a18eca78b91b4c4e9e7a45c8d17c8c5bbca

    • SHA256

      454bd68088f17718527b300134cae3eed1c7db3ba7ed9e08d291ef7729229a79

    • SHA512

      24e0da5f90659aa21038e7728169b014a9ca897aaefe2140b75b680955ddd9de74dc320948c4cc743ccbf27f3713879e21a7e5c23f54c32cc0f8ae790cb9fc68

    • SSDEEP

      12288:8yqE9N0R/YPT7arwRhacn1J0zxzWnMZfgspsa:nlERAP6sRh/1UxiApZ

    • BunnyLoader

      BunnyLoader is a loader family written in C++.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      90e6ebc879283382d8b62679351ee7e1aaf7e79c23dd1e462e840838feaa5e69

    • Size

      1.4MB

    • MD5

      bbf53c2f20ac95a3bc18ea7575f2344b

    • SHA1

      059d27dbb4777ed1f17b2aa42c0e7c19ad29b304

    • SHA256

      90e6ebc879283382d8b62679351ee7e1aaf7e79c23dd1e462e840838feaa5e69

    • SHA512

      1c4816500494015896d5b8d1b0b596d066ebcede33a7f1c8db4ed2708e2cd25c764860f8466d4662b4a402637e5085852fc0dc89f3c6dcd765f22f862ba45368

    • SSDEEP

      24576:H5khuFAeSwW1LS8s2tsiODbdGcE/61SHyV8UuThAbJfm9j+XcK8VodAeLJhUM8YJ:cuZW1LS8s2tsdDbC9SKdincKuodAeMMf

    • BunnyLoader

      BunnyLoader is a loader family written in C++.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      9b8efc369c7ff541f885c605c462c7d5a16acfbdfef3b28adc4e5418e890142f

    • Size

      612KB

    • MD5

      59ac3eacd67228850d5478fd3f18df78

    • SHA1

      cdc11d2244321b850fad88a92e704a8ce2255ca7

    • SHA256

      9b8efc369c7ff541f885c605c462c7d5a16acfbdfef3b28adc4e5418e890142f

    • SHA512

      4ec98c66f90254ba51daf9211ac18429329dd65d12a02ba1e6a59a3bfb36ca1e8cfb60e8c9219d72511b7c33f9b9786b2c421953e98bd9055a76b5eb43d9890f

    • SSDEEP

      12288:tZ2eNScaljS/F419WCntAWjVX5ykOKytwz07JK88AMFjYSFPAZ:L2eNSc4wERntjVJxOK1z078sEVlO

    Score
    10/10
    • BunnyLoader

      BunnyLoader is a loader family written in C++.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks