Behavioral task
behavioral1
Sample
454bd68088f17718527b300134cae3eed1c7db3ba7ed9e08d291ef7729229a79.exe
Resource
win10-20231023-en
Behavioral task
behavioral2
Sample
90e6ebc879283382d8b62679351ee7e1aaf7e79c23dd1e462e840838feaa5e69.exe
Resource
win10-20231020-en
Behavioral task
behavioral3
Sample
9b8efc369c7ff541f885c605c462c7d5a16acfbdfef3b28adc4e5418e890142f.exe
Resource
win10-20231023-en
General
-
Target
12034028745.zip
-
Size
1.9MB
-
MD5
538fe271670de8fff891469eeca0a627
-
SHA1
38b49192df671dcdd45f06f9748563377893ec65
-
SHA256
1f0ba2893758c9587f4eca17d0138a9508f30321e36f6b8a6c00358e0dd45f03
-
SHA512
baed8c04399582c4a2f1c087f564ae51832d56af3703e8e5bd2220e278c1baafa230055edfc6aa10bbc7acce31563ca24762bb2d91a9546b4f636d8a7f5e3dad
-
SSDEEP
49152:HQ+OAYllsVKFgVOgp4mvzHzOiHpEvXuPps7DcDZLja:HCHnJFgLumTzOUsuPy7DcDZna
Malware Config
Extracted
bunnyloader
http://37.139.129.145/Bunny/StealerLogs/BunnyLogs_
http://localhost/Bunny/StealerLogs/BunnyLogs_
Signatures
-
Bunnyloader family
-
Processes:
resource yara_rule static1/unpack001/454bd68088f17718527b300134cae3eed1c7db3ba7ed9e08d291ef7729229a79 upx static1/unpack001/9b8efc369c7ff541f885c605c462c7d5a16acfbdfef3b28adc4e5418e890142f upx -
Unsigned PE 5 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/454bd68088f17718527b300134cae3eed1c7db3ba7ed9e08d291ef7729229a79 unpack002/out.upx unpack001/90e6ebc879283382d8b62679351ee7e1aaf7e79c23dd1e462e840838feaa5e69 unpack001/9b8efc369c7ff541f885c605c462c7d5a16acfbdfef3b28adc4e5418e890142f unpack004/out.upx
Files
-
12034028745.zip.zip
Password: infected
-
454bd68088f17718527b300134cae3eed1c7db3ba7ed9e08d291ef7729229a79.exe windows:6 windows x86
Password: infected
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 880KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 612KB - Virtual size: 616KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:6 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 173KB - Virtual size: 173KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 18KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 44KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
90e6ebc879283382d8b62679351ee7e1aaf7e79c23dd1e462e840838feaa5e69.exe windows:6 windows x86
Password: infected
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 173KB - Virtual size: 173KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 18KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 44KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
9b8efc369c7ff541f885c605c462c7d5a16acfbdfef3b28adc4e5418e890142f.exe windows:6 windows x86
Password: infected
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 880KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 610KB - Virtual size: 612KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:6 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 173KB - Virtual size: 172KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 18KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 44KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ