Overview

overview

10

Static

static

3

RC7.zip

windows7-x64

1

RC7.zip

windows10-2004-x64

1

AlphaBlendTextBox.dll

windows7-x64

1

AlphaBlendTextBox.dll

windows10-2004-x64

1

Bunifu_UI_v1.5.3.dll

windows7-x64

1

Bunifu_UI_v1.5.3.dll

windows10-2004-x64

1

HWID.exe

windows7-x64

10

HWID.exe

windows10-2004-x64

10

RC7/AlphaB...ox.dll

windows7-x64

1

RC7/AlphaB...ox.dll

windows10-2004-x64

1

RC7/Bunifu....3.dll

windows7-x64

1

RC7/Bunifu....3.dll

windows10-2004-x64

1

RC7/Monaco.html

windows7-x64

1

RC7/Monaco.html

windows10-2004-x64

1

RC7/MonacoEditor.html

windows7-x64

1

RC7/MonacoEditor.html

windows10-2004-x64

1

RC7/RC7.exe

windows7-x64

10

RC7/RC7.exe

windows10-2004-x64

10

RC7/RC7_UI.exe

windows7-x64

1

RC7/RC7_UI.exe

windows10-2004-x64

1

RC7/Themes...me.zip

windows7-x64

1

RC7/Themes...me.zip

windows10-2004-x64

1

RC7/Themes...me.zip

windows7-x64

1

RC7/Themes...me.zip

windows10-2004-x64

1

RC7/Themes...me.zip

windows7-x64

1

RC7/Themes...me.zip

windows10-2004-x64

1

RC7/Themes...me.zip

windows7-x64

1

RC7/Themes...me.zip

windows10-2004-x64

1

RC7/Themes...me.zip

windows7-x64

1

RC7/Themes...me.zip

windows10-2004-x64

1

RC7/Themes...me.zip

windows7-x64

1

RC7/Themes...me.zip

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RC7.zip

  • Size

    10.4MB

  • Sample

    231207-dtp2mahael

  • MD5

    f013b378cda7df27b3520b8a1aa167c6

  • SHA1

    e29e120ae735ef89057bd6f285daf0b467239e65

  • SHA256

    c2896e90b50b14aa6ad8d39f7d828f92e963f6b756e8cb2d075046913e497a81

  • SHA512

    55c6b21e13cf645c8d2aab8e8a27bd55e591b41460bb88e75659cdb040a9fa13178b5f66f48af7941886844981ab5b3fce2f8412d232af6475ad85159dae920f

  • SSDEEP

    196608:bzvW907ZvRLSuNhkYtvNl5oENhkYt4a61QKAmtphMa7k/vg:bLW275lPh5hN8Qh5B61QCp2m

Score
10/10
umbralxwormratstealertrojan

Malware Config

Extracted

Family

xworm

C2

owner-cc.gl.at.ply.gg:32281

Attributes
  • install_file

    USB.exe

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1179573880306806895/9PPafRuKqunRXMBgRp7lwh-lO7PV6gpu6bih39np__mk8ZAghkJ95dBDKUvofe3l-iRe

https://discord.com/api/webhooks/1181010758201520208/iCxvWqp_69ofS-eHs5naW1_4vBzPxLSr9zIR5Bso1e4orm8yDICPrre5CTF60DCywY_3

Targets

    • Target

      RC7.zip

    • Size

      10.4MB

    • MD5

      f013b378cda7df27b3520b8a1aa167c6

    • SHA1

      e29e120ae735ef89057bd6f285daf0b467239e65

    • SHA256

      c2896e90b50b14aa6ad8d39f7d828f92e963f6b756e8cb2d075046913e497a81

    • SHA512

      55c6b21e13cf645c8d2aab8e8a27bd55e591b41460bb88e75659cdb040a9fa13178b5f66f48af7941886844981ab5b3fce2f8412d232af6475ad85159dae920f

    • SSDEEP

      196608:bzvW907ZvRLSuNhkYtvNl5oENhkYt4a61QKAmtphMa7k/vg:bLW275lPh5hN8Qh5B61QCp2m

    Score
    1/10
    behavioral1behavioral2

    • Target

      AlphaBlendTextBox.dll

    • Size

      24KB

    • MD5

      e6b8735ea19da68d9baa23f945a6fad3

    • SHA1

      65ae6742bf4106ce56d57d3ab427bd3e379f9ca3

    • SHA256

      48541be9ed6be56e4ee61dd48ce6b237b7a83a3be4db5a54ce350a042c77ecfe

    • SHA512

      ca3f3945406b9dc64b67f78cb75687b487203f177f4d3a96ae070f5aafa01ef43c733dd69847c095d6484a616abfe85f37568f8b289564693b6a3947fcac4585

    • SSDEEP

      192:iDGJzcLqS+q+obtogcv7QZYU+Am6+cfX/huI1Ps1YK2c5PkDVX:iKqHtobQZYU+Al+8XAI1q2c5PkDVX

    Score
    1/10
    behavioral3behavioral4

    • Target

      Bunifu_UI_v1.5.3.dll

    • Size

      236KB

    • MD5

      2ecb51ab00c5f340380ecf849291dbcf

    • SHA1

      1a4dffbce2a4ce65495ed79eab42a4da3b660931

    • SHA256

      f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

    • SHA512

      e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

    • SSDEEP

      6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG

    Score
    1/10
    behavioral5behavioral6

    • Target

      HWID.exe

    • Size

      149KB

    • MD5

      2c1ec91ada25a4a34441200dd9773c2a

    • SHA1

      80154f3f48a32866de9742bed33ebb907086125e

    • SHA256

      0f8980228acd3d9dd7bc9208c13a68b244ee903212327e4d350a82010aa37993

    • SHA512

      0ff2d7b2ac069c8bb2b381333f896b2d09ee0c0ec23b1943c35ae758adc71bd34c69502fb22208b1bdb568bda8a908ed548f407010d09532664b02d83fde5b99

    • SSDEEP

      3072:+r8dXu13UyQlK/UbZcZJuQCdM79xQbj8alpC5cgiTWMolM2i:+r8de1krcsbQuQpUQallgiboF

    Score
    10/10
    umbralxwormratstealertrojan

    • Detect Umbral payload

    • Detect Xworm Payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral7behavioral8

    • Target

      RC7/AlphaBlendTextBox.dll

    • Size

      24KB

    • MD5

      e6b8735ea19da68d9baa23f945a6fad3

    • SHA1

      65ae6742bf4106ce56d57d3ab427bd3e379f9ca3

    • SHA256

      48541be9ed6be56e4ee61dd48ce6b237b7a83a3be4db5a54ce350a042c77ecfe

    • SHA512

      ca3f3945406b9dc64b67f78cb75687b487203f177f4d3a96ae070f5aafa01ef43c733dd69847c095d6484a616abfe85f37568f8b289564693b6a3947fcac4585

    • SSDEEP

      192:iDGJzcLqS+q+obtogcv7QZYU+Am6+cfX/huI1Ps1YK2c5PkDVX:iKqHtobQZYU+Al+8XAI1q2c5PkDVX

    Score
    1/10
    behavioral10behavioral9

    • Target

      RC7/Bunifu_UI_v1.5.3.dll

    • Size

      236KB

    • MD5

      2ecb51ab00c5f340380ecf849291dbcf

    • SHA1

      1a4dffbce2a4ce65495ed79eab42a4da3b660931

    • SHA256

      f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

    • SHA512

      e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

    • SSDEEP

      6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG

    Score
    1/10
    behavioral11behavioral12

    • Target

      RC7/Monaco.html

    • Size

      6KB

    • MD5

      fc63d6f8cfd66d984df8e003cd30ce4c

    • SHA1

      767beb1b385f89ef98d6aab11abacc564fc3c2b7

    • SHA256

      aaf84c7789f9f4a7505c408e484d0d04a5ddfe2badd3973acd41bf2e6a2bfbf5

    • SHA512

      843bb9660de5827a28a94799c4b745bc2c1c56db72d36b989ea2b72a3868d0b68fac36b5e320293e26034e4d2b0f9b0946162ea2f4b8e919131d888a825e5101

    • SSDEEP

      192:Q3+OKFLvkJj7gpk32eynKZyt7TJPAqkvKU3LI+QrzZws:Y+OKFK3gi32eynAhs

    Score
    1/10
    behavioral13behavioral14

    • Target

      RC7/MonacoEditor.html

    • Size

      6KB

    • MD5

      cff4feef176cef910036d01c653d9287

    • SHA1

      2ec40c7ea8d85a126c39f294d82cd128217c0b6a

    • SHA256

      3e06c186e632d01ebc2ef38fb0c082f26e14132697afe8750173f4a09569147a

    • SHA512

      f1d5707a947d1172cd8b06b8dec8cffd8ae88486c4a7a685ef88b8c619fee84efcf0cf5ec193c1f5b3dfcb3bf5aa74cb5ce89003d092d7414aadf2c2a6e5587d

    • SSDEEP

      192:Q3+OKFLvkJj7ppk32eynKZyt7TJPAqkvKU3LI+QrzZws:Y+OKFK3pi32eynAhs

    Score
    1/10
    behavioral15behavioral16

    • Target

      RC7/RC7.exe

    • Size

      160KB

    • MD5

      40e89aaf41d4ebda079572167d4665e7

    • SHA1

      c14a019a862aa3f595da7d15cc993f4f894d10a5

    • SHA256

      95388dfe045e7e976186c3ab0286ed8aa77bdb299c867f8c3e46f23ff7624a4d

    • SHA512

      035996ef789c0dc972265ec04652d01e1a530e61d4dfdd3fadc6e502a46b054e2b88fd5347d63deba491924b67c466996208f33f9a5019eb60923445551ce554

    • SSDEEP

      3072:Vjt4sK0uoEz8jh6oKyIPw+lV59i/XvGO0EFA0K+ymEN4NI:VjysKJ8cNP779Wvwc19yx

    Score
    10/10
    umbralxwormratstealertrojan

    • Detect Umbral payload

    • Detect Xworm Payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral17behavioral18

    • Target

      RC7/RC7_UI.exe

    • Size

      826KB

    • MD5

      45d0009f95434cada8309d733fb511a7

    • SHA1

      446df53ed8df57635e7f4f9df5cdfcd3cabd340e

    • SHA256

      54a33b2d706978be99f68864b045445b61677213bfda6c5f9716fb0730fc423f

    • SHA512

      5850525d49c64e367d442e2815abe4560b802ef173b3f3f6c3897be5412a6e37d2214de2fd8a78158e7bc2583e5fbbf4f3b19d27630608267d06081c2c64763a

    • SSDEEP

      6144:obBtIJVLfsOIJVLfss8XnXwtQ/c72IkoxkDtSP4EIJVLfsw:oGVLfwVLfiBVLfd

    Score
    1/10
    behavioral19behavioral20

    • Target

      RC7/Themes/Asriel Theme.zip

    • Size

      285KB

    • MD5

      3cb47aa32156a2bed42f2ec5c3b974c4

    • SHA1

      05e123e083070f22511d103461b2363c05c3a747

    • SHA256

      58abda6408dd1451400104c6a38e6db12a08fd5445bdb9b3d9454050c0b84edb

    • SHA512

      dcff30bc6fee625e70dac24df7be1217eccd21a1d0bdf6e9520b069ff9270227e2fb52eb718d3dce92f61c8dcdcb55084b55e42226c81e76efd3c6e6d6bac4aa

    • SSDEEP

      6144:JTiph5oEnQ2borz4uLkSB2zklxwn2e44HG46iZGANTaMo:Ja/Tb4FLdgkjw25nKZGGo

    Score
    1/10
    behavioral21behavioral22

    • Target

      RC7/Themes/Blue Chicago Theme.zip

    • Size

      267KB

    • MD5

      db0a5e33e3aff5fe0cafbc80a4a7e67e

    • SHA1

      2d843ef5d4ade147d4052605dbac35178b86074d

    • SHA256

      f1670cb4b18d18371902f3c1a39f4f685e8c06c9e54638b874b3af2d76427ef6

    • SHA512

      3c8f6efd28e026a27fe941d71545887bb896b9e0bc680d57b72f115855bc4156a049f53dba32e9efa1e67ea4ce3002d6451c485d4862c1dab9b6122c618f9aa2

    • SSDEEP

      6144:mG8u/psKVn0PQEBKUe5NZYILWUP8ZJI+OghiXD6kO:/hKHQvUe+SWy80+OHT6d

    Score
    1/10
    behavioral23behavioral24

    • Target

      RC7/Themes/Blue Stripes Theme.zip

    • Size

      113KB

    • MD5

      b2f7f003b35a8d5530776a76e1900c7d

    • SHA1

      89c5fdb23d3f5591802898053f47b418231ed471

    • SHA256

      f403db72b9fd94964f1a36021e1c2cc39bf476ea1e78111a68ae26b00d97fd2d

    • SHA512

      ceb3ac9d984fff747016f52b9d1aaaf63d4af37d7b532fc72563ee437cac505c6d37754a6d1a84016f57d4347b6680b88be9f32ff476698c5dfce099871bad12

    • SSDEEP

      3072:WKyv5icD30Jrwkzs5DcOsnK/F+Q+GEhdHkJ:WfnLjkz6QOsnEF+xhy

    Score
    1/10
    behavioral25behavioral26

    • Target

      RC7/Themes/Cow Theme.zip

    • Size

      277KB

    • MD5

      24f7183277ad0e63d4de339aa8fbe10d

    • SHA1

      bf9e4c234b48cd2658fd134863ec09a6b8003b5a

    • SHA256

      5c040402f4dded619e349b7596379fe7dcbd0be9e6aafe8c53262e213f4d78ec

    • SHA512

      31d8b4a74a9f581eff9035939fc78f8ccbbd306f8b841089d90c19ade17d25550989497767694bccf7523b26ff90bc9183c4b97d432ef8071aadd306813fe1d3

    • SSDEEP

      6144:Z41HzirZ3jYi6GMq94BTmfn3yLuJQwJby9qejNpCeCsEdFMy1:u1Hzixuzq94BTmf3yLuJLb4qSNpoz3

    Score
    1/10
    behavioral27behavioral28

    • Target

      RC7/Themes/Emilia Theme.zip

    • Size

      250KB

    • MD5

      eee3657cdcb32558a0f95e59397b5baa

    • SHA1

      b5d8e429ca10947f48cbcfd985a2857003f93f59

    • SHA256

      9c2cbddec6042c404c8dd84e13912e1feac43946d01e6060e85945a1f7c080a8

    • SHA512

      abc786ac8321637c54b41d6e2e894fc99cfde369d5762990367b36ed18680e237d1a5f5decc026745a874d777d85dcc4df3bb24f82157def884162b45c12a889

    • SSDEEP

      6144:EQVt3EkYb5321g9KU1vJ4s7hjQYlTkh+jj5ph7D4VIXi:XgkYF36g9HkU7lQMX5oL

    Score
    1/10
    behavioral29behavioral30

    • Target

      RC7/Themes/Frozen Winter Theme.zip

    • Size

      298KB

    • MD5

      4db78cd2a226564deb9e528583d51c14

    • SHA1

      b184c8c43bae307f4818fbe3b1448e8ba2d1938f

    • SHA256

      a1a0f4e2946f9b423c0f6490b09b338a5c23046be2aace86de24007d4804a9a6

    • SHA512

      cba78d29481528d18023de334e4e860f62dff92af6d9022430ea633d4ae1e6fdacc5b3a095b5232c522c6395371d89a301162e8612dea0583753f2df230b2f5c

    • SSDEEP

      6144:L+mrPne8BAUxsV4nlDIqbmnjMx+iya2Hxt9MPJ6P7FruPABA3uSuZ0:KmzneWxicxlbLxoHr0QruahbZ0

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

umbralxwormratstealertrojan
Score
10/10

behavioral8

umbralxwormratstealertrojan
Score
10/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

umbralxwormratstealertrojan
Score
10/10

behavioral18

umbralxwormratstealertrojan
Score
10/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10