32d346d89b91d4bfb3a1a98c3734db97fe7e39d4fc7f4800d3be032088e46343 | Triage

Sharing

General

Target

38863298e914053d9fcdb3af4087d059
Size

1.4MB
Sample

231225-ybwrnscbgl
MD5

38863298e914053d9fcdb3af4087d059
SHA1

8fb1d2c7065e880c325d49dcdda7350531846485
SHA256

32d346d89b91d4bfb3a1a98c3734db97fe7e39d4fc7f4800d3be032088e46343
SHA512

e34b4fa93cb614a27d2828134c68b00a8286e025787a45b4769e3a4cccbba07001f7bba5e65993c1a5b9bee6ee5b2214a55df54c3e1c94ef61533ab099cad31f
SSDEEP

24576:hLk1UbRcCev8jVhpC4eM2+MYzXR0DNvguQoOCsbFPpsW13WbiL/g:h4KxeeO4R+DRgTNBpv1G+k

Score

7^/10

evasion trojan upx vmprotect

Malware Config

Targets

- Target
  
  bnbz.tk/bnbz.tk.url
- Size
  
  40B
- MD5
  
  ac31067cced37f0e7815bffacb3076d6
- SHA1
  
  b4c74eaf9aa126191184c4e8ffc4309fab0ea544
- SHA256
  
  8541670fc1d8e85335d766d8d7a30afdac9d13a87302794109e0f9b89e4849a6
- SHA512
  
  9ed865d0631fb55ff62ba0c5dcba0cafb077b6ae4f17de509281125655c31a430421dc2a3d1f080c2cf2f62d17fec70abb51bcd246f1c4664eac84624bbd1c69
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2
- Target
  
  bnbz.tk/xtw.dll
- Size
  
  708KB
- MD5
  
  ee581add0d7464a5b4669370dc3b6c05
- SHA1
  
  b6f14f6f80ef64b214f6058763957fbd8179a739
- SHA256
  
  031ea8eef77d78b8ac2a2c0c9a145ddbf7d5b80bce745f330cd0df2bb5ba9a23
- SHA512
  
  ea2753f10838e93cb42cc61da1ab3a9676cd240ccc7ceaaa1b69dd1a284a78790a9bf6736707b69cb5287998226f4f4df1dbcf97752674584a783289d7828f84
- SSDEEP
  
  12288:dIOVtmdEa4678+sGUf0TIU745cDgZ2ohuvbmtEvUmrAujZ35PM+XCJ5:+O/Jw78+j45cDgtAvSivJrLjZ31M+
Score

7^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  bnbz.tk/xtw.exe
- Size
  
  1.6MB
- MD5
  
  c2d96dbb902b72a686fff1cc4ad028ce
- SHA1
  
  cb951fe6b7e1ae9863846b0ebc38d951a9525278
- SHA256
  
  d31cf94ca55682ba051ab45f66ce6fcbd55d7628f5561190baf1c2a553ab3d27
- SHA512
  
  fc60ac6c74b3bffd6f925fc78d255c1b2a4228fe72dac5341aec4e3be885e306b5fb302d8ff2c2c92ceb3b140b5c0d2800fa5c971c3f987d825208b1b85fefe0
- SSDEEP
  
  24576:BcDCA0+uNY40ZKJ/FLSfCBzZ7R/PCU2QLuSggRu5yq2SVQ:BatOJiMl9/PC7QL/joF2p
Score

1^/10
behavioral5 behavioral6
- Target
  
  bnbz.tk/xtw.od
- Size
  
  38KB
- MD5
  
  142c04466044cb659d8f1923a353e298
- SHA1
  
  75a81be48452a4b1e45c9c7ef3fcd6c8c33bcd92
- SHA256
  
  3320e1068258b70b2e73dad96ce8b4cb2e079a6abaffa55c100294721f431c95
- SHA512
  
  e7adffba8b856e05127918f99cce5861a858f30efb76b683c228f98e864d60ae419f3998ea029f90262368e3d9b3e9f374bd7479a9ca72746fbb25e1b638ee58
- SSDEEP
  
  768:4a7f1AUgjqLedACpirEiMA85b6GmZR1jooYp8BXsAIc00D:j9RgjBACpirEiMuHFMEH
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8