General
-
Target
MalwareDatabase-master.zip
-
Size
32.9MB
-
Sample
240228-2eh7jafe25
-
MD5
4637eb683e61304be0a24222c98cbd3b
-
SHA1
f89c7b9c6ea97d4c893477788b4d068a20475481
-
SHA256
4a1404a8e539cf5895d716114e1e0fcb2916e436e74c83cb254896f76f25a471
-
SHA512
666bf721cbc8c8be31644b410647fb5b471efb2ea884322eeffdc22445c794e09bd249de56f082c4c48adcdbe7c3bbcf56b8f4ff26c40ff89502b4797894b22a
-
SSDEEP
786432:uDtcNqOAKm+hsZ7DYfzMRzZH27sgTaF4u4jiwEj7/Ql/G:uDtcN1AKyHiz6ZH27xTaePYsl/G
Static task
static1
Behavioral task
behavioral1
Sample
IMPLANT.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
IMPLANT.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
CLAUDIA.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
CLAUDIA.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
MalwareDatabase-master/Windows/Bonzify.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
MalwareDatabase-master/Windows/Bonzify.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
IMPLANT.EXE
-
Size
146KB
-
MD5
a2bb97bd6c0d0d6301901b37a09d0080
-
SHA1
e995dc112aa31e4781792d899007206c86cccfb9
-
SHA256
9ee1bb6304e49d1a3405dd5e7ff4009db248b3ab7b2e35151e6dc28ea931b8a6
-
SHA512
7286593cdb035bf681d7bf6dd7c482c1f5f16056954df27d082f5e76c8d17c874846c878815662ac7e1ceaa177b1e523f7741325886b1b407f74f20360ae902d
-
SSDEEP
3072:qdZE0roumKHekqLUxO+a6n6vNMRd3IgfT6xtW1GvhAPWt1MPAeWzDfK:qs0ruL8aLNUJIgfWxkchaojK
Score1/10 -
-
-
Target
CLAUDIA.EXE
-
Size
8KB
-
MD5
c3996a10e66e5bf727feeebc1d2640d1
-
SHA1
06d540ac76b42ce19a3c6f5aeb7b4e7251211478
-
SHA256
68282fe5dee100e11c66cd352e6cc9940e42c1511463f143e0fd76fbde146411
-
SHA512
c7a54bf5cc238bad448a5ec73f98e2ddc6a33cc9d0fb72ac068c451152fab658a76f6eff8b4ac4d4e94abbe2fcc22a42f29cd085f1c42a6a8c5a58af4be150d5
-
SSDEEP
192:iPKjE+lmLy6XIj86c8vO9xRulsAXn1Q00W3+VgmgmvlYgYp:iul76XM68GEH2FbdMp
Score1/10 -
-
-
Target
MalwareDatabase-master/Windows/Bonzify.exe
-
Size
6.4MB
-
MD5
9c352d2ce0c0bdc40c72f52ce3480577
-
SHA1
bd4c956186f33c92eb4469f7e5675510d0790e99
-
SHA256
d7e6580054525d3f21f86edfc9f30b7a75ffa829a1eb67ee3cab33f0040dba4e
-
SHA512
c1926d59272df0e049467f4497bcc3631bbc1aa5337e87f4af31bfdba60c9ef460e394380024ffa7e71fef8938761d48d75e9dc93dc7529d2b9c8c638dddae92
-
SSDEEP
196608:/dAMaWetTeAkLIdx751qFTkub//73lc6u7b5VJ2Yx5xIdk3:naWedh+Idx75QYub//73lc6u7bLMYxD
Score8/10-
Modifies AppInit DLL entries
-
Modifies Installed Components in the registry
-
Possible privilege escalation attempt
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-