Overview
overview
10Static
static
7MyMalwareD...og.exe
windows7-x64
7MyMalwareD...og.exe
windows10-2004-x64
7$1/1337/Frog.exe
windows7-x64
3$1/1337/Frog.exe
windows10-2004-x64
3$1/1337/php5ts.dll
windows7-x64
1$1/1337/php5ts.dll
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3MyMalwareD...ry.exe
windows7-x64
1MyMalwareD...ry.exe
windows10-2004-x64
1MyMalwareD...1).exe
windows7-x64
7MyMalwareD...1).exe
windows10-2004-x64
7MyMalwareD...ge.exe
windows7-x64
1MyMalwareD...ge.exe
windows10-2004-x64
1MyMalwareD...64.exe
windows7-x64
1MyMalwareD...64.exe
windows10-2004-x64
1MyMalwareD...re.exe
windows7-x64
10MyMalwareD...re.exe
windows10-2004-x64
10MyMalwareD...ck.bat
windows7-x64
1MyMalwareD...ck.bat
windows10-2004-x64
1MyMalwareD...1).exe
windows7-x64
1MyMalwareD...1).exe
windows10-2004-x64
MyMalwareD...1).exe
windows7-x64
8MyMalwareD...1).exe
windows10-2004-x64
8MyMalwareD...rn.exe
windows7-x64
3MyMalwareD...rn.exe
windows10-2004-x64
3Sulfoxide/...de.exe
windows7-x64
Sulfoxide/...de.exe
windows10-2004-x64
Sulfoxide/...es.exe
windows7-x64
Sulfoxide/...es.exe
windows10-2004-x64
Sulfoxide/...64.exe
windows7-x64
7Sulfoxide/...64.exe
windows10-2004-x64
7Analysis
-
max time kernel
149s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
02-03-2024 20:38
Behavioral task
behavioral1
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/Frog.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/Frog.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$1/1337/Frog.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$1/1337/Frog.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$1/1337/php5ts.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$1/1337/php5ts.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/GonnaCry/GonnaCry.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/GonnaCry/GonnaCry.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/Hydromatic (1).exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/Hydromatic (1).exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/Losange/Losange.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/Losange/Losange.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/Monoxidex64.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/Monoxidex64.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/NightMare/NightMare.exe
Resource
win7-20240220-en
Behavioral task
behavioral18
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/NightMare/NightMare.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/NightMare/REGFuck.bat
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/NightMare/REGFuck.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/NoEscape (1).exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/NoEscape (1).exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/Protactinium (1).exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/Protactinium (1).exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/Saturn.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
MyMalwareDatabase-main/MyMalwareDatabase-main/Saturn.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
Sulfoxide/Sulfoxide.exe
Resource
win7-20240215-en
Behavioral task
behavioral28
Sample
Sulfoxide/Sulfoxide.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
Sulfoxide/Sulfoxide_fixes.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
Sulfoxide/Sulfoxide_fixes.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
Sulfoxide/vcredist_x64.exe
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
Sulfoxide/vcredist_x64.exe
Resource
win10v2004-20240226-en
General
-
Target
MyMalwareDatabase-main/MyMalwareDatabase-main/Frog.exe
-
Size
5.2MB
-
MD5
6128546e25df18564f28f6d593c51d76
-
SHA1
b18cdfcb8ea1b70a08ce9925ab0f4ed99ce5c50a
-
SHA256
c99f3878b0b04624af3c1c452a4f9a86d3ef0496383f9f173587cf6f14eae55a
-
SHA512
019a3bdce86e5e5c374502a761855f577f8d742932e86f5d85ca4975c41ac94378a7d5c07e8a357c6e0de7f114914d8666780fa3f4b09a85a902fcf24cf32a35
-
SSDEEP
98304:OZEVrN/30MkE0bGDdFXm3BpqZdolLF4axzDPv9uVlDD23iX8pbelR00:OZcrh3D0iD7mpqZdolLXzTvytwm1
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
Frog.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation Frog.exe -
Executes dropped EXE 1 IoCs
Processes:
Frog.exepid process 1732 Frog.exe -
Loads dropped DLL 2 IoCs
Processes:
Frog.exeFrog.exepid process 4704 Frog.exe 1732 Frog.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Frog.exedescription pid process target process PID 4704 wrote to memory of 1732 4704 Frog.exe Frog.exe PID 4704 wrote to memory of 1732 4704 Frog.exe Frog.exe PID 4704 wrote to memory of 1732 4704 Frog.exe Frog.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\MyMalwareDatabase-main\MyMalwareDatabase-main\Frog.exe"C:\Users\Admin\AppData\Local\Temp\MyMalwareDatabase-main\MyMalwareDatabase-main\Frog.exe"1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4704 -
C:\Users\Admin\AppData\Roaming\1337\Frog.exe"C:\Users\Admin\AppData\Roaming\1337\Frog.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1732
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD52ae993a2ffec0c137eb51c8832691bcb
SHA198e0b37b7c14890f8a599f35678af5e9435906e1
SHA256681382f3134de5c6272a49dd13651c8c201b89c247b471191496e7335702fa59
SHA5122501371eb09c01746119305ba080f3b8c41e64535ff09cee4f51322530366d0bd5322ea5290a466356598027e6cda8ab360caef62dcaf560d630742e2dd9bcd9
-
Filesize
4.3MB
MD541e75c80873b0ca18d56ddaba4c5aadd
SHA11d0423d6e66a4739db22939e1c16bcdc7eaa9746
SHA256b7d4eef3fa0244a3618b3d60eab9a3ebaf1f8ec5cce9598d37e99b9d7a988cec
SHA512402de19c72015fefefe02347fad8907762c991538c4ef7aa6b646c90d6fd7aadadcdb8be9f03d78a1b7cec712516faa318fde738b52dfa7b3aaa34219f2d1530
-
Filesize
1.3MB
MD5498b332266cedcf8cbd7567c4a39bcbd
SHA1281331dc3fcdc6a821c4b15e71b7bd41603534ed
SHA256aea78dc8b3d694a84f73eb3ff8c366874d81f74e46e92b67d12aab112f58fff9
SHA5126abbd75cc70adf6acb10bca9d981f9eb62ccaf9125ad721fb3668d99220e70fd24467badc65168e88cbcb2850e15e294843d0b231897597239126bc9d00022f7
-
Filesize
6.5MB
MD5c9aff68f6673fae7580527e8c76805b6
SHA1bb62cc1db82cfe07a8c08a36446569dfc9c76d10
SHA2569b2c8b8c4cec301c4303f58ca4e8b261d516f10feb24573b092dfccc263baea4
SHA512c7836f46e535046562046fdd8d3264cd712a78c0f41eab152c88ea91b17d34f000e2387ded7e9e7b3410332354aabf8ca7d37729eb68e46ab5ce58936e63ac56