General

  • Target

    MyMalwareDatabase-main.zip

  • Size

    14.7MB

  • Sample

    240303-qg4qgabe68

  • MD5

    3096f2ff7ebc51bddedd7f9afe3412d6

  • SHA1

    8732a5a301dc67089de5adabf12f7081aca78c03

  • SHA256

    332596c3a5a92c4dfbdb3de366d9ab8601f87644c1b4ee7ca416507d859cf284

  • SHA512

    6633cee5419c9e2b7b574aaa2713d7219bbd2b43bd231e8a42dd205a99ac94f231f8976a4861652c55b9e6aa2eb6777f4e928d9c8f994d8141056b11821ebcef

  • SSDEEP

    393216:RGuIT4bBnVAkzt7VrctmpOKC2kef3/ecJvzeeqJP1yxHXqO0T:k/411otuB4Y2R9jyNVy

Malware Config

Targets

    • Target

      MyMalwareDatabase-main/Frog.exe

    • Size

      5.2MB

    • MD5

      6128546e25df18564f28f6d593c51d76

    • SHA1

      b18cdfcb8ea1b70a08ce9925ab0f4ed99ce5c50a

    • SHA256

      c99f3878b0b04624af3c1c452a4f9a86d3ef0496383f9f173587cf6f14eae55a

    • SHA512

      019a3bdce86e5e5c374502a761855f577f8d742932e86f5d85ca4975c41ac94378a7d5c07e8a357c6e0de7f114914d8666780fa3f4b09a85a902fcf24cf32a35

    • SSDEEP

      98304:OZEVrN/30MkE0bGDdFXm3BpqZdolLF4axzDPv9uVlDD23iX8pbelR00:OZcrh3D0iD7mpqZdolLXzTvytwm1

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $1/1337/Frog.exe

    • Size

      4.3MB

    • MD5

      41e75c80873b0ca18d56ddaba4c5aadd

    • SHA1

      1d0423d6e66a4739db22939e1c16bcdc7eaa9746

    • SHA256

      b7d4eef3fa0244a3618b3d60eab9a3ebaf1f8ec5cce9598d37e99b9d7a988cec

    • SHA512

      402de19c72015fefefe02347fad8907762c991538c4ef7aa6b646c90d6fd7aadadcdb8be9f03d78a1b7cec712516faa318fde738b52dfa7b3aaa34219f2d1530

    • SSDEEP

      49152:JP0vfTi05cfHQDVaztRT5hvCy87QSJEXnjnnxGBSMq27IIXPfSNcnlqA0gqEoddl:JPOCQQdEQSSXnjnxvMfXPq4lqdxn+bo

    Score
    3/10
    • Target

      $1/1337/php5ts.dll

    • Size

      6.5MB

    • MD5

      c9aff68f6673fae7580527e8c76805b6

    • SHA1

      bb62cc1db82cfe07a8c08a36446569dfc9c76d10

    • SHA256

      9b2c8b8c4cec301c4303f58ca4e8b261d516f10feb24573b092dfccc263baea4

    • SHA512

      c7836f46e535046562046fdd8d3264cd712a78c0f41eab152c88ea91b17d34f000e2387ded7e9e7b3410332354aabf8ca7d37729eb68e46ab5ce58936e63ac56

    • SSDEEP

      98304:NIj1qYT5UnbVloeFVRFHFq0N8WaumOQp0BAUZLtYX:KEPLPFHFZNKumOQp0VRE

    Score
    1/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      2ae993a2ffec0c137eb51c8832691bcb

    • SHA1

      98e0b37b7c14890f8a599f35678af5e9435906e1

    • SHA256

      681382f3134de5c6272a49dd13651c8c201b89c247b471191496e7335702fa59

    • SHA512

      2501371eb09c01746119305ba080f3b8c41e64535ff09cee4f51322530366d0bd5322ea5290a466356598027e6cda8ab360caef62dcaf560d630742e2dd9bcd9

    • SSDEEP

      192:vPtkumJX7zB22kGwfy0mtVgkCPOsE1un:k702k5qpdsEQn

    Score
    3/10
    • Target

      GonnaCry.exe

    • Size

      1.0MB

    • MD5

      5c6b6244b5f8e3e6209970c384a5aa90

    • SHA1

      6b79e93da1f93f386e0394698f1168d725c191d2

    • SHA256

      f41e3ac3d363cb5ced9367be026cdf49d0ebc56f38d26baebf90755df2db4ea8

    • SHA512

      07e02c84ba236182c319fd2e4016c5e03856362e01d3ae2b028db7d23d0c9322e2a6e53121f46e6db1a84f91cc8f80ebcf3010be3e6199ce37ef0b1f9987d5a1

    • SSDEEP

      24576:w3amJV5hsm29O/6GCn9EcHayW3d2wdDn+ZA/5gjbnI3OkLFxD5tKZDunjxynuzl:mamFam3/6GCn9GdJ5n35gjbnI3OkLFxL

    Score
    1/10
    • Target

      MyMalwareDatabase-main/Hydromatic (1).exe

    • Size

      67KB

    • MD5

      4033ef7bba1229a8f28e6d9062d1943a

    • SHA1

      73ef4f5b4f3383d22b2cc06fd2939a330ea89fc6

    • SHA256

      08f881b563c396b41efa011503fa151e091584874ece328a5cf75d96a1b4ffa7

    • SHA512

      85c33862cfde2b134d577115367b11fc56a84e0145f606ae9aacc0fe5fac3a772776ec65025745735612696547e677c556a12bde2f6045fc413151aa44f75654

    • SSDEEP

      768:n9th1HLvrFaYJBjKnKH5R/UtImG0YrpLHk8HoLMnEtk6IF4iLF:n9t3swBjMy7Uim7YrdwInG2

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      Losange.exe

    • Size

      61KB

    • MD5

      a71d36fdb4a720dd8d79e1ec1ec12eba

    • SHA1

      eba90acd1a83261de5c324fe3ebe541c6d9ecbb2

    • SHA256

      8b13b4edc52779a0392aa2226f04ea7ad32e82880db80068d92d7a010cedd3a7

    • SHA512

      9ef405dc7aa6ababf7ae08c6d18719cace1bb426fb81311527d946d0ede6d60119cc8caffacebc77faaeb920f9dc9874838c1f3983b85504700d3e7bbba380c2

    • SSDEEP

      384:YDIiieTaIkayaEEk1drIa5YzfmRT0HRtdH6V3FuAU/caVhCrePQfBXZYG9XoPV9t:Y7flya60DKQrhoYA6KK+BRdoPV9

    Score
    1/10
    • Target

      MyMalwareDatabase-main/Monoxidex64.exe.vir

    • Size

      330KB

    • MD5

      692361071bbbb3e9243d09dc190fedea

    • SHA1

      04894c41500859ea3617b0780f1cc2ba82a40daf

    • SHA256

      ae9405b9556c24389ee359993f45926a895481c8d60d98b91a3065f5c026cffe

    • SHA512

      cfdd627d228c89a4cc2eac27dcdc45507f1e4265eff108958de0e26e0d1abe7598a5347be77d1a52256de70c77129f1cd0e9b31c023e1263f4cf04dbc689c87e

    • SSDEEP

      3072:7/yvAAdLz9aha9RMXtdf+IBC2nQ4oUehONFlT7vJ333AlOi9E3AAqgm:z6dLzgiMXzBTJTDqlOi9E3AAqgm

    Score
    1/10
    • Target

      NightMare.exe

    • Size

      42KB

    • MD5

      4c5dfe827dd3465bb97016996936fe38

    • SHA1

      010b868fe1a9e637912226a1eda1b73d901347dd

    • SHA256

      366373109445178df10e219c3d58ea40b435c3cc20f80be7398d199aee01f62b

    • SHA512

      e0692e425b7c702d297c88f0495c3bdae53eb566c3128f334d0e87e90a7047c433633f918ab6163a025a488111bcb2f199df0852b338fdc00e524897a2a7d82e

    • SSDEEP

      768:73oACIqXSoiSnWsHorfhH7HjVq9HTtYcFA/Vc6K:7TCxNn/orfhbDVqRD8Vcl

    • UAC bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • Modifies system executable filetype association

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    • Target

      REGFuck.bat

    • Size

      361B

    • MD5

      4dc10e79d4e34f78d0be4d9ccaa8e398

    • SHA1

      f669ba133ed65fdd3c47c28645253cc72cdd3e8b

    • SHA256

      86a4561de3e0848a86c5ae54e6b0a6510b7523a6d3f3069a2e88fe1b89019838

    • SHA512

      da4b82701e2fa7d17000c7de04f05146ba1cc927bba6fe43135ad36de986c996d1a5219b9727b83b84584e12d876f51d3f8db5c3e7c9599d65acf948cdc94851

    Score
    1/10
    • Target

      MyMalwareDatabase-main/NoEscape (1).exe

    • Size

      666KB

    • MD5

      989ae3d195203b323aa2b3adf04e9833

    • SHA1

      31a45521bc672abcf64e50284ca5d4e6b3687dc8

    • SHA256

      d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f

    • SHA512

      e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305

    • SSDEEP

      12288:85J5X487qJUtcWfkVJ6g5s/cD01oKHQyis2AePsr8nP712TB:s487pcZEgwcDpg1L2tbPR2t

    • Target

      MyMalwareDatabase-main/Protactinium (1).exe

    • Size

      43KB

    • MD5

      f6aa0dd947ff84db2c0e991aab776dcc

    • SHA1

      73d377c8d4b7d04ac9fd6c47d74491d76ca6cf6e

    • SHA256

      2ab5f10366ebad9e4af9369730495a6bd48ad278e78f880a54d583024491786d

    • SHA512

      3d81ae0131c6fc531d0592259d5cf7296aa61487de785e5b534a696867ae9ef8abae19aa1b938a62db6492af38829dfdbeb7da0d69ba2253b26cb8dd41d8bc83

    • SSDEEP

      384:1bGThpZmtWqjV0rABs4q56hDLApNEKYZWVOggl6k4+jQukJs0yjW:1bSutWvkBsXqApNTuB/7jeRH

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      Rebcoana.exe

    • Size

      1.2MB

    • MD5

      15a1455c2cdb21d3fa4cbf2fa6e9c195

    • SHA1

      ae52a70d757553b4fb6e45d4c3c75b2fba33b482

    • SHA256

      deb1305cb8db76dde4fc15644301b5312043663c22f5827002a9c6975611e4e0

    • SHA512

      08e8561e3aeab74354ae47f5e361331614249e41e0c855d536008eb87681ea320c79613c51f1da95bfde9c65d84012fc6a9ccf51a89e5f671115105812c69219

    • SSDEEP

      24576:OEh6q1kiiCK7JSEf3fmkvPmK5M6wuEmpocq1RXbAvpeIKmMssGTEJ4:OqkiiCkffvmk5rhXinzbkpEcuW

    Score
    1/10
    • Target

      MyMalwareDatabase-main/Saturn.exe

    • Size

      252KB

    • MD5

      71b94d0f4e7c623b1d9f472aeecdbbd4

    • SHA1

      6f2b194dcb43c5c8e6e037ccffa9b50320dcc461

    • SHA256

      5502e266c3407d1ee605b799cac58b60144a2571d45467ac26e177c5befc84ad

    • SHA512

      99be15c5d25c3d759f29296420f398b1d00b1556ab3a13991dfbb28bac2156fff3a880dfb6a6daa4f57176c3b9725bae87849be930496568781c8bba523f2e2d

    • SSDEEP

      3072:MpK/1U/T2/XJK905M0LHyrczGqAe7nnn5N3kPqd3XmZ+xqfpjD0Ss5Wp:MpK/1U/TP0EqZP0ym+xqfpXl

    Score
    3/10
    • Target

      Sulfoxide/Sulfoxide.exe

    • Size

      300KB

    • MD5

      ebb8e4550da773a639557e3bf7d1b29e

    • SHA1

      53e5cf027ef4e6098d58282a50cc9bf388e47c98

    • SHA256

      84c052915829e69e49d0482f1c0edde678b3ece6ac74ca8d1fe3f0dbe1c05eb0

    • SHA512

      46d99eecc08db1b1d35c16680fbc8a81c4f7f4d7204d9eb777b23a02cff27aa26842feb4aa72ee63de98515e8c7475cc6c199ca8d7e1bb0961740028e80ee484

    • SSDEEP

      3072:2z6P9uEzPMOYXkVCLTqD+8mABNIt4kw7v8F333o:3PeCRDlb3k6r

    Score
    1/10
    • Target

      Sulfoxide/Sulfoxide_fixes.exe

    • Size

      300KB

    • MD5

      1c93aba8d33de352b56173f2dbf218b8

    • SHA1

      ea6ae7089d1d660c085375313b3a64f2c53d8ace

    • SHA256

      39da041a23fdab1324e58ddf546d05e211d0c2b568813a95a76550499ca36ca9

    • SHA512

      8674cc5ab9d7af947eff8fed84bb31cbade8d6f1c4ba58ddf5f41ac18f90bf9b2b9720221cd0250cb3ec6f9510dd5d6f9b0cefac68a5710ec1cc32a532201051

    • SSDEEP

      3072:MzvjbS4+o5VxzVflT7jZh42LABNntsw7v8F333o:sjbbDZjID86r

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

Score
7/10

behavioral2

Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

upx
Score
7/10

behavioral12

upx
Score
7/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

discoveryevasionexploitpersistencetrojan
Score
10/10

behavioral18

discoveryevasionexploitpersistencetrojan
Score
10/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

evasionpersistenceransomwaretrojan
Score
10/10

behavioral23

bootkitevasionpersistence
Score
8/10

behavioral24

bootkitevasionpersistence
Score
8/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10