Overview
overview
10Static
static
7MyMalwareD...og.exe
windows7-x64
7MyMalwareD...og.exe
windows10-2004-x64
7$1/1337/Frog.exe
windows7-x64
3$1/1337/Frog.exe
windows10-2004-x64
3$1/1337/php5ts.dll
windows7-x64
1$1/1337/php5ts.dll
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3GonnaCry.exe
windows7-x64
1GonnaCry.exe
windows10-2004-x64
1MyMalwareD...1).exe
windows7-x64
7MyMalwareD...1).exe
windows10-2004-x64
7Losange.exe
windows7-x64
1Losange.exe
windows10-2004-x64
1MyMalwareD...64.exe
windows7-x64
1MyMalwareD...64.exe
windows10-2004-x64
1NightMare.exe
windows7-x64
10NightMare.exe
windows10-2004-x64
10REGFuck.bat
windows7-x64
1REGFuck.bat
windows10-2004-x64
1MyMalwareD...1).exe
windows7-x64
1MyMalwareD...1).exe
windows10-2004-x64
MyMalwareD...1).exe
windows7-x64
8MyMalwareD...1).exe
windows10-2004-x64
8Rebcoana.exe
windows7-x64
1Rebcoana.exe
windows10-2004-x64
1MyMalwareD...rn.exe
windows7-x64
3MyMalwareD...rn.exe
windows10-2004-x64
3Sulfoxide/...de.exe
windows7-x64
Sulfoxide/...de.exe
windows10-2004-x64
Sulfoxide/...es.exe
windows7-x64
Sulfoxide/...es.exe
windows10-2004-x64
General
-
Target
MyMalwareDatabase-main.zip
-
Size
14.7MB
-
Sample
240303-qg4qgabe68
-
MD5
3096f2ff7ebc51bddedd7f9afe3412d6
-
SHA1
8732a5a301dc67089de5adabf12f7081aca78c03
-
SHA256
332596c3a5a92c4dfbdb3de366d9ab8601f87644c1b4ee7ca416507d859cf284
-
SHA512
6633cee5419c9e2b7b574aaa2713d7219bbd2b43bd231e8a42dd205a99ac94f231f8976a4861652c55b9e6aa2eb6777f4e928d9c8f994d8141056b11821ebcef
-
SSDEEP
393216:RGuIT4bBnVAkzt7VrctmpOKC2kef3/ecJvzeeqJP1yxHXqO0T:k/411otuB4Y2R9jyNVy
Behavioral task
behavioral1
Sample
MyMalwareDatabase-main/Frog.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
MyMalwareDatabase-main/Frog.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$1/1337/Frog.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$1/1337/Frog.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$1/1337/php5ts.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$1/1337/php5ts.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
GonnaCry.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
GonnaCry.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
MyMalwareDatabase-main/Hydromatic (1).exe
Resource
win7-20240215-en
Behavioral task
behavioral12
Sample
MyMalwareDatabase-main/Hydromatic (1).exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
Losange.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
Losange.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
MyMalwareDatabase-main/Monoxidex64.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
MyMalwareDatabase-main/Monoxidex64.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
NightMare.exe
Resource
win7-20240215-en
Behavioral task
behavioral18
Sample
NightMare.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
REGFuck.bat
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
REGFuck.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
MyMalwareDatabase-main/NoEscape (1).exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
MyMalwareDatabase-main/NoEscape (1).exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
MyMalwareDatabase-main/Protactinium (1).exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
MyMalwareDatabase-main/Protactinium (1).exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
Rebcoana.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
Rebcoana.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
MyMalwareDatabase-main/Saturn.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
MyMalwareDatabase-main/Saturn.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
Sulfoxide/Sulfoxide.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
Sulfoxide/Sulfoxide.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
Sulfoxide/Sulfoxide_fixes.exe
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
Sulfoxide/Sulfoxide_fixes.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
MyMalwareDatabase-main/Frog.exe
-
Size
5.2MB
-
MD5
6128546e25df18564f28f6d593c51d76
-
SHA1
b18cdfcb8ea1b70a08ce9925ab0f4ed99ce5c50a
-
SHA256
c99f3878b0b04624af3c1c452a4f9a86d3ef0496383f9f173587cf6f14eae55a
-
SHA512
019a3bdce86e5e5c374502a761855f577f8d742932e86f5d85ca4975c41ac94378a7d5c07e8a357c6e0de7f114914d8666780fa3f4b09a85a902fcf24cf32a35
-
SSDEEP
98304:OZEVrN/30MkE0bGDdFXm3BpqZdolLF4axzDPv9uVlDD23iX8pbelR00:OZcrh3D0iD7mpqZdolLXzTvytwm1
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$1/1337/Frog.exe
-
Size
4.3MB
-
MD5
41e75c80873b0ca18d56ddaba4c5aadd
-
SHA1
1d0423d6e66a4739db22939e1c16bcdc7eaa9746
-
SHA256
b7d4eef3fa0244a3618b3d60eab9a3ebaf1f8ec5cce9598d37e99b9d7a988cec
-
SHA512
402de19c72015fefefe02347fad8907762c991538c4ef7aa6b646c90d6fd7aadadcdb8be9f03d78a1b7cec712516faa318fde738b52dfa7b3aaa34219f2d1530
-
SSDEEP
49152:JP0vfTi05cfHQDVaztRT5hvCy87QSJEXnjnnxGBSMq27IIXPfSNcnlqA0gqEoddl:JPOCQQdEQSSXnjnxvMfXPq4lqdxn+bo
Score3/10 -
-
-
Target
$1/1337/php5ts.dll
-
Size
6.5MB
-
MD5
c9aff68f6673fae7580527e8c76805b6
-
SHA1
bb62cc1db82cfe07a8c08a36446569dfc9c76d10
-
SHA256
9b2c8b8c4cec301c4303f58ca4e8b261d516f10feb24573b092dfccc263baea4
-
SHA512
c7836f46e535046562046fdd8d3264cd712a78c0f41eab152c88ea91b17d34f000e2387ded7e9e7b3410332354aabf8ca7d37729eb68e46ab5ce58936e63ac56
-
SSDEEP
98304:NIj1qYT5UnbVloeFVRFHFq0N8WaumOQp0BAUZLtYX:KEPLPFHFZNKumOQp0VRE
Score1/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
2ae993a2ffec0c137eb51c8832691bcb
-
SHA1
98e0b37b7c14890f8a599f35678af5e9435906e1
-
SHA256
681382f3134de5c6272a49dd13651c8c201b89c247b471191496e7335702fa59
-
SHA512
2501371eb09c01746119305ba080f3b8c41e64535ff09cee4f51322530366d0bd5322ea5290a466356598027e6cda8ab360caef62dcaf560d630742e2dd9bcd9
-
SSDEEP
192:vPtkumJX7zB22kGwfy0mtVgkCPOsE1un:k702k5qpdsEQn
Score3/10 -
-
-
Target
GonnaCry.exe
-
Size
1.0MB
-
MD5
5c6b6244b5f8e3e6209970c384a5aa90
-
SHA1
6b79e93da1f93f386e0394698f1168d725c191d2
-
SHA256
f41e3ac3d363cb5ced9367be026cdf49d0ebc56f38d26baebf90755df2db4ea8
-
SHA512
07e02c84ba236182c319fd2e4016c5e03856362e01d3ae2b028db7d23d0c9322e2a6e53121f46e6db1a84f91cc8f80ebcf3010be3e6199ce37ef0b1f9987d5a1
-
SSDEEP
24576:w3amJV5hsm29O/6GCn9EcHayW3d2wdDn+ZA/5gjbnI3OkLFxD5tKZDunjxynuzl:mamFam3/6GCn9GdJ5n35gjbnI3OkLFxL
Score1/10 -
-
-
Target
MyMalwareDatabase-main/Hydromatic (1).exe
-
Size
67KB
-
MD5
4033ef7bba1229a8f28e6d9062d1943a
-
SHA1
73ef4f5b4f3383d22b2cc06fd2939a330ea89fc6
-
SHA256
08f881b563c396b41efa011503fa151e091584874ece328a5cf75d96a1b4ffa7
-
SHA512
85c33862cfde2b134d577115367b11fc56a84e0145f606ae9aacc0fe5fac3a772776ec65025745735612696547e677c556a12bde2f6045fc413151aa44f75654
-
SSDEEP
768:n9th1HLvrFaYJBjKnKH5R/UtImG0YrpLHk8HoLMnEtk6IF4iLF:n9t3swBjMy7Uim7YrdwInG2
Score7/10 -
-
-
Target
Losange.exe
-
Size
61KB
-
MD5
a71d36fdb4a720dd8d79e1ec1ec12eba
-
SHA1
eba90acd1a83261de5c324fe3ebe541c6d9ecbb2
-
SHA256
8b13b4edc52779a0392aa2226f04ea7ad32e82880db80068d92d7a010cedd3a7
-
SHA512
9ef405dc7aa6ababf7ae08c6d18719cace1bb426fb81311527d946d0ede6d60119cc8caffacebc77faaeb920f9dc9874838c1f3983b85504700d3e7bbba380c2
-
SSDEEP
384:YDIiieTaIkayaEEk1drIa5YzfmRT0HRtdH6V3FuAU/caVhCrePQfBXZYG9XoPV9t:Y7flya60DKQrhoYA6KK+BRdoPV9
Score1/10 -
-
-
Target
MyMalwareDatabase-main/Monoxidex64.exe.vir
-
Size
330KB
-
MD5
692361071bbbb3e9243d09dc190fedea
-
SHA1
04894c41500859ea3617b0780f1cc2ba82a40daf
-
SHA256
ae9405b9556c24389ee359993f45926a895481c8d60d98b91a3065f5c026cffe
-
SHA512
cfdd627d228c89a4cc2eac27dcdc45507f1e4265eff108958de0e26e0d1abe7598a5347be77d1a52256de70c77129f1cd0e9b31c023e1263f4cf04dbc689c87e
-
SSDEEP
3072:7/yvAAdLz9aha9RMXtdf+IBC2nQ4oUehONFlT7vJ333AlOi9E3AAqgm:z6dLzgiMXzBTJTDqlOi9E3AAqgm
Score1/10 -
-
-
Target
NightMare.exe
-
Size
42KB
-
MD5
4c5dfe827dd3465bb97016996936fe38
-
SHA1
010b868fe1a9e637912226a1eda1b73d901347dd
-
SHA256
366373109445178df10e219c3d58ea40b435c3cc20f80be7398d199aee01f62b
-
SHA512
e0692e425b7c702d297c88f0495c3bdae53eb566c3128f334d0e87e90a7047c433633f918ab6163a025a488111bcb2f199df0852b338fdc00e524897a2a7d82e
-
SSDEEP
768:73oACIqXSoiSnWsHorfhH7HjVq9HTtYcFA/Vc6K:7TCxNn/orfhbDVqRD8Vcl
Score10/10-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Modifies system executable filetype association
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
-
-
Target
REGFuck.bat
-
Size
361B
-
MD5
4dc10e79d4e34f78d0be4d9ccaa8e398
-
SHA1
f669ba133ed65fdd3c47c28645253cc72cdd3e8b
-
SHA256
86a4561de3e0848a86c5ae54e6b0a6510b7523a6d3f3069a2e88fe1b89019838
-
SHA512
da4b82701e2fa7d17000c7de04f05146ba1cc927bba6fe43135ad36de986c996d1a5219b9727b83b84584e12d876f51d3f8db5c3e7c9599d65acf948cdc94851
Score1/10 -
-
-
Target
MyMalwareDatabase-main/NoEscape (1).exe
-
Size
666KB
-
MD5
989ae3d195203b323aa2b3adf04e9833
-
SHA1
31a45521bc672abcf64e50284ca5d4e6b3687dc8
-
SHA256
d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f
-
SHA512
e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305
-
SSDEEP
12288:85J5X487qJUtcWfkVJ6g5s/cD01oKHQyis2AePsr8nP712TB:s487pcZEgwcDpg1L2tbPR2t
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Drops desktop.ini file(s)
-
Modifies WinLogon
-
Sets desktop wallpaper using registry
-
-
-
Target
MyMalwareDatabase-main/Protactinium (1).exe
-
Size
43KB
-
MD5
f6aa0dd947ff84db2c0e991aab776dcc
-
SHA1
73d377c8d4b7d04ac9fd6c47d74491d76ca6cf6e
-
SHA256
2ab5f10366ebad9e4af9369730495a6bd48ad278e78f880a54d583024491786d
-
SHA512
3d81ae0131c6fc531d0592259d5cf7296aa61487de785e5b534a696867ae9ef8abae19aa1b938a62db6492af38829dfdbeb7da0d69ba2253b26cb8dd41d8bc83
-
SSDEEP
384:1bGThpZmtWqjV0rABs4q56hDLApNEKYZWVOggl6k4+jQukJs0yjW:1bSutWvkBsXqApNTuB/7jeRH
Score8/10-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
Rebcoana.exe
-
Size
1.2MB
-
MD5
15a1455c2cdb21d3fa4cbf2fa6e9c195
-
SHA1
ae52a70d757553b4fb6e45d4c3c75b2fba33b482
-
SHA256
deb1305cb8db76dde4fc15644301b5312043663c22f5827002a9c6975611e4e0
-
SHA512
08e8561e3aeab74354ae47f5e361331614249e41e0c855d536008eb87681ea320c79613c51f1da95bfde9c65d84012fc6a9ccf51a89e5f671115105812c69219
-
SSDEEP
24576:OEh6q1kiiCK7JSEf3fmkvPmK5M6wuEmpocq1RXbAvpeIKmMssGTEJ4:OqkiiCkffvmk5rhXinzbkpEcuW
Score1/10 -
-
-
Target
MyMalwareDatabase-main/Saturn.exe
-
Size
252KB
-
MD5
71b94d0f4e7c623b1d9f472aeecdbbd4
-
SHA1
6f2b194dcb43c5c8e6e037ccffa9b50320dcc461
-
SHA256
5502e266c3407d1ee605b799cac58b60144a2571d45467ac26e177c5befc84ad
-
SHA512
99be15c5d25c3d759f29296420f398b1d00b1556ab3a13991dfbb28bac2156fff3a880dfb6a6daa4f57176c3b9725bae87849be930496568781c8bba523f2e2d
-
SSDEEP
3072:MpK/1U/T2/XJK905M0LHyrczGqAe7nnn5N3kPqd3XmZ+xqfpjD0Ss5Wp:MpK/1U/TP0EqZP0ym+xqfpXl
Score3/10 -
-
-
Target
Sulfoxide/Sulfoxide.exe
-
Size
300KB
-
MD5
ebb8e4550da773a639557e3bf7d1b29e
-
SHA1
53e5cf027ef4e6098d58282a50cc9bf388e47c98
-
SHA256
84c052915829e69e49d0482f1c0edde678b3ece6ac74ca8d1fe3f0dbe1c05eb0
-
SHA512
46d99eecc08db1b1d35c16680fbc8a81c4f7f4d7204d9eb777b23a02cff27aa26842feb4aa72ee63de98515e8c7475cc6c199ca8d7e1bb0961740028e80ee484
-
SSDEEP
3072:2z6P9uEzPMOYXkVCLTqD+8mABNIt4kw7v8F333o:3PeCRDlb3k6r
Score1/10 -
-
-
Target
Sulfoxide/Sulfoxide_fixes.exe
-
Size
300KB
-
MD5
1c93aba8d33de352b56173f2dbf218b8
-
SHA1
ea6ae7089d1d660c085375313b3a64f2c53d8ace
-
SHA256
39da041a23fdab1324e58ddf546d05e211d0c2b568813a95a76550499ca36ca9
-
SHA512
8674cc5ab9d7af947eff8fed84bb31cbade8d6f1c4ba58ddf5f41ac18f90bf9b2b9720221cd0250cb3ec6f9510dd5d6f9b0cefac68a5710ec1cc32a532201051
-
SSDEEP
3072:MzvjbS4+o5VxzVflT7jZh42LABNntsw7v8F333o:sjbbDZjID86r
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Winlogon Helper DLL
2Event Triggered Execution
1Change Default File Association
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Winlogon Helper DLL
2Event Triggered Execution
1Change Default File Association
1