General

  • Target

    b49dfdcecdcc6002f0c31fbac66e27cf

  • Size

    2.4MB

  • Sample

    240305-ntf4tseg62

  • MD5

    b49dfdcecdcc6002f0c31fbac66e27cf

  • SHA1

    7a45f54120632077e54d18015ce5e32aab572da3

  • SHA256

    a6633da6ddac92db4c15bd2c3f78aa504cb552a9fddbfb8999757e50bfa186cc

  • SHA512

    0315cc2744ab29388ae4c31532123d4f67bc053ce04ddbae5058a0c2152e3956c495b304ae9e6f85fe57183044e70d017e247d01dbd7b4b33868955c85c09fda

  • SSDEEP

    49152:hLa23v/vXbgnqr4Ve5gr1WqJFIszbq3s3o1g2lUBwiyUp8+N:hLVn0R7DRBkUBLrpP

Malware Config

Targets

    • Target

      L2W_VSE.EXE

    • Size

      32KB

    • MD5

      87951834588603382383cf0274bbacd7

    • SHA1

      96987a46dde90f355e14eb420f6e54af70b32d99

    • SHA256

      30d0ba626fb81912bca052900150b4ac1236bb44aeea4d18b903bebb6d48b0a5

    • SHA512

      b2524298b21a21bdd235f75fda22d76986cb8d2d0f483a0206aebf2e71078683e7e6803004775dcc6e4b74e273e5592dd0886e653af2c72df5c1abaa9af52925

    • SSDEEP

      384:zEzbjtVuKh7vPSkCPKz2hoaUvoiw6FwpPZF5UWCdRsX63HPi62nxojUqJbiA3Rh/:zEzfd7+I2/UvS5tX6KRxoXnhWjjx2

    Score
    1/10
    • Target

      l2walker1.79/L2W_VSE.EXE

    • Size

      32KB

    • MD5

      87951834588603382383cf0274bbacd7

    • SHA1

      96987a46dde90f355e14eb420f6e54af70b32d99

    • SHA256

      30d0ba626fb81912bca052900150b4ac1236bb44aeea4d18b903bebb6d48b0a5

    • SHA512

      b2524298b21a21bdd235f75fda22d76986cb8d2d0f483a0206aebf2e71078683e7e6803004775dcc6e4b74e273e5592dd0886e653af2c72df5c1abaa9af52925

    • SSDEEP

      384:zEzbjtVuKh7vPSkCPKz2hoaUvoiw6FwpPZF5UWCdRsX63HPi62nxojUqJbiA3Rh/:zEzfd7+I2/UvS5tX6KRxoXnhWjjx2

    Score
    1/10
    • Target

      l2walker1.79/L2Walker.exe

    • Size

      610KB

    • MD5

      8f13e5e48b1b44cf61735f76fa792b8f

    • SHA1

      3524b93fc632019080e57956b656bb1e0e67d47f

    • SHA256

      1ae32f5dae32dd3164abb256c1b1018a579b47aea587656357de16682a2b20e2

    • SHA512

      bd4c24b16b63680990166dd570b5f5fff8b358f75635fe039b04143f9d0662dfca718c57719ecd048aca8b41252a0db4b29e0fed21407c49ad482c2e8f71bcb8

    • SSDEEP

      12288:NRKVHD7Wm3VqugWZ0/LPkfZvv+sFgAR4Vy9zlcMNtTirdCx:NRKVH2mlVdZ825+Qg69zl1TEdCx

    Score
    6/10
    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      l2walker1.79/LineageII.dll

    • Size

      725KB

    • MD5

      9a73757399724bcfdf648ef6413c690b

    • SHA1

      f35ed53f33fce90a8b0139be3fa8c49b3556c5fd

    • SHA256

      552eae3e42c1ae041cf8f64114ca6eaf4e84685205c2109ec6586fbe318f51db

    • SHA512

      ed9032bd5d2b551ff5f9f886cd19723c042345beef48c54cb9a42f7cef4d68e1a423f194bdca9bd1a6ef91f5cd049df0399d57d6149272d57d071a464077b4d9

    • SSDEEP

      12288:Cs03amSsWB28/FUqXo/B/1IkTTnLs2R31O3XYawNtTirdC2:Cs03zWBz/OUoJff91O37ITEdC

    Score
    6/10
    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      l2walker1.79/unicows.dll

    • Size

      239KB

    • MD5

      e1102cedf0c818984c2aca2a666d4c5f

    • SHA1

      d8d88ea7083aee9c40f6fdc6c56451a018d21a83

    • SHA256

      22f23cc65698741184ec34f46e6f69717644e0b5aabf5d5bd015101f2d72e56e

    • SHA512

      e58b35815801d6d3797f95c986834d2ca5450ccc3f1fa1d27d127a8d1d36f8e21279173715a00686c9c831d22d7c5b5b9cc5874170223a4d78f09c4eefa390a2

    • SSDEEP

      3072:fEWAQKw38JvCAib0uT++ICSQ6UOX/mQhYQXS0FsmaiUZZynGJ5x/59XH7PMYV1Nz:qwgvCAib0PAOOQhS0/s5x/R1PkOFB5

    Score
    1/10
    • Target

      l2walker1.79/virify/MPinj.dll

    • Size

      14KB

    • MD5

      02f96b393cf5746dbc49041556114ce2

    • SHA1

      6b5ab101e114d00581218506b10a4bc0ccb2e5e6

    • SHA256

      539e757f35a0900fba97691e627b9f9b50d92091f89c38c74ab10cb5fa290f92

    • SHA512

      4993e167185e56934ef455fabca9b49fbce7a56a5771586566be417ae06a42366c82900664fc3561458611d2821ae51f1f6805bf4dca7bfdf6f97ebcf3be5b21

    • SSDEEP

      384:+akkGBUmc64jWXLeFZBPZYQ0iqUhhwIr+yMm9XA+:+aktBpcnaXLknZYQBR5+m9

    Score
    1/10
    • Target

      l2walker1.79/virify/MiniProxer.exe

    • Size

      285KB

    • MD5

      b36eb9e921d588340a951a34eaf37498

    • SHA1

      52adc460759e72dfaf276831d684d2867ef3deea

    • SHA256

      d10869a39692e7603c4e054f450a704b54a53bba3f29804c12667f857128b881

    • SHA512

      39391f9de0dd4645e209373b6269c3cac8fb8b17ec1cbc837fdcbc4aada5824dfb42588386bee47b6cfc782b110b5b473fa08cc0ecc359de3764b7c94c8ac86b

    • SSDEEP

      6144:7o2RnrRhBUkFuuZwF1zcPk3LjymNZXZnvHUxCIdz/4RQvZLu:02RdhBRZw3cPk3XymzZn/UvdKQv5u

    Score
    1/10
    • Target

      l2walker1.79/virify/doc/WP (Walker Patcher) - что и как (c) Sauron_files/index.php

    • Size

      216B

    • MD5

      b0df9c22da267c87017b9d0505ffa5bb

    • SHA1

      956e7a47c3fef30ef3815768950e1a0703468d79

    • SHA256

      f52e7d0a5a488681a5af32a32dea33e4acd94660b20c9d871211b2698e6b8bc8

    • SHA512

      8426823a89873eec8de5ca750150b3647131f741bc74d8ef2f36b2914dccabe73e7325c8f6888bcf37487e8f143a1b53c64203c4ad7c1e2e0f406549e05d6f09

    Score
    1/10
    • Target

      l2walker1.79/virify/doc/WP (Walker Patcher) - что и как (c) Sauron_files/vbulletin_ajax_reputation.js

    • Size

      8KB

    • MD5

      42a0014d95ef31258259a059fdd19392

    • SHA1

      5231cc411aa0e291f9ee770d1a2d04df168a228b

    • SHA256

      f30637fb6c54fdef096c7fd718692b75f531a2570f78fa469105c9dce878a515

    • SHA512

      06835122f846d05117e58ecc3371edbea59d1be87988b62718275b5451ca01337b4a4398ab323eff9b0b30ff74618955ed90b8819acb97f860bcc7d8b328bb58

    • SSDEEP

      192:BlA9SV+03y/qce9xrfM2dhaYoUbwUPVDQ7f:BzeSFh/sUPNQ7f

    Score
    1/10
    • Target

      l2walker1.79/virify/doc/WP (Walker Patcher) - что и как (c) Sauron_files/vbulletin_ajax_threadrate.js

    • Size

      4KB

    • MD5

      d43fec406668d6dbd38273c3cafec927

    • SHA1

      3364abd30452335bbbc050ebff9725d319f254e2

    • SHA256

      5659871bce2522c84e4db149e323ee642a899707fe997f070fffe991d34e11a9

    • SHA512

      f7464d6cbd4a203577d211b0d13a6ce70f7a544f191fc5aa9476dc6c7f53b8331f52e4a46a171896e253399495aac7686c85cce15688839f1e86d4dba0e1f91c

    • SSDEEP

      96:B7TkQTg365+Cryeo19UVjrtBUwqC8Q+2n6Oo51w:BH8CrynfUVjZOtM+Opo8

    Score
    1/10
    • Target

      l2walker1.79/virify/doc/WP (Walker Patcher) - что и как (c) Sauron_files/vbulletin_global.js

    • Size

      36KB

    • MD5

      ba2c27621aa526baf6ade526b384e023

    • SHA1

      d76f2b3a3e153b4285fcda9b4d4093751a35d978

    • SHA256

      40728acb675300a43ab2c8ac52c51b04d6ce1e62505d4d1f0e92b18f56f71ce5

    • SHA512

      0cdc104a328b19065c728474ae1c590f28e326eeb76669be62e35e93d26ff9129b4b63e8592f3a634d76d8708a795e2cbb28e0098cb85fa66564c6069a88513f

    • SSDEEP

      768:BL3PGhUNwC51mn4/LYDyXwU8nZMeqMKxd2EAZ995Oll7vPD4rJj:FGhU1gZMehKT2EAZ995OllbP8rF

    Score
    1/10
    • Target

      l2walker1.79/virify/doc/WP (Walker Patcher) - что и как (c) Sauron_files/vbulletin_menu.js

    • Size

      15KB

    • MD5

      bf7c508f0a2a400f1909f60d06cf4718

    • SHA1

      a715ec5f6d09a64793394230752dd398731dcdde

    • SHA256

      d13a362a3302dacd375ebccc66c4a45142d2c51ab390d57a1427366cab88cc07

    • SHA512

      23056dfda754add1919427694d95462c134ed4e455da046a9e0cd90255b243a8719092ddd4e7afcce8589cd51015a2b1f4af09433284d81da56c243ddfdc07f4

    • SSDEEP

      384:BW/sdp+UstA2Geugp8WhjzGzVtTfFDNV+FkT0PnQQultU2XtuObsGBQi9qoRf9wc:BW/sdp+UstANgp8WhjzGzVZ2PndultUG

    Score
    1/10
    • Target

      l2walker1.79/virify/doc/WP (Walker Patcher) - что и как (c) Sauron_files/vbulletin_post_loader.js

    • Size

      3KB

    • MD5

      24896fbfc31e6e4ab8fff2083bae98e4

    • SHA1

      26d8f307934e636841d0306ee6af09e12013c61c

    • SHA256

      822bb8b4894b2ff9e6efcd81a319609d3ef26bb0ce95d439b3253f1931a7965a

    • SHA512

      4ef6d338aa4856bfd7bad60c0f86702d19770be36160ec6351c17faab601826b835e9e7e6be580772eadf53c7829b2fbe01596a20226b61907cf04b7b65593c5

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks