Overview
overview
7Static
static
7L2W_VSE.exe
windows7-x64
1L2W_VSE.exe
windows10-2004-x64
1l2walker1....SE.exe
windows7-x64
1l2walker1....SE.exe
windows10-2004-x64
1l2walker1....er.exe
windows7-x64
6l2walker1....er.exe
windows10-2004-x64
1l2walker1....II.dll
windows7-x64
6l2walker1....II.dll
windows10-2004-x64
1l2walker1....ws.dll
windows7-x64
1l2walker1....ws.dll
windows10-2004-x64
1l2walker1....nj.dll
windows7-x64
1l2walker1....nj.dll
windows10-2004-x64
1l2walker1....er.exe
windows7-x64
1l2walker1....er.exe
windows10-2004-x64
1l2walker1....dex.js
windows7-x64
1l2walker1....dex.js
windows10-2004-x64
1l2walker1....ion.js
windows7-x64
1l2walker1....ion.js
windows10-2004-x64
1l2walker1....ate.js
windows7-x64
1l2walker1....ate.js
windows10-2004-x64
1l2walker1....bal.js
windows7-x64
1l2walker1....bal.js
windows10-2004-x64
1l2walker1....enu.js
windows7-x64
1l2walker1....enu.js
windows10-2004-x64
1l2walker1....der.js
windows7-x64
1l2walker1....der.js
windows10-2004-x64
1General
-
Target
b49dfdcecdcc6002f0c31fbac66e27cf
-
Size
2.4MB
-
Sample
240305-ntf4tseg62
-
MD5
b49dfdcecdcc6002f0c31fbac66e27cf
-
SHA1
7a45f54120632077e54d18015ce5e32aab572da3
-
SHA256
a6633da6ddac92db4c15bd2c3f78aa504cb552a9fddbfb8999757e50bfa186cc
-
SHA512
0315cc2744ab29388ae4c31532123d4f67bc053ce04ddbae5058a0c2152e3956c495b304ae9e6f85fe57183044e70d017e247d01dbd7b4b33868955c85c09fda
-
SSDEEP
49152:hLa23v/vXbgnqr4Ve5gr1WqJFIszbq3s3o1g2lUBwiyUp8+N:hLVn0R7DRBkUBLrpP
Behavioral task
behavioral1
Sample
L2W_VSE.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
L2W_VSE.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
l2walker1.79/L2W_VSE.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
l2walker1.79/L2W_VSE.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
l2walker1.79/L2Walker.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
l2walker1.79/L2Walker.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
l2walker1.79/LineageII.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
l2walker1.79/LineageII.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
l2walker1.79/unicows.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
l2walker1.79/unicows.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
l2walker1.79/virify/MPinj.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
l2walker1.79/virify/MPinj.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
l2walker1.79/virify/MiniProxer.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
l2walker1.79/virify/MiniProxer.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
l2walker1.79/virify/doc/WP (Walker Patcher) - что и как (c) Sauron_files/index.js
Resource
win7-20240215-en
Behavioral task
behavioral16
Sample
l2walker1.79/virify/doc/WP (Walker Patcher) - что и как (c) Sauron_files/index.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
l2walker1.79/virify/doc/WP (Walker Patcher) - что и как (c) Sauron_files/vbulletin_ajax_reputation.js
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
l2walker1.79/virify/doc/WP (Walker Patcher) - что и как (c) Sauron_files/vbulletin_ajax_reputation.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
l2walker1.79/virify/doc/WP (Walker Patcher) - что и как (c) Sauron_files/vbulletin_ajax_threadrate.js
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
l2walker1.79/virify/doc/WP (Walker Patcher) - что и как (c) Sauron_files/vbulletin_ajax_threadrate.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
l2walker1.79/virify/doc/WP (Walker Patcher) - что и как (c) Sauron_files/vbulletin_global.js
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
l2walker1.79/virify/doc/WP (Walker Patcher) - что и как (c) Sauron_files/vbulletin_global.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
l2walker1.79/virify/doc/WP (Walker Patcher) - что и как (c) Sauron_files/vbulletin_menu.js
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
l2walker1.79/virify/doc/WP (Walker Patcher) - что и как (c) Sauron_files/vbulletin_menu.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
l2walker1.79/virify/doc/WP (Walker Patcher) - что и как (c) Sauron_files/vbulletin_post_loader.js
Resource
win7-20240215-en
Behavioral task
behavioral26
Sample
l2walker1.79/virify/doc/WP (Walker Patcher) - что и как (c) Sauron_files/vbulletin_post_loader.js
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
L2W_VSE.EXE
-
Size
32KB
-
MD5
87951834588603382383cf0274bbacd7
-
SHA1
96987a46dde90f355e14eb420f6e54af70b32d99
-
SHA256
30d0ba626fb81912bca052900150b4ac1236bb44aeea4d18b903bebb6d48b0a5
-
SHA512
b2524298b21a21bdd235f75fda22d76986cb8d2d0f483a0206aebf2e71078683e7e6803004775dcc6e4b74e273e5592dd0886e653af2c72df5c1abaa9af52925
-
SSDEEP
384:zEzbjtVuKh7vPSkCPKz2hoaUvoiw6FwpPZF5UWCdRsX63HPi62nxojUqJbiA3Rh/:zEzfd7+I2/UvS5tX6KRxoXnhWjjx2
Score1/10 -
-
-
Target
l2walker1.79/L2W_VSE.EXE
-
Size
32KB
-
MD5
87951834588603382383cf0274bbacd7
-
SHA1
96987a46dde90f355e14eb420f6e54af70b32d99
-
SHA256
30d0ba626fb81912bca052900150b4ac1236bb44aeea4d18b903bebb6d48b0a5
-
SHA512
b2524298b21a21bdd235f75fda22d76986cb8d2d0f483a0206aebf2e71078683e7e6803004775dcc6e4b74e273e5592dd0886e653af2c72df5c1abaa9af52925
-
SSDEEP
384:zEzbjtVuKh7vPSkCPKz2hoaUvoiw6FwpPZF5UWCdRsX63HPi62nxojUqJbiA3Rh/:zEzfd7+I2/UvS5tX6KRxoXnhWjjx2
Score1/10 -
-
-
Target
l2walker1.79/L2Walker.exe
-
Size
610KB
-
MD5
8f13e5e48b1b44cf61735f76fa792b8f
-
SHA1
3524b93fc632019080e57956b656bb1e0e67d47f
-
SHA256
1ae32f5dae32dd3164abb256c1b1018a579b47aea587656357de16682a2b20e2
-
SHA512
bd4c24b16b63680990166dd570b5f5fff8b358f75635fe039b04143f9d0662dfca718c57719ecd048aca8b41252a0db4b29e0fed21407c49ad482c2e8f71bcb8
-
SSDEEP
12288:NRKVHD7Wm3VqugWZ0/LPkfZvv+sFgAR4Vy9zlcMNtTirdCx:NRKVH2mlVdZ825+Qg69zl1TEdCx
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
l2walker1.79/LineageII.dll
-
Size
725KB
-
MD5
9a73757399724bcfdf648ef6413c690b
-
SHA1
f35ed53f33fce90a8b0139be3fa8c49b3556c5fd
-
SHA256
552eae3e42c1ae041cf8f64114ca6eaf4e84685205c2109ec6586fbe318f51db
-
SHA512
ed9032bd5d2b551ff5f9f886cd19723c042345beef48c54cb9a42f7cef4d68e1a423f194bdca9bd1a6ef91f5cd049df0399d57d6149272d57d071a464077b4d9
-
SSDEEP
12288:Cs03amSsWB28/FUqXo/B/1IkTTnLs2R31O3XYawNtTirdC2:Cs03zWBz/OUoJff91O37ITEdC
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
l2walker1.79/unicows.dll
-
Size
239KB
-
MD5
e1102cedf0c818984c2aca2a666d4c5f
-
SHA1
d8d88ea7083aee9c40f6fdc6c56451a018d21a83
-
SHA256
22f23cc65698741184ec34f46e6f69717644e0b5aabf5d5bd015101f2d72e56e
-
SHA512
e58b35815801d6d3797f95c986834d2ca5450ccc3f1fa1d27d127a8d1d36f8e21279173715a00686c9c831d22d7c5b5b9cc5874170223a4d78f09c4eefa390a2
-
SSDEEP
3072:fEWAQKw38JvCAib0uT++ICSQ6UOX/mQhYQXS0FsmaiUZZynGJ5x/59XH7PMYV1Nz:qwgvCAib0PAOOQhS0/s5x/R1PkOFB5
Score1/10 -
-
-
Target
l2walker1.79/virify/MPinj.dll
-
Size
14KB
-
MD5
02f96b393cf5746dbc49041556114ce2
-
SHA1
6b5ab101e114d00581218506b10a4bc0ccb2e5e6
-
SHA256
539e757f35a0900fba97691e627b9f9b50d92091f89c38c74ab10cb5fa290f92
-
SHA512
4993e167185e56934ef455fabca9b49fbce7a56a5771586566be417ae06a42366c82900664fc3561458611d2821ae51f1f6805bf4dca7bfdf6f97ebcf3be5b21
-
SSDEEP
384:+akkGBUmc64jWXLeFZBPZYQ0iqUhhwIr+yMm9XA+:+aktBpcnaXLknZYQBR5+m9
Score1/10 -
-
-
Target
l2walker1.79/virify/MiniProxer.exe
-
Size
285KB
-
MD5
b36eb9e921d588340a951a34eaf37498
-
SHA1
52adc460759e72dfaf276831d684d2867ef3deea
-
SHA256
d10869a39692e7603c4e054f450a704b54a53bba3f29804c12667f857128b881
-
SHA512
39391f9de0dd4645e209373b6269c3cac8fb8b17ec1cbc837fdcbc4aada5824dfb42588386bee47b6cfc782b110b5b473fa08cc0ecc359de3764b7c94c8ac86b
-
SSDEEP
6144:7o2RnrRhBUkFuuZwF1zcPk3LjymNZXZnvHUxCIdz/4RQvZLu:02RdhBRZw3cPk3XymzZn/UvdKQv5u
Score1/10 -
-
-
Target
l2walker1.79/virify/doc/WP (Walker Patcher) - что и как (c) Sauron_files/index.php
-
Size
216B
-
MD5
b0df9c22da267c87017b9d0505ffa5bb
-
SHA1
956e7a47c3fef30ef3815768950e1a0703468d79
-
SHA256
f52e7d0a5a488681a5af32a32dea33e4acd94660b20c9d871211b2698e6b8bc8
-
SHA512
8426823a89873eec8de5ca750150b3647131f741bc74d8ef2f36b2914dccabe73e7325c8f6888bcf37487e8f143a1b53c64203c4ad7c1e2e0f406549e05d6f09
Score1/10 -
-
-
Target
l2walker1.79/virify/doc/WP (Walker Patcher) - что и как (c) Sauron_files/vbulletin_ajax_reputation.js
-
Size
8KB
-
MD5
42a0014d95ef31258259a059fdd19392
-
SHA1
5231cc411aa0e291f9ee770d1a2d04df168a228b
-
SHA256
f30637fb6c54fdef096c7fd718692b75f531a2570f78fa469105c9dce878a515
-
SHA512
06835122f846d05117e58ecc3371edbea59d1be87988b62718275b5451ca01337b4a4398ab323eff9b0b30ff74618955ed90b8819acb97f860bcc7d8b328bb58
-
SSDEEP
192:BlA9SV+03y/qce9xrfM2dhaYoUbwUPVDQ7f:BzeSFh/sUPNQ7f
Score1/10 -
-
-
Target
l2walker1.79/virify/doc/WP (Walker Patcher) - что и как (c) Sauron_files/vbulletin_ajax_threadrate.js
-
Size
4KB
-
MD5
d43fec406668d6dbd38273c3cafec927
-
SHA1
3364abd30452335bbbc050ebff9725d319f254e2
-
SHA256
5659871bce2522c84e4db149e323ee642a899707fe997f070fffe991d34e11a9
-
SHA512
f7464d6cbd4a203577d211b0d13a6ce70f7a544f191fc5aa9476dc6c7f53b8331f52e4a46a171896e253399495aac7686c85cce15688839f1e86d4dba0e1f91c
-
SSDEEP
96:B7TkQTg365+Cryeo19UVjrtBUwqC8Q+2n6Oo51w:BH8CrynfUVjZOtM+Opo8
Score1/10 -
-
-
Target
l2walker1.79/virify/doc/WP (Walker Patcher) - что и как (c) Sauron_files/vbulletin_global.js
-
Size
36KB
-
MD5
ba2c27621aa526baf6ade526b384e023
-
SHA1
d76f2b3a3e153b4285fcda9b4d4093751a35d978
-
SHA256
40728acb675300a43ab2c8ac52c51b04d6ce1e62505d4d1f0e92b18f56f71ce5
-
SHA512
0cdc104a328b19065c728474ae1c590f28e326eeb76669be62e35e93d26ff9129b4b63e8592f3a634d76d8708a795e2cbb28e0098cb85fa66564c6069a88513f
-
SSDEEP
768:BL3PGhUNwC51mn4/LYDyXwU8nZMeqMKxd2EAZ995Oll7vPD4rJj:FGhU1gZMehKT2EAZ995OllbP8rF
Score1/10 -
-
-
Target
l2walker1.79/virify/doc/WP (Walker Patcher) - что и как (c) Sauron_files/vbulletin_menu.js
-
Size
15KB
-
MD5
bf7c508f0a2a400f1909f60d06cf4718
-
SHA1
a715ec5f6d09a64793394230752dd398731dcdde
-
SHA256
d13a362a3302dacd375ebccc66c4a45142d2c51ab390d57a1427366cab88cc07
-
SHA512
23056dfda754add1919427694d95462c134ed4e455da046a9e0cd90255b243a8719092ddd4e7afcce8589cd51015a2b1f4af09433284d81da56c243ddfdc07f4
-
SSDEEP
384:BW/sdp+UstA2Geugp8WhjzGzVtTfFDNV+FkT0PnQQultU2XtuObsGBQi9qoRf9wc:BW/sdp+UstANgp8WhjzGzVZ2PndultUG
Score1/10 -
-
-
Target
l2walker1.79/virify/doc/WP (Walker Patcher) - что и как (c) Sauron_files/vbulletin_post_loader.js
-
Size
3KB
-
MD5
24896fbfc31e6e4ab8fff2083bae98e4
-
SHA1
26d8f307934e636841d0306ee6af09e12013c61c
-
SHA256
822bb8b4894b2ff9e6efcd81a319609d3ef26bb0ce95d439b3253f1931a7965a
-
SHA512
4ef6d338aa4856bfd7bad60c0f86702d19770be36160ec6351c17faab601826b835e9e7e6be580772eadf53c7829b2fbe01596a20226b61907cf04b7b65593c5
Score1/10 -