Overview

overview

10

Static

static

10

vbug-master.zip

windows7-x64

3

vbug-master.zip

windows10-2004-x64

1

vbug-maste...01.png

windows7-x64

3

vbug-maste...01.png

windows10-2004-x64

3

vbug-maste...02.png

windows7-x64

3

vbug-maste...02.png

windows10-2004-x64

3

vbug-master/README.md

windows7-x64

3

vbug-master/README.md

windows10-2004-x64

3

vbug-maste...DE.apk

android-9-x86

vbug-maste...DE.apk

android-10-x64

vbug-maste...DE.apk

android-11-x64

vbug-maste...DS.apk

android-9-x86

elite.apk

android-9-x86

7

elite.apk

android-10-x64

1

elite.apk

android-11-x64

7

fbcr.apk

android-9-x86

mobelejen.apk

android-9-x86

7

mobelejen.apk

android-10-x64

1

mobelejen.apk

android-11-x64

7

vi4a.apk

android-9-x86

1

vi4a.apk

android-10-x64

1

vi4a.apk

android-11-x64

1

vbug-master/vbug.py

ubuntu-18.04-amd64

1

vbug-master/vbug.py

debian-9-armhf

1

vbug-master/vbug.py

debian-9-mips

1

vbug-master/vbug.py

debian-9-mipsel

1

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    07-03-2024 18:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vbug-master/README.md

  • Size

    1KB

  • MD5

    b9e8b90e59a0dc3dee26da848a3923ff

  • SHA1

    bd4b86b5969a8dfc5e029b144879763d40025226

  • SHA256

    335b434c4ad7e1ddeda7545c92264d48e9dc4196e652097cab9775fa75867ad6

  • SHA512

    d5be56639d55a3e019c128003d64480e4594426da1cba7ac6f4f81c28c471eed340de5427cf28765a9f60be60454e91f18aed99fb641206e0c9ab0cc6a811531

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\vbug-master\README.md
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\vbug-master\README.md
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2648
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\vbug-master\README.md"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2228

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    8ba96ffd698bd212b8b0467774f0d3aa

    SHA1

    67f829deec6371a24076abbf68d3d5b7e6f822b1

    SHA256

    97e2abdfab52745097c2f097e4f792e492770591b63307c961fdc332552a614a

    SHA512

    fd622dfd3d5de9305997023f96e8f555cda90ec71723d1f5b490a19b7218837df32e8ca324f1dccc368d215c1230be8ce76cc58e6e0bcaab31ecb70cf0e602ba

    Download Submit