Overview
overview
10Static
static
10PrankPack-...MD.exe
windows7-x64
7PrankPack-...rp.exe
windows7-x64
1PrankPack-...or.exe
windows7-x64
1PrankPack-...ns.exe
windows7-x64
1PrankPack-...se.exe
windows7-x64
1PrankPack-...od.hta
windows7-x64
1PrankPack-...ot.hta
windows7-x64
10PrankPack-...el.exe
windows7-x64
1PrankPack-...ff.exe
windows7-x64
7PrankPack-...ra.exe
windows7-x64
1PrankPack-... 1.vbs
windows7-x64
1PrankPack-... 2.vbs
windows7-x64
1PrankPack-...OD.exe
windows7-x64
1PrankPack-...ge.vbs
windows7-x64
1PrankPack-...in.exe
windows7-x64
7PrankPack-...nd.exe
windows7-x64
1PrankPack-...nd.exe
windows7-x64
1PrankPack-...nd.exe
windows7-x64
1PrankPack-...in.exe
windows7-x64
1PrankPack-...er.exe
windows7-x64
1PrankPack-...op.exe
windows7-x64
1PrankPack-...nd.exe
windows7-x64
1PrankPack-...ay.exe
windows7-x64
1PrankPack-...er.exe
windows7-x64
7PrankPack-...er.exe
windows7-x64
1PrankPack-...S).exe
windows7-x64
7PrankPack-...D).exe
windows7-x64
7PrankPack-...er.exe
windows7-x64
7PrankPack-...ay.exe
windows7-x64
1PrankPack-... 1.exe
windows7-x64
10PrankPack-... 2.exe
windows7-x64
10General
-
Target
PrankPack-main.zip
-
Size
76.9MB
-
Sample
240310-v4knbshb68
-
MD5
75a84d1ef854820eea33a0cdc657df58
-
SHA1
2272b93b9c5021ed5e9f7a6f53c975d9906a28fc
-
SHA256
ff33b0edf302dca30948ae6214dda0cb922c7523973aa87e8f61a46c3be5c752
-
SHA512
868699576f31df2ed2e611546927ebb6ed02ff15c8ada74a3e70bcdf721c4e430957eda77cf6382dca6140ae3f17c9621a4b80669f2308bcc23751f9ca3b16a2
-
SSDEEP
1572864:azBJ0D3wmDYXL4dgy1NP9KP2CPgmO98PDlxOMI0ictRmnG1lUPYrw7pj:adJ0bDYXL4dgSUP2k5wnivmnClUAwFj
Behavioral task
behavioral1
Sample
PrankPack-main/Pack/Prank Pack/Fun/Bomber CMD.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
PrankPack-main/Pack/Prank Pack/Fun/Burp.exe
Resource
win7-20240221-en
Behavioral task
behavioral3
Sample
PrankPack-main/Pack/Prank Pack/Fun/Error Icons Cursor.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
PrankPack-main/Pack/Prank Pack/Fun/Error Icons.exe
Resource
win7-20240221-en
Behavioral task
behavioral5
Sample
PrankPack-main/Pack/Prank Pack/Fun/Inverse.exe
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
PrankPack-main/Pack/Prank Pack/Fun/bsod.hta
Resource
win7-20240215-en
Behavioral task
behavioral7
Sample
PrankPack-main/Pack/Prank Pack/Fun/hotspot.hta
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
PrankPack-main/Pack/Prank Pack/Fun/toonel.exe
Resource
win7-20240221-en
Behavioral task
behavioral9
Sample
PrankPack-main/Pack/Prank Pack/Jerking Off.exe
Resource
win7-20240215-en
Behavioral task
behavioral10
Sample
PrankPack-main/Pack/Prank Pack/Messages/Hydra.exe
Resource
win7-20240221-en
Behavioral task
behavioral11
Sample
PrankPack-main/Pack/Prank Pack/Messages/Message 1.vbs
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
PrankPack-main/Pack/Prank Pack/Messages/Message 2.vbs
Resource
win7-20240220-en
Behavioral task
behavioral13
Sample
PrankPack-main/Pack/Prank Pack/Messages/myBSOD.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
PrankPack-main/Pack/Prank Pack/Messages/system32 delete message.vbs
Resource
win7-20240221-en
Behavioral task
behavioral15
Sample
PrankPack-main/Pack/Prank Pack/Overlay 800x800 Penis Spin.exe
Resource
win7-20231129-en
Behavioral task
behavioral16
Sample
PrankPack-main/Pack/Prank Pack/Overlay FULL HD Man with Sound.exe
Resource
win7-20240215-en
Behavioral task
behavioral17
Sample
PrankPack-main/Pack/Prank Pack/Overlay FULL HD Naked Man with Sound.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
PrankPack-main/Pack/Prank Pack/Overlay FULL HD Penis Spin with Sound.exe
Resource
win7-20231129-en
Behavioral task
behavioral19
Sample
PrankPack-main/Pack/Prank Pack/Overlay FULL HD Penis Spin.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
PrankPack-main/Pack/Prank Pack/Overlay Full HD Hitler.exe
Resource
win7-20240220-en
Behavioral task
behavioral21
Sample
PrankPack-main/Pack/Prank Pack/Overlay Full HD Poop.exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
PrankPack-main/Pack/Prank Pack/Overlay Full HD with Sound.exe
Resource
win7-20240221-en
Behavioral task
behavioral23
Sample
PrankPack-main/Pack/Prank Pack/Overlay.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
PrankPack-main/Pack/Prank Pack/Penis Cursor Changer.exe
Resource
win7-20240221-en
Behavioral task
behavioral25
Sample
PrankPack-main/Pack/Prank Pack/Screamer.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
PrankPack-main/Pack/Prank Pack/Screen Breaker (DANGEROUS).exe
Resource
win7-20240221-en
Behavioral task
behavioral27
Sample
PrankPack-main/Pack/Prank Pack/Sound 10 (EXTREMELY LOUD).exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
PrankPack-main/Pack/Prank Pack/Swastika Cursor Changer.exe
Resource
win7-20240221-en
Behavioral task
behavioral29
Sample
PrankPack-main/Pack/Prank Pack/Vote Overlay.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
PrankPack-main/Pack/Prank Pack/Winlocker Builder/WinLocker Builder 1.exe
Resource
win7-20240221-en
Behavioral task
behavioral31
Sample
PrankPack-main/Pack/Prank Pack/Winlocker Builder/WinLocker Builder 2.exe
Resource
win7-20240221-en
Malware Config
Extracted
darkcomet
Guest16
gameservice.ddns.net:4320
DC_MUTEX-WBUNVXD
-
InstallPath
AudioDriver\taskhost.exe
-
gencode
EWSsWwgyJrUD
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
AudioDriver
Extracted
https://raw.githubusercontent.com/cheetz/PowerSploit/master/CodeExecution/Invoke--Shellcode.ps1
Targets
-
-
Target
PrankPack-main/Pack/Prank Pack/Fun/Bomber CMD.exe
-
Size
44KB
-
MD5
26eacb0c38f1dcea74aad8f8b4fc3800
-
SHA1
947224d73036008dcb6593811e6211c2a2c82f55
-
SHA256
4ff6abcd8168f723111c09b863ead5dc9b7f3980555ead7d2a90784cbbaf348c
-
SHA512
672c5a6d76177fd24e36153261396bd0535e13beb811e6fb825678eb0fea751edf346639efdc0ccc98ea1c0bc24269a6c194743f1cedaf8532784116bf667f4b
-
SSDEEP
768:zpm7BcEKNvBcvL6VeRNL1a6ZO4PTPz+o+CKr3zQ4NuVVWgP4+z8nbcuyD7UBKOi:zpfEKNCj6VoJl9Go5K7s4Nu3qnouy8Bo
Score7/10 -
-
-
Target
PrankPack-main/Pack/Prank Pack/Fun/Burp.exe
-
Size
311KB
-
MD5
76047996f4f4ff35476d1d961ea7ae85
-
SHA1
171026463d36aee9df90166ff3c9cb93e3b0e76b
-
SHA256
4f29dec6e66bf0aef0a30275f45eebadd50a42ad4b13b28ed8307ab4c403533e
-
SHA512
d24b64b87660dcdc9168efca1ac5c7047a27c3cafb23b81f203e6e734c855dc2d32921908e98f03191e872feb5719518dbe469762021b19b485b498db96ef5ce
-
SSDEEP
6144:mm12xQ0PXSKaOs1ZPVlnY8pR8NY5C2zihlFBsv2w2VKqZw4X0:loxQ0/HUlzYGiS/OvLsuw2VKqZw
Score1/10 -
-
-
Target
PrankPack-main/Pack/Prank Pack/Fun/Error Icons Cursor.exe
-
Size
316KB
-
MD5
135eeb256e92d261066cfd3ffd31fb3e
-
SHA1
5c275ffd2ab1359249bae8c91bebcab19a185e91
-
SHA256
f0fe346146c30129ed6f507906c973f1a54c7d8dd8821c97e9b6edc42545699d
-
SHA512
a3792f92b116851023620d862cac6d2b5542de41390b6b8d223074db94193f0ee6dfcc9d6588ea3e77173f73c7fdfc5f9a1e1044c597636fe275d9ff4b76a12b
-
SSDEEP
6144:N11KK324vOlFvSd05W1+5aq2EWykUCuOSTm+q1ZTq3iifGPh:bcVVrSa0MoxEZ+Qy3TGiQU
Score1/10 -
-
-
Target
PrankPack-main/Pack/Prank Pack/Fun/Error Icons.exe
-
Size
316KB
-
MD5
7f31508d95be3fe50e4e9aa646e86a12
-
SHA1
c61b439d6e17d630728f48c09b36af2647940748
-
SHA256
994efdb644ca1acb029dfd8d8eeba440e1cb74d93841b17f21165b9900730b15
-
SHA512
2e2b01e84a3476b47a9c703b71ce31887e4a4fa9340780f0cbbd20601be621bf00b9619df8bec0e81b2825550150c477c5071d921104a4c6265ef2d5a9e77eda
-
SSDEEP
6144:tX1KK324vOlFvSd05W1+5aq2EWykUCuOSTm+q1ZTq3iifGS4:JcVVrSa0MoxEZ+Qy3TGiQW
Score1/10 -
-
-
Target
PrankPack-main/Pack/Prank Pack/Fun/Inverse.exe
-
Size
2.3MB
-
MD5
a44458813e819777013eb3e644d74362
-
SHA1
2dd0616ca78e22464cf0cf68ef7915358a16f9ee
-
SHA256
47f0e9a90d45b193e81d3e60b7a43e5a4550a07a3dd1f7c98110fde12265d999
-
SHA512
1a4723a36f55cf696f33a7927571bda403e81ced32fda85c7cf25c8458897fb187e46bf5f80c26542725a9a7e5aa0e961fd3f3b110ae8f54b3b96b3e5dfc8215
-
SSDEEP
49152:t3Qe5ZlQ0WORqQ6BbXNYD8fOVk9hVzestkkWi5sWTnE:tJ320WORRqNYD8fOVk9hVzestkk15sWw
Score1/10 -
-
-
Target
PrankPack-main/Pack/Prank Pack/Fun/bsod.hta
-
Size
1KB
-
MD5
b7908011126c28e11d3ff1b0b49c58c9
-
SHA1
86b6778ee2bb6e20159f337283f1ffa8b0982b05
-
SHA256
c7e0d4180cc658c71d44a8cd92c77fac034d91825a2a85b7249e8c3ec0199b99
-
SHA512
8a2efe13bb54d63edf91edc10e7e8b6b7cdb3c89bb0271c1ff1179ba7eef0784981bdfc4d3d05e0c68a9722d49a6934467e95902b5749689460d7e48e65df22f
Score1/10 -
-
-
Target
PrankPack-main/Pack/Prank Pack/Fun/hotspot.hta
-
Size
745B
-
MD5
f9eec467b1530d079ac1f861f650fb35
-
SHA1
02105448fd5a1d96022f54454f9fd0878c6a7971
-
SHA256
53b20767ec3176193cd5ba0e52a0ad60f54520889c61920758a65f2056765f52
-
SHA512
648356a3e197b3c53be0a05358025ae49c2915a0156ee783baeaf166c4ef4a19736f9920b0ebdedf6c93ab35af2bc416cc2836f62dab4e047dd7a0b6fd09dad8
Score10/10-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
PrankPack-main/Pack/Prank Pack/Fun/toonel.exe
-
Size
317KB
-
MD5
a84257e64cfbd9f6c0a574af416bc0d1
-
SHA1
245649583806d63abb1b2dc1947feccc8ce4a4bc
-
SHA256
fe7ff85b95ec06ce0f3cb49fdfa4d36de1f08669d36d381794aaf597510afad7
-
SHA512
6fc85ee0f8c75a25193fc4883a734704a8190253348c158b9cef4b918cffee5c8997c5248ec2bc793f66978e8cb4c5233d300d112f1d7750bc660698414865c2
-
SSDEEP
6144:EuyCVKK3240OlhvSd0lW1+paC2Suyk1CuGSvm+i1ZT43iifl9:r8VMnSaQMYJSRN4uLTgiQH
Score1/10 -
-
-
Target
PrankPack-main/Pack/Prank Pack/Jerking Off.exe
-
Size
4.3MB
-
MD5
8c04303e97c6818afa890e9577c40833
-
SHA1
8546b2e222b9f6166bae7ee6a886eef31696de62
-
SHA256
c9cb4f211fb4fe0f03897a19bc4fdb18f624b44c47878a7e1f36bb23c3f8bb6b
-
SHA512
3b688c8480368208a557132138b60a2fa41bfd3e5f3ec32729e22130bfedfdd4b690c236e18c2db2a905ccb84d5b6ae95f7f52d00600788faa405a263f505235
-
SSDEEP
98304:rw0sfu2JPmqIdqdj4GI06oroGh1F+vSpemN:rw052l5kqh4GWGDmSpemN
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
PrankPack-main/Pack/Prank Pack/Messages/Hydra.exe
-
Size
43KB
-
MD5
b2eca909a91e1946457a0b36eaf90930
-
SHA1
3200c4e4d0d4ece2b2aadb6939be59b91954bcfa
-
SHA256
0b6c0af51cde971b3e5f8aa204f8205418ab8c180b79a5ac1c11a6e0676f0f7c
-
SHA512
607d20e4a46932c7f4d9609ef9451e2303cd79e7c4778fe03f444e7dc800d6de7537fd2648c7c476b9f098588dc447e8c39d8b21cd528d002dfa513a19c6ebbf
-
SSDEEP
768:1uy2FRMytCquuhuVWHzeYDroQXI2zeYDriexi:N6HeQXI1exi
Score1/10 -
-
-
Target
PrankPack-main/Pack/Prank Pack/Messages/Message 1.VBS
-
Size
70B
-
MD5
0b50916c599ac4db9db163a466072207
-
SHA1
78277c881edb1508aa716e314fbf3872090879d9
-
SHA256
d495d28906e003146a99268c325aa21e539e06cb1f92fce57dab43aa030e0ab1
-
SHA512
8e19f6e308245d09860b58151b6e6da7bf8f4abc9637a2cb67039488678bc513df061c29c807e938772d91ffb887bc3041c0034db7adba243502918da3f99a00
Score1/10 -
-
-
Target
PrankPack-main/Pack/Prank Pack/Messages/Message 2.vbs
-
Size
36B
-
MD5
f9c1dfdaa28399b34393b30c3cab69e0
-
SHA1
73df0fc7b88fc449631fbb5da89078161514d4cc
-
SHA256
8299f44dfc04249364132cc0e4f30d04a020fada4c301ddf12ee5fd492244234
-
SHA512
82fc344312b1ec82543d5a338d8b7b3c16cffc76e4a2201016d9829ac15ae3ce36c389796af458418ce4bd23f2854d00f3698b86e326a5b53a9151ed2b420684
Score1/10 -
-
-
Target
PrankPack-main/Pack/Prank Pack/Messages/myBSOD.exe
-
Size
37KB
-
MD5
248f48410f73ec0888d38d6881fbb28c
-
SHA1
32c05b3bbca73bb0b7f97bd1fc353c4f3f3fcbfd
-
SHA256
21f42f82ff05917431637de0d561ddd12efd0bef509490b77b9632d137d4093c
-
SHA512
67e2001b24c7cb765d53b373527b305001552e84e9749094863d2d18427bd666e3bd3c24c60a0761989a40c7c152ea41ea6adcdc74db990af996d8627696f6fe
-
SSDEEP
384:h2xk/iJLh9kc2D1+dT3YojHWisYpNa6P8+TuUAyD2l7:Q2iJLh9kc2DuOYpU6P8+TBAyD
Score1/10 -
-
-
Target
PrankPack-main/Pack/Prank Pack/Messages/system32 delete message.VBS
-
Size
80B
-
MD5
f1ecba99b94ce1c2a7b9feedb89f35ce
-
SHA1
7ef85c54500faacf0032b8a24086d102eedeba9f
-
SHA256
70a1f8f83d9a6a569ff5e18fd94709c820492342453f63efa509e998580054ee
-
SHA512
1fc85e6da961a89b34672e4736c8782b91922cf830181d4af0ca4324d356b483d750c8f39c3995fe0fc0dfb1afc6b2cf791e895fb21c71e35e4d3500033224fe
Score1/10 -
-
-
Target
PrankPack-main/Pack/Prank Pack/Overlay 800x800 Penis Spin.exe
-
Size
7.5MB
-
MD5
118598960643743b3d289c119b8ee85d
-
SHA1
7b4ebac6841181b56c973b8488bf843874123f4a
-
SHA256
09937485f36f0d39599ca57d947373ef2484eb16bea9b39d595b3795d3b02636
-
SHA512
2a3f21b747f7a12209581606ffd54f6140bfba2e5b887bdb86c4b0189c81e6463e5c040c60f60f12b6f27bd1edf38782d62f809600cfcb00ed5bb08c816cab30
-
SSDEEP
196608:SXI/6YcFfBrebd0olJ7rGxUuMu6vzxDJlp6:SY/FyfBA7lsKNtvdPp6
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
PrankPack-main/Pack/Prank Pack/Overlay FULL HD Man with Sound.exe
-
Size
926KB
-
MD5
405251bfd9eba67ef7f0533fe4af4630
-
SHA1
c73f1ad42e0f1becda42c2ebb40d36105c8c5679
-
SHA256
4d9f031b8a37437bdb7fc78f1e0b7eb7f2d13c3c4067c5880bb257b15334a3b7
-
SHA512
2b98bcdf5f9b1b35dd5e52090fc3eb2433157f90915a1cef898a71d95df224f2076b19b23743a4f83205562ba047c59ddc640c28ddd3ba24ca823d1a4da829d5
-
SSDEEP
12288:L7h7MLK768G5VBCLTj71QnhFkyHYSNau90gn8iD6/5PI1boANc1vZ3Mqwwdf+:HR7W8GyOnDpmdIaAS1xNh+
Score1/10 -
-
-
Target
PrankPack-main/Pack/Prank Pack/Overlay FULL HD Naked Man with Sound.exe
-
Size
4.7MB
-
MD5
1d7ec5c0d6ee4de23463e0d80d9b7b79
-
SHA1
743d3856c750e7a2a3254ba6e69d15b8146697ad
-
SHA256
05569c64af3c01d4094782cfedf3d167288167c13ba25c1562235396dcb15cf7
-
SHA512
3137d4c5f53490792dcc4d4d9baef38e5a2a4ee6fbfdeb3dd57039e8ce3f5de3f7dabb728f17e478287fb9b34717ed108228ace7be180f0b226f61ba10f24a0d
-
SSDEEP
98304:gKoW1yuV8k3fzGyW4u6vJeQAlC6vIpa8R7jUTgRk7Z3c/tIoVPU0MDrqO9GF0thM:gK193M4u6JeQMC6Wa8pjUTGk72/tjK0T
Score1/10 -
-
-
Target
PrankPack-main/Pack/Prank Pack/Overlay FULL HD Penis Spin with Sound.exe
-
Size
2.4MB
-
MD5
7fd1b8fbfd95d2781656d41294547529
-
SHA1
efa594f75e2d653499df2d9266f28a6de2ed85be
-
SHA256
8f33534fd04867c7607d980d50e9f8abfed2d70f3fdff3e5514e7cf4539a9a91
-
SHA512
3acab9b8e6b105538a84479fe8542a192b6dbc8f19fc89107a81dd0e2cc6b87f5ae8f49750f7eeee8dd80313ebfbeb9b9f5a7091e0c76ef91e55522ecc72d3f8
-
SSDEEP
49152:j/XeGHi4uZqANETwhD30QmJ8d+3tlilsfLZqFnIAphRK/:DeGLANOwhD5bdwSsf5Aphy
Score1/10 -
-
-
Target
PrankPack-main/Pack/Prank Pack/Overlay FULL HD Penis Spin.exe
-
Size
4.7MB
-
MD5
bb4a5266324a3dee6cb4b06d03f3f3e9
-
SHA1
9f08e998088faa8386928c4a4dcbca5214b4f422
-
SHA256
7dd0d8c33379f84e3e23d29340051465197735d7fc1e5debf9bf5a6b4f220484
-
SHA512
18fc7355ea1182096aac1786369e07b0828346dcb68405082089c2498fbaffce32563cb666600e6d50ea4c0810ffaa8bbbca014e4b5fd14a0c6100483885ad66
-
SSDEEP
98304:ceGLANOwhDMNyINf+e6QQeyATAWJc9KKZBFALYiTtG2W:QLANOwZMNygxQeBs9KaBFuYi
Score1/10 -
-
-
Target
PrankPack-main/Pack/Prank Pack/Overlay Full HD Hitler.exe
-
Size
10.0MB
-
MD5
be9b8e7c29977c01f3122f1e5082f45d
-
SHA1
c53a253ac33ab33e94f3ad5e5200645b6391b779
-
SHA256
cb6384b855d46fe5678bb3d5d1fc77c800884f8345cb490e1aa71646e872d3ae
-
SHA512
91514128a7a488581372881a556b081ad920086fd43da84188033f0bd48f294199192b753ec691c2cb79072420b346f767d9cfb4ef2d119ca1e345d65df8dc34
-
SSDEEP
196608:2+pelNMXq98NJb96V2YkR5IWBPOBJ4KaNzP2aX1HfNYRwBNo8YhrqE:bpeZ98bB6YYkR5DFCJwNzP2O5mRw/o8a
Score1/10 -
-
-
Target
PrankPack-main/Pack/Prank Pack/Overlay Full HD Poop.exe
-
Size
3.4MB
-
MD5
8fdfe45f0be748222750dbe5860f3f48
-
SHA1
41cee95476ba1a5d53e33d84312fcfdc5837f8f7
-
SHA256
6a8ba5558325f0b90a8247cfc68ca7df7d9b5fa63ac90a5f304dc40bec9390e9
-
SHA512
4b3bacfd33f707303511fd76015db43be863d8b5d03fbf5c3a1f9773791f52f410b76c0539b5f3504b5e691a458f6bb6a6b74f217547ef03554ab76558f01228
-
SSDEEP
49152:N/OrUhRGHpVJIEpR8sZmyin1VsKVBHBxu94Pl8z63bRLSEwB0ohdlEBzWYjjGo:XaV5pHml1VnHPC4d8EbRLFdMdqBzfj
Score1/10 -
-
-
Target
PrankPack-main/Pack/Prank Pack/Overlay Full HD with Sound.exe
-
Size
5.1MB
-
MD5
2d3ff189350039b190c8aae3a6aadb12
-
SHA1
47ac43af9231da7437ef4652f9327c2ce43530ff
-
SHA256
51d4e07b947603125a775b80bf4c7474c10f091f795bd8b2156ba038a8008cfc
-
SHA512
eef7447589290f03c934514c601d52d488f7cf6963d15a648605f84caebf3efd0cc71d0edf4192f1d0f13bf2efb3cf226a6e39676fb3336f23cdbacb4e58d312
-
SSDEEP
98304:J2e5zUetUjV8k3fzGyW4u6vJeQAlC6vIpa8R7jUTgRk7Z3c/tIoVPU0MDrqO9GFt:meto93M4u6JeQMC6Wa8pjUTGk72/tjKi
Score1/10 -
-
-
Target
PrankPack-main/Pack/Prank Pack/Overlay.exe
-
Size
53KB
-
MD5
d0a314fbbc8e3932366190b80d3a1d43
-
SHA1
9f5acdce5c4be66bce4d36d30dc0cc28cc607269
-
SHA256
b59b98e49c5a393691d1766623992d7b998b61a4f4420769c1431963146fdf6b
-
SHA512
15cda90b5bcd668b28a165cd83a165cb709b76cfcca21bd7918f6693022f93bafcb930dbbc8504c1ec9f47baa828ae47c58cf38b04ac1ec83911d126fe443d64
-
SSDEEP
1536:fc8bWtCQDoca1B6uJZVoHcCW31lQW3sCkr9V:fc8bWtvA1B6uJPg21KNCkr9V
Score1/10 -
-
-
Target
PrankPack-main/Pack/Prank Pack/Penis Cursor Changer.exe
-
Size
323KB
-
MD5
c76b0867436829232609a7f6c786c37c
-
SHA1
06d88a277a77db9494feca72c31a35af3f83a4f8
-
SHA256
3c399e4c4826de5f378e1da9a9e54c29bf8d557aae01f53d307c4bf565d03194
-
SHA512
9047a8ac3a2795c73e5650ce37d0595798532579ca4013f2498e9641796d9814aba1d138812ee28135edd4b48843f58063c278511c4279ee3afbd422a683359d
-
SSDEEP
6144:4a8JsLcpjzTDDmHayakLkrb4NSarQWtT+tG1Xh:kzxzTDWikLSb4NS7ET+tG1Xh
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
PrankPack-main/Pack/Prank Pack/Screamer.exe
-
Size
7.4MB
-
MD5
3c3d1168fc2724c551837a505ea4374e
-
SHA1
86c913a12067fd2c1bbc31fb64a5b5d056175841
-
SHA256
f91c14c328544a2d4cc216c7c2115283806fa3201d40bd3c7c5d79dccd025b09
-
SHA512
0f181c9753a3f55e4f4a434ea3e972e00b46fb7319d95a4b7a5c7d09888537df4a8fc4c2c5e0232f96b441727e45a595eed42721ff8c7799302e4d3f13156a8e
-
SSDEEP
98304:RWaPi95brhiYYIOyWLFA/pr2LFsoYe91+BZoNIr7wqscUByK1mn2UH+UMUIZHdrq:RV6QqOyjr2LF3Ye6YmnwqdU142UM7Vq
Score1/10 -
-
-
Target
PrankPack-main/Pack/Prank Pack/Screen Breaker (DANGEROUS).exe
-
Size
5.1MB
-
MD5
864a350ee062a6fa8d89eb4d42310dbf
-
SHA1
5fde41853e8f94a1e40f83784e3acd0a1e1730e9
-
SHA256
0aaafb0b3d84c1b167ae2f0271686edf3d261e34a880ea2d5e9eb1356d948f4e
-
SHA512
4ce87addde6290e0910bc02ac1d4525b16e19e5194b92e4b2574655d01619e7de250bc88888e403f6f2360d056309476b03f97e667da932c3d2700e7733e1899
-
SSDEEP
98304:aR9SkJwyWL+DOkY0qWGhXz2OknchF4Djj+89s6q3AaShk4:cjJwH0BGJFvojy8S6Y1Sp
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
PrankPack-main/Pack/Prank Pack/Sound 10 (EXTREMELY LOUD).exe
-
Size
367KB
-
MD5
4312fc1e1e3de4b540e76d7867ef6a20
-
SHA1
e1bf939c3fbdec3c216b5a64bd1021590257ea96
-
SHA256
ba5ac5c166eb578e235d14d00e428f9d7e81b8a9d05d33bafeb54aa577ee2033
-
SHA512
0370d1c1d0d0b3adbb59270d97290058ad61d05dee26a4edab91f9acaa8a67540c3a51c779892e6300abbb91e0ac921fb75343ea5dd3387deabb1b2deab388fc
-
SSDEEP
6144:ZjyGJlM1Ub7BIOI0Bm+fP3dOaNdwrrh/ybylnoda52Kzc3m8ejFDqoS:ZmONm+XtOa2jO6UexDqoS
Score7/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
PrankPack-main/Pack/Prank Pack/Swastika Cursor Changer.exe
-
Size
48KB
-
MD5
e4c3f8e4608d6415a8c1dbea81a56e99
-
SHA1
e65b6dbe02e7cdd7770bead3b18c5597a4d921d3
-
SHA256
5844c659c4ad02e5a5e38ae75ada3211202df32887f6a498e70cb90facb21288
-
SHA512
73c5d7a3e3e81b4105d5465de1e8f5a0cca81f059baafa03f75e23aa51b1980f62a30deb85bee4748ca7fbb8189b01eb02c992756bda6f8f55ac6eef80522ff1
-
SSDEEP
768:Ipm7BcEKNvBcvL6VeRNL1a6ZO4PTPz+o+CKr3zQ4NuVVWgP4+zZfvgQnbcuyD7UT:IpfEKNCj6VoJl9Go5K7s4Nu3fvBnouyw
Score7/10-
Executes dropped EXE
-
-
-
Target
PrankPack-main/Pack/Prank Pack/Vote Overlay.exe
-
Size
159KB
-
MD5
aed31f4095c122292a392df17053819a
-
SHA1
c820c2da165965faddb5e29842e217748f51c3b2
-
SHA256
80c54c67029154dd9364c7017e3700b9382a49f352d4b813ece3ec3a3498908a
-
SHA512
180498cc26ed82d2995d94d162ba293cb338b50beec3b0f4148635692eaff64058c78a3ebeec38ca25ea2b603890002346a73961babd9087a726efa30361b378
-
SSDEEP
3072:sre8T1DCKo2WRPsXxAU0RITB4l7tLV0I:we8SrR0B0Rflt
Score1/10 -
-
-
Target
PrankPack-main/Pack/Prank Pack/Winlocker Builder/WinLocker Builder 1.exe
-
Size
2.9MB
-
MD5
5b8424091039427183735ad7957dcbf4
-
SHA1
f6e8c595d397f7510c17f6e932d080b2040ede00
-
SHA256
9b106ec7ed3ba6caf1370e573e03d1de093516ce2746bb8fe1f23b6d9b328cab
-
SHA512
5a77c01ac24b0cda39384aa68fce7c823d4b0474e8190fe380dc30ce1d9c416c8bd98b1715c38471dd16304024b96627f46504afa87854b4f11914b5109d6ad0
-
SSDEEP
49152:3dBIlg2JH5P3Grb1NB76QImvuUM0gR3M0/XuPYYe5j6piBdpb8+YB4kFKM:3dBWg2JHd3eb1r76QIyF03TNYUPu+s4Q
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
PrankPack-main/Pack/Prank Pack/Winlocker Builder/WinLocker Builder 2.exe
-
Size
1.7MB
-
MD5
410fe67a1b89105486140bb30a6b9ca9
-
SHA1
f8d50097c608da77637977f64e7a48f3da7bc092
-
SHA256
ff77277245800b3aa373bc1a9e789014ee50af2450133ae10c1569d84f32b2cf
-
SHA512
94dd01181936b14b3b6d638e3aee8016d8674e0c3d5a1b48c4e8e71d6ac940aeb359eeb29fff4abb16585520d0720de0a56d83a866058e6741d9a052486383e5
-
SSDEEP
24576:pGYwefQHQnJceBaVvlW1t39AJ4FsnAwtir2CESobryiGzozFg7c:pGYp5uvC9sAwtUH02c
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies WinLogon for persistence
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2