Overview

overview

10

Static

static

10

PrankPack-...MD.exe

windows7-x64

7

PrankPack-...rp.exe

windows7-x64

1

PrankPack-...or.exe

windows7-x64

1

PrankPack-...ns.exe

windows7-x64

1

PrankPack-...se.exe

windows7-x64

1

PrankPack-...od.hta

windows7-x64

1

PrankPack-...ot.hta

windows7-x64

10

PrankPack-...el.exe

windows7-x64

1

PrankPack-...ff.exe

windows7-x64

7

PrankPack-...ra.exe

windows7-x64

1

PrankPack-... 1.vbs

windows7-x64

1

PrankPack-... 2.vbs

windows7-x64

1

PrankPack-...OD.exe

windows7-x64

1

PrankPack-...ge.vbs

windows7-x64

1

PrankPack-...in.exe

windows7-x64

7

PrankPack-...nd.exe

windows7-x64

1

PrankPack-...nd.exe

windows7-x64

1

PrankPack-...nd.exe

windows7-x64

1

PrankPack-...in.exe

windows7-x64

1

PrankPack-...er.exe

windows7-x64

1

PrankPack-...op.exe

windows7-x64

1

PrankPack-...nd.exe

windows7-x64

1

PrankPack-...ay.exe

windows7-x64

1

PrankPack-...er.exe

windows7-x64

7

PrankPack-...er.exe

windows7-x64

1

PrankPack-...S).exe

windows7-x64

7

PrankPack-...D).exe

windows7-x64

7

PrankPack-...er.exe

windows7-x64

7

PrankPack-...ay.exe

windows7-x64

1

PrankPack-... 1.exe

windows7-x64

10

PrankPack-... 2.exe

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PrankPack-main.zip

  • Size

    76.9MB

  • Sample

    240310-v4knbshb68

  • MD5

    75a84d1ef854820eea33a0cdc657df58

  • SHA1

    2272b93b9c5021ed5e9f7a6f53c975d9906a28fc

  • SHA256

    ff33b0edf302dca30948ae6214dda0cb922c7523973aa87e8f61a46c3be5c752

  • SHA512

    868699576f31df2ed2e611546927ebb6ed02ff15c8ada74a3e70bcdf721c4e430957eda77cf6382dca6140ae3f17c9621a4b80669f2308bcc23751f9ca3b16a2

  • SSDEEP

    1572864:azBJ0D3wmDYXL4dgy1NP9KP2CPgmO98PDlxOMI0ictRmnG1lUPYrw7pj:adJ0bDYXL4dgSUP2k5wnivmnClUAwFj

Score
10/10
darkcometmodiloaderneshtaguest16aspackv2persistencerattrojanupx

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

gameservice.ddns.net:4320

Mutex

DC_MUTEX-WBUNVXD

Attributes
  • InstallPath

    AudioDriver\taskhost.exe

  • gencode

    EWSsWwgyJrUD

  • install

    true

  • offline_keylogger

    true

  • persistence

    false

  • reg_key

    AudioDriver

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://raw.githubusercontent.com/cheetz/PowerSploit/master/CodeExecution/Invoke--Shellcode.ps1

Targets

    • Target

      PrankPack-main/Pack/Prank Pack/Fun/Bomber CMD.exe

    • Size

      44KB

    • MD5

      26eacb0c38f1dcea74aad8f8b4fc3800

    • SHA1

      947224d73036008dcb6593811e6211c2a2c82f55

    • SHA256

      4ff6abcd8168f723111c09b863ead5dc9b7f3980555ead7d2a90784cbbaf348c

    • SHA512

      672c5a6d76177fd24e36153261396bd0535e13beb811e6fb825678eb0fea751edf346639efdc0ccc98ea1c0bc24269a6c194743f1cedaf8532784116bf667f4b

    • SSDEEP

      768:zpm7BcEKNvBcvL6VeRNL1a6ZO4PTPz+o+CKr3zQ4NuVVWgP4+z8nbcuyD7UBKOi:zpfEKNCj6VoJl9Go5K7s4Nu3qnouy8Bo

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

    • Target

      PrankPack-main/Pack/Prank Pack/Fun/Burp.exe

    • Size

      311KB

    • MD5

      76047996f4f4ff35476d1d961ea7ae85

    • SHA1

      171026463d36aee9df90166ff3c9cb93e3b0e76b

    • SHA256

      4f29dec6e66bf0aef0a30275f45eebadd50a42ad4b13b28ed8307ab4c403533e

    • SHA512

      d24b64b87660dcdc9168efca1ac5c7047a27c3cafb23b81f203e6e734c855dc2d32921908e98f03191e872feb5719518dbe469762021b19b485b498db96ef5ce

    • SSDEEP

      6144:mm12xQ0PXSKaOs1ZPVlnY8pR8NY5C2zihlFBsv2w2VKqZw4X0:loxQ0/HUlzYGiS/OvLsuw2VKqZw

    Score
    1/10
    behavioral2

    • Target

      PrankPack-main/Pack/Prank Pack/Fun/Error Icons Cursor.exe

    • Size

      316KB

    • MD5

      135eeb256e92d261066cfd3ffd31fb3e

    • SHA1

      5c275ffd2ab1359249bae8c91bebcab19a185e91

    • SHA256

      f0fe346146c30129ed6f507906c973f1a54c7d8dd8821c97e9b6edc42545699d

    • SHA512

      a3792f92b116851023620d862cac6d2b5542de41390b6b8d223074db94193f0ee6dfcc9d6588ea3e77173f73c7fdfc5f9a1e1044c597636fe275d9ff4b76a12b

    • SSDEEP

      6144:N11KK324vOlFvSd05W1+5aq2EWykUCuOSTm+q1ZTq3iifGPh:bcVVrSa0MoxEZ+Qy3TGiQU

    Score
    1/10
    behavioral3

    • Target

      PrankPack-main/Pack/Prank Pack/Fun/Error Icons.exe

    • Size

      316KB

    • MD5

      7f31508d95be3fe50e4e9aa646e86a12

    • SHA1

      c61b439d6e17d630728f48c09b36af2647940748

    • SHA256

      994efdb644ca1acb029dfd8d8eeba440e1cb74d93841b17f21165b9900730b15

    • SHA512

      2e2b01e84a3476b47a9c703b71ce31887e4a4fa9340780f0cbbd20601be621bf00b9619df8bec0e81b2825550150c477c5071d921104a4c6265ef2d5a9e77eda

    • SSDEEP

      6144:tX1KK324vOlFvSd05W1+5aq2EWykUCuOSTm+q1ZTq3iifGS4:JcVVrSa0MoxEZ+Qy3TGiQW

    Score
    1/10
    behavioral4

    • Target

      PrankPack-main/Pack/Prank Pack/Fun/Inverse.exe

    • Size

      2.3MB

    • MD5

      a44458813e819777013eb3e644d74362

    • SHA1

      2dd0616ca78e22464cf0cf68ef7915358a16f9ee

    • SHA256

      47f0e9a90d45b193e81d3e60b7a43e5a4550a07a3dd1f7c98110fde12265d999

    • SHA512

      1a4723a36f55cf696f33a7927571bda403e81ced32fda85c7cf25c8458897fb187e46bf5f80c26542725a9a7e5aa0e961fd3f3b110ae8f54b3b96b3e5dfc8215

    • SSDEEP

      49152:t3Qe5ZlQ0WORqQ6BbXNYD8fOVk9hVzestkkWi5sWTnE:tJ320WORRqNYD8fOVk9hVzestkk15sWw

    Score
    1/10
    behavioral5

    • Target

      PrankPack-main/Pack/Prank Pack/Fun/bsod.hta

    • Size

      1KB

    • MD5

      b7908011126c28e11d3ff1b0b49c58c9

    • SHA1

      86b6778ee2bb6e20159f337283f1ffa8b0982b05

    • SHA256

      c7e0d4180cc658c71d44a8cd92c77fac034d91825a2a85b7249e8c3ec0199b99

    • SHA512

      8a2efe13bb54d63edf91edc10e7e8b6b7cdb3c89bb0271c1ff1179ba7eef0784981bdfc4d3d05e0c68a9722d49a6934467e95902b5749689460d7e48e65df22f

    Score
    1/10
    behavioral6

    • Target

      PrankPack-main/Pack/Prank Pack/Fun/hotspot.hta

    • Size

      745B

    • MD5

      f9eec467b1530d079ac1f861f650fb35

    • SHA1

      02105448fd5a1d96022f54454f9fd0878c6a7971

    • SHA256

      53b20767ec3176193cd5ba0e52a0ad60f54520889c61920758a65f2056765f52

    • SHA512

      648356a3e197b3c53be0a05358025ae49c2915a0156ee783baeaf166c4ef4a19736f9920b0ebdedf6c93ab35af2bc416cc2836f62dab4e047dd7a0b6fd09dad8

    Score
    10/10

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    behavioral7

    • Target

      PrankPack-main/Pack/Prank Pack/Fun/toonel.exe

    • Size

      317KB

    • MD5

      a84257e64cfbd9f6c0a574af416bc0d1

    • SHA1

      245649583806d63abb1b2dc1947feccc8ce4a4bc

    • SHA256

      fe7ff85b95ec06ce0f3cb49fdfa4d36de1f08669d36d381794aaf597510afad7

    • SHA512

      6fc85ee0f8c75a25193fc4883a734704a8190253348c158b9cef4b918cffee5c8997c5248ec2bc793f66978e8cb4c5233d300d112f1d7750bc660698414865c2

    • SSDEEP

      6144:EuyCVKK3240OlhvSd0lW1+paC2Suyk1CuGSvm+i1ZT43iifl9:r8VMnSaQMYJSRN4uLTgiQH

    Score
    1/10
    behavioral8

    • Target

      PrankPack-main/Pack/Prank Pack/Jerking Off.exe

    • Size

      4.3MB

    • MD5

      8c04303e97c6818afa890e9577c40833

    • SHA1

      8546b2e222b9f6166bae7ee6a886eef31696de62

    • SHA256

      c9cb4f211fb4fe0f03897a19bc4fdb18f624b44c47878a7e1f36bb23c3f8bb6b

    • SHA512

      3b688c8480368208a557132138b60a2fa41bfd3e5f3ec32729e22130bfedfdd4b690c236e18c2db2a905ccb84d5b6ae95f7f52d00600788faa405a263f505235

    • SSDEEP

      98304:rw0sfu2JPmqIdqdj4GI06oroGh1F+vSpemN:rw052l5kqh4GWGDmSpemN

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral9

    • Target

      PrankPack-main/Pack/Prank Pack/Messages/Hydra.exe

    • Size

      43KB

    • MD5

      b2eca909a91e1946457a0b36eaf90930

    • SHA1

      3200c4e4d0d4ece2b2aadb6939be59b91954bcfa

    • SHA256

      0b6c0af51cde971b3e5f8aa204f8205418ab8c180b79a5ac1c11a6e0676f0f7c

    • SHA512

      607d20e4a46932c7f4d9609ef9451e2303cd79e7c4778fe03f444e7dc800d6de7537fd2648c7c476b9f098588dc447e8c39d8b21cd528d002dfa513a19c6ebbf

    • SSDEEP

      768:1uy2FRMytCquuhuVWHzeYDroQXI2zeYDriexi:N6HeQXI1exi

    Score
    1/10
    behavioral10

    • Target

      PrankPack-main/Pack/Prank Pack/Messages/Message 1.VBS

    • Size

      70B

    • MD5

      0b50916c599ac4db9db163a466072207

    • SHA1

      78277c881edb1508aa716e314fbf3872090879d9

    • SHA256

      d495d28906e003146a99268c325aa21e539e06cb1f92fce57dab43aa030e0ab1

    • SHA512

      8e19f6e308245d09860b58151b6e6da7bf8f4abc9637a2cb67039488678bc513df061c29c807e938772d91ffb887bc3041c0034db7adba243502918da3f99a00

    Score
    1/10
    behavioral11

    • Target

      PrankPack-main/Pack/Prank Pack/Messages/Message 2.vbs

    • Size

      36B

    • MD5

      f9c1dfdaa28399b34393b30c3cab69e0

    • SHA1

      73df0fc7b88fc449631fbb5da89078161514d4cc

    • SHA256

      8299f44dfc04249364132cc0e4f30d04a020fada4c301ddf12ee5fd492244234

    • SHA512

      82fc344312b1ec82543d5a338d8b7b3c16cffc76e4a2201016d9829ac15ae3ce36c389796af458418ce4bd23f2854d00f3698b86e326a5b53a9151ed2b420684

    Score
    1/10
    behavioral12

    • Target

      PrankPack-main/Pack/Prank Pack/Messages/myBSOD.exe

    • Size

      37KB

    • MD5

      248f48410f73ec0888d38d6881fbb28c

    • SHA1

      32c05b3bbca73bb0b7f97bd1fc353c4f3f3fcbfd

    • SHA256

      21f42f82ff05917431637de0d561ddd12efd0bef509490b77b9632d137d4093c

    • SHA512

      67e2001b24c7cb765d53b373527b305001552e84e9749094863d2d18427bd666e3bd3c24c60a0761989a40c7c152ea41ea6adcdc74db990af996d8627696f6fe

    • SSDEEP

      384:h2xk/iJLh9kc2D1+dT3YojHWisYpNa6P8+TuUAyD2l7:Q2iJLh9kc2DuOYpU6P8+TBAyD

    Score
    1/10
    behavioral13

    • Target

      PrankPack-main/Pack/Prank Pack/Messages/system32 delete message.VBS

    • Size

      80B

    • MD5

      f1ecba99b94ce1c2a7b9feedb89f35ce

    • SHA1

      7ef85c54500faacf0032b8a24086d102eedeba9f

    • SHA256

      70a1f8f83d9a6a569ff5e18fd94709c820492342453f63efa509e998580054ee

    • SHA512

      1fc85e6da961a89b34672e4736c8782b91922cf830181d4af0ca4324d356b483d750c8f39c3995fe0fc0dfb1afc6b2cf791e895fb21c71e35e4d3500033224fe

    Score
    1/10
    behavioral14

    • Target

      PrankPack-main/Pack/Prank Pack/Overlay 800x800 Penis Spin.exe

    • Size

      7.5MB

    • MD5

      118598960643743b3d289c119b8ee85d

    • SHA1

      7b4ebac6841181b56c973b8488bf843874123f4a

    • SHA256

      09937485f36f0d39599ca57d947373ef2484eb16bea9b39d595b3795d3b02636

    • SHA512

      2a3f21b747f7a12209581606ffd54f6140bfba2e5b887bdb86c4b0189c81e6463e5c040c60f60f12b6f27bd1edf38782d62f809600cfcb00ed5bb08c816cab30

    • SSDEEP

      196608:SXI/6YcFfBrebd0olJ7rGxUuMu6vzxDJlp6:SY/FyfBA7lsKNtvdPp6

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral15

    • Target

      PrankPack-main/Pack/Prank Pack/Overlay FULL HD Man with Sound.exe

    • Size

      926KB

    • MD5

      405251bfd9eba67ef7f0533fe4af4630

    • SHA1

      c73f1ad42e0f1becda42c2ebb40d36105c8c5679

    • SHA256

      4d9f031b8a37437bdb7fc78f1e0b7eb7f2d13c3c4067c5880bb257b15334a3b7

    • SHA512

      2b98bcdf5f9b1b35dd5e52090fc3eb2433157f90915a1cef898a71d95df224f2076b19b23743a4f83205562ba047c59ddc640c28ddd3ba24ca823d1a4da829d5

    • SSDEEP

      12288:L7h7MLK768G5VBCLTj71QnhFkyHYSNau90gn8iD6/5PI1boANc1vZ3Mqwwdf+:HR7W8GyOnDpmdIaAS1xNh+

    Score
    1/10
    behavioral16

    • Target

      PrankPack-main/Pack/Prank Pack/Overlay FULL HD Naked Man with Sound.exe

    • Size

      4.7MB

    • MD5

      1d7ec5c0d6ee4de23463e0d80d9b7b79

    • SHA1

      743d3856c750e7a2a3254ba6e69d15b8146697ad

    • SHA256

      05569c64af3c01d4094782cfedf3d167288167c13ba25c1562235396dcb15cf7

    • SHA512

      3137d4c5f53490792dcc4d4d9baef38e5a2a4ee6fbfdeb3dd57039e8ce3f5de3f7dabb728f17e478287fb9b34717ed108228ace7be180f0b226f61ba10f24a0d

    • SSDEEP

      98304:gKoW1yuV8k3fzGyW4u6vJeQAlC6vIpa8R7jUTgRk7Z3c/tIoVPU0MDrqO9GF0thM:gK193M4u6JeQMC6Wa8pjUTGk72/tjK0T

    Score
    1/10
    behavioral17

    • Target

      PrankPack-main/Pack/Prank Pack/Overlay FULL HD Penis Spin with Sound.exe

    • Size

      2.4MB

    • MD5

      7fd1b8fbfd95d2781656d41294547529

    • SHA1

      efa594f75e2d653499df2d9266f28a6de2ed85be

    • SHA256

      8f33534fd04867c7607d980d50e9f8abfed2d70f3fdff3e5514e7cf4539a9a91

    • SHA512

      3acab9b8e6b105538a84479fe8542a192b6dbc8f19fc89107a81dd0e2cc6b87f5ae8f49750f7eeee8dd80313ebfbeb9b9f5a7091e0c76ef91e55522ecc72d3f8

    • SSDEEP

      49152:j/XeGHi4uZqANETwhD30QmJ8d+3tlilsfLZqFnIAphRK/:DeGLANOwhD5bdwSsf5Aphy

    Score
    1/10
    behavioral18

    • Target

      PrankPack-main/Pack/Prank Pack/Overlay FULL HD Penis Spin.exe

    • Size

      4.7MB

    • MD5

      bb4a5266324a3dee6cb4b06d03f3f3e9

    • SHA1

      9f08e998088faa8386928c4a4dcbca5214b4f422

    • SHA256

      7dd0d8c33379f84e3e23d29340051465197735d7fc1e5debf9bf5a6b4f220484

    • SHA512

      18fc7355ea1182096aac1786369e07b0828346dcb68405082089c2498fbaffce32563cb666600e6d50ea4c0810ffaa8bbbca014e4b5fd14a0c6100483885ad66

    • SSDEEP

      98304:ceGLANOwhDMNyINf+e6QQeyATAWJc9KKZBFALYiTtG2W:QLANOwZMNygxQeBs9KaBFuYi

    Score
    1/10
    behavioral19

    • Target

      PrankPack-main/Pack/Prank Pack/Overlay Full HD Hitler.exe

    • Size

      10.0MB

    • MD5

      be9b8e7c29977c01f3122f1e5082f45d

    • SHA1

      c53a253ac33ab33e94f3ad5e5200645b6391b779

    • SHA256

      cb6384b855d46fe5678bb3d5d1fc77c800884f8345cb490e1aa71646e872d3ae

    • SHA512

      91514128a7a488581372881a556b081ad920086fd43da84188033f0bd48f294199192b753ec691c2cb79072420b346f767d9cfb4ef2d119ca1e345d65df8dc34

    • SSDEEP

      196608:2+pelNMXq98NJb96V2YkR5IWBPOBJ4KaNzP2aX1HfNYRwBNo8YhrqE:bpeZ98bB6YYkR5DFCJwNzP2O5mRw/o8a

    Score
    1/10
    behavioral20

    • Target

      PrankPack-main/Pack/Prank Pack/Overlay Full HD Poop.exe

    • Size

      3.4MB

    • MD5

      8fdfe45f0be748222750dbe5860f3f48

    • SHA1

      41cee95476ba1a5d53e33d84312fcfdc5837f8f7

    • SHA256

      6a8ba5558325f0b90a8247cfc68ca7df7d9b5fa63ac90a5f304dc40bec9390e9

    • SHA512

      4b3bacfd33f707303511fd76015db43be863d8b5d03fbf5c3a1f9773791f52f410b76c0539b5f3504b5e691a458f6bb6a6b74f217547ef03554ab76558f01228

    • SSDEEP

      49152:N/OrUhRGHpVJIEpR8sZmyin1VsKVBHBxu94Pl8z63bRLSEwB0ohdlEBzWYjjGo:XaV5pHml1VnHPC4d8EbRLFdMdqBzfj

    Score
    1/10
    behavioral21

    • Target

      PrankPack-main/Pack/Prank Pack/Overlay Full HD with Sound.exe

    • Size

      5.1MB

    • MD5

      2d3ff189350039b190c8aae3a6aadb12

    • SHA1

      47ac43af9231da7437ef4652f9327c2ce43530ff

    • SHA256

      51d4e07b947603125a775b80bf4c7474c10f091f795bd8b2156ba038a8008cfc

    • SHA512

      eef7447589290f03c934514c601d52d488f7cf6963d15a648605f84caebf3efd0cc71d0edf4192f1d0f13bf2efb3cf226a6e39676fb3336f23cdbacb4e58d312

    • SSDEEP

      98304:J2e5zUetUjV8k3fzGyW4u6vJeQAlC6vIpa8R7jUTgRk7Z3c/tIoVPU0MDrqO9GFt:meto93M4u6JeQMC6Wa8pjUTGk72/tjKi

    Score
    1/10
    behavioral22

    • Target

      PrankPack-main/Pack/Prank Pack/Overlay.exe

    • Size

      53KB

    • MD5

      d0a314fbbc8e3932366190b80d3a1d43

    • SHA1

      9f5acdce5c4be66bce4d36d30dc0cc28cc607269

    • SHA256

      b59b98e49c5a393691d1766623992d7b998b61a4f4420769c1431963146fdf6b

    • SHA512

      15cda90b5bcd668b28a165cd83a165cb709b76cfcca21bd7918f6693022f93bafcb930dbbc8504c1ec9f47baa828ae47c58cf38b04ac1ec83911d126fe443d64

    • SSDEEP

      1536:fc8bWtCQDoca1B6uJZVoHcCW31lQW3sCkr9V:fc8bWtvA1B6uJPg21KNCkr9V

    Score
    1/10
    behavioral23

    • Target

      PrankPack-main/Pack/Prank Pack/Penis Cursor Changer.exe

    • Size

      323KB

    • MD5

      c76b0867436829232609a7f6c786c37c

    • SHA1

      06d88a277a77db9494feca72c31a35af3f83a4f8

    • SHA256

      3c399e4c4826de5f378e1da9a9e54c29bf8d557aae01f53d307c4bf565d03194

    • SHA512

      9047a8ac3a2795c73e5650ce37d0595798532579ca4013f2498e9641796d9814aba1d138812ee28135edd4b48843f58063c278511c4279ee3afbd422a683359d

    • SSDEEP

      6144:4a8JsLcpjzTDDmHayakLkrb4NSarQWtT+tG1Xh:kzxzTDWikLSb4NS7ET+tG1Xh

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral24

    • Target

      PrankPack-main/Pack/Prank Pack/Screamer.exe

    • Size

      7.4MB

    • MD5

      3c3d1168fc2724c551837a505ea4374e

    • SHA1

      86c913a12067fd2c1bbc31fb64a5b5d056175841

    • SHA256

      f91c14c328544a2d4cc216c7c2115283806fa3201d40bd3c7c5d79dccd025b09

    • SHA512

      0f181c9753a3f55e4f4a434ea3e972e00b46fb7319d95a4b7a5c7d09888537df4a8fc4c2c5e0232f96b441727e45a595eed42721ff8c7799302e4d3f13156a8e

    • SSDEEP

      98304:RWaPi95brhiYYIOyWLFA/pr2LFsoYe91+BZoNIr7wqscUByK1mn2UH+UMUIZHdrq:RV6QqOyjr2LF3Ye6YmnwqdU142UM7Vq

    Score
    1/10
    behavioral25

    • Target

      PrankPack-main/Pack/Prank Pack/Screen Breaker (DANGEROUS).exe

    • Size

      5.1MB

    • MD5

      864a350ee062a6fa8d89eb4d42310dbf

    • SHA1

      5fde41853e8f94a1e40f83784e3acd0a1e1730e9

    • SHA256

      0aaafb0b3d84c1b167ae2f0271686edf3d261e34a880ea2d5e9eb1356d948f4e

    • SHA512

      4ce87addde6290e0910bc02ac1d4525b16e19e5194b92e4b2574655d01619e7de250bc88888e403f6f2360d056309476b03f97e667da932c3d2700e7733e1899

    • SSDEEP

      98304:aR9SkJwyWL+DOkY0qWGhXz2OknchF4Djj+89s6q3AaShk4:cjJwH0BGJFvojy8S6Y1Sp

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral26

    • Target

      PrankPack-main/Pack/Prank Pack/Sound 10 (EXTREMELY LOUD).exe

    • Size

      367KB

    • MD5

      4312fc1e1e3de4b540e76d7867ef6a20

    • SHA1

      e1bf939c3fbdec3c216b5a64bd1021590257ea96

    • SHA256

      ba5ac5c166eb578e235d14d00e428f9d7e81b8a9d05d33bafeb54aa577ee2033

    • SHA512

      0370d1c1d0d0b3adbb59270d97290058ad61d05dee26a4edab91f9acaa8a67540c3a51c779892e6300abbb91e0ac921fb75343ea5dd3387deabb1b2deab388fc

    • SSDEEP

      6144:ZjyGJlM1Ub7BIOI0Bm+fP3dOaNdwrrh/ybylnoda52Kzc3m8ejFDqoS:ZmONm+XtOa2jO6UexDqoS

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral27

    • Target

      PrankPack-main/Pack/Prank Pack/Swastika Cursor Changer.exe

    • Size

      48KB

    • MD5

      e4c3f8e4608d6415a8c1dbea81a56e99

    • SHA1

      e65b6dbe02e7cdd7770bead3b18c5597a4d921d3

    • SHA256

      5844c659c4ad02e5a5e38ae75ada3211202df32887f6a498e70cb90facb21288

    • SHA512

      73c5d7a3e3e81b4105d5465de1e8f5a0cca81f059baafa03f75e23aa51b1980f62a30deb85bee4748ca7fbb8189b01eb02c992756bda6f8f55ac6eef80522ff1

    • SSDEEP

      768:Ipm7BcEKNvBcvL6VeRNL1a6ZO4PTPz+o+CKr3zQ4NuVVWgP4+zZfvgQnbcuyD7UT:IpfEKNCj6VoJl9Go5K7s4Nu3fvBnouyw

    Score
    7/10
    upx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral28

    • Target

      PrankPack-main/Pack/Prank Pack/Vote Overlay.exe

    • Size

      159KB

    • MD5

      aed31f4095c122292a392df17053819a

    • SHA1

      c820c2da165965faddb5e29842e217748f51c3b2

    • SHA256

      80c54c67029154dd9364c7017e3700b9382a49f352d4b813ece3ec3a3498908a

    • SHA512

      180498cc26ed82d2995d94d162ba293cb338b50beec3b0f4148635692eaff64058c78a3ebeec38ca25ea2b603890002346a73961babd9087a726efa30361b378

    • SSDEEP

      3072:sre8T1DCKo2WRPsXxAU0RITB4l7tLV0I:we8SrR0B0Rflt

    Score
    1/10
    behavioral29

    • Target

      PrankPack-main/Pack/Prank Pack/Winlocker Builder/WinLocker Builder 1.exe

    • Size

      2.9MB

    • MD5

      5b8424091039427183735ad7957dcbf4

    • SHA1

      f6e8c595d397f7510c17f6e932d080b2040ede00

    • SHA256

      9b106ec7ed3ba6caf1370e573e03d1de093516ce2746bb8fe1f23b6d9b328cab

    • SHA512

      5a77c01ac24b0cda39384aa68fce7c823d4b0474e8190fe380dc30ce1d9c416c8bd98b1715c38471dd16304024b96627f46504afa87854b4f11914b5109d6ad0

    • SSDEEP

      49152:3dBIlg2JH5P3Grb1NB76QImvuUM0gR3M0/XuPYYe5j6piBdpb8+YB4kFKM:3dBWg2JHd3eb1r76QIyF03TNYUPu+s4Q

    Score
    10/10
    darkcometguest16persistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral30

    • Target

      PrankPack-main/Pack/Prank Pack/Winlocker Builder/WinLocker Builder 2.exe

    • Size

      1.7MB

    • MD5

      410fe67a1b89105486140bb30a6b9ca9

    • SHA1

      f8d50097c608da77637977f64e7a48f3da7bc092

    • SHA256

      ff77277245800b3aa373bc1a9e789014ee50af2450133ae10c1569d84f32b2cf

    • SHA512

      94dd01181936b14b3b6d638e3aee8016d8674e0c3d5a1b48c4e8e71d6ac940aeb359eeb29fff4abb16585520d0720de0a56d83a866058e6741d9a052486383e5

    • SSDEEP

      24576:pGYwefQHQnJceBaVvlW1t39AJ4FsnAwtir2CESobryiGzozFg7c:pGYp5uvC9sAwtUH02c

    Score
    10/10
    darkcometmodiloaderguest16aspackv2persistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modifies WinLogon for persistence

      persistence

    • ModiLoader Second Stage

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral31

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

4
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Winlogon Helper DLL

2
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

4
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Winlogon Helper DLL

2
T1547.004

Defense Evasion

Modify Registry

6
T1112

Credential Access

Discovery

System Information Discovery

12
T1082

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks

static1

upxmodiloaderneshta
Score
10/10

behavioral1

upx
Score
7/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
10/10

behavioral8

Score
1/10

behavioral9

Score
7/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
7/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
7/10

behavioral25

Score
1/10

behavioral26

Score
7/10

behavioral27

upx
Score
7/10

behavioral28

upx
Score
7/10

behavioral29

Score
1/10

behavioral30

darkcometguest16persistencerattrojan
Score
10/10

behavioral31

darkcometmodiloaderguest16aspackv2persistencerattrojan
Score
10/10