1cdf0dcd13a46906d73588a4f2ef20637d25706ce90b53a7b6f1701c28cb3596

Resubmissions

26-03-2024 14:35

240326-ryecksfd5y 10

26-03-2024 14:27

240326-rse2xsfb8y 10

Analysis

max time kernel
1793s
max time network
1560s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-03-2024 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
Size

3.1MB
MD5

91e55c043a89444b7cdfb335d4e4a5ba
SHA1

d72203d462053c1636e20cf648669b040357d5db
SHA256

79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161
SHA512

3f3efbb9928a8ffa683d2c528bc442545fb330fbf981ff639a581effc91569743258cbad88e9a2c8b6e66448e56af023213fc408ab66a6b53565a4e030a37777
SSDEEP

98304:DFkV34ua2ltBgzXU4Us1DgAtayHKlqo7/Whsg:Db0ltwzDtZHg7/Yx

Score

7^/10

bootkit persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1080	SinBa.exe

Loads dropped DLL 9 IoCs

pid	Process
1368	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
1368	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
1368	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
1080	SinBa.exe
1080	SinBa.exe
1080	SinBa.exe
1080	SinBa.exe
1080	SinBa.exe
1080	SinBa.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	SinBa.exe

Drops file in Program Files directory 51 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\SinBa\Ver.ini	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\local\styles\error.css	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File opened for modification	C:\Program Files (x86)\SinBa\config.dat	SinBa.exe
File opened for modification	C:\Program Files (x86)\SinBa\Ver.ini	SinBa.exe
File opened for modification	C:\Program Files (x86)\SinBa\local\blocklist\blocklist.dat	SinBa.exe
File created	C:\Program Files (x86)\SinBa\GGDUI.dll	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\mfcm90.dll	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\profile.dat	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\update.ini	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\local\error\offcancl.html	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File opened for modification	C:\Program Files (x86)\SinBa\update.zip	SinBa.exe
File created	C:\Program Files (x86)\SinBa\ConfigTool.exe	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\SinBa.exe	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\mfc90.dll	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\Ë«»÷ÎÒÇ©Ãû.bat	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File opened for modification	C:\Program Files (x86)\SinBa\local\homeurl\urlchk.ini	SinBa.exe
File created	C:\Program Files (x86)\SinBa\pthreadVC2.dll	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\log4cxx.dll	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\local\blank\blank.html	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File opened for modification	C:\Program Files (x86)\SinBa\local\homeurl\urlchk.iniGG	SinBa.exe
File created	C:\Program Files (x86)\SinBa\mfc90u.dll	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\local\blocklist\blocklist.dat	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\local\error\error.html	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\loginfo.properties	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\signtool.exe	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File opened for modification	C:\Program Files (x86)\SinBa\ÐÓ°É.url	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\local\navlist\web_nav.html	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\5F82D823-6244-447E-BA3E-A5FAA27629C3.dat.crypt	SinBa.exe
File created	C:\Program Files (x86)\SinBa\local\homeurl\domain.txtGG	SinBa.exe
File opened for modification	C:\Program Files (x86)\SinBa\FavData\Favorite.ini	SinBa.exe
File created	C:\Program Files (x86)\SinBa\Proxy.dat	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\msvcr100.dll	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File opened for modification	C:\Program Files (x86)\SinBa\foot_print\mochen.log	SinBa.exe
File created	C:\Program Files (x86)\SinBa\local\homeurl\domain.txt	SinBa.exe
File created	C:\Program Files (x86)\SinBa\local\homeurl\urlchk.iniGG	SinBa.exe
File created	C:\Program Files (x86)\SinBa\mfcm90u.dll	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\local\images\bg.png	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\local\images\infobg.png	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\5F82D823-6244-447E-BA3E-A5FAA27629C3.dat	SinBa.exe
File created	C:\Program Files (x86)\SinBa\Microsoft.VC90.MFC.manifest	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\WatchUpdate.ini	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\local\images\logo.png	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File opened for modification	C:\Program Files (x86)\SinBa\5F82D823-6244-447E-BA3E-A5FAA27629C3.dat.crypt	SinBa.exe
File created	C:\Program Files (x86)\SinBa\nircmd.exe	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File opened for modification	C:\Program Files (x86)\SinBa\skin.dat	SinBa.exe
File created	C:\Program Files (x86)\SinBa\local\blocklist\blocklist.dat.tmp	SinBa.exe
File created	C:\Program Files (x86)\SinBa\local\error\reject.html	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\default.zip	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\update.exe	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\wh.pfx	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File opened for modification	C:\Program Files (x86)\SinBa\5F82D823-6244-447E-BA3E-A5FAA27629C3.dat	SinBa.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SinBa.INI	SinBa.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SinBa.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	SinBa.exe

Modifies Internet Explorer settings 1 TTPs 21 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger = "yes"	SinBa.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT\SinBa.exe = "0"	SinBa.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT	SinBa.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\SinBa.exe = "0"	SinBa.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation	SinBa.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation\SinBa.exe = "1"	SinBa.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT	SinBa.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT\SinBa.exe = "1"	SinBa.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	SinBa.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	SinBa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	SinBa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE = "yes"	SinBa.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG	SinBa.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\SinBa.exe = "0"	SinBa.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING	SinBa.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_IMG\SinBa.exe = "0"	SinBa.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT	SinBa.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	SinBa.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	SinBa.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\SinBa.exe = "10000"	SinBa.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING\SinBa.exe = "1"	SinBa.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1368	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1548	efsui.exe
1548	efsui.exe
1548	efsui.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1548	efsui.exe
1548	efsui.exe
1548	efsui.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1080	SinBa.exe
1080	SinBa.exe
1080	SinBa.exe
1080	SinBa.exe
1080	SinBa.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 1080	1368	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe	30
PID 1368 wrote to memory of 1080	1368	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe	30
PID 1368 wrote to memory of 1080	1368	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe	30
PID 1368 wrote to memory of 1080	1368	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe	30
PID 1368 wrote to memory of 1080	1368	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe	30
PID 1368 wrote to memory of 1080	1368	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe	30
PID 1368 wrote to memory of 1080	1368	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe	30

C:\Users\Admin\AppData\Local\Temp\79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
"C:\Users\Admin\AppData\Local\Temp\79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Program Files (x86)\SinBa\SinBa.exe
  "C:\Program Files (x86)\SinBa\SinBa.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1080

C:\Windows\system32\efsui.exe
efsui.exe /efs /keybackup
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\SinBa\5F82D823-6244-447E-BA3E-A5FAA27629C3.dat.crypt

Filesize
145B

MD5
e251c7d93b5f4015c7692dab2b3a4fe0

SHA1
67af4297b10b031d7633ffb8373c2290fb856ac2

SHA256
16f814b98d0e48cd9b77c7257af34a3f9f705d0a8baebff9880b22ef689548db

SHA512
8f7bbf6470ba18853ebab0f087a851f228a799518054e81ae7e854dd7973029594273c07f76241ae8ddd468cd80ce5317d1ae02884923075b7d3c95717df0449

Download Submit
C:\Program Files (x86)\SinBa\5F82D823-6244-447E-BA3E-A5FAA27629C3.dat.crypt

Filesize
307B

MD5
7245a3444912c62dd98a63e9555b05ae

SHA1
1a8e6d0ab05b7c80e466ab2aeb9fd3dee0e2e22f

SHA256
cbb17d83c67e1413ea15bd5fdfce315322f6b97af20f47a54bb3c81cd0114d12

SHA512
9a6accbc9a2332de835db85507aa6f4ae79015998db3d35d837a8901d513c0096016ab33ba832af09daa939fae87c0e57f8793f9b5f475c5511048707d95ca0d

Download Submit
C:\Program Files (x86)\SinBa\5F82D823-6244-447E-BA3E-A5FAA27629C3.dat.crypt

Filesize
376B

MD5
ac6af433024b4d79a639ebfdf8037542

SHA1
60f879bfa81ce2f16b0bda68f165aa87db432268

SHA256
31b286ca7d0c12e0897c326fece0f1d9542b707218481f164062a01e1f1c2cd2

SHA512
02ef335a5fa1a042c154260acf16a8125b6db52e4dd98e30399b88dfb6abaa6cabb5af225494c8886428e22b225e353ca7fc61538a81bb715940444e3c52329d

Download Submit
C:\Program Files (x86)\SinBa\GGDUI.dll

Filesize
455KB

MD5
4b6ea9bc09ed57c8340ffa9a87c8e83a

SHA1
42cd565baba75364ff99390b64e4527c874a03f6

SHA256
d9d25eb59c2690de8c7d5c89fbb352712d2fbc1f026778ad56244eb11ec7e652

SHA512
b394e836f9b105b18f25436312c83b9530588189dcbcbacea85b170765d7e6abdbc256d001a295dc797732c9576cdad03fcebad9cb1ea76bbc8bf1f087b0afe4

Download Submit
C:\Program Files (x86)\SinBa\MSVCR100.dll

Filesize
756KB

MD5
32fc1a3bfd9bedbf2dd73d65b40c2034

SHA1
be2618ea8db2a0e69a21e260407b1b18360f74ad

SHA256
da591987a11586d48e7b2f59a08d94c78e44dcbdd40da1ce721c30e499088336

SHA512
141d3f1b37adecd6515e0b38ab3969ec6da53d190bcd7056587f0bd51728d08d04b4ed4f5d8304901d37f32d824f43189fa8e5aaef21abe1cca67b7402f6d641

Download Submit
C:\Program Files (x86)\SinBa\Ver.ini

Filesize
4B

MD5
d5a637cd11aa722a9b4c922c7b740a63

SHA1
da414426cd871fc845e4c92941c81541bd1871c8

SHA256
cb5d2011975d7a70e93f7cf9d2934fc752c4f1c5013a80cd34b8d2deb5ded6b0

SHA512
f5e8b42f8034b85cba78846737ef7c17c91f678b5acf2b9b363ed3c60aa7a6dbc40f11e6cc6a5dfe07d5c4c07af4b72b8039444ef10a14b92a3ee3a54324aba0

Download Submit
C:\Program Files (x86)\SinBa\config.dat

Filesize
1KB

MD5
19f26e6a7702658da06cc168e946c514

SHA1
9264b2774488297fb725e9bf9f74c63d3a0ee735

SHA256
098c1008771bab400ecb916c9f12bc9efaeab2f6d475a7c9610a4b07bf541849

SHA512
5b6c3ca65692a38be8412de65e293e144e12e79767d24971bfa9457a4234732c0a7aaaca7c6c0616133e7be34a93585c2904f8671b2570778227430fd962a46f

Download Submit
C:\Program Files (x86)\SinBa\config.dat

Filesize
1KB

MD5
311971f3c6031b1ac65c1c530356c94d

SHA1
93254ff74d0fa50fb04beb7dadf4f39503a80770

SHA256
50522c39f39b9144c345207a0f705b1f41c1b4c7e3fdbc97944dcb04ad09494c

SHA512
cd0c3724cff29f372e64ed36184d325153b2d3c4d42882f126f5ebbeac7bc188eccb3a6ca9511ea6b6e81698f5d7c9f4fcd74587f57a954d34d7dd4d13b08828

Download Submit
C:\Program Files (x86)\SinBa\default.zip

Filesize
315KB

MD5
835a95e20d9be88a0aed93a21bd18320

SHA1
efe1ab4755bb208a9b8a1bd4777c5e1f6022033a

SHA256
9b8007165f5e8becc46e12bb176b27adc8180fde0e2ae69ede12f585cd7c8f39

SHA512
275ba566e0d9c358c2edef6b9efba115f5e1f020c6ef478a80895e6f124562ba9b625d097640a985e9bd3c0c8f586d6cb459d85894d1310722f7c9b02f3654d4

Download Submit
C:\Program Files (x86)\SinBa\local\blocklist\blocklist.dat

Filesize
1KB

MD5
aceb6492ac8dbab4ebd9687c3445164e

SHA1
57a1886490ad70be74f7ec34fef28abb4b47846f

SHA256
1a5aca5295c1d8b264ddf918e7d3cbff00f40718a272844dbc6ae0decefb0405

SHA512
6d9ad825d4a24ca8a2aa00bb4488cf56f01534feeae41862098ee0edd29816905717ec5566557a95d30619a5e3e1b0507541f3cb7c3facc5466540b316f481dc

Download Submit
C:\Program Files (x86)\SinBa\local\blocklist\blocklist.dat.tmp

Filesize
785B

MD5
c8a53e693ca4fb5d58b99aad262f9d8b

SHA1
531d1feeb81887ffe99906093137d73391dcc977

SHA256
774993c2f43b81361c7eec7d77767a2bdccc18eb704fc2c46310973a4810ad1f

SHA512
acd26eb988210113ac728b1c146764cc41787e27d6ff9b6d7b3667c260f0450251b38b716f8ce24d55a649b7252bbe9064f03cb3b49783641b26fa273e5d5ee5

Download Submit
C:\Program Files (x86)\SinBa\local\homeurl\domain.txtGG

Filesize
179B

MD5
cc80322245b5c9dd7271708f22d612dd

SHA1
0345e4c6c2e692e26583285664f32f6cc7dd10cb

SHA256
9411a789d7206633d2eb3e3f261106223cc09624fa9efa92b9817b7ea67e11a4

SHA512
92532d5680206fd7d1d7a32ae639f02bd2ddd524d7b2cb45a42070842eaa5a3cbf4c1ca11978b8e34047afff19e5a961ec1b57f6f26ae7ff24f420cc69189b19

Download Submit
C:\Program Files (x86)\SinBa\local\homeurl\domain.txtGG

Filesize
127B

MD5
b29e2cbfa269c80bc8ae1f5c9df7f787

SHA1
22b9f84793f2e56a116822943ba31419ef728730

SHA256
8b9a18f8ab7cc377151deb7ddf3ff83435cd697aae1283dc2fa50e5298e3e1bc

SHA512
c64c7881b0c62b63ad92629772f070c0d4c2b99b97d303f4e294ab14061e8d421d24c5440615b5cd720a861854984a1e8b919fb7dae911e265db105cbe9255f5

Download Submit
C:\Program Files (x86)\SinBa\local\homeurl\urlchk.ini

Filesize
92B

MD5
e36c9f2f02078a73cfc83634f7eff8df

SHA1
2a450bb4696d13cbd2f7813fbe9825a9cdbebaee

SHA256
6dde63a1882f7e8aeaca623bfe518e88210177045b9728c0e5d8f4c747fabf59

SHA512
db0994441883e7c1743e9eb0ee5b3794d3cd15b1253fd1004f080ea6d831f85b910169a6422189816f776a76aa162edbc57ad9e681e2af03e41bf952a15c4b89

Download Submit
C:\Program Files (x86)\SinBa\local\homeurl\urlchk.ini

Filesize
389B

MD5
a7d8ec35df9ee486a7a6bebe4a3288fa

SHA1
4e891491a2655bf5ddf920bd21b298358ee6f1b5

SHA256
8de9657c4d7bd04266e88434ce46d60e2e9664a992c3b2fcabb62f4e8103e9cc

SHA512
3f7bc6ce3f26ac5e90dfc51937005a09a8279c2f24b46d847a491a5629551bf6c37f1f4bd33755c7cd2a7989df49f960b3ea38cf014e6f891b8006658b2ff45c

Download Submit
C:\Program Files (x86)\SinBa\local\homeurl\urlchk.ini

Filesize
388B

MD5
1c09ed59654962fc92609063c2bbd492

SHA1
6d8555e37533db728115564e245554768a8df911

SHA256
61b57284ed3a18f41facc532b69ef4412e651c976e5e87cab1f344f9ce77241f

SHA512
e5ab34ea74d19a2648fdce84c727b66e8107b149579b33c0060d7b3e997ae9e5b332f04c9ca98085005e0a0fcb5e8d86704900603298cca869c5fb14609a7f64

Download Submit
C:\Program Files (x86)\SinBa\local\homeurl\urlchk.ini

Filesize
387B

MD5
e1b7a42ae651667c44d2404c078d8798

SHA1
742b5b2ec440697ca6dda188cf7f820736fff5bf

SHA256
6d798e085832a5234c024303fb063b44ee599dcd8890c74ee70ed89caa0c5698

SHA512
fe8d4403c9fc73dcff119cbbac01fad2fa0c2bc976f6da942547cae9702623ea32e91844257783c6e8bb6c9893890af1029a7ebd3d2ba40b45aff082cbb25aea

Download Submit
C:\Program Files (x86)\SinBa\local\homeurl\urlchk.ini

Filesize
387B

MD5
a5e0ad30810440166934705b679119a7

SHA1
d47c85c7aaff43585d09a5197670207b82112424

SHA256
90903d6e42cb39c4386ecf7814058824aeb3e39eb615a751e2173901d8edce5c

SHA512
d2ace248b0e6ef2281c347536bf2fb349e4eadf6fc636a44ac94c2e569528b583378449e423f9dcf902862244958dbee4c217e7353a1c3fed278d8801d7f6a1c

Download Submit
C:\Program Files (x86)\SinBa\local\homeurl\urlchk.ini

Filesize
386B

MD5
6ad1353b4aeff8b08efda4bd9165dec7

SHA1
1339195bdf9885223e10d58c447a3badb33c4464

SHA256
90297ff9b607b95d5ab38f361978141fe6a981509a984370239bcb70a4224ca4

SHA512
1fb86e6a11a79bf71e316de510d3b31df086d0c32e59dd185514a35fe1039330bb1fac18a1df9c20864a63bf45b48ad88712284846f2efb607ea61727a8a3cd3

Download Submit
C:\Program Files (x86)\SinBa\local\homeurl\urlchk.ini

Filesize
385B

MD5
b1e7bf6eb1b7b6cd3873c6a446370120

SHA1
05a2aaf2c1d69c2f93100254dd8616c48522f3ba

SHA256
d479b2e2c7a07842b82b7d40b063b8ab1227a3ed9fc5bd150848f3cb22317a6f

SHA512
cfb3ab41797b554a7cd4886ebf0d016454b75f0badb79bedfb10a9f58efadf84fdd1173997b1beb1aaa2125ffbad38cb3cd92a3841ff2211d94fe6b9a425bf91

Download Submit
C:\Program Files (x86)\SinBa\local\homeurl\urlchk.ini

Filesize
416B

MD5
188c71a92a23e7d4a58b8029bfdd1fb6

SHA1
c4375c3c24d84c377e38709882091609515a6e08

SHA256
cad90d3c8cb85b676d547c450bc3a6b5e361360ac737a9bdd63a3329bc1a7adf

SHA512
454d475136584f0db4a9e8f0405c7703fc10e3d1ae4e923ea44825926a37ec5c2a042c74ef4bc30a603108cfe9b86563a5b65de467e1c8ffffa8f067e610897d

Download Submit
C:\Program Files (x86)\SinBa\log4cxx.dll

Filesize
1.7MB

MD5
492a05366173f0afeb0fec192ea8e2bd

SHA1
c6e8defb221404f2abd01d40c1cdaf0650e1d326

SHA256
cf275f2d85691bebff24d3f2e31f43ceb9e3ae0c7a0a093388348f889699c65f

SHA512
ae3600c66a7d2f40aee1230639e1191693f2be5aedf6bb8ded89c029dff85411367b5175170281fbff6e66eb1b70708d6cc0e8d6d58e662419ca41afdf7a703c

Download Submit
C:\Program Files (x86)\SinBa\loginfo.properties

Filesize
642B

MD5
1f71c0bc2c9ee903c72d393e79a12457

SHA1
c0e4b8e57c617d520633cba7079a29e910a403b1

SHA256
00679b27cd02729e1b4803444d3adb4ef98fdad7cf3d0108885dc6ce77e325f4

SHA512
7cc8e8ee794b79e2f21c054faacda27608fd06392f44e6329c65dd8d834c002082a26a26400a5817a1465088b2443559a37963633934952865f4186b70fcdde8

Download Submit
C:\Program Files (x86)\SinBa\pthreadVC2.dll

Filesize
54KB

MD5
7812f0f73eda837e9353b3a433abc9a9

SHA1
210af5a3682af9df8585f4e88ac89e436de120f9

SHA256
bac4472990c1dc2f037019791bd18888e78a3ae86605f3aae86f812a4d7d4f60

SHA512
0af1c8d32eb43bbb58498ed60736c5eaeead1ec34b4b8558380479c64dc5ccb82cbf0a08867b817ff7807b4d96b0ef48fe37930cb780d87b83da9ef525a6299f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy1131.tmp\ioSpecial.ini

Filesize
589B

MD5
0404612b8f3bc731cd4f5fea6ac531b3

SHA1
b5baa8388750055c80bcfb39bc98ad18e87a2ccf

SHA256
ad98361fde609c5dec982725f3bbe78860817d325c6e30694d350cbbb82f5d90

SHA512
3deb24405d9c03baad58cd780a8d29874c6e614c5a479784171364eacf2ad566979608ad55d86e428694457543a042e41ebaf7ed6ef0f241526184294e815b33

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy1131.tmp\ioSpecial.ini

Filesize
623B

MD5
ce8865a4c8c3fa0af8f8cc05364a8305

SHA1
b336f3c8181c1ab3e51d107aad6e6e62c167fd15

SHA256
b8d7830cdee4759f56db4012c63db0679ec99bf19549c8e437c1f94aa6736b48

SHA512
340ff093b730934cf6bc484313525773b84a1e39924d75393ab9f3fd503a791edaa059089124f2e26bea7ba6d445f6c5f5e099a4c2885668c67a6352027df656

Download Submit
\Program Files (x86)\SinBa\SinBa.exe

Filesize
1.4MB

MD5
53ca489ef79fec5ba6f6536c0e5ef1e7

SHA1
92c7d7756a63cab1746238bc222f59576ac1a635

SHA256
c35133597e1ebc8d78468700c79f8ae09f66df20bc8f9206caee0cd34f6586f7

SHA512
7eaebbf777a395d1f2590d1af0b7f2831a9833a3c3fd65d8e63491de9d96e3c78b7c3312d8ffff61a8fd354c530782c651a7881a107a982eef19b3c00c3ec034

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1131.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads