ee48174864ae0ef8c1e2da6b91b17c2f1df32195f69173adcc3013bf97c76ad5

Analysis

max time kernel
361s
max time network
367s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
26/03/2024, 16:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
Size

3.1MB
MD5

91e55c043a89444b7cdfb335d4e4a5ba
SHA1

d72203d462053c1636e20cf648669b040357d5db
SHA256

79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161
SHA512

3f3efbb9928a8ffa683d2c528bc442545fb330fbf981ff639a581effc91569743258cbad88e9a2c8b6e66448e56af023213fc408ab66a6b53565a4e030a37777
SSDEEP

98304:DFkV34ua2ltBgzXU4Us1DgAtayHKlqo7/Whsg:Db0ltwzDtZHg7/Yx

Score

7^/10

bootkit persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1592	SinBa.exe

Loads dropped DLL 9 IoCs

pid	Process
3016	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
3016	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
3016	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
1592	SinBa.exe
1592	SinBa.exe
1592	SinBa.exe
1592	SinBa.exe
1592	SinBa.exe
1592	SinBa.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	SinBa.exe

Drops file in Program Files directory 51 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\SinBa\SinBa.exe	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\local\navlist\web_nav.html	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\local\homeurl\domain.txtGG	SinBa.exe
File created	C:\Program Files (x86)\SinBa\mfc90.dll	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\pthreadVC2.dll	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\Ë«»÷ÎÒÇ©Ãû.bat	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\Microsoft.VC90.MFC.manifest	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\mfcm90.dll	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\signtool.exe	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\0776556E-C431-43E5-84CA-3CE08848A068.dat.crypt	SinBa.exe
File created	C:\Program Files (x86)\SinBa\Ver.ini	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\update.ini	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\local\error\error.html	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\local\homeurl\urlchk.iniGG	SinBa.exe
File opened for modification	C:\Program Files (x86)\SinBa\local\homeurl\urlchk.ini	SinBa.exe
File created	C:\Program Files (x86)\SinBa\msvcr100.dll	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\local\styles\error.css	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File opened for modification	C:\Program Files (x86)\SinBa\foot_print\mochen.log	SinBa.exe
File created	C:\Program Files (x86)\SinBa\GGDUI.dll	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\WatchUpdate.ini	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File opened for modification	C:\Program Files (x86)\SinBa\0776556E-C431-43E5-84CA-3CE08848A068.dat.crypt	SinBa.exe
File created	C:\Program Files (x86)\SinBa\local\blank\blank.html	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\local\error\offcancl.html	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File opened for modification	C:\Program Files (x86)\SinBa\ÐÓ°É.url	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\mfc90u.dll	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\local\blocklist\blocklist.dat.tmp	SinBa.exe
File created	C:\Program Files (x86)\SinBa\local\error\reject.html	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File opened for modification	C:\Program Files (x86)\SinBa\local\homeurl\urlchk.iniGG	SinBa.exe
File opened for modification	C:\Program Files (x86)\SinBa\update.zip	SinBa.exe
File created	C:\Program Files (x86)\SinBa\0776556E-C431-43E5-84CA-3CE08848A068.dat	SinBa.exe
File created	C:\Program Files (x86)\SinBa\wh.pfx	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\local\images\infobg.png	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File opened for modification	C:\Program Files (x86)\SinBa\config.dat	SinBa.exe
File created	C:\Program Files (x86)\SinBa\update.exe	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\log4cxx.dll	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\mfcm90u.dll	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\profile.dat	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File opened for modification	C:\Program Files (x86)\SinBa\FavData\Favorite.ini	SinBa.exe
File opened for modification	C:\Program Files (x86)\SinBa\Ver.ini	SinBa.exe
File created	C:\Program Files (x86)\SinBa\ConfigTool.exe	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\Proxy.dat	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\local\homeurl\domain.txt	SinBa.exe
File created	C:\Program Files (x86)\SinBa\local\images\bg.png	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File opened for modification	C:\Program Files (x86)\SinBa\0776556E-C431-43E5-84CA-3CE08848A068.dat	SinBa.exe
File created	C:\Program Files (x86)\SinBa\default.zip	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\nircmd.exe	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\local\blocklist\blocklist.dat	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\loginfo.properties	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File created	C:\Program Files (x86)\SinBa\local\images\logo.png	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
File opened for modification	C:\Program Files (x86)\SinBa\local\blocklist\blocklist.dat	SinBa.exe
File opened for modification	C:\Program Files (x86)\SinBa\skin.dat	SinBa.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SinBa.INI	SinBa.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SinBa.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	SinBa.exe

Modifies Internet Explorer settings 1 TTPs 21 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\SinBa.exe = "10000"	SinBa.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG	SinBa.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT	SinBa.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT	SinBa.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING	SinBa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	SinBa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE = "yes"	SinBa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger = "yes"	SinBa.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_IMG\SinBa.exe = "0"	SinBa.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT\SinBa.exe = "1"	SinBa.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	SinBa.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main	SinBa.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\SinBa.exe = "0"	SinBa.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT	SinBa.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING\SinBa.exe = "1"	SinBa.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	SinBa.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT\SinBa.exe = "0"	SinBa.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation	SinBa.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation\SinBa.exe = "1"	SinBa.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\SinBa.exe = "0"	SinBa.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	SinBa.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3016	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2760	efsui.exe
2760	efsui.exe
2760	efsui.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2760	efsui.exe
2760	efsui.exe
2760	efsui.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1592	SinBa.exe
1592	SinBa.exe
1592	SinBa.exe
1592	SinBa.exe
1592	SinBa.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 1592	3016	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe	31
PID 3016 wrote to memory of 1592	3016	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe	31
PID 3016 wrote to memory of 1592	3016	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe	31
PID 3016 wrote to memory of 1592	3016	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe	31
PID 3016 wrote to memory of 1592	3016	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe	31
PID 3016 wrote to memory of 1592	3016	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe	31
PID 3016 wrote to memory of 1592	3016	79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe	31

C:\Users\Admin\AppData\Local\Temp\79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
"C:\Users\Admin\AppData\Local\Temp\79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Program Files (x86)\SinBa\SinBa.exe
  "C:\Program Files (x86)\SinBa\SinBa.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1592

C:\Windows\system32\efsui.exe
efsui.exe /efs /keybackup
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\SinBa\MSVCR100.dll

Filesize
636KB

MD5
61b5858349a4cd459e6b4feaa969fef6

SHA1
bfdf23335c7aade2c88ceaa2e533c9297075714a

SHA256
63c5816395771fa16e6ca0ea27099574fdfbe27b40cb1f107b7282bbbb99a678

SHA512
32c03e7920d532935787c5e55cafac68e2e78bede5925bf0c6456d3bea914e65465500acfea7929c4572d1580a7f12c1e2fd5ad131634bf135ab187be2632187

Download Submit
C:\Program Files (x86)\SinBa\SinBa.exe

Filesize
1.0MB

MD5
e0e99f12c7f82f19d18db325fa95c26f

SHA1
e25e487b1ff8a212efa10441e8955c6c0379d7bb

SHA256
906d1b64cd7f4771b02ee5e10abc07f9e17ac4d2d6f613e32ab699829bfdd53f

SHA512
794552bf89b57e1eee2609c5df4bb014ea375c2d75d91d1ae02a069eb5d0531c872b98f8c4c0c25add528f2a9afc469477078af22a6b7f8160925bfdffe356bd

Download Submit
C:\Program Files (x86)\SinBa\SinBa.exe

Filesize
1.4MB

MD5
b74a655d2972e2e3082103ba7e4cf8d5

SHA1
0343e0a687724910c242c057191aaa7435300fc0

SHA256
318fe2cb8f2fba671d06bfacda3733118bf310575fca0b3dcef70797ff3b8422

SHA512
b5373bccf4d2c9f52016f6e0cd6900e7fef1c86a604f000245ed7626b2c1da0ed8ab35daa55dadb41e5cc195727134073881e73283de228c37644dcdab353981

Download Submit
C:\Program Files (x86)\SinBa\SinBa.exe

Filesize
282KB

MD5
cb96aea920c9b28d6e1d314211c42048

SHA1
23fdb500d960252712696da68a86c039daefe4ec

SHA256
e1a8d0466c2ccbc6a7b168bc14fe22dde2064466ad981b595120f8294de3e729

SHA512
bb53ac54f1d3835c49076e1ba0f27156bb1152c197761baeb41f7d314664962cdf11078d89b375d1b67ac7daadad5a0d598a02f531a2315f615e9056831412a3

Download Submit
C:\Program Files (x86)\SinBa\Ver.ini

Filesize
4B

MD5
d5a637cd11aa722a9b4c922c7b740a63

SHA1
da414426cd871fc845e4c92941c81541bd1871c8

SHA256
cb5d2011975d7a70e93f7cf9d2934fc752c4f1c5013a80cd34b8d2deb5ded6b0

SHA512
f5e8b42f8034b85cba78846737ef7c17c91f678b5acf2b9b363ed3c60aa7a6dbc40f11e6cc6a5dfe07d5c4c07af4b72b8039444ef10a14b92a3ee3a54324aba0

Download Submit
C:\Program Files (x86)\SinBa\config.dat

Filesize
1KB

MD5
1933ee95b4d9b67297f13330152f606e

SHA1
724abe17ffedf6caa6f4ab3aa892c6395d619184

SHA256
203f299b2db55a848a6cea5dc9041325b451df0cb24b1d54d7e8000a95ea5500

SHA512
76149190fcc5f14706ead0bf7fc8360fa517c2450a9c3c883c14d604420a7d740692ef5ba508d451df19f6c698eefc7bace1db4ec45dbcb9f9e063526c9ca0c0

Download Submit
C:\Program Files (x86)\SinBa\default.zip

Filesize
315KB

MD5
835a95e20d9be88a0aed93a21bd18320

SHA1
efe1ab4755bb208a9b8a1bd4777c5e1f6022033a

SHA256
9b8007165f5e8becc46e12bb176b27adc8180fde0e2ae69ede12f585cd7c8f39

SHA512
275ba566e0d9c358c2edef6b9efba115f5e1f020c6ef478a80895e6f124562ba9b625d097640a985e9bd3c0c8f586d6cb459d85894d1310722f7c9b02f3654d4

Download Submit
C:\Program Files (x86)\SinBa\local\blocklist\blocklist.dat

Filesize
1KB

MD5
aceb6492ac8dbab4ebd9687c3445164e

SHA1
57a1886490ad70be74f7ec34fef28abb4b47846f

SHA256
1a5aca5295c1d8b264ddf918e7d3cbff00f40718a272844dbc6ae0decefb0405

SHA512
6d9ad825d4a24ca8a2aa00bb4488cf56f01534feeae41862098ee0edd29816905717ec5566557a95d30619a5e3e1b0507541f3cb7c3facc5466540b316f481dc

Download Submit
C:\Program Files (x86)\SinBa\local\blocklist\blocklist.dat.tmp

Filesize
785B

MD5
c8a53e693ca4fb5d58b99aad262f9d8b

SHA1
531d1feeb81887ffe99906093137d73391dcc977

SHA256
774993c2f43b81361c7eec7d77767a2bdccc18eb704fc2c46310973a4810ad1f

SHA512
acd26eb988210113ac728b1c146764cc41787e27d6ff9b6d7b3667c260f0450251b38b716f8ce24d55a649b7252bbe9064f03cb3b49783641b26fa273e5d5ee5

Download Submit
C:\Program Files (x86)\SinBa\local\homeurl\domain.txtGG

Filesize
127B

MD5
b29e2cbfa269c80bc8ae1f5c9df7f787

SHA1
22b9f84793f2e56a116822943ba31419ef728730

SHA256
8b9a18f8ab7cc377151deb7ddf3ff83435cd697aae1283dc2fa50e5298e3e1bc

SHA512
c64c7881b0c62b63ad92629772f070c0d4c2b99b97d303f4e294ab14061e8d421d24c5440615b5cd720a861854984a1e8b919fb7dae911e265db105cbe9255f5

Download Submit
C:\Program Files (x86)\SinBa\local\homeurl\domain.txtGG

Filesize
179B

MD5
cc80322245b5c9dd7271708f22d612dd

SHA1
0345e4c6c2e692e26583285664f32f6cc7dd10cb

SHA256
9411a789d7206633d2eb3e3f261106223cc09624fa9efa92b9817b7ea67e11a4

SHA512
92532d5680206fd7d1d7a32ae639f02bd2ddd524d7b2cb45a42070842eaa5a3cbf4c1ca11978b8e34047afff19e5a961ec1b57f6f26ae7ff24f420cc69189b19

Download Submit
C:\Program Files (x86)\SinBa\local\homeurl\urlchk.ini

Filesize
92B

MD5
e36c9f2f02078a73cfc83634f7eff8df

SHA1
2a450bb4696d13cbd2f7813fbe9825a9cdbebaee

SHA256
6dde63a1882f7e8aeaca623bfe518e88210177045b9728c0e5d8f4c747fabf59

SHA512
db0994441883e7c1743e9eb0ee5b3794d3cd15b1253fd1004f080ea6d831f85b910169a6422189816f776a76aa162edbc57ad9e681e2af03e41bf952a15c4b89

Download Submit
C:\Program Files (x86)\SinBa\log4cxx.dll

Filesize
726KB

MD5
5734c07db382f6edf5b0f542d0fd3da3

SHA1
86d64cd44832f0b9a6954ffc47dc0847e6d2e2c7

SHA256
46b745734f03943c373ba6f2a74d67cd78ed735df94cf4d7eaea507eb405bf4c

SHA512
4d03e7a3ced8f2a5d806cb221a17c2d2b53fc6e94ddb34ba789585a6941bfa8a741ddcd47145cc37e5bf693c4bb7ea30c79385a708cb4503618e98c7ba47ff37

Download Submit
C:\Program Files (x86)\SinBa\loginfo.properties

Filesize
642B

MD5
1f71c0bc2c9ee903c72d393e79a12457

SHA1
c0e4b8e57c617d520633cba7079a29e910a403b1

SHA256
00679b27cd02729e1b4803444d3adb4ef98fdad7cf3d0108885dc6ce77e325f4

SHA512
7cc8e8ee794b79e2f21c054faacda27608fd06392f44e6329c65dd8d834c002082a26a26400a5817a1465088b2443559a37963633934952865f4186b70fcdde8

Download Submit
C:\Program Files (x86)\SinBa\pthreadVC2.dll

Filesize
54KB

MD5
7812f0f73eda837e9353b3a433abc9a9

SHA1
210af5a3682af9df8585f4e88ac89e436de120f9

SHA256
bac4472990c1dc2f037019791bd18888e78a3ae86605f3aae86f812a4d7d4f60

SHA512
0af1c8d32eb43bbb58498ed60736c5eaeead1ec34b4b8558380479c64dc5ccb82cbf0a08867b817ff7807b4d96b0ef48fe37930cb780d87b83da9ef525a6299f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd5284.tmp\ioSpecial.ini

Filesize
610B

MD5
47c6c53bee32c8321de4099076c7f149

SHA1
044de682e65fcfeffea12d1901f244f1e442d40f

SHA256
6fb8ccb4a6673a1b42d1d58ad853fb97974156d4dceddaa02985454338131bb8

SHA512
4154c7d69437dd3673da409ee1fc5c9da0568cee9e84a56b409c0e8eaf2721041be31220fd4dc03da01fdea8ccdc7db2eb8e203d154fc4481d37efa37e793356

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd5284.tmp\ioSpecial.ini

Filesize
589B

MD5
aab5ea78634a1a7a8bc6e59074fc4e6e

SHA1
4c27b8430277b013cc411d23382d1ecd9591ed39

SHA256
04b433018bd71ba29392a9afcd88ca6fe1256fa17fb3be5ebc019c8b954ccf04

SHA512
e71ef1224f9dbcccf481ec441c6044f46abdcffb0e024e668e9799368e10f6abaf184aeb01ccc0366c4ce7ede5facff88522b3104bea93ad9a0c0defb6d843cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd5284.tmp\ioSpecial.ini

Filesize
623B

MD5
ec3fbccd257003f6ad6fb7adbb2e1c79

SHA1
ac386dc5f72ba19fffab567d36182cd3a5cc31dc

SHA256
7af7a56d8bf4af94b2bccd04c7e8d350a3b0f146cd306f96cdd2de1225cb161a

SHA512
efebe9b93b61d129f58ef199c9ead47b06910f572b912622fb596e66e023c47520a2b62b6fd976ee7b6957524c9cc433d2062a9ed56bba07b5cc3940d61b7e89

Download Submit
\Program Files (x86)\SinBa\GGDUI.dll

Filesize
455KB

MD5
4b6ea9bc09ed57c8340ffa9a87c8e83a

SHA1
42cd565baba75364ff99390b64e4527c874a03f6

SHA256
d9d25eb59c2690de8c7d5c89fbb352712d2fbc1f026778ad56244eb11ec7e652

SHA512
b394e836f9b105b18f25436312c83b9530588189dcbcbacea85b170765d7e6abdbc256d001a295dc797732c9576cdad03fcebad9cb1ea76bbc8bf1f087b0afe4

Download Submit
\Program Files (x86)\SinBa\SinBa.exe

Filesize
1.4MB

MD5
53ca489ef79fec5ba6f6536c0e5ef1e7

SHA1
92c7d7756a63cab1746238bc222f59576ac1a635

SHA256
c35133597e1ebc8d78468700c79f8ae09f66df20bc8f9206caee0cd34f6586f7

SHA512
7eaebbf777a395d1f2590d1af0b7f2831a9833a3c3fd65d8e63491de9d96e3c78b7c3312d8ffff61a8fd354c530782c651a7881a107a982eef19b3c00c3ec034

Download Submit
\Program Files (x86)\SinBa\SinBa.exe

Filesize
368KB

MD5
6b18ebc737dd8a59b56b810fd722ad93

SHA1
046e19cc875da9c354abec9fc2c89d450962819b

SHA256
0bc56c86524a51b86c27ee4485e3b2c8b922af598af718c0194b86df1ee74003

SHA512
d21b5c645f0dd70f9bfe7fa1ecffe041c0e5873d325ec5f53a2423fa256c417a16907d5b55ef5422a4b5f4ab6b438f4ea5976863fe1a3e3ce70be3f487c691c2

Download Submit
\Program Files (x86)\SinBa\SinBa.exe

Filesize
392KB

MD5
18290da3457e9dd7a30d859480d6d953

SHA1
e9ef2ccaaf84f04fce0cc739592e465e672a841f

SHA256
7308447e425694d6379e13acf2cb73d279b79248d2efa28946b4d157ee41440e

SHA512
104e94a7d2ea4d6bdaf7d7d1046c345f773c47b08ed951c8cac23c98e04d20844b6f66d775db8c47a615f711e0c7ccc7bf04a6c69082e7f2f1b02d5e1704266c

Download Submit
\Program Files (x86)\SinBa\log4cxx.dll

Filesize
480KB

MD5
42c1afdf4e82dc46e6469c6e8af785e9

SHA1
a27dd65f5f12e0860fd0c0236d8b2469e39d96cf

SHA256
f916de52f23a05139e0b875a5cf4d38de5667cb37092831d16859b82a94fe9d7

SHA512
c1486fa30d23939ffd8b5b3ed620424d36cfab2bc5d75afec6909dd3b9129b0e78ba063e9602e6610b56863612c677f1d195948a5225bce5d33a141bd3b84664

Download Submit
\Program Files (x86)\SinBa\msvcr100.dll

Filesize
357KB

MD5
688dc046c1d62aae4707982a68eedf71

SHA1
3a9895a3a6b404f899d902e06d684a21850aa870

SHA256
2d867645b1090a486aacd2c03d44e50ec800b9ca861822a0a69123be6b6c6947

SHA512
bf8b40d0f800e6da9e49918097a1765a4bc83745dc960c3c49dfafda5bdcde15415215689b6abec10a9dbdc073084fcb6d823dd04abb8cfac991c14f7b97bfee

Download Submit
\Users\Admin\AppData\Local\Temp\nsd5284.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads