Overview
overview
10Static
static
3windows-ma...00.exe
windows10-1703-x64
windows-ma...32.exe
windows10-1703-x64
3windows-ma...fy.exe
windows10-1703-x64
8Bonzify.exe
windows10-1703-x64
windows-ma...or.exe
windows10-1703-x64
windows-ma...XT.vbs
windows10-1703-x64
1windows-ma...ck.bat
windows10-1703-x64
7windows-ma...ck.exe
windows10-1703-x64
7windows-ma....0.exe
windows10-1703-x64
7windows-ma....0.exe
windows10-1703-x64
10windows-ma...ll.exe
windows10-1703-x64
1windows-ma...p).exe
windows10-1703-x64
10General
-
Target
windows-malware-master.zip
-
Size
138.1MB
-
Sample
240426-zlndqacg5y
-
MD5
efc7175879aa8c0afd105a92ac6d3588
-
SHA1
420aceb7ab487580f21a22af74283bb3dafcb5c1
-
SHA256
5b1bcbd8ac2497503833493c6566df7417202975968edd0825ca77aefc9b26fb
-
SHA512
77138a1cf3d33d35443ca4e44bd13ee39d276e91066a424ba3f751cce6a32f2a2441ffeb6020de722de0c4aeda4a9ae20d32726c5a5200b27a50daa286f22399
-
SSDEEP
3145728:R8G0gRhWV8Rf/5uS3P5OWgtS1YlR3KzZdfaGC19plC2gAcwDz:R8AhWyRHl3PsWbKlB4fiGC1D7cyz
Static task
static1
Behavioral task
behavioral1
Sample
windows-malware-master/000/000.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
windows-malware-master/BonziBuddy/BonziBuddy432.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
windows-malware-master/Bonzify/Bonzify.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
Bonzify.exe
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
windows-malware-master/BossDaMajor/BossDaMajor.exe
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
windows-malware-master/ILOVEYOU/LOVE-LETTER-FOR-YOU.TXT.vbs
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
windows-malware-master/MEMZ/Geometry dash auto speedhack.bat
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
windows-malware-master/MEMZ/geometry dash auto speedhack.exe
Resource
win10-20240404-en
Behavioral task
behavioral9
Sample
windows-malware-master/MrsMajor 2.0/MrsMajor2.0.exe
Resource
win10-20240404-en
Behavioral task
behavioral10
Sample
windows-malware-master/MrsMajor 3.0/MrsMajor3.0.exe
Resource
win10-20240404-en
Behavioral task
behavioral11
Sample
windows-malware-master/SpySheriff/Install.exe
Resource
win10-20240404-en
Behavioral task
behavioral12
Sample
windows-malware-master/WinXP Horror Edition/WinXP.Horror.Destructive (Created By WobbyChip).exe
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
windows-malware-master/000/000.exe
-
Size
6.7MB
-
MD5
d5671758956b39e048680b6a8275e96a
-
SHA1
33c341130bf9c93311001a6284692c86fec200ef
-
SHA256
4a900b344ef765a66f98cf39ac06273d565ca0f5d19f7ea4ca183786155d4a47
-
SHA512
972e89ed8b7b4d75df0a05c53e71fb5c29edaa173d7289656676b9d2a1ed439be1687beddc6fb1fbf068868c3da9c3d2deb03b55e5ab5e7968858b5efc49fbe7
-
SSDEEP
3072:V3LA1++iCeFj0im6X/AXpT8vVMCcHVcdhghUuzzo9Y:lLJlC6j0CX4XmvWHVcd62uo9
Score8/10-
Disables Task Manager via registry modification
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
Sets desktop wallpaper using registry
-
-
-
Target
windows-malware-master/BonziBuddy/BonziBuddy432.exe
-
Size
49.9MB
-
MD5
06d87d4c89c76cb1bcb2f5a5fc4097d1
-
SHA1
657248f78abfa9015b77c431f2fd8797481478fd
-
SHA256
f1e859d99072e35f20e172d8458e3ea1baf8ba86c8c9e311a0debcd2acd5d0fc
-
SHA512
12bcc681544bfc0cb5f1a3c2e5e3d475efdf5abb8bf0e18cb18f529a82d551f39e16de2d3f0664c2c2cbfab2bc4702e256b958acadca53424e6d8760b6f457f9
-
SSDEEP
1572864:HVGKQzdb8P3XxxOtGpBXFqRDjSghMDDqRDAtzq9:HVcdeXzOoP1OjfgDOo2
Score3/10 -
-
-
Target
windows-malware-master/Bonzify/Bonzify.exe
-
Size
6.4MB
-
MD5
fba93d8d029e85e0cde3759b7903cee2
-
SHA1
525b1aa549188f4565c75ab69e51f927204ca384
-
SHA256
66f62408dfce7c4a5718d2759f1d35721ca22077398850277d16e1fca87fe764
-
SHA512
7c1441b2e804e925eb5a03e97db620117d3ad4f6981dc020e4e7df4bfc4bd6e414fa3b0ce764481a2cef07eebb2baa87407355bfbe88fab96397d82bd441e6a2
-
SSDEEP
196608:adAMaWetTeAkLIdx751qFTkub//73lc6u7b5VJ2Yx5xIdk3:OaWedh+Idx75QYub//73lc6u7bLMYxD
Score8/10-
Modifies AppInit DLL entries
-
Modifies Installed Components in the registry
-
Possible privilege escalation attempt
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
Bonzify.exe
-
Size
6.4MB
-
MD5
fba93d8d029e85e0cde3759b7903cee2
-
SHA1
525b1aa549188f4565c75ab69e51f927204ca384
-
SHA256
66f62408dfce7c4a5718d2759f1d35721ca22077398850277d16e1fca87fe764
-
SHA512
7c1441b2e804e925eb5a03e97db620117d3ad4f6981dc020e4e7df4bfc4bd6e414fa3b0ce764481a2cef07eebb2baa87407355bfbe88fab96397d82bd441e6a2
-
SSDEEP
196608:adAMaWetTeAkLIdx751qFTkub//73lc6u7b5VJ2Yx5xIdk3:OaWedh+Idx75QYub//73lc6u7bLMYxD
Score8/10-
Modifies AppInit DLL entries
-
Modifies Installed Components in the registry
-
Possible privilege escalation attempt
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
windows-malware-master/BossDaMajor/BossDaMajor.exe
-
Size
1.9MB
-
MD5
38ff71c1dee2a9add67f1edb1a30ff8c
-
SHA1
10f0defd98d4e5096fbeb321b28d6559e44d66db
-
SHA256
730a41a7656f606a22e9f0d68782612d6e00ab8cfe1260160b9e0b00bc2e442a
-
SHA512
8347782951f2647fe433482cb13186653afa32ee9f5be83a138c4ed47ff34d8de66a26e74b5a28ea21c1529b2078401922a9a26803772677b70489967c10f3e9
-
SSDEEP
49152:veG3J7FtM9SbJakTiTBMGSARaspyyx979PSxgKFdGlYU:2GZxSoJrTiTBMGtRa8t7EFddU
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies system executable filetype association
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
windows-malware-master/ILOVEYOU/LOVE-LETTER-FOR-YOU.TXT.vbs
-
Size
14KB
-
MD5
48ac397b96a30da6d67ffcf5b555e69c
-
SHA1
6b509435d7ab375d40231081417a340910da513c
-
SHA256
b6dc96d48ee73fda299a8f8dac2335ed4bf710f5166ce093aa8734256a205569
-
SHA512
4dd6ca7a18b7dceac16a8cec892f658a2389efe3b6a936ac9bf26f20a99a7a65d76dec1a412988e9a5be59276a7f7c0bca08583a474c8a9609799a4bab4ed5f2
-
SSDEEP
384:U8kvaf1TYIe6lrsRjcOe/qEVqyK6hNj68BYqhYRLyfwjNOVjVA:U8f18Ie2rsmj68uYji5
Score1/10 -
-
-
Target
windows-malware-master/MEMZ/Geometry dash auto speedhack.bat
-
Size
13KB
-
MD5
63c6ec6b042bcb00d2d832c0e4f25dca
-
SHA1
a904a7c3fc89ff497e91384a63db3282e00d31ce
-
SHA256
dae968f47476ef79b122e771ccd0a2bacde2ac3535f68047239682fefa3dfe50
-
SHA512
1454cd79a59f0603ae083abb7f3b1438e18c7858ab04dfc3df1a725cee72be48274c289d5c0a44ce415f4bdf8a2c316312453862381fdbf0f4af97a62234e41a
-
SSDEEP
192:E7N3ODNPiwc205VjF+Ijytxd+7yxpVtLoTKihWn5hhHxGtHfzf+H/0Nz6hcbXR:E85qwc35O1+7y/LphxxGtHAhubXR
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
-
-
Target
windows-malware-master/MEMZ/geometry dash auto speedhack.exe
-
Size
14KB
-
MD5
19dbec50735b5f2a72d4199c4e184960
-
SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822
-
SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
-
SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
-
SSDEEP
192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
-
-
Target
windows-malware-master/MrsMajor 2.0/MrsMajor2.0.exe
-
Size
25.6MB
-
MD5
247a35851fdee53a1696715d67bd0905
-
SHA1
d2e86020e1d48e527e81e550f06c651328bd58a4
-
SHA256
5dd4ea169cabf9226f54bb53e63ea6a1b5880a0d1222242aee378efb6255b57d
-
SHA512
a173801aaef4fab608d99b52223b5b2400d69b91edcbf33c21fcb47bd832eef9d771dfd36da350a502a371ed1739c869a7c2b4dca456c93f2feed9ac9c647c7c
-
SSDEEP
786432:7VQ4fX8siQIZwastE9oGH5UcnaAVBmn163+L2:7ywXwdwRQo2O1L2
Score7/10-
Executes dropped EXE
-
-
-
Target
windows-malware-master/MrsMajor 3.0/MrsMajor3.0.exe
-
Size
381KB
-
MD5
35a27d088cd5be278629fae37d464182
-
SHA1
d5a291fadead1f2a0cf35082012fe6f4bf22a3ab
-
SHA256
4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69
-
SHA512
eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5
-
SSDEEP
6144:Th3idhONY259BH1DzJ5PzVNtGgc+F9TBd096cTKAsLEbqqbd+VWM8AHiKn9SlXNA:Th3iXPw9Tc6kVXMHHLEf8l7
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
-
-
Target
windows-malware-master/SpySheriff/Install.exe
-
Size
48KB
-
MD5
2949c1a5ed0da748d949ac59dbc15059
-
SHA1
9fa86b84cba147b2806f4e11dd76f38dc358c202
-
SHA256
2e0b86cba229e27b6eec45751be45b24f9197cdc7b2eca30447112f917899d0a
-
SHA512
65eac714afaa0e7e84a41a18dc710b233afc80a03022e4504b3a30fdc5a82dd22f3ec78e2f5ad9df360c0e93f7d06d53b7a638fbaea93d62093a524beb627a66
-
SSDEEP
768:ddc543tJZkq0HrloZ3RicH0wDrF5X9gFEvkk3p:99JZk7ZoZhewDR5NVvkk3p
Score1/10 -
-
-
Target
windows-malware-master/WinXP Horror Edition/WinXP.Horror.Destructive (Created By WobbyChip).exe
-
Size
57.9MB
-
MD5
063ea883f8c67d3bb22e0a465136ca4c
-
SHA1
3a168a9153ee32b86d9a5411b0af13846c55ee1d
-
SHA256
3b64ce283febf3207dd20c99fc53de65b07044231eb544c4c41de374a2571c5c
-
SHA512
2dd6be23a5af8c458b94eeb5a4e83fc8cacb3fd2c2566b5682eee286c01726dca90db3d9b4e218eeded9b0c9bce8ba3c9ca9cc497e3a57aab580633a038e4b74
-
SSDEEP
1572864:aj6L5PLk/mBCSyKOYl39GFoFEujFMm+B997DaNHN1oS72fnD9hRzZ01tO0DpvrvI:i6cSzV9GCFEujFMm+B997DaNHN1oS72X
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
9Registry Run Keys / Startup Folder
6Winlogon Helper DLL
3Event Triggered Execution
1Change Default File Association
1Pre-OS Boot
3Bootkit
3Privilege Escalation
Boot or Logon Autostart Execution
9Registry Run Keys / Startup Folder
6Winlogon Helper DLL
3Abuse Elevation Control Mechanism
3Bypass User Account Control
3Event Triggered Execution
1Change Default File Association
1Defense Evasion
Modify Registry
21File and Directory Permissions Modification
2Abuse Elevation Control Mechanism
3Bypass User Account Control
3Impair Defenses
3Disable or Modify Tools
3Pre-OS Boot
3Bootkit
3