5b1bcbd8ac2497503833493c6566df7417202975968edd0825ca77aefc9b26fb

Sharing

Copy URL

Twitter E-mail

General

Target

windows-malware-master.zip
Size

138.1MB
Sample

240426-zlndqacg5y
MD5

efc7175879aa8c0afd105a92ac6d3588
SHA1

420aceb7ab487580f21a22af74283bb3dafcb5c1
SHA256

5b1bcbd8ac2497503833493c6566df7417202975968edd0825ca77aefc9b26fb
SHA512

77138a1cf3d33d35443ca4e44bd13ee39d276e91066a424ba3f751cce6a32f2a2441ffeb6020de722de0c4aeda4a9ae20d32726c5a5200b27a50daa286f22399
SSDEEP

3145728:R8G0gRhWV8Rf/5uS3P5OWgtS1YlR3KzZdfaGC19plC2gAcwDz:R8AhWyRHl3PsWbKlB4fiGC1D7cyz

Score

10^/10

Malware Config

Targets

- Target
  
  windows-malware-master/000/000.exe
- Size
  
  6.7MB
- MD5
  
  d5671758956b39e048680b6a8275e96a
- SHA1
  
  33c341130bf9c93311001a6284692c86fec200ef
- SHA256
  
  4a900b344ef765a66f98cf39ac06273d565ca0f5d19f7ea4ca183786155d4a47
- SHA512
  
  972e89ed8b7b4d75df0a05c53e71fb5c29edaa173d7289656676b9d2a1ed439be1687beddc6fb1fbf068868c3da9c3d2deb03b55e5ab5e7968858b5efc49fbe7
- SSDEEP
  
  3072:V3LA1++iCeFj0im6X/AXpT8vVMCcHVcdhghUuzzo9Y:lLJlC6j0CX4XmvWHVcd62uo9
Score

8^/10

evasion persistence ransomware
- Disables Task Manager via registry modification
  evasion
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies WinLogon
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1
- Target
  
  windows-malware-master/BonziBuddy/BonziBuddy432.exe
- Size
  
  49.9MB
- MD5
  
  06d87d4c89c76cb1bcb2f5a5fc4097d1
- SHA1
  
  657248f78abfa9015b77c431f2fd8797481478fd
- SHA256
  
  f1e859d99072e35f20e172d8458e3ea1baf8ba86c8c9e311a0debcd2acd5d0fc
- SHA512
  
  12bcc681544bfc0cb5f1a3c2e5e3d475efdf5abb8bf0e18cb18f529a82d551f39e16de2d3f0664c2c2cbfab2bc4702e256b958acadca53424e6d8760b6f457f9
- SSDEEP
  
  1572864:HVGKQzdb8P3XxxOtGpBXFqRDjSghMDDqRDAtzq9:HVcdeXzOoP1OjfgDOo2
Score

3^/10
behavioral2
- Target
  
  windows-malware-master/Bonzify/Bonzify.exe
- Size
  
  6.4MB
- MD5
  
  fba93d8d029e85e0cde3759b7903cee2
- SHA1
  
  525b1aa549188f4565c75ab69e51f927204ca384
- SHA256
  
  66f62408dfce7c4a5718d2759f1d35721ca22077398850277d16e1fca87fe764
- SHA512
  
  7c1441b2e804e925eb5a03e97db620117d3ad4f6981dc020e4e7df4bfc4bd6e414fa3b0ce764481a2cef07eebb2baa87407355bfbe88fab96397d82bd441e6a2
- SSDEEP
  
  196608:adAMaWetTeAkLIdx751qFTkub//73lc6u7b5VJ2Yx5xIdk3:OaWedh+Idx75QYub//73lc6u7bLMYxD
Score

8^/10

discovery exploit persistence
- Modifies AppInit DLL entries
  persistence
- Modifies Installed Components in the registry
  persistence
- Possible privilege escalation attempt
  exploit
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral3
- Target
  
  Bonzify.exe
- Size
  
  6.4MB
- MD5
  
  fba93d8d029e85e0cde3759b7903cee2
- SHA1
  
  525b1aa549188f4565c75ab69e51f927204ca384
- SHA256
  
  66f62408dfce7c4a5718d2759f1d35721ca22077398850277d16e1fca87fe764
- SHA512
  
  7c1441b2e804e925eb5a03e97db620117d3ad4f6981dc020e4e7df4bfc4bd6e414fa3b0ce764481a2cef07eebb2baa87407355bfbe88fab96397d82bd441e6a2
- SSDEEP
  
  196608:adAMaWetTeAkLIdx751qFTkub//73lc6u7b5VJ2Yx5xIdk3:OaWedh+Idx75QYub//73lc6u7bLMYxD
Score

8^/10

discovery exploit persistence
- Modifies AppInit DLL entries
  persistence
- Modifies Installed Components in the registry
  persistence
- Possible privilege escalation attempt
  exploit
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral4
- Target
  
  windows-malware-master/BossDaMajor/BossDaMajor.exe
- Size
  
  1.9MB
- MD5
  
  38ff71c1dee2a9add67f1edb1a30ff8c
- SHA1
  
  10f0defd98d4e5096fbeb321b28d6559e44d66db
- SHA256
  
  730a41a7656f606a22e9f0d68782612d6e00ab8cfe1260160b9e0b00bc2e442a
- SHA512
  
  8347782951f2647fe433482cb13186653afa32ee9f5be83a138c4ed47ff34d8de66a26e74b5a28ea21c1529b2078401922a9a26803772677b70489967c10f3e9
- SSDEEP
  
  49152:veG3J7FtM9SbJakTiTBMGSARaspyyx979PSxgKFdGlYU:2GZxSoJrTiTBMGtRa8t7EFddU
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies system executable filetype association
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral5
- Target
  
  windows-malware-master/ILOVEYOU/LOVE-LETTER-FOR-YOU.TXT.vbs
- Size
  
  14KB
- MD5
  
  48ac397b96a30da6d67ffcf5b555e69c
- SHA1
  
  6b509435d7ab375d40231081417a340910da513c
- SHA256
  
  b6dc96d48ee73fda299a8f8dac2335ed4bf710f5166ce093aa8734256a205569
- SHA512
  
  4dd6ca7a18b7dceac16a8cec892f658a2389efe3b6a936ac9bf26f20a99a7a65d76dec1a412988e9a5be59276a7f7c0bca08583a474c8a9609799a4bab4ed5f2
- SSDEEP
  
  384:U8kvaf1TYIe6lrsRjcOe/qEVqyK6hNj68BYqhYRLyfwjNOVjVA:U8f18Ie2rsmj68uYji5
Score

1^/10
behavioral6
- Target
  
  windows-malware-master/MEMZ/Geometry dash auto speedhack.bat
- Size
  
  13KB
- MD5
  
  63c6ec6b042bcb00d2d832c0e4f25dca
- SHA1
  
  a904a7c3fc89ff497e91384a63db3282e00d31ce
- SHA256
  
  dae968f47476ef79b122e771ccd0a2bacde2ac3535f68047239682fefa3dfe50
- SHA512
  
  1454cd79a59f0603ae083abb7f3b1438e18c7858ab04dfc3df1a725cee72be48274c289d5c0a44ce415f4bdf8a2c316312453862381fdbf0f4af97a62234e41a
- SSDEEP
  
  192:E7N3ODNPiwc205VjF+Ijytxd+7yxpVtLoTKihWn5hhHxGtHfzf+H/0Nz6hcbXR:E85qwc35O1+7y/LphxxGtHAhubXR
Score

7^/10

bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral7
- Target
  
  windows-malware-master/MEMZ/geometry dash auto speedhack.exe
- Size
  
  14KB
- MD5
  
  19dbec50735b5f2a72d4199c4e184960
- SHA1
  
  6fed7732f7cb6f59743795b2ab154a3676f4c822
- SHA256
  
  a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
- SHA512
  
  aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
- SSDEEP
  
  192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj
Score

7^/10

bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral8
- Target
  
  windows-malware-master/MrsMajor 2.0/MrsMajor2.0.exe
- Size
  
  25.6MB
- MD5
  
  247a35851fdee53a1696715d67bd0905
- SHA1
  
  d2e86020e1d48e527e81e550f06c651328bd58a4
- SHA256
  
  5dd4ea169cabf9226f54bb53e63ea6a1b5880a0d1222242aee378efb6255b57d
- SHA512
  
  a173801aaef4fab608d99b52223b5b2400d69b91edcbf33c21fcb47bd832eef9d771dfd36da350a502a371ed1739c869a7c2b4dca456c93f2feed9ac9c647c7c
- SSDEEP
  
  786432:7VQ4fX8siQIZwastE9oGH5UcnaAVBmn163+L2:7ywXwdwRQo2O1L2
Score

7^/10
- Executes dropped EXE
behavioral9
- Target
  
  windows-malware-master/MrsMajor 3.0/MrsMajor3.0.exe
- Size
  
  381KB
- MD5
  
  35a27d088cd5be278629fae37d464182
- SHA1
  
  d5a291fadead1f2a0cf35082012fe6f4bf22a3ab
- SHA256
  
  4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69
- SHA512
  
  eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5
- SSDEEP
  
  6144:Th3idhONY259BH1DzJ5PzVNtGgc+F9TBd096cTKAsLEbqqbd+VWM8AHiKn9SlXNA:Th3iXPw9Tc6kVXMHHLEf8l7
Score

10^/10

agilenet evasion trojan
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral10
- Target
  
  windows-malware-master/SpySheriff/Install.exe
- Size
  
  48KB
- MD5
  
  2949c1a5ed0da748d949ac59dbc15059
- SHA1
  
  9fa86b84cba147b2806f4e11dd76f38dc358c202
- SHA256
  
  2e0b86cba229e27b6eec45751be45b24f9197cdc7b2eca30447112f917899d0a
- SHA512
  
  65eac714afaa0e7e84a41a18dc710b233afc80a03022e4504b3a30fdc5a82dd22f3ec78e2f5ad9df360c0e93f7d06d53b7a638fbaea93d62093a524beb627a66
- SSDEEP
  
  768:ddc543tJZkq0HrloZ3RicH0wDrF5X9gFEvkk3p:99JZk7ZoZhewDR5NVvkk3p
Score

1^/10
behavioral11
- Target
  
  windows-malware-master/WinXP Horror Edition/WinXP.Horror.Destructive (Created By WobbyChip).exe
- Size
  
  57.9MB
- MD5
  
  063ea883f8c67d3bb22e0a465136ca4c
- SHA1
  
  3a168a9153ee32b86d9a5411b0af13846c55ee1d
- SHA256
  
  3b64ce283febf3207dd20c99fc53de65b07044231eb544c4c41de374a2571c5c
- SHA512
  
  2dd6be23a5af8c458b94eeb5a4e83fc8cacb3fd2c2566b5682eee286c01726dca90db3d9b4e218eeded9b0c9bce8ba3c9ca9cc497e3a57aab580633a038e4b74
- SSDEEP
  
  1572864:aj6L5PLk/mBCSyKOYl39GFoFEujFMm+B997DaNHN1oS72fnD9hRzZ01tO0DpvrvI:i6cSzV9GCFEujFMm+B997DaNHN1oS72X
Score

10^/10

bootkit evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral12