Overview
overview
9Static
static
3Cleaner1 R...IN.bat
windows7-x64
8Cleaner1 R...IN.bat
windows10-2004-x64
8Cleaner2.bat
windows7-x64
7Cleaner2.bat
windows10-2004-x64
1Cleaner3.bat
windows7-x64
1Cleaner3.bat
windows10-2004-x64
1Cleaner4.bat
windows7-x64
8Cleaner4.bat
windows10-2004-x64
8Cleaner5.bat
windows7-x64
7Cleaner5.bat
windows10-2004-x64
5Cleaner6.bat
windows7-x64
7Cleaner6.bat
windows10-2004-x64
7Cleaner7.bat
windows7-x64
8Cleaner7.bat
windows10-2004-x64
8MAC.cmd
windows7-x64
1MAC.cmd
windows10-2004-x64
1PH Spoofer.exe
windows7-x64
9PH Spoofer.exe
windows10-2004-x64
9General
-
Target
PH Spoofer1.1.rar
-
Size
276KB
-
Sample
240428-xbbk3aea96
-
MD5
d46c6c089d13ccf6229652b06528dd3c
-
SHA1
b74d7ddebe175743d1e08c2d1eecc68276867a3e
-
SHA256
f6199fe0c5630f73c0cd588e71626ab8552fb312e90e441bbe6f1ebd50bc7ccb
-
SHA512
23fd13b6202281e441056030d5263da048c21f07b0b9da8ac877233527ffd5051dc8b9d9f2611785c29f3dd8d1c2407072a73ded1f5cd4514dc92c580a68197b
-
SSDEEP
6144:imsx6QtGXsc1xFQzWjlSSyafb+tQTywrubNyIMQ2i+eWq7:imX7dkWBS+b+tdwrubNyI5L+C
Static task
static1
Behavioral task
behavioral1
Sample
Cleaner1 RUN ALL AS ADMIN.bat
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Cleaner1 RUN ALL AS ADMIN.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
Cleaner2.bat
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
Cleaner2.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
Cleaner3.bat
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
Cleaner3.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral7
Sample
Cleaner4.bat
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
Cleaner4.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral9
Sample
Cleaner5.bat
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
Cleaner5.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral11
Sample
Cleaner6.bat
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
Cleaner6.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral13
Sample
Cleaner7.bat
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
Cleaner7.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral15
Sample
MAC.cmd
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
MAC.cmd
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
PH Spoofer.exe
Resource
win7-20240220-en
Behavioral task
behavioral18
Sample
PH Spoofer.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
Cleaner1 RUN ALL AS ADMIN.bat
-
Size
4KB
-
MD5
ccf667986586fc0ee3a0898629a36ede
-
SHA1
6ffaec4689d257344f8edd02d44d8388280fb162
-
SHA256
ca7dfbc65c1fde66413b5dd06f763cbe6b8be78c2a3b88030ccd5dfac23c07df
-
SHA512
3e7f9b8df4c455595b57c18917ab9092f5cbd08545116788bcfa709e9edc79c36dae51493da7dc19ba04f69067a420755379a5b11a73205bd05b569f3c0c7ff3
-
SSDEEP
48:5eB5uGLW8FktI/JHeUsY200qfDTfbi5t2Qzt2Nt2QVt2ttUFt2AAt2Aop+RAULJY:oHeZY2ELTTqMQPdwYrOPT
Score8/10-
Modifies Windows Firewall
-
Deletes itself
-
-
-
Target
Cleaner2.bat
-
Size
22KB
-
MD5
691a8da53eac534e67dd0a1afd8d7829
-
SHA1
fe9754ea0817ab1c3b43c3541ec0b8b5fb551aea
-
SHA256
6d8474b60f28ee629a8b0eae25cc8c214d2e45c23e64445105389b530b535819
-
SHA512
667193eee3fceb28c9fdce6017938d87d0666948cee6abe46f36e92055781e30d8e39d3835fcf7d8350f560873065c958e7e0c58aee242f770beade3be27d6f6
-
SSDEEP
96:tVeN1ZifiB1ifIXi4C4AySST5bWV7oJnJdwTK4hS9X4V4j4V4z5Rg51fH84f/vWo:OZifinifILh9aswTthIIhU0
Score7/10-
Deletes itself
-
-
-
Target
Cleaner3.bat
-
Size
162KB
-
MD5
8c3967f9be32e3f7d07ee878e1794c13
-
SHA1
4b0d632fd8f3d30147f4a5721e6fdfb0b0b470b7
-
SHA256
11699f90d4533162a3b7ad620b61a9745a9a06989c3b93b217cd10dec64fb0ad
-
SHA512
55519fabada9285bd96d043f3128a6ed4dffad624359c47b27342fe63e0e6f24d9cd35f1a7488da627f68146d4d803ee1e4e946384f62f5a1c32c4599d2ff9d4
-
SSDEEP
768:xlkTPz5U3/D35lU14IYIXZBMjmgPBpszWQP54Iq5Knz5U3/D35lU14IYIXZBMjmB:Azhzp
Score1/10 -
-
-
Target
Cleaner4.bat
-
Size
111KB
-
MD5
7d29dc3ace16b45ae3b437cf8aa7d65f
-
SHA1
fbcfde13c5522d808c321c58291cfa962f104655
-
SHA256
317142fae707cbac948083d56b1163aa5a6a1b9270031d9e49ea79214ebe99ef
-
SHA512
333d36985afdbe68fbe455d3f59cbe6fc77b0669de44194e07ca28dece06505a1bd5c354ef132df70b936f7ba2740241046b75ab86afbd4728c0da5371e576d9
-
SSDEEP
768:zo9R/KZzmezF/svUsfg8gVhCBL1oPYdxCA1n5xpoL8oPlRPrPEPupL5LvLpLjLg3:E9xg8gUDRnvplQL5LvLpLjLnC
Score8/10-
Modifies Windows Firewall
-
Deletes itself
-
-
-
Target
Cleaner5.bat
-
Size
867KB
-
MD5
8ce83844fd35131310f9bd0d5e6ff7c7
-
SHA1
c2c164594d00ce9d5ea1758f80a13686ee44b06c
-
SHA256
95c12291d36d894bdf2c62aca840822226871ee2ed4f1653bf22fd96d183b6c5
-
SHA512
1e18a4c8389000dc2f171d331de374a39911c2c51c4ab8e4cca9d425884ef2d0a3c38794fb15926836537a19c6d68d72718a45b38687f0579eff035b4a766a04
-
SSDEEP
3072:UYScHNYScTzg8gvRnvpWyhytyhy6LfgCWcUWgM+4oH9q4gH9/142:TEwE6l142
Score7/10-
Deletes itself
-
Drops file in System32 directory
-
-
-
Target
Cleaner6.bat
-
Size
543KB
-
MD5
9d39831f2328903820a7359ac3e479a8
-
SHA1
2f2e720ed9b1462e5cdc8bc1d3a7e11fad6a887c
-
SHA256
4769a969888d95e0594ac296c3b7cf593dbb26bd7d27a47dc2c59022c0675263
-
SHA512
dad147bf672e4d0e69524e8103f715d133e21790ed7e3c065a02722e36c05e3e3dd9bac633da1b3eaa509a41caac46841261258478b9ad9c0aea7aea42d4204d
-
SSDEEP
1536:/sq0dLLLlL7LBL7vXgjIcHwL7DZQLwUDOmE8i/0fj8l9q0dLLLlL7LBL7vXgjcUQ:rLcUFivZ7jvzYx8+9oNQ0OL+
-
Deletes itself
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
Cleaner7.bat
-
Size
253KB
-
MD5
c26c52657c60cd9590dc11c8d6f563a5
-
SHA1
7517d767b64d983fa28545dbedb76c937049e775
-
SHA256
54ed81f8e76aba8298bd302f872b4e1bbabaee272575c39e0f18ddc23ad6c2f3
-
SHA512
8844ec48ee632c59d4cd7421856e4cd160bdea86e4100fac72ae321cd6cb934352f85aaa3b727fd17a9e96c10592c013d44fe12d5850edfbc479df23b92cf00a
-
SSDEEP
1536:VNoZxBOz2oCfgCWfr3bwUWgn8q01L5LvLpLjL5sff4oH9sffzs:UfgCW4UWgnh4oH9qzs
Score8/10-
Stops running service(s)
-
Deletes itself
-
-
-
Target
MAC.cmd
-
Size
2KB
-
MD5
9bb3424ce0882c73682a407477af163e
-
SHA1
c50786f19c4301d186db5fc1b56b8824013f1207
-
SHA256
9c1cc4852d290f352f4ba6c6eca68a4ffb1fc19a514fbbda644855a7f23c0c61
-
SHA512
f530673e63f10f684416624f53aeeda6430a552d2d32b776f026e42f34e28b7f9f19bc6c61298dfaf0b5e1c104ad681433997646a277f889c9af2df9cec601ce
Score1/10 -
-
-
Target
PH Spoofer.exe
-
Size
309KB
-
MD5
ae570e5768742a572e36ac8d999c03f5
-
SHA1
9eabf7fdc94adeb65248f7593cd6f0abd1448ef8
-
SHA256
7db7e8ba889c41199e657fa9d263c5f18830a35bab6b810e267baadae1d938ae
-
SHA512
8f46023ad4b561f9fcec5c62eba6a384e95b07dca8baeadcce9bf3039a07fb9adc6f2312a386689d291dad26d8f1476b72d8f5f7bc6a62220683f3ef221552e0
-
SSDEEP
6144:qKjViFkFl/AAGbFd1cUp3AJEFzqlOcWluW4bLcCCQvjQL85d:2rA6Bl7GcCCQvjQL4d
Score9/10-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-