General
-
Target
Kiwi_CE_V3.rar
-
Size
10.7MB
-
Sample
240429-rh7zysce66
-
MD5
3c75988ebbbe221a6b6f467acfc1b7a5
-
SHA1
8071cc0b84877ee6c4e81aca54cadec7e8d4d7c3
-
SHA256
2671640768495b6748538f07c1bceec5bda8b4b8e11cd9fed348a78a6e688b39
-
SHA512
429b4d570de9e5efaa0c5dfa486271bd24a2241bf8dfc751e215c52f21b036d425e494f0b735688825f052c52c263de1917d9c2163b0c819b7de405ee0910790
-
SSDEEP
196608:E+D16kZxqIeWrSkk3EAVz355vH3WvYFWV2Hd4VHYI40VxJXw2ngRuU1BdozW0B6A:EQwkZc3WrhkBR35x3xNd4pYd0VxlUUCc
Malware Config
Extracted
njrat
im523
HacKed
having-jackson.gl.at.ply.gg:56522
7c148ac38012fc3caa04b1bbe75feba0
-
reg_key
7c148ac38012fc3caa04b1bbe75feba0
-
splitter
|'|'|
Targets
-
-
Target
KIWI CE V3/!FIXInj.exe
-
Size
37KB
-
MD5
ad8378c96a922dcfe813935d1eec9ae4
-
SHA1
0e7ee31880298190258f5282f6cc2797fccdc134
-
SHA256
9a7b8171f8c6bd4bb61b7d8baf7dab921983ab7767705c3f1e1265704599ab98
-
SHA512
d38a7581ef5c3dcc8752fc2465ad698605bbd38bf380201623265e5ef121510d3f34116438727e60b3832e867e2ed4fd52081d58690690ff98b28cde80f6af5f
-
SSDEEP
384:3A8syikT2zIuMXY1uyZD7jKuo3HCsmY3orAF+rMRTyN/0L+EcoinblneHQM3epzi:wyY1lN7uuoSNYYrM+rMRa8NuByFt
Score8/10-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
-
-
Target
KIWI CE V3/!Kiwi CE V3.exe
-
Size
16.3MB
-
MD5
bfcedc7b86fff9e36e0889a8b321a3b1
-
SHA1
b0a6af2ce0580f1d629886ec26b1ffa4eab43d8f
-
SHA256
df2108aaa31cab9f7b965f7c1652a446693cb529c96ea852869c85e037c438b2
-
SHA512
0478733da658c4269abe0075c467b6f176cbefd7c4c188ef66c6d959dc5443ed94fa182e705b67682f33254c43f3e745e6b2cec2f877fade1f3f1ef3e4f6f5e6
-
SSDEEP
393216:y3Z8A06vEQ3ITvzx46SxiILGREuV3WjRI85:y3ZIzx46YNL6W9Ie
Score5/10-
Drops file in System32 directory
-
-
-
Target
KIWI CE V3/InjectFix.exe
-
Size
605KB
-
MD5
09d083f0e2c1e8a3561209902333ad8f
-
SHA1
d9692d3aba34a39aeb9e53cb3d25562b94e2e597
-
SHA256
83dfcb08ea4aa1b857d952a8a177db775d1a7e9cfc30b528848a4a29c8dbf0b9
-
SHA512
c71371263cacc4872a4bf621614940f08c9436062683be5de921ae6e509079e25ea380623e8945d40858819a664bd76590defb2a89949e8e5666190f1024ca6b
-
SSDEEP
12288:IKOjJsDc2+WC+D+4H/xeGofENaTSuGCC709:IKyacgDD+4fwG1NaTSw
Score1/10 -
-
-
Target
KIWI CE V3/lua53/lua53/src/32.bat
-
Size
406B
-
MD5
781a5ea3ac1db8b8baef18e7f7a7a83f
-
SHA1
30d3a72d187fa326f5e71f4cb47d2ede84b9902b
-
SHA256
eda0463e9a8351ba0e8a33addf0c2b6283800f9990ef4430d9ebdd64bb1e8708
-
SHA512
87a9ed1cdc25e5293392458487c7b7f9af48b2250c0644a2c97f7861050ea4e8d758be79034d4dace0713b88c1c5f7b3d917fc302b039ad7c1001a1345fbe832
Score1/10 -
-
-
Target
KIWI CE V3/lua53/lua53/src/64.bat
-
Size
405B
-
MD5
02d0494bf187b5ebf89a5f1d6a6723b4
-
SHA1
2b86f69954a33510dd2ff6ae151c2a83aec4d9e2
-
SHA256
9f26e0db49fa923c68b7979d977e8b2e5aee8810758e4c1e8e31861f51c7066a
-
SHA512
30c6b4929d86bb3e2613a3fd342a08539ceed259733aa1625b33c91f144d8fecd6bec31c64c4ca9f72cffda16f98b18e64f3236c8490e1a97c69b86c39c8dc30
Score1/10 -
-
-
Target
KIWI CE V3/lua53/lua53/src/ldo.c
-
Size
21KB
-
MD5
291c032025d4f4813c08a7305ff7dbc5
-
SHA1
5605c2fdcf2f0d5e32b69cec4ba33e9a0991232b
-
SHA256
876175423641e4c96d140ecfc6bfca2be9af4d1bd206879a7f1302ebf14b6c20
-
SHA512
cf892d80a179789564014e19e7afa80e6cad48ffd6e4c1015d56fc52b86d69dd4ac289f9d7c977e21fe900d187a34dcb76a99710b16c3588225e3d0c913e0476
-
SSDEEP
384:Z1e5szRxKW8hVJtTXeqc11l+QHAjFY7H97jfBDYZZM51P5u3o:ZxgJtTXeqE+QIYlbBDCwJ5u3o
Score1/10 -
-
-
Target
KIWI CE V3/lua53/lua53/src/make_uname.bat
-
Size
947B
-
MD5
98fa320a49ffa26d28c5c6bbf9d0de12
-
SHA1
b0a49d457ad15eb9cbe537556227a4fa8f52b415
-
SHA256
7a167d02aa492092044784cdc6e8f5b1e289731990fff44dcd26be9cf0f810f1
-
SHA512
cafd9b86a655d7b9f118e59c60b5365bc5042f346781820ac8d122942a81258591630a81043eeec7120da5bc03a06856e5c9da9659d6f786012c87d0d6291fc6
Score1/10 -
-
-
Target
KIWI CE V3/lua_extra/lua.exe
-
Size
100KB
-
MD5
47eb9bc40eaff591fb8ad620fcd5ddb6
-
SHA1
4972e99e71cc73995014c17b2dbee33bf3a7c1ec
-
SHA256
702502820320538d06409d7818754ce529087ef8ff608a723f49b1ccffdc2d6f
-
SHA512
d57e6e86c4a78dc7d70942c00f34f26546fed7c32eea674cff1e9311610bae6ad0a6a86e821ac296d577809a9f2067808cee065d702b25c2956fd5adda31cfb8
-
SSDEEP
3072:piYL/0TXMvmmDjuTVi9V+/lqiFZG2tfvt:pimsTXMNDjci9w/MS/
Score1/10 -
-
-
Target
KIWI CE V3/lua_extra/luac32.exe
-
Size
458KB
-
MD5
fc079563300f94faebe1766b38f6ea7f
-
SHA1
e66de759afe2234dd7333dd68232b346c8e65a21
-
SHA256
3e586a3868303ba4824ba4c76f207843c3da1b1cab46030a4ccf3f8d80bab478
-
SHA512
3862ef61397049eb55dbc5b8bf9f7b88ec79c8e2a4de5551f2939282aedca22502a46a40b3ddee6df0147bd473d74ebe724e2b5793ed6691b18192244e0fb1f5
-
SSDEEP
12288:CaIYfHKwkYHmdDWE1Vt6OaJ00LEvNHX3xk3sOsW:KaM0LuRg
Score1/10 -
-
-
Target
KIWI CE V3/lua_extra/luac64.exe
-
Size
466KB
-
MD5
11bf3ec9ca538fd344e8ac08504a3fae
-
SHA1
41d05681cc6cb8202e96f15553033499731b55b1
-
SHA256
b8907a77039d74848f26cb76283f3fa3b0d428265e3224358a42e1d09894950a
-
SHA512
5e6fde596a5228ba9452784bee27744073626cc1105bff5f933281ed15f70941b78f2c3fffd845a04528acea4823cb9f3fea2c9126cc0ddb5a1cce6e3a2a5a6a
-
SSDEEP
12288:+0CEVOFKBYhPv2wnBNruH++xtchxnf4yZfiM+5JZojVKW0:+cOF5jnBNrsalfT8v7V
Score1/10 -
-
-
Target
KIWI CE V3/packfiles.bat
-
Size
257B
-
MD5
76515d7229e5e892557c9a8c92fd7809
-
SHA1
c9ad9da49f58b9bc099d8c54a799010fc9085b28
-
SHA256
767fc9fad0242f452eba9545cf73a4ff2d4675e9c4a9eb0812cbac72e99db3f9
-
SHA512
7460c4f728af4eaa5691f2cc1c601563c33b643b9163c5f753451984c9052650c84ea160ef268d003d5affc7ae0dfd0dd5220f5b1a8afd251c66040638a10e75
Score1/10 -
-
-
Target
KIWI CE V3/process.exe
-
Size
101KB
-
MD5
0929566e04a5e598d98f5244fff343c0
-
SHA1
fa9b5b07945116705afe94cc26cdf65b4f2deb2b
-
SHA256
6c51d32a4e45effadcf5a1d4ef29b39b39932ee1b44a02a198749b0df2e05a8b
-
SHA512
e51007b8cfc670ba8feaf3a9cf4c13e5096055fe8a7ae0fbaff265cb670c7f90e8b293c0fcfae64372dee0e442cc619063d4514f7f8833021299de2ef9d6bb08
-
SSDEEP
768:8B/B07b4SyxSXYVvyGZvzZwHMxMLqKBuuZsDIovaaaaXr1A59:807blybVz5zZtM+KBNZYICnr1
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1