Overview
overview
10Static
static
10sillyboost...v1.zip
windows7-x64
7sillyboost...v1.zip
windows10-2004-x64
1sillyboost...g.json
windows7-x64
3sillyboost...g.json
windows10-2004-x64
3sillyboost...ck.dll
windows7-x64
9sillyboost...ck.dll
windows10-2004-x64
9sillyboost...er.exe
windows7-x64
7sillyboost...er.exe
windows10-2004-x64
9sillyboost...ly.exe
windows7-x64
7sillyboost...ly.exe
windows10-2004-x64
8s((��.A.pyc
windows7-x64
s((��.A.pyc
windows10-2004-x64
General
-
Target
sillyboost_cracked_v1.zip
-
Size
40.4MB
-
Sample
240525-w7tk3sdf61
-
MD5
9999e496ea39c2cd016d4e893811c01d
-
SHA1
f1de7c2e4767d764fe46e118581f2c6908ade992
-
SHA256
5a0461545da96488d576540bc526e5c1a861d09f2c73f528e3191212d2f9f1b1
-
SHA512
a13e5a3ab1dfd2857602fd7fa8ddfa5e404b644ec057bf2bebfd38ad27628ed6080cd39254df6da4af979c800bc46fc7a4f9b8949ec70962172e645d04c43c82
-
SSDEEP
786432:djWwTiwq0JgcbRI3IqVCQVcZQ+iurECpdBekLw8WtYt3LFLI:dzTA0JgcbrqAQVD+NEWP7LLtRLI
Behavioral task
behavioral1
Sample
sillyboost_cracked_v1.zip
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
sillyboost_cracked_v1.zip
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
sillyboost_cracked_v1/config.json
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
sillyboost_cracked_v1/config.json
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
sillyboost_cracked_v1/crack.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
sillyboost_cracked_v1/crack.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
sillyboost_cracked_v1/loader.exe
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
sillyboost_cracked_v1/loader.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
sillyboost_cracked_v1/silly.exe
Resource
win7-20240419-en
Behavioral task
behavioral10
Sample
sillyboost_cracked_v1/silly.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
s((��.A.pyc
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
s((��.A.pyc
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
sillyboost_cracked_v1.zip
-
Size
40.4MB
-
MD5
9999e496ea39c2cd016d4e893811c01d
-
SHA1
f1de7c2e4767d764fe46e118581f2c6908ade992
-
SHA256
5a0461545da96488d576540bc526e5c1a861d09f2c73f528e3191212d2f9f1b1
-
SHA512
a13e5a3ab1dfd2857602fd7fa8ddfa5e404b644ec057bf2bebfd38ad27628ed6080cd39254df6da4af979c800bc46fc7a4f9b8949ec70962172e645d04c43c82
-
SSDEEP
786432:djWwTiwq0JgcbRI3IqVCQVcZQ+iurECpdBekLw8WtYt3LFLI:dzTA0JgcbrqAQVD+NEWP7LLtRLI
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
sillyboost_cracked_v1/config.json
-
Size
252B
-
MD5
49a9757626ec5e53193026e92d8de41d
-
SHA1
88f0a32589186717d702cdd25e5645d5747e402b
-
SHA256
f19a2ce2d7839fe6d9d44aa2648302e042d8ae75286c0216363340f20e631f8b
-
SHA512
d477d8977eb7e114f61297ae8ab3132cd3f0ae46807b327b383396f2fa5d265e93ca38985831bb948a93f884768477f6ec653b7ce74e110c40bcc11f106d9c36
Score3/10 -
-
-
Target
sillyboost_cracked_v1/crack.dll
-
Size
4.9MB
-
MD5
d8131fd472e3f921dca592b6c0872c26
-
SHA1
3be46fc189d169673e3f8779128b42f17be131d3
-
SHA256
e923fb5d56d8f8f7bb2f0b11be779ca5d87164c536d9f8c0c24a89b52a372c06
-
SHA512
9fa8978e2f6549b56cc077e8d857cbc5e106cb9da0cef976326110ce0f6dee11ca0fe72751e63d862e42cad80508a0747377e08b72cc4faaa9f614381ebdf6a9
-
SSDEEP
98304:bd1z1vEYCYWcv4DoirkjuQM/OMc7/2QIqLAIOiqrr8HfdmjLdGGf:bdx1vMlDEXMc7MqcIOjH8O
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
-
-
Target
sillyboost_cracked_v1/loader.exe
-
Size
5.3MB
-
MD5
ed358d5c060320055e0a1bfce6b1e419
-
SHA1
12853b07f03fa86e2d859475ff16243a8216c1c7
-
SHA256
b7e0248552ac34bd73e2e6ac4f6b5edeb2ad27f094df41addd8e989c7256bc18
-
SHA512
d63c96aa4dba2684e210d7893a9b166490b674a34e4acf95b8f80df4c04284d58c23c0295d27451fa971c1cb9beff1fc499057f5afab0a1d790dab9ac8cba00d
-
SSDEEP
98304:V8ihICaLqaR7bM++vEeIML8+vTV6oQpSJxtN7h0w27jVGDLhM34CLCIqgFF:V5Iaa5bM3IML8+7VZ30dM584CL5nFF
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
sillyboost_cracked_v1/silly.exe
-
Size
31.7MB
-
MD5
edf5231904acc98d0aa6e8dac9e6f57b
-
SHA1
ab01505afc25fd2286fcc52a52a12c510b298fa4
-
SHA256
4400e10819840cbbe5238f4cb4560ec2c5fa6dbfca6124d6065aa8df42506472
-
SHA512
b4e01b5e2756fae3f7872d909bcb1e26618c6713d5428af6c96d08613154f65e749840ee07c3d6ce42af974a2c6c87b2bcd90e494e2e61722a377982b7070291
-
SSDEEP
786432:EYSoQBHU9SuW1HMqG5qkOIRFbRBYvHjwouTtRLzx:EYSoQBD/NMqpk9FdKfjQtNx
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
s((��.A.pyc
-
Size
1KB
-
MD5
618a38462d407f1a7bf1306aac9f15e5
-
SHA1
f1d667201337a546af7c850b09bb97deeef33001
-
SHA256
70c2d3eda71556add3405a96c8f41d5c7c351a855d0138c3ee862aeb18281346
-
SHA512
c4eef2c9b1f2fc9fb3316e62884322b307154d5037b9553169cf5b3abc0aba9e53812e6152296c4ce4190195f904866e4d0084b22e89a7d075a4ef851e9f7ecb
Score1/10 -