Overview
overview
9Static
static
3NY TOOLS/B...er.exe
windows7-x64
NY TOOLS/B...er.exe
windows10-2004-x64
DefCon/DefCon.rar
windows7-x64
3DefCon/DefCon.rar
windows10-2004-x64
3DefCon/Def...gs.vbs
windows7-x64
1DefCon/Def...gs.vbs
windows10-2004-x64
1DefCon/ReadMe.txt
windows7-x64
1DefCon/ReadMe.txt
windows10-2004-x64
1UNLOCKER V2.exe
windows7-x64
5UNLOCKER V2.exe
windows10-2004-x64
5bsod fix.bat
windows7-x64
1bsod fix.bat
windows10-2004-x64
1w11 fix.bat
windows7-x64
9w11 fix.bat
windows10-2004-x64
9UNLOCK ALL.exe
windows7-x64
9UNLOCK ALL.exe
windows10-2004-x64
9bsod fix.bat
windows7-x64
1bsod fix.bat
windows10-2004-x64
1w11 fix.bat
windows7-x64
9w11 fix.bat
windows10-2004-x64
9VIP-CHAIR.exe
windows7-x64
5VIP-CHAIR.exe
windows10-2004-x64
5bsod fix.bat
windows7-x64
1bsod fix.bat
windows10-2004-x64
1w11 fix.bat
windows7-x64
9w11 fix.bat
windows10-2004-x64
9General
-
Target
NY TOOLS (1).zip
-
Size
44.7MB
-
Sample
240611-wnnwgsware
-
MD5
be418124d0c5f88ae1f8e38f4e637c12
-
SHA1
930f93888fbef2fb9193a11c44a2eaf0374951f8
-
SHA256
7a0fc390552b21b671a9f87934ab161bab03e08cef9383c24e66300894f14ec5
-
SHA512
5428e94c71516b7e89e806f8901b2ccd112b4830a09a41a7ef145be25235321330609d30e201f68743fa9786b8b4441b8b89a0c533b2093ff970c24a0d7edb6d
-
SSDEEP
786432:YyhQI0d9E15ivO8ylYLFh+C9sozoT8wukKh9fjFXdKIJwKrvoIB:jId9u5zqLFh+E3yIfjFNKIJCIB
Static task
static1
Behavioral task
behavioral1
Sample
NY TOOLS/BLOCKER&WOOFER/Loader.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
NY TOOLS/BLOCKER&WOOFER/Loader.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
DefCon/DefCon.rar
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
DefCon/DefCon.rar
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
DefCon/Defender_Settings.vbs
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
DefCon/Defender_Settings.vbs
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
DefCon/ReadMe.txt
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
DefCon/ReadMe.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
UNLOCKER V2.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
UNLOCKER V2.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
bsod fix.bat
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
bsod fix.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
w11 fix.bat
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
w11 fix.bat
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
UNLOCK ALL.exe
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
UNLOCK ALL.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
bsod fix.bat
Resource
win7-20240220-en
Behavioral task
behavioral18
Sample
bsod fix.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
w11 fix.bat
Resource
win7-20240215-en
Behavioral task
behavioral20
Sample
w11 fix.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
VIP-CHAIR.exe
Resource
win7-20240419-en
Behavioral task
behavioral22
Sample
VIP-CHAIR.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
bsod fix.bat
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
bsod fix.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
w11 fix.bat
Resource
win7-20240508-en
Behavioral task
behavioral26
Sample
w11 fix.bat
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
NY TOOLS/BLOCKER&WOOFER/Loader.exe
-
Size
20.9MB
-
MD5
0d69a0c8a36cb686c159ef0da8e736be
-
SHA1
1257ed7d6cbc48ee0e3fe927af91c33db334c03a
-
SHA256
77dc213ba8d1c31a3dcffb1195716a68ba077392f1ed0d9c9dd2c38dbb229458
-
SHA512
b4d8b5a780189ec245ca3270f5aae6114406ac37d5dfc453e202323fc321956b1d11b92c361787440f02295d4f6d180aa1b69b0a18959127d76106bc5f5cd575
-
SSDEEP
393216:EhUhQ430ckp6baE15lkv/okhuIeOF87iaf5314kpYL8iAh2dhdzGoIfqsA:EyhQI0d9E15ivO8ylYLFh+CB
Score1/10 -
-
-
Target
DefCon/DefCon.rar
-
Size
445KB
-
MD5
b46af7fc448e6fc31b4ef838e0235521
-
SHA1
c5ba1edefa2241c721aa1fea589a81216315bc14
-
SHA256
7e7c628c578afce5abbe1ba80d0d156857949766efa787c0ed307065e14909a6
-
SHA512
8cbf17d8adf989d4de022493e7634186b751271aaf5922e4d77dde58136d00a60eab0753849e14537ecdb20d3683f01c9b449fd723712323240a00a22faca2a1
-
SSDEEP
12288:aI7rMU6047sT0LdFObmFVfAWeIJ8qZa125+BMr:zX60GsGlfeYc+
Score3/10 -
-
-
Target
DefCon/Defender_Settings.vbs
-
Size
313B
-
MD5
b0bf0a477bcca312021177572311e666
-
SHA1
ea77332d7779938ae8e92ad35d6dea4f4be37a92
-
SHA256
af42a17d428c8e9d6f4a6d3393ec268f4d12bbfd01a897d87275482a45c847e9
-
SHA512
09366608f2670d2eb0e8ddcacd081a7b2d7b680c4cdd02494d08821dbdf17595b30e88f6ce0888591592e7caa422414a895846a268fd63e8243074972c9f52d8
Score1/10 -
-
-
Target
DefCon/ReadMe.txt
-
Size
2KB
-
MD5
8dbe87a9bf6342c4e2ea406fa86e76bb
-
SHA1
35fe083b3f5793fe1b803d091262e4dee2cd0c4d
-
SHA256
d3b0219253a58ccb394559751299bd16dba1120e02cb11571c3b6a085b1027f8
-
SHA512
3fca076f1c6fe286bef4d211fad2643e2c2e426d75e665c1a1c8dd241689fbd3911544b90f65e0b2ab25ce0ff63fc5520684ff7c1c2fb71be9cda6359a8b1c8e
Score1/10 -
-
-
Target
UNLOCKER V2.exe
-
Size
5.6MB
-
MD5
872b0fa8c0306040f181d08c5d7a252b
-
SHA1
a08cf74361c96aa4d7e4503af6563c63b95f1973
-
SHA256
3a5576c4e7d9ed56cc295fea24ef0fa68cf4235dfefa434caa32015887e757c3
-
SHA512
23d8610ac8bfcb68695b652dd8d35edcc5f17994c90966ef0cabf11489d983cc852dd8e6d36ec85c78ec6f63cb6a7b21238a6d9687494f3ef99bc7ca86a4a277
-
SSDEEP
98304:GRx4heu/+/tswG+PJPigEtVTH41ZE6HqM/aZeOO4wZivrH/LXmfI1ZWQpy:GL4gy+/tbG+PJa3txT6KKaLbwZivrjdJ
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
bsod fix.bat
-
Size
415B
-
MD5
392f331dc1744fbe560a2a17d7ca838f
-
SHA1
817559945e137d036f47b26696d4fab5f22572c1
-
SHA256
318ae14fd3712848ed06c109d36a9df600964e1d827581f980c121d52a7b5df5
-
SHA512
0b1023402d8bf343cdee0e1e643209a65879dca4a7e22862b28ba08dea2d1a72ff651ab757ce32ad11add2aad61b44f36a64d1c754bdbe1ea740c44c2857c0dd
Score1/10 -
-
-
Target
w11 fix.bat
-
Size
507B
-
MD5
6fb44052dc5a85a097feeb91d7a81712
-
SHA1
29db33e6cf3286a6ba82af684ac535d42b43d257
-
SHA256
7ec1b31de3b0114c266df0b475c5c582a504c7c38f7127949df27f78a5d1c026
-
SHA512
ee9dbcc0a7340ec6fe968ba611f0849fd1b77b88cb5deaad4c6a516a417abaf14055021e949ca04fde979364f060504c911fede81b0c492b651ea1b3f246494a
Score9/10-
Modifies boot configuration data using bcdedit
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
UNLOCK ALL.exe
-
Size
13.2MB
-
MD5
4388bf1bacc99fb238d16a3885066755
-
SHA1
d7adf519cd3c188e6f9f99dc78c6e4510320beb6
-
SHA256
22d3b9f8872c784da7f2fe39ae826c36e6a373f07568043aa40a234b9f73047b
-
SHA512
9a3b0b7b85d99705c437b72d65b1a2fd1bb03d4fbff637225422680e0fa871ad0251e6c83dea9c866c429a9258865e439ccf976340b765882ec9cf5f0b36c7ab
-
SSDEEP
393216:YKv8XedcqxSu2gI7+GXEG1FcSCQE5uYPxNDMQ+s8P:YKTrP95GXE5LQE5Jbxy
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
bsod fix.bat
-
Size
415B
-
MD5
392f331dc1744fbe560a2a17d7ca838f
-
SHA1
817559945e137d036f47b26696d4fab5f22572c1
-
SHA256
318ae14fd3712848ed06c109d36a9df600964e1d827581f980c121d52a7b5df5
-
SHA512
0b1023402d8bf343cdee0e1e643209a65879dca4a7e22862b28ba08dea2d1a72ff651ab757ce32ad11add2aad61b44f36a64d1c754bdbe1ea740c44c2857c0dd
Score1/10 -
-
-
Target
w11 fix.bat
-
Size
507B
-
MD5
6fb44052dc5a85a097feeb91d7a81712
-
SHA1
29db33e6cf3286a6ba82af684ac535d42b43d257
-
SHA256
7ec1b31de3b0114c266df0b475c5c582a504c7c38f7127949df27f78a5d1c026
-
SHA512
ee9dbcc0a7340ec6fe968ba611f0849fd1b77b88cb5deaad4c6a516a417abaf14055021e949ca04fde979364f060504c911fede81b0c492b651ea1b3f246494a
Score9/10-
Modifies boot configuration data using bcdedit
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
VIP-CHAIR.exe
-
Size
5.6MB
-
MD5
1456d19f6e07ae3374e5c296f205a7e5
-
SHA1
21391320b8f27e7f8bbf9f25c0e97f58a82f5c28
-
SHA256
358e6a243ff184b5d0770e8c442a2a883257e925e66e2cb8c42e137d19059953
-
SHA512
0ccdbeeae6f05ebc8fae56b241e9ab9a090d5c3c771bcb9a6415c09f1217f02aa2e2465e4deb833c8a5d16139fb69e172d77c7c0dbf7ef25e217bc84a7319ba4
-
SSDEEP
98304:l5Po/g9kQoDuhk2M2uHSwfdnX/aqeAZnOIBggY5smGbirNFUM5p3KS:/o/EkJCduywkVAZnOIY5sJaAW3
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
bsod fix.bat
-
Size
415B
-
MD5
392f331dc1744fbe560a2a17d7ca838f
-
SHA1
817559945e137d036f47b26696d4fab5f22572c1
-
SHA256
318ae14fd3712848ed06c109d36a9df600964e1d827581f980c121d52a7b5df5
-
SHA512
0b1023402d8bf343cdee0e1e643209a65879dca4a7e22862b28ba08dea2d1a72ff651ab757ce32ad11add2aad61b44f36a64d1c754bdbe1ea740c44c2857c0dd
Score1/10 -
-
-
Target
w11 fix.bat
-
Size
507B
-
MD5
6fb44052dc5a85a097feeb91d7a81712
-
SHA1
29db33e6cf3286a6ba82af684ac535d42b43d257
-
SHA256
7ec1b31de3b0114c266df0b475c5c582a504c7c38f7127949df27f78a5d1c026
-
SHA512
ee9dbcc0a7340ec6fe968ba611f0849fd1b77b88cb5deaad4c6a516a417abaf14055021e949ca04fde979364f060504c911fede81b0c492b651ea1b3f246494a
Score9/10-
Modifies boot configuration data using bcdedit
-
Executes dropped EXE
-
Loads dropped DLL
-