Overview

overview

9

Static

static

3

NY TOOLS/B...er.exe

windows7-x64

NY TOOLS/B...er.exe

windows10-2004-x64

DefCon/DefCon.rar

windows7-x64

3

DefCon/DefCon.rar

windows10-2004-x64

3

DefCon/Def...gs.vbs

windows7-x64

1

DefCon/Def...gs.vbs

windows10-2004-x64

1

DefCon/ReadMe.txt

windows7-x64

1

DefCon/ReadMe.txt

windows10-2004-x64

1

UNLOCKER V2.exe

windows7-x64

5

UNLOCKER V2.exe

windows10-2004-x64

5

bsod fix.bat

windows7-x64

1

bsod fix.bat

windows10-2004-x64

1

w11 fix.bat

windows7-x64

9

w11 fix.bat

windows10-2004-x64

9

UNLOCK ALL.exe

windows7-x64

9

UNLOCK ALL.exe

windows10-2004-x64

9

bsod fix.bat

windows7-x64

1

bsod fix.bat

windows10-2004-x64

1

w11 fix.bat

windows7-x64

9

w11 fix.bat

windows10-2004-x64

9

VIP-CHAIR.exe

windows7-x64

5

VIP-CHAIR.exe

windows10-2004-x64

5

bsod fix.bat

windows7-x64

1

bsod fix.bat

windows10-2004-x64

1

w11 fix.bat

windows7-x64

9

w11 fix.bat

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NY TOOLS (1).zip

  • Size

    44.7MB

  • Sample

    240611-wnnwgsware

  • MD5

    be418124d0c5f88ae1f8e38f4e637c12

  • SHA1

    930f93888fbef2fb9193a11c44a2eaf0374951f8

  • SHA256

    7a0fc390552b21b671a9f87934ab161bab03e08cef9383c24e66300894f14ec5

  • SHA512

    5428e94c71516b7e89e806f8901b2ccd112b4830a09a41a7ef145be25235321330609d30e201f68743fa9786b8b4441b8b89a0c533b2093ff970c24a0d7edb6d

  • SSDEEP

    786432:YyhQI0d9E15ivO8ylYLFh+C9sozoT8wukKh9fjFXdKIJwKrvoIB:jId9u5zqLFh+E3yIfjFNKIJCIB

Score
9/10
evasionexecutionransomwaretrojan

Malware Config

Targets

    • Target

      NY TOOLS/BLOCKER&WOOFER/Loader.exe

    • Size

      20.9MB

    • MD5

      0d69a0c8a36cb686c159ef0da8e736be

    • SHA1

      1257ed7d6cbc48ee0e3fe927af91c33db334c03a

    • SHA256

      77dc213ba8d1c31a3dcffb1195716a68ba077392f1ed0d9c9dd2c38dbb229458

    • SHA512

      b4d8b5a780189ec245ca3270f5aae6114406ac37d5dfc453e202323fc321956b1d11b92c361787440f02295d4f6d180aa1b69b0a18959127d76106bc5f5cd575

    • SSDEEP

      393216:EhUhQ430ckp6baE15lkv/okhuIeOF87iaf5314kpYL8iAh2dhdzGoIfqsA:EyhQI0d9E15ivO8ylYLFh+CB

    Score
    1/10
    behavioral1behavioral2

    • Target

      DefCon/DefCon.rar

    • Size

      445KB

    • MD5

      b46af7fc448e6fc31b4ef838e0235521

    • SHA1

      c5ba1edefa2241c721aa1fea589a81216315bc14

    • SHA256

      7e7c628c578afce5abbe1ba80d0d156857949766efa787c0ed307065e14909a6

    • SHA512

      8cbf17d8adf989d4de022493e7634186b751271aaf5922e4d77dde58136d00a60eab0753849e14537ecdb20d3683f01c9b449fd723712323240a00a22faca2a1

    • SSDEEP

      12288:aI7rMU6047sT0LdFObmFVfAWeIJ8qZa125+BMr:zX60GsGlfeYc+

    Score
    3/10
    behavioral3behavioral4

    • Target

      DefCon/Defender_Settings.vbs

    • Size

      313B

    • MD5

      b0bf0a477bcca312021177572311e666

    • SHA1

      ea77332d7779938ae8e92ad35d6dea4f4be37a92

    • SHA256

      af42a17d428c8e9d6f4a6d3393ec268f4d12bbfd01a897d87275482a45c847e9

    • SHA512

      09366608f2670d2eb0e8ddcacd081a7b2d7b680c4cdd02494d08821dbdf17595b30e88f6ce0888591592e7caa422414a895846a268fd63e8243074972c9f52d8

    Score
    1/10
    behavioral5behavioral6

    • Target

      DefCon/ReadMe.txt

    • Size

      2KB

    • MD5

      8dbe87a9bf6342c4e2ea406fa86e76bb

    • SHA1

      35fe083b3f5793fe1b803d091262e4dee2cd0c4d

    • SHA256

      d3b0219253a58ccb394559751299bd16dba1120e02cb11571c3b6a085b1027f8

    • SHA512

      3fca076f1c6fe286bef4d211fad2643e2c2e426d75e665c1a1c8dd241689fbd3911544b90f65e0b2ab25ce0ff63fc5520684ff7c1c2fb71be9cda6359a8b1c8e

    Score
    1/10
    behavioral7behavioral8

    • Target

      UNLOCKER V2.exe

    • Size

      5.6MB

    • MD5

      872b0fa8c0306040f181d08c5d7a252b

    • SHA1

      a08cf74361c96aa4d7e4503af6563c63b95f1973

    • SHA256

      3a5576c4e7d9ed56cc295fea24ef0fa68cf4235dfefa434caa32015887e757c3

    • SHA512

      23d8610ac8bfcb68695b652dd8d35edcc5f17994c90966ef0cabf11489d983cc852dd8e6d36ec85c78ec6f63cb6a7b21238a6d9687494f3ef99bc7ca86a4a277

    • SSDEEP

      98304:GRx4heu/+/tswG+PJPigEtVTH41ZE6HqM/aZeOO4wZivrH/LXmfI1ZWQpy:GL4gy+/tbG+PJa3txT6KKaLbwZivrjdJ

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral10behavioral9

    • Target

      bsod fix.bat

    • Size

      415B

    • MD5

      392f331dc1744fbe560a2a17d7ca838f

    • SHA1

      817559945e137d036f47b26696d4fab5f22572c1

    • SHA256

      318ae14fd3712848ed06c109d36a9df600964e1d827581f980c121d52a7b5df5

    • SHA512

      0b1023402d8bf343cdee0e1e643209a65879dca4a7e22862b28ba08dea2d1a72ff651ab757ce32ad11add2aad61b44f36a64d1c754bdbe1ea740c44c2857c0dd

    Score
    1/10
    behavioral11behavioral12

    • Target

      w11 fix.bat

    • Size

      507B

    • MD5

      6fb44052dc5a85a097feeb91d7a81712

    • SHA1

      29db33e6cf3286a6ba82af684ac535d42b43d257

    • SHA256

      7ec1b31de3b0114c266df0b475c5c582a504c7c38f7127949df27f78a5d1c026

    • SHA512

      ee9dbcc0a7340ec6fe968ba611f0849fd1b77b88cb5deaad4c6a516a417abaf14055021e949ca04fde979364f060504c911fede81b0c492b651ea1b3f246494a

    Score
    9/10
    evasionexecutionransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral13behavioral14

    • Target

      UNLOCK ALL.exe

    • Size

      13.2MB

    • MD5

      4388bf1bacc99fb238d16a3885066755

    • SHA1

      d7adf519cd3c188e6f9f99dc78c6e4510320beb6

    • SHA256

      22d3b9f8872c784da7f2fe39ae826c36e6a373f07568043aa40a234b9f73047b

    • SHA512

      9a3b0b7b85d99705c437b72d65b1a2fd1bb03d4fbff637225422680e0fa871ad0251e6c83dea9c866c429a9258865e439ccf976340b765882ec9cf5f0b36c7ab

    • SSDEEP

      393216:YKv8XedcqxSu2gI7+GXEG1FcSCQE5uYPxNDMQ+s8P:YKTrP95GXE5LQE5Jbxy

    Score
    9/10
    evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral15behavioral16

    • Target

      bsod fix.bat

    • Size

      415B

    • MD5

      392f331dc1744fbe560a2a17d7ca838f

    • SHA1

      817559945e137d036f47b26696d4fab5f22572c1

    • SHA256

      318ae14fd3712848ed06c109d36a9df600964e1d827581f980c121d52a7b5df5

    • SHA512

      0b1023402d8bf343cdee0e1e643209a65879dca4a7e22862b28ba08dea2d1a72ff651ab757ce32ad11add2aad61b44f36a64d1c754bdbe1ea740c44c2857c0dd

    Score
    1/10
    behavioral17behavioral18

    • Target

      w11 fix.bat

    • Size

      507B

    • MD5

      6fb44052dc5a85a097feeb91d7a81712

    • SHA1

      29db33e6cf3286a6ba82af684ac535d42b43d257

    • SHA256

      7ec1b31de3b0114c266df0b475c5c582a504c7c38f7127949df27f78a5d1c026

    • SHA512

      ee9dbcc0a7340ec6fe968ba611f0849fd1b77b88cb5deaad4c6a516a417abaf14055021e949ca04fde979364f060504c911fede81b0c492b651ea1b3f246494a

    Score
    9/10
    evasionexecutionransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral19behavioral20

    • Target

      VIP-CHAIR.exe

    • Size

      5.6MB

    • MD5

      1456d19f6e07ae3374e5c296f205a7e5

    • SHA1

      21391320b8f27e7f8bbf9f25c0e97f58a82f5c28

    • SHA256

      358e6a243ff184b5d0770e8c442a2a883257e925e66e2cb8c42e137d19059953

    • SHA512

      0ccdbeeae6f05ebc8fae56b241e9ab9a090d5c3c771bcb9a6415c09f1217f02aa2e2465e4deb833c8a5d16139fb69e172d77c7c0dbf7ef25e217bc84a7319ba4

    • SSDEEP

      98304:l5Po/g9kQoDuhk2M2uHSwfdnX/aqeAZnOIBggY5smGbirNFUM5p3KS:/o/EkJCduywkVAZnOIY5sJaAW3

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral21behavioral22

    • Target

      bsod fix.bat

    • Size

      415B

    • MD5

      392f331dc1744fbe560a2a17d7ca838f

    • SHA1

      817559945e137d036f47b26696d4fab5f22572c1

    • SHA256

      318ae14fd3712848ed06c109d36a9df600964e1d827581f980c121d52a7b5df5

    • SHA512

      0b1023402d8bf343cdee0e1e643209a65879dca4a7e22862b28ba08dea2d1a72ff651ab757ce32ad11add2aad61b44f36a64d1c754bdbe1ea740c44c2857c0dd

    Score
    1/10
    behavioral23behavioral24

    • Target

      w11 fix.bat

    • Size

      507B

    • MD5

      6fb44052dc5a85a097feeb91d7a81712

    • SHA1

      29db33e6cf3286a6ba82af684ac535d42b43d257

    • SHA256

      7ec1b31de3b0114c266df0b475c5c582a504c7c38f7127949df27f78a5d1c026

    • SHA512

      ee9dbcc0a7340ec6fe968ba611f0849fd1b77b88cb5deaad4c6a516a417abaf14055021e949ca04fde979364f060504c911fede81b0c492b651ea1b3f246494a

    Score
    9/10
    evasionexecutionransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral25behavioral26

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
5/10

behavioral10

Score
5/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

evasionexecutionransomware
Score
9/10

behavioral14

evasionexecutionransomware
Score
9/10

behavioral15

evasiontrojan
Score
9/10

behavioral16

evasiontrojan
Score
9/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

evasionexecutionransomware
Score
9/10

behavioral20

evasionexecutionransomware
Score
9/10

behavioral21

Score
5/10

behavioral22

Score
5/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

evasionexecutionransomware
Score
9/10

behavioral26

evasionexecutionransomware
Score
9/10