Overview
overview
10Static
static
10TeamzPAZ/B....3.dll
windows7-x64
1TeamzPAZ/B....3.dll
windows10-2004-x64
1TeamzPAZ/F...AZ.exe
windows7-x64
10TeamzPAZ/F...AZ.exe
windows10-2004-x64
10TeamzPAZ/H...ck.dll
windows7-x64
1TeamzPAZ/H...ck.dll
windows10-2004-x64
1TeamzPAZ/MailKit.dll
windows7-x64
1TeamzPAZ/MailKit.dll
windows10-2004-x64
1TeamzPAZ/N...on.dll
windows7-x64
1TeamzPAZ/N...on.dll
windows10-2004-x64
1TeamzPAZ/xNet.dll
windows7-x64
1TeamzPAZ/xNet.dll
windows10-2004-x64
1General
-
Target
b93ab92ae78f48fc913cb97e7e6e89a1_JaffaCakes118
-
Size
797KB
-
Sample
240617-wdrjmasbkn
-
MD5
b93ab92ae78f48fc913cb97e7e6e89a1
-
SHA1
59ad143182c29b523d3256ac2604c197cb3297db
-
SHA256
35e9a600576c02110e577a51b41a0df596126ccd260c9aa2210e2390e99ff776
-
SHA512
f5da4824f89eabb3a93d89ad0e16a979cf37c829f702c98140415a10b833ed4d330f87e78feeeb3f676b8e481c2525844c4cc19616e85f776e39988f0e3a2b51
-
SSDEEP
24576:0lWBVDM/Une2vs54zt8ZphKSIrBql+kiCSc:OS3exZv8Ul+Cr
Behavioral task
behavioral1
Sample
TeamzPAZ/Bunifu_UI_v1.5.3.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
TeamzPAZ/Bunifu_UI_v1.5.3.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
TeamzPAZ/Fortnite Checker TeamzPAZ.exe
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
TeamzPAZ/Fortnite Checker TeamzPAZ.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
TeamzPAZ/HtmlAgilityPack.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
TeamzPAZ/HtmlAgilityPack.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
TeamzPAZ/MailKit.dll
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
TeamzPAZ/MailKit.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
TeamzPAZ/Newtonsoft.Json.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
TeamzPAZ/Newtonsoft.Json.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
TeamzPAZ/xNet.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
TeamzPAZ/xNet.dll
Resource
win10v2004-20240508-en
Malware Config
Extracted
nanocore
1.2.2.0
maxhasminipp.ddns.net:54984
127.0.0.1:54984
e859e030-1d62-4073-998f-c3e8c8fdde04
-
activate_away_mode
true
-
backup_connection_host
127.0.0.1
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2018-06-25T23:47:05.285361136Z
-
bypass_user_account_control
false
-
bypass_user_account_control_data
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTE2Ij8+DQo8VGFzayB2ZXJzaW9uPSIxLjIiIHhtbG5zPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dpbmRvd3MvMjAwNC8wMi9taXQvdGFzayI+DQogIDxSZWdpc3RyYXRpb25JbmZvIC8+DQogIDxUcmlnZ2VycyAvPg0KICA8UHJpbmNpcGFscz4NCiAgICA8UHJpbmNpcGFsIGlkPSJBdXRob3IiPg0KICAgICAgPExvZ29uVHlwZT5JbnRlcmFjdGl2ZVRva2VuPC9Mb2dvblR5cGU+DQogICAgICA8UnVuTGV2ZWw+SGlnaGVzdEF2YWlsYWJsZTwvUnVuTGV2ZWw+DQogICAgPC9QcmluY2lwYWw+DQogIDwvUHJpbmNpcGFscz4NCiAgPFNldHRpbmdzPg0KICAgIDxNdWx0aXBsZUluc3RhbmNlc1BvbGljeT5QYXJhbGxlbDwvTXVsdGlwbGVJbnN0YW5jZXNQb2xpY3k+DQogICAgPERpc2FsbG93U3RhcnRJZk9uQmF0dGVyaWVzPmZhbHNlPC9EaXNhbGxvd1N0YXJ0SWZPbkJhdHRlcmllcz4NCiAgICA8U3RvcElmR29pbmdPbkJhdHRlcmllcz5mYWxzZTwvU3RvcElmR29pbmdPbkJhdHRlcmllcz4NCiAgICA8QWxsb3dIYXJkVGVybWluYXRlPnRydWU8L0FsbG93SGFyZFRlcm1pbmF0ZT4NCiAgICA8U3RhcnRXaGVuQXZhaWxhYmxlPmZhbHNlPC9TdGFydFdoZW5BdmFpbGFibGU+DQogICAgPFJ1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+ZmFsc2U8L1J1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+DQogICAgPElkbGVTZXR0aW5ncz4NCiAgICAgIDxTdG9wT25JZGxlRW5kPmZhbHNlPC9TdG9wT25JZGxlRW5kPg0KICAgICAgPFJlc3RhcnRPbklkbGU+ZmFsc2U8L1Jlc3RhcnRPbklkbGU+DQogICAgPC9JZGxlU2V0dGluZ3M+DQogICAgPEFsbG93U3RhcnRPbkRlbWFuZD50cnVlPC9BbGxvd1N0YXJ0T25EZW1hbmQ+DQogICAgPEVuYWJsZWQ+dHJ1ZTwvRW5hYmxlZD4NCiAgICA8SGlkZGVuPmZhbHNlPC9IaWRkZW4+DQogICAgPFJ1bk9ubHlJZklkbGU+ZmFsc2U8L1J1bk9ubHlJZklkbGU+DQogICAgPFdha2VUb1J1bj5mYWxzZTwvV2FrZVRvUnVuPg0KICAgIDxFeGVjdXRpb25UaW1lTGltaXQ+UFQwUzwvRXhlY3V0aW9uVGltZUxpbWl0Pg0KICAgIDxQcmlvcml0eT40PC9Qcmlvcml0eT4NCiAgPC9TZXR0aW5ncz4NCiAgPEFjdGlvbnMgQ29udGV4dD0iQXV0aG9yIj4NCiAgICA8RXhlYz4NCiAgICAgIDxDb21tYW5kPiIjRVhFQ1VUQUJMRVBBVEgiPC9Db21tYW5kPg0KICAgICAgPEFyZ3VtZW50cz4kKEFyZzApPC9Bcmd1bWVudHM+DQogICAgPC9FeGVjPg0KICA8L0FjdGlvbnM+DQo8L1Rhc2s+
-
clear_access_control
false
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
54984
-
default_group
Default
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
e859e030-1d62-4073-998f-c3e8c8fdde04
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
maxhasminipp.ddns.net
-
primary_dns_server
8.8.8.8
-
request_elevation
false
-
restart_delay
5010
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
false
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
TeamzPAZ/Bunifu_UI_v1.5.3.dll
-
Size
236KB
-
MD5
2ecb51ab00c5f340380ecf849291dbcf
-
SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931
-
SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf
-
SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b
-
SSDEEP
6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
Score1/10 -
-
-
Target
TeamzPAZ/Fortnite Checker TeamzPAZ.exe
-
Size
203KB
-
MD5
e8b7db8bfcbb200e704b65126660c529
-
SHA1
c69450b1f8d5ccb1743570d7a8091530493fc36d
-
SHA256
24cf8b07f7694cbfc67e79dd18d6c1fab296eec76120e269f96202e43aa4340a
-
SHA512
c5913c6548e1c76518d379928d239af028d11ee419fd5af1ee9a596e4c0c32581c60228569d589c85e0c23de2c71b713ebf9f9c0f89c1520cc373bb538556973
-
SSDEEP
6144:sLV6Bta6dtJmakIM5kcGLYiO5C3e6s7338vSz:sLV6Btpmk1YiOS1k3Tz
-
Adds Run key to start application
-
-
-
Target
TeamzPAZ/HtmlAgilityPack.dll
-
Size
113KB
-
MD5
45223650cff5e89e56c1bdd4cb7fb786
-
SHA1
110bee36ca7afc5fe404b82d5fed5de482758cd2
-
SHA256
8019602af8f267c4e09489b3d80b514b2498a495d0fa3d7d74c2eb86b1e25781
-
SHA512
23d75f48b21b08650d081a6b081efc35d0ec4132f9400537e1813dd53fa0a51d735e8935b914ce7cdc38d271b08f1bd9585e346708cdedd42e2753202d6efb20
-
SSDEEP
1536:3trxCwY9I/QndjSOXAiW4XO2TSBVt4l6Y5lF4cglELWPGr1Y7KmYDw5yz8S:zQIInsOQWX+BVM6YycAww5K8S
Score1/10 -
-
-
Target
TeamzPAZ/MailKit.dll
-
Size
652KB
-
MD5
be99f9896236c6106887959541d22f05
-
SHA1
12fc2ac3bda1b2023bed12320cd3a140413a5850
-
SHA256
786e2126d22afabcb42d57cf07760690c18c21007c93abaed0cb4c7fe2044eb6
-
SHA512
dd995323b28ef7a3a492f5fa966d278a4495bd5d5703fc9bd066d665ceafbb57851429cca80e89aba4c09598d786206e1f7efddd44c185bd71b825958e4de330
-
SSDEEP
6144:b7GoLbF2oxbF/j/FFYgIQ0APJAO62mGQ0HhWt5ZMdYJwjvinKzGQ1kNnav2P0hsv:bJYsbqhGhHhh3jvinKqZ4earo88XA
Score1/10 -
-
-
Target
TeamzPAZ/Newtonsoft.Json.dll
-
Size
647KB
-
MD5
5afda7c7d4f7085e744c2e7599279db3
-
SHA1
3a833eb7c6be203f16799d7b7ccd8b8c9d439261
-
SHA256
f58c374ffcaae4e36d740d90fbf7fe70d0abb7328cd9af3a0a7b70803e994ba4
-
SHA512
7cbbbef742f56af80f1012d7da86fe5375ac05813045756fb45d0691c36ef13c069361457500ba4200157d5ee7922fd118bf4c0635e5192e3f8c6183fd580944
-
SSDEEP
6144:3o4V9ynqKoxhi0gAsfLBhJJzhGIVrdhoHuLFGAJmKApt5psaLGBFahKGRd67XLEm:LyncxQRhJJzhoqgH5sB4dxHG
Score1/10 -
-
-
Target
TeamzPAZ/xNet.dll
-
Size
104KB
-
MD5
158defd55a804aa8d4d67bfdf7a4af9c
-
SHA1
9dd41914fa181cb5225e593373f7dca062d7af0b
-
SHA256
6c7ec4cc31a2ce0b97703b7a42e3448e9b87d96dda12761ca24d8787ac27cff1
-
SHA512
e98062b3b035d7d87c3457621c5ffc0aefed490544739219c4f4cafc3e7de248f1cf91edb3564e49d406f9fcaf314838d33b2ddd7e3b1a1751e5819b9ab798d6
-
SSDEEP
3072:0IALHSH7PhqKnUqnV+xnEdSCo5E/awN5lRd0YjJ0:07LyIqnV+xnEdEmf
Score1/10 -