General

  • Target

    Royal_Tools.rar

  • Size

    169.4MB

  • Sample

    240619-a4lv6svcmj

  • MD5

    f2e4261dd244b5cfc825be7a7970610b

  • SHA1

    497b74b578ec48d35b87a952a4b457a3ed782c97

  • SHA256

    ee591f3c06835c05fa8fdeb6931010e7338a75d76e9aaa799efccbfe5b076142

  • SHA512

    bcc6715df31818e07b8e56c37457b5707596f5aee9c0247bd53b7be875ad5c853380c7ab15b9b29d58e2840b8710b535ef2983dacfe8268e4f218f9f12f3a974

  • SSDEEP

    3145728:uckdxCDadHRLPFtpmDZnVzHk66B/UI62VN4WxJL2K2M85fuiCu5O1A:SdxCS9Fty1oGIVVNjLRPCOA

Score
7/10

Malware Config

Targets

    • Target

      Royal_Tools.rar

    • Size

      169.4MB

    • MD5

      f2e4261dd244b5cfc825be7a7970610b

    • SHA1

      497b74b578ec48d35b87a952a4b457a3ed782c97

    • SHA256

      ee591f3c06835c05fa8fdeb6931010e7338a75d76e9aaa799efccbfe5b076142

    • SHA512

      bcc6715df31818e07b8e56c37457b5707596f5aee9c0247bd53b7be875ad5c853380c7ab15b9b29d58e2840b8710b535ef2983dacfe8268e4f218f9f12f3a974

    • SSDEEP

      3145728:uckdxCDadHRLPFtpmDZnVzHk66B/UI62VN4WxJL2K2M85fuiCu5O1A:SdxCS9Fty1oGIVVNjLRPCOA

    Score
    3/10
    • Target

      Royal Tools/Royal Grabber.exe

    • Size

      36.3MB

    • MD5

      162a9353db993ea7cd53427bc7b9f883

    • SHA1

      68974f46f2f737306b84b0c8203b481754b65670

    • SHA256

      35d826483f1edad95a5c178acafc32c89cc9ab51c547c30b66edddabd5c3ab85

    • SHA512

      3446ccb8ce28b98b72a80736a20506da9154de3f5cb54cf5cd3b43e6f97ed9326059e751e0a5aab1fb4f036eac348b4a2a1e740ccddb1355519e44cf8054f87e

    • SSDEEP

      786432:hKJ0QBqbXm0c1QtIJ2j6+s7LWB75zuPNua8DZcoW8So5dYNvNd:3QobXl4iIJ2qHWB75iVf6rWxf

    Score
    7/10
    • Loads dropped DLL

    • Target

      builder.pyc

    • Size

      46KB

    • MD5

      21648ac708a5b10f8ee78ec4e549a580

    • SHA1

      b0d7e8d5041697e619f3aa0ecdd39f8e36ed1fba

    • SHA256

      9942dfd7e06562e4717d13afc8c7deddca0f5c35cfe8e98f71b528a4515345ec

    • SHA512

      83ac00db1e0144ddd3bb8ee3e593fd5099ee11103e1ee748cf3f52a0e802ce1eb93d3d897c48e4144ef4940fb1512c67a1451dcb8093eb323603e976667bce60

    • SSDEEP

      768:QOBRLYixrpVwP9z404hkM/9kH0E5DCGS0PUpUO4jT:vBXhRkkG5bPAwX

    Score
    3/10
    • Target

      Royal Tools/RoyalToolsDDOS.exe

    • Size

      11.6MB

    • MD5

      c4885dfba54af1d13b70cb62dcc7204f

    • SHA1

      9b4a33a71a54eaf741dd115a0ea59c8265d811f4

    • SHA256

      433ff9fd6ef9048ad43f8240f23359706ebd53cb36f34f22503d134f7234b8b4

    • SHA512

      287747a3ad4e2caf0ad929872c7c96a047d35e342bfb48f022b6b3d6c3e3e3756853e7abec22d5e6110cb3f4c1a9db524f15deec7a97ade44af6221ddf70e029

    • SSDEEP

      196608:nnQEXGn3gBFngPpGAjMGhuPD5U4YA1HeT39IigwCeE9TFa0Z8DOjCdyluEmQM/+c:Q1gBFngP8AxYDX1+TtIiFPY9Z8D8Ccly

    Score
    7/10
    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      RoyalToolsDDOS.pyc

    • Size

      15KB

    • MD5

      9488682096a7c5d15fb6e33b9c19ab64

    • SHA1

      8f7af0f57c2f3070b46df8189b036b993700fcfd

    • SHA256

      9ae0e66849970f1134e1fecc3ff1b490cdc3bf53f5b0b8734c597845f94720c1

    • SHA512

      6446bae645368bf84b04be03028e8d25e033fdaf2578bc029e6678df66d28b34d7ec07593a931915de7113996bf9e8d8ad8774401cd828e1906741a2b36040e4

    • SSDEEP

      384:qZVSSpT/ipb2TvQ360rnfkwYPhoeofkdeiVnBiYKHyKxMzGn6uqc9:qmSZqpb2D70ALPhoeofkdeMnBiY35Gnt

    Score
    3/10
    • Target

      Royal Tools/gennedTokens.txt

    • Size

      610B

    • MD5

      6887864f70ca7f12de815c6fd869193d

    • SHA1

      7fca1a0fc2ca937ab043e9619b63ecadcd0788b8

    • SHA256

      d8847539db6692034ffb63b50f5b08e26dc83f3d27ed0b2a99dae8ff201d65fe

    • SHA512

      58c88326d196c505dc145b9ed628c7fd1d5869b1eca9a10cc8f295ad056d6f4b38077a0da679af0f29f8faa005b014baa77c9669b7948367f6ba21802d6465ed

    Score
    1/10
    • Target

      Royal Tools/royal.exe

    • Size

      130.6MB

    • MD5

      057bf674eb6dc5f743b9fa22802583a3

    • SHA1

      6207c2c0d554d1faef6a533658316427261cb05a

    • SHA256

      db9a1e6f9fce71c1177707ca6d62d34f4786184819deae2bd89474a521aa9314

    • SHA512

      b7b93cc59fb24a747150241955e9ca2d824064fc1d02f31c6611032ac76677fb3cdd56a151e4d724ea90f4a8d4982e80bdd47366a8f7a2610df30dc1c8224ce8

    • SSDEEP

      3145728:Byp52qHO5iVf6gGQ879Pf8M/3ZHNkNLN6zspx7dPf8M/3ZHNkNLN6zspx7I:Bw/HCixuQY9n3P5NSxGwVdn3P5NSxGwW

    Score
    7/10
    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      royal.pyc

    • Size

      141KB

    • MD5

      fb0817bc4cb8ba07d7e316190adbffb9

    • SHA1

      5547a663d2aae52f03f364b959bae1f38bf97bc8

    • SHA256

      d7aa2af55a675d429d350e65151f487e847983cd495f962cc857731173e3d25e

    • SHA512

      99288aa848c739036f94ee5d59d31e71b7493bb485c00c26df3831eb5845c9f58fbb326c11cac94bc5a9f8e040f0a296f9681c6dbf2820225fffc548416f79a3

    • SSDEEP

      1536:pcNTfRgwpcEOgGMhYlWDF8VVe2mWJUvRXjXDlLiu4lSESA8obNj8M/JLpNVP:iLpcEONkQOFmVeUq1Ziu4lSEaobN/1

    Score
    3/10
    • Target

      Royal Tools/royal.log

    • Size

      5KB

    • MD5

      0f85d92f292ceba27f3bb529a496cb7b

    • SHA1

      5a5b94e77abef76c775a7b0d4865712f2ab437dc

    • SHA256

      4c3a82e627a3283098ed8e9e0ccae6eb7155c00fd15dd1ab90598c043c65ed62

    • SHA512

      d54acca34a0d8fb8c14b6cb0801cc30e2ab5db4b17547c6010029ac72bd9ff2b4e9d47ec38399c5f256f922fc09a4d46d6df3d1f01b9e085e5991c3a00352ae1

    • SSDEEP

      96:lD63/AREnqnDcdlmnpD69A6yTD6uQaD0BMEnH:VEUbD5RSA6y3ZQeqH

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks