Overview
overview
7Static
static
3Royal_Tools.rar
windows7-x64
3Royal_Tools.rar
windows10-2004-x64
3Royal Tool...er.exe
windows7-x64
7Royal Tool...er.exe
windows10-2004-x64
7builder.pyc
windows7-x64
3builder.pyc
windows10-2004-x64
3Royal Tool...OS.exe
windows7-x64
7Royal Tool...OS.exe
windows10-2004-x64
7RoyalToolsDDOS.pyc
windows7-x64
3RoyalToolsDDOS.pyc
windows10-2004-x64
3Royal Tool...ns.txt
windows7-x64
1Royal Tool...ns.txt
windows10-2004-x64
1Royal Tools/royal.exe
windows7-x64
7Royal Tools/royal.exe
windows10-2004-x64
7royal.pyc
windows7-x64
3royal.pyc
windows10-2004-x64
3Royal Tools/royal.log
windows7-x64
1Royal Tools/royal.log
windows10-2004-x64
1General
-
Target
Royal_Tools.rar
-
Size
169.4MB
-
Sample
240619-a4lv6svcmj
-
MD5
f2e4261dd244b5cfc825be7a7970610b
-
SHA1
497b74b578ec48d35b87a952a4b457a3ed782c97
-
SHA256
ee591f3c06835c05fa8fdeb6931010e7338a75d76e9aaa799efccbfe5b076142
-
SHA512
bcc6715df31818e07b8e56c37457b5707596f5aee9c0247bd53b7be875ad5c853380c7ab15b9b29d58e2840b8710b535ef2983dacfe8268e4f218f9f12f3a974
-
SSDEEP
3145728:uckdxCDadHRLPFtpmDZnVzHk66B/UI62VN4WxJL2K2M85fuiCu5O1A:SdxCS9Fty1oGIVVNjLRPCOA
Behavioral task
behavioral1
Sample
Royal_Tools.rar
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Royal_Tools.rar
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
Royal Tools/Royal Grabber.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
Royal Tools/Royal Grabber.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
builder.pyc
Resource
win7-20240419-en
Behavioral task
behavioral6
Sample
builder.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Royal Tools/RoyalToolsDDOS.exe
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
Royal Tools/RoyalToolsDDOS.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
RoyalToolsDDOS.pyc
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
RoyalToolsDDOS.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
Royal Tools/gennedTokens.txt
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
Royal Tools/gennedTokens.txt
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
Royal Tools/royal.exe
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
Royal Tools/royal.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
royal.pyc
Resource
win7-20240611-en
Behavioral task
behavioral16
Sample
royal.pyc
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
Royal Tools/royal.log
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
Royal Tools/royal.log
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Royal_Tools.rar
-
Size
169.4MB
-
MD5
f2e4261dd244b5cfc825be7a7970610b
-
SHA1
497b74b578ec48d35b87a952a4b457a3ed782c97
-
SHA256
ee591f3c06835c05fa8fdeb6931010e7338a75d76e9aaa799efccbfe5b076142
-
SHA512
bcc6715df31818e07b8e56c37457b5707596f5aee9c0247bd53b7be875ad5c853380c7ab15b9b29d58e2840b8710b535ef2983dacfe8268e4f218f9f12f3a974
-
SSDEEP
3145728:uckdxCDadHRLPFtpmDZnVzHk66B/UI62VN4WxJL2K2M85fuiCu5O1A:SdxCS9Fty1oGIVVNjLRPCOA
Score3/10 -
-
-
Target
Royal Tools/Royal Grabber.exe
-
Size
36.3MB
-
MD5
162a9353db993ea7cd53427bc7b9f883
-
SHA1
68974f46f2f737306b84b0c8203b481754b65670
-
SHA256
35d826483f1edad95a5c178acafc32c89cc9ab51c547c30b66edddabd5c3ab85
-
SHA512
3446ccb8ce28b98b72a80736a20506da9154de3f5cb54cf5cd3b43e6f97ed9326059e751e0a5aab1fb4f036eac348b4a2a1e740ccddb1355519e44cf8054f87e
-
SSDEEP
786432:hKJ0QBqbXm0c1QtIJ2j6+s7LWB75zuPNua8DZcoW8So5dYNvNd:3QobXl4iIJ2qHWB75iVf6rWxf
Score7/10-
Loads dropped DLL
-
-
-
Target
builder.pyc
-
Size
46KB
-
MD5
21648ac708a5b10f8ee78ec4e549a580
-
SHA1
b0d7e8d5041697e619f3aa0ecdd39f8e36ed1fba
-
SHA256
9942dfd7e06562e4717d13afc8c7deddca0f5c35cfe8e98f71b528a4515345ec
-
SHA512
83ac00db1e0144ddd3bb8ee3e593fd5099ee11103e1ee748cf3f52a0e802ce1eb93d3d897c48e4144ef4940fb1512c67a1451dcb8093eb323603e976667bce60
-
SSDEEP
768:QOBRLYixrpVwP9z404hkM/9kH0E5DCGS0PUpUO4jT:vBXhRkkG5bPAwX
Score3/10 -
-
-
Target
Royal Tools/RoyalToolsDDOS.exe
-
Size
11.6MB
-
MD5
c4885dfba54af1d13b70cb62dcc7204f
-
SHA1
9b4a33a71a54eaf741dd115a0ea59c8265d811f4
-
SHA256
433ff9fd6ef9048ad43f8240f23359706ebd53cb36f34f22503d134f7234b8b4
-
SHA512
287747a3ad4e2caf0ad929872c7c96a047d35e342bfb48f022b6b3d6c3e3e3756853e7abec22d5e6110cb3f4c1a9db524f15deec7a97ade44af6221ddf70e029
-
SSDEEP
196608:nnQEXGn3gBFngPpGAjMGhuPD5U4YA1HeT39IigwCeE9TFa0Z8DOjCdyluEmQM/+c:Q1gBFngP8AxYDX1+TtIiFPY9Z8D8Ccly
Score7/10-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
RoyalToolsDDOS.pyc
-
Size
15KB
-
MD5
9488682096a7c5d15fb6e33b9c19ab64
-
SHA1
8f7af0f57c2f3070b46df8189b036b993700fcfd
-
SHA256
9ae0e66849970f1134e1fecc3ff1b490cdc3bf53f5b0b8734c597845f94720c1
-
SHA512
6446bae645368bf84b04be03028e8d25e033fdaf2578bc029e6678df66d28b34d7ec07593a931915de7113996bf9e8d8ad8774401cd828e1906741a2b36040e4
-
SSDEEP
384:qZVSSpT/ipb2TvQ360rnfkwYPhoeofkdeiVnBiYKHyKxMzGn6uqc9:qmSZqpb2D70ALPhoeofkdeMnBiY35Gnt
Score3/10 -
-
-
Target
Royal Tools/gennedTokens.txt
-
Size
610B
-
MD5
6887864f70ca7f12de815c6fd869193d
-
SHA1
7fca1a0fc2ca937ab043e9619b63ecadcd0788b8
-
SHA256
d8847539db6692034ffb63b50f5b08e26dc83f3d27ed0b2a99dae8ff201d65fe
-
SHA512
58c88326d196c505dc145b9ed628c7fd1d5869b1eca9a10cc8f295ad056d6f4b38077a0da679af0f29f8faa005b014baa77c9669b7948367f6ba21802d6465ed
Score1/10 -
-
-
Target
Royal Tools/royal.exe
-
Size
130.6MB
-
MD5
057bf674eb6dc5f743b9fa22802583a3
-
SHA1
6207c2c0d554d1faef6a533658316427261cb05a
-
SHA256
db9a1e6f9fce71c1177707ca6d62d34f4786184819deae2bd89474a521aa9314
-
SHA512
b7b93cc59fb24a747150241955e9ca2d824064fc1d02f31c6611032ac76677fb3cdd56a151e4d724ea90f4a8d4982e80bdd47366a8f7a2610df30dc1c8224ce8
-
SSDEEP
3145728:Byp52qHO5iVf6gGQ879Pf8M/3ZHNkNLN6zspx7dPf8M/3ZHNkNLN6zspx7I:Bw/HCixuQY9n3P5NSxGwVdn3P5NSxGwW
Score7/10-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
royal.pyc
-
Size
141KB
-
MD5
fb0817bc4cb8ba07d7e316190adbffb9
-
SHA1
5547a663d2aae52f03f364b959bae1f38bf97bc8
-
SHA256
d7aa2af55a675d429d350e65151f487e847983cd495f962cc857731173e3d25e
-
SHA512
99288aa848c739036f94ee5d59d31e71b7493bb485c00c26df3831eb5845c9f58fbb326c11cac94bc5a9f8e040f0a296f9681c6dbf2820225fffc548416f79a3
-
SSDEEP
1536:pcNTfRgwpcEOgGMhYlWDF8VVe2mWJUvRXjXDlLiu4lSESA8obNj8M/JLpNVP:iLpcEONkQOFmVeUq1Ziu4lSEaobN/1
Score3/10 -
-
-
Target
Royal Tools/royal.log
-
Size
5KB
-
MD5
0f85d92f292ceba27f3bb529a496cb7b
-
SHA1
5a5b94e77abef76c775a7b0d4865712f2ab437dc
-
SHA256
4c3a82e627a3283098ed8e9e0ccae6eb7155c00fd15dd1ab90598c043c65ed62
-
SHA512
d54acca34a0d8fb8c14b6cb0801cc30e2ab5db4b17547c6010029ac72bd9ff2b4e9d47ec38399c5f256f922fc09a4d46d6df3d1f01b9e085e5991c3a00352ae1
-
SSDEEP
96:lD63/AREnqnDcdlmnpD69A6yTD6uQaD0BMEnH:VEUbD5RSA6y3ZQeqH
Score1/10 -