Overview
overview
7Static
static
3Royal_Tools.rar
windows7-x64
3Royal_Tools.rar
windows10-2004-x64
3Royal Tool...er.exe
windows7-x64
7Royal Tool...er.exe
windows10-2004-x64
7builder.pyc
windows7-x64
3builder.pyc
windows10-2004-x64
3Royal Tool...OS.exe
windows7-x64
7Royal Tool...OS.exe
windows10-2004-x64
7RoyalToolsDDOS.pyc
windows7-x64
3RoyalToolsDDOS.pyc
windows10-2004-x64
3Royal Tool...ns.txt
windows7-x64
1Royal Tool...ns.txt
windows10-2004-x64
1Royal Tools/royal.exe
windows7-x64
7Royal Tools/royal.exe
windows10-2004-x64
7royal.pyc
windows7-x64
3royal.pyc
windows10-2004-x64
3Royal Tools/royal.log
windows7-x64
1Royal Tools/royal.log
windows10-2004-x64
1Analysis
-
max time kernel
1561s -
max time network
1565s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
19-06-2024 00:46
Behavioral task
behavioral1
Sample
Royal_Tools.rar
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Royal_Tools.rar
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
Royal Tools/Royal Grabber.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
Royal Tools/Royal Grabber.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
builder.pyc
Resource
win7-20240419-en
Behavioral task
behavioral6
Sample
builder.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Royal Tools/RoyalToolsDDOS.exe
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
Royal Tools/RoyalToolsDDOS.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
RoyalToolsDDOS.pyc
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
RoyalToolsDDOS.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
Royal Tools/gennedTokens.txt
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
Royal Tools/gennedTokens.txt
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
Royal Tools/royal.exe
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
Royal Tools/royal.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
royal.pyc
Resource
win7-20240611-en
Behavioral task
behavioral16
Sample
royal.pyc
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
Royal Tools/royal.log
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
Royal Tools/royal.log
Resource
win10v2004-20240508-en
General
-
Target
Royal Tools/Royal Grabber.exe
-
Size
36.3MB
-
MD5
162a9353db993ea7cd53427bc7b9f883
-
SHA1
68974f46f2f737306b84b0c8203b481754b65670
-
SHA256
35d826483f1edad95a5c178acafc32c89cc9ab51c547c30b66edddabd5c3ab85
-
SHA512
3446ccb8ce28b98b72a80736a20506da9154de3f5cb54cf5cd3b43e6f97ed9326059e751e0a5aab1fb4f036eac348b4a2a1e740ccddb1355519e44cf8054f87e
-
SSDEEP
786432:hKJ0QBqbXm0c1QtIJ2j6+s7LWB75zuPNua8DZcoW8So5dYNvNd:3QobXl4iIJ2qHWB75iVf6rWxf
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
Royal Grabber.exepid process 2304 Royal Grabber.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Royal Grabber.exedescription pid process target process PID 2372 wrote to memory of 2304 2372 Royal Grabber.exe Royal Grabber.exe PID 2372 wrote to memory of 2304 2372 Royal Grabber.exe Royal Grabber.exe PID 2372 wrote to memory of 2304 2372 Royal Grabber.exe Royal Grabber.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Royal Tools\Royal Grabber.exe"C:\Users\Admin\AppData\Local\Temp\Royal Tools\Royal Grabber.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2372 -
C:\Users\Admin\AppData\Local\Temp\Royal Tools\Royal Grabber.exe"C:\Users\Admin\AppData\Local\Temp\Royal Tools\Royal Grabber.exe"2⤵
- Loads dropped DLL
PID:2304
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.6MB
MD53c388ce47c0d9117d2a50b3fa5ac981d
SHA1038484ff7460d03d1d36c23f0de4874cbaea2c48
SHA256c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb
SHA512e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35