Static task
static1
Behavioral task
behavioral1
Sample
Cryptic Release V1.5/ByfronHook.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Cryptic Release V1.5/ByfronHook.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Cryptic Release V1.5/assets.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
Cryptic Release V1.5/assets.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
Cryptic Release V1.5/release.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Cryptic Release V1.5/release.exe
Resource
win10v2004-20240508-en
General
-
Target
release.rar
-
Size
8.5MB
-
MD5
66cf5643cdf35a8512e4fffbab2129f3
-
SHA1
c88c447b664f4b1347693eb38c6e730294d017e2
-
SHA256
57eaffb3a0d16c9f08c4808edf0fc2d7fcfd7d83db7bb5bdc20cb57d3c565cef
-
SHA512
bdcfdc2cbe341620bbf57b60a2e2a218f7d217847a9087f1caac4d182c6951fe44feaf45b775b5eb1a4109b3ebf603eaf39b84a20eb5e91d3a0c68dc16c63198
-
SSDEEP
196608:XQghikv5TOHYqNERb8lRZKcrUE3umM/ycpn10sX8r1g:LMk5TeYquRbukcw6pMZnl
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/Cryptic Release V1.5/release.exe
Files
-
release.rar.rar
-
Cryptic Release V1.5/ByfronHook.dll
-
Cryptic Release V1.5/assets.dll
-
Cryptic Release V1.5/license.txt
-
Cryptic Release V1.5/release.exe.exe windows:4 windows x86 arch:x86
a9c887a4f18a3fede2cc29ceea138ed3
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
msvcrt
malloc
memset
strcmp
strcpy
getenv
sprintf
fopen
fwrite
fclose
__argc
__argv
_environ
_XcptFilter
__set_app_type
_controlfp
__getmainargs
exit
shell32
ShellExecuteA
kernel32
SetUnhandledExceptionFilter
Sections
.text Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8.5MB - Virtual size: 8.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 4B
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Cryptic Release V1.5/workspace/Saved Scripts.txt