4748489a4d692e72996a448b47c7fd465a14080926f7d6fb304240446c9e59af | Triage

Sharing

General

Target

KRNL-REBORN.zip
Size

19.6MB
Sample

240704-gzedvszhmh
MD5

4767eaca620f23390e69a61f957c6076
SHA1

be200d7d19ee9f08eeaa546744f4a8a2e052c777
SHA256

4748489a4d692e72996a448b47c7fd465a14080926f7d6fb304240446c9e59af
SHA512

e2a7c0e4dd55dbe057a0932a503eebe51c7488ad22c92b1678175e0ad80ec8d73fdda7fb9d61566ccaffe0fac7e094d9bdfa9a5688cc91a430e0441c2883291b
SSDEEP

393216:rXspbuw3gKGY0FjWSUAM7w++aJhmWxpMAidLt6/SF0f4khDMKTv7adB+DxsdGEGR:rNw3IJpU/w+xPjxeACg/j3SeORUEGSIr

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  KRNL-REBORN/KRNL-REBORN/Bunifu_UI_v1.5.3.dll
- Size
  
  236KB
- MD5
  
  2ecb51ab00c5f340380ecf849291dbcf
- SHA1
  
  1a4dffbce2a4ce65495ed79eab42a4da3b660931
- SHA256
  
  f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf
- SHA512
  
  e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b
- SSDEEP
  
  6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
Score

1^/10
behavioral1 behavioral2
- Target
  
  KRNL-REBORN/KRNL-REBORN/ScintillaNET.dll
- Size
  
  1.3MB
- MD5
  
  9166536c31f4e725e6befe85e2889a4b
- SHA1
  
  f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae
- SHA256
  
  ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163
- SHA512
  
  113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562
- SSDEEP
  
  24576:IJSShz305vgNF7/cOCPHPSVs4Eq+QTNX+cfQdS+2MMPishd/Ws5:ti0aNvoHqs4L95X+cfx/HGC
Score

1^/10
behavioral3 behavioral4
- Target
  
  KRNL-REBORN/KRNL-REBORN/autoexec.lnk
- Size
  
  1KB
- MD5
  
  4093f1e5a6222a64baf60a90e2b82cc3
- SHA1
  
  e9b8175224ad7c715fa2f08b79dbf864597f33fe
- SHA256
  
  b05e77d756a0970c0e8345ccc53b637b9f3926e788bbf5c1bbbb2bbff4d82348
- SHA512
  
  594685509699d205845f2843853e5e6c5e8b3a2950f34e40fa9395584df257f891d5ff86120f53c077ff7346cd03907eb33913f25be5ca860e6272416cd70c23
Score

3^/10
behavioral5 behavioral6
- Target
  
  KRNL-REBORN/KRNL-REBORN/krnl-reborn.dll
- Size
  
  5.3MB
- MD5
  
  e9921b7d3ff7044834e0c5998270cd0c
- SHA1
  
  e30c5794dbc92578d5bbd23d095a4a256caf4912
- SHA256
  
  c0e5c51445b189f8a17529ce8fce8d11ed7f99211e19684228fdd12366c458ab
- SHA512
  
  8a9a83050fee7084caa606f5e26018d4ce4b0a7a10e481fcdd8b1eae6c7b459dbe633b5b4b03b91d49427481f9e03880a64418a7e52ad6c06d25de98692a028e
- SSDEEP
  
  98304:QsK42Kx51uNmHTgZk74mqBjqSQWJuR7iGsMPD4nBx1GyePSByA5Pzm:Iwr154XBJQWaKSsnBv6a5Pz
Score

3^/10
behavioral7 behavioral8
- Target
  
  KRNL-REBORN/KRNL-REBORN/krnlss.exe
- Size
  
  13.3MB
- MD5
  
  f4e7c776a1782f05a43b037cfac70d15
- SHA1
  
  c09e2c11b58555cd047793d26622e0c4ca1ad7b2
- SHA256
  
  fe1852241114c26f7fbe3e9279c1031156dbdfbdc6063254e40849b0eb1e42af
- SHA512
  
  31fd5000b30256255a24e446a2b79188c69da04799ec4825f573e35bea17456dd0e443bdee4256f4b517d936d597349790f2c0d4b93d0e2d2c12a3f485f9f7f7
- SSDEEP
  
  393216:AEkZQND/vCKL2Vmd6m0JJVAzDak/ikzndpzl8HhuPpCdiYh:AhQ9X7yVmdYDAvLpfKP8Yh
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral10 behavioral9
- Target
  
  cstealer.pyc
- Size
  
  39KB
- MD5
  
  b474c8d4816b8cd7121c7b9cdccbcb52
- SHA1
  
  3f7ddc51d1c2744100390a868ee1f43a5855ed32
- SHA256
  
  ddbc32ef2e1a4db02c5ddb38d652114c84bba50498b99b217dd5f1062bf88b1e
- SHA512
  
  44afad8a03901280b34cdd1a459acf083734ef24f0ceedfa538522f6a3844f9d915f93a4a86479ee83b0f4ff56fbe60d18df379578ae0f9e555b07516db69613
- SSDEEP
  
  768:tKIi8SYkpLWnJssvnTjKmKBbqbQ6WpEASsE5BHHANd4CW8jE7w6DelEYLQ2GPZgj:ezpgJssvnTOHpEASsE5BHHAN/W4E7sLB
Score

3^/10
behavioral11 behavioral12
- Target
  
  KRNL-REBORN/KRNL-REBORN/krnlss.exe.config
- Size
  
  202B
- MD5
  
  0ed4b3831ff5e91dff636145f68aac4c
- SHA1
  
  2d1140812945dc1b9e400a88c911803639cb2e49
- SHA256
  
  03962ae5a55dfc70e2717771a9a7aa37b956b2c5b4c62e3cff9fe24360250347
- SHA512
  
  4039d0272678777ba6fa496baf875050bd4c29352fffd37af8c3c07fb2abeedc54ba04a3dd085b491d848e951ccfcbd67ec7ba50a10ec0c624df45e98c18bf1c
Score

1^/10
behavioral13 behavioral14
- Target
  
  KRNL-REBORN/KRNL-REBORN/workspace.lnk.lnk
- Size
  
  1KB
- MD5
  
  b24aa4c070dcbe2c4b4123f65e239724
- SHA1
  
  5ac5fcaebbedea247a6fdc6905c6640d5b4c66f6
- SHA256
  
  a1bb2847ca301059384d736f1e977c694b69f5dd32249298f09a781f560fccf7
- SHA512
  
  11bbe6abb1f5e2375ddad981aaa8be1a05c83730afad2bb81ac87002153a3ff6a30bd1695343d6e08b16ea1a66cd943fd3215a233599c201183e1ab8b10869e9
Score

3^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16