General
-
Target
KRNL-REBORN.zip
-
Size
75.6MB
-
Sample
240805-a1mnas1gjq
-
MD5
8df254c1ef2d7b8713b3e9ccc35427e8
-
SHA1
91ae668936b94d35bb87f1c456ff477a2efcdffb
-
SHA256
40c92384d321d4728f5f8a7e86066069313b91ed9368f0fa50a55b6ec7f72a25
-
SHA512
dd0c70a1babca0405a59cb0b1c5b7a3f8c5bfd6dd8a9d8840a05cd748d0409c0b093968926e62648db380d4cc3939cc980f3223e05db6a7001143b453b94c941
-
SSDEEP
1572864:f8UbNceAHLWXB7CtDirBHgRA+sBp/HjOSGoGcCU/blj7:f83VHztuxKK3LdGTcCSbh7
Behavioral task
behavioral1
Sample
KRNL-REBORN/Bunifu_UI_v1.5.3.dll
Resource
win11-20240802-en
Behavioral task
behavioral2
Sample
KRNL-REBORN/ScintillaNET.dll
Resource
win11-20240802-en
Behavioral task
behavioral3
Sample
KRNL-REBORN/autoexec.lnk
Resource
win11-20240802-en
Behavioral task
behavioral4
Sample
KRNL-REBORN/krnl-reborn.dll
Resource
win11-20240802-en
Behavioral task
behavioral5
Sample
KRNL-REBORN/krnlss_v102.exe
Resource
win11-20240802-en
Behavioral task
behavioral6
Sample
KRNL-REBORN/workspace.lnk
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
KRNL-REBORN/Bunifu_UI_v1.5.3.dll
-
Size
236KB
-
MD5
2ecb51ab00c5f340380ecf849291dbcf
-
SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931
-
SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf
-
SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b
-
SSDEEP
6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
Score1/10 -
-
-
Target
KRNL-REBORN/ScintillaNET.dll
-
Size
1.3MB
-
MD5
9166536c31f4e725e6befe85e2889a4b
-
SHA1
f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae
-
SHA256
ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163
-
SHA512
113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562
-
SSDEEP
24576:IJSShz305vgNF7/cOCPHPSVs4Eq+QTNX+cfQdS+2MMPishd/Ws5:ti0aNvoHqs4L95X+cfx/HGC
Score1/10 -
-
-
Target
KRNL-REBORN/autoexec.lnk
-
Size
1KB
-
MD5
4093f1e5a6222a64baf60a90e2b82cc3
-
SHA1
e9b8175224ad7c715fa2f08b79dbf864597f33fe
-
SHA256
b05e77d756a0970c0e8345ccc53b637b9f3926e788bbf5c1bbbb2bbff4d82348
-
SHA512
594685509699d205845f2843853e5e6c5e8b3a2950f34e40fa9395584df257f891d5ff86120f53c077ff7346cd03907eb33913f25be5ca860e6272416cd70c23
Score3/10 -
-
-
Target
KRNL-REBORN/krnl-reborn.dll
-
Size
5.3MB
-
MD5
e9921b7d3ff7044834e0c5998270cd0c
-
SHA1
e30c5794dbc92578d5bbd23d095a4a256caf4912
-
SHA256
c0e5c51445b189f8a17529ce8fce8d11ed7f99211e19684228fdd12366c458ab
-
SHA512
8a9a83050fee7084caa606f5e26018d4ce4b0a7a10e481fcdd8b1eae6c7b459dbe633b5b4b03b91d49427481f9e03880a64418a7e52ad6c06d25de98692a028e
-
SSDEEP
98304:QsK42Kx51uNmHTgZk74mqBjqSQWJuR7iGsMPD4nBx1GyePSByA5Pzm:Iwr154XBJQWaKSsnBv6a5Pz
Score3/10 -
-
-
Target
KRNL-REBORN/krnlss_v102.exe
-
Size
69.7MB
-
MD5
41de5a1628d155a926bfcc83f75d896d
-
SHA1
f3328b7cd2bd92a30b4288d2ac486d5fca95f6c7
-
SHA256
31e271dbbf255b1f77f0bcaf5dcf901901b1cf0962ee23b86974d017e94bb9ab
-
SHA512
4bfb66e6cbc42fed0be763222175229a9252f6494b7c6e587258ef0204b913997cd3dc0e6d1531f4b93a514859efce86cb4770df91a3f13c58cecd6aaec7ae5c
-
SSDEEP
1572864:8BLX5WJoWbgWRSgkNOXWxtQSNdiIGsOX6ylfZJ0WuOD:aX5M3gbcKCwGnX3dz09E
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
KRNL-REBORN/workspace.lnk.lnk
-
Size
1KB
-
MD5
b24aa4c070dcbe2c4b4123f65e239724
-
SHA1
5ac5fcaebbedea247a6fdc6905c6640d5b4c66f6
-
SHA256
a1bb2847ca301059384d736f1e977c694b69f5dd32249298f09a781f560fccf7
-
SHA512
11bbe6abb1f5e2375ddad981aaa8be1a05c83730afad2bb81ac87002153a3ff6a30bd1695343d6e08b16ea1a66cd943fd3215a233599c201183e1ab8b10869e9
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1