59c50c50df819410c0f5ee039e5934c273d3aae71a4d1e2b45690c893e0e201d | Triage

Resubmissions

08/08/2024, 14:15

240808-rkm3kayaqd 7

Sharing

General

Target

PPPwnGo-v2.8.zip
Size

6.0MB
Sample

240808-rkm3kayaqd
MD5

21e91900141c6311159ab0106bc0d18a
SHA1

a579d3af355789da5c429de40babfe71fd4600de
SHA256

59c50c50df819410c0f5ee039e5934c273d3aae71a4d1e2b45690c893e0e201d
SHA512

93a84e402920fddfe61fac631cc7b452e9a0aae24162d6baa673479a0070b632e6e4d6866945c6465efe80c676a652e9c1814c1f72ad2e64b677d72872b366f5
SSDEEP

98304:CFBBnZkzdKKONWrzMdmRZ3jXf/2FGqnASrtrvQ681IpJ2:O4sWVhjv+FGqnASrhQ6PT2

Score

7^/10

discovery linux persistence privilege_escalation upx

Malware Config

Targets

- Target
  
  PPPwnGo-v2.8/PPPwn/CPP/Beta/pppwn.exe
- Size
  
  554KB
- MD5
  
  520f94f2f218bd549e0dc2fbb9201bc9
- SHA1
  
  c063440340660217923fc03dbe5966d71d56f842
- SHA256
  
  dea58af102ae22a3dd36d460177b0c2a5534b922412fccbed43fea4e2813d569
- SHA512
  
  8694be7db073130563305e975c3edf06c50e00df1e894b2243fcd4c25e93f3a298856ba90648b3fa03d84c8cb6c85644b36f8cb38055656236a9853ccbd50900
- SSDEEP
  
  12288:AOyWxSUaFq5LXWxTIdqapBs8XX2G4H57BJSZ0p9CwiCoSO7:IWxG8LXWx5OSEB4H9y0p9Cwo7
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  PPPwnGo-v2.8/PPPwn/CPP/pppwn.exe
- Size
  
  554KB
- MD5
  
  199f3d26b818603f961b0995aa5271b4
- SHA1
  
  e880b01c4773ad16c9869a11fd0892efe0d9f0b8
- SHA256
  
  764ed91127f50370a3c24f7e3bf975c726dec9dfe01c855c461572087a595250
- SHA512
  
  8dded7122d10e92d96e173c567eb98282a6554dd36baa9c9ced799257fc329a2806e6a83e28e9dedcae80f3a669437ab5852b446707d31d4723b0a69e3b06b8f
- SSDEEP
  
  12288:XoTVroZk/NiDnKVZ9dwHBdkl+tLE3RwPz3BtYJKD+qNkfN9AoS46:XoB0Z8N6cCTkl+GCLnNDaf36
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  PPPwnGo-v2.8/PPPwn/Go/Beta/pppwn.exe
- Size
  
  1.5MB
- MD5
  
  ba2c3b1abcde339d0597ea0e32619b59
- SHA1
  
  ed7ebe7629069b8bac0f8288061f128ad5117bf9
- SHA256
  
  cf86f5832963037007d4010fb9516fe1d0395fe9e781459555edef128e86f082
- SHA512
  
  00ae58390fac765517c753a97052edf4649cca207d44a233808437c48ae1424fc9c70e192823ae7dd9a41f725d24fc9ccdc42c0a781853fc36107728666b0edd
- SSDEEP
  
  24576:NH5iaPNsWd/5xeDq3kVdDyiRYT4ybuGSkVlybILgH0r8+mi3Hk05:NlN3Ei0dW8YT4yO0RHZ5
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  PPPwnGo-v2.8/PPPwn/Go/pppwn.exe
- Size
  
  1.5MB
- MD5
  
  87fd8e2c384052e9bfba97a92e4cd308
- SHA1
  
  faefaaf04ba17db25df986cb884d86a0a41c6db4
- SHA256
  
  e7c6e520bb0f21d35a9a2fb6d1a3c6dd85e7a045e8e2dae500afe18a5a51328c
- SHA512
  
  d5f57d9082df93ffc730bd8c36013a5eae987c0070a8ecc87b4300c5f72a7e52ac4cadb74ae18fca7dc0db4b7b108222ba491f04cbaa0b13012f5f8ff9ca1c6c
- SSDEEP
  
  24576:fIiVfV964S+Muwq3xJiYiplifT6jjwo+yVGrDbWTzsJ1r5:fL3/FxCliQjwgoivO
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral7 behavioral8
- Target
  
  PPPwnGo-v2.8/PPPwn/Py/offsets.py
- Size
  
  28KB
- MD5
  
  d2cff007676aa9ba533bb831b9a7dfa6
- SHA1
  
  0a319ecc1df88e78aa5d3df8c81a8288cf544b55
- SHA256
  
  39bce3f4e43a4b3547bb846b2f6f132ed009440b33fe3cba5c3eae6e5e676d2e
- SHA512
  
  82aeb42a3d5e842f5772f741ca176636e42f47a1124b0fad75679b05c9fd824d227ba9a2c2276cc57caacbebdc44b9e7cc8570f2ad4d333104faa593ecdb771d
- SSDEEP
  
  384:m9b+/WgDG2/XWcfonrYXi6OZ6zyBPU5GSJay:m9bOVDjvWOonakZ6zyPSJ7
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  PPPwnGo-v2.8/PPPwn/Py/pppwn.py
- Size
  
  28KB
- MD5
  
  c1908b4da915c4908f9d35fac921b709
- SHA1
  
  b29cee932799534fd73ebb434aa7172d00771542
- SHA256
  
  0892b4eb40b9a9a4d4bed96c6cdc8bcbfae3b66a9cd55dcf2707ca8c0852fa9a
- SHA512
  
  ebc92a78cc267251da1c985d32009f97bf29179ae52c0d1b318aba93574141bb758d658bd2709fe4be394f185990415f39c64b9e479140d31667fc9e493ac53b
- SSDEEP
  
  384:FpvS/Y9rLlqqlAWfYbxuPAouZTlL51AC0g3k4k:Kw9rYbxu7UFV0g3k5
Score

1^/10
behavioral11 behavioral12 behavioral13 behavioral14
- Target
  
  PPPwnGo-v2.8/PPPwnGo.exe
- Size
  
  108KB
- MD5
  
  1f2e533441f0511252c4505c10143463
- SHA1
  
  3a2258599939cc746bda3dc88a23ee7186cfb828
- SHA256
  
  70759c183188aeae174ceec9f0f7e3ff317a96c305aacc41e2ad851a1df8e366
- SHA512
  
  b696b7cd61f29da2e695e69730f7f55f8cc20dbf0bbb9fd6e6ed419f8c63a29eb066698c647fd1a0ef2099c53d596a5095cc3fa5cd7fcef0adcd02bc6a5856e5
- SSDEEP
  
  3072:6hgVVawfpYkwYkphLiew/s3/0nSRuqsy5gW:bVVawf+kwYkno/Q/0nSgtE
Score

3^/10

persistence privilege_escalation
behavioral15 behavioral16
- Target
  
  PPPwnGo-v2.8/Python!+Npcap/4.װpip˫.bat
- Size
  
  40B
- MD5
  
  58194b2a72727206780a3f6f0a1e51ae
- SHA1
  
  f00b88cd738b33d66237c28b4c0947029a214cb4
- SHA256
  
  ef085d249dd566c7467d0df01cbb2628f509bd49d2f24abec9cbf10307cf2a0b
- SHA512
  
  5db98e152edd5e46c8f7fb78dfbbcfda23747bf5b72058ae4584d28761b052578b2268cd499628ee2a423cb9eacd16bdd2889727752611f9dad2f273a131d1ee
Score

1^/10
behavioral17 behavioral18
- Target
  
  PPPwnGo-v2.8/Python!+Npcap/5.װscapy˫.bat
- Size
  
  25B
- MD5
  
  f75b5994777a0da1a7fdcda28546f454
- SHA1
  
  1d7e8a988d04e0023c4c52c23c9de99607936bc2
- SHA256
  
  ead9684035f71bdb6413d0aca83b4bd387fa45e9f62a08fb8db7e85889b9efb8
- SHA512
  
  3c45c26757bb38bf029102d8e867f5e785babe64cedad82b05446fd4fc3cf6d4d443e12696f4e1deb0d87df17ef72425fe67f2d6684e1ffdac04cf967ce21065
Score

1^/10
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

persistenceprivilege_escalation

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20