b3c1de1e8fe8d1c0af5c0fcf121c5c4e5e49d71d3d915a746cabda9108d326c8

Sharing

Copy URL

Twitter E-mail

General

Target

KrnlRemake.rar
Size

21.4MB
Sample

240808-rvn3lsvcpj
MD5

2f5d2cf969c7b9edbbf069a81ba67ca7
SHA1

652c7aa1d940310e21f6f968cb301b6922e3a54a
SHA256

b3c1de1e8fe8d1c0af5c0fcf121c5c4e5e49d71d3d915a746cabda9108d326c8
SHA512

505adb47b2a8c4c41e9409989bd2a7c5cc00c1df629223df050b31665c3afb0b09e8a74afaefd142c162517811f35e44040a38cadb6d90d5a83d26c73353f7ca
SSDEEP

393216:26cahqTDlBhGT07AG3uZbIPiJ7MI09PSUZuEZbB/fPfpxsZcV:26cac93G47AGWiiJ7yPpZXBnsZcV

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  KrnlRemake.rar
- Size
  
  21.4MB
- MD5
  
  2f5d2cf969c7b9edbbf069a81ba67ca7
- SHA1
  
  652c7aa1d940310e21f6f968cb301b6922e3a54a
- SHA256
  
  b3c1de1e8fe8d1c0af5c0fcf121c5c4e5e49d71d3d915a746cabda9108d326c8
- SHA512
  
  505adb47b2a8c4c41e9409989bd2a7c5cc00c1df629223df050b31665c3afb0b09e8a74afaefd142c162517811f35e44040a38cadb6d90d5a83d26c73353f7ca
- SSDEEP
  
  393216:26cahqTDlBhGT07AG3uZbIPiJ7MI09PSUZuEZbB/fPfpxsZcV:26cac93G47AGWiiJ7yPpZXBnsZcV
Score

3^/10
behavioral1 behavioral2
- Target
  
  KrnlRemake/Bunifu_UI_v1.52.dll
- Size
  
  219KB
- MD5
  
  5eca94d909f1ba4c5f3e35ac65a49076
- SHA1
  
  3b9cb69510887117844464a2cc711c06f2c3bd19
- SHA256
  
  de0e530d46c803d85b8aeb6d18816f1b09cb3dafefb5e19fdfa15c9f41e0f474
- SHA512
  
  257a33c748dfb617a7e2892310132fd4abf4384fb09c93a8ac3f609fd91353a4f3e326124ecc63b6041ac87cf4fcc17a8bdca312e0c851acd9c7a182247066ea
- SSDEEP
  
  6144:o1uzZh5rYAuBjtnkbxuzZ7Mg3i3hJtm4Fw2hHQHcHKaPUb:Ku1higb4zZR+9mcHX
Score

1^/10
behavioral3 behavioral4
- Target
  
  KrnlRemake/FastColoredTextBox.dll
- Size
  
  323KB
- MD5
  
  8610f4d3cdc6cc50022feddced9fdaeb
- SHA1
  
  4b60b87fd696b02d7fce38325c7adfc9e806f650
- SHA256
  
  ac926c92ccfc3789a5ae571cc4415eb1897d500a79604d8495241c19acdf01b9
- SHA512
  
  693d1af1f89470eab659b4747fe344836affa0af8485b0c0635e2519815e5a498f4618ea08db9dcf421aac1069a04616046207ee05b9ed66c0a1c4a8f0bddd09
- SSDEEP
  
  6144:0R0J4lx4/7BA4xvNdcwCOg04j0y5mwZkdmsqmLDi5eNH+Dl1SIP0:0R0J48lAovNd7CO34D4b4eNO
Score

1^/10
behavioral5 behavioral6
- Target
  
  KrnlRemake/IndigoAPI.dll
- Size
  
  11KB
- MD5
  
  8bad9c87f0e13d35323d9347d1882643
- SHA1
  
  8ba45cd619e2b9dcd60244f1ab58c155a4202195
- SHA256
  
  0e53adcd7f0b0b561da998bcc992de49558c825403afc32c025deb1985524262
- SHA512
  
  4bc7a75c6177e02e2a68d6b563e6ef82fc6d7bdbee5939d661d058cbeb77c2e5b246d237695ebe3d960264df0db37260bf34eafdc1a6f64764c23057a784c337
- SSDEEP
  
  192:UnFkAlc0iOUeo2ChgLhLetdutLWoIy+MuSMXjd6BTb93H2EtVx:UFU0BUPLuaoIUuObx2EHx
Score

1^/10
behavioral7 behavioral8
- Target
  
  KrnlRemake/Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  195ffb7167db3219b217c4fd439eedd6
- SHA1
  
  1e76e6099570ede620b76ed47cf8d03a936d49f8
- SHA256
  
  e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
- SHA512
  
  56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
- SSDEEP
  
  12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
Score

1^/10
behavioral10 behavioral9
- Target
  
  KrnlRemake/Siticone.UI.dll
- Size
  
  1.3MB
- MD5
  
  750c58af2e56b6addecffcf152520ab8
- SHA1
  
  14995e7f1d12498606d9d209d78d55fe6fd87802
- SHA256
  
  27c56a28cbde094157206da1bfcd7a395111ab97b8a5ff600b11c2175dcefb26
- SHA512
  
  2179790e23f61b3dfea828457f8609279c70b1e071cddc73b1dbda02caa664e0aae2553fc24a4956f9e89c477d66b1a704bde26fa23bc6db26c19e18db00abb5
- SSDEEP
  
  24576:QVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8gb:u8NlaVeuHFb
Score

1^/10
behavioral11 behavioral12
- Target
  
  KrnlRemake/bin/Module.dll
- Size
  
  1.3MB
- MD5
  
  157fd035b2a344a94166d7db3756df0e
- SHA1
  
  f221d28c1deb80b4e8d9201226435aefce6b0f75
- SHA256
  
  8716c75aff75941711aff8770836f47eb9a254416089ef3571c6fc9a338b3009
- SHA512
  
  fad0174fbd22f58dd4fcdaad8378c214270b4faeaca64d9cb306f50e9316072a4c417c5723c4123b8bf94a3dba6ef4e3303ec60f4a2cf0c3a54d8ab375ea717d
- SSDEEP
  
  24576:ZqBSLRktEBl6blwTUMD4zB1VU2bFjYWR0pMQUAqLRAovh4bSAXVVRNRfMXZO:ZqBSLRkt8l6blSU//+2bFfvA1SQVVRNk
Score

1^/10
behavioral13 behavioral14
- Target
  
  KrnlRemake/injector.exe
- Size
  
  19.6MB
- MD5
  
  981b177609dd56722f34f4d21a4ef066
- SHA1
  
  3c1edb28bb7a45afbf97f33dcde9482891585050
- SHA256
  
  e614d84a1e50650b03ebb4d32217c5118fdcfe37bd5ccda51e6f505928bc7a3b
- SHA512
  
  bb6fd3a9de8301d2e4d18445f19504ad7833779bad30160262bfa2e116433b2a780ef4fe9acedb69a30db56196f937a5b08567fbc25283249bc9bb2397322451
- SSDEEP
  
  393216:EGKxjSomwzNTX033jihl7EcDri7ncSjWHOy3y0gBM98LyZqr:EGKxLlE3gNEcvi7ncSyHd3ZiMV
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral15 behavioral16
- Target
  
  KrnlRemake/krnlss.exe
- Size
  
  688KB
- MD5
  
  1450cbf8506d9fb4182b21cd3e2cfef1
- SHA1
  
  db1dfadb4e4c4ddcf9cd06886e491d403426555f
- SHA256
  
  2d63123943c08b7a298d6f843b88ace962cd0a356a57698f64be6300772b98ff
- SHA512
  
  80202f9f5773f9e2bfd876650722ad7835be0a870c365906ee846892a1ad73328fe2802f9637ce78edf11ab5ac695f7d4995d7869cf0a9cf3829a688e4e66e6d
- SSDEEP
  
  3072:bJjYArWVezNwzRxc4YYfLnzRxc4YYRL3LgzRxc4YYfLjzRxc4YYL:bJjYArWVeSzRx3zRxGzRxTzRx
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  KrnlRemake/sxlib.dll
- Size
  
  755KB
- MD5
  
  354da04946a3d1ec07dbf8d5e242cf65
- SHA1
  
  3fbe573318cacef980501acc0b8cd2e62edf41f9
- SHA256
  
  36a4434918c0d5d9c62d55e210797aa122dbb8d3f69be839cec379e3f6b8c830
- SHA512
  
  83b7ad8893177ca545113608d7c06dde2ed4a455df143f25a0000e35a2c1a230cabe756611f1ca0ef7734feff087e1aa8a2c878dc7bbf38e245a24d91ee284ac
- SSDEEP
  
  12288:sZQeRj0qTKmgd7YqtZ2gk8lTl9r9/w63NvW1r37Wbx3uX3QGl:mTR0qOma0s2gPTra1nWbF2J
Score

3^/10

discovery
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20