40c92384d321d4728f5f8a7e86066069313b91ed9368f0fa50a55b6ec7f72a25

Sharing

Copy URL

Twitter E-mail

General

Target

KRNL-REBORN.zip
Size

75.6MB
Sample

240812-3cd1ga1dnd
MD5

8df254c1ef2d7b8713b3e9ccc35427e8
SHA1

91ae668936b94d35bb87f1c456ff477a2efcdffb
SHA256

40c92384d321d4728f5f8a7e86066069313b91ed9368f0fa50a55b6ec7f72a25
SHA512

dd0c70a1babca0405a59cb0b1c5b7a3f8c5bfd6dd8a9d8840a05cd748d0409c0b093968926e62648db380d4cc3939cc980f3223e05db6a7001143b453b94c941
SSDEEP

1572864:f8UbNceAHLWXB7CtDirBHgRA+sBp/HjOSGoGcCU/blj7:f83VHztuxKK3LdGTcCSbh7

Score

7^/10

Malware Config

Targets

- Target
  
  KRNL-REBORN.zip
- Size
  
  75.6MB
- MD5
  
  8df254c1ef2d7b8713b3e9ccc35427e8
- SHA1
  
  91ae668936b94d35bb87f1c456ff477a2efcdffb
- SHA256
  
  40c92384d321d4728f5f8a7e86066069313b91ed9368f0fa50a55b6ec7f72a25
- SHA512
  
  dd0c70a1babca0405a59cb0b1c5b7a3f8c5bfd6dd8a9d8840a05cd748d0409c0b093968926e62648db380d4cc3939cc980f3223e05db6a7001143b453b94c941
- SSDEEP
  
  1572864:f8UbNceAHLWXB7CtDirBHgRA+sBp/HjOSGoGcCU/blj7:f83VHztuxKK3LdGTcCSbh7
Score

1^/10
behavioral1 behavioral2
- Target
  
  KRNL-REBORN/Bunifu_UI_v1.5.3.dll
- Size
  
  236KB
- MD5
  
  2ecb51ab00c5f340380ecf849291dbcf
- SHA1
  
  1a4dffbce2a4ce65495ed79eab42a4da3b660931
- SHA256
  
  f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf
- SHA512
  
  e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b
- SSDEEP
  
  6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
Score

1^/10
behavioral3 behavioral4
- Target
  
  KRNL-REBORN/README.md
- Size
  
  305B
- MD5
  
  8d250ce6aa236fecbc223ad289909ade
- SHA1
  
  f2ae9ba834da647eece945abe37885ce937d48b6
- SHA256
  
  2d8ecef01e25360ebe21f5dee53a017797c5e6219e5fd041027332efb690f52f
- SHA512
  
  8a346ec6f8ce14e0ce694209fed174af41f80347f8bd3c1bdb5f4e4edb1ba00bed776a9d1690bebe3776332efcf9c215de0d03c6b471e5403836e3d463214e10
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  KRNL-REBORN/ScintillaNET.dll
- Size
  
  1.3MB
- MD5
  
  9166536c31f4e725e6befe85e2889a4b
- SHA1
  
  f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae
- SHA256
  
  ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163
- SHA512
  
  113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562
- SSDEEP
  
  24576:IJSShz305vgNF7/cOCPHPSVs4Eq+QTNX+cfQdS+2MMPishd/Ws5:ti0aNvoHqs4L95X+cfx/HGC
Score

1^/10
behavioral7 behavioral8
- Target
  
  KRNL-REBORN/autoexec.lnk
- Size
  
  1KB
- MD5
  
  4093f1e5a6222a64baf60a90e2b82cc3
- SHA1
  
  e9b8175224ad7c715fa2f08b79dbf864597f33fe
- SHA256
  
  b05e77d756a0970c0e8345ccc53b637b9f3926e788bbf5c1bbbb2bbff4d82348
- SHA512
  
  594685509699d205845f2843853e5e6c5e8b3a2950f34e40fa9395584df257f891d5ff86120f53c077ff7346cd03907eb33913f25be5ca860e6272416cd70c23
Score

3^/10
behavioral10 behavioral9
- Target
  
  KRNL-REBORN/krnl-reborn.dll
- Size
  
  5.3MB
- MD5
  
  e9921b7d3ff7044834e0c5998270cd0c
- SHA1
  
  e30c5794dbc92578d5bbd23d095a4a256caf4912
- SHA256
  
  c0e5c51445b189f8a17529ce8fce8d11ed7f99211e19684228fdd12366c458ab
- SHA512
  
  8a9a83050fee7084caa606f5e26018d4ce4b0a7a10e481fcdd8b1eae6c7b459dbe633b5b4b03b91d49427481f9e03880a64418a7e52ad6c06d25de98692a028e
- SSDEEP
  
  98304:QsK42Kx51uNmHTgZk74mqBjqSQWJuR7iGsMPD4nBx1GyePSByA5Pzm:Iwr154XBJQWaKSsnBv6a5Pz
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  KRNL-REBORN/krnlss.exe.config
- Size
  
  202B
- MD5
  
  0ed4b3831ff5e91dff636145f68aac4c
- SHA1
  
  2d1140812945dc1b9e400a88c911803639cb2e49
- SHA256
  
  03962ae5a55dfc70e2717771a9a7aa37b956b2c5b4c62e3cff9fe24360250347
- SHA512
  
  4039d0272678777ba6fa496baf875050bd4c29352fffd37af8c3c07fb2abeedc54ba04a3dd085b491d848e951ccfcbd67ec7ba50a10ec0c624df45e98c18bf1c
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  KRNL-REBORN/krnlss_v102.exe
- Size
  
  69.7MB
- MD5
  
  41de5a1628d155a926bfcc83f75d896d
- SHA1
  
  f3328b7cd2bd92a30b4288d2ac486d5fca95f6c7
- SHA256
  
  31e271dbbf255b1f77f0bcaf5dcf901901b1cf0962ee23b86974d017e94bb9ab
- SHA512
  
  4bfb66e6cbc42fed0be763222175229a9252f6494b7c6e587258ef0204b913997cd3dc0e6d1531f4b93a514859efce86cb4770df91a3f13c58cecd6aaec7ae5c
- SSDEEP
  
  1572864:8BLX5WJoWbgWRSgkNOXWxtQSNdiIGsOX6ylfZJ0WuOD:aX5M3gbcKCwGnX3dz09E
Score

7^/10

defense_evasion discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral15 behavioral16
- Target
  
  main.pyc
- Size
  
  94KB
- MD5
  
  46d5c1a7ce50eb4892ed7c755195cbee
- SHA1
  
  b7c5e91d0417b42ac5d687bab5e616d097ac4a1e
- SHA256
  
  6aa2ef60e8fe06d3cb5ba40c85905b2ee8e5d6ef174dfda20ad7a4b6e426a0e0
- SHA512
  
  19c6f84e1e3e2e65ee06a72b9a8780d5bfc82b8c4467b00af5ce7f5e6f7beb0d002fa31d23321b648b4f43a906b15cba43be7dcd72d0321b5ede263963680c18
- SSDEEP
  
  1536:BiVKHviGboAgjl9AgqfArGZff5SzKRbPabAdUsrh8Ud79onPw7pEnko6:BiVoiGbFgjbAgqfAKZff5S2RbxdUjUI8
Score

3^/10
behavioral17 behavioral18
- Target
  
  KRNL-REBORN/workspace.lnk.lnk
- Size
  
  1KB
- MD5
  
  b24aa4c070dcbe2c4b4123f65e239724
- SHA1
  
  5ac5fcaebbedea247a6fdc6905c6640d5b4c66f6
- SHA256
  
  a1bb2847ca301059384d736f1e977c694b69f5dd32249298f09a781f560fccf7
- SHA512
  
  11bbe6abb1f5e2375ddad981aaa8be1a05c83730afad2bb81ac87002153a3ff6a30bd1695343d6e08b16ea1a66cd943fd3215a233599c201183e1ab8b10869e9
Score

3^/10
behavioral19 behavioral20