Overview

overview

10

Static

static

3

AppXor.exe

windows7-x64

10

AppXor.exe

windows10-2004-x64

10

Bunifu_UI_v1.52.dll

windows7-x64

1

Bunifu_UI_v1.52.dll

windows10-2004-x64

1

mscoore.dll

windows7-x64

3

mscoore.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    Sysmon.zip

  • Size

    522KB

  • Sample

    240822-jrcw6syhjk

  • MD5

    241f066fbe90cb4817546bff520ccca4

  • SHA1

    d753a9c6961a125a00f99fb2e24fa64ff5f4dcec

  • SHA256

    28186e90ce6c0246c3eee0a8e66e242de9a70265a0aa376d13c7b1cfdff0be17

  • SHA512

    1184f1c26a55ed266dd574446ae07b2b5a333b1f815aa93f85e2169b76cddeeb9a2a0a4f410c66ffec4d7b0c094a0ae9dde5b562f4f14dea1d613b7e5f6b4ed0

  • SSDEEP

    12288:73ceDlhb2Ae7BsHunrgXU/ERfgr132TC30vB4gjFGyb7MeEt:AeDlcAelWunUjfy32GxALb7MeEt

Score
10/10
discoveryevasionpersistence

Malware Config

Targets

    • Target

      AppXor.exe

    • Size

      790KB

    • MD5

      48d161ecdea55f44e53df822e4947f5c

    • SHA1

      2a38d2e290561a0937ccaff9c2eff59c554fbeaa

    • SHA256

      07c6bdda512ecb8bbadcf57e4f98b3376ca121dd2102cc17513133d277b0430f

    • SHA512

      c9d4c2755e82f5d8fa64c008fa5442ad3bde809b55011fc763b0c486eeb789a8b84f7f7226ec45fce4ef36adb5aad94513284ee620ead3822fca57df4aa70895

    • SSDEEP

      12288:cFUNDaMzrJbjmrlbrJcYXrCbLrJdLOrOzrJ3bUrvJ:cFOayrxjmrFruYXrCvrHLOrgrtbUrvJ

    Score
    10/10
    discoveryevasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      Bunifu_UI_v1.52.dll

    • Size

      220KB

    • MD5

      3764580d568e4fc506048e04db90562c

    • SHA1

      e8d2771a4891ad7b751c4ac153f599d7d58ebd31

    • SHA256

      27c8cea7e793ace737415881a5c16b4e2d98ce46609d272e82c6c905ad2d9f36

    • SHA512

      fdc11be9388034404c9c71a60374486ff15d552bd8e9f7f74ca345e7d40df20dcb992e6d4e7b509e31e53c910e33ed8e275467da92c30193d6fab16934491763

    • SSDEEP

      3072:UYZOzNgqlPPL42pFzo3tgyGkToR74K5BC6u+QVTNDcHaDDPuD6bl4:UYZYgEr44Fzo3tFIEKiJNDcHKPueb

    Score
    1/10
    behavioral3behavioral4

    • Target

      mscoore.dll

    • Size

      133KB

    • MD5

      0fc6951b38233930eb5fe0828e833dfb

    • SHA1

      449461a0246e9a87b4ff0d72413e5568c41f0a3b

    • SHA256

      e7c4841c9d510db55a94ae009cb5be549c8ca671b0dc1f5e62dd66b129e3c3c3

    • SHA512

      04cca6dfaf7cd3b146dac754cd7879acb991a7ef64dbf4a5f607f9dd69a6e12a6d47f12ef56312acba07bf48dcafa78e05493869089474c146d2d2b8ee14094e

    • SSDEEP

      3072:HKG4nD6Mfw4XykzjAlAoMa+A18RH2gHnnDbV16yo21m+uCGQF+sf3RcJZojc:MzrJo21m+uUF9cJB

    Score
    3/10
    discovery
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks