General

  • Target

    PusBane_Community.rar

  • Size

    1.6MB

  • Sample

    240824-ldhavatbrc

  • MD5

    507a906706fc28599f2c35b3daa039f2

  • SHA1

    9b5f7c1ee4e327a75ec1ca06657a99c4630be888

  • SHA256

    dcf326d3a17f37a91632b5d7c6de1a1fe64647a09be3475e27f04d32e7e4bf04

  • SHA512

    8ebc8e514ceeac528616e9006b6a16c27ca0e96fe7282f269f2b7d0f176ad4f4cb20e91c3c983544eef13574fe1f71d42d4724ca3724346b177ee37d14544127

  • SSDEEP

    49152:8vWXZnFXltBsD5IwDHM0rRhTcULsFcgVC:8yBg5IwDs0rRpsFcn

Score
7/10

Malware Config

Targets

    • Target

      PusBane Community/Bunifu.Licensing.dll

    • Size

      1.2MB

    • MD5

      1a45c5f35d5a5b3bf94f01caae45a641

    • SHA1

      678428c593a7b168803766264e4fe44fab253700

    • SHA256

      3410caef0cb538e883b3e4a2ef8bc26c1aeb7d07206021cf31f3382d5cdecba1

    • SHA512

      3f8b7179cc68fdcb33b474b0c9295ffa13454d4eafd4a769332be21fac4fcbf30e69f1b76bc2fa0a818d972c90001fa4bf9272ef7e333205cdfa5008e035a579

    • SSDEEP

      24576:4AECFfBu6lsgu8la4AfrCN/s3IEiZfy/bbxqt72l6oQkwi:FfxyIla4lN2liQ/bYtg6iwi

    Score
    1/10
    • Target

      PusBane Community/Bunifu.UI.WinForms.1.5.3.dll

    • Size

      344KB

    • MD5

      b4280d2898d92ab5c3911f0305d7672f

    • SHA1

      0ef4d6fa24811cea3cb36fccbc45d71e1effb17d

    • SHA256

      e2248459dcc95183d0f0c5f3abd3b0a2b93cd26cf8e130a1f43c8b32c58f4c8f

    • SHA512

      2c719c32144ce2968123dc8e3a6f61f70460e463ba9b3681dc86e124af1343d08e574f7313339ecef4b88f95d2fd9ad56462f0f9e5f9f51ba5de6ba19559af2e

    • SSDEEP

      6144:m6BxSPUIfFVoPH+GBhvPb8g2iYcHIc7RPqEev3djE5ydvmW:vxSsIfFieGjb8ncHFqEevNjE5ydvN

    Score
    1/10
    • Target

      PusBane Community/Bunifu.UI.WinForms.BunifuButton.dll

    • Size

      108KB

    • MD5

      3e60d71b66fb974045fb8dae1baef617

    • SHA1

      7078e2779f8c8d0a594c985ff7ca2e65cabaed6b

    • SHA256

      ca17918d71b6375a30990979e8f025aaef2764e06a908210be0b665dfbf7f8d0

    • SHA512

      fc991a823c39ec6fffdea6193dc3f687af907e36768dc09a733d95d3bb575e8d7ead2b434e94be35fff7bb625a71f3de499c186897f15fa489ebd9d8b65f0327

    • SSDEEP

      3072:bci6D+NfJoqK3E6f2ih0xdGzFpzUHgmvE9ZshCcU7P0tbSInIKm:o+NfJoqK3E6f2ih0xdGzFpzUHgmvEQC5

    Score
    1/10
    • Target

      PusBane Community/Bunifu.UI.WinForms.BunifuCheckBox.dll

    • Size

      103KB

    • MD5

      db530e9b3be4232a474e201798975c3b

    • SHA1

      3be4c26c7841f2e6d0310eef3a1e1730fc2e33ef

    • SHA256

      a1bfdfb908aecd1495e78789640b39982801800848abf202bd8f4a538a8e2d85

    • SHA512

      b5cad7da8cf0de850da761de0c2a12efe3de3a6ef80232847ded224dec931f0f2e24da6579900153b1c23a8dab8e982f54f73043c51827aad6378464ad1af150

    • SSDEEP

      1536:V+ISJunQdWxsOQ8TmoeW9B6Ylw9oGMtWUNVLeOT+b:V+ISJuncWKVWbxlPDNVLeOE

    Score
    1/10
    • Target

      PusBane Community/Bunifu.UI.WinForms.BunifuLabel.dll

    • Size

      421KB

    • MD5

      e65106de1d954a8ba99dba7fdc3757ab

    • SHA1

      459c0bab697f3ac7b444464d3dffaf87adf0b9a8

    • SHA256

      2c8f73e8f50125bb05f3951bd84de284e99f723102de08aa612e2abd77d170ab

    • SHA512

      f8b643b4a5af93c9d8fdf8011e44592fcddf7b1a09335426222ebe5299cffb30015b8c5aff7c33b4897b33005a6c4d6b6123cc5add4a7c21d81acd53e8069e93

    • SSDEEP

      6144:Fx0YWWd9jDKErgWc0uk+SyLmXFbP2DJFKFyyPBYVN:FIEcWc0WLmVA8BYj

    Score
    1/10
    • Target

      PusBane Community/Bunifu.UI.WinForms.BunifuPictureBox.dll

    • Size

      37KB

    • MD5

      fd6e28c44ab0bb05721034aa10e5e5c7

    • SHA1

      2c52c3925b7b3f9bb17fcf32ee7daadd275fdf81

    • SHA256

      df1d1a4399138a002883caeb326cb23fa95b5ec4a18a1abbc725166155a299d0

    • SHA512

      bf8bb42cce6713bdae6a70f30ba3e889f6d63ab1e92336fddc890cedf33c3cf17f06114c301eeb0b552384af3a2ca0b64ad8920f7a266bed0b6b690b710b74e9

    • SSDEEP

      768:RDM5qd07rjIiE27vDrAoNookVPzQ8fosMs3eeq9iKH69izKgjAe+:KE27vPAoNookdQ1iLq9Rm+RA/

    Score
    1/10
    • Target

      PusBane Community/buildend.exe

    • Size

      243KB

    • MD5

      541ece13aca0e834b512c5180c57828f

    • SHA1

      808628bce95338ef142115e751bd47d52531c5f4

    • SHA256

      3541de39ae0913e1bc3e6d9e5331e76324fe428b89a3b8220a2abad772c8ef94

    • SHA512

      074360664a06c7edff98d8190a12ed8a6134977dda88c620827a500cc6fcae48d4a9536f9e1594f9deca74a6c576503925d3cc003c8a0fe896753dfcac4b30a6

    • SSDEEP

      3072:YSOJ9nStSALRPjlt25UVSNqrAfV/D680QkB1+rzIfT9XZcWAdiyPojj2CILT+6zz:SznSwiRbgKSNOyVLs3B5SojjbIJuG

    Score
    7/10
    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks