0fdcd8ef8be7b2bc8b2aa44ca2dfe251e8850b0be1e0ec563bd3736d2f05a09d

Sharing

Copy URL Twitter E-mail

General

Target

YellowSkull 2.0.zip
Size

5.8MB
Sample

240829-cqvbha1apm
MD5

d700d6ccbbea18c0fe32775a65f13280
SHA1

7c159dd708efd29b1404f1b7fb8d4e3d4c0d1cfd
SHA256

0fdcd8ef8be7b2bc8b2aa44ca2dfe251e8850b0be1e0ec563bd3736d2f05a09d
SHA512

f49681c6ea7db12fef03220a8257bcab5b1fae81fdf590c08ad651057846a14017a132e042e5755651b7bff46cd42244cfac20ab4d1630b77002b4ec696f3533
SSDEEP

98304:sX1++uBsOBDE0JPblL8CQhiXikAazRXOfZv4gXrQzy1SvaV1Vvc759u:81+5dDtJDlLVXztRG5Xro1Cn0e

Score

10^/10

Malware Config

Targets

- Target
  
  Bat To Exe Converter/Bat_To_Exe_Converter.exe
- Size
  
  444KB
- MD5
  
  76d5900a4adf4c1f2ab8dbfd0a450c4a
- SHA1
  
  6177a27416519564ecb5d38093d61c9a81d3c290
- SHA256
  
  7adc1f7ff040628a600f99465bd70e71ad83fecfe60b0f1dadc84b5d262ff350
- SHA512
  
  286b05ff09d4e85856c251d56902486738d9b2457d9a56ea8a449195b349f2718816099f4602efba88dad592dd6cecefcd0748382888c3026dd585b3e46f0c6e
- SSDEEP
  
  12288:iYicHMPMDp8WrZtzlqQMB/FS/CiUF7RAfoSBjF:viuMPMDp8mtzbMFFS/CzKF
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  Bat To Exe Converter/help.chm
- Size
  
  14KB
- MD5
  
  ffa8c49b21b077b0dc4b51a1f6f9a753
- SHA1
  
  5fe5b4d96b266b29bd7aaf41b32394f58e7416e2
- SHA256
  
  00037bfc41afacf262afda160e17d3cca33606276324e99bbd93ad1207e9a7c0
- SHA512
  
  751eeaef0828ec4416569291ebf3f434208ff43405221339688ec2535cd5947d58ad4d2fd8ea073aa0554f712783f5ec8d5f42dfc4ee935d2905bc541ccd0a9b
- SSDEEP
  
  192:TQ3bVqwNUWqaGA9yb6OmVbelnchhvm2I2S1O:TQLbNJqHA9YYVbCahvm280
Score

1^/10
behavioral2
- Target
  
  YSkullLock.exe
- Size
  
  2.9MB
- MD5
  
  2191c3a14b53531e82726b17dd331cef
- SHA1
  
  9fdcc1ef73bbd08ac8f4cb3bdaf4c4ed26a99737
- SHA256
  
  3b2abd3773e4678100f197f53a886ec833fd2e26aa9a94d780a2d22befdf7d44
- SHA512
  
  93dc75ae619bcac6566c6e773c3628c2ef1326d988e592e59a1c8f9be304014a970caf40bf255a52b26fb37ca1d2625c8bf95b5dc749f378a0450a74aa3421f9
- SSDEEP
  
  1536:/9hZQLSuDqywUqfcIqVDY4aWFQ3RwjaxF86A62Oj5rc+ac+VCRDV:biDvjuCa7+VcB
Score

3^/10

discovery
behavioral3
- Target
  
  YSkullLock/YSkullLock.exe
- Size
  
  2.9MB
- MD5
  
  a8482395090805b7eed47ef34a3b9eba
- SHA1
  
  234be86cbd68d840f7784d3e1c1ad5a63278513c
- SHA256
  
  79277435d1091d901a673d527b1103a670a085d536b419231dfd397b4fe1fd14
- SHA512
  
  a543e43aef7b89ee149dbb156bf7417bf0a861f01502d54c94063c4533126e35749da320069e0347f700d2d236c0671035118c88c7263109826310f34ff3bfbf
- SSDEEP
  
  1536:/ihZQLSuDqywUqfcIqVDY4aWFQ3RwjaxF86A62Oj5rc+ac+VCRxF:MiDvjuCa7+VcT
Score

3^/10

discovery
behavioral4
- Target
  
  YSkullMBRSetup.exe
- Size
  
  1.3MB
- MD5
  
  220303eb72ebde4605116640fb719b26
- SHA1
  
  2021794facb35a7a23796e74835d8cf93882ddaf
- SHA256
  
  f081c913488c3f22b62f906dac2a82a38d085ebe1d28701f0059dfdfbf1ccf42
- SHA512
  
  dc811be33365049b32c3a47de9b4f4e4f77be0a9dfd14bfcfce92a6f575cf9bbd4aa56fcc92a3d8bf7bd21354f6530f3cc50a1f185a5953861d3a73a3f1738fc
- SSDEEP
  
  24576:TVhHvKBiZ5/pYDIVhdL6I92XqMZa4JyuQ5O3h3JMtbc:7v5/sIwdHTMtbc
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral5
- Target
  
  YellowSkull2.bat
- Size
  
  3KB
- MD5
  
  4671d5895d88bc19645cab0fc7ca398a
- SHA1
  
  d6b1ccef99793b0dcd09156a6460027271cde082
- SHA256
  
  dd8aa9f7955674a7a1b5b222d7c1809c583c705dae8bf476cdd42efcc0afabb5
- SHA512
  
  ea21a82ccbb1647bdd45890dadb1740a8dbb7d4cd7481a252545a6db2ce7fda1ce7c808b102bbd4dbd8764a6f824d6529044002f234bb5c255504f6b85ab926b
Score

10^/10

discovery evasion persistence ransomware trojan
- UAC bypass
  evasion trojan
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral6
- Target
  
  bg.exe
- Size
  
  102KB
- MD5
  
  12cf508e9058e3e67cf8a736557c2749
- SHA1
  
  8448240c260ccef2d23854e749387b65e4b6668e
- SHA256
  
  b3670ec42931e2dea3e03053eda32240d8b6db15bf89d0c74e23e99ecb0aaf49
- SHA512
  
  7a837b5a89f29974b1e305e2082d5f7aee46bee3cef7e8a8b47a877d5bd6280c359318d6002c2c283aed13054a8ee590778e99e423a25f84f3037b0249c6403a
- SSDEEP
  
  768:K7qcybtwpM91ivG4al7fCwjfecgExpYc467yyxqOyWOjonu3yUyJCbfw287BDmay:N5iToUcHYGykqODu3yUyJCbfw287R1sF
Score

3^/10

discovery
behavioral7
- Target
  
  YellowSkull 2.0.exe
- Size
  
  2.5MB
- MD5
  
  660e26001a8891e78135a09d3ec2623f
- SHA1
  
  bd95c1955be08eaecefa7b3dd1cbdac7387b6d06
- SHA256
  
  1811c7b5ddcc6637a782bf32db70b60bd0bf3ec2b3498716591f718cda25fd14
- SHA512
  
  590df723aaa52806f664adec89bf6e8e570a9c88b4858131fb59f23e31ab3302189393bceb58fe1aa71475065aefab2d093d5f8ad6296693d4124e5a10a34e92
- SSDEEP
  
  49152:cCEz1VWQraflEcY8GSFJ2CBUm5htDRvG0JuH0Xv6GVO8UKlo:cn14QilESfFim15rtxUuo
Score

10^/10

discovery evasion persistence ransomware trojan upx
- UAC bypass
  evasion trojan
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral8