Overview

overview

9

Static

static

7

unban.gg s...ra.dll

windows7-x64

1

unban.gg s...ra.dll

windows10-2004-x64

3

unban.gg s...I2.dll

windows7-x64

1

unban.gg s...I2.dll

windows10-2004-x64

1

unban.gg s...ed.exe

windows7-x64

9

unban.gg s...ed.exe

windows10-2004-x64

9

unban.gg s...ce.dll

windows7-x64

1

unban.gg s...ce.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    unban.gg_spoofer_cracked.zip

  • Size

    4.9MB

  • Sample

    240919-e9j1zs1enf

  • MD5

    db90d24bbef5f8812ea4b9d32b3def38

  • SHA1

    59ad256b1cf2a98ccff8247eedc9ff7143f6794b

  • SHA256

    7fc9b7554a7195b37405eef8c828ddd86ab9f5caebb96b180f09f999742cf25b

  • SHA512

    5300091c9a5a28fded8523a04097aaefb83dc8c4a846d6727b5e7dec8812229219dc85d920cee6adea24aa8f4d33573d241dff11a609a229393adad7e0009cc8

  • SSDEEP

    98304:cLrfHCKFxeZxc9X0tYdowEJvEABKFzL0YdtE9V+gvX4NkwPkC/qMCOY7pv1:cLr/XFsMkrwesLVdtTgvX4Nc+KOypv1

Score
9/10
discoveryevasionthemidatrojan

Malware Config

Targets

    • Target

      unban.gg spoofer cracked/Costura.dll

    • Size

      4KB

    • MD5

      501981c7fc457d59238eb99780efb615

    • SHA1

      f1f25c01f6acf33bdd62c4f82d3ef078e76f0906

    • SHA256

      41bb464ac7c0d192641077e44a59d7d89860c3c620a59961f2fc4a4be47deae3

    • SHA512

      5921d0662add6c8aa075106878cc56335ccbf059d8bc7f359fe9e02a52ec657c3e5df1c718929564c09f205e4bd299b086f3e7424141f5e55ed0d756f65ee1e8

    • SSDEEP

      48:6F+lni2qJfjVRPGwzCo4MhTN0KDdilETrVsH4/QWk1qyFVT2IbG:7g7KedGEiYIWM2

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      unban.gg spoofer cracked/Guna.UI2.dll

    • Size

      2.1MB

    • MD5

      c19e9e6a4bc1b668d19505a0437e7f7e

    • SHA1

      73be712aef4baa6e9dabfc237b5c039f62a847fa

    • SHA256

      9ac8b65e5c13292a8e564187c1e7446adc4230228b669383bd7b07035ab99a82

    • SHA512

      b6cd0af436459f35a97db2d928120c53d3691533b01e4f0e8b382f2bd81d9a9a2c57e5e2aa6ade9d6a1746d5c4b2ef6c88d3a0cf519424b34445d0d30aab61de

    • SSDEEP

      49152:6QNztBO2+VN7N3HtnPhx70ZO4+CPXOn5PThDH2TBeHjvjiBckYf+Yh/FJ3:6Ahck2z

    Score
    1/10
    behavioral3behavioral4

    • Target

      unban.gg spoofer cracked/Loader_protected.exe

    • Size

      4.1MB

    • MD5

      05be094fb4e11ef949145b661a44d52f

    • SHA1

      004573ff16c32eadabc20ad8547cbef3a06ada7c

    • SHA256

      9dce3e8373e8028af3633161f6f076c672a36f0bde28b9f616de1313a8f3f2cf

    • SHA512

      361dc94fd0d80a0c60e61b81e1bb22e3e75883874e0df167bbf3f92425d5cc32f16ccc25dbfd7a834a7402edc1ae9562960cd1ae9c7242f81fb91b6064ee63d6

    • SSDEEP

      98304:TrzCis2Li3WE8/qqFJoLJJIuNFRdiEPLy2612w6TCL6Mfvap+:bVs3X8yqFJoLJBiU61aO7E

    Score
    9/10
    discoveryevasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral5behavioral6

    • Target

      unban.gg spoofer cracked/System.Diagnostics.DiagnosticSource.dll

    • Size

      34KB

    • MD5

      8d9df432109f1cfdd86723b5f171e3d7

    • SHA1

      85dc92edd4b0049ed9049e075c4def8a3d64e43b

    • SHA256

      d22133818a30313e0becf010d78a556a56b34ea361dbd33588c9817631fed540

    • SHA512

      5c83303934eecfa61c43a071d29c98e5804d37a5dc7f7b035772d6a168b0c5e65dfabef20b46214e65493c4bda44831cafee83615498fbe9e718c884f4650edf

    • SSDEEP

      384:iQobG82oiaPaf/gn5LQ0+0zdQUv2CtyW8fiFISWbW9pWJbWivT1Nq0GftpBjAvnC:nA299fI5dxzL2CC11vimvnEBBNFT

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks