General
-
Target
c10n3r.zip
-
Size
395.9MB
-
Sample
241010-web6bstfjk
-
MD5
80e52e65d41c27f378d6775d9ea223f4
-
SHA1
870615a19f3faee24661e2c87cb66f5c7c3b20a3
-
SHA256
b7da3b3684234f6959fc1b0bd217f111faa5b4048c62b6339320144d790ac178
-
SHA512
c45e449d127ebcd5339a5eead2c109305a6b74a87d3ed46d99dea66080bc18f068ff9c9d16b46a9ba860d860db8c06bf1597e83ac12bce2e906856829e292d77
-
SSDEEP
12582912:G+vHwhWO6Ko2FXIxSoEpF5tu611FY8xfS:G0QhZ6oNIxSlH1zTq
Malware Config
Targets
-
-
Target
Cina/Desktop (2)/IPRoyalPawns/resources/app/resources/tray-icon/resize.sh
-
Size
290B
-
MD5
316970b940f5731b6bca20e047c9dbfb
-
SHA1
71b4eae8195054122b373583f4e85b9b0fb06502
-
SHA256
8acb907ca652bfb87000f90c8f2d1d2432630c11160e64190b35576be0647ceb
-
SHA512
6e300490981319b234a396f3e7e0a4690da986def6c1ba141457339c516c275a3b41b5ed26d63c73031d31a45a705811b097b36a98cff4919c4df772f3470974
Score3/10 -
-
-
Target
Cina/Desktop (2)/IPRoyalPawns/swiftshader/libEGL.dll
-
Size
366KB
-
MD5
77d34ef7142151a5665b29220cdac9eb
-
SHA1
86d63a45689dc142d1997477c1ea00dc1d0192df
-
SHA256
ef0d5bbb3316bfc94e94d6e5572088e74fcfd1485ffbe5d4f86c55fca94594fb
-
SHA512
ff0d43dea0f6df743f5ff3bf8a8c26123abfa3a19d4bd093f2c561ddb1d722d5e0bec98afe396937f8fbed42042590655e30f09a4ae6263215648fec6e5da0fb
-
SSDEEP
6144:P0xXgHVFDxkm2nh/nyce87Xi4dlwhNEkqZCC9uZaWPJqSpdZgOOJ4+b2T:Eh/Ze87Xi4dCC1uZaeZBn
Score3/10 -
-
-
Target
Cina/Desktop (2)/IPRoyalPawns/swiftshader/libGLESv2.dll
-
Size
2.7MB
-
MD5
77cef3d0ec2067a9a978a5ec00f40b25
-
SHA1
e67339589599b2a8d393177fac1829d37a4421af
-
SHA256
01fae44b069049638e2bd6cf16eafef3decc0fe1387c9a799a21ffe73393a6a0
-
SHA512
b313d15c8f2ef245d8a715fb777b4ef2f0a16c292e93f88cdb9d23838748adc1349556445452d1d179d3f7f5cd0eb9644f2747f402117c3d95706ef53c3cace2
-
SSDEEP
49152:RdnrjtIvoFzKkAdACGPIuV95gE+pZRNA32yJ6uhH2elKnmeEkAz4RnEoJ2rdzNB7:RF3tfKNtja1MZdZ1X
Score3/10 -
-
-
Target
Cina/Desktop (2)/IPRoyalPawns/uninstaller.exe
-
Size
53KB
-
MD5
f59760d6acf6a007bca4ccd8b85975c2
-
SHA1
1203798f9c6f7fcfcf573c6e8e1e716b9bf41ec6
-
SHA256
2e9a962773dff534d04a0545226980682aefbef668e2c3b002de563a647a26ae
-
SHA512
efa366170391a8d7f4118525a802ec99e8d2f6c2b04cbc5b9be5e296a659595c8089674f11ae6dcfe2291ac1e2745ed8c1c3225782542ee420d64bbb9b4e81ef
-
SSDEEP
1536:gHY0iClLsdSA5ppX0Dkyec2gdLeAyNS77s:cYrClLswbDkrc2ceAl7s
Score8/10-
Modifies Windows Firewall
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
Cina/Desktop (2)/IPRoyalPawns/vk_swiftshader.dll
-
Size
3.9MB
-
MD5
ed6d254c9a213d517a556539554c0892
-
SHA1
0ea2a4a13cdb162018ffb5b065bdda7cd52a0888
-
SHA256
3a04c879d6f3e69b56d044ef036c2eb5bbfc5e87b1ab26dde00e6704cddbb703
-
SHA512
b317168d9e566619977482959a07f379fd50d3c12b3ed46bef84f664340ce1a40a3232dee341aaafdc5fc60611bb3e3587c20ae8fe98bf82da53d794026adda0
-
SSDEEP
49152:EWzcL9x2ydlDTa7GmidqJfec1e6u9px5Uxb92ZpJyTlN9lp/5iY8E8oP7qG7rm74:UaK1GPm4gmZZrVSowgaB
Score3/10 -
-
-
Target
Cina/Desktop (2)/IPRoyalPawns/vulkan-1.dll
-
Size
616KB
-
MD5
186bd63107de3831e79b92f0c6a6aa00
-
SHA1
54fd970a152435cfaea7405d4d4e11ba596d219f
-
SHA256
83673ce1ec4b42a60bfa3ed07a658375f07e0934d95d6850c12f4cd91e1205a7
-
SHA512
32f653a3860d52ed72a025a5f3ba94eef741ea393ed734bc4f675e9a5ec36a5ea8f8bb3555bc0980c02943e2ef7a5f772db0522362bf59f0d1c31d124b134c2d
-
SSDEEP
12288:LqVxi0ZmVhGfA8gFlkPdcarfoxpQGyHua8pyE/XPV2Yo:UxJRrfQry4yE
Score3/10 -
-
-
Target
Cina/Desktop (2)/Installer.exe
-
Size
2.9MB
-
MD5
dcb050a81038862531cf2e23a095dbd0
-
SHA1
3340822daaacb341a036a062503db2691f652559
-
SHA256
3c49e41f4e9be499f026246d0f28a6ee6649ebb12d91ad7ef5a3932a21e5842c
-
SHA512
5a26a7ae54b08acd2024c16ea7e27a12f4bd5a047d6eef5bf944678faa4c2edc3ca9d6e251107793f908245123ab70d1c73296797cb0c1fb47a265fd4b591cea
-
SSDEEP
49152:/nnZxJD+PpDTQQnN31kGMdiBvUxDnXdNDLHN0mU2nSCHwYP+tpYEfpB0Ufa6Kab:PJMTQQnN31kPdvDXbumU2nSCHwYWtpYe
Score1/10 -
-
-
Target
Cina/Desktop (2)/KeyFreeze/KeyFreeze.exe
-
Size
761KB
-
MD5
d86311df3410d801f595dfa0956cf47a
-
SHA1
86441eb3e00f2f67984492f633941439e2fb8299
-
SHA256
d85eaae00a3360e1d8527a93e6d810fff749015998c21a7b7e9a4576bff17345
-
SHA512
2cefa0ecbec97bcdfdd8d5635675363492c97d6ce11f9a55a6f405e60fc9d962e78800d051679b30ca2addb85b6c16950553d54aebefb9f6d898c1966094d786
-
SSDEEP
12288:maWzgMg7v3qnCikErQohh0F4DCJ8lny0QiFDgKD5nIJ4FxhTZqrLmo:haHMv6CwrjDny0Qiht5w4HhkPmo
Score3/10 -
-
-
Target
Cina/Desktop (2)/KeyFreeze/KeyFreeze_x64.exe
-
Size
909KB
-
MD5
e15fba7ccf9b7a68ddb26338e313a1b9
-
SHA1
d4d3b5ebb77241510e3714adc742e0c34e4adb27
-
SHA256
fe43c86dd9fa0120f9d708900e3cc5a7f970c00d296191c6849e474b0f7c0292
-
SHA512
acdb455d135c2b59f66f323d66fdc4ba88acc978f78a2e6b64a2094e437de193756a6ab1d134e710816481b574d7d3f5787b7b2a5752399988a3b58011577ca8
-
SSDEEP
24576:Q2DW/xb/X2YIbLQsu3/PNLMQUHyMnhv4Fro0:Q2E7XSQsW/PNAQk7hAJ
Score3/10 -
-
-
Target
Cina/Desktop (2)/KeyFreeze/Lock2/Windows Lock 2.0.exe
-
Size
64KB
-
MD5
f89a1d23b012673dfe1f407893c6e310
-
SHA1
7f2041d2051528d474f6491a81c1ea2d5e81ddae
-
SHA256
9b4f5a80068d61ab1b81222ba00c641f2af89ebb332410325ccc2b1ca122109f
-
SHA512
aa748375ddd3d32221d491a0e1d7cfe8c63458cdbb00f18dc64bb860b864eb7862dfffc072e9f87f2b4b6a811226164d868123b821f2f2b2aea5add68844bc85
-
SSDEEP
768:RnSQNjSQNnSQNISQNSBPZcGTzb9OtCLY5tPMxg1YVudcPcyWrx17iQ7QmkvSQN:QQEQoQdQY73ElAwYc1zL7aqQ
Score1/10 -
-
-
Target
Cina/Desktop (2)/KeyFreeze/Lock2/Windows Lock 2.0.vshost.exe
-
Size
13KB
-
MD5
f2f77b99cad96e1b6ca06169f3553f40
-
SHA1
d8dc079a82b4942f36e8d11a0ff88b97c098a64a
-
SHA256
9149c19a31ff9ca73bf60893e2dfaa8fbefec42de2a288b1b32c15ff730955ca
-
SHA512
b12b8461d9ebc96e9e2cca5da66cf342e7eacfcbe00ab50180433ded7ca2426837ec2d280171eb8e95f092097ab5dc64b895973be2e31103b8f27e9062bdd915
-
SSDEEP
192:JgmxBqWeVmWeo6oEQKPnEt2yt8mJz+jaIhj74r:OM0WqmWjnELKt8Cy/jcr
Score1/10 -
-
-
Target
Cina/Desktop (2)/KeyFreeze/Lock2/d.dl
-
Size
703B
-
MD5
7a8dd45a3d1cf2299ef1b56812c0a128
-
SHA1
0558385de7d0bc3adc8cb13692e0513a625ee8c0
-
SHA256
f3085abe9314b33e7aa8b65a25aaa57d6f82f867bc96d5dca92ee1d0e5e4cf49
-
SHA512
54677e79af244d0c8847cbc400ada13f766bbbfa75e6fe7e9a10a6a9559910be3b25615df85ff6be1f398d77597c19f9762e09c2e1a9fce509e251624a8ca1c2
Score8/10-
Disables Task Manager via registry modification
-
-
-
Target
Cina/Desktop (2)/KeyFreeze/Lock2/disablesecurity.vbs
-
Size
703B
-
MD5
8c91628d6e0421be1cb3e7ca1a777aa7
-
SHA1
455f1031fcbdce4a927fe1e53f4ef7ad10e81ed0
-
SHA256
4f609b4f7d57307c93c8315e5a21b1ed9ae4a0abc25f4ce0580d11afdec6c073
-
SHA512
682cdecc59201ad1b4680c0aef79d68b2509ce98aa54db4037506b2608e73889e10118777e2773fae730cf0d7c106c5323deeaee90bcdf8ad6c040c6a922844f
Score1/10 -
-
-
Target
Cina/Desktop (2)/KeyFreeze/Lock2/e.dl
-
Size
703B
-
MD5
8c91628d6e0421be1cb3e7ca1a777aa7
-
SHA1
455f1031fcbdce4a927fe1e53f4ef7ad10e81ed0
-
SHA256
4f609b4f7d57307c93c8315e5a21b1ed9ae4a0abc25f4ce0580d11afdec6c073
-
SHA512
682cdecc59201ad1b4680c0aef79d68b2509ce98aa54db4037506b2608e73889e10118777e2773fae730cf0d7c106c5323deeaee90bcdf8ad6c040c6a922844f
Score1/10 -
-
-
Target
Cina/Desktop (2)/KeyFreeze/Lock2/extra security.vbs
-
Size
703B
-
MD5
7a8dd45a3d1cf2299ef1b56812c0a128
-
SHA1
0558385de7d0bc3adc8cb13692e0513a625ee8c0
-
SHA256
f3085abe9314b33e7aa8b65a25aaa57d6f82f867bc96d5dca92ee1d0e5e4cf49
-
SHA512
54677e79af244d0c8847cbc400ada13f766bbbfa75e6fe7e9a10a6a9559910be3b25615df85ff6be1f398d77597c19f9762e09c2e1a9fce509e251624a8ca1c2
Score8/10-
Disables Task Manager via registry modification
-
-
-
Target
Cina/Desktop (2)/Log L0ck3r.bat
-
Size
90B
-
MD5
d71e9e69307e4720545c2ca7464206b8
-
SHA1
a104e3508cfdcad045cf963505be9243ebdb5107
-
SHA256
bf2ec06dfe3b0710e08c160f062f6649cf5bb83dffeae6587e924c419fc9dca4
-
SHA512
fab20ba000100ba4b4624b1cd9c6fa539a324d5d5532e690d4fc0f1fc5ec5d89682ae3b46e0a56e1190084f039e300dd16bd7f1eb0db44a2e6391f8244ef1407
Score6/10-
Drops desktop.ini file(s)
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1