General

  • Target

    Drks ByfronFucker.zip

  • Size

    26.1MB

  • Sample

    241011-q4h3aavgje

  • MD5

    7b35e923866445086297780b906d60bd

  • SHA1

    9fccf138944aad5c0a297602b6f52acf0e8a4b0e

  • SHA256

    88b73e930b82693cc6f242084c06d978cb343144f32bd997a9e4021917b4c182

  • SHA512

    747db5d665844a73995791c98ebc44b685096b724d571c1682b6167b14b5343b75d2c473c3b5fde1d8aaad0cdaec3e99ba4842da6921416115126304c53f245c

  • SSDEEP

    393216:rHR+tOgJd6Z3OSjeKUI9FYUnhszuuxs4vZ7fYm9u1bh0qELwB7bp2ilzLeMuz:rHAtOgfS6KNwUnhstvZ7ft+bh0/MmUBC

Malware Config

Targets

    • Target

      Drk's ByfronFucker/BetterFolderBrowser.dll

    • Size

      12KB

    • MD5

      fff67e7d52b58a11d456a1d5cd2ba294

    • SHA1

      6dea84a0a060c39c93b1e3f404270c039d3dbfdd

    • SHA256

      5334c9c4eb567a89e4644df868d7fb6e242a3ea422b2ce9283843970ec756372

    • SHA512

      fc8cc5fbc624559e03e70c48bd4e6e4595b1784fdf2c258b33ddb3410bdd93dcf26f3b5db4e4d0d8f133e8df93fe95ab93a703efa92a0a4133f57f48ebd6ea74

    • SSDEEP

      192:2ZPVABalnP/VYkWdcHIp3RgzK/RGLHdnKuWGIBC0p++kVX805N9:2ABk1W4Ip3ez4RoF2+bR805N9

    Score
    1/10
    • Target

      Drk's ByfronFucker/Costura.dll

    • Size

      4KB

    • MD5

      501981c7fc457d59238eb99780efb615

    • SHA1

      f1f25c01f6acf33bdd62c4f82d3ef078e76f0906

    • SHA256

      41bb464ac7c0d192641077e44a59d7d89860c3c620a59961f2fc4a4be47deae3

    • SHA512

      5921d0662add6c8aa075106878cc56335ccbf059d8bc7f359fe9e02a52ec657c3e5df1c718929564c09f205e4bd299b086f3e7424141f5e55ed0d756f65ee1e8

    • SSDEEP

      48:6F+lni2qJfjVRPGwzCo4MhTN0KDdilETrVsH4/QWk1qyFVT2IbG:7g7KedGEiYIWM2

    Score
    1/10
    • Target

      Drk's ByfronFucker/Dragablz.dll

    • Size

      233KB

    • MD5

      5a9583a7bed76b2e94091f9b74716f68

    • SHA1

      60552dc4ed629b32a7c0e7b31406a21829bdc38e

    • SHA256

      6c5724efe19f5945143626a8270c9c3a188d4886eeaca083c57c742a985c7338

    • SHA512

      8ab70fd60a27a80e43a270a401e8772833ad0a11ade1ea13483b37b1a02dbb70679bbe200fceca632ee1ba8df66a95a51a2fe65671eb3ae596682d3e1ee1c0d5

    • SSDEEP

      6144:fTuK/5J3BPYcKHJv8ahfgfkMMafGfCfDf2fE:fKKhP+Dhfgf7fGfCfDf2f

    Score
    1/10
    • Target

      Drk's ByfronFucker/Drk's ByfronFucker.exe

    • Size

      5.2MB

    • MD5

      1f029d50ec7a7f175b2fd5d08f35ae05

    • SHA1

      509317a9a5ee58700def53a99bac2c3c0bb0264a

    • SHA256

      b0ee0ae8251dd20eef46b14cf902fa74331753cb3efa8b0be5850a4345bcd5cb

    • SHA512

      8cb0460feb65e97454a88cab277efd000720db2c51a333f24bed074876079071472772270589c04878cc393b6183fa9fb3cd302408fd0601211cbbddc64b279e

    • SSDEEP

      98304:qI2SKrP1dw9dCtwsQKVIo5QRNVG3Z+/8k4yqaRXn0nUYDAro+c:qI2LGnCtwsBICqNVGE/14RaF0nBA0+c

    • Target

      Drk's ByfronFucker/Drk's ByfronFuckerIn.bin

    • Size

      44KB

    • MD5

      6e3f0111d318b2b8617dc52f6c94e6c5

    • SHA1

      93d85fda40fae6db2a7951705e82d17e853f539d

    • SHA256

      cf30daca8f3ccaf5e23d3b191417006d8b464939fe0e2d10972e1de7ea95f1b6

    • SHA512

      6b894fbfd152d323a03e03ccb995ed933e73cf810239a03b9bd43f290936b144c706dfe793b21bcc46d49086041bd71f1814a9aa308d0d9930c58a5903b93a09

    • SSDEEP

      384:SiBAxILGlECtQpfXt3AbXdEkYB1uRvFdBB4lAmA2QdwKFASF:S9GpWrdEkyuzHGA2vS

    Score
    1/10
    • Target

      Drk's ByfronFucker/Drk's Exec Fixer.exe

    • Size

      19.7MB

    • MD5

      13438bbb217df2027c360f968c81946e

    • SHA1

      48fa6d05428d4381c938198ba93c411eae23d04f

    • SHA256

      bce5821b1872c63ba22dbb67c0ccc17d7efbb74369cdd9d8693ac11cdfbd8a80

    • SHA512

      4ef8cd381048d55b1e0c3dbe591f3018e809054cf401749d4f3b90fa10453b7211fe17e9216bc9edcd732bdd32852f815fc2c4d6b6740e0672e05e5f5c34719f

    • SSDEEP

      393216:MQzEkZQtslPpUTLfhJKQETSrvJQ7Wr07zGxd0m2o:MOhQtsTUTLJQQEWrhQShch

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • Target

      Drk's ByfronFucker/MaterialDesignColors.dll

    • Size

      295KB

    • MD5

      d2207fccbdd6caa91c43776559ce401f

    • SHA1

      4f78f282a238b21ad1f995f154d624865d08a38a

    • SHA256

      1966082c8efa5ecddac7fd8b3e3b86a63599602d18bdff17e7c366d49603aaf0

    • SHA512

      d4984e3a6d82e7ebe11c2f7ea07092e60ef1396849921c6c0a463dd9b38836c5f6799e79f932bddc62b89d7a9896b5e5ba931c3c8cbfedff51076a41796a8c0e

    • SSDEEP

      1536:1r1In+fq1fDfDemxD0EsXpGX0EOAyzU7fKoVxbzQXT:B1WB1PerAjOAL7fKoVxb2T

    Score
    1/10
    • Target

      Drk's ByfronFucker/MaterialDesignExtensions.dll

    • Size

      349KB

    • MD5

      6da7ae89f1eac96f143dc5200031d8b8

    • SHA1

      d9dc3936bc9a288a727cb2295c3d05899adcc9c8

    • SHA256

      c5b93560fa74b9a05959aae5116da59495d36782d2e17e45f0efcc06ad36ed6a

    • SHA512

      3929f7092a5acb5ae3333e7e0a9ac2a403b78c8c8ad35a17ece25e6688a61a0f7e4b701691b02ad2941c6e15d2262c6f8ae76413af93dc92aa422e1738147e94

    • SSDEEP

      6144:OM2EyV6zxDNFOzaFkpXeRk7ecDfE0MHOZB0zSvo1UvEGK262:nGVcxHOzxpuRk7emfE0MHOZB0zSvo1UJ

    Score
    1/10
    • Target

      Drk's ByfronFucker/Microsoft.Web.WebView2.Core.dll

    • Size

      445KB

    • MD5

      c4b4a5f4f28d47239eb4e37cb3cc8046

    • SHA1

      ed86941cf065f91758d536d8e13cc2542cc38922

    • SHA256

      c2441011ec290b3408391f32072379f677ab3fa4507c4304167cd82fad6593c1

    • SHA512

      440ee33d5a830d9c59d96367f2a43d4a4113f6fe0924a691e682a2e9251a8615e52177dcb9af225dba538a8a3893ac85be79e9c1aa687034e3da6c95191dc645

    • SSDEEP

      12288:EB7Md7DkbrB3kPo+iKvRFNLe1+imQ9pRFZNIEJdIElxPrEIvLcglxMwCepM1STUH:EeFP7

    Score
    1/10
    • Target

      Drk's ByfronFucker/Microsoft.Web.WebView2.WinForms.dll

    • Size

      37KB

    • MD5

      e6f424ee6036ee7d58283780b705be8c

    • SHA1

      c17fc397711fb2e0c400007620c76e70c956dd9c

    • SHA256

      c9eeff2dd13109f41447a92763d31aaa07369c58a570c18bbb851824a77da98a

    • SHA512

      1d255265115a4a2238a21e3ade35101babcbf9d5de58521365666b9564681119c4b7f20ed6a6c16fb6120ab19106fa40f25421da938b7fee7b8a5e7758f2c22f

    • SSDEEP

      768:ejIHFTA42CL9tcZDgcEST3p4Jjrjh2jJFSgyauYv1JKia5/Zi/WGQKVu6bL7RSOX:AIS3C5tcZDgcEST3p4JjrjaJFSgyau0H

    Score
    1/10
    • Target

      Drk's ByfronFucker/Microsoft.Web.WebView2.Wpf.dll

    • Size

      43KB

    • MD5

      0241e0a42b292e0c9b585470c613ec78

    • SHA1

      74e4ab7e37bff177a394617923baddfcf087c0e1

    • SHA256

      15bcd610a80632ef59d911a8447b11127cdeafbf147c844f1b740735efdf338a

    • SHA512

      bd083301c6f93a1852c76686797919787f439c65ea11d430701257fa4d3791a4eff892b6ceea1c534d832bfbc0b0ecca3f671e3a9c50f34089f919e3756882f0

    • SSDEEP

      768:k2TI5VoCjJ4Jd7U2zkQ+Z8cDP/ryEH0yBy4JjrD1h2jVh3URGvkz7FKKa5/Bi/xm:VE5tjJ4Y2zf+Z8cDP/ryEH0yBy4JjrDC

    Score
    1/10
    • Target

      Drk's ByfronFucker/Microsoft.Xaml.Behaviors.dll

    • Size

      141KB

    • MD5

      ec5a1abee150abe698689211b07cd1ec

    • SHA1

      affc3cb47da8fe76986d271cdc3e7ea345cc04e5

    • SHA256

      b864da9d88414877cea9b1a016146265a5fb9d0e12f4dbb1dccc0cc998119a54

    • SHA512

      a2b55b4ffc3f11546ed8d3457e98b986c089e25229bd687da35d45d63e4860722e8b13826d3a3daa1be843cf3a4ae3da4cf9b6fdcb5d1a4948648537e683789f

    • SSDEEP

      3072:UAyazS96IT0O6gAf+LwCMe1u051dXcr9/soMEs5r/j9:tyhYIT0O65cwCMyE

    Score
    1/10
    • Target

      Drk's ByfronFucker/System.Diagnostics.DiagnosticSource.dll

    • Size

      34KB

    • MD5

      8d9df432109f1cfdd86723b5f171e3d7

    • SHA1

      85dc92edd4b0049ed9049e075c4def8a3d64e43b

    • SHA256

      d22133818a30313e0becf010d78a556a56b34ea361dbd33588c9817631fed540

    • SHA512

      5c83303934eecfa61c43a071d29c98e5804d37a5dc7f7b035772d6a168b0c5e65dfabef20b46214e65493c4bda44831cafee83615498fbe9e718c884f4650edf

    • SSDEEP

      384:iQobG82oiaPaf/gn5LQ0+0zdQUv2CtyW8fiFISWbW9pWJbWivT1Nq0GftpBjAvnC:nA299fI5dxzL2CC11vimvnEBBNFT

    Score
    1/10
    • Target

      Drk's ByfronFucker/bin/Monaco/index.html

    • Size

      13KB

    • MD5

      8132342ce4b039603cbb3b1a32ab859b

    • SHA1

      66c46050a6e5b08758c00455ae26a6c66e94ce4c

    • SHA256

      3818906ed429acd27aabad7ec8771893d60658ea31b8d0c92418b96de8ee94e6

    • SHA512

      44d93118187e703af1fc1627de7e97c39072e666c9086b1b4c00a7eadce1913c84dc97e8f80e2b514154ef66b23baddbfd71a2faa250735ddf4d2bc12709cef4

    • SSDEEP

      192:oL3bXRggAbYm/9mv2Oxr09VpDwFgBsK7u24FzTkcmc/VT+9taAc4dReigXN:2RggAbYmbD9V9wFgBs+SFN

    Score
    3/10
    • Target

      Drk's ByfronFucker/bin/Monaco/vs/base/worker/workerMain.js

    • Size

      174KB

    • MD5

      9ce9e46b6d66d8b2dbcabba577cad2ed

    • SHA1

      397b0e9e7b2bee37a8444e84bb9788a0bdcb023e

    • SHA256

      19b566655d73370a820a7d6fffe7af03dba3af4997016c0983be5bd188603ec2

    • SHA512

      f322ea669fa81397066edef062721ae3dd515b3d61c4ad7bef0db0eb3a53f056da298fd4f761bd3e5d613e6f5803a7c35ed056085ac3b97e06c7bfd47fffad49

    • SSDEEP

      1536:mi5eQeCEwCP1m9JXKmA1xKzyOQJf9X2K7eM9bWXsUK5QSkSoIMQwr+ZjtQYyeTMO:mHTdkKmA1yyOQJl2K7ns6dZ/RVaNzY

    Score
    3/10
    • Target

      Drk's ByfronFucker/bin/Monaco/vs/basic-languages/lua/autocompletes.js

    • Size

      2KB

    • MD5

      eb6fde8de905af68c855a2506c8a8204

    • SHA1

      32b172578f398151be79f78bdeb15eeff4a83020

    • SHA256

      1fbe4337327ef99c9caba74678cfff28652606fd667dbca34f12e809738010d9

    • SHA512

      6e95ecdfbabf20c2e717006ea00fa92d79e577cf262460cef7f3db7bb4fa87585bed99b6a1bd1d865c5e5184044b0244aa0823580c9444b1f2ff013057f54235

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

pyinstallercrealstealer
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

discovery
Score
3/10

behavioral8

discoverypersistence
Score
6/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
7/10

behavioral12

credential_accessdiscoveryspywarestealer
Score
7/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10