Overview
overview
10Static
static
10Drk's Byfr...er.dll
windows7-x64
1Drk's Byfr...er.dll
windows10-2004-x64
1Drk's Byfr...ra.dll
windows7-x64
1Drk's Byfr...ra.dll
windows10-2004-x64
1Drk's Byfr...lz.dll
windows7-x64
1Drk's Byfr...lz.dll
windows10-2004-x64
1Drk's Byfr...er.exe
windows7-x64
3Drk's Byfr...er.exe
windows10-2004-x64
6Drk's Byfr...In.dll
windows7-x64
1Drk's Byfr...In.dll
windows10-2004-x64
1Drk's Byfr...er.exe
windows7-x64
7Drk's Byfr...er.exe
windows10-2004-x64
7Drk's Byfr...rs.dll
windows7-x64
1Drk's Byfr...rs.dll
windows10-2004-x64
1Drk's Byfr...ns.dll
windows7-x64
1Drk's Byfr...ns.dll
windows10-2004-x64
1Drk's Byfr...re.dll
windows7-x64
1Drk's Byfr...re.dll
windows10-2004-x64
1Drk's Byfr...ms.dll
windows7-x64
1Drk's Byfr...ms.dll
windows10-2004-x64
1Drk's Byfr...pf.dll
windows7-x64
1Drk's Byfr...pf.dll
windows10-2004-x64
1Drk's Byfr...rs.dll
windows7-x64
1Drk's Byfr...rs.dll
windows10-2004-x64
1Drk's Byfr...ce.dll
windows7-x64
1Drk's Byfr...ce.dll
windows10-2004-x64
1Drk's Byfr...x.html
windows7-x64
3Drk's Byfr...x.html
windows10-2004-x64
3Drk's Byfr...ain.js
windows7-x64
3Drk's Byfr...ain.js
windows10-2004-x64
3Drk's Byfr...tes.js
windows7-x64
3Drk's Byfr...tes.js
windows10-2004-x64
3General
-
Target
Drks ByfronFucker.zip
-
Size
26.1MB
-
Sample
241011-q4h3aavgje
-
MD5
7b35e923866445086297780b906d60bd
-
SHA1
9fccf138944aad5c0a297602b6f52acf0e8a4b0e
-
SHA256
88b73e930b82693cc6f242084c06d978cb343144f32bd997a9e4021917b4c182
-
SHA512
747db5d665844a73995791c98ebc44b685096b724d571c1682b6167b14b5343b75d2c473c3b5fde1d8aaad0cdaec3e99ba4842da6921416115126304c53f245c
-
SSDEEP
393216:rHR+tOgJd6Z3OSjeKUI9FYUnhszuuxs4vZ7fYm9u1bh0qELwB7bp2ilzLeMuz:rHAtOgfS6KNwUnhstvZ7ft+bh0/MmUBC
Behavioral task
behavioral1
Sample
Drk's ByfronFucker/BetterFolderBrowser.dll
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Drk's ByfronFucker/BetterFolderBrowser.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Drk's ByfronFucker/Costura.dll
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Drk's ByfronFucker/Costura.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Drk's ByfronFucker/Dragablz.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Drk's ByfronFucker/Dragablz.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Drk's ByfronFucker/Drk's ByfronFucker.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Drk's ByfronFucker/Drk's ByfronFucker.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Drk's ByfronFucker/Drk's ByfronFuckerIn.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Drk's ByfronFucker/Drk's ByfronFuckerIn.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Drk's ByfronFucker/Drk's Exec Fixer.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Drk's ByfronFucker/Drk's Exec Fixer.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Drk's ByfronFucker/MaterialDesignColors.dll
Resource
win7-20240729-en
Behavioral task
behavioral14
Sample
Drk's ByfronFucker/MaterialDesignColors.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
Drk's ByfronFucker/MaterialDesignExtensions.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
Drk's ByfronFucker/MaterialDesignExtensions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
Drk's ByfronFucker/Microsoft.Web.WebView2.Core.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
Drk's ByfronFucker/Microsoft.Web.WebView2.Core.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
Drk's ByfronFucker/Microsoft.Web.WebView2.WinForms.dll
Resource
win7-20241010-en
Behavioral task
behavioral20
Sample
Drk's ByfronFucker/Microsoft.Web.WebView2.WinForms.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
Drk's ByfronFucker/Microsoft.Web.WebView2.Wpf.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
Drk's ByfronFucker/Microsoft.Web.WebView2.Wpf.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
Drk's ByfronFucker/Microsoft.Xaml.Behaviors.dll
Resource
win7-20240708-en
Behavioral task
behavioral24
Sample
Drk's ByfronFucker/Microsoft.Xaml.Behaviors.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
Drk's ByfronFucker/System.Diagnostics.DiagnosticSource.dll
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
Drk's ByfronFucker/System.Diagnostics.DiagnosticSource.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
Drk's ByfronFucker/bin/Monaco/index.html
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
Drk's ByfronFucker/bin/Monaco/index.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
Drk's ByfronFucker/bin/Monaco/vs/base/worker/workerMain.js
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
Drk's ByfronFucker/bin/Monaco/vs/base/worker/workerMain.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
Drk's ByfronFucker/bin/Monaco/vs/basic-languages/lua/autocompletes.js
Resource
win7-20241010-en
Behavioral task
behavioral32
Sample
Drk's ByfronFucker/bin/Monaco/vs/basic-languages/lua/autocompletes.js
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Drk's ByfronFucker/BetterFolderBrowser.dll
-
Size
12KB
-
MD5
fff67e7d52b58a11d456a1d5cd2ba294
-
SHA1
6dea84a0a060c39c93b1e3f404270c039d3dbfdd
-
SHA256
5334c9c4eb567a89e4644df868d7fb6e242a3ea422b2ce9283843970ec756372
-
SHA512
fc8cc5fbc624559e03e70c48bd4e6e4595b1784fdf2c258b33ddb3410bdd93dcf26f3b5db4e4d0d8f133e8df93fe95ab93a703efa92a0a4133f57f48ebd6ea74
-
SSDEEP
192:2ZPVABalnP/VYkWdcHIp3RgzK/RGLHdnKuWGIBC0p++kVX805N9:2ABk1W4Ip3ez4RoF2+bR805N9
Score1/10 -
-
-
Target
Drk's ByfronFucker/Costura.dll
-
Size
4KB
-
MD5
501981c7fc457d59238eb99780efb615
-
SHA1
f1f25c01f6acf33bdd62c4f82d3ef078e76f0906
-
SHA256
41bb464ac7c0d192641077e44a59d7d89860c3c620a59961f2fc4a4be47deae3
-
SHA512
5921d0662add6c8aa075106878cc56335ccbf059d8bc7f359fe9e02a52ec657c3e5df1c718929564c09f205e4bd299b086f3e7424141f5e55ed0d756f65ee1e8
-
SSDEEP
48:6F+lni2qJfjVRPGwzCo4MhTN0KDdilETrVsH4/QWk1qyFVT2IbG:7g7KedGEiYIWM2
Score1/10 -
-
-
Target
Drk's ByfronFucker/Dragablz.dll
-
Size
233KB
-
MD5
5a9583a7bed76b2e94091f9b74716f68
-
SHA1
60552dc4ed629b32a7c0e7b31406a21829bdc38e
-
SHA256
6c5724efe19f5945143626a8270c9c3a188d4886eeaca083c57c742a985c7338
-
SHA512
8ab70fd60a27a80e43a270a401e8772833ad0a11ade1ea13483b37b1a02dbb70679bbe200fceca632ee1ba8df66a95a51a2fe65671eb3ae596682d3e1ee1c0d5
-
SSDEEP
6144:fTuK/5J3BPYcKHJv8ahfgfkMMafGfCfDf2fE:fKKhP+Dhfgf7fGfCfDf2f
Score1/10 -
-
-
Target
Drk's ByfronFucker/Drk's ByfronFucker.exe
-
Size
5.2MB
-
MD5
1f029d50ec7a7f175b2fd5d08f35ae05
-
SHA1
509317a9a5ee58700def53a99bac2c3c0bb0264a
-
SHA256
b0ee0ae8251dd20eef46b14cf902fa74331753cb3efa8b0be5850a4345bcd5cb
-
SHA512
8cb0460feb65e97454a88cab277efd000720db2c51a333f24bed074876079071472772270589c04878cc393b6183fa9fb3cd302408fd0601211cbbddc64b279e
-
SSDEEP
98304:qI2SKrP1dw9dCtwsQKVIo5QRNVG3Z+/8k4yqaRXn0nUYDAro+c:qI2LGnCtwsBICqNVGE/14RaF0nBA0+c
Score6/10-
Adds Run key to start application
-
-
-
Target
Drk's ByfronFucker/Drk's ByfronFuckerIn.bin
-
Size
44KB
-
MD5
6e3f0111d318b2b8617dc52f6c94e6c5
-
SHA1
93d85fda40fae6db2a7951705e82d17e853f539d
-
SHA256
cf30daca8f3ccaf5e23d3b191417006d8b464939fe0e2d10972e1de7ea95f1b6
-
SHA512
6b894fbfd152d323a03e03ccb995ed933e73cf810239a03b9bd43f290936b144c706dfe793b21bcc46d49086041bd71f1814a9aa308d0d9930c58a5903b93a09
-
SSDEEP
384:SiBAxILGlECtQpfXt3AbXdEkYB1uRvFdBB4lAmA2QdwKFASF:S9GpWrdEkyuzHGA2vS
Score1/10 -
-
-
Target
Drk's ByfronFucker/Drk's Exec Fixer.exe
-
Size
19.7MB
-
MD5
13438bbb217df2027c360f968c81946e
-
SHA1
48fa6d05428d4381c938198ba93c411eae23d04f
-
SHA256
bce5821b1872c63ba22dbb67c0ccc17d7efbb74369cdd9d8693ac11cdfbd8a80
-
SHA512
4ef8cd381048d55b1e0c3dbe591f3018e809054cf401749d4f3b90fa10453b7211fe17e9216bc9edcd732bdd32852f815fc2c4d6b6740e0672e05e5f5c34719f
-
SSDEEP
393216:MQzEkZQtslPpUTLfhJKQETSrvJQ7Wr07zGxd0m2o:MOhQtsTUTLJQQEWrhQShch
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
-
-
Target
Drk's ByfronFucker/MaterialDesignColors.dll
-
Size
295KB
-
MD5
d2207fccbdd6caa91c43776559ce401f
-
SHA1
4f78f282a238b21ad1f995f154d624865d08a38a
-
SHA256
1966082c8efa5ecddac7fd8b3e3b86a63599602d18bdff17e7c366d49603aaf0
-
SHA512
d4984e3a6d82e7ebe11c2f7ea07092e60ef1396849921c6c0a463dd9b38836c5f6799e79f932bddc62b89d7a9896b5e5ba931c3c8cbfedff51076a41796a8c0e
-
SSDEEP
1536:1r1In+fq1fDfDemxD0EsXpGX0EOAyzU7fKoVxbzQXT:B1WB1PerAjOAL7fKoVxb2T
Score1/10 -
-
-
Target
Drk's ByfronFucker/MaterialDesignExtensions.dll
-
Size
349KB
-
MD5
6da7ae89f1eac96f143dc5200031d8b8
-
SHA1
d9dc3936bc9a288a727cb2295c3d05899adcc9c8
-
SHA256
c5b93560fa74b9a05959aae5116da59495d36782d2e17e45f0efcc06ad36ed6a
-
SHA512
3929f7092a5acb5ae3333e7e0a9ac2a403b78c8c8ad35a17ece25e6688a61a0f7e4b701691b02ad2941c6e15d2262c6f8ae76413af93dc92aa422e1738147e94
-
SSDEEP
6144:OM2EyV6zxDNFOzaFkpXeRk7ecDfE0MHOZB0zSvo1UvEGK262:nGVcxHOzxpuRk7emfE0MHOZB0zSvo1UJ
Score1/10 -
-
-
Target
Drk's ByfronFucker/Microsoft.Web.WebView2.Core.dll
-
Size
445KB
-
MD5
c4b4a5f4f28d47239eb4e37cb3cc8046
-
SHA1
ed86941cf065f91758d536d8e13cc2542cc38922
-
SHA256
c2441011ec290b3408391f32072379f677ab3fa4507c4304167cd82fad6593c1
-
SHA512
440ee33d5a830d9c59d96367f2a43d4a4113f6fe0924a691e682a2e9251a8615e52177dcb9af225dba538a8a3893ac85be79e9c1aa687034e3da6c95191dc645
-
SSDEEP
12288:EB7Md7DkbrB3kPo+iKvRFNLe1+imQ9pRFZNIEJdIElxPrEIvLcglxMwCepM1STUH:EeFP7
Score1/10 -
-
-
Target
Drk's ByfronFucker/Microsoft.Web.WebView2.WinForms.dll
-
Size
37KB
-
MD5
e6f424ee6036ee7d58283780b705be8c
-
SHA1
c17fc397711fb2e0c400007620c76e70c956dd9c
-
SHA256
c9eeff2dd13109f41447a92763d31aaa07369c58a570c18bbb851824a77da98a
-
SHA512
1d255265115a4a2238a21e3ade35101babcbf9d5de58521365666b9564681119c4b7f20ed6a6c16fb6120ab19106fa40f25421da938b7fee7b8a5e7758f2c22f
-
SSDEEP
768:ejIHFTA42CL9tcZDgcEST3p4Jjrjh2jJFSgyauYv1JKia5/Zi/WGQKVu6bL7RSOX:AIS3C5tcZDgcEST3p4JjrjaJFSgyau0H
Score1/10 -
-
-
Target
Drk's ByfronFucker/Microsoft.Web.WebView2.Wpf.dll
-
Size
43KB
-
MD5
0241e0a42b292e0c9b585470c613ec78
-
SHA1
74e4ab7e37bff177a394617923baddfcf087c0e1
-
SHA256
15bcd610a80632ef59d911a8447b11127cdeafbf147c844f1b740735efdf338a
-
SHA512
bd083301c6f93a1852c76686797919787f439c65ea11d430701257fa4d3791a4eff892b6ceea1c534d832bfbc0b0ecca3f671e3a9c50f34089f919e3756882f0
-
SSDEEP
768:k2TI5VoCjJ4Jd7U2zkQ+Z8cDP/ryEH0yBy4JjrD1h2jVh3URGvkz7FKKa5/Bi/xm:VE5tjJ4Y2zf+Z8cDP/ryEH0yBy4JjrDC
Score1/10 -
-
-
Target
Drk's ByfronFucker/Microsoft.Xaml.Behaviors.dll
-
Size
141KB
-
MD5
ec5a1abee150abe698689211b07cd1ec
-
SHA1
affc3cb47da8fe76986d271cdc3e7ea345cc04e5
-
SHA256
b864da9d88414877cea9b1a016146265a5fb9d0e12f4dbb1dccc0cc998119a54
-
SHA512
a2b55b4ffc3f11546ed8d3457e98b986c089e25229bd687da35d45d63e4860722e8b13826d3a3daa1be843cf3a4ae3da4cf9b6fdcb5d1a4948648537e683789f
-
SSDEEP
3072:UAyazS96IT0O6gAf+LwCMe1u051dXcr9/soMEs5r/j9:tyhYIT0O65cwCMyE
Score1/10 -
-
-
Target
Drk's ByfronFucker/System.Diagnostics.DiagnosticSource.dll
-
Size
34KB
-
MD5
8d9df432109f1cfdd86723b5f171e3d7
-
SHA1
85dc92edd4b0049ed9049e075c4def8a3d64e43b
-
SHA256
d22133818a30313e0becf010d78a556a56b34ea361dbd33588c9817631fed540
-
SHA512
5c83303934eecfa61c43a071d29c98e5804d37a5dc7f7b035772d6a168b0c5e65dfabef20b46214e65493c4bda44831cafee83615498fbe9e718c884f4650edf
-
SSDEEP
384:iQobG82oiaPaf/gn5LQ0+0zdQUv2CtyW8fiFISWbW9pWJbWivT1Nq0GftpBjAvnC:nA299fI5dxzL2CC11vimvnEBBNFT
Score1/10 -
-
-
Target
Drk's ByfronFucker/bin/Monaco/index.html
-
Size
13KB
-
MD5
8132342ce4b039603cbb3b1a32ab859b
-
SHA1
66c46050a6e5b08758c00455ae26a6c66e94ce4c
-
SHA256
3818906ed429acd27aabad7ec8771893d60658ea31b8d0c92418b96de8ee94e6
-
SHA512
44d93118187e703af1fc1627de7e97c39072e666c9086b1b4c00a7eadce1913c84dc97e8f80e2b514154ef66b23baddbfd71a2faa250735ddf4d2bc12709cef4
-
SSDEEP
192:oL3bXRggAbYm/9mv2Oxr09VpDwFgBsK7u24FzTkcmc/VT+9taAc4dReigXN:2RggAbYmbD9V9wFgBs+SFN
Score3/10 -
-
-
Target
Drk's ByfronFucker/bin/Monaco/vs/base/worker/workerMain.js
-
Size
174KB
-
MD5
9ce9e46b6d66d8b2dbcabba577cad2ed
-
SHA1
397b0e9e7b2bee37a8444e84bb9788a0bdcb023e
-
SHA256
19b566655d73370a820a7d6fffe7af03dba3af4997016c0983be5bd188603ec2
-
SHA512
f322ea669fa81397066edef062721ae3dd515b3d61c4ad7bef0db0eb3a53f056da298fd4f761bd3e5d613e6f5803a7c35ed056085ac3b97e06c7bfd47fffad49
-
SSDEEP
1536:mi5eQeCEwCP1m9JXKmA1xKzyOQJf9X2K7eM9bWXsUK5QSkSoIMQwr+ZjtQYyeTMO:mHTdkKmA1yyOQJl2K7ns6dZ/RVaNzY
Score3/10 -
-
-
Target
Drk's ByfronFucker/bin/Monaco/vs/basic-languages/lua/autocompletes.js
-
Size
2KB
-
MD5
eb6fde8de905af68c855a2506c8a8204
-
SHA1
32b172578f398151be79f78bdeb15eeff4a83020
-
SHA256
1fbe4337327ef99c9caba74678cfff28652606fd667dbca34f12e809738010d9
-
SHA512
6e95ecdfbabf20c2e717006ea00fa92d79e577cf262460cef7f3db7bb4fa87585bed99b6a1bd1d865c5e5184044b0244aa0823580c9444b1f2ff013057f54235
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3Discovery
Browser Information Discovery
1Process Discovery
1Query Registry
1Remote System Discovery
1System Information Discovery
1System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1