6722db26bb76c7b4f3ed4824f792005c8633dda2987f78440bf6be3bdea4807c

Sharing

Copy URL

Twitter E-mail

General

Target

SHADOWBYPASSVIP3.4.zip
Size

2.4MB
Sample

241103-bshvtatnhm
MD5

9c73ec965c98ae34983d4c718d0a968d
SHA1

7d034bf5422eca38fb9dc569b6d4dc24a53b4734
SHA256

6722db26bb76c7b4f3ed4824f792005c8633dda2987f78440bf6be3bdea4807c
SHA512

b5cd1d676df0d750e086cf0223b09277509845ff4a2117bcab46aac31e37cc073e123bce8fcbd3f4d99191d6b357e90bb3daa1c677533eb708e712fea592f4f4
SSDEEP

49152:kgTMh7SLmNS/FzLRfUO/7GGeLGtEXvKzQvLWl0o:kg87JcLraGkG0izQKqo

Score

10^/10

Malware Config

Targets

- Target
  
  SHADOW BP + HAX 3.4/BYPASS/Release/txn54kjdcy1#SHADOW VIP.exe
- Size
  
  230KB
- MD5
  
  2d2ca33078e6807ab0902ed64e34f98c
- SHA1
  
  36fd412c197dc0711638a135aacf5cb4cb2813dd
- SHA256
  
  0bd369a51028a3ae0b919cd30313ba30d28e5e0b3f93604a7769876b41c0c91e
- SHA512
  
  40a93950d5614b2a5fbd08061970fe0e885e9013d998b18a432dcc6dccba4ced514e4c4082a424d1c09da4867ec7852ef204421df642b9b89e012ee84e5c05d1
- SSDEEP
  
  1536:cxzcWu3TCyTpttkvbMPm7mJVldBuDjLRlVaQlm7wVcl:cVc53T9TptQbMgqVldMLRlVaQlm7qY
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  SHADOW BP + HAX 3.4/SETUP/Clean_Gameloop.bat
- Size
  
  7KB
- MD5
  
  08e7d6aa12dd9e5326c95d48a39fc78c
- SHA1
  
  4cea4dc3fb778210b40ce7dda1f6d40184417155
- SHA256
  
  8f10f13dc60a2389ba5777932e9ed8ba746fad54231054cc5c91344c95f4dee2
- SHA512
  
  9ef6b53ac16e8f4b743d848b5e99a9f10eb16072569f04799ea69f1d7f20ff634e78b360ada717483a2c458638e3ed78acede7ac6ad87dd7dfd7165d275e17cc
- SSDEEP
  
  96:CSZyzyd6fHlzcZRcZocZ3cZOcZEcZVcZ6cZTcZXcZ8cZlcZCcZocZLcZ+cZC:ZcWJ
Score

7^/10
- Deletes itself
behavioral3 behavioral4
- Target
  
  SHADOW BP + HAX 3.4/SETUP/Gameloop 32 Bit.exe
- Size
  
  3.6MB
- MD5
  
  ef61ca12b115d390a2971608cf462a83
- SHA1
  
  fbd0f3a9e64143952eb7d506949f4e0991269b4e
- SHA256
  
  712b2b146e4f0cb412008f703db52e6272299bb25597673075aece1ec4167e4d
- SHA512
  
  da4004dc34a608068d36c5a9b56ea44cbf79936a1fbcaed98e77079e25d9cd7ad3bb0ff983a285ab6386506df1ca58110021c306f8eeb9df107f3f702224ef0e
- SSDEEP
  
  49152:l08OhxtUg9OUi82w6aQp9dgS1GUL38XhCOYc3iJXe9emEPGKOPkQThMYRMnm7LB9:l08vdsGaQNgS1C6e6ngKpqh
Score

7^/10

bootkit discovery persistence
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral5 behavioral6
- Target
  
  SHADOW BP + HAX 3.4/SETUP/Kill_Gameloop.bat
- Size
  
  507B
- MD5
  
  9b1141afa4c3fa4711363995f50293f9
- SHA1
  
  a42e270c2c3d42626607ede069ddbc88a62efee0
- SHA256
  
  3fc915854738ccfa1e5340a353fb11627c9a02fe956dcf29807b8e7b2dc4550c
- SHA512
  
  d57915a1df776ea0d3b1a6d4e285387d396f0c232f810a8b8be9c51737a0c90a2dac7b22224327fc60470b5d435f060f3bceacff75b1aadbf07167bdd130b198
Score

1^/10
behavioral7 behavioral8
- Target
  
  Windows Defender Control/dControl.exe
- Size
  
  447KB
- MD5
  
  58008524a6473bdf86c1040a9a9e39c3
- SHA1
  
  cb704d2e8df80fd3500a5b817966dc262d80ddb8
- SHA256
  
  1ef6c1a4dfdc39b63bfe650ca81ab89510de6c0d3d7c608ac5be80033e559326
- SHA512
  
  8cf492584303523bf6cdfeb6b1b779ee44471c91e759ce32fd4849547b6245d4ed86af5b38d1c6979729a77f312ba91c48207a332ae1589a6e25de67ffb96c31
- SSDEEP
  
  6144:Vzv+kSn74iCmfianQGDM3OXTWRDy9GYQDUmJFXIXHrsUBnBTF8JJCYrYNsQJzfgu:Vzcn7EanlQiWtYhmJFSwUBLcQZfgiD
Score

10^/10

discovery upx evasion trojan
- Modifies security service
  evasion
- Windows security modification
  evasion trojan
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral10 behavioral9