General
-
Target
edkdpu.zip
-
Size
77.7MB
-
Sample
241108-sblntavank
-
MD5
4b83e98030b4931166fb6be77773bce8
-
SHA1
11d6e04430abe5e4143845fcf0ad0f86b87fc74d
-
SHA256
f45bcf726922fe01b71eb17cdaea8fcea57bdeefced3054e118732a41805f15f
-
SHA512
37e2b382e3f906d8b9a7fbeee6511a20e6186770f8454c48f9f374f9b7eddd1467634d59a39605fe79c3f3e854068f31c0ceee79bac22ffb18011344519f7166
-
SSDEEP
1572864:e/RuquMtjMd/wG3F+Z+NQ2RdnBW0vW67scv2TmCYh+vzFtnDdX5vFoQkBBr:eE3d/H3FTpnnBpvW67smNDh+LdXT+nr
Malware Config
Targets
-
-
Target
tox tweaking/Emu/KeyAuthEmulator.dll
-
Size
22KB
-
MD5
d653595679fe9ce7790dd473d2077d1a
-
SHA1
d5080e0679ddb5a4d7b91fbe2169a9c29f7dc8e6
-
SHA256
8997bb8b9ffb50c9387f906e42a64f52ac0b686e26153257b5bf0c1aad30fd79
-
SHA512
aa2a7a8bf3d27ad9932504813015f260a264bd502fbaf5956fe1a52255146294cddab86775be54147610b1f5ba1a6ed4ca40ff8d69ac92673174bd061f757ee5
-
SSDEEP
384:gwDaZMPaRpdx367j16AQoRaMGgFMsKzh1sxJbutu0xOma6xPpyJyM/aqpj1bXGW+:g5MPQ0XgM0sKzhSxZE9A+B2JJI
Score1/10 -
-
-
Target
tox tweaking/Emu/KeyAuthEmulator.exe
-
Size
135KB
-
MD5
cf78d5995312872c075ae9772a14a5a2
-
SHA1
1de6c53b6acad6140567693f0fff7379826477a5
-
SHA256
71fede3d07f8b24d08e15748abcd95abcfe48e21a5a71f0c96d6bf752c12252c
-
SHA512
d4ca332800195a3a1c0dbe7c1669d91e23f5ad68c491589c8168b0040114fb761672778c39f092e8909133a1027e25e836f3951e17cffbc20e5fe5e271b0d845
-
SSDEEP
3072:WjK4UGDHXrQ8hy7qgpHulWD9ZvZ5Pf3Ca10xuZ04ntfOCFhBuO:WjK4TDUqgpqWDLZ5H+xuZ04RFhA
Score1/10 -
-
-
Target
tox tweaking/ToX Premium UtilityCRACK.exe
-
Size
37.8MB
-
MD5
08570a753f944196e653507ca68a65ce
-
SHA1
02fc64d90f5ec3e20e0985f50a3b882569ddd354
-
SHA256
ed4ede2502e8af6c22df6a697fa66c04ed4ce241ceecdf00ed32b27faa22afe8
-
SHA512
3592af44e3f31182a49e7cc5d103f5a5637f68feaea9d2a4fb5ae626fe8cd7e4e03556d85aa0a31e92852796d2620a78b6d5bc87dcc786525be6aaaef78f5893
-
SSDEEP
786432:3zQEQ2zOTHQKTyXjbQEV9Frfy+FYL24WbjNRQ4rX+w71/QnX5:DQ92zSQKTyzbBV91tFjN5q8qX
Score9/10-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
-
-
Target
tox tweaking/niggers/DevManView.exe
-
Size
163KB
-
MD5
d22ceb6b43f721fe4e892fea6c8990e6
-
SHA1
3ad25b431280a0056579aeaacdf687bd8c3aa901
-
SHA256
9abdc7cdc19548ada451aee6caabe296957c050062991892e7d9787ff6e0bdef
-
SHA512
8c37d941c108172340697887529f3fdc430cdee31d1ff7501d4da7fa21183e8f02832651a99daa30908820b935798ae85e046374e70c1ea4802763edbe47ebc1
-
SSDEEP
3072:d4xZZydQqxFMqeq48iiXvK1YY8IkTLuX1VBJsHSnSa7J:Ajrqy8iovKmdulVlt
Score6/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
-
-
Target
tox tweaking/niggers/DeviceCleanup.exe
-
Size
21KB
-
MD5
4c5136c06e5a167a29e0d2793024ae48
-
SHA1
65463469485aa1745e23b5cd0e9c117b599ca51b
-
SHA256
4f37b11d7cf3ede7e30bfbafa697c0e08eecdc000d0fb14b5956da1adc0a87bd
-
SHA512
6cdfa995efccce489b5cf58293152721c34a8106f8f568c0b18df86a300951b5a46d64c9b1f262ae68aee7d335da9eb035acfb6fd13e5b41821e9fb78ec2e7d3
-
SSDEEP
384:xoJBzkp5kZZRIrJUXXAteV+3BpX0ZjDd1VsRannYPLv:xoLzkTkZLmJ0XAr3BpXK3hsRana
Score1/10 -
-
-
Target
tox tweaking/niggers/Microsoft-uiXAML2.8.Appx
-
Size
4.9MB
-
MD5
77cfc41c3181f50589396f6dc04b4a54
-
SHA1
4bf7cc0762db6df1088c4d6142f0a93b9b268a91
-
SHA256
d3c222a694aece945c98da01bb412b3da1e36428efa353665ac38e96127f3f49
-
SHA512
abff20d295105d8fbb10a106c5bb61352014ec5448f9d75be9183829e8cb5bbb5359494e55af97cdf61dc92deb4875e8ad9a3b8bbb9e574ba306928962cfbe38
-
SSDEEP
98304:eaSUNTP6MKd7wQnG/yM7/h0Rq39gj1H1dfYw+KclReo5kb6VeEAfMc:vSUNr6MKaQnih/j97w3W/VlSMc
Score1/10 -
-
-
Target
Microsoft.UI.Xaml.dll
-
Size
5.9MB
-
MD5
adec19eb52f1728d6b6b6ccaa3e3ba60
-
SHA1
002c7f609d99be79eb36daf8805636136df72466
-
SHA256
3f761d13cddc2148368403460c31e09596a42f5be439b4568956a2feaa77bb20
-
SHA512
405610213286722cdd935507151c0410b3c9cdf3ad5dad35988daf7d36726a39d5c571f639e971f3ea9df47259878a6aa832020dc901a905b9c39abaa98f27b1
-
SSDEEP
98304:hW22oXPBI2l1O3+CtDJSeU/JKarqXWY6FwiPcvJYk4Y2xnaKl6PLQRdQ5:XXm2l1OOCtDJSeU/JKarqXp6FwiPcvJx
Score1/10 -
-
-
Target
Microsoft.UI.Xaml.winmd
-
Size
279KB
-
MD5
e5db745bd07c98984c27be118542ba3b
-
SHA1
ac0a7959252e73e10486127babf5f86c232fab44
-
SHA256
2bf1f13298fda7f3eedf66a19bde55f9de0a57e902a9a60bc6ac37c9c4cf9d0b
-
SHA512
480f9e7e0a7fe1cf7b89825db19e41fe8c3f6f21dd183ea2db7225c81be431d152952384ceb279aa074de36a5b4f692ba3268088a1f5fc428f432cd89922b854
-
SSDEEP
6144:o8M+IFNxaeugzwfs88O43KuYS8IMzscp5NGg3SqEN0nk3:o80u3k88JMzscp5NGgC/NT3
Score1/10 -
-
-
Target
tox tweaking/niggers/MicrosoftEdgeSetup.exe
-
Size
1.6MB
-
MD5
9008b1f2c99b79594ccba4afd923056a
-
SHA1
4d88557702696906b44a37b289b4a5716e7c9fbe
-
SHA256
7531341da720162541747b3142722f9c52d9d5fe57678d8aeefa62532014f672
-
SHA512
ab9a48a6816c97d3e5988dacd8a2f270bd30b16cc558e0667c77a65121228bb3de90d03bf8cb48a92fe91c737876e260f2d782cb1aae18f1711e5f5679be9cb6
-
SSDEEP
49152:jiEa3J/lPA552bT8TCKpxVt2sl0TD5yncADYOS0jZ2/vgm9d:jirIOoT9pnt9l45mcADRS0SRb
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
-
-
Target
tox tweaking/niggers/NSudoLG.exe
-
Size
174KB
-
MD5
423129ddb24fb923f35b2dd5787b13dd
-
SHA1
575e57080f33fa87a8d37953e973d20f5ad80cfd
-
SHA256
5094ad359d8cf6dc5324598605c35f68519cc5af9c7ed5427e02a6b28121e4c7
-
SHA512
d3f904c944281e9be9788acea9cd31f563c5a764e927bcda7bae6bedcc6ae550c0809e49fd2cf00d9e143281d08522a4f484acc8d90b37111e2c737e91ae21ce
-
SSDEEP
3072:XVLC09ymR7sITY17jR7h05cDnxngU9yInRU+Wi+StbaoJLQfo8BuA6N3ls:XT9yO7sITYNmYnbyInRU+Wi+StbaoJLR
Score1/10 -
-
-
Target
tox tweaking/niggers/NVIDIA Control Panel.exe
-
Size
13.5MB
-
MD5
f4cdad23d303ae4b57cb72dc558b721c
-
SHA1
c45ce0fcf47662510f90b41ef2cef45e94dad279
-
SHA256
066365731d031099bf04198644e38fdf620113b2eb08a351610273751ad92671
-
SHA512
3140684adb577b319f073e6d27f119ab00b23f5c218bb9f54415e2981b1ef8c0ca5bbeb0e15607b6da0051c41224d61f501607299f358899452ffe56cbfb139e
-
SSDEEP
49152:tZF5q/RI7h8kaOGmflzhSgExJRtKxk55vX3ivx4DNdGd1UeiyuWTy6SL/tWCF16t:t9f7rfUSLNuntbF1fo4sNQUK
Score1/10 -
-
-
Target
tox tweaking/niggers/PowerRun.exe
-
Size
775KB
-
MD5
71c7975385f73ae32b06f69dbe79290b
-
SHA1
05a1197cb8bd88447199e42a75bfcf99e32f2c48
-
SHA256
c0abbeea8ae726503bc5643f3471e378d92fcb59a37043062bbf9ba64d95004c
-
SHA512
1a6549788e97e5d07560f58dc11088424f0f90815f0ced2173be169ad4dbf0e55cd19b40fbf8f65d65e0f6cadb21c0489dc6a8de999859d12244879f4722ec95
-
SSDEEP
12288:XaWzgMg7v3qnCi9ErQohh0F4fCJ8lnyQQdbpSulVAbWjuixwhQaB/Q:qaHMv6CRrj3nyQQdpSulmWjxwhQaG
Score3/10 -
-
-
Target
Export.bat
-
Size
529B
-
MD5
bf354baed02884dc4cf002db55818873
-
SHA1
66475f4de3baf56280ead4fc7c1303f5acbad307
-
SHA256
283d6ea32f1aa30985dc7ff1564e345ef62ca8193d764418b3031bbba82bb7da
-
SHA512
205c681c36b856f46c4cb91ae7adab2bd006c4950a660414dffd12ddafd23828d82a2128a19eef4cf05124a2b1237a8f1a3c50643479c91c0cef045df7c98134
Score1/10 -
-
-
Target
Import.bat
-
Size
739B
-
MD5
69ef99d985f7bc5e5e35471b251a84a3
-
SHA1
36d08bc2cbf4cc6a1203fe1de18be71eac6a1cd2
-
SHA256
dc0f3e8f2d484742469d768266ca833fe7330d618770b628bcbaeb6bb40df6fd
-
SHA512
f76067a1802be0dd45111ee85f9e69f989a716db962595b58898291ed3fd5178e0eb97c9c54742650b2969ab45184dedf6d8158975c93823c2b60117beec7b40
Score1/10 -
-
-
Target
SCEWIN_64.exe
-
Size
668KB
-
MD5
d89e8173dc0b82d80add7451d4aa4622
-
SHA1
578358cd958756b1786f30e913e4195c0003333c
-
SHA256
2d78e7bb62fcab44c54fe853f51e8836ada45ea374027423bcb6d7a5db46502b
-
SHA512
cb5e4ebf895b5414b70caa243d032ec1d8820ff3aac155aa065a449f3a3f7ef0b01a29b006d49c69c8c1f8c11235742f0a453b120132942d32d310c7b2d3808a
-
SSDEEP
6144:Jk/u4+ss7CVVs7DYebnaGSEM1JLCUdDcwDfTx1ZdeuLJzVpEKz7k32lobAYBhXcP:JTjC/s7DjkDZdeuLHuEm2ybAYBc/3+s
Score1/10 -
-
-
Target
amifldrv64.sys
-
Size
28KB
-
MD5
e5e8ecb20bc5630414707295327d755e
-
SHA1
06ecf73790f0277b8e27c8138e2c9ad0fc876438
-
SHA256
e7cbfb16261de1c7f009431d374d90e9eb049ba78246e38bc4c8b9e06f324b6f
-
SHA512
f8949a43b5d0b08349b719daac12089fd94e824e307ae5265fd39885029a19a91d35a45dd3f3ff41cd0e3d563d4419d96221212d96b5a9a10e5ebe952dfb16aa
-
SSDEEP
384:xv+wvxzpsQbQS5Z5OxV0HM2DecoLiZFnJtQSZsHLPK6jzHpNMbvFRJl6p+w:xvPvxtV5lgCM8eBLgJt6PKgDpNMPO
Score1/10 -
-
-
Target
amigendrv64.sys
-
Size
34KB
-
MD5
7b9717c608a5f5a1c816128a609e9575
-
SHA1
ec457a53ea03287cbbd1edcd5f27835a518ef144
-
SHA256
ffc72f0bde21ba20aa97bee99d9e96870e5aa40cce9884e44c612757f939494f
-
SHA512
4138ca89d0d74799ff10e512c247ea626846d107f0e054aef403adafeb7c7708415cb9e4ce7dbf0d168e98101f9faf5d5d3567ca7fc64406f72b1bd7a751664c
-
SSDEEP
384:79TBPBgGLd6veRHilu/XWncQ528rQjX+kl811pZFnJtQSZsHLPK6jzE9bvFRrqP8:pFsvSClu/mRH8lklJt6PKg49Puti
Score1/10 -
-
-
Target
tox tweaking/niggers/SCEWIN_64.exe
-
Size
668KB
-
MD5
d89e8173dc0b82d80add7451d4aa4622
-
SHA1
578358cd958756b1786f30e913e4195c0003333c
-
SHA256
2d78e7bb62fcab44c54fe853f51e8836ada45ea374027423bcb6d7a5db46502b
-
SHA512
cb5e4ebf895b5414b70caa243d032ec1d8820ff3aac155aa065a449f3a3f7ef0b01a29b006d49c69c8c1f8c11235742f0a453b120132942d32d310c7b2d3808a
-
SSDEEP
6144:Jk/u4+ss7CVVs7DYebnaGSEM1JLCUdDcwDfTx1ZdeuLJzVpEKz7k32lobAYBhXcP:JTjC/s7DjkDZdeuLHuEm2ybAYBc/3+s
Score1/10 -
-
-
Target
tox tweaking/niggers/SetACL.exe
-
Size
601KB
-
MD5
1fb64ff73938f4a04e97e5e7bf3d618c
-
SHA1
aa0f7db484d0c580533dec0e9964a59588c3632b
-
SHA256
4efc87b7e585fcbe4eaed656d3dbadaec88beca7f92ca7f0089583b428a6b221
-
SHA512
da6007847ffe724bd0b0abe000b0dd5596e2146f4c52c8fe541a2bf5f5f2f5893dccd53ef315206f46a9285ddbd766010b226873038ccac7981192d8c9937ece
-
SSDEEP
12288:3G2NBTh+l8gAqAbdsuEa3nZGSebY7o937bfJ9Ud:3xNBTYlaLdaynZGBc7orbJ9Ud
Score1/10 -
-
-
Target
tox tweaking/niggers/VC_redist.x64.exe
-
Size
24.2MB
-
MD5
a8a68bcc74b5022467f12587baf1ef93
-
SHA1
046f00c519900fcbf2e6e955fc155b11156a733b
-
SHA256
1ad7988c17663cc742b01bef1a6df2ed1741173009579ad50a94434e54f56073
-
SHA512
70a05bde549e5a973397cd77fe0c6380807cae768aa98454830f321a0de64bd0da30f31615ae6b4d9f0d244483a571e46024cf51b20fe813a6304a74bd8c0cc2
-
SSDEEP
393216:Dwlp+dkBSuF2SfUfn6+eDl2ugjMoA+hxV33wsBH+Jh+5l+BvlOchteAHYhx9vy:DMp+Ty2SfUfnxk/kpsjlOchcEu2
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
tox tweaking/niggers/amifldrv64.sys
-
Size
28KB
-
MD5
e5e8ecb20bc5630414707295327d755e
-
SHA1
06ecf73790f0277b8e27c8138e2c9ad0fc876438
-
SHA256
e7cbfb16261de1c7f009431d374d90e9eb049ba78246e38bc4c8b9e06f324b6f
-
SHA512
f8949a43b5d0b08349b719daac12089fd94e824e307ae5265fd39885029a19a91d35a45dd3f3ff41cd0e3d563d4419d96221212d96b5a9a10e5ebe952dfb16aa
-
SSDEEP
384:xv+wvxzpsQbQS5Z5OxV0HM2DecoLiZFnJtQSZsHLPK6jzHpNMbvFRJl6p+w:xvPvxtV5lgCM8eBLgJt6PKgDpNMPO
Score1/10 -
-
-
Target
tox tweaking/niggers/amigendrv64.sys
-
Size
34KB
-
MD5
7b9717c608a5f5a1c816128a609e9575
-
SHA1
ec457a53ea03287cbbd1edcd5f27835a518ef144
-
SHA256
ffc72f0bde21ba20aa97bee99d9e96870e5aa40cce9884e44c612757f939494f
-
SHA512
4138ca89d0d74799ff10e512c247ea626846d107f0e054aef403adafeb7c7708415cb9e4ce7dbf0d168e98101f9faf5d5d3567ca7fc64406f72b1bd7a751664c
-
SSDEEP
384:79TBPBgGLd6veRHilu/XWncQ528rQjX+kl811pZFnJtQSZsHLPK6jzE9bvFRrqP8:pFsvSClu/mRH8lklJt6PKg49Puti
Score1/10 -
-
-
Target
tox tweaking/niggers/bfsvc.exe
-
Size
108KB
-
MD5
aec2ae40f01d8f2a9f159de1fdc4961d
-
SHA1
6bb23e99504f2a01af96308cdd4908e5a0859432
-
SHA256
71bdc378d175b6b2df23f5f8d394e5e90805a4e0b3e346588dc7dfe14de3dcfa
-
SHA512
268bda90710fcef2c6e22552968557afaa18aa1669de6d225c41ce919ed70539aed0d6fa7204282abcc7695226278c6f646fed886c256c9ca4c6e6f8760a9869
-
SSDEEP
1536:p3MUZobpQ76GHedxqgX65XDd2QKXWmxYej4eBK0v:tSplGHevPX65XDdov+ejHoe
Score1/10 -
-
-
Target
CRU/CRU.exe
-
Size
1.2MB
-
MD5
0f69af48c32613f73c6acb87a7d18661
-
SHA1
0756ae84f3b58aec29f4b9a2888624ca879f7856
-
SHA256
0351a943ca93558ff36f74c3f0c768dceb724e833e282abcf1be5b2e71d5c67b
-
SHA512
2b30c079831a30683aabc0effa6bb60c84a960c2bcda1ce5da204bebc2050a359ec2cf36df426a0d227165afb9c4b9401fd0316b2504394c7876ed177fff2377
-
SSDEEP
24576:tLEWuIj9T0gR1U2vfVD8sA15qkJ1K3mbDQca9L32GY:twfIj9T0ujvTO6L3
Score3/10 -
-
-
Target
CRU/reset-all.exe
-
Size
51KB
-
MD5
3d47586c62bf61dac639d8cc1bf43ee7
-
SHA1
36f605e1fb7cae972c6723ded6a5f126f36a8d01
-
SHA256
70639c195430afb92799d711ed784406bfdfd04c648d5f3e4d9873da0063660b
-
SHA512
638a75c0159de8553e8071a68b5a4355bfc002489d9ed62bfbb1019d287073a555133bd4a55abd68c51b3e2a1616f586a26998ce32ade322cd72ffeab5ffe105
-
SSDEEP
768:Jd0XBRNU+hV81e14G8xGvMhBmqVHhc6ZrLy01fA5Egt2rHNZAEDFn27DQNE5B:b0XbeQ8xG0Kqjc6lLFfSortZBMDu8
Score3/10 -
-
-
Target
CRU/restart.exe
-
Size
63KB
-
MD5
8242ce426ad462eff02edae1487a6949
-
SHA1
9a4f382d427e0de729053535aaa3310cac5f087b
-
SHA256
b68ee265308dc9da7dbb521bb71238d27ac50a5ee816f21c13818393be982d7a
-
SHA512
aff43a78d29ede49eac386d9b0b44d0f37d5a20bdda8553369d68dec90bbc727c6dd8fe239987a9d2e3affaeff8b72b5023ed973d7aecfbb99de46dca8c99ef1
-
SSDEEP
768:xa+/MMnf2XivrjhmxEQSQIjDaGva2XaT+CSxKUAch9Itvo7vq2XFelWn2iED5Vx0:xa0wstmSpDaGS2RCSxK28otXFQwUx
Score5/10-
Drops file in System32 directory
-
-
-
Target
CRU/restart64.exe
-
Size
73KB
-
MD5
297aa19bade534a791d053ca190b74ad
-
SHA1
15cb6a33994f75fe9e30a2afbc8a7e4616b63962
-
SHA256
5f779bb822aedaf5bd11693cdf73f6c7c3342f37371a78c07c2aca1e15dbfd00
-
SHA512
df883950c598f31b81f22a68b2a9fed7459dcad5084ec6e39399658b0492bcc458d9fc5bb80fda6bc994bed3241f969fc67a0b8e021fb82b040455d64776c625
-
SSDEEP
1536:8vXMJl7uRupZzidl/T+Dnx86Rpy4roKsIrryeq3OTM:8vMJl6RAZu/T+7x8qpRM8rNcOTM
Score5/10-
Drops file in System32 directory
-
-
-
Target
tox tweaking/niggers/devcon.exe
-
Size
80KB
-
MD5
3904d0698962e09da946046020cbcb17
-
SHA1
edae098e7e8452ca6c125cf6362dda3f4d78f0ae
-
SHA256
a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289
-
SHA512
c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea
-
SSDEEP
1536:MP2K0pa0WfEYp9Y/XQhpgnbP212YCJpDhiF4O7W:MePOYe4bu1epDh8RW
Score1/10 -
-
-
Target
Export.bat
-
Size
1KB
-
MD5
deb75f2d9aa4afdc7ad4796778a80bb9
-
SHA1
6df26d15bd72ba548c06b908772e836c998bf208
-
SHA256
4b1cd4bf80557c80689d6f06b15e63a3f6a3ff66db3d8bebe237d86d82cb6e46
-
SHA512
474e3e25c632989ff72e3822c89b9864d4172647b78d1df8d7af70f211e48308dc33065ccaf091f52f9a160f337c82c5ed791b9323e3cc81cf31d9d87c0e4ac6
Score3/10 -
-
-
Target
tox tweaking/niggers/openshell.exe
-
Size
7.9MB
-
MD5
cf93ef6708b8026ff44e5dfe26d6d387
-
SHA1
8b1666ce02c032cbdc1a7afcd1e9395a892da386
-
SHA256
31e616f27fad0c9b14a22c02ded2dc524411abf53d72c4136f22db1be0156865
-
SHA512
9d30881098f283bf478b56267623f3d4559ca7554fabdaf777458dec1368a4d6d84b8bd7ff0982060aeea85c69f8d160b2afcfbe5bbbffb2d425bc2a8dd63f52
-
SSDEEP
196608:4A+K5NrULkCZNxUmPYLWDYqqaUeqA923VnJEhqY1TUmPYbWDi2r:4A1rUIMNWmQaD/t7GVnJErwmQqDx
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory
-
-
-
Target
tox tweaking/niggers/procexp.exe
-
Size
2.7MB
-
MD5
b5e7689f66866281c26503b58733d834
-
SHA1
efeee983af571f5e3e519935ec385225274d05e2
-
SHA256
0f2081ebd2ef0baafdd699dbd1b77853a35b50943418ed6207f896599f41084c
-
SHA512
a327d38c63049e7973df5668af07dded5dbe386e094c1e27af97059be3056bcf512293197837c514964a3d4009d6ea80d2a859de054b8be401f8d101dcc60e14
-
SSDEEP
49152:xygKkss5FYpJ1vU5LdVa2d0JbASq6lFPYhVBHxuzIS:YgKYYz185LdY4UUxuv
Score8/10-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
tox tweaking/niggers/str.exe
-
Size
136KB
-
MD5
958aa10581a9b1c402c5fac81ddf258f
-
SHA1
fa26a7cc9259be2ac11a20bed78916bf2e545516
-
SHA256
fe3cdbe2e332e48921ffa2a9697a66f71472d878154ba331d12adc7e7c767a2b
-
SHA512
c4f8d93e2443d199d9aabb65abc3597487fcf48b83366e66fe88ebd48993cd9c5054a76526b02a58190981022750b1e93bc66451abaa2e79ae379709e9ed2d84
-
SSDEEP
1536:WOjZxDRK/Quc5dnl04DG/jjhdja+RjmvXXY87eFj9PzHlVVU00:fz9KouYnl04DGekjmvIoe9nUB
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Browser Extensions
1Event Triggered Execution
3Change Default File Association
1Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Event Triggered Execution
3Change Default File Association
1Component Object Model Hijacking
1Image File Execution Options Injection
1Defense Evasion
Modify Registry
8Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1