f45bcf726922fe01b71eb17cdaea8fcea57bdeefced3054e118732a41805f15f

Sharing

Copy URL

Twitter E-mail

General

Target

edkdpu.zip
Size

77.7MB
Sample

241108-sh5ehavbpj
MD5

4b83e98030b4931166fb6be77773bce8
SHA1

11d6e04430abe5e4143845fcf0ad0f86b87fc74d
SHA256

f45bcf726922fe01b71eb17cdaea8fcea57bdeefced3054e118732a41805f15f
SHA512

37e2b382e3f906d8b9a7fbeee6511a20e6186770f8454c48f9f374f9b7eddd1467634d59a39605fe79c3f3e854068f31c0ceee79bac22ffb18011344519f7166
SSDEEP

1572864:e/RuquMtjMd/wG3F+Z+NQ2RdnBW0vW67scv2TmCYh+vzFtnDdX5vFoQkBBr:eE3d/H3FTpnnBpvW67smNDh+LdXT+nr

Score

9^/10

Malware Config

Targets

- Target
  
  tox tweaking/Emu/KeyAuthEmulator.dll
- Size
  
  22KB
- MD5
  
  d653595679fe9ce7790dd473d2077d1a
- SHA1
  
  d5080e0679ddb5a4d7b91fbe2169a9c29f7dc8e6
- SHA256
  
  8997bb8b9ffb50c9387f906e42a64f52ac0b686e26153257b5bf0c1aad30fd79
- SHA512
  
  aa2a7a8bf3d27ad9932504813015f260a264bd502fbaf5956fe1a52255146294cddab86775be54147610b1f5ba1a6ed4ca40ff8d69ac92673174bd061f757ee5
- SSDEEP
  
  384:gwDaZMPaRpdx367j16AQoRaMGgFMsKzh1sxJbutu0xOma6xPpyJyM/aqpj1bXGW+:g5MPQ0XgM0sKzhSxZE9A+B2JJI
Score

1^/10
behavioral1
- Target
  
  tox tweaking/Emu/KeyAuthEmulator.exe
- Size
  
  135KB
- MD5
  
  cf78d5995312872c075ae9772a14a5a2
- SHA1
  
  1de6c53b6acad6140567693f0fff7379826477a5
- SHA256
  
  71fede3d07f8b24d08e15748abcd95abcfe48e21a5a71f0c96d6bf752c12252c
- SHA512
  
  d4ca332800195a3a1c0dbe7c1669d91e23f5ad68c491589c8168b0040114fb761672778c39f092e8909133a1027e25e836f3951e17cffbc20e5fe5e271b0d845
- SSDEEP
  
  3072:WjK4UGDHXrQ8hy7qgpHulWD9ZvZ5Pf3Ca10xuZ04ntfOCFhBuO:WjK4TDUqgpqWDLZ5H+xuZ04RFhA
Score

1^/10
behavioral2
- Target
  
  tox tweaking/ToX Premium UtilityCRACK.exe
- Size
  
  37.8MB
- MD5
  
  08570a753f944196e653507ca68a65ce
- SHA1
  
  02fc64d90f5ec3e20e0985f50a3b882569ddd354
- SHA256
  
  ed4ede2502e8af6c22df6a697fa66c04ed4ce241ceecdf00ed32b27faa22afe8
- SHA512
  
  3592af44e3f31182a49e7cc5d103f5a5637f68feaea9d2a4fb5ae626fe8cd7e4e03556d85aa0a31e92852796d2620a78b6d5bc87dcc786525be6aaaef78f5893
- SSDEEP
  
  786432:3zQEQ2zOTHQKTyXjbQEV9Frfy+FYL24WbjNRQ4rX+w71/QnX5:DQ92zSQKTyzbBV91tFjN5q8qX
Score

9^/10

discovery
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
behavioral3
- Target
  
  tox tweaking/niggers/DevManView.exe
- Size
  
  163KB
- MD5
  
  d22ceb6b43f721fe4e892fea6c8990e6
- SHA1
  
  3ad25b431280a0056579aeaacdf687bd8c3aa901
- SHA256
  
  9abdc7cdc19548ada451aee6caabe296957c050062991892e7d9787ff6e0bdef
- SHA512
  
  8c37d941c108172340697887529f3fdc430cdee31d1ff7501d4da7fa21183e8f02832651a99daa30908820b935798ae85e046374e70c1ea4802763edbe47ebc1
- SSDEEP
  
  3072:d4xZZydQqxFMqeq48iiXvK1YY8IkTLuX1VBJsHSnSa7J:Ajrqy8iovKmdulVlt
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral4
- Target
  
  tox tweaking/niggers/DeviceCleanup.exe
- Size
  
  21KB
- MD5
  
  4c5136c06e5a167a29e0d2793024ae48
- SHA1
  
  65463469485aa1745e23b5cd0e9c117b599ca51b
- SHA256
  
  4f37b11d7cf3ede7e30bfbafa697c0e08eecdc000d0fb14b5956da1adc0a87bd
- SHA512
  
  6cdfa995efccce489b5cf58293152721c34a8106f8f568c0b18df86a300951b5a46d64c9b1f262ae68aee7d335da9eb035acfb6fd13e5b41821e9fb78ec2e7d3
- SSDEEP
  
  384:xoJBzkp5kZZRIrJUXXAteV+3BpX0ZjDd1VsRannYPLv:xoLzkTkZLmJ0XAr3BpXK3hsRana
Score

1^/10
behavioral5
- Target
  
  tox tweaking/niggers/Microsoft-uiXAML2.8.Appx
- Size
  
  4.9MB
- MD5
  
  77cfc41c3181f50589396f6dc04b4a54
- SHA1
  
  4bf7cc0762db6df1088c4d6142f0a93b9b268a91
- SHA256
  
  d3c222a694aece945c98da01bb412b3da1e36428efa353665ac38e96127f3f49
- SHA512
  
  abff20d295105d8fbb10a106c5bb61352014ec5448f9d75be9183829e8cb5bbb5359494e55af97cdf61dc92deb4875e8ad9a3b8bbb9e574ba306928962cfbe38
- SSDEEP
  
  98304:eaSUNTP6MKd7wQnG/yM7/h0Rq39gj1H1dfYw+KclReo5kb6VeEAfMc:vSUNr6MKaQnih/j97w3W/VlSMc
Score

1^/10
behavioral6
- Target
  
  Microsoft.UI.Xaml.dll
- Size
  
  5.9MB
- MD5
  
  adec19eb52f1728d6b6b6ccaa3e3ba60
- SHA1
  
  002c7f609d99be79eb36daf8805636136df72466
- SHA256
  
  3f761d13cddc2148368403460c31e09596a42f5be439b4568956a2feaa77bb20
- SHA512
  
  405610213286722cdd935507151c0410b3c9cdf3ad5dad35988daf7d36726a39d5c571f639e971f3ea9df47259878a6aa832020dc901a905b9c39abaa98f27b1
- SSDEEP
  
  98304:hW22oXPBI2l1O3+CtDJSeU/JKarqXWY6FwiPcvJYk4Y2xnaKl6PLQRdQ5:XXm2l1OOCtDJSeU/JKarqXp6FwiPcvJx
Score

1^/10
behavioral7
- Target
  
  Microsoft.UI.Xaml.winmd
- Size
  
  279KB
- MD5
  
  e5db745bd07c98984c27be118542ba3b
- SHA1
  
  ac0a7959252e73e10486127babf5f86c232fab44
- SHA256
  
  2bf1f13298fda7f3eedf66a19bde55f9de0a57e902a9a60bc6ac37c9c4cf9d0b
- SHA512
  
  480f9e7e0a7fe1cf7b89825db19e41fe8c3f6f21dd183ea2db7225c81be431d152952384ceb279aa074de36a5b4f692ba3268088a1f5fc428f432cd89922b854
- SSDEEP
  
  6144:o8M+IFNxaeugzwfs88O43KuYS8IMzscp5NGg3SqEN0nk3:o80u3k88JMzscp5NGgC/NT3
Score

1^/10
behavioral8
- Target
  
  tox tweaking/niggers/MicrosoftEdgeSetup.exe
- Size
  
  1.6MB
- MD5
  
  9008b1f2c99b79594ccba4afd923056a
- SHA1
  
  4d88557702696906b44a37b289b4a5716e7c9fbe
- SHA256
  
  7531341da720162541747b3142722f9c52d9d5fe57678d8aeefa62532014f672
- SHA512
  
  ab9a48a6816c97d3e5988dacd8a2f270bd30b16cc558e0667c77a65121228bb3de90d03bf8cb48a92fe91c737876e260f2d782cb1aae18f1711e5f5679be9cb6
- SSDEEP
  
  49152:jiEa3J/lPA552bT8TCKpxVt2sl0TD5yncADYOS0jZ2/vgm9d:jirIOoT9pnt9l45mcADRS0SRb
Score

8^/10

adware discovery evasion persistence privilege_escalation spyware stealer trojan
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral9
- Target
  
  tox tweaking/niggers/NSudoLG.exe
- Size
  
  174KB
- MD5
  
  423129ddb24fb923f35b2dd5787b13dd
- SHA1
  
  575e57080f33fa87a8d37953e973d20f5ad80cfd
- SHA256
  
  5094ad359d8cf6dc5324598605c35f68519cc5af9c7ed5427e02a6b28121e4c7
- SHA512
  
  d3f904c944281e9be9788acea9cd31f563c5a764e927bcda7bae6bedcc6ae550c0809e49fd2cf00d9e143281d08522a4f484acc8d90b37111e2c737e91ae21ce
- SSDEEP
  
  3072:XVLC09ymR7sITY17jR7h05cDnxngU9yInRU+Wi+StbaoJLQfo8BuA6N3ls:XT9yO7sITYNmYnbyInRU+Wi+StbaoJLR
Score

1^/10
behavioral10
- Target
  
  tox tweaking/niggers/NVIDIA Control Panel.exe
- Size
  
  13.5MB
- MD5
  
  f4cdad23d303ae4b57cb72dc558b721c
- SHA1
  
  c45ce0fcf47662510f90b41ef2cef45e94dad279
- SHA256
  
  066365731d031099bf04198644e38fdf620113b2eb08a351610273751ad92671
- SHA512
  
  3140684adb577b319f073e6d27f119ab00b23f5c218bb9f54415e2981b1ef8c0ca5bbeb0e15607b6da0051c41224d61f501607299f358899452ffe56cbfb139e
- SSDEEP
  
  49152:tZF5q/RI7h8kaOGmflzhSgExJRtKxk55vX3ivx4DNdGd1UeiyuWTy6SL/tWCF16t:t9f7rfUSLNuntbF1fo4sNQUK
Score

1^/10
behavioral11
- Target
  
  tox tweaking/niggers/PowerRun.exe
- Size
  
  775KB
- MD5
  
  71c7975385f73ae32b06f69dbe79290b
- SHA1
  
  05a1197cb8bd88447199e42a75bfcf99e32f2c48
- SHA256
  
  c0abbeea8ae726503bc5643f3471e378d92fcb59a37043062bbf9ba64d95004c
- SHA512
  
  1a6549788e97e5d07560f58dc11088424f0f90815f0ced2173be169ad4dbf0e55cd19b40fbf8f65d65e0f6cadb21c0489dc6a8de999859d12244879f4722ec95
- SSDEEP
  
  12288:XaWzgMg7v3qnCi9ErQohh0F4fCJ8lnyQQdbpSulVAbWjuixwhQaB/Q:qaHMv6CRrj3nyQQdpSulmWjxwhQaG
Score

3^/10

discovery
behavioral12
- Target
  
  Export.bat
- Size
  
  529B
- MD5
  
  bf354baed02884dc4cf002db55818873
- SHA1
  
  66475f4de3baf56280ead4fc7c1303f5acbad307
- SHA256
  
  283d6ea32f1aa30985dc7ff1564e345ef62ca8193d764418b3031bbba82bb7da
- SHA512
  
  205c681c36b856f46c4cb91ae7adab2bd006c4950a660414dffd12ddafd23828d82a2128a19eef4cf05124a2b1237a8f1a3c50643479c91c0cef045df7c98134
Score

1^/10
behavioral13
- Target
  
  Import.bat
- Size
  
  739B
- MD5
  
  69ef99d985f7bc5e5e35471b251a84a3
- SHA1
  
  36d08bc2cbf4cc6a1203fe1de18be71eac6a1cd2
- SHA256
  
  dc0f3e8f2d484742469d768266ca833fe7330d618770b628bcbaeb6bb40df6fd
- SHA512
  
  f76067a1802be0dd45111ee85f9e69f989a716db962595b58898291ed3fd5178e0eb97c9c54742650b2969ab45184dedf6d8158975c93823c2b60117beec7b40
Score

1^/10
behavioral14
- Target
  
  SCEWIN_64.exe
- Size
  
  668KB
- MD5
  
  d89e8173dc0b82d80add7451d4aa4622
- SHA1
  
  578358cd958756b1786f30e913e4195c0003333c
- SHA256
  
  2d78e7bb62fcab44c54fe853f51e8836ada45ea374027423bcb6d7a5db46502b
- SHA512
  
  cb5e4ebf895b5414b70caa243d032ec1d8820ff3aac155aa065a449f3a3f7ef0b01a29b006d49c69c8c1f8c11235742f0a453b120132942d32d310c7b2d3808a
- SSDEEP
  
  6144:Jk/u4+ss7CVVs7DYebnaGSEM1JLCUdDcwDfTx1ZdeuLJzVpEKz7k32lobAYBhXcP:JTjC/s7DjkDZdeuLHuEm2ybAYBc/3+s
Score

1^/10
behavioral15
- Target
  
  amifldrv64.sys
- Size
  
  28KB
- MD5
  
  e5e8ecb20bc5630414707295327d755e
- SHA1
  
  06ecf73790f0277b8e27c8138e2c9ad0fc876438
- SHA256
  
  e7cbfb16261de1c7f009431d374d90e9eb049ba78246e38bc4c8b9e06f324b6f
- SHA512
  
  f8949a43b5d0b08349b719daac12089fd94e824e307ae5265fd39885029a19a91d35a45dd3f3ff41cd0e3d563d4419d96221212d96b5a9a10e5ebe952dfb16aa
- SSDEEP
  
  384:xv+wvxzpsQbQS5Z5OxV0HM2DecoLiZFnJtQSZsHLPK6jzHpNMbvFRJl6p+w:xvPvxtV5lgCM8eBLgJt6PKgDpNMPO
Score

1^/10
behavioral16
- Target
  
  amigendrv64.sys
- Size
  
  34KB
- MD5
  
  7b9717c608a5f5a1c816128a609e9575
- SHA1
  
  ec457a53ea03287cbbd1edcd5f27835a518ef144
- SHA256
  
  ffc72f0bde21ba20aa97bee99d9e96870e5aa40cce9884e44c612757f939494f
- SHA512
  
  4138ca89d0d74799ff10e512c247ea626846d107f0e054aef403adafeb7c7708415cb9e4ce7dbf0d168e98101f9faf5d5d3567ca7fc64406f72b1bd7a751664c
- SSDEEP
  
  384:79TBPBgGLd6veRHilu/XWncQ528rQjX+kl811pZFnJtQSZsHLPK6jzE9bvFRrqP8:pFsvSClu/mRH8lklJt6PKg49Puti
Score

1^/10
behavioral17
- Target
  
  tox tweaking/niggers/SCEWIN_64.exe
- Size
  
  668KB
- MD5
  
  d89e8173dc0b82d80add7451d4aa4622
- SHA1
  
  578358cd958756b1786f30e913e4195c0003333c
- SHA256
  
  2d78e7bb62fcab44c54fe853f51e8836ada45ea374027423bcb6d7a5db46502b
- SHA512
  
  cb5e4ebf895b5414b70caa243d032ec1d8820ff3aac155aa065a449f3a3f7ef0b01a29b006d49c69c8c1f8c11235742f0a453b120132942d32d310c7b2d3808a
- SSDEEP
  
  6144:Jk/u4+ss7CVVs7DYebnaGSEM1JLCUdDcwDfTx1ZdeuLJzVpEKz7k32lobAYBhXcP:JTjC/s7DjkDZdeuLHuEm2ybAYBc/3+s
Score

1^/10
behavioral18
- Target
  
  tox tweaking/niggers/SetACL.exe
- Size
  
  601KB
- MD5
  
  1fb64ff73938f4a04e97e5e7bf3d618c
- SHA1
  
  aa0f7db484d0c580533dec0e9964a59588c3632b
- SHA256
  
  4efc87b7e585fcbe4eaed656d3dbadaec88beca7f92ca7f0089583b428a6b221
- SHA512
  
  da6007847ffe724bd0b0abe000b0dd5596e2146f4c52c8fe541a2bf5f5f2f5893dccd53ef315206f46a9285ddbd766010b226873038ccac7981192d8c9937ece
- SSDEEP
  
  12288:3G2NBTh+l8gAqAbdsuEa3nZGSebY7o937bfJ9Ud:3xNBTYlaLdaynZGBc7orbJ9Ud
Score

1^/10
behavioral19
- Target
  
  tox tweaking/niggers/VC_redist.x64.exe
- Size
  
  24.2MB
- MD5
  
  a8a68bcc74b5022467f12587baf1ef93
- SHA1
  
  046f00c519900fcbf2e6e955fc155b11156a733b
- SHA256
  
  1ad7988c17663cc742b01bef1a6df2ed1741173009579ad50a94434e54f56073
- SHA512
  
  70a05bde549e5a973397cd77fe0c6380807cae768aa98454830f321a0de64bd0da30f31615ae6b4d9f0d244483a571e46024cf51b20fe813a6304a74bd8c0cc2
- SSDEEP
  
  393216:Dwlp+dkBSuF2SfUfn6+eDl2ugjMoA+hxV33wsBH+Jh+5l+BvlOchteAHYhx9vy:DMp+Ty2SfUfnxk/kpsjlOchcEu2
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral20
- Target
  
  tox tweaking/niggers/amifldrv64.sys
- Size
  
  28KB
- MD5
  
  e5e8ecb20bc5630414707295327d755e
- SHA1
  
  06ecf73790f0277b8e27c8138e2c9ad0fc876438
- SHA256
  
  e7cbfb16261de1c7f009431d374d90e9eb049ba78246e38bc4c8b9e06f324b6f
- SHA512
  
  f8949a43b5d0b08349b719daac12089fd94e824e307ae5265fd39885029a19a91d35a45dd3f3ff41cd0e3d563d4419d96221212d96b5a9a10e5ebe952dfb16aa
- SSDEEP
  
  384:xv+wvxzpsQbQS5Z5OxV0HM2DecoLiZFnJtQSZsHLPK6jzHpNMbvFRJl6p+w:xvPvxtV5lgCM8eBLgJt6PKgDpNMPO
Score

1^/10
behavioral21
- Target
  
  tox tweaking/niggers/amigendrv64.sys
- Size
  
  34KB
- MD5
  
  7b9717c608a5f5a1c816128a609e9575
- SHA1
  
  ec457a53ea03287cbbd1edcd5f27835a518ef144
- SHA256
  
  ffc72f0bde21ba20aa97bee99d9e96870e5aa40cce9884e44c612757f939494f
- SHA512
  
  4138ca89d0d74799ff10e512c247ea626846d107f0e054aef403adafeb7c7708415cb9e4ce7dbf0d168e98101f9faf5d5d3567ca7fc64406f72b1bd7a751664c
- SSDEEP
  
  384:79TBPBgGLd6veRHilu/XWncQ528rQjX+kl811pZFnJtQSZsHLPK6jzE9bvFRrqP8:pFsvSClu/mRH8lklJt6PKg49Puti
Score

1^/10
behavioral22
- Target
  
  tox tweaking/niggers/bfsvc.exe
- Size
  
  108KB
- MD5
  
  aec2ae40f01d8f2a9f159de1fdc4961d
- SHA1
  
  6bb23e99504f2a01af96308cdd4908e5a0859432
- SHA256
  
  71bdc378d175b6b2df23f5f8d394e5e90805a4e0b3e346588dc7dfe14de3dcfa
- SHA512
  
  268bda90710fcef2c6e22552968557afaa18aa1669de6d225c41ce919ed70539aed0d6fa7204282abcc7695226278c6f646fed886c256c9ca4c6e6f8760a9869
- SSDEEP
  
  1536:p3MUZobpQ76GHedxqgX65XDd2QKXWmxYej4eBK0v:tSplGHevPX65XDdov+ejHoe
Score

1^/10
behavioral23
- Target
  
  CRU/CRU.exe
- Size
  
  1.2MB
- MD5
  
  0f69af48c32613f73c6acb87a7d18661
- SHA1
  
  0756ae84f3b58aec29f4b9a2888624ca879f7856
- SHA256
  
  0351a943ca93558ff36f74c3f0c768dceb724e833e282abcf1be5b2e71d5c67b
- SHA512
  
  2b30c079831a30683aabc0effa6bb60c84a960c2bcda1ce5da204bebc2050a359ec2cf36df426a0d227165afb9c4b9401fd0316b2504394c7876ed177fff2377
- SSDEEP
  
  24576:tLEWuIj9T0gR1U2vfVD8sA15qkJ1K3mbDQca9L32GY:twfIj9T0ujvTO6L3
Score

3^/10

discovery
behavioral24
- Target
  
  CRU/reset-all.exe
- Size
  
  51KB
- MD5
  
  3d47586c62bf61dac639d8cc1bf43ee7
- SHA1
  
  36f605e1fb7cae972c6723ded6a5f126f36a8d01
- SHA256
  
  70639c195430afb92799d711ed784406bfdfd04c648d5f3e4d9873da0063660b
- SHA512
  
  638a75c0159de8553e8071a68b5a4355bfc002489d9ed62bfbb1019d287073a555133bd4a55abd68c51b3e2a1616f586a26998ce32ade322cd72ffeab5ffe105
- SSDEEP
  
  768:Jd0XBRNU+hV81e14G8xGvMhBmqVHhc6ZrLy01fA5Egt2rHNZAEDFn27DQNE5B:b0XbeQ8xG0Kqjc6lLFfSortZBMDu8
Score

3^/10

discovery
behavioral25
- Target
  
  CRU/restart.exe
- Size
  
  63KB
- MD5
  
  8242ce426ad462eff02edae1487a6949
- SHA1
  
  9a4f382d427e0de729053535aaa3310cac5f087b
- SHA256
  
  b68ee265308dc9da7dbb521bb71238d27ac50a5ee816f21c13818393be982d7a
- SHA512
  
  aff43a78d29ede49eac386d9b0b44d0f37d5a20bdda8553369d68dec90bbc727c6dd8fe239987a9d2e3affaeff8b72b5023ed973d7aecfbb99de46dca8c99ef1
- SSDEEP
  
  768:xa+/MMnf2XivrjhmxEQSQIjDaGva2XaT+CSxKUAch9Itvo7vq2XFelWn2iED5Vx0:xa0wstmSpDaGS2RCSxK28otXFQwUx
Score

5^/10

discovery
- Drops file in System32 directory
behavioral26
- Target
  
  CRU/restart64.exe
- Size
  
  73KB
- MD5
  
  297aa19bade534a791d053ca190b74ad
- SHA1
  
  15cb6a33994f75fe9e30a2afbc8a7e4616b63962
- SHA256
  
  5f779bb822aedaf5bd11693cdf73f6c7c3342f37371a78c07c2aca1e15dbfd00
- SHA512
  
  df883950c598f31b81f22a68b2a9fed7459dcad5084ec6e39399658b0492bcc458d9fc5bb80fda6bc994bed3241f969fc67a0b8e021fb82b040455d64776c625
- SSDEEP
  
  1536:8vXMJl7uRupZzidl/T+Dnx86Rpy4roKsIrryeq3OTM:8vMJl6RAZu/T+7x8qpRM8rNcOTM
Score

5^/10
- Drops file in System32 directory
behavioral27
- Target
  
  tox tweaking/niggers/devcon.exe
- Size
  
  80KB
- MD5
  
  3904d0698962e09da946046020cbcb17
- SHA1
  
  edae098e7e8452ca6c125cf6362dda3f4d78f0ae
- SHA256
  
  a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289
- SHA512
  
  c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea
- SSDEEP
  
  1536:MP2K0pa0WfEYp9Y/XQhpgnbP212YCJpDhiF4O7W:MePOYe4bu1epDh8RW
Score

1^/10
behavioral28
- Target
  
  Export.bat
- Size
  
  1KB
- MD5
  
  deb75f2d9aa4afdc7ad4796778a80bb9
- SHA1
  
  6df26d15bd72ba548c06b908772e836c998bf208
- SHA256
  
  4b1cd4bf80557c80689d6f06b15e63a3f6a3ff66db3d8bebe237d86d82cb6e46
- SHA512
  
  474e3e25c632989ff72e3822c89b9864d4172647b78d1df8d7af70f211e48308dc33065ccaf091f52f9a160f337c82c5ed791b9323e3cc81cf31d9d87c0e4ac6
Score

3^/10

discovery
behavioral29
- Target
  
  tox tweaking/niggers/openshell.exe
- Size
  
  7.9MB
- MD5
  
  cf93ef6708b8026ff44e5dfe26d6d387
- SHA1
  
  8b1666ce02c032cbdc1a7afcd1e9395a892da386
- SHA256
  
  31e616f27fad0c9b14a22c02ded2dc524411abf53d72c4136f22db1be0156865
- SHA512
  
  9d30881098f283bf478b56267623f3d4559ca7554fabdaf777458dec1368a4d6d84b8bd7ff0982060aeea85c69f8d160b2afcfbe5bbbffb2d425bc2a8dd63f52
- SSDEEP
  
  196608:4A+K5NrULkCZNxUmPYLWDYqqaUeqA923VnJEhqY1TUmPYbWDi2r:4A1rUIMNWmQaD/t7GVnJErwmQqDx
Score

7^/10

adware discovery persistence privilege_escalation stealer
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral30
- Target
  
  tox tweaking/niggers/procexp.exe
- Size
  
  2.7MB
- MD5
  
  b5e7689f66866281c26503b58733d834
- SHA1
  
  efeee983af571f5e3e519935ec385225274d05e2
- SHA256
  
  0f2081ebd2ef0baafdd699dbd1b77853a35b50943418ed6207f896599f41084c
- SHA512
  
  a327d38c63049e7973df5668af07dded5dbe386e094c1e27af97059be3056bcf512293197837c514964a3d4009d6ea80d2a859de054b8be401f8d101dcc60e14
- SSDEEP
  
  49152:xygKkss5FYpJ1vU5LdVa2d0JbASq6lFPYhVBHxuzIS:YgKYYz185LdY4UUxuv
Score

8^/10

discovery persistence
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral31
- Target
  
  tox tweaking/niggers/str.exe
- Size
  
  136KB
- MD5
  
  958aa10581a9b1c402c5fac81ddf258f
- SHA1
  
  fa26a7cc9259be2ac11a20bed78916bf2e545516
- SHA256
  
  fe3cdbe2e332e48921ffa2a9697a66f71472d878154ba331d12adc7e7c767a2b
- SHA512
  
  c4f8d93e2443d199d9aabb65abc3597487fcf48b83366e66fe88ebd48993cd9c5054a76526b02a58190981022750b1e93bc66451abaa2e79ae379709e9ed2d84
- SSDEEP
  
  1536:WOjZxDRK/Quc5dnl04DG/jjhdja+RjmvXXY87eFj9PzHlVVU00:fz9KouYnl04DGekjmvIoe9nUB
Score

1^/10
behavioral32