9c0e95c7c80f6c07ea48109802a28bc9c3adfbcf7ed99018b21c2b3290f285ba

Sharing

Copy URL

Twitter E-mail

General

Target

KRLN.zip
Size

134.0MB
Sample

241118-14gjkaxbml
MD5

7bade8ca194f97869952c255d2855fc2
SHA1

27bee4ce4c6ab683c43a0e4a0d5c7fd1c3275795
SHA256

9c0e95c7c80f6c07ea48109802a28bc9c3adfbcf7ed99018b21c2b3290f285ba
SHA512

4d72366fa60448414e6913c95758eecf29139b4892bab120e0dc6a5ef757ea2354709c3c2ef56da2db9a58587830994720798cc0ea41d823a5fff58f66259518
SSDEEP

3145728:9Cph3Ws5SreKODzkeICJcg//E/6YWLvVPGiFDYaScxVrlp/kC3slz:9CpD5SCMOagkiYWQiF0aScxVnF3A

Score

7^/10

discovery execution

Malware Config

Targets

- Target
  
  KRLN/Bunifu_UI_v1.5.3.dll
- Size
  
  236KB
- MD5
  
  2ecb51ab00c5f340380ecf849291dbcf
- SHA1
  
  1a4dffbce2a4ce65495ed79eab42a4da3b660931
- SHA256
  
  f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf
- SHA512
  
  e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b
- SSDEEP
  
  6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
Score

1^/10
behavioral1 behavioral2
- Target
  
  KRLN/CefSharp.BrowserSubprocess.Core.dll
- Size
  
  1.1MB
- MD5
  
  fa4cb0d231ed4e3103508a5dd3366e56
- SHA1
  
  490015d65e96f957bec7f68aa25198dc7ba65d4b
- SHA256
  
  40f09be3d5da7cf969fd6a9d46a26dc741d86cb57f6e1d89c62f01cfecd9a143
- SHA512
  
  a51718f7700afc34161a2394c04efd9ec07af1281369365c2e3e5003d7f14faa496cd50a255e79c14e74eecde94ca31d170774f8052c21d7dfb54400a91d042c
- SSDEEP
  
  24576:TodgHdVobrDvK2PFAJkslrNMXBDjFEXSYgx+tvs0vetCJ2ZiVwhEDssQjPc8DnX0:T9gxIvs0vetCJ2ZiVwhEDssQjPc8DnX0
Score

1^/10
behavioral3 behavioral4
- Target
  
  KRLN/CefSharp.BrowserSubprocess.exe
- Size
  
  6KB
- MD5
  
  0e0a8f86b0ec37eda65df15e3639d3b1
- SHA1
  
  6e8b0f916db29a43079be39826541333aa4a1e67
- SHA256
  
  c2ffd85ce6b8bb5e41b264d3947086b4591d675ed46e5c8bc9471e04423bb634
- SHA512
  
  e3f53a8bc6898b48ef6d94a68f48d7df573fa9129393e644c4bfbdeea4bf392e03b4044617cbeb65b43f7af011cfa8b9983d26f26e3ad9cc1a48348f6772a2fa
- SSDEEP
  
  96:M6ZxAI7kdmQBDvDvjk3seFZJetmAbNt61OYcXe5U:RAIOmQBPvY3seFZisAYcXeS
Score

1^/10
behavioral5 behavioral6
- Target
  
  KRLN/CefSharp.Core.Runtime.dll
- Size
  
  1.7MB
- MD5
  
  b3de028b0a530fa38099ea1656b3c6fc
- SHA1
  
  a3a14230b3fc2200dbdfd3b2291c83015d0ce21e
- SHA256
  
  2fa2bb2e81ecb62d5fc550f5551ddbafc6b9b499217308d463f13df4579e453a
- SHA512
  
  65bfc0362108549d83482074bb85d7084dd0fc5a9f09b0a68d7e6dd96e1c3a4f75c77b1434f95d575323f72608410e54ceb694918d0c46ac1477096df423ed45
- SSDEEP
  
  49152:QNwM4GOkDvqcHCgrZi5P9xh0UsWLgiHesm2qCUD/yNWYxtYtUkjCKfL62gQkARgc:
Score

1^/10
behavioral7 behavioral8
- Target
  
  KRLN/CefSharp.Core.dll
- Size
  
  920KB
- MD5
  
  87fcedd1e06c3c6e5985616320f6e7df
- SHA1
  
  c5a4fd2931f39fcdcff0366a260ae131e688e98c
- SHA256
  
  cec6e0403a2dafea012ee965921f44657caec0f07e813b8f7d259d90351cb8b0
- SHA512
  
  9c0c4c975bc5be752b0fe757275337d089534d96f335ca7ab194a2cc366968a93dd210bd297f2f40ae8d4753026a21110173f48f8e87a8197d6fd323169bcdd5
- SSDEEP
  
  12288:AJYiopTEAzPl8OI9WDgVJpJJpJXX5PFE3yeDZ:ViIhgRhWieDZ
Score

1^/10
behavioral10 behavioral9
- Target
  
  KRLN/CefSharp.WinForms.dll
- Size
  
  52KB
- MD5
  
  2f93c2c8baa036bde6f4c4e038d7729a
- SHA1
  
  11fc4fc936cf6ff821df1a37b2733abeeb6d36cd
- SHA256
  
  8298c55b1687b3962f1ee4565bb77dbe76f583491d9b02cff7341c1138331a3a
- SHA512
  
  92832721161a3a9e9f8905ba91fc64f879abe421c9095bbc23c21ce4fcf89c0fa0ace3817fe976154ae6a6b2e050a43b1d5b91527e84d6bd6192df6930972897
- SSDEEP
  
  1536:so/AhwNZrYv1tYsQ8kmJOuUySMgYnbgL:sgNCvbYsQ8kmJOpyTgYnbgL
Score

1^/10
behavioral11 behavioral12
- Target
  
  KRLN/CefSharp.dll
- Size
  
  273KB
- MD5
  
  446717551db95d0630c652d196a8e8ca
- SHA1
  
  7a3d52f42822b9948db1fb7e408b5ee6867b4940
- SHA256
  
  3aca7c62000daa613e40714c0c4b7a8f99b9f392dc59adf66334be76f892028e
- SHA512
  
  4636c97d6e0ab7da9eb0dacc75fc9ab9fa5ed300bde31f72033d4bad44b453168c30d87a35bdcb39c9e096f6b66e198a798fa0dc97c6738092c742f0c8e447a0
- SSDEEP
  
  3072:I79yn4kb88X+7jbc16LMfqtgvzyWajH+cO2bm5kPExVX0TOKTAQtrz+pyUU2+tKn:fbtobyRfYg2tz+4AeMX0TjTAU+pmBK
Score

1^/10
behavioral13 behavioral14
- Target
  
  KRLN/KRLN.exe
- Size
  
  677KB
- MD5
  
  19f761c741774d9108d818beedf3b17e
- SHA1
  
  a866aafc66806286dbf94cbf7bba4c38578ed8aa
- SHA256
  
  3a16818503da9d146eb2eedb303589dc6f3bdf58b1eeba9a6bd7c1e7e3151f0a
- SHA512
  
  9c274c800901b9a1f57bd01f2f4613569c86612bd6f8dcd5fac07f57b43359e543068fecd4c5d0ff546d8163bd3ea27763eada80be8bb297b4874b5e5c7e6987
- SSDEEP
  
  3072:d4WMR9b4C9jdh559dJ12QcVXqLRY3pClghBCWyyCzn8sZL3l4gxHC2E+JQLujdzH:yWTCvL9d2VaLa3pClghtyV8sug5IuV
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral15 behavioral16
- Target
  
  KRLN/VisualStudioTabControl.dll
- Size
  
  12KB
- MD5
  
  365be8c17e1cce92c530abaf16d4c709
- SHA1
  
  a4c1f9cf40408c42a0865806b28c7552b0ba91f0
- SHA256
  
  af6815d815f4dfa21bd7ea9c0386b18359363478adc277870cf99577d9f5bba0
- SHA512
  
  532f246fc72d9f65936eaf8dc0e77d91b3d0f5070de1f5971d889232b1905a56f1dbccf896a9ebdafe268b9b9d34a91ea78904c92fdcca440e19d77134327c5c
- SSDEEP
  
  192:ap9gZJpVFf27JZE/3FaXIDbZHs3eJ/PCYOaPlgORNQEFKfyfPatuBsboFSOIP:S9gD8IDbptJ/7Oa7RNQTfCatumboIFP
Score

1^/10
behavioral17 behavioral18
- Target
  
  KRLN/bin/Monaco/Monaco.html
- Size
  
  8KB
- MD5
  
  74e77202d0934895ef1d2b6cfa4ad221
- SHA1
  
  b344e92ad35b1f4a8d0194760cc7e257b9008fe7
- SHA256
  
  2226791e9d5ca28c1b332a2844669ef0d4360dafce28b1cdc711d7bac10a0f79
- SHA512
  
  85ebd2329011f110768c1ee086ecf05e3d76b930c85a4636872d2a13fef51d3ddea2c3c5efc3239490b29dceca9797cd97fec871dadf8b7a1612e932e87c5973
- SSDEEP
  
  192:wFJd3PorvFv5pAv2tp5keghKtCI2MCTJ3+NLSaPh/WCY/juaajIlB:kd3Poh5p9v5keghuwjNajIlB
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  KRLN/bin/Monaco/vs/base/worker/workerMain.js
- Size
  
  149KB
- MD5
  
  27ead90c7702154755785e0e53398755
- SHA1
  
  86b59485fe6f6ccb1805183fa75062a2ac1c859e
- SHA256
  
  bdf9433692a08851e13dd58504eef19f51bd2ec7241923a68edf5772e0e53af5
- SHA512
  
  6829681575179c90bb7817b17feee60e7d44d8abb15264ab39d7f0edf95dd1d030b99c12b005c753cd786c26ce6f17ff09b058c16f3363596f785e386ef78e82
- SSDEEP
  
  1536:XNSxrkwnz+dTHHfvYYdBwDZ2Ogvh52xgh2hQXIvTBaB7hU74Yc6aphU1PblosJEl:XzdTagJkb+6jFlJJEt9yjjTCD2zw
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  KRLN/bin/Monaco/vs/basic-languages/lua/lua.js
- Size
  
  8KB
- MD5
  
  9cf08ada63c048e4e38c8816409ed958
- SHA1
  
  75a2564071cb1ff7c160d6ed385b9c32ed8a45df
- SHA256
  
  c171352021b601d49147f9c8a8b241ca0d8e905f79937164ac824ad2ff3f9ccc
- SHA512
  
  636e25d27ecd211b535845c7f7e5b546a5f50ccfa5d321d37fac0a155b6a001047f86bb5e514ee138efb82b88da6c3e4ea3db2a0bcf4918a274c9ff33145dd34
- SSDEEP
  
  96:SD3yDUnHWD5dyVLY7SvEFR88iqIZkQBZZMP4etFbhBuMCL8CvcOAtOfxBVkxMZlT:nDGHydyNY7SsfkFedmUtOfxQxjE
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  KRLN/bin/Monaco/vs/editor/editor.main.js
- Size
  
  2.0MB
- MD5
  
  9399a8eaa741d04b0ae6566a5ebb8106
- SHA1
  
  5646a9d35b773d784ad914417ed861c5cba45e31
- SHA256
  
  93d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18
- SHA512
  
  d37ef5a848e371f7db9616a4bf8b5347449abb3e244a5527396756791583cad455802450ceeb88dce39642c47aceaf2be6b95bede23b9ed68b5d4b7b9022b9c8
- SSDEEP
  
  24576:SmmBNDw4gCXJkB4nIg2IxhbaeZYIMsNjvit4f:wDw4gCXJk62+aeKIMsNjvit4f
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  KRLN/bin/Monaco/vs/editor/editor.main.nls.de.js
- Size
  
  36KB
- MD5
  
  4d83bc1bced6f773423be6f939472cfe
- SHA1
  
  1b42889a7f580df9f7d399c33141d38548143ed1
- SHA256
  
  0dee462d5fb231f169f6cbc432465a43fd445c011fe650e29f5fb2bccc31eaae
- SHA512
  
  c53d522438767a15b5711099fee0acb62ff21289b62640d1a4823a90c8a7d8836bc932daae477d5188b1ba78c50c581284c4d7379efb532f37d356add97ac8e4
- SSDEEP
  
  768:jADv7LbgRyefe80QqYax/mZgb2ET1UZ0IMlYmz7w0hxH1N1Bg93RyFGAIDB7wZ9m:jADDx80QqYax/mmb2YLIEYmz7JhxH10D
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  KRLN/bin/Monaco/vs/editor/editor.main.nls.es.js
- Size
  
  37KB
- MD5
  
  b371235f971baa51f58f123f40c4435a
- SHA1
  
  843d4a2d214c7d9da650cf4d0c6981ac1dab69c6
- SHA256
  
  203ff3591e02eb7b55a591e53919cc337f8dea73e6446fc3493227761c0794ba
- SHA512
  
  77d43490f1208dde16b6773551ea983cb2352455178ea0e3d4d4b2f2e05dc406cafae89738001d708b780b58882cf5448eb7a8d1c11aa7b8e87915a390da618a
- SSDEEP
  
  384:hwuiA9wZFjNzWZQz7uDlnDEuoKZvGrkEq1EhBR3H6Sg4eUz+JWCHcxS+S9SxS9tf:Y9ZCZQOtDZSj1XJS+S9SxS9tx78teB
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  KRLN/bin/Monaco/vs/editor/editor.main.nls.fr.js
- Size
  
  40KB
- MD5
  
  d319e61fc6b357b9a5d8e3bbaa44ce3c
- SHA1
  
  b1539b082b2b8290f05dfe17d6fee3d64b2ec244
- SHA256
  
  7fde40b2b212d274617232de09452c6cb896e8a3c6b9e0b459f067cd07f31a99
- SHA512
  
  6ba80b90242dc55ecfa1678e7f8506ed9add4bf08067b125ba63d42b8e8e4455507a86369f6fac6c9d10565d083e7364d4fc79d62e9bd460fe49957c91f598e6
- SSDEEP
  
  768:HlKogi6Q3JbQWxxGmmrHeHPO10xSgGvJ1COIoJoZjbEMO9ms:Hl8KbQwKRavGJoZG
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Network Service Discovery

Checks system information in the registry

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32