Overview
overview
10Static
static
10Trojan/BlueScreen.exe
windows10-ltsc 2021-x64
5Trojan/Bolbi.vbs
windows10-ltsc 2021-x64
10Trojan/Carewmr.vbs
windows10-ltsc 2021-x64
4Trojan/Dud...an.bat
windows10-ltsc 2021-x64
1Trojan/Fra...n.docx
windows10-ltsc 2021-x64
1Trojan/Grave.apk
windows10-ltsc 2021-x64
3Trojan/L0Lz.bat
windows10-ltsc 2021-x64
8Trojan/Malum.apk
windows10-ltsc 2021-x64
3Trojan/Mis...st.exe
windows10-ltsc 2021-x64
8Trojan/Mis...er.exe
windows10-ltsc 2021-x64
8Trojan/Mis...RC.exe
windows10-ltsc 2021-x64
8Trojan/Mob...re.apk
windows10-ltsc 2021-x64
3Trojan/Mrs...or.exe
windows10-ltsc 2021-x64
MrsMajor2.0.exe
windows10-ltsc 2021-x64
Trojan/Mrs....0.exe
windows10-ltsc 2021-x64
10Trojan/Offiz.html
windows10-ltsc 2021-x64
4Trojan/Spa...rk.exe
windows10-ltsc 2021-x64
7Trojan/Spa...rk.exe
windows10-ltsc 2021-x64
9Trojan/XCS...f54ca6
windows10-ltsc 2021-x64
3Trojan/XCS...2aed41
windows10-ltsc 2021-x64
3Trojan/XCS...b54692
windows10-ltsc 2021-x64
3Trojan/XCS...00f6c1
windows10-ltsc 2021-x64
3Trojan/elite.apk
windows10-ltsc 2021-x64
3Trojan/mobelejen.apk
windows10-ltsc 2021-x64
3Trojan/vi4a.apk
windows10-ltsc 2021-x64
3Analysis
-
max time kernel
97s -
max time network
210s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241023-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
06-12-2024 10:38
Behavioral task
behavioral1
Sample
Trojan/BlueScreen.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral2
Sample
Trojan/Bolbi.vbs
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral3
Sample
Trojan/Carewmr.vbs
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral4
Sample
Trojan/DudleyTrojan.bat
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral5
Sample
Trojan/Frankenstein.docx
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral6
Sample
Trojan/Grave.apk
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral7
Sample
Trojan/L0Lz.bat
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral8
Sample
Trojan/Malum.apk
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral9
Sample
Trojan/Mist/MistInfected_newest.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral10
Sample
Trojan/Mist/MistInstaller.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral11
Sample
Trojan/Mist/MistInstallerRC.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral12
Sample
Trojan/Mobile_Legends_Adventure.apk
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral13
Sample
Trojan/MrsMajors/BossDaMajor/BossDaMajor.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral14
Sample
MrsMajor2.0.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral15
Sample
Trojan/MrsMajors/MrsMajor3.0.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral16
Sample
Trojan/Offiz.html
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral17
Sample
Trojan/Spark/NETFramework.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral18
Sample
Trojan/Spark/Spark.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral19
Sample
Trojan/XCSSETMacMalware/TrojanSpy.MacOS.XCSSET.A.6614978ab256f922d7b6dbd7cc15c6136819f4bcfb5a0fead480561f0df54ca6
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral20
Sample
Trojan/XCSSETMacMalware/TrojanSpy.MacOS.XCSSET.A.6fa938770e83ef2e177e8adf4a2ea3d2d5b26107c30f9d85c3d1a557db2aed41
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral21
Sample
Trojan/XCSSETMacMalware/TrojanSpy.MacOS.XCSSET.A.ac3467a04eeb552d92651af1187bdc795100ea77a7a1ac755b4681c654b54692
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral22
Sample
Trojan/XCSSETMacMalware/TrojanSpy.MacOS.XCSSET.A.d11a549e6bc913c78673f4e142e577f372311404766be8a3153792de9f00f6c1
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral23
Sample
Trojan/elite.apk
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral24
Sample
Trojan/mobelejen.apk
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral25
Sample
Trojan/vi4a.apk
Resource
win10ltsc2021-20241023-en
General
-
Target
Trojan/XCSSETMacMalware/TrojanSpy.MacOS.XCSSET.A.ac3467a04eeb552d92651af1187bdc795100ea77a7a1ac755b4681c654b54692
-
Size
21KB
-
MD5
48d5f141c857e6779c7c4a01b3bf32fb
-
SHA1
04b823a72f134918f64cd6bbac8251f95a42b052
-
SHA256
ac3467a04eeb552d92651af1187bdc795100ea77a7a1ac755b4681c654b54692
-
SHA512
8fcdfec06e2aa7bf61fdf87e4b3af765c6ef88e35288d9a6ee615b1f964b8d6849adbbbaa0840c20ebc399089be3173cb87f6c51694dd0b6762ee40ce3761f30
-
SSDEEP
192:K49FWBrdjgJl9mgxUdmcX+OBKccXlWKEx07pX8bQ1xKgwvmFkXyfgZ/JQAaKxkC6:/UjG8g2m0+OBK7X7lKUuy4NC/KxV9
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1428 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Trojan\XCSSETMacMalware\TrojanSpy.MacOS.XCSSET.A.ac3467a04eeb552d92651af1187bdc795100ea77a7a1ac755b4681c654b546921⤵
- Modifies registry class
PID:1068
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1428