General
-
Target
Rubluk.zip
-
Size
3.2MB
-
Sample
241223-akxhkasner
-
MD5
12dc74e2330fdfdf9cf7bc94cad13445
-
SHA1
c2017f598e0dda4894beddb9980cdd620368e08a
-
SHA256
497befb41ee97cc8730da0e2269df5d1db12196adcf40aa3694bb52b3d3b53ed
-
SHA512
2258da5257b780e396e24c49ce208bf1d16a9b9d0f0fb7ffcf9c416aa9d8b6ca2219fc6e4fc178d4a12091f4ffca5b0c35800ac35116ad7a6b4ec47753b17c45
-
SSDEEP
49152:AC6yT3Me26OQeCLwJ8vU5/IXkEBoR+K39/sv3GV/k5N8y2KJ20rV9feE:AqMe2+eCrIqBosuY3GV/kzEKJvX9
Static task
static1
Behavioral task
behavioral1
Sample
Rubluk/Bloxstrap-v2.8.1.exe
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
Rubluk/Bootstrapper.exe
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
Rubluk/Bloxstrap-v2.8.1.exe
-
Size
11.1MB
-
MD5
60246a70b28a9d7ef6a2dfe009e48075
-
SHA1
8dd51b8460307f785690008657918540a8ee4998
-
SHA256
e9091fa15944a451e792674cf408e400a5e6391cd31160040210b494bd723f17
-
SHA512
551ffebc64b11e21a234b3ac5a1e103e5cf0ff4fd4d5b71628d0c4215b24fbca946cc7dc14571667214dca86ae9c3327c928b996be456529f84bb2f4a0901e5f
-
SSDEEP
98304:NqZ+pv3Tscod5DFasb/r5vGWD3EOYoHwfLk3vSmaR0+Mc4AN0edaAHDfysrTlq:NqZ+pLscVsb/r5vGlObAbN07
Score1/10 -
-
-
Target
Rubluk/Bootstrapper.exe
-
Size
800KB
-
MD5
02c70d9d6696950c198db93b7f6a835e
-
SHA1
30231a467a49cc37768eea0f55f4bea1cbfb48e2
-
SHA256
8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
-
SHA512
431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
-
SSDEEP
12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz
Score7/10-
Loads dropped DLL
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-