General

  • Target

    Rubluk.zip

  • Size

    3.2MB

  • Sample

    241223-akxhkasner

  • MD5

    12dc74e2330fdfdf9cf7bc94cad13445

  • SHA1

    c2017f598e0dda4894beddb9980cdd620368e08a

  • SHA256

    497befb41ee97cc8730da0e2269df5d1db12196adcf40aa3694bb52b3d3b53ed

  • SHA512

    2258da5257b780e396e24c49ce208bf1d16a9b9d0f0fb7ffcf9c416aa9d8b6ca2219fc6e4fc178d4a12091f4ffca5b0c35800ac35116ad7a6b4ec47753b17c45

  • SSDEEP

    49152:AC6yT3Me26OQeCLwJ8vU5/IXkEBoR+K39/sv3GV/k5N8y2KJ20rV9feE:AqMe2+eCrIqBosuY3GV/kzEKJvX9

Score
7/10

Malware Config

Targets

    • Target

      Rubluk/Bloxstrap-v2.8.1.exe

    • Size

      11.1MB

    • MD5

      60246a70b28a9d7ef6a2dfe009e48075

    • SHA1

      8dd51b8460307f785690008657918540a8ee4998

    • SHA256

      e9091fa15944a451e792674cf408e400a5e6391cd31160040210b494bd723f17

    • SHA512

      551ffebc64b11e21a234b3ac5a1e103e5cf0ff4fd4d5b71628d0c4215b24fbca946cc7dc14571667214dca86ae9c3327c928b996be456529f84bb2f4a0901e5f

    • SSDEEP

      98304:NqZ+pv3Tscod5DFasb/r5vGWD3EOYoHwfLk3vSmaR0+Mc4AN0edaAHDfysrTlq:NqZ+pLscVsb/r5vGlObAbN07

    Score
    1/10
    • Target

      Rubluk/Bootstrapper.exe

    • Size

      800KB

    • MD5

      02c70d9d6696950c198db93b7f6a835e

    • SHA1

      30231a467a49cc37768eea0f55f4bea1cbfb48e2

    • SHA256

      8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

    • SHA512

      431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb

    • SSDEEP

      12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

    Score
    7/10
    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks