General
-
Target
Court.Project.V1.1.rar
-
Size
89.8MB
-
Sample
241225-n659gsspgn
-
MD5
7b8280ea1912fa02187b5efabda0d940
-
SHA1
1995974dcd2322a4c6f5fe4b9a8a790112bcc8b9
-
SHA256
aa2bc6bdab3c1cd9cc94e92a00f2501ffd6bef384e69e605b9533ee4a9af2fcc
-
SHA512
e7ced2e058ac07b91ef079b652ae46fcb5738e1ccfeb33d54891e1ab1938ef3a08ee2339b3204a925e055b70b6b0f7de78f42c745d69ae684c7f1dde104dbba2
-
SSDEEP
1572864:ve8bKeXy7lNKhbtO9RlEpmv0b7540aRaTw9/6SsPdIUzakaI8Dbt00E+WbEZO:pKeXy7lkhbKRlNv0nXU1idIqeDbxIbE4
Malware Config
Targets
-
-
Target
Court Project V1.1/AIO.exe
-
Size
17.7MB
-
MD5
401a1cbd5e2b10c3e4f167dc1f7bb4f1
-
SHA1
ad74dfb0cb89794f0f13a21f35644ad51eab6ba7
-
SHA256
22e7c140c849ad87f0d9f9624374045712c8a2f4c38befa85a92330fe2382316
-
SHA512
df58e49d75dfe0b46057486d1117c422ff77d4b64d5bf4a14e0b9772600091b19d743793fdd7fc2e3031dc72cb6f50e0f1077cae3040a1dec9f5fe8df3464e8d
-
SSDEEP
393216:kMr/sMzD1BTFAj8ItCGsm37tPIHHlWlf3TD:kWk0pBTFADzOnlM
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
-
-
Target
Court Project V1.1/Court Project.bat
-
Size
75.3MB
-
MD5
237a78a3b4b36d749f0e46d26dbc965b
-
SHA1
f73af65ad456feb2bf5159161ff4b9ace5202598
-
SHA256
26cf8403cb6124796a98eb4644b3d75569bea2ba156456d0dd1b0b04ad3b3572
-
SHA512
7223a6692a131c47c7aade3a0ddd7a1fb3dbb420e824921b508565d7363185229d419e3df9e4dd3abf96200945ad076c592712fecf68f47b7e7d9105c59eac89
-
SSDEEP
1572864:ivFUQpjkuwSk8IpG7V+VPhqS0E7WZRjRH2PRQvS6f97PyhonB08yfXWulZvFVN:ivFUqA7SkB05awSgZRdW2S6f9jnB08Qd
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
Court Project V1.1/Doxinfo.exe
-
Size
90KB
-
MD5
078639fa0eda91454c03374bb90d938f
-
SHA1
a10c694f38759187098c57d63c0ae925322cdfa9
-
SHA256
cc2028db9daecfc962308f695bca0d46ea2e451984e4762c14dd8c3f3f055bae
-
SHA512
1f0348ab86e54df0928e99005ce7e9f097eed5a57f1dfad1dae6994725fef194ae7cdbe965f872b446465a566a523f587f01292f8e966fbdcb367227a098360e
-
SSDEEP
1536:mLdD+0MON593j/NL0R21zt2kxi9dBkLpwWoNVzqkjaOT:mLdSro1xL221ztidmWr1n
Score3/10 -
-
-
Target
Court Project V1.1/Doxing.py
-
Size
4KB
-
MD5
757f7434780f6f1f93845702ff7725d8
-
SHA1
a5bdef426ee67c718e904c7ffa28c43b4e863207
-
SHA256
40628d75875a6a3c0f64180b9d9d717662c43f736aeb698477b239faa7561731
-
SHA512
14d633d3d23ee786b68e8b06b6c4ae0aa6fe639509093f56481c81a58649494011d5f8cf6f864bb3df8217d690b0a509da0c4e0e577665dddc6a6931532dcb25
-
SSDEEP
48:kCBrU1pXKzr4waWWgYxUHNCKVYS/y9JziuVYokF4Nm:kCtpv4waWz7H4yYyy9xNVjkFF
Score3/10 -
-
-
Target
Court Project V1.1/Doxtracker.py
-
Size
11KB
-
MD5
e7dba9b015c58535008115046bd6fa0b
-
SHA1
d9f50988cb0340ca5adcf1c79aad1caa1d29cfe9
-
SHA256
8828ec1c99732a088ceceb9b3cdc6e63d96971e560f5afa65387a2002c9b1577
-
SHA512
255de130f45b9a0d27fa4aafaa9e436a39d3f8cef9b49201eb016385244b4fbd43b2180d610a80c8e5ca79fea4eeef3210308b10304aa85b27c91db6439617bb
-
SSDEEP
192:tVF6HAIn/8X0N8TQEXQGKm8ro66EaeTKv/r6TEVxtGvob3x6YEapTVrFHCEAyIgv:tVPg0X0NiQEXQGKm8ro6UqKv/rgEVxt/
Score1/10 -
-
-
Target
Court Project V1.1/GmailSpammer.py
-
Size
5KB
-
MD5
40eac701774d6181f4f28fce96da1c34
-
SHA1
7adb0497e41b41af1cf683509c9149bbf074e237
-
SHA256
8b81d375b6d2131d0341a796eedb18f68b6db3a4d1b4134bc239bfcd401d70f2
-
SHA512
50ce86c4cb9be78917ad951cb2af3f1cdc2cd7d0c105916d91d9556d97962b5acec4163737f55d64f238265100cb6332dca026abeec759fbd7a3a22048e3a160
-
SSDEEP
96:6JLQjBSmsmsyOb81cxnV1WKV1lBVU7mGb7b6b2OTTIXVViBB7bpHvteoorEkgl+Q:6qj4msmsFzI7mGvW6nWpPopu29U/psUR
Score3/10 -
-
-
Target
Court Project V1.1/iplookup.exe
-
Size
2.1MB
-
MD5
cb4903c1c4f23b021905da634c002f04
-
SHA1
c2ccf3a1e5037c6e540b94a59e2c367ba8cd9090
-
SHA256
49945b5eb3f80e6bb9dba81c6c6f643245bb0831ce2f6e5abf4db12ab6709b76
-
SHA512
7f632331ba7f2fdd3c76f7f158a1cd6e79be796f2dc9f9149b7a071bb77b35fc4f0c6f189a8179eaf4947533513a3f926c879c50c8cf6cb13abdd424113f48fa
-
SSDEEP
49152:PFkR/VWoA1QfIBoq2Pkbu5Gk6hQW/3f2V1mPzidqz/CIaB2w:NkR/VMCGvj/vYkP9aB
Score7/10-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Court Project V1.1/phone.py
-
Size
913B
-
MD5
0a9939cd780f54b08593509d8efce5aa
-
SHA1
4a5cb2c39f53a1cf945082acdfe966c5d3ccf2a0
-
SHA256
879a15ee153cfd588b61bf07fc56e5fd8a6c3f6bcb42230acfee2e22f19ce536
-
SHA512
592f0152cc85618fcb263105b147b1f7d45a6c037c76801a310fca68658b29504f49efa2d0d4fff89e72fece8b9bba26d1857db2cc4a50b8073602ddcff85674
Score3/10 -
-
-
Target
Court Project V1.1/reversepic.py
-
Size
754B
-
MD5
e0b3a04647ba02465a2f78eb9cb3188b
-
SHA1
04a5b88356f859912bb77a8eb7b32294f0b8d37c
-
SHA256
f0729606e3e1f981f2c1453f3658fb6af59d69b5cf80b51d2b12b562680e5fb4
-
SHA512
4390acd76d3f42a764bf34e95a7f555ea8eaa2fa27d2f4b2c7b28a37345a3f08f3d6a96cc6e1bee272556bb694774a41d70a8ec303b07bee436f785fcaeeba13
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
2Obfuscated Files or Information
1Command Obfuscation
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
1