Overview
overview
9Static
static
7Bunifu_UI_v1.52.dll
windows7-x64
1Bunifu_UI_v1.52.dll
windows10-2004-x64
1FaderTheme.dll
windows7-x64
1FaderTheme.dll
windows10-2004-x64
1FastColore...ox.dll
windows7-x64
1FastColore...ox.dll
windows10-2004-x64
1FlatUI.dll
windows7-x64
1FlatUI.dll
windows10-2004-x64
1Guna.UI.dll
windows7-x64
1Guna.UI.dll
windows10-2004-x64
1Guna.UI2.dll
windows7-x64
1Guna.UI2.dll
windows10-2004-x64
1LogIn Them...xi.dll
windows7-x64
1LogIn Them...xi.dll
windows10-2004-x64
1Login Theme.dll
windows7-x64
1Login Theme.dll
windows10-2004-x64
1MaterialSkin.dll
windows7-x64
1MaterialSkin.dll
windows10-2004-x64
1MetroFramework.dll
windows7-x64
1MetroFramework.dll
windows10-2004-x64
1Newtonsoft.Json.dll
windows7-x64
1Newtonsoft.Json.dll
windows10-2004-x64
1Twist Spoofer V.2.exe
windows7-x64
9Twist Spoofer V.2.exe
windows10-2004-x64
9General
-
Target
TwistSpooferV.2.rar
-
Size
5.0MB
-
Sample
250109-vgetkaxkeq
-
MD5
247fae93cf5dab2ca6c98e23851ec9e0
-
SHA1
f0c9981de3f80b29773871e3027378418cbfa772
-
SHA256
2bdd3f2687c741914ef795ea2d996fa7df6507fd612adff54f49b39b343b952e
-
SHA512
29bbb670a36be11b2fabf1fd9f1cc97084e659ab1eb9bf33f2c770295b8501663c82693f02191579ff095da7c4b34b9279426a970e6aeb5fbce1e06e17e4d01c
-
SSDEEP
98304:5ie4zzlge+Pms3RImAnvu+hOEj8VLlAukT+3uEnSP0TeSNHcw:5ulT+PjI9vJhOw8H1nS6evw
Behavioral task
behavioral1
Sample
Bunifu_UI_v1.52.dll
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Bunifu_UI_v1.52.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
FaderTheme.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
FaderTheme.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
FastColoredTextBox.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
FastColoredTextBox.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
FlatUI.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
FlatUI.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Guna.UI.dll
Resource
win7-20241023-en
Behavioral task
behavioral10
Sample
Guna.UI.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Guna.UI2.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Guna.UI2.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
LogIn Theme Dll By xVenoxi.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
LogIn Theme Dll By xVenoxi.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
Login Theme.dll
Resource
win7-20241010-en
Behavioral task
behavioral16
Sample
Login Theme.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
MaterialSkin.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
MaterialSkin.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
MetroFramework.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
MetroFramework.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
Newtonsoft.Json.dll
Resource
win7-20240729-en
Behavioral task
behavioral22
Sample
Newtonsoft.Json.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
Twist Spoofer V.2.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
Bunifu_UI_v1.52.dll
-
Size
220KB
-
MD5
3764580d568e4fc506048e04db90562c
-
SHA1
e8d2771a4891ad7b751c4ac153f599d7d58ebd31
-
SHA256
27c8cea7e793ace737415881a5c16b4e2d98ce46609d272e82c6c905ad2d9f36
-
SHA512
fdc11be9388034404c9c71a60374486ff15d552bd8e9f7f74ca345e7d40df20dcb992e6d4e7b509e31e53c910e33ed8e275467da92c30193d6fab16934491763
-
SSDEEP
3072:UYZOzNgqlPPL42pFzo3tgyGkToR74K5BC6u+QVTNDcHaDDPuD6bl4:UYZYgEr44Fzo3tFIEKiJNDcHKPueb
Score1/10 -
-
-
Target
FaderTheme.dll
-
Size
42KB
-
MD5
302e768df383ff31d00a1363fd6326a6
-
SHA1
10168dcadc97e1c53140febbabc46357c1c2c4cc
-
SHA256
436af8fcb1e74f928c4300e8ca8b604525798c8b0c132060366d58543998d851
-
SHA512
54e3222dd620a446ccfc8303debec89383e07a5a550d601881db7983c1a0a847f7ad4a972a04c9a20d3ce73f94dccdd6a82070aea3630217b8f60767ddaae164
-
SSDEEP
768:jPLSbA+0BJihCy0f8IXcyyp9j2D34mjZ5fd0fcgaZd7:jmmaDKrnHfd0EJx
Score1/10 -
-
-
Target
FastColoredTextBox.dll
-
Size
325KB
-
MD5
adac0cee5cc4de7d4046ae1243e41bf0
-
SHA1
c8d6d92f0dbee64d0f4c0930f0d2699a8253e891
-
SHA256
68d0e444c0b27552d2cb86501dcb7db3fd64b82d966e9708db0408ec1ba38c79
-
SHA512
1d7af604540532a4121850760b1e401bb6356e59503c26f3d1fa358a105b7d88362c92f78aa4394095b165f06c484b8c2d2ed640380e85ef9b3eb087d3e7c869
-
SSDEEP
6144:CbgkJe4jG4m3oCCClXA34Wm5pVg/IWTKZCQOsqJLDd5eNqwDl1HD5:CbgEGv3oCCQAohVgSLmeNfD
Score1/10 -
-
-
Target
FlatUI.dll
-
Size
56KB
-
MD5
797261f587bb9c6b223b81d31d3b1507
-
SHA1
4c030666f808841a9c5e8bba14ef4b2874826af2
-
SHA256
ee5aa955cc297fd7adbe641ee3a913d08fc0013c239b9710c9c87e10002db089
-
SHA512
1dae643d1c6f71aedfabad43ea687bde8288a510342315c86887b6c18337fe8b5ec61f686ae511e30a8fca7aa9347b3f6ff5f9b6c9f4017dff3aec000858d358
-
SSDEEP
1536:qIMXFjCv9IDuPx5ADHH7oPB2v1uv3yGzSlFIM6:qIMXFjQ9IDsPALbo+y3yGzSlFj6
Score1/10 -
-
-
Target
Guna.UI.dll
-
Size
1.1MB
-
MD5
8673eae95d67e5eb19f0eca3111408e8
-
SHA1
ad3e1ce93782537ffd3cd9e0bb9d30ae22d40ddb
-
SHA256
576d2de2c9ef5bc1ea9bdd73ae8f408004260037c3b72227eed27e995166276d
-
SHA512
65c4eadf448a643f45fa9a0d91497bb25af404c41a3a32686d9e99ba4f4e50783d73f5b13d5df505cc62c465be300746d84a2eaa8000531893cd0b19d6436239
-
SSDEEP
24576:hUsmpWNSUFmCqJPNsTuJDYYviEcHy1t6Y:hSUQWSF8q
Score1/10 -
-
-
Target
Guna.UI2.dll
-
Size
1.8MB
-
MD5
7061ac2f87e8db0364c04086380dfc63
-
SHA1
045d89d8ce52cb444514baaf9cfaf5035a2aa4e4
-
SHA256
32b73e4a55feeef7aa4a5b676d44bff1d675d8adead0587d5067375fd8e201e4
-
SHA512
f943ec4c5be28030ef8a7f828b8a1aadb2a05c524119bf9c7ccb85efa0196e9d8ad958754f2f07f9ff7b4f51b698c578e49be1249e689717e9aa6932a0b0a9e4
-
SSDEEP
24576:sbB6GDPbT5cHJ6jGuIulsTUNXUkN8Iohi4l5G2mJTgd1wQliUwr2rBNNx:m601Vl+8XbNbohVl5oTu+QpisB9
Score1/10 -
-
-
Target
LogIn Theme Dll By xVenoxi.dll
-
Size
115KB
-
MD5
f3a5fd717a0782c88641cdec9e66ea64
-
SHA1
0128f6577dab38a097606e483f962ef98fa085cb
-
SHA256
04d7e61f6102a9cfb7e262211880d1a2ac89ad5edf30cf4d28ac5e1444ee4c97
-
SHA512
6bc88a3dac591420d97e39b0541bae115c8266401dbf54ca5623fcf9b3c0c25d5dbc9e20f08597a20fa5913266547846a867f071d4adbedcb2377ef8cad997b5
-
SSDEEP
3072:Anv5NgCErhIh8PPKYnVobmgJzf/aDVt3WEl9mRzaqBnpm13KGfo74diqiRMoQd:ex6Y9H7fMoQ
Score1/10 -
-
-
Target
Login Theme.dll
-
Size
102KB
-
MD5
34b9583b485e101ebbd9fd100699eab0
-
SHA1
63a8ed0e336f7ade8664c8ecff81eb473f9d4d05
-
SHA256
8879dcfb480f0b3c47414eef8ec50d57f13c6c0895644000b17a38e465896d7a
-
SHA512
467dea806fb1746a8eae12cf2d7cc7029a0a237790904c49fe22d809cfc582a81537bd6cb4c0fe1a34bce259bf20609924a0cc62b5335ed6d279ee26c1baa30e
-
SSDEEP
3072:t+J/etFDnZZyuO/O3NWmsqPb9FtiP2MoQ75:t+0bZZyuO/mfMoQ7
Score1/10 -
-
-
Target
MaterialSkin.dll
-
Size
574KB
-
MD5
dae45e51f8763bd0369a221480db0ee1
-
SHA1
e52bdbd4e13081a014d03bffaec7d3f0969c8822
-
SHA256
b9879df15e82c52e9166c71f7b177c57bd4c8289821a65a9d3f5228b3f606b4e
-
SHA512
660fc090dafd639c57601290be1783a77fc96729bde628a2fb846f2c0a9c8f504f0984c9f6c4b0c4797d29c224320c8fbda0bb09188a10a3170a9e681d91a977
-
SSDEEP
12288:rkkxswcXKC2zNWfm2YRm5sm2YRm5hkxswcXKC2zNWB:rkZX9uWfm2Yysm2YyhZX9uW
Score1/10 -
-
-
Target
MetroFramework.dll
-
Size
149KB
-
MD5
44538b311e9ec2bcf0a6452702628d99
-
SHA1
da67301539903775708e9ec913654851e9e8eade
-
SHA256
baf326f52d39155d722465947f4cc67e6e90cfd0f89954eab959568e9bc342aa
-
SHA512
b65e3bc1c0f7b4c8f778cf52a36d628301d60aab53fdaf0355163e4865bc3d3adbf8870bb6cefc604708fdf2c0e72258eaf2fe301d524af2f77bc08014c9610a
-
SSDEEP
3072:LU0T+erz8jYxYg5lzrPHlMUzxXd4kRZPI9q:vT+erz8jYxYgv/lxXGWPS
Score1/10 -
-
-
Target
Newtonsoft.Json.dll
-
Size
659KB
-
MD5
4df6c8781e70c3a4912b5be796e6d337
-
SHA1
cbc510520fcd85dbc1c82b02e82040702aca9b79
-
SHA256
3598cccad5b535fea6f93662107a4183bfd6167bf1d0f80260436093edc2e3af
-
SHA512
964d9813e4d11e1e603e0a9627885c52034b088d0b0dfa5ac0043c27df204e621a2a654445f440ae318e15b1c5fea5c469da9e6a7350a787fef9edf6f0418e5c
-
SSDEEP
12288:rktg1lrjC8rjICqbwNjR4xq7iiX19K7Df/SoOKQrIB+jfP:rggD7PIEjR4xq7iiXTK7D3So9AIB+jn
Score1/10 -
-
-
Target
Twist Spoofer V.2.exe
-
Size
2.9MB
-
MD5
f2bb0da0031d7369c104437e43db4f5d
-
SHA1
a531734ed49630ebe404ebc4dad180b86e2e9642
-
SHA256
86c60180c1e05a877a7b5e4b4ad5a8627e5a5373874d2ce53f5e55c72b24651f
-
SHA512
a0eef9ddb72e96f27c489fd2c942d4a31876f468683d10e729aa625cf077dad23515ab43ed1c0679ccd82762879a5bad6c2d4de5bfb2a9a645949fecb1b75d27
-
SSDEEP
49152:bsmhnqAs9pJc0dnKh+Q0N1rs+vIUSg+6+8ohnRh1Na1OKM6nYAKhFQpSH3Oh5gxr:dqXpy05Q0N1rsYSZ6BoXh1kkypSH3Ohs
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1