General

  • Target

    TwistSpooferV.2.rar

  • Size

    5.0MB

  • Sample

    250109-vgetkaxkeq

  • MD5

    247fae93cf5dab2ca6c98e23851ec9e0

  • SHA1

    f0c9981de3f80b29773871e3027378418cbfa772

  • SHA256

    2bdd3f2687c741914ef795ea2d996fa7df6507fd612adff54f49b39b343b952e

  • SHA512

    29bbb670a36be11b2fabf1fd9f1cc97084e659ab1eb9bf33f2c770295b8501663c82693f02191579ff095da7c4b34b9279426a970e6aeb5fbce1e06e17e4d01c

  • SSDEEP

    98304:5ie4zzlge+Pms3RImAnvu+hOEj8VLlAukT+3uEnSP0TeSNHcw:5ulT+PjI9vJhOw8H1nS6evw

Malware Config

Targets

    • Target

      Bunifu_UI_v1.52.dll

    • Size

      220KB

    • MD5

      3764580d568e4fc506048e04db90562c

    • SHA1

      e8d2771a4891ad7b751c4ac153f599d7d58ebd31

    • SHA256

      27c8cea7e793ace737415881a5c16b4e2d98ce46609d272e82c6c905ad2d9f36

    • SHA512

      fdc11be9388034404c9c71a60374486ff15d552bd8e9f7f74ca345e7d40df20dcb992e6d4e7b509e31e53c910e33ed8e275467da92c30193d6fab16934491763

    • SSDEEP

      3072:UYZOzNgqlPPL42pFzo3tgyGkToR74K5BC6u+QVTNDcHaDDPuD6bl4:UYZYgEr44Fzo3tFIEKiJNDcHKPueb

    Score
    1/10
    • Target

      FaderTheme.dll

    • Size

      42KB

    • MD5

      302e768df383ff31d00a1363fd6326a6

    • SHA1

      10168dcadc97e1c53140febbabc46357c1c2c4cc

    • SHA256

      436af8fcb1e74f928c4300e8ca8b604525798c8b0c132060366d58543998d851

    • SHA512

      54e3222dd620a446ccfc8303debec89383e07a5a550d601881db7983c1a0a847f7ad4a972a04c9a20d3ce73f94dccdd6a82070aea3630217b8f60767ddaae164

    • SSDEEP

      768:jPLSbA+0BJihCy0f8IXcyyp9j2D34mjZ5fd0fcgaZd7:jmmaDKrnHfd0EJx

    Score
    1/10
    • Target

      FastColoredTextBox.dll

    • Size

      325KB

    • MD5

      adac0cee5cc4de7d4046ae1243e41bf0

    • SHA1

      c8d6d92f0dbee64d0f4c0930f0d2699a8253e891

    • SHA256

      68d0e444c0b27552d2cb86501dcb7db3fd64b82d966e9708db0408ec1ba38c79

    • SHA512

      1d7af604540532a4121850760b1e401bb6356e59503c26f3d1fa358a105b7d88362c92f78aa4394095b165f06c484b8c2d2ed640380e85ef9b3eb087d3e7c869

    • SSDEEP

      6144:CbgkJe4jG4m3oCCClXA34Wm5pVg/IWTKZCQOsqJLDd5eNqwDl1HD5:CbgEGv3oCCQAohVgSLmeNfD

    Score
    1/10
    • Target

      FlatUI.dll

    • Size

      56KB

    • MD5

      797261f587bb9c6b223b81d31d3b1507

    • SHA1

      4c030666f808841a9c5e8bba14ef4b2874826af2

    • SHA256

      ee5aa955cc297fd7adbe641ee3a913d08fc0013c239b9710c9c87e10002db089

    • SHA512

      1dae643d1c6f71aedfabad43ea687bde8288a510342315c86887b6c18337fe8b5ec61f686ae511e30a8fca7aa9347b3f6ff5f9b6c9f4017dff3aec000858d358

    • SSDEEP

      1536:qIMXFjCv9IDuPx5ADHH7oPB2v1uv3yGzSlFIM6:qIMXFjQ9IDsPALbo+y3yGzSlFj6

    Score
    1/10
    • Target

      Guna.UI.dll

    • Size

      1.1MB

    • MD5

      8673eae95d67e5eb19f0eca3111408e8

    • SHA1

      ad3e1ce93782537ffd3cd9e0bb9d30ae22d40ddb

    • SHA256

      576d2de2c9ef5bc1ea9bdd73ae8f408004260037c3b72227eed27e995166276d

    • SHA512

      65c4eadf448a643f45fa9a0d91497bb25af404c41a3a32686d9e99ba4f4e50783d73f5b13d5df505cc62c465be300746d84a2eaa8000531893cd0b19d6436239

    • SSDEEP

      24576:hUsmpWNSUFmCqJPNsTuJDYYviEcHy1t6Y:hSUQWSF8q

    Score
    1/10
    • Target

      Guna.UI2.dll

    • Size

      1.8MB

    • MD5

      7061ac2f87e8db0364c04086380dfc63

    • SHA1

      045d89d8ce52cb444514baaf9cfaf5035a2aa4e4

    • SHA256

      32b73e4a55feeef7aa4a5b676d44bff1d675d8adead0587d5067375fd8e201e4

    • SHA512

      f943ec4c5be28030ef8a7f828b8a1aadb2a05c524119bf9c7ccb85efa0196e9d8ad958754f2f07f9ff7b4f51b698c578e49be1249e689717e9aa6932a0b0a9e4

    • SSDEEP

      24576:sbB6GDPbT5cHJ6jGuIulsTUNXUkN8Iohi4l5G2mJTgd1wQliUwr2rBNNx:m601Vl+8XbNbohVl5oTu+QpisB9

    Score
    1/10
    • Target

      LogIn Theme Dll By xVenoxi.dll

    • Size

      115KB

    • MD5

      f3a5fd717a0782c88641cdec9e66ea64

    • SHA1

      0128f6577dab38a097606e483f962ef98fa085cb

    • SHA256

      04d7e61f6102a9cfb7e262211880d1a2ac89ad5edf30cf4d28ac5e1444ee4c97

    • SHA512

      6bc88a3dac591420d97e39b0541bae115c8266401dbf54ca5623fcf9b3c0c25d5dbc9e20f08597a20fa5913266547846a867f071d4adbedcb2377ef8cad997b5

    • SSDEEP

      3072:Anv5NgCErhIh8PPKYnVobmgJzf/aDVt3WEl9mRzaqBnpm13KGfo74diqiRMoQd:ex6Y9H7fMoQ

    Score
    1/10
    • Target

      Login Theme.dll

    • Size

      102KB

    • MD5

      34b9583b485e101ebbd9fd100699eab0

    • SHA1

      63a8ed0e336f7ade8664c8ecff81eb473f9d4d05

    • SHA256

      8879dcfb480f0b3c47414eef8ec50d57f13c6c0895644000b17a38e465896d7a

    • SHA512

      467dea806fb1746a8eae12cf2d7cc7029a0a237790904c49fe22d809cfc582a81537bd6cb4c0fe1a34bce259bf20609924a0cc62b5335ed6d279ee26c1baa30e

    • SSDEEP

      3072:t+J/etFDnZZyuO/O3NWmsqPb9FtiP2MoQ75:t+0bZZyuO/mfMoQ7

    Score
    1/10
    • Target

      MaterialSkin.dll

    • Size

      574KB

    • MD5

      dae45e51f8763bd0369a221480db0ee1

    • SHA1

      e52bdbd4e13081a014d03bffaec7d3f0969c8822

    • SHA256

      b9879df15e82c52e9166c71f7b177c57bd4c8289821a65a9d3f5228b3f606b4e

    • SHA512

      660fc090dafd639c57601290be1783a77fc96729bde628a2fb846f2c0a9c8f504f0984c9f6c4b0c4797d29c224320c8fbda0bb09188a10a3170a9e681d91a977

    • SSDEEP

      12288:rkkxswcXKC2zNWfm2YRm5sm2YRm5hkxswcXKC2zNWB:rkZX9uWfm2Yysm2YyhZX9uW

    Score
    1/10
    • Target

      MetroFramework.dll

    • Size

      149KB

    • MD5

      44538b311e9ec2bcf0a6452702628d99

    • SHA1

      da67301539903775708e9ec913654851e9e8eade

    • SHA256

      baf326f52d39155d722465947f4cc67e6e90cfd0f89954eab959568e9bc342aa

    • SHA512

      b65e3bc1c0f7b4c8f778cf52a36d628301d60aab53fdaf0355163e4865bc3d3adbf8870bb6cefc604708fdf2c0e72258eaf2fe301d524af2f77bc08014c9610a

    • SSDEEP

      3072:LU0T+erz8jYxYg5lzrPHlMUzxXd4kRZPI9q:vT+erz8jYxYgv/lxXGWPS

    Score
    1/10
    • Target

      Newtonsoft.Json.dll

    • Size

      659KB

    • MD5

      4df6c8781e70c3a4912b5be796e6d337

    • SHA1

      cbc510520fcd85dbc1c82b02e82040702aca9b79

    • SHA256

      3598cccad5b535fea6f93662107a4183bfd6167bf1d0f80260436093edc2e3af

    • SHA512

      964d9813e4d11e1e603e0a9627885c52034b088d0b0dfa5ac0043c27df204e621a2a654445f440ae318e15b1c5fea5c469da9e6a7350a787fef9edf6f0418e5c

    • SSDEEP

      12288:rktg1lrjC8rjICqbwNjR4xq7iiX19K7Df/SoOKQrIB+jfP:rggD7PIEjR4xq7iiXTK7D3So9AIB+jn

    Score
    1/10
    • Target

      Twist Spoofer V.2.exe

    • Size

      2.9MB

    • MD5

      f2bb0da0031d7369c104437e43db4f5d

    • SHA1

      a531734ed49630ebe404ebc4dad180b86e2e9642

    • SHA256

      86c60180c1e05a877a7b5e4b4ad5a8627e5a5373874d2ce53f5e55c72b24651f

    • SHA512

      a0eef9ddb72e96f27c489fd2c942d4a31876f468683d10e729aa625cf077dad23515ab43ed1c0679ccd82762879a5bad6c2d4de5bfb2a9a645949fecb1b75d27

    • SSDEEP

      49152:bsmhnqAs9pJc0dnKh+Q0N1rs+vIUSg+6+8ohnRh1Na1OKM6nYAKhFQpSH3Oh5gxr:dqXpy05Q0N1rsYSZ6BoXh1kkypSH3Ohs

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks