General
-
Target
KRNL Remake.rar
-
Size
3.9MB
-
Sample
250119-rhrmzazrgv
-
MD5
6c3515287a21f2451c0d06a9aa7668a7
-
SHA1
89cd85e890aabb196360fa11bc90bd590b1415b3
-
SHA256
19bd57fa080deeb94b3b07325b0d45d0e1a5abde38c123010b5fd640504751e0
-
SHA512
01a2f64bdb09b86e901ab92b06d53cabda6431be63daf249a0bb026c3b3691ca1bae110d3f27076d8c50995dbc4a50f6dfa8028ba2b58286889887b7efd74893
-
SSDEEP
98304:25FK0iBqD9k/8MH/pK8ZkOxiLpYFNGQj2yMtCxULTlve4Fb47:uFKtBqquGkOxiLpYFNGBt7Plve4Fbk
Malware Config
Targets
-
-
Target
KRNL Remake/Bunifu_UI_v1.5.3.dll
-
Size
236KB
-
MD5
2ecb51ab00c5f340380ecf849291dbcf
-
SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931
-
SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf
-
SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b
-
SSDEEP
6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
Score1/10 -
-
-
Target
KRNL Remake/FastColoredTextBox.dll
-
Size
323KB
-
MD5
8610f4d3cdc6cc50022feddced9fdaeb
-
SHA1
4b60b87fd696b02d7fce38325c7adfc9e806f650
-
SHA256
ac926c92ccfc3789a5ae571cc4415eb1897d500a79604d8495241c19acdf01b9
-
SHA512
693d1af1f89470eab659b4747fe344836affa0af8485b0c0635e2519815e5a498f4618ea08db9dcf421aac1069a04616046207ee05b9ed66c0a1c4a8f0bddd09
-
SSDEEP
6144:0R0J4lx4/7BA4xvNdcwCOg04j0y5mwZkdmsqmLDi5eNH+Dl1SIP0:0R0J48lAovNd7CO34D4b4eNO
Score1/10 -
-
-
Target
KRNL Remake/Guna.UI2.dll
-
Size
1.9MB
-
MD5
3c02f71054dd27008f94a6104ab473ce
-
SHA1
13356479eac2f43932903a090b405540f76a55d8
-
SHA256
02936a262ab1f05e56f08f1dfd89abf41dd7374a8ef979f60029a7362bb6e781
-
SHA512
87d0a98ede3a008aa84b2e452dc3b93347fa79bd1982a06617064c53cc1213d00c26deb2f5fb6148e9d0f24938c20d09825d4d1e0037a645fe694ff0eb609695
-
SSDEEP
24576:WD5KD/gOwRv8fd4jctGpJSqKlap4zRXiHwNhKyHqSwbIY7Hf3:5W1JShJK
Score1/10 -
-
-
Target
KRNL Remake/KRNL Remake.exe
-
Size
3.5MB
-
MD5
eac81de18872f7b27bcd18701391d932
-
SHA1
43d16d2bc7c2da594f082cff18c8cb5988a815d4
-
SHA256
fd0db4e58b8a1fa05b8cb7f02d4bce5f3f5a6e9a28ef774dda7086b840cc72c3
-
SHA512
63158849d438da8b5b5b2addfb86705243147fe08e3ca81f9efad642ffaf483c50ac4e5886bf479c59ced068767d3cfdf7b5659aa4f3b050791171118f85642c
-
SSDEEP
49152:60N0fEE942x58snxIX5q9+/Cp9GLy8W4SVII2UR47Lr0F5SMI7:f0fl42Pbnxz9+6ue8xSVIIdWrYgMI7
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
-
-
Target
KRNL Remake/Microsoft.Bcl.AsyncInterfaces.dll
-
Size
25KB
-
MD5
3dfd72446d541e04ace5716fd2052dc0
-
SHA1
8b634cf88a10b5f6c1b9d1a34705d63fdf454a38
-
SHA256
1c95b1a776931ca1c4f2911b2ae1cc99eb78f547cd5feeaf5cdbdf10cedad0db
-
SHA512
eb28d59ef60f588ee0be755ecec5ae845267653a85b4be3fa50fa28eace4862150ada4232e5fd70c56ffe64850bf1332e65dfa7657bb3ed22132f266f80c1986
-
SSDEEP
384:vBOJWqnwGBbNAJTH0VES2j0cX6dAl+NW9DVzrdc1Wez/WAYA6VFHRN7wFEpcR9z0:JulwGBhMQVv2wK5TdcB3FClwFEpw9z/s
Score1/10 -
-
-
Target
KRNL Remake/Newtonsoft.Json.dll
-
Size
695KB
-
MD5
195ffb7167db3219b217c4fd439eedd6
-
SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8
-
SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
-
SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
-
SSDEEP
12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
Score1/10 -
-
-
Target
KRNL Remake/RestSharp.dll
-
Size
208KB
-
MD5
ff9ba58ecae71917acaf1860e4fb9b8f
-
SHA1
83528948dca8c4d9355add2a89b01c27bf161745
-
SHA256
bcc2d1484f55447c0e80cf04277f804a698b29ee5466df88f1ecccd9c9e66d63
-
SHA512
db72d3e8d0a403a6e9c3acbcbaf71516e0d409329cdbd37f07f1273ea17b34b65e0873cd91f35b1bdc45b6753737143d607e89b7e4920a89652d5c6a324b14b6
-
SSDEEP
3072:dJUyEFI2XUur4x72CT7STk+z/A7QjgD82PYJOKdSkGYao17bZjJX/3iu0lk+cFu4:XkxXVrQ2CXS7z/AAgD82oOlk+
Score1/10 -
-
-
Target
KRNL Remake/System.Buffers.dll
-
Size
23KB
-
MD5
b20c1ed526c9fd90569a340914864d32
-
SHA1
8c23283128d23f6cbc208e3a485a1cf1a9c0cb50
-
SHA256
3af1e07305bed0abe0cf32d9854e0a7f5f470216adee1b87d02350be09d31b35
-
SHA512
c7de839aa129b73094678efea3da88073c3521c99e3533a0858ec8e0804db2004c4e84af12ecf4358ce134b12c66040fd04add9ab96c78414a247a7cbd0d75d5
-
SSDEEP
384:HRJyzxhqFAB5n55560IxEFuAUTcxR+sDWY82W6fX6HRN7gCJDtdQ5R9z1QUMtr:xJyYkx60IxeuSM2Wrds9z8
Score1/10 -
-
-
Target
KRNL Remake/System.CodeDom.dll
-
Size
29KB
-
MD5
acc07f521936b011e6665a63a7bd442a
-
SHA1
89b053b11d08fd0b457a2480f822a26e2b52aa85
-
SHA256
0071a5e455bf2a4b04c3e103417aac30789cb5b5b0c99f3f078a4ec5171b93a5
-
SHA512
69b5c6fa4b5bfe104592d1d9eaf3cf9dbedc228340372412f750f4ade1d32c65d9cc304d9701d7efdd15587246e14df83f58e41b077833d439cffaa79f987e00
-
SSDEEP
384:Dxaz4VsBrLcTPWi3h8241EEtYW0u+BxehzsCtZ7U6rtk2OyavWBuWUYA6VFHRN7k:NK2hTjaveEtYehzZ5kFClYdl9zxE+l
Score1/10 -
-
-
Target
KRNL Remake/System.IO.Pipelines.dll
-
Size
82KB
-
MD5
6c1158f437026832e069e757e02030c4
-
SHA1
e0f6e168f17ed935bc189edce13f15b77c12bab0
-
SHA256
d881b5e01c527bb7cafa3c2482f7cbfbf158fcbb6f93efb4381b638c2d4ea6f7
-
SHA512
b0f6621b47f07b81d348c687221b86ce47f95bc79219365af3f2f628136dc7b16c2dd9909ba0de39fc55b1b39dd512f8ca645486ceccf2af86cbf5f0fa5b397e
-
SSDEEP
1536:AOBEtNwWq02pH6ZafBzoGrriJNNjrgFX94bsAbYo4bgN0xeR5evOjvjDXT4Oe5Jt:3BSNTAl6ZcBzoGQ8XkJYo4bgN0xeR5e9
Score1/10 -
-
-
Target
KRNL Remake/System.Memory.dll
-
Size
141KB
-
MD5
35e6237ff5533342516bf01a46e4b7cd
-
SHA1
f8a118f07eea37ce732b487ab730646dedc46235
-
SHA256
b8fe216aff0f6d162f8eefe7be1712162b7d8199e20ce2e70ffac36c7ce20a4c
-
SHA512
dce731c61aea73d16813b0932d47ac94926d84d9077115ef147971b1e1c76a88e333ccd0f88b34fca9e2533f54c140947316fd63415199fe5f20a45cd0aef033
-
SSDEEP
3072:wPgSRYPuMbrhcabqwwwUtiPmu3XxNtvckP:2uPaaWwww7OuR4k
Score1/10 -
-
-
Target
KRNL Remake/System.Numerics.Vectors.dll
-
Size
107KB
-
MD5
7ab5dbdd2ace2a313392cff4f372e4b9
-
SHA1
8890ad1911448490526d2a45ac8cc518b6e886a2
-
SHA256
22c84be385fe8ba6d0e0138952748f28d781fce36078b5a7aed91a6104bcd99b
-
SHA512
5bce867274f23694402e9f9f73f8c3ebf5d77114836f56d3cbf5cbdeef164a299091e1cd69fd7635e6b7bbacc7376193eb8daff32d5aeed0df72835a00baa4e2
-
SSDEEP
1536:cuIaashZlF/cLecJE3+DWG/E2NstmOz+aAKWGd7isnzP:czaashZzWeca3+DWG/E2it5GK7dnL
Score1/10 -
-
-
Target
KRNL Remake/System.Runtime.CompilerServices.Unsafe.dll
-
Size
18KB
-
MD5
aa7a54f5a3ba48e60d51e6eeb378404d
-
SHA1
e5d644311a6087c6a500f0e79bae4af305430b3d
-
SHA256
2d6f419d641682d8efc4a40e850d2e85de519d6823b93daf2aeee63206d4e32d
-
SHA512
b033330695b4edc1bef5d36d98e1a68f5862469598cd6a71cafb8f72732d29403d4e8b9e4df3809c2f49dcd59d5ca751ada97ea9b7e268298effd6e19eb52399
-
SSDEEP
384:hkGbUzdrbbxHKWgr2WXTX6HRN7K3/7R9zXL/Lq:WGAdlQTWoF9z7zq
Score1/10 -
-
-
Target
KRNL Remake/System.Text.Encodings.Web.dll
-
Size
77KB
-
MD5
56a2b64c40502852dacef02240ad46bc
-
SHA1
4019d0f80c83dedfea9820f91650bfae817451ba
-
SHA256
ad6be4be7e0183f3eabac3f747b834c557156942c7d2ce12039477ad0874fbfb
-
SHA512
19c5fa4a067332268b9043ee57c6e66a8692ee0d16d1c82d08de68eecca327886aaa2c69f179d60b1818acf079aecf961f6feea0234dbf4a75ab51f008b34490
-
SSDEEP
1536:uOOUnOOOc++v9mBkdQ3IWIxL1HFkzoA4Vnrpwp77ojJjn7NoWgzInv:c+FmCQ3I077oljRoTEnv
Score1/10 -
-
-
Target
KRNL Remake/System.Text.Json.dll
-
Size
709KB
-
MD5
18ca48974dcba7e97f0ca161b29066f4
-
SHA1
d10312698a2214686b2af4df88770f25b0351f40
-
SHA256
ead4137d1b7ed06d55f609acfedfdad041977b029a9d2c7e8b596f698fedd8ac
-
SHA512
4f72bbdd9def812b90f71ea4e27e90a4c384f67faa3a4df5f6a26d38a91efe0559548b6655773d581e449a5ce1ad7440454fe4a5e8fa216f265ffe7e48ff6b81
-
SSDEEP
12288:Ut5CIBYtZN3lYQX/Qr/5ALzdT4qMZTZmYZfCt7:2CGYtZNVkQoRCt7
Score1/10 -
-
-
Target
KRNL Remake/System.Threading.Tasks.Extensions.dll
-
Size
27KB
-
MD5
d3a5f69c93863517c2671dffeef2d39e
-
SHA1
c74b937a718f4dc9960bd8e105ff522f43edc59d
-
SHA256
692c324c02a922f890aaf5948c54ec9758f5ab7019b8e8ab169c106ddd3231f4
-
SHA512
3ea0e0cd4e8e9e561fb9987e53babda3f375f6e42f05e853d1da3176fa61673c5911ca2eb0d2a37242cef11706bddb94f72c3107a270210fa3adaa17d11a17d1
-
SSDEEP
384:87PVBSE/ug1TQb05JCw0p8CUQefpaQKwhARcUGWSHXWEWYA6VFHRN7yhoJR9znZ2:2PV0iug18Y+b5gU6RWFClyO9znQx
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1