19bd57fa080deeb94b3b07325b0d45d0e1a5abde38c123010b5fd640504751e0

Sharing

Copy URL

Twitter E-mail

General

Target

KRNL Remake.rar
Size

3.9MB
Sample

250119-rmnrwa1kdx
MD5

6c3515287a21f2451c0d06a9aa7668a7
SHA1

89cd85e890aabb196360fa11bc90bd590b1415b3
SHA256

19bd57fa080deeb94b3b07325b0d45d0e1a5abde38c123010b5fd640504751e0
SHA512

01a2f64bdb09b86e901ab92b06d53cabda6431be63daf249a0bb026c3b3691ca1bae110d3f27076d8c50995dbc4a50f6dfa8028ba2b58286889887b7efd74893
SSDEEP

98304:25FK0iBqD9k/8MH/pK8ZkOxiLpYFNGQj2yMtCxULTlve4Fb47:uFKtBqquGkOxiLpYFNGBt7Plve4Fbk

Score

3^/10

discovery

Malware Config

Targets

- Target
  
  KRNL Remake/Bunifu_UI_v1.5.3.dll
- Size
  
  236KB
- MD5
  
  2ecb51ab00c5f340380ecf849291dbcf
- SHA1
  
  1a4dffbce2a4ce65495ed79eab42a4da3b660931
- SHA256
  
  f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf
- SHA512
  
  e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b
- SSDEEP
  
  6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
Score

1^/10
behavioral1 behavioral2
- Target
  
  KRNL Remake/FastColoredTextBox.dll
- Size
  
  323KB
- MD5
  
  8610f4d3cdc6cc50022feddced9fdaeb
- SHA1
  
  4b60b87fd696b02d7fce38325c7adfc9e806f650
- SHA256
  
  ac926c92ccfc3789a5ae571cc4415eb1897d500a79604d8495241c19acdf01b9
- SHA512
  
  693d1af1f89470eab659b4747fe344836affa0af8485b0c0635e2519815e5a498f4618ea08db9dcf421aac1069a04616046207ee05b9ed66c0a1c4a8f0bddd09
- SSDEEP
  
  6144:0R0J4lx4/7BA4xvNdcwCOg04j0y5mwZkdmsqmLDi5eNH+Dl1SIP0:0R0J48lAovNd7CO34D4b4eNO
Score

1^/10
behavioral3 behavioral4
- Target
  
  KRNL Remake/Guna.UI2.dll
- Size
  
  1.9MB
- MD5
  
  3c02f71054dd27008f94a6104ab473ce
- SHA1
  
  13356479eac2f43932903a090b405540f76a55d8
- SHA256
  
  02936a262ab1f05e56f08f1dfd89abf41dd7374a8ef979f60029a7362bb6e781
- SHA512
  
  87d0a98ede3a008aa84b2e452dc3b93347fa79bd1982a06617064c53cc1213d00c26deb2f5fb6148e9d0f24938c20d09825d4d1e0037a645fe694ff0eb609695
- SSDEEP
  
  24576:WD5KD/gOwRv8fd4jctGpJSqKlap4zRXiHwNhKyHqSwbIY7Hf3:5W1JShJK
Score

1^/10
behavioral5 behavioral6
- Target
  
  KRNL Remake/KRNL Remake.exe
- Size
  
  3.5MB
- MD5
  
  eac81de18872f7b27bcd18701391d932
- SHA1
  
  43d16d2bc7c2da594f082cff18c8cb5988a815d4
- SHA256
  
  fd0db4e58b8a1fa05b8cb7f02d4bce5f3f5a6e9a28ef774dda7086b840cc72c3
- SHA512
  
  63158849d438da8b5b5b2addfb86705243147fe08e3ca81f9efad642ffaf483c50ac4e5886bf479c59ced068767d3cfdf7b5659aa4f3b050791171118f85642c
- SSDEEP
  
  49152:60N0fEE942x58snxIX5q9+/Cp9GLy8W4SVII2UR47Lr0F5SMI7:f0fl42Pbnxz9+6ue8xSVIIdWrYgMI7
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  KRNL Remake/Microsoft.Bcl.AsyncInterfaces.dll
- Size
  
  25KB
- MD5
  
  3dfd72446d541e04ace5716fd2052dc0
- SHA1
  
  8b634cf88a10b5f6c1b9d1a34705d63fdf454a38
- SHA256
  
  1c95b1a776931ca1c4f2911b2ae1cc99eb78f547cd5feeaf5cdbdf10cedad0db
- SHA512
  
  eb28d59ef60f588ee0be755ecec5ae845267653a85b4be3fa50fa28eace4862150ada4232e5fd70c56ffe64850bf1332e65dfa7657bb3ed22132f266f80c1986
- SSDEEP
  
  384:vBOJWqnwGBbNAJTH0VES2j0cX6dAl+NW9DVzrdc1Wez/WAYA6VFHRN7wFEpcR9z0:JulwGBhMQVv2wK5TdcB3FClwFEpw9z/s
Score

1^/10
behavioral10 behavioral9
- Target
  
  KRNL Remake/Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  195ffb7167db3219b217c4fd439eedd6
- SHA1
  
  1e76e6099570ede620b76ed47cf8d03a936d49f8
- SHA256
  
  e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
- SHA512
  
  56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
- SSDEEP
  
  12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
Score

1^/10
behavioral11 behavioral12
- Target
  
  KRNL Remake/RestSharp.dll
- Size
  
  208KB
- MD5
  
  ff9ba58ecae71917acaf1860e4fb9b8f
- SHA1
  
  83528948dca8c4d9355add2a89b01c27bf161745
- SHA256
  
  bcc2d1484f55447c0e80cf04277f804a698b29ee5466df88f1ecccd9c9e66d63
- SHA512
  
  db72d3e8d0a403a6e9c3acbcbaf71516e0d409329cdbd37f07f1273ea17b34b65e0873cd91f35b1bdc45b6753737143d607e89b7e4920a89652d5c6a324b14b6
- SSDEEP
  
  3072:dJUyEFI2XUur4x72CT7STk+z/A7QjgD82PYJOKdSkGYao17bZjJX/3iu0lk+cFu4:XkxXVrQ2CXS7z/AAgD82oOlk+
Score

1^/10
behavioral13 behavioral14
- Target
  
  KRNL Remake/System.Buffers.dll
- Size
  
  23KB
- MD5
  
  b20c1ed526c9fd90569a340914864d32
- SHA1
  
  8c23283128d23f6cbc208e3a485a1cf1a9c0cb50
- SHA256
  
  3af1e07305bed0abe0cf32d9854e0a7f5f470216adee1b87d02350be09d31b35
- SHA512
  
  c7de839aa129b73094678efea3da88073c3521c99e3533a0858ec8e0804db2004c4e84af12ecf4358ce134b12c66040fd04add9ab96c78414a247a7cbd0d75d5
- SSDEEP
  
  384:HRJyzxhqFAB5n55560IxEFuAUTcxR+sDWY82W6fX6HRN7gCJDtdQ5R9z1QUMtr:xJyYkx60IxeuSM2Wrds9z8
Score

1^/10
behavioral15 behavioral16
- Target
  
  KRNL Remake/System.CodeDom.dll
- Size
  
  29KB
- MD5
  
  acc07f521936b011e6665a63a7bd442a
- SHA1
  
  89b053b11d08fd0b457a2480f822a26e2b52aa85
- SHA256
  
  0071a5e455bf2a4b04c3e103417aac30789cb5b5b0c99f3f078a4ec5171b93a5
- SHA512
  
  69b5c6fa4b5bfe104592d1d9eaf3cf9dbedc228340372412f750f4ade1d32c65d9cc304d9701d7efdd15587246e14df83f58e41b077833d439cffaa79f987e00
- SSDEEP
  
  384:Dxaz4VsBrLcTPWi3h8241EEtYW0u+BxehzsCtZ7U6rtk2OyavWBuWUYA6VFHRN7k:NK2hTjaveEtYehzZ5kFClYdl9zxE+l
Score

1^/10
behavioral17 behavioral18
- Target
  
  KRNL Remake/System.IO.Pipelines.dll
- Size
  
  82KB
- MD5
  
  6c1158f437026832e069e757e02030c4
- SHA1
  
  e0f6e168f17ed935bc189edce13f15b77c12bab0
- SHA256
  
  d881b5e01c527bb7cafa3c2482f7cbfbf158fcbb6f93efb4381b638c2d4ea6f7
- SHA512
  
  b0f6621b47f07b81d348c687221b86ce47f95bc79219365af3f2f628136dc7b16c2dd9909ba0de39fc55b1b39dd512f8ca645486ceccf2af86cbf5f0fa5b397e
- SSDEEP
  
  1536:AOBEtNwWq02pH6ZafBzoGrriJNNjrgFX94bsAbYo4bgN0xeR5evOjvjDXT4Oe5Jt:3BSNTAl6ZcBzoGQ8XkJYo4bgN0xeR5e9
Score

1^/10
behavioral19 behavioral20
- Target
  
  KRNL Remake/System.Memory.dll
- Size
  
  141KB
- MD5
  
  35e6237ff5533342516bf01a46e4b7cd
- SHA1
  
  f8a118f07eea37ce732b487ab730646dedc46235
- SHA256
  
  b8fe216aff0f6d162f8eefe7be1712162b7d8199e20ce2e70ffac36c7ce20a4c
- SHA512
  
  dce731c61aea73d16813b0932d47ac94926d84d9077115ef147971b1e1c76a88e333ccd0f88b34fca9e2533f54c140947316fd63415199fe5f20a45cd0aef033
- SSDEEP
  
  3072:wPgSRYPuMbrhcabqwwwUtiPmu3XxNtvckP:2uPaaWwww7OuR4k
Score

1^/10
behavioral21 behavioral22
- Target
  
  KRNL Remake/System.Numerics.Vectors.dll
- Size
  
  107KB
- MD5
  
  7ab5dbdd2ace2a313392cff4f372e4b9
- SHA1
  
  8890ad1911448490526d2a45ac8cc518b6e886a2
- SHA256
  
  22c84be385fe8ba6d0e0138952748f28d781fce36078b5a7aed91a6104bcd99b
- SHA512
  
  5bce867274f23694402e9f9f73f8c3ebf5d77114836f56d3cbf5cbdeef164a299091e1cd69fd7635e6b7bbacc7376193eb8daff32d5aeed0df72835a00baa4e2
- SSDEEP
  
  1536:cuIaashZlF/cLecJE3+DWG/E2NstmOz+aAKWGd7isnzP:czaashZzWeca3+DWG/E2it5GK7dnL
Score

1^/10
behavioral23 behavioral24
- Target
  
  KRNL Remake/System.Runtime.CompilerServices.Unsafe.dll
- Size
  
  18KB
- MD5
  
  aa7a54f5a3ba48e60d51e6eeb378404d
- SHA1
  
  e5d644311a6087c6a500f0e79bae4af305430b3d
- SHA256
  
  2d6f419d641682d8efc4a40e850d2e85de519d6823b93daf2aeee63206d4e32d
- SHA512
  
  b033330695b4edc1bef5d36d98e1a68f5862469598cd6a71cafb8f72732d29403d4e8b9e4df3809c2f49dcd59d5ca751ada97ea9b7e268298effd6e19eb52399
- SSDEEP
  
  384:hkGbUzdrbbxHKWgr2WXTX6HRN7K3/7R9zXL/Lq:WGAdlQTWoF9z7zq
Score

1^/10
behavioral25 behavioral26
- Target
  
  KRNL Remake/System.Text.Encodings.Web.dll
- Size
  
  77KB
- MD5
  
  56a2b64c40502852dacef02240ad46bc
- SHA1
  
  4019d0f80c83dedfea9820f91650bfae817451ba
- SHA256
  
  ad6be4be7e0183f3eabac3f747b834c557156942c7d2ce12039477ad0874fbfb
- SHA512
  
  19c5fa4a067332268b9043ee57c6e66a8692ee0d16d1c82d08de68eecca327886aaa2c69f179d60b1818acf079aecf961f6feea0234dbf4a75ab51f008b34490
- SSDEEP
  
  1536:uOOUnOOOc++v9mBkdQ3IWIxL1HFkzoA4Vnrpwp77ojJjn7NoWgzInv:c+FmCQ3I077oljRoTEnv
Score

1^/10
behavioral27 behavioral28
- Target
  
  KRNL Remake/System.Text.Json.dll
- Size
  
  709KB
- MD5
  
  18ca48974dcba7e97f0ca161b29066f4
- SHA1
  
  d10312698a2214686b2af4df88770f25b0351f40
- SHA256
  
  ead4137d1b7ed06d55f609acfedfdad041977b029a9d2c7e8b596f698fedd8ac
- SHA512
  
  4f72bbdd9def812b90f71ea4e27e90a4c384f67faa3a4df5f6a26d38a91efe0559548b6655773d581e449a5ce1ad7440454fe4a5e8fa216f265ffe7e48ff6b81
- SSDEEP
  
  12288:Ut5CIBYtZN3lYQX/Qr/5ALzdT4qMZTZmYZfCt7:2CGYtZNVkQoRCt7
Score

1^/10
behavioral29 behavioral30
- Target
  
  KRNL Remake/System.Threading.Tasks.Extensions.dll
- Size
  
  27KB
- MD5
  
  d3a5f69c93863517c2671dffeef2d39e
- SHA1
  
  c74b937a718f4dc9960bd8e105ff522f43edc59d
- SHA256
  
  692c324c02a922f890aaf5948c54ec9758f5ab7019b8e8ab169c106ddd3231f4
- SHA512
  
  3ea0e0cd4e8e9e561fb9987e53babda3f375f6e42f05e853d1da3176fa61673c5911ca2eb0d2a37242cef11706bddb94f72c3107a270210fa3adaa17d11a17d1
- SSDEEP
  
  384:87PVBSE/ug1TQb05JCw0p8CUQefpaQKwhARcUGWSHXWEWYA6VFHRN7yhoJR9znZ2:2PV0iug18Y+b5gU6RWFClyO9znQx
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32