Overview
overview
10Static
static
5SuperDeath2.exe
windows7-x64
SuperDeath2.exe
windows10-2004-x64
5source/Bat...er.exe
windows7-x64
5source/Bat...er.exe
windows10-2004-x64
5source/Bat...lp.chm
windows7-x64
1source/Bat...lp.chm
windows10-2004-x64
1source/ErrorDraw.exe
windows7-x64
1source/ErrorDraw.exe
windows10-2004-x64
3source/Log...er.exe
windows7-x64
8source/Log...er.exe
windows10-2004-x64
8source/Log...rm1.js
windows7-x64
3source/Log...rm1.js
windows10-2004-x64
3source/Log...m1.vbs
windows7-x64
1source/Log...m1.vbs
windows10-2004-x64
1source/Log...er.vbs
windows7-x64
1source/Log...er.vbs
windows10-2004-x64
1source/Log...es.vbs
windows7-x64
1source/Log...es.vbs
windows10-2004-x64
1source/Log...UI.exe
windows7-x64
1source/Log...UI.exe
windows10-2004-x64
1source/Log...er.exe
windows7-x64
8source/Log...er.exe
windows10-2004-x64
8source/Log...er.exe
windows7-x64
8source/Log...er.exe
windows10-2004-x64
8source/Log...cs.dll
windows7-x64
1source/Log...cs.dll
windows10-2004-x64
1source/MBR...er.exe
windows7-x64
3source/MBR...er.exe
windows10-2004-x64
3source/MrsMjrGui.exe
windows7-x64
3source/MrsMjrGui.exe
windows10-2004-x64
3source/Mrs...er.bat
windows7-x64
1source/Mrs...er.bat
windows10-2004-x64
1General
-
Target
SuperDeath.2.0.zip
-
Size
28.3MB
-
Sample
250123-rd9mzssjfv
-
MD5
6fb74039f789c042f1b8b41e750a356b
-
SHA1
65b07018edbf0444167ba12943c1095e98a82226
-
SHA256
c2bbf6fe638c36c001d5d62cc0e49664e446517407a54911db57552adb118aa8
-
SHA512
7f12bbd6245ac49e0368324533d79cbd33ce8ad88abec3a76c2c887b12ddcb87b752cac07d110586036635d0fb2e97eea3cdcfffbfac7d086dc16535725e8037
-
SSDEEP
786432:YgztwaY+jgu4fh5Ac6loYlQV50gheWkOJfO3c8Cu5:Yrag5XAPoSQV5dkOlO3zCu5
Behavioral task
behavioral1
Sample
SuperDeath2.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
SuperDeath2.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
source/Bat To Exe Converter/Bat_To_Exe_Converter.exe
Resource
win7-20241023-en
Behavioral task
behavioral4
Sample
source/Bat To Exe Converter/Bat_To_Exe_Converter.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
source/Bat To Exe Converter/help.chm
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
source/Bat To Exe Converter/help.chm
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
source/ErrorDraw.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
source/ErrorDraw.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
source/Logon_overwriter.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
source/Logon_overwriter.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
source/Logon_overwriter/Logon_overwriter/Form1.js
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
source/Logon_overwriter/Logon_overwriter/Form1.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
source/Logon_overwriter/Logon_overwriter/Form1.vbs
Resource
win7-20240729-en
Behavioral task
behavioral14
Sample
source/Logon_overwriter/Logon_overwriter/Form1.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
source/Logon_overwriter/Logon_overwriter/Properties/Resources.Designer.vbs
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
source/Logon_overwriter/Logon_overwriter/Properties/Resources.Designer.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
source/Logon_overwriter/Logon_overwriter/Properties/Resources.vbs
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
source/Logon_overwriter/Logon_overwriter/Properties/Resources.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
source/Logon_overwriter/Logon_overwriter/Resources/LogonUI.exe
Resource
win7-20241023-en
Behavioral task
behavioral20
Sample
source/Logon_overwriter/Logon_overwriter/Resources/LogonUI.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
source/Logon_overwriter/Logon_overwriter/bin/Debug/Logon_overwriter.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
source/Logon_overwriter/Logon_overwriter/bin/Debug/Logon_overwriter.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
source/Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.exe
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
source/Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
source/Logon_overwriter/Logon_overwriter/obj/Debug/TempPE/Properties.Resources.Designer.cs.dll
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
source/Logon_overwriter/Logon_overwriter/obj/Debug/TempPE/Properties.Resources.Designer.cs.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
source/MBR - Image Builder.exe
Resource
win7-20241010-en
Behavioral task
behavioral28
Sample
source/MBR - Image Builder.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
source/MrsMjrGui.exe
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
source/MrsMjrGui.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
source/MrsMjrGuiLauncher.bat
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
source/MrsMjrGuiLauncher.bat
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
SuperDeath2.exe
-
Size
7.3MB
-
MD5
391942faa157675018a6d26b6c631011
-
SHA1
5dd90332e1e1d632fd6e63f9aa2024e667aa5cd5
-
SHA256
9c027063879df3d477e9092a187c306c7d20eba956cf7517423d8eb2ad5960f2
-
SHA512
debba49b7fbab85f099e5ff10bd2c75105166f20eb63b058d580e9043f33f272f80096bbce181f71d2476b1fd8059d386c28435a032bfca7210d2cf36f007e4e
-
SSDEEP
196608:GJXjwzfuuvf08BjSDLpiWA/HTIKUI7RVt:KwzfuqBuDLpiWAfbR
-
UAC bypass
-
Disables Task Manager via registry modification
-
Sets desktop wallpaper using registry
-
-
-
Target
source/Bat To Exe Converter/Bat_To_Exe_Converter.exe
-
Size
444KB
-
MD5
76d5900a4adf4c1f2ab8dbfd0a450c4a
-
SHA1
6177a27416519564ecb5d38093d61c9a81d3c290
-
SHA256
7adc1f7ff040628a600f99465bd70e71ad83fecfe60b0f1dadc84b5d262ff350
-
SHA512
286b05ff09d4e85856c251d56902486738d9b2457d9a56ea8a449195b349f2718816099f4602efba88dad592dd6cecefcd0748382888c3026dd585b3e46f0c6e
-
SSDEEP
12288:iYicHMPMDp8WrZtzlqQMB/FS/CiUF7RAfoSBjF:viuMPMDp8mtzbMFFS/CzKF
-
-
-
Target
source/Bat To Exe Converter/help.chm
-
Size
14KB
-
MD5
ffa8c49b21b077b0dc4b51a1f6f9a753
-
SHA1
5fe5b4d96b266b29bd7aaf41b32394f58e7416e2
-
SHA256
00037bfc41afacf262afda160e17d3cca33606276324e99bbd93ad1207e9a7c0
-
SHA512
751eeaef0828ec4416569291ebf3f434208ff43405221339688ec2535cd5947d58ad4d2fd8ea073aa0554f712783f5ec8d5f42dfc4ee935d2905bc541ccd0a9b
-
SSDEEP
192:TQ3bVqwNUWqaGA9yb6OmVbelnchhvm2I2S1O:TQLbNJqHA9YYVbCahvm280
Score1/10 -
-
-
Target
source/ErrorDraw.exe
-
Size
104KB
-
MD5
630a7f0464569c5286d70506803e3ba3
-
SHA1
e67664162918e5e4c3fecae57a313d6f17da7aa7
-
SHA256
6ed2b7ee7193c95ccb7264f6cf026f53faeaab02d8d50c611d3db4c7735ed908
-
SHA512
86f8f02ed5a5764994143ecc516656a371437289157c3adbc80013c5aa6bb6aba94d4d5c99271256da749dc2c3223072fdcc138cea73faaaef9dabf598879325
-
SSDEEP
1536:p5iTgocXYpySNFO8u3yUyJCbAV0R7EghC1ed:K8ocKyStOS5ed
Score3/10 -
-
-
Target
source/Logon_overwriter.exe
-
Size
34KB
-
MD5
942e4fe24043059c647f584cc657c4ab
-
SHA1
41e98f66887a4d912a49af32bf164ab9daebf543
-
SHA256
ed996aabbbd002aa1d2a26954c64f47072f9388142b85cf273c190ce357597e2
-
SHA512
dab7a646761a2f547e5e8dee83678c1b30852ad266d03b3408475a65a5a0f3088a5b7e641d78baea697152cea735ece7b9537c7c86b7dc74773cdb336b0ee7f5
-
SSDEEP
768:HDubwUSw3vW8j6NUOvW8j6NUZ3tYcFwVc6K:HKbwZMezNUOezNUZPwVcl
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Drops file in System32 directory
-
-
-
Target
source/Logon_overwriter/Logon_overwriter/Form1.cs
-
Size
2KB
-
MD5
118f8b8e3a75e19fb0ca5cf048e25ed2
-
SHA1
75736199677515bc46b11d8b9505eded9a6b7e88
-
SHA256
25340c0425c0fe9e4aee8a80736142a985b657a979f63e62d79186fd24cf42d6
-
SHA512
21e47849866e07aa931e71f787788187592de1a215a8e45fe55879770530c9430eba2263f2bd1ed38aa64488843971c8d796aa837fbe59dc5a4389dc83bd29d8
Score3/10 -
-
-
Target
source/Logon_overwriter/Logon_overwriter/Form1.resx
-
Size
5KB
-
MD5
4eb5913a0e5aa842250f7419538fa230
-
SHA1
31fb76e5d9babe97a11fea041081f96ce426107a
-
SHA256
4363cd7d5b8671c72442ce1a1bfc10d64ebd24b2d718b54bd4fcd025e4967298
-
SHA512
846207f9db4c05d2070482c27af72c50b8f423ac1c7efb5266b059f6a41362704e9f5a590e428f4aefd791edd2e21c1b34473361911cbeea2cfcaf741b5bebff
-
SSDEEP
96:fijrkiK5k5LPXbac9m5Lv6FzSvd4gIRjETUT2+0qSdvabvDBwbjBu3FqvuFZ:KjrbLPD9sLvIzSvKgIqUyahFZ
Score1/10 -
-
-
Target
source/Logon_overwriter/Logon_overwriter/Properties/Resources.Designer.cs
-
Size
3KB
-
MD5
26027366c11139b3f209517d13efac34
-
SHA1
4c8cd390e890a74a2d2256754df24fe4327ea8e1
-
SHA256
f4d8a4a0b6709c0957adce28f713b262fef3102a317cb1e84fd1032405cf59a2
-
SHA512
8170791d7455177fb073daa32c7884c70b6a2f0fd2556e55197cb5eea4b71a0ccbbf51d97ae1f06da75733fbb7497922930f4f25a0a0dfcb1d3cd4f71bbb2273
Score1/10 -
-
-
Target
source/Logon_overwriter/Logon_overwriter/Properties/Resources.resx
-
Size
6KB
-
MD5
9b9712358be625b6ae5b380a3e4fe521
-
SHA1
3230bcd98f7672941071e573e3b0ee0f69879d1e
-
SHA256
7ccb8e3ec12bf3f77979b64c9800e0bdbcd7313ef3e5adf4adce3130006b5cd6
-
SHA512
589a0cebc244431519faeefb297d71df2d18a288403386839299000f72c89a76857f757e18f674f27824cd076d327dbcd67e2c6108838cf028d8e866d64e3a36
-
SSDEEP
96:fijrkiK5k5LPXbac9m5Lv6FzSvd4gIRjETUT2+0qSdvabvDBwbjBu3FqvuF88jj4:KjrbLPD9sLvIzSvKgIqUyahF8c2l
Score1/10 -
-
-
Target
source/Logon_overwriter/Logon_overwriter/Resources/LogonUI.exe
-
Size
11KB
-
MD5
2cd94e786a624bf706e3d74f86f1352c
-
SHA1
a199fa3dc341e5d8a508a6b87ebde2d7949ade86
-
SHA256
ebcecd72b8bb18ed52787b47bdaabbe4a9cee534b1498b7da8243fff39a685c9
-
SHA512
cb44edf11e6d253ecda97d85363acbb80da4ac552bc2ea4176765c81de872f5bb70a91082a7235551aacedddc9a4f361cbe1df87ee348199c1c7ab8593399b29
-
SSDEEP
192:fLvWzFYYnh9GuIrSjItGCuokwlwAcQfVZyFd+Wz7onDv:fLvWzOElIrSjgPuokwlwAbZyFdN8nD
Score1/10 -
-
-
Target
source/Logon_overwriter/Logon_overwriter/bin/Debug/Logon_overwriter.exe
-
Size
34KB
-
MD5
942e4fe24043059c647f584cc657c4ab
-
SHA1
41e98f66887a4d912a49af32bf164ab9daebf543
-
SHA256
ed996aabbbd002aa1d2a26954c64f47072f9388142b85cf273c190ce357597e2
-
SHA512
dab7a646761a2f547e5e8dee83678c1b30852ad266d03b3408475a65a5a0f3088a5b7e641d78baea697152cea735ece7b9537c7c86b7dc74773cdb336b0ee7f5
-
SSDEEP
768:HDubwUSw3vW8j6NUOvW8j6NUZ3tYcFwVc6K:HKbwZMezNUOezNUZPwVcl
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Drops file in System32 directory
-
-
-
Target
source/Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.exe
-
Size
34KB
-
MD5
942e4fe24043059c647f584cc657c4ab
-
SHA1
41e98f66887a4d912a49af32bf164ab9daebf543
-
SHA256
ed996aabbbd002aa1d2a26954c64f47072f9388142b85cf273c190ce357597e2
-
SHA512
dab7a646761a2f547e5e8dee83678c1b30852ad266d03b3408475a65a5a0f3088a5b7e641d78baea697152cea735ece7b9537c7c86b7dc74773cdb336b0ee7f5
-
SSDEEP
768:HDubwUSw3vW8j6NUOvW8j6NUZ3tYcFwVc6K:HKbwZMezNUOezNUZPwVcl
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Drops file in System32 directory
-
-
-
Target
source/Logon_overwriter/Logon_overwriter/obj/Debug/TempPE/Properties.Resources.Designer.cs.dll
-
Size
3KB
-
MD5
826bba607d893522d642d8befce38818
-
SHA1
736007616a8f85efe36e7324b7e4a831dd62f0df
-
SHA256
01e807bce2be16214598aa7766169e07a829c9cc49cbd7ee377153985146f693
-
SHA512
d16774c1831b0f0eb707e039658c04bbf51a23ca2799af6617adcab931172247e63cfc58770aee71284013adc0670a8d6358d1a999c7dc04e3e9263a76b0c775
Score1/10 -
-
-
Target
source/MBR - Image Builder.exe
-
Size
11.3MB
-
MD5
e7c5f0910415edf3aa571e3738b5741e
-
SHA1
e8dc1f89f2b08dd4fdc4cc7b9af3d2d7346d0d11
-
SHA256
5221a90748195966f5eda98b3324c518c74e5b0e4c36c4f053b383d3a3e2f535
-
SHA512
985f80aa39564211e757c28e423da93f02a1ed19d786b358fb6dad4aed30f8f90e015a957792eeb8cdb8cc915f506748cdafacd654e7a3cd2a005f67d6786764
-
SSDEEP
196608:ecHPN3uinV2m8ErHQkMih5gHEZkZCh9tzu2NrBaR/N+A82AGONm4uyN1Gg2JapPi:ecHPAincmLb7MEGZ0ti2RIR/8RN1+EXs
Score3/10 -
-
-
Target
source/MrsMjrGui.exe
-
Size
71KB
-
MD5
450f49426b4519ecaac8cd04814c03a4
-
SHA1
063ee81f46d56544a5c217ffab69ee949eaa6f45
-
SHA256
087fca40e079746b9c1dfaf777d3994c0321ea8f69d08238cdfc02fb109add1d
-
SHA512
0cae15d863120f4edc6b6dabfe2f0f3d2e028057025d7d5ffe615cde8144f29bdaf099850e91e101e95d13f8a83cb1410a06172dda25a5f92967abcbc8453cbc
-
SSDEEP
1536:M1GJbcJVksz/mYyXki6GHcSVp5l/eq/mh78EZuMdUQL+ZZN24W6yos1:M4I/mYyX16rSVvl/zCQXMdUQLK211
Score3/10 -
-
-
Target
source/MrsMjrGuiLauncher.bat
-
Size
48B
-
MD5
e942ab4b591724739122ae2cfadf4e95
-
SHA1
e125cf0b7ae0b0b9cfd48ce8d7e3691beaa92d7a
-
SHA256
d93cdbd6a2d78fe59323a8f76acc982ec196e8207f15eb845499eb84b07ba987
-
SHA512
8fc44467ce8f6dd460db053e99d31e89801e51d1e7213fbaae14364e52000c137bc495914fe43f4fe5900f91a938b515a6a90b2999e1a1fb47bd770d0fb5f196
Score1/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1File and Directory Permissions Modification
1Impair Defenses
2Disable or Modify Tools
2Modify Registry
5