Resubmissions

23/01/2025, 14:05

250123-rd9mzssjfv 10

17/01/2025, 21:14

250117-z3p9mstpfl 10

17/01/2025, 21:13

250117-z281cstjdy 8

18/11/2024, 14:45

241118-r414jaydpa 10

General

  • Target

    SuperDeath.2.0.zip

  • Size

    28.3MB

  • Sample

    250123-rd9mzssjfv

  • MD5

    6fb74039f789c042f1b8b41e750a356b

  • SHA1

    65b07018edbf0444167ba12943c1095e98a82226

  • SHA256

    c2bbf6fe638c36c001d5d62cc0e49664e446517407a54911db57552adb118aa8

  • SHA512

    7f12bbd6245ac49e0368324533d79cbd33ce8ad88abec3a76c2c887b12ddcb87b752cac07d110586036635d0fb2e97eea3cdcfffbfac7d086dc16535725e8037

  • SSDEEP

    786432:YgztwaY+jgu4fh5Ac6loYlQV50gheWkOJfO3c8Cu5:Yrag5XAPoSQV5dkOlO3zCu5

Malware Config

Targets

    • Target

      SuperDeath2.exe

    • Size

      7.3MB

    • MD5

      391942faa157675018a6d26b6c631011

    • SHA1

      5dd90332e1e1d632fd6e63f9aa2024e667aa5cd5

    • SHA256

      9c027063879df3d477e9092a187c306c7d20eba956cf7517423d8eb2ad5960f2

    • SHA512

      debba49b7fbab85f099e5ff10bd2c75105166f20eb63b058d580e9043f33f272f80096bbce181f71d2476b1fd8059d386c28435a032bfca7210d2cf36f007e4e

    • SSDEEP

      196608:GJXjwzfuuvf08BjSDLpiWA/HTIKUI7RVt:KwzfuqBuDLpiWAfbR

    • Target

      source/Bat To Exe Converter/Bat_To_Exe_Converter.exe

    • Size

      444KB

    • MD5

      76d5900a4adf4c1f2ab8dbfd0a450c4a

    • SHA1

      6177a27416519564ecb5d38093d61c9a81d3c290

    • SHA256

      7adc1f7ff040628a600f99465bd70e71ad83fecfe60b0f1dadc84b5d262ff350

    • SHA512

      286b05ff09d4e85856c251d56902486738d9b2457d9a56ea8a449195b349f2718816099f4602efba88dad592dd6cecefcd0748382888c3026dd585b3e46f0c6e

    • SSDEEP

      12288:iYicHMPMDp8WrZtzlqQMB/FS/CiUF7RAfoSBjF:viuMPMDp8mtzbMFFS/CzKF

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      source/Bat To Exe Converter/help.chm

    • Size

      14KB

    • MD5

      ffa8c49b21b077b0dc4b51a1f6f9a753

    • SHA1

      5fe5b4d96b266b29bd7aaf41b32394f58e7416e2

    • SHA256

      00037bfc41afacf262afda160e17d3cca33606276324e99bbd93ad1207e9a7c0

    • SHA512

      751eeaef0828ec4416569291ebf3f434208ff43405221339688ec2535cd5947d58ad4d2fd8ea073aa0554f712783f5ec8d5f42dfc4ee935d2905bc541ccd0a9b

    • SSDEEP

      192:TQ3bVqwNUWqaGA9yb6OmVbelnchhvm2I2S1O:TQLbNJqHA9YYVbCahvm280

    Score
    1/10
    • Target

      source/ErrorDraw.exe

    • Size

      104KB

    • MD5

      630a7f0464569c5286d70506803e3ba3

    • SHA1

      e67664162918e5e4c3fecae57a313d6f17da7aa7

    • SHA256

      6ed2b7ee7193c95ccb7264f6cf026f53faeaab02d8d50c611d3db4c7735ed908

    • SHA512

      86f8f02ed5a5764994143ecc516656a371437289157c3adbc80013c5aa6bb6aba94d4d5c99271256da749dc2c3223072fdcc138cea73faaaef9dabf598879325

    • SSDEEP

      1536:p5iTgocXYpySNFO8u3yUyJCbAV0R7EghC1ed:K8ocKyStOS5ed

    Score
    3/10
    • Target

      source/Logon_overwriter.exe

    • Size

      34KB

    • MD5

      942e4fe24043059c647f584cc657c4ab

    • SHA1

      41e98f66887a4d912a49af32bf164ab9daebf543

    • SHA256

      ed996aabbbd002aa1d2a26954c64f47072f9388142b85cf273c190ce357597e2

    • SHA512

      dab7a646761a2f547e5e8dee83678c1b30852ad266d03b3408475a65a5a0f3088a5b7e641d78baea697152cea735ece7b9537c7c86b7dc74773cdb336b0ee7f5

    • SSDEEP

      768:HDubwUSw3vW8j6NUOvW8j6NUZ3tYcFwVc6K:HKbwZMezNUOezNUZPwVcl

    Score
    8/10
    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • Drops file in System32 directory

    • Target

      source/Logon_overwriter/Logon_overwriter/Form1.cs

    • Size

      2KB

    • MD5

      118f8b8e3a75e19fb0ca5cf048e25ed2

    • SHA1

      75736199677515bc46b11d8b9505eded9a6b7e88

    • SHA256

      25340c0425c0fe9e4aee8a80736142a985b657a979f63e62d79186fd24cf42d6

    • SHA512

      21e47849866e07aa931e71f787788187592de1a215a8e45fe55879770530c9430eba2263f2bd1ed38aa64488843971c8d796aa837fbe59dc5a4389dc83bd29d8

    Score
    3/10
    • Target

      source/Logon_overwriter/Logon_overwriter/Form1.resx

    • Size

      5KB

    • MD5

      4eb5913a0e5aa842250f7419538fa230

    • SHA1

      31fb76e5d9babe97a11fea041081f96ce426107a

    • SHA256

      4363cd7d5b8671c72442ce1a1bfc10d64ebd24b2d718b54bd4fcd025e4967298

    • SHA512

      846207f9db4c05d2070482c27af72c50b8f423ac1c7efb5266b059f6a41362704e9f5a590e428f4aefd791edd2e21c1b34473361911cbeea2cfcaf741b5bebff

    • SSDEEP

      96:fijrkiK5k5LPXbac9m5Lv6FzSvd4gIRjETUT2+0qSdvabvDBwbjBu3FqvuFZ:KjrbLPD9sLvIzSvKgIqUyahFZ

    Score
    1/10
    • Target

      source/Logon_overwriter/Logon_overwriter/Properties/Resources.Designer.cs

    • Size

      3KB

    • MD5

      26027366c11139b3f209517d13efac34

    • SHA1

      4c8cd390e890a74a2d2256754df24fe4327ea8e1

    • SHA256

      f4d8a4a0b6709c0957adce28f713b262fef3102a317cb1e84fd1032405cf59a2

    • SHA512

      8170791d7455177fb073daa32c7884c70b6a2f0fd2556e55197cb5eea4b71a0ccbbf51d97ae1f06da75733fbb7497922930f4f25a0a0dfcb1d3cd4f71bbb2273

    Score
    1/10
    • Target

      source/Logon_overwriter/Logon_overwriter/Properties/Resources.resx

    • Size

      6KB

    • MD5

      9b9712358be625b6ae5b380a3e4fe521

    • SHA1

      3230bcd98f7672941071e573e3b0ee0f69879d1e

    • SHA256

      7ccb8e3ec12bf3f77979b64c9800e0bdbcd7313ef3e5adf4adce3130006b5cd6

    • SHA512

      589a0cebc244431519faeefb297d71df2d18a288403386839299000f72c89a76857f757e18f674f27824cd076d327dbcd67e2c6108838cf028d8e866d64e3a36

    • SSDEEP

      96:fijrkiK5k5LPXbac9m5Lv6FzSvd4gIRjETUT2+0qSdvabvDBwbjBu3FqvuF88jj4:KjrbLPD9sLvIzSvKgIqUyahF8c2l

    Score
    1/10
    • Target

      source/Logon_overwriter/Logon_overwriter/Resources/LogonUI.exe

    • Size

      11KB

    • MD5

      2cd94e786a624bf706e3d74f86f1352c

    • SHA1

      a199fa3dc341e5d8a508a6b87ebde2d7949ade86

    • SHA256

      ebcecd72b8bb18ed52787b47bdaabbe4a9cee534b1498b7da8243fff39a685c9

    • SHA512

      cb44edf11e6d253ecda97d85363acbb80da4ac552bc2ea4176765c81de872f5bb70a91082a7235551aacedddc9a4f361cbe1df87ee348199c1c7ab8593399b29

    • SSDEEP

      192:fLvWzFYYnh9GuIrSjItGCuokwlwAcQfVZyFd+Wz7onDv:fLvWzOElIrSjgPuokwlwAbZyFdN8nD

    Score
    1/10
    • Target

      source/Logon_overwriter/Logon_overwriter/bin/Debug/Logon_overwriter.exe

    • Size

      34KB

    • MD5

      942e4fe24043059c647f584cc657c4ab

    • SHA1

      41e98f66887a4d912a49af32bf164ab9daebf543

    • SHA256

      ed996aabbbd002aa1d2a26954c64f47072f9388142b85cf273c190ce357597e2

    • SHA512

      dab7a646761a2f547e5e8dee83678c1b30852ad266d03b3408475a65a5a0f3088a5b7e641d78baea697152cea735ece7b9537c7c86b7dc74773cdb336b0ee7f5

    • SSDEEP

      768:HDubwUSw3vW8j6NUOvW8j6NUZ3tYcFwVc6K:HKbwZMezNUOezNUZPwVcl

    Score
    8/10
    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • Drops file in System32 directory

    • Target

      source/Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.exe

    • Size

      34KB

    • MD5

      942e4fe24043059c647f584cc657c4ab

    • SHA1

      41e98f66887a4d912a49af32bf164ab9daebf543

    • SHA256

      ed996aabbbd002aa1d2a26954c64f47072f9388142b85cf273c190ce357597e2

    • SHA512

      dab7a646761a2f547e5e8dee83678c1b30852ad266d03b3408475a65a5a0f3088a5b7e641d78baea697152cea735ece7b9537c7c86b7dc74773cdb336b0ee7f5

    • SSDEEP

      768:HDubwUSw3vW8j6NUOvW8j6NUZ3tYcFwVc6K:HKbwZMezNUOezNUZPwVcl

    Score
    8/10
    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • Drops file in System32 directory

    • Target

      source/Logon_overwriter/Logon_overwriter/obj/Debug/TempPE/Properties.Resources.Designer.cs.dll

    • Size

      3KB

    • MD5

      826bba607d893522d642d8befce38818

    • SHA1

      736007616a8f85efe36e7324b7e4a831dd62f0df

    • SHA256

      01e807bce2be16214598aa7766169e07a829c9cc49cbd7ee377153985146f693

    • SHA512

      d16774c1831b0f0eb707e039658c04bbf51a23ca2799af6617adcab931172247e63cfc58770aee71284013adc0670a8d6358d1a999c7dc04e3e9263a76b0c775

    Score
    1/10
    • Target

      source/MBR - Image Builder.exe

    • Size

      11.3MB

    • MD5

      e7c5f0910415edf3aa571e3738b5741e

    • SHA1

      e8dc1f89f2b08dd4fdc4cc7b9af3d2d7346d0d11

    • SHA256

      5221a90748195966f5eda98b3324c518c74e5b0e4c36c4f053b383d3a3e2f535

    • SHA512

      985f80aa39564211e757c28e423da93f02a1ed19d786b358fb6dad4aed30f8f90e015a957792eeb8cdb8cc915f506748cdafacd654e7a3cd2a005f67d6786764

    • SSDEEP

      196608:ecHPN3uinV2m8ErHQkMih5gHEZkZCh9tzu2NrBaR/N+A82AGONm4uyN1Gg2JapPi:ecHPAincmLb7MEGZ0ti2RIR/8RN1+EXs

    Score
    3/10
    • Target

      source/MrsMjrGui.exe

    • Size

      71KB

    • MD5

      450f49426b4519ecaac8cd04814c03a4

    • SHA1

      063ee81f46d56544a5c217ffab69ee949eaa6f45

    • SHA256

      087fca40e079746b9c1dfaf777d3994c0321ea8f69d08238cdfc02fb109add1d

    • SHA512

      0cae15d863120f4edc6b6dabfe2f0f3d2e028057025d7d5ffe615cde8144f29bdaf099850e91e101e95d13f8a83cb1410a06172dda25a5f92967abcbc8453cbc

    • SSDEEP

      1536:M1GJbcJVksz/mYyXki6GHcSVp5l/eq/mh78EZuMdUQL+ZZN24W6yos1:M4I/mYyX16rSVvl/zCQXMdUQLK211

    Score
    3/10
    • Target

      source/MrsMjrGuiLauncher.bat

    • Size

      48B

    • MD5

      e942ab4b591724739122ae2cfadf4e95

    • SHA1

      e125cf0b7ae0b0b9cfd48ce8d7e3691beaa92d7a

    • SHA256

      d93cdbd6a2d78fe59323a8f76acc982ec196e8207f15eb845499eb84b07ba987

    • SHA512

      8fc44467ce8f6dd460db053e99d31e89801e51d1e7213fbaae14364e52000c137bc495914fe43f4fe5900f91a938b515a6a90b2999e1a1fb47bd770d0fb5f196

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
5/10

behavioral1

defense_evasiondiscoveryevasionransomwaretrojanupx
Score
10/10

behavioral2

discoveryupx
Score
5/10

behavioral3

discoveryupx
Score
5/10

behavioral4

discoveryupx
Score
5/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

discovery
Score
3/10

behavioral9

discoveryexploit
Score
8/10

behavioral10

discoveryexploit
Score
8/10

behavioral11

execution
Score
3/10

behavioral12

execution
Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

discoveryexploit
Score
8/10

behavioral22

discoveryexploit
Score
8/10

behavioral23

discoveryexploit
Score
8/10

behavioral24

discoveryexploit
Score
8/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

Score
1/10

behavioral32

Score
1/10