Overview

overview

8

Static

static

1

Burpy-main.zip

windows7-x64

1

Burpy-main.zip

windows10-2004-x64

1

Burpy-main...en.jar

windows7-x64

1

Burpy-main...en.jar

windows10-2004-x64

7

Burpy-main...tup.sh

ubuntu-18.04-amd64

3

Burpy-main...tup.sh

debian-9-armhf

4

Burpy-main...tup.sh

debian-9-mips

7

Burpy-main...tup.sh

debian-9-mipsel

7

Burpy-main...up.ps1

windows7-x64

3

Burpy-main...up.ps1

windows10-2004-x64

8

Burpy-main...pro.sh

ubuntu-18.04-amd64

1

Burpy-main...pro.sh

debian-9-armhf

1

Burpy-main...pro.sh

debian-9-mips

1

Burpy-main...pro.sh

debian-9-mipsel

1

Burpy-main/keygen.jar

windows7-x64

1

Burpy-main/keygen.jar

windows10-2004-x64

7

Burpy-main/loader.jar

windows7-x64

1

Burpy-main/loader.jar

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Burpy-main.zip

  • Size

    123KB

  • Sample

    240629-vrhm7s1hla

  • MD5

    42a025fe3ce031e2aca7b8c8a6a62012

  • SHA1

    76f0c24ad1759f9454d6552dc8448933365d7ee4

  • SHA256

    52cd65f3b16c2070d34e26f5794b0b024c8a607b7d03e6cd82a439027eae525a

  • SHA512

    c83ca3f6954096f42af946a467bd29a992097fb9ba86d5e26baf2d78cd11aa9c1d55ef9d3d369f365e638748c066d68901c29e445729fbe029fc9195c16a8a57

  • SSDEEP

    3072:lfz0jhiGES+Pgy+hzbHyk/tan8FnFRfz0t:BwjhiGES+PgyaXHyY8n8twt

Score
8/10
antivmdiscoveryexecutionlinuxpersistence

Malware Config

Targets

    • Target

      Burpy-main.zip

    • Size

      123KB

    • MD5

      42a025fe3ce031e2aca7b8c8a6a62012

    • SHA1

      76f0c24ad1759f9454d6552dc8448933365d7ee4

    • SHA256

      52cd65f3b16c2070d34e26f5794b0b024c8a607b7d03e6cd82a439027eae525a

    • SHA512

      c83ca3f6954096f42af946a467bd29a992097fb9ba86d5e26baf2d78cd11aa9c1d55ef9d3d369f365e638748c066d68901c29e445729fbe029fc9195c16a8a57

    • SSDEEP

      3072:lfz0jhiGES+Pgy+hzbHyk/tan8FnFRfz0t:BwjhiGES+PgyaXHyY8n8twt

    Score
    1/10
    behavioral1behavioral2

    • Target

      Burpy-main/BurpLoaderKeygen.jar

    • Size

      29KB

    • MD5

      56a0eef3a96bf373db1298bc6cb63158

    • SHA1

      f9fb9175a901f4fede20b9d61eb4fadafdd1feea

    • SHA256

      1e288c686963eafc34411d4f94265eb1809492ab57a474848669eb3285a2afb3

    • SHA512

      d6165e567c80cd04c2506f285d48fb3e2dd6d46e4eda3b9bf76c2ea585ac446807ccabc02c4f8a6bede36a8ac1d1737eab3840cfdc703123daeccd526593f492

    • SSDEEP

      768:ccLie6lYEKyYSfk8tyPAR8NVgJMvtWHw1QgHpA:NLie6lYEKyYSfkwNY+MvtuWQgG

    Score
    7/10
    discovery
    behavioral3behavioral4

    • Target

      Burpy-main/Linux_setup.sh

    • Size

      3KB

    • MD5

      73bc4d7b9e9239df7de056f438557029

    • SHA1

      b2a065229bb6f875fcddea7d3de55e6edca5202b

    • SHA256

      702246e93915471ef2fa6b35f5335a299329b929f0f90de2838a97550c64606e

    • SHA512

      5ebe8d54d87928c689607019f28451b3a4edf7cf8705aee86657eab798b586bb7f7c02d0225f99079255482b756571398568ae3c46525a905ce170e66c2b9cd1

    Score
    7/10
    antivmpersistence

    • Executes dropped EXE

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

      persistence

    • Writes file to system bin folder

    behavioral5behavioral6behavioral7behavioral8

    • Target

      Burpy-main/Windows_setup.ps1

    • Size

      4KB

    • MD5

      74f29e4d8a32cc05bcf2c178776bd474

    • SHA1

      d12b722495c870c3d14f0bf63bea982327aab47b

    • SHA256

      8425f0551e0370598a2971d6d1643ea66a46120e0091bc780cd4f2796dd1b0ba

    • SHA512

      57ebd2f8389e093d6253a13c5b55d311e890f80c998cd44d177711ebafe878c734db42b7603db2f308c9f57415ba7d885db23540ab9f8ba649f8966cfc017f7d

    • SSDEEP

      96:HBDJa7Cc0SN5Hghz2P02RuPUeLbk7lfPQ5P02RutZn:dj7SjAhGeLMlnQLsZn

    Score
    8/10
    execution

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral10behavioral9

    • Target

      Burpy-main/burpsuite_pro.sh

    • Size

      972B

    • MD5

      29ec81c29719706adeda7b194e91534f

    • SHA1

      b6fffdf33f51b0169d6a27fcaed0406cc623d6c9

    • SHA256

      38e0805f28d96874d8dd09ade08e96bb69f4cb88843b752daaea01460f57f4f9

    • SHA512

      71f564f8a8fb7149d4e1c624c1069350852eaad6fd86d9c6cd58e347df5e19e48b3e9b032ad9bb649473e03d0f323a374c2c9a2c99056684372e8202567e5c5b

    Score
    1/10
    behavioral11behavioral12behavioral13behavioral14

    • Target

      Burpy-main/keygen.jar

    • Size

      63KB

    • MD5

      a4ead4abf81293e88cc2247302c19877

    • SHA1

      13be3e844fbe07e524f33682af5aab7cb24b8f73

    • SHA256

      7ce1ac8090ec484d8b21a81d97866ffa55a761e63a2daf831488a34475b434c5

    • SHA512

      f139166520dad00dce2faf5efa4151f0b1375e1df417c1389863b6fa36b9d2d343efb3ceae6ddc40aed447491da3b3e228d97bc7fee103231f15b092a6295e35

    • SSDEEP

      1536:yCdJN7TYDPdMUHwG+j5FOwLq9hpIThxE7afiW5zLtXE:9N7LUujewL4fkx2afiQzLt0

    Score
    7/10
    discovery
    behavioral15behavioral16

    • Target

      Burpy-main/loader.jar

    • Size

      29KB

    • MD5

      56a0eef3a96bf373db1298bc6cb63158

    • SHA1

      f9fb9175a901f4fede20b9d61eb4fadafdd1feea

    • SHA256

      1e288c686963eafc34411d4f94265eb1809492ab57a474848669eb3285a2afb3

    • SHA512

      d6165e567c80cd04c2506f285d48fb3e2dd6d46e4eda3b9bf76c2ea585ac446807ccabc02c4f8a6bede36a8ac1d1737eab3840cfdc703123daeccd526593f492

    • SSDEEP

      768:ccLie6lYEKyYSfk8tyPAR8NVgJMvtWHw1QgHpA:NLie6lYEKyYSfkwNY+MvtuWQgG

    Score
    7/10
    discovery
    behavioral17behavioral18

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Hijack Execution Flow

2
T1574

Privilege Escalation

Hijack Execution Flow

2
T1574

Defense Evasion

File and Directory Permissions Modification

3
T1222

Hijack Execution Flow

2
T1574

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

4
T1082

Query Registry

3
T1012

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks