Overview
overview
8Static
static
1Burpy-main.zip
windows7-x64
1Burpy-main.zip
windows10-2004-x64
1Burpy-main...en.jar
windows7-x64
1Burpy-main...en.jar
windows10-2004-x64
7Burpy-main...tup.sh
ubuntu-18.04-amd64
3Burpy-main...tup.sh
debian-9-armhf
4Burpy-main...tup.sh
debian-9-mips
7Burpy-main...tup.sh
debian-9-mipsel
7Burpy-main...up.ps1
windows7-x64
3Burpy-main...up.ps1
windows10-2004-x64
8Burpy-main...pro.sh
ubuntu-18.04-amd64
1Burpy-main...pro.sh
debian-9-armhf
1Burpy-main...pro.sh
debian-9-mips
1Burpy-main...pro.sh
debian-9-mipsel
1Burpy-main/keygen.jar
windows7-x64
1Burpy-main/keygen.jar
windows10-2004-x64
7Burpy-main/loader.jar
windows7-x64
1Burpy-main/loader.jar
windows10-2004-x64
7Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29-06-2024 17:13
Static task
static1
Behavioral task
behavioral1
Sample
Burpy-main.zip
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
Burpy-main.zip
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Burpy-main/BurpLoaderKeygen.jar
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
Burpy-main/BurpLoaderKeygen.jar
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
Burpy-main/Linux_setup.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral6
Sample
Burpy-main/Linux_setup.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral7
Sample
Burpy-main/Linux_setup.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral8
Sample
Burpy-main/Linux_setup.sh
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral9
Sample
Burpy-main/Windows_setup.ps1
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
Burpy-main/Windows_setup.ps1
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
Burpy-main/burpsuite_pro.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral12
Sample
Burpy-main/burpsuite_pro.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral13
Sample
Burpy-main/burpsuite_pro.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral14
Sample
Burpy-main/burpsuite_pro.sh
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral15
Sample
Burpy-main/keygen.jar
Resource
win7-20240611-en
Behavioral task
behavioral16
Sample
Burpy-main/keygen.jar
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
Burpy-main/loader.jar
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
Burpy-main/loader.jar
Resource
win10v2004-20240508-en
General
-
Target
Burpy-main/Windows_setup.ps1
-
Size
4KB
-
MD5
74f29e4d8a32cc05bcf2c178776bd474
-
SHA1
d12b722495c870c3d14f0bf63bea982327aab47b
-
SHA256
8425f0551e0370598a2971d6d1643ea66a46120e0091bc780cd4f2796dd1b0ba
-
SHA512
57ebd2f8389e093d6253a13c5b55d311e890f80c998cd44d177711ebafe878c734db42b7603db2f308c9f57415ba7d885db23540ab9f8ba649f8966cfc017f7d
-
SSDEEP
96:HBDJa7Cc0SN5Hghz2P02RuPUeLbk7lfPQ5P02RutZn:dj7SjAhGeLMlnQLsZn
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
powershell.exepid process 2928 powershell.exe 2928 powershell.exe 2928 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 2928 powershell.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
powershell.exedescription pid process target process PID 2928 wrote to memory of 2656 2928 powershell.exe java.exe PID 2928 wrote to memory of 2656 2928 powershell.exe java.exe PID 2928 wrote to memory of 2656 2928 powershell.exe java.exe PID 2928 wrote to memory of 2660 2928 powershell.exe java.exe PID 2928 wrote to memory of 2660 2928 powershell.exe java.exe PID 2928 wrote to memory of 2660 2928 powershell.exe java.exe
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Burpy-main\Windows_setup.ps11⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe" -jar New-loader.jar2⤵
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe" --add-opens=java.desktop/javax.swing=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/jdk.internal.org.objectweb.asm=ALL-UNNAMED --add-opens=java.base/jdk.internal.org.objectweb.asm.tree=ALL-UNNAMED --add-opens=java.base/jdk.internal.org.objectweb.asm.Opcodes=ALL-UNNAMED -javaagent:New-loader.jar -noverify -jar burpsuite_pro.jar2⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2928-4-0x000007FEF5EDE000-0x000007FEF5EDF000-memory.dmpFilesize
4KB
-
memory/2928-6-0x0000000001D90000-0x0000000001D98000-memory.dmpFilesize
32KB
-
memory/2928-5-0x000000001B610000-0x000000001B8F2000-memory.dmpFilesize
2.9MB
-
memory/2928-7-0x000007FEF5C20000-0x000007FEF65BD000-memory.dmpFilesize
9.6MB
-
memory/2928-8-0x000007FEF5C20000-0x000007FEF65BD000-memory.dmpFilesize
9.6MB
-
memory/2928-9-0x000007FEF5C20000-0x000007FEF65BD000-memory.dmpFilesize
9.6MB
-
memory/2928-10-0x000007FEF5C20000-0x000007FEF65BD000-memory.dmpFilesize
9.6MB
-
memory/2928-15-0x000007FEF5C20000-0x000007FEF65BD000-memory.dmpFilesize
9.6MB
-
memory/2928-16-0x000007FEF5C20000-0x000007FEF65BD000-memory.dmpFilesize
9.6MB