Overview

overview

10

Static

static

7

Lowkey Cra...li.zip

windows7-x64

1

Lowkey Cra...li.zip

windows10-2004-x64

1

Lowkey Cra...ed.exe

windows7-x64

7

Lowkey Cra...ed.exe

windows10-2004-x64

7

Lowkey Cra...RU.exe

windows7-x64

10

Lowkey Cra...RU.exe

windows10-2004-x64

10

Lowkey Cra...rt.exe

windows7-x64

10

Lowkey Cra...rt.exe

windows10-2004-x64

10

Lowkey Cra...in.bat

windows7-x64

1

Lowkey Cra...in.bat

windows10-2004-x64

1

Lowkey Cra...in.txt

windows7-x64

1

Lowkey Cra...in.txt

windows10-2004-x64

1

Lowkey Cra...rl.dll

windows7-x64

1

Lowkey Cra...rl.dll

windows10-2004-x64

1

Lowkey Cra...d.1337

windows7-x64

3

Lowkey Cra...d.1337

windows10-2004-x64

3

Lowkey Cra...b1.dll

windows7-x64

1

Lowkey Cra...b1.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Lowkey Cracked_ BYKali.zip

  • Size

    6.2MB

  • Sample

    240701-ddyc3atfqg

  • MD5

    f282376252a6a5c99faf96f0a1418201

  • SHA1

    719700bf55be12e04f74a9a9390b113a95b0ce03

  • SHA256

    178d950e74dce8c1728c3b64614b775710f2dbdd72777358c5ceee81af0586f0

  • SHA512

    8ff256112108bf7965c7fbbf43de71712573bb41334d40596134ff9a495b4ae731d559d7d37d34b5cfa800e82003d87d2ba20caa3f2cade66192d1a354389df2

  • SSDEEP

    196608:+bL/0PD55fyGV3PlWAbPQIkvZY2+Ja56H:+X8tVyYNhbPCmtJCO

Score
10/10
evasionpersistencethemida

Malware Config

Targets

    • Target

      Lowkey Cracked_ BYKali.zip

    • Size

      6.2MB

    • MD5

      f282376252a6a5c99faf96f0a1418201

    • SHA1

      719700bf55be12e04f74a9a9390b113a95b0ce03

    • SHA256

      178d950e74dce8c1728c3b64614b775710f2dbdd72777358c5ceee81af0586f0

    • SHA512

      8ff256112108bf7965c7fbbf43de71712573bb41334d40596134ff9a495b4ae731d559d7d37d34b5cfa800e82003d87d2ba20caa3f2cade66192d1a354389df2

    • SSDEEP

      196608:+bL/0PD55fyGV3PlWAbPQIkvZY2+Ja56H:+X8tVyYNhbPCmtJCO

    Score
    1/10
    behavioral1behavioral2

    • Target

      Lowkey Cracked_ BYKali/Loader_protected.exe

    • Size

      5.4MB

    • MD5

      7294f33e7a488cd4ba10383f0a7a0d89

    • SHA1

      e280731d441b875d65be9010904925fbd05dac2a

    • SHA256

      84ea9e6a8a65b9d653b175b28a50da62469f07e7c5c94a0a7f81b939c3a254a5

    • SHA512

      abfafa0c7866adf45b53feea4e036c471e120502cfc29d591d5f87bc5c7251ddf9297a465efb246cc4e68d954ab1339b88e3f35516fc089faa2a9b2a60e8e806

    • SSDEEP

      98304:xHU+1MNuAmgEWiKsFmiSIRMOrBt3Ks7qXW7dp4vNOP2S+1m7BIESQZnBYT:xHUsjmbIDlKs7EUn4N24mVIitWT

    Score
    7/10
    themida

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida
    behavioral3behavioral4

    • Target

      Lowkey Cracked_ BYKali/Monitor Spoof/CRU.exe

    • Size

      1.4MB

    • MD5

      2b7a88c558a055878e72d6d96e2561bc

    • SHA1

      5b5089e85992a32d77dc837f65dbde11c547184c

    • SHA256

      446c40c07c4474244236bc50b498b2d61c5783bd2206d366ea10b332d0146622

    • SHA512

      7de24aafd170bf58b716af7dd27158e444141ed3ecae8001f127d04d6cb103dc38d4db542c8b8c78c30a3174bcfee4886cb664c17a2900e2b06f539ef3b79541

    • SSDEEP

      24576:PFOapLEWuIj9T0gR1U2vfVD8sA15qkJ1K3mbDQca9L32GYa:tdwfIj9T0ujvTO6L3L

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral5behavioral6

    • Target

      Lowkey Cracked_ BYKali/Monitor Spoof/restart.exe

    • Size

      198KB

    • MD5

      d41f2de16e192aa7f1d3edda64b00100

    • SHA1

      a7660dc9467035723e383b4e81eb1011a67a905a

    • SHA256

      611e3f76cd702a3d9f3877304732786001799c5769e70d7e2fc4646aa5e8b124

    • SHA512

      763e877ec5d621f76f8b4e517939b6f77acf44389665895c53ba297dacab281725fa48c8e68f836d5e07631bbc42a6bb8ba7c0520ffc313fa3746a6254b57a3b

    • SSDEEP

      3072:UVqoCl/YgjxEufVU0TbTyDDalQ/HstlC2R7JbQwUxc:UsLqdufVUNDadE2R7Jsjq

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral7behavioral8

    • Target

      Lowkey Cracked_ BYKali/Wifi & Bluetooth disabler/Disabler_Run_Admin.bat

    • Size

      1001B

    • MD5

      f231be56f8dd034fd9e62fe67b120dec

    • SHA1

      c0a4b9d91f5934f00a6cc28cdad56dfee45d3116

    • SHA256

      ff5735d7157d43beaf0ea13eae9dc29619d9384a79c0009c7b0ada9d722f0a30

    • SHA512

      0da567136e8e24ed1cdcd27633ba2f68c26c9fcc3038d1d7a041516e187d97c9a1fc22eb57552f4a4378e58daeb297991e95f388530fa38e12c67ddcf50b22dd

    Score
    1/10
    behavioral10behavioral9

    • Target

      Lowkey Cracked_ BYKali/last_login.txt

    • Size

      19B

    • MD5

      9c8cc58cec3d2ed0b7c6f012b94bc753

    • SHA1

      260681b47ecef8e165d8ba00ea391134d413b7d6

    • SHA256

      d56c28cf4b7e9c47a24e58671bcbd0e8d78230807eb2639e425e8322fab6d9a9

    • SHA512

      cda81f341f8c74a77382c3fdbb17c16c8fe47a91b40d48324e3a638c68949cc47252d58dcc83f2dd61032588b6a0c2465993a0966e03644b4ef9ff850ece9e9d

    Score
    1/10
    behavioral11behavioral12

    • Target

      Lowkey Cracked_ BYKali/libcurl.dll

    • Size

      497KB

    • MD5

      65fbb7674548d159e5bc1c5bb5dda427

    • SHA1

      87ae6fe4045bb4d50def309b24c96930b63b89b2

    • SHA256

      b3548dc70f66694e37b10ff26237a0b8d553fe6e1ad55565893878f2455a18bf

    • SHA512

      f2f096cde7cd03401f48b947a4dcdb0557de50483e6691bf1b46f20c5029b0b91e625aeb1a1357f195eb6d75cbbfc4b2eb0960a3dc2efd91a4835743783d6655

    • SSDEEP

      12288:Z+YFNRqjLSbhPgVJlWbSsDU0Eah0KJdHFWW1moH:Z+6hPy2DU0Eah0K/FW7oH

    Score
    1/10
    behavioral13behavioral14

    • Target

      Lowkey Cracked_ BYKali/lowkey-spoofer-fixed.1337

    • Size

      1KB

    • MD5

      eb7d7eca7af04125ed71b7c578d3fa73

    • SHA1

      89eaeb800f81d8437ea7b8ee0086c4e5ba999336

    • SHA256

      2b643ee0c64e8b915d4e38161cd6b8eb8664f43f88455b3d2da8ab7d271403b5

    • SHA512

      e405ca6fc480e4c53754b13632166a7b810c0365003b2ea68d7a086901b15c59dfd086413d07057822b13373059ea55ba1d625c4c24ce9839fb7c153721fc8a2

    Score
    3/10
    behavioral15behavioral16

    • Target

      Lowkey Cracked_ BYKali/zlib1.dll

    • Size

      85KB

    • MD5

      6b2cfe74852195fb8187f368b74f7635

    • SHA1

      e23e54714355b852726e81a17c444059e0d1339c

    • SHA256

      be93482393ca7d2b440d5559d86268758dadf2f13899978e0271ab1db06b8091

    • SHA512

      6f3ffb5baf6d89ecd76fbdd949327ad12bcfc25b973dc81df498033e3dd65e4bb9774d696e4059abd336dff3cb219ed5a36d38e2e0f63dae2db22c96c359ccd6

    • SSDEEP

      1536:kTHRfzojvOeiRMPrpbAE1ApOal2qk0MGmnToIfUIOcIOYGW3wY:UBzojvOeiRMTtAEepOT0PSTBf6SYfwY

    Score
    1/10
    behavioral17behavioral18

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

2
T1053

Scheduled Task

2
T1053.005

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Scheduled Task/Job

2
T1053

Scheduled Task

2
T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Scheduled Task/Job

2
T1053

Scheduled Task

2
T1053.005

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Modify Registry

4
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks