General
-
Target
Black bullet cracked (python version.exe
-
Size
17.8MB
-
Sample
240701-paqdtstgkq
-
MD5
dcaa56741e6f842576d96d1a158e9c2e
-
SHA1
e69d1e8efdf2da43206cf01240300b92c67c3c7a
-
SHA256
05df54a431ac458c349a2a379fda8816adb260780abf1054dd8cd501ee32d83a
-
SHA512
bc67f88c1e86a1d9d2826be23da4b8403bb0dcec1033c408bf23b659d1cd41a1fd6142ffeca64eae3900d108ded2803bf8efe1572727d0eaaa6e81de6ff8b4f7
-
SSDEEP
393216:LqPnLFXlrPmQ8DOETgsvfGFQgvCYDvE5niu6ppq:ePLFXNOQhEdmCjUuJ
Behavioral task
behavioral1
Sample
Black bullet cracked (python version.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Black bullet cracked (python version.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Black bullet cracked (python version.exe
-
Size
17.8MB
-
MD5
dcaa56741e6f842576d96d1a158e9c2e
-
SHA1
e69d1e8efdf2da43206cf01240300b92c67c3c7a
-
SHA256
05df54a431ac458c349a2a379fda8816adb260780abf1054dd8cd501ee32d83a
-
SHA512
bc67f88c1e86a1d9d2826be23da4b8403bb0dcec1033c408bf23b659d1cd41a1fd6142ffeca64eae3900d108ded2803bf8efe1572727d0eaaa6e81de6ff8b4f7
-
SSDEEP
393216:LqPnLFXlrPmQ8DOETgsvfGFQgvCYDvE5niu6ppq:ePLFXNOQhEdmCjUuJ
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1