Let’s nuke Megumin Trojan
Tags
cmtmf-attack-pattern: Command-Line Interface Native Code Process Injection
attack-pattern: Data Clipboard Data - T1414 Command-Line Interface - T1605 Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 File Deletion - T1070.004 File Deletion - T1630.002 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Process Hollowing - T1055.012 Process Injection - T1631 Registry Run Keys / Startup Folder - T1547.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Trap - T1546.005 Clipboard Data - T1115 Command-Line Interface - T1059 File Deletion - T1107 Process Hollowing - T1093 Process Injection - T1055 Registry Run Keys / Start Folder - T1060 Scheduled Task - T1053 Trap - T1154 Command-Line Interface
Show in Graph
Common Information
Type Value
UUID c411ab44-abe2-4979-abcb-0f713e3d8986
Fingerprint 34141d37adf72699
Analysis status DONE
Considered CTI value 2
Text language
Published May 3, 2019, 11:05 a.m.
Added to db Sept. 26, 2022, 9:31 a.m.
Last updated Nov. 20, 2024, 8:43 a.m.
Headline Let’s nuke Megumin Trojan
Title Let’s nuke Megumin Trojan
Detected Hints/Tags/Attributes 82/2/20
Source URLs
Redirection Url
Details Source https://fumik0.com/2019/05/03/lets-nuke-megumin-trojan/
URL Provider
Details Provider Source level domain
Details fumik0.com fumik0.com
Attributes
Details Type #Events CTI Value
Details Domain 919 
any.run
Details Domain 1 
ya.money
Details Domain 2 
vk.cc
Details Domain 1 
90551.prohoster.biz
Details Domain 1 
baldorclip.icu
Details Domain 1 
santaluisa.top
Details Domain 1 
megumin.top
Details Domain 1 
megumin.world
Details File 1 
reserv.exe
Details File 175 
update.exe
Details sha256 1 
d15e1bc9096810fb4c954e5487d5a54f8c743cfd36ed0639a0b4cb044e04339f
Details sha256 1 
e6c447c826ae810dec6059c797aa04474dd27f84e37e61b650158449b5229469
Details sha256 1 
c70120ee9dd25640049fa2d08a76165948491e4cf236ec5ff204e927a0b14918
Details sha256 1 
d431e6f0d3851bbc5a956c5ca98ae43c3a99109b5832b5ac458b8def984357b8
Details sha256 1 
ed65610f2685f2b8c765ee2968c37dfce286ddcc31029ee6091c89505f341b97
Details sha256 1 
89813ebf2da34d52c1b924b408d0b46d1188b38f035d22fab26b852ad6a6fc19
Details sha256 1 
8777749af37a2fd290aad42eb87110d1ab7ccff4baa88bd130442f25578f3fe1
Details Pdb 1 
c:\users\ddani\source\repos\meguminv2\release\meguminv2.pdb
Details Pdb 1 
c:\users\administrator\desktop\meguminv2\release\meguminv2.pdb
Details Yara rule 1 
rule Megumin : Megumin {
	meta:
		description = "Detecting Megumin v2"
		author = "Fumik0_"
		date = "2019-05-02"
	strings:
		$mz = { 4D 5A }
		$s1 = "Megumin/2.0" ascii wide
		$s2 = "/cpu" ascii wide
		$s3 = "/task?hwid=" ascii wide
		$s4 = "/gate?hwid=" ascii wide
		$s5 = "/suicide" ascii wide
	condition:
		$mz at 0 and (all of ($s*))
}