General
-
Target
chappo_3_days_key_new.rar
-
Size
17.7MB
-
Sample
240427-z4hk7aha3w
-
MD5
abaac60d2349aef781d8697b26a09442
-
SHA1
f48b43b226cbbf16852f8c27710367c696b291e9
-
SHA256
f6c17feb9634d46a34ba851526576f947805135b368ff079936cdf0492553f70
-
SHA512
b4724a24e11000ae90e6a089125bbc4b140faab194d8f2dc4fb69b3f2112d4181c671bb242cf635dabd25b29071a3cdf1548d94ce06d7d14fd2c8ff2954dbcac
-
SSDEEP
393216:L3nwfyVg2kesEiwEOQ3kh+EjiRdiEAPo+kyfsC0Zwt5cnL0xfttDFBnUD9:zHaL1OQ+jjEAPo+kyfsCiU5co7tJG9
Behavioral task
behavioral1
Sample
chappo_3_days_key_new.rar
Resource
win10v2004-20240419-en
Behavioral task
behavioral2
Sample
chappo 3 days key new/Guna.UI2.dll
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
chappo_3_days_key_new.rar
-
Size
17.7MB
-
MD5
abaac60d2349aef781d8697b26a09442
-
SHA1
f48b43b226cbbf16852f8c27710367c696b291e9
-
SHA256
f6c17feb9634d46a34ba851526576f947805135b368ff079936cdf0492553f70
-
SHA512
b4724a24e11000ae90e6a089125bbc4b140faab194d8f2dc4fb69b3f2112d4181c671bb242cf635dabd25b29071a3cdf1548d94ce06d7d14fd2c8ff2954dbcac
-
SSDEEP
393216:L3nwfyVg2kesEiwEOQ3kh+EjiRdiEAPo+kyfsC0Zwt5cnL0xfttDFBnUD9:zHaL1OQ+jjEAPo+kyfsCiU5co7tJG9
Score3/10 -
-
-
Target
chappo 3 days key new/Guna.UI2.dll
-
Size
2.1MB
-
MD5
c97f23b52087cfa97985f784ea83498f
-
SHA1
d364618bec9cd6f8f5d4c24d3cc0f4c1a8e06b89
-
SHA256
e658e8a5616245dbe655e194b59f1bb704aaeafbd0925d6eebbe70555a638cdd
-
SHA512
ecfa83596f99afde9758d1142ff8b510a090cba6f42ba6fda8ca5e0520b658943ad85829a07bf17411e26e58432b74f05356f7eaeb3949a8834faa5de1a4f512
-
SSDEEP
49152:cvrqKk8q2gqi2OXCt6kuSw9g8PTNTN/23uxjPHEiCAjFcm:cvrqZr
Score1/10 -
-
-
Target
chappo 3 days key new/arfarf_protected.exe
-
Size
17.2MB
-
MD5
e235f21d7011f180d78ee3ef14a242da
-
SHA1
a5b61d7126cd4a5b98faf765dcab344bf4a61aef
-
SHA256
9ee7c83712c548764248b9aebec255d7678197ae3fb8c6947e93cd0a8c113249
-
SHA512
8605961845973597739f8a7184987593e61bf8cba582d2fda22f58ad9515644c39b4e0eb2e4c853203efeefc250756083043ed341283695a4c11cfad2e94731d
-
SSDEEP
393216:rJN6WaFIrwSZc1ujdGtZjq4HsuEaBtz4rUrlB7WBGB:D6WoAwzsQZdHsCtz4G6gB
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-