03cc1c7315b11a3ef3424ed944b1eda42147375e0f88bd615bbfd802d8eb3dc0

Sharing

Copy URL

Twitter E-mail

General

Target

aaa.zip
Size

25.4MB
Sample

210111-x48q4txkrx
MD5

1cebf6e1e44be75c32d64573a82dff48
SHA1

12fbdf753b78229f02c35c3e2caddec75bd3639b
SHA256

03cc1c7315b11a3ef3424ed944b1eda42147375e0f88bd615bbfd802d8eb3dc0
SHA512

eec9d9193d02c99ac1571eb0a9cf07dd2597c30fab49f8712844519cd3ea82c4effb0cf5d2c4946f3ea8476702204649c3e345c23727d33d9445abf2bee4e846

Score

8^/10

Malware Config

Targets

- Target
  
  aaa/0aeaa6a4869e4194560801bc0d343b2960265ea94bba21551f819f06119e9e4d
- Size
  
  533KB
- MD5
  
  aa37abf70137b64110247cb8c4399525
- SHA1
  
  4a44a40328627844aecfc96699962bead9fb8a40
- SHA256
  
  0aeaa6a4869e4194560801bc0d343b2960265ea94bba21551f819f06119e9e4d
- SHA512
  
  2911808599ddfe6f988c5dd65d641f583c90dd557685a9e5d7b399c884902e4d9c277cd91967062af8b5c4a6ef6f4d7a54ba401c29b23db70747362c93eb0a72
Score

1^/10
behavioral1 behavioral2
- Target
  
  aaa/0b85cc4ba012e131d062e7f57ea2bdd3b2a1d7aafa18f54de73ec8a13093a991
- Size
  
  74KB
- MD5
  
  38d3fae7087fdb489127cf705aae48b1
- SHA1
  
  c6a76488a21394ab24c573740acf80d1eb234b80
- SHA256
  
  0b85cc4ba012e131d062e7f57ea2bdd3b2a1d7aafa18f54de73ec8a13093a991
- SHA512
  
  eb8a5a0670f87ea0250c0f208fb332978449e8e133cef5816d56f62d37ecc0e4b981b8dfb385a37717add46a1b41e0d584ae385e2fed48295c477e5bcc1c93f9
Score

7^/10
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  aaa/116bf0d3c1429a18f482839815965d08bb6719c6f471f7b95f955d201e16ec58
- Size
  
  56KB
- MD5
  
  935b1902862b1a7dd9752179e5c95149
- SHA1
  
  90a6642d5da4593a68a05ce9051092e1a44d6613
- SHA256
  
  116bf0d3c1429a18f482839815965d08bb6719c6f471f7b95f955d201e16ec58
- SHA512
  
  84e894cb02e2718b6f0e1b29d1677506024e809961bf1fa02ad59e982eabb1a2d1452009a2cf1293584d4c9c2085c0ede0c729730ba310f284d6d19d559e787c
Score

1^/10
behavioral5 behavioral6
- Target
  
  aaa/23acdf96f925f10dd8e3bd455200a4aab42ae82976ab3dc14e571b83740ad989
- Size
  
  74KB
- MD5
  
  5b5f13ab526b17d22a606e822d268135
- SHA1
  
  b998d3a217b7f3c6515b24507881c68d6c51216f
- SHA256
  
  23acdf96f925f10dd8e3bd455200a4aab42ae82976ab3dc14e571b83740ad989
- SHA512
  
  1ea9d9364c5022a33ff8cd8e0774c66e62a870d451688d206751b74691f1326c467ba133791703016a1f4851dbe50b754173f5fda56387afe100f5117562f418
Score

7^/10
- Loads dropped DLL
behavioral7 behavioral8
- Target
  
  aaa/288b6ecc06b4333903ad475d83dcc5fe6a4ea59cd3ee57136d858c58a1e582e0
- Size
  
  16KB
- MD5
  
  d3858ef6f7ab89450aaab1690885da3b
- SHA1
  
  bab4bb1fc474a365f2fc32ddf66781e0e4fb79e8
- SHA256
  
  288b6ecc06b4333903ad475d83dcc5fe6a4ea59cd3ee57136d858c58a1e582e0
- SHA512
  
  c7bd83902973b8c87a883f65e0ff15d8159238388bfb02894c2eaab400a18dfd3f901c331bc345601f629643fab59988c5ab27bc6f1d44b475a3551e2765581f
Score

3^/10
behavioral9 behavioral10
- Target
  
  aaa/2c30107134bc59e670e958f16703faba285a98e900de8971e4b0dee8632ee8a6
- Size
  
  220KB
- MD5
  
  4b3aa8cccb0119c4c4810a1bae3b6768
- SHA1
  
  879756704b26f90ec5501c3f074ec0e0816db1ba
- SHA256
  
  2c30107134bc59e670e958f16703faba285a98e900de8971e4b0dee8632ee8a6
- SHA512
  
  9141fa2fb3156c6b06f283542b361f109b7d171053953e289f2a8c843c92707cdac28918299440f59b6ac503e40a3f665e5364cafca551d5cfff72089b8af2fa
Score

1^/10
behavioral11 behavioral12
- Target
  
  aaa/43506f36c6f9fd535918a08bc28e99c0b275c02fe73bd2d02498cc57c2f95ab2
- Size
  
  74KB
- MD5
  
  50f18622f17bb99e57370783c5ceb24a
- SHA1
  
  8e72414d9ee77da1f8379fea61d5e92c83850147
- SHA256
  
  43506f36c6f9fd535918a08bc28e99c0b275c02fe73bd2d02498cc57c2f95ab2
- SHA512
  
  017f45ac4873da09f6bcd0fca8db19957ca328c96eb9acd713ac1ad485a24b34af0ff4074924bbab0cdf02e803b6fd51b7f2e8ab27fb9bf4bef97dfeb49e6854
Score

7^/10
- Loads dropped DLL
behavioral13 behavioral14
- Target
  
  aaa/64d883ee1fb2e8a2c0f5b0c3c2465c817a0420004dab63db8aacd08c2ae93ba8
- Size
  
  556KB
- MD5
  
  13192ace53c44630185ac602bdd9ad09
- SHA1
  
  7922ddff019b3622de89a98ecdcdc43d7d260cea
- SHA256
  
  64d883ee1fb2e8a2c0f5b0c3c2465c817a0420004dab63db8aacd08c2ae93ba8
- SHA512
  
  cbc4216e1b86e8a3b128454b36607e799cce51a81e7a3fad7cf91c345ea5e37d7c1515094c391938ecdc89c042459f6501ccb9aeaf1e9b0fb03b9ae548ea876d
Score

1^/10
behavioral15 behavioral16
- Target
  
  aaa/77716d30c3925e1776d3a6a9e97e4ada089a9cfd4510f5818c65c43545eae971
- Size
  
  4.1MB
- MD5
  
  f5b88e160e5913bd48ece987cd586dbe
- SHA1
  
  a95b919552a76eabef2e7ec75e52d821c0b5105c
- SHA256
  
  77716d30c3925e1776d3a6a9e97e4ada089a9cfd4510f5818c65c43545eae971
- SHA512
  
  2f4fb0ab78328a8356ee315a64c70eac0f730cd5d72ea9e8a3eaa279e4bee54e9feb4c541862b4f699529809973e8edf8cc83537596be3c3892911e1c11341a5
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
- JavaScript code in executable
behavioral17 behavioral18
- Target
  
  aaa/80e69f0f745b00f4b941b48f268336740070b2c71a5b960443eac02510dc4b86
- Size
  
  2.6MB
- MD5
  
  7a73b44a1dfcb16443131cb91b7ab9e2
- SHA1
  
  2c40265ccc99235d016bf5ee0bdd557a689eb5ff
- SHA256
  
  80e69f0f745b00f4b941b48f268336740070b2c71a5b960443eac02510dc4b86
- SHA512
  
  1e7e212de354892058251134922ab5d360d37a3fda5a566d338efad4f16e08eedf8152fa13aa0d4d2efb08539ce1ef05e930ea7daa0a9e3d28b55ad76dc0f0bc
Score

1^/10
behavioral19 behavioral20
- Target
  
  aaa/82829d72ba042808625f139a141694038b2237af299c4399d2dc1dd137a3b889
- Size
  
  74KB
- MD5
  
  a0dc65b27430e47fd48e0b31a6a42545
- SHA1
  
  97cd1543d083fb3d5d98c80a30b4f7bed05e6c6f
- SHA256
  
  82829d72ba042808625f139a141694038b2237af299c4399d2dc1dd137a3b889
- SHA512
  
  85628a7ee05c52b5fa14a1f4e5b5d1a7a2db1809d9ecc760fcf01a31c57984c589285d831dc605c96359e439784bf2040ab2e71563f4e6b4b92c2efafa61bf72
Score

7^/10
- Loads dropped DLL
behavioral21 behavioral22
- Target
  
  aaa/82fdd2cb7efced599ef303e046d5917c04ad68abcc697386f3f7df27c6c20b03
- Size
  
  586KB
- MD5
  
  6648122661eacc6fe1bc64aeaed3fbdd
- SHA1
  
  707e42456245f6166ac1f4d7de2f47f51f688df6
- SHA256
  
  82fdd2cb7efced599ef303e046d5917c04ad68abcc697386f3f7df27c6c20b03
- SHA512
  
  f3af3861e2ded2d1f4c8e2a467f575bb7a2392774b4339148e0cb2fcab44d1938221c1c306be5bdf80735f03ce069e13e23e20527d6d2649ae5d9be14769c735
Score

8^/10

vmprotect
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Deletes itself
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral23 behavioral24
- Target
  
  aaa/8be912fda08cf4e47fc5756a7f4b28d51e6e5bef65dbfe7033539160748b2527
- Size
  
  74KB
- MD5
  
  0ed8dc42764210e66da2b780c89cf026
- SHA1
  
  9ee1ab31359b85ed81a3b39dde0b9e6e11a53342
- SHA256
  
  8be912fda08cf4e47fc5756a7f4b28d51e6e5bef65dbfe7033539160748b2527
- SHA512
  
  baa1065da6e965f963f719e40c8482abef465bfe6f37b4577e47b80f249a839c60acbabb58de50d8d8b25a5f4e7ecdc7cbae62a9a92d46e1d7d1472975decee7
Score

7^/10
- Loads dropped DLL
behavioral25 behavioral26
- Target
  
  aaa/a71212bbb7080a63cb58e2815707be8daaa55e4850e6a0d899912034677bd995
- Size
  
  2.6MB
- MD5
  
  7b596aac0a09438b88876c544b178855
- SHA1
  
  9de5ffeb08ff8f6d6f0dedfb2718cb5d0dd06e67
- SHA256
  
  a71212bbb7080a63cb58e2815707be8daaa55e4850e6a0d899912034677bd995
- SHA512
  
  0e8a06d35cc870f24f7494751085e86d3a660e10d7749d9fd3f6262c53eea0539b195c081834cdbe773661a35aa8700d85dc03e258714034315db8fa735a6105
Score

8^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral27 behavioral28
- Target
  
  aaa/aa7cce2f9f6776129e2c41c48171e597504a5354d34f7503630651a748ebee61
- Size
  
  8.0MB
- MD5
  
  c1507f4fd86ddefc8ac9df58e921f722
- SHA1
  
  ce2fbebce0e12610e74040d5254e816f1653dade
- SHA256
  
  aa7cce2f9f6776129e2c41c48171e597504a5354d34f7503630651a748ebee61
- SHA512
  
  23d609884ed144166d082d2614a0db912092bfb5e0fe4083f7a7c1cdb3339bc179228899271bfb808a7e30ae664b2825272bc6881e8b741749209002126a4b43
Score

8^/10

spyware
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- JavaScript code in executable
behavioral29 behavioral30
- Target
  
  aaa/b50d27cdc9db3929b4d0ad03ee41ece53c020d89beebecf6a033b4cf8624ed25
- Size
  
  277KB
- MD5
  
  ccbbea2fda6406f3969662a3c5b1f8b1
- SHA1
  
  a925248a540d0397dc58d9f86ab439a9c3e346f5
- SHA256
  
  b50d27cdc9db3929b4d0ad03ee41ece53c020d89beebecf6a033b4cf8624ed25
- SHA512
  
  c319303d7333ae2c913d616cd08094ad359d6858855a3c965d6d16d55c5ee40438c6b049083e932122cb31ccf0aaffb53e3f3d9f780409772193932b7662ba5f
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Loads dropped DLL

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

JavaScript code in executable

Loads dropped DLL

Executes dropped EXE

VMProtect packed file

Deletes itself

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Suspicious use of SetThreadContext

Executes dropped EXE

Drops startup file

Loads dropped DLL

Reads user/profile data of web browsers

JavaScript code in executable

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32