Overview

overview

10

Static

static

VirtualTab....2.zip

windows7-x64

1

VirtualTab....2.zip

windows10-2004-x64

1

VirtualTab...up.exe

windows7-x64

8

VirtualTab...up.exe

windows10-2004-x64

10

Resubmissions

18/09/2022, 00:37

220918-ayv7naeeaq 10

18/09/2022, 00:30

220918-atn8jsaeb9 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VirtualTabletServer_v3.0.2.zip

  • Size

    5.6MB

  • Sample

    220918-atn8jsaeb9

  • MD5

    7ca53fa398d7b0d7b5aa73c25147c081

  • SHA1

    df055d663f3566f22aa6fd5b4c49583431e72b57

  • SHA256

    7fb856737517ba5b4ecac0dcc2fe0e109c66ac6d7221788aac1e742223b1db78

  • SHA512

    a2d7a7e93c682435e1a997aa55e667ade7d42b72e512abe2485bce03ebca215446f1b97bf3d8cc2643caf42f0ba3ddd637f012c7a125ec4bff04f7719e1ef5a4

  • SSDEEP

    98304:jrbt7ovQzfgafbQyd0T5uScTH9V1blUP+MuTFJX0lqQeyg7vlXYEJ:jrbevMfgafbYWdVrUPsN8WVtJ

Score
10/10
discoveryevasionspywarestealertrojan

Malware Config

Targets

    • Target

      VirtualTabletServer_v3.0.2.zip

    • Size

      5.6MB

    • MD5

      7ca53fa398d7b0d7b5aa73c25147c081

    • SHA1

      df055d663f3566f22aa6fd5b4c49583431e72b57

    • SHA256

      7fb856737517ba5b4ecac0dcc2fe0e109c66ac6d7221788aac1e742223b1db78

    • SHA512

      a2d7a7e93c682435e1a997aa55e667ade7d42b72e512abe2485bce03ebca215446f1b97bf3d8cc2643caf42f0ba3ddd637f012c7a125ec4bff04f7719e1ef5a4

    • SSDEEP

      98304:jrbt7ovQzfgafbQyd0T5uScTH9V1blUP+MuTFJX0lqQeyg7vlXYEJ:jrbevMfgafbYWdVrUPsN8WVtJ

    Score
    1/10
    behavioral1behavioral2

    • Target

      VirtualTabletServer-v3-setup.exe

    • Size

      6.2MB

    • MD5

      5f7a4724ada809a157d89b0bb01bfc02

    • SHA1

      8961269ad0619af93d900244494519bec31ca6c3

    • SHA256

      faf955efd666dd2c767511e800cd4624d4dc51f997ecf6043329a0a1ae1920d2

    • SHA512

      1bc804a31bfb741f934a2cdea592168ec69adc3cf8ec374dcf3d7f2966b59cd1c96a8d4c81912a5088c74ee9e73120c67e2a54fb9e20a8bee46ab0630e6e3bbf

    • SSDEEP

      98304:pLJQ/pcbwLNG6rpBcd6LVoiMPb373DTUFKw2LVFXnfckwOinnRpwwXNa:pPb2NG6rpJYb7fUFIxfcHZ9a

    Score
    10/10
    discoveryevasionspywarestealertrojan

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks