6715c0eff16eb7fb62b4e3c5f355b0548c695e5b12705a731a9abb4f8c7fef31 | Triage

Sharing

General

Target

STР.zip
Size

12.6MB
Sample

221024-qn7eyagge3
MD5

c8bf1ab25c6f7e64ce9e87c79ee6be50
SHA1

aafc318aebc66283b0adf61ebfa531df24be740d
SHA256

6715c0eff16eb7fb62b4e3c5f355b0548c695e5b12705a731a9abb4f8c7fef31
SHA512

2575b487a744e83d10b02032c6d05d74a584516726fcf9c0e1e3c32b86ea599ec4f67732bffaacd49962b524099f1fb3c6f69f88f53d591a357e318a93b5677b
SSDEEP

393216:hzOYIZ6oyB8QxvldWZoXPiVk+Us32kbR0S7QoczC:hzOYcM1+KPiVB3/lh

Score

8^/10

discovery link pdf persistence spyware upx

Malware Config

Targets

- Target
  
  Serilog.dll
- Size
  
  125KB
- MD5
  
  181f3e3d0c509566283156816eb317ca
- SHA1
  
  400debdd4fb9ae24719157132a87c4bfeff7fa6c
- SHA256
  
  db0a4c4a21a1ba0937d1c22095c2b0702422efd4c7a41aaa577608288a2e69fc
- SHA512
  
  039d5a0013d6f0e916a86baa95452d79d4524f5c83b913170daa73e1333b2d424c0d9a74193e71ede3a0866b778781c57993806baa08833d11df825626e6d667
- SSDEEP
  
  3072:6obKO7RaoWuUeZk/f0Sh1HlWZm1ZZTdyGFkNUMT+P65jDt:bbKKz1UeZk/Phv8lDuPa
Score

1^/10
behavioral1 behavioral2
- Target
  
  Setup.exe
- Size
  
  706.6MB
- MD5
  
  c3cc4a0e6e795464c7d4b5b96c91d70b
- SHA1
  
  dd398b58669733bbb48363f4ee163f3f9b1e6325
- SHA256
  
  856ee338756462e8041fa057c1a2a578536de2a6c559052c7e39f00760296e72
- SHA512
  
  d370f7c6bafe8676823b679706ab56a07ce60b84db2f97695a06813d538a16d42a7bf4f07dd879f0d12a9d3c3fbcdc5470ec584ade2e4b9cd0c14d4db88ba549
- SSDEEP
  
  24576:8PsWvw98o3C6ZC6BqNmK/cRgOnmq9g6ZB36rKX6sWWl3RuQ55313:8Z08ozZqfcOU7m6TlLl3
Score

8^/10

discovery spyware upx
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Modifies file permissions
  discovery
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  Seven.dll
- Size
  
  49KB
- MD5
  
  11eb138db53f5896f3cf95144d04132a
- SHA1
  
  204fd914b84630366c3a656254f39a99a884d8d4
- SHA256
  
  f80c92ce064a19d514cdaaf1838244f203c188462d26119df7b408291d68f8b8
- SHA512
  
  da60124b8c95e6bc7d123def35e61041f567df57401737ad3fdaeef12140d2a6410eedf6cd29889f401cae4cff7b6c0bdd71507b2885e06cb39d75da42bd63d5
- SSDEEP
  
  1536:Pyl9DERHUxDiJrVPpO+KeH8Ie1sGvLq4WMn:Kl9DGHUxDiJrRcIcsYV
Score

1^/10
behavioral5 behavioral6
- Target
  
  V2.dll
- Size
  
  976KB
- MD5
  
  b6dde6f8a1b88fe4aae962064a6f5271
- SHA1
  
  177543d5128191e4eabeabd4e99041ff4d193652
- SHA256
  
  a9f8f9c014a760b568212c99f17f2c1b4e0e4d6082f9971d04bd3250fa931927
- SHA512
  
  8c28819c5fc8c449b1ca6b395ff35deb099a44f857be35323347834c3285c87d65067b547eb6dead26183a06499f0324445103f03ca35935a2016e2e0af09115
- SSDEEP
  
  24576:2jveAn9tcCk5sYGKbqKmKVHIhMkVdyfcoET3qU/1+:2R9tcCEsd69GoAc
Score

1^/10
behavioral7 behavioral8
- Target
  
  d2.dll
- Size
  
  976KB
- MD5
  
  b6dde6f8a1b88fe4aae962064a6f5271
- SHA1
  
  177543d5128191e4eabeabd4e99041ff4d193652
- SHA256
  
  a9f8f9c014a760b568212c99f17f2c1b4e0e4d6082f9971d04bd3250fa931927
- SHA512
  
  8c28819c5fc8c449b1ca6b395ff35deb099a44f857be35323347834c3285c87d65067b547eb6dead26183a06499f0324445103f03ca35935a2016e2e0af09115
- SSDEEP
  
  24576:2jveAn9tcCk5sYGKbqKmKVHIhMkVdyfcoET3qU/1+:2R9tcCEsd69GoAc
Score

1^/10
behavioral9 behavioral10
- Target
  
  data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap2.scr
- Size
  
  123B
- MD5
  
  f52774e787d274875e8eb967f8b908e2
- SHA1
  
  bb9725667093d62543f6baf46de6a0e6fed256f6
- SHA256
  
  cad3bb02e1a95f3093256725d9c513925d97453861606a4f1fb9af42eda13e0c
- SHA512
  
  7ac292c31304fc6b566acef396ea72977db37eb9bb52013fc178887684c5b4a8f09ac40268be1d982e5f67b6eb38ffdacbeec79b84da9ff773392723db02d7cc
Score

1^/10
behavioral11 behavioral12
- Target
  
  data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap3.scr
- Size
  
  68B
- MD5
  
  d5b9b72a2be55229039e69fecdf75c97
- SHA1
  
  54522e65137dcabeb8075f07a029e46078128079
- SHA256
  
  533358055fa4a87047032ab1e96afbfb8a53ef0fa64655abf3d000151a8cb452
- SHA512
  
  1d4c1f3aa95e50b22e86919a37ab5fda4e70e72e034d86459e86fc31583bcd41d840590b182ec17c08b6bdb94eb61cedbaf846cbb207f274bea146f2bb1189b6
Score

1^/10
behavioral13 behavioral14
- Target
  
  data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap5.scr
- Size
  
  31B
- MD5
  
  9f55b4721767735801907b80989426c9
- SHA1
  
  456b37545db703f4dfd79162cce81de845268c63
- SHA256
  
  f261ddf2da69f59cf215286897bfb66dba3e8dbb4209564fbd654ff0144cfe6a
- SHA512
  
  0e13b9278e61a51e338aebad9058e8e3aa737158d919a285c4b74193d493ff70e5da0cd03d8cda0279b2ef664b034abea0417cf8d9af81dd2e5faf8f790bb976
Score

1^/10
behavioral15 behavioral16
- Target
  
  data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap7.scr
- Size
  
  31B
- MD5
  
  9f55b4721767735801907b80989426c9
- SHA1
  
  456b37545db703f4dfd79162cce81de845268c63
- SHA256
  
  f261ddf2da69f59cf215286897bfb66dba3e8dbb4209564fbd654ff0144cfe6a
- SHA512
  
  0e13b9278e61a51e338aebad9058e8e3aa737158d919a285c4b74193d493ff70e5da0cd03d8cda0279b2ef664b034abea0417cf8d9af81dd2e5faf8f790bb976
Score

1^/10
behavioral17 behavioral18
- Target
  
  data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap8.scr
- Size
  
  31B
- MD5
  
  9f55b4721767735801907b80989426c9
- SHA1
  
  456b37545db703f4dfd79162cce81de845268c63
- SHA256
  
  f261ddf2da69f59cf215286897bfb66dba3e8dbb4209564fbd654ff0144cfe6a
- SHA512
  
  0e13b9278e61a51e338aebad9058e8e3aa737158d919a285c4b74193d493ff70e5da0cd03d8cda0279b2ef664b034abea0417cf8d9af81dd2e5faf8f790bb976
Score

1^/10
behavioral19 behavioral20
- Target
  
  data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap9.scr
- Size
  
  31B
- MD5
  
  9f55b4721767735801907b80989426c9
- SHA1
  
  456b37545db703f4dfd79162cce81de845268c63
- SHA256
  
  f261ddf2da69f59cf215286897bfb66dba3e8dbb4209564fbd654ff0144cfe6a
- SHA512
  
  0e13b9278e61a51e338aebad9058e8e3aa737158d919a285c4b74193d493ff70e5da0cd03d8cda0279b2ef664b034abea0417cf8d9af81dd2e5faf8f790bb976
Score

1^/10
behavioral21 behavioral22
- Target
  
  data/App/Program Files/Common Files/VST2/Propellerhead Software/ReWire/ReWire.dll
- Size
  
  2.1MB
- MD5
  
  f402d709c9cc73b6754bc8b3eb03592a
- SHA1
  
  e58d5c787ab2096520128d75e6d6c3b48dbd9d6c
- SHA256
  
  5db19a996f7c0741e362115b58e66299bdd8ecedf01f632fbf82b8d09ee1e523
- SHA512
  
  ced3e9f3001aa3b4265ce914c400880439de6a190c614e73c35779488f4b2a50998e7601e8b53c3d20763ba160567e9ecd3f9515f96321416e0cc6417dda9f77
- SSDEEP
  
  1536:k6Elku9GdnyOvNJaooy/dwttuL9681ymX/1pHol9dlfKZS:1/nywSa6ttI081ymX/1poVxKw
Score

1^/10
behavioral23 behavioral24
- Target
  
  data/App/Program Files/Common Files/VST2/zalupa.exe
- Size
  
  3.6MB
- MD5
  
  1d07d94e8a1b2bee9cfbbc2172433715
- SHA1
  
  7d5d054d51e9a70cc96cfb5645b43bb217474033
- SHA256
  
  fcca557b7d36f5fa19122165040bad6807c18e7506e4007bde813aae676fc879
- SHA512
  
  2d892069350f1dbd34be616ccdf97d59249afb0ba6bb7e4fc7b97085537ee7ef911ec90e2d626655936a39609874f442cffe6559759898268447fe5f9ed9f4d1
- SSDEEP
  
  12288:rm4q5n9R45YrYD5lz3elmZb7mA2iAslHZ/7QWcflCgTeXeLSyT:bP15lzLOIAqR7qbTeyT
Score

1^/10
behavioral25 behavioral26
- Target
  
  data/App/x64/ASIO4ALL v2/ASIO4ALL v2 Instruction Manual.pdf
- Size
  
  247KB
- MD5
  
  882f5c35fe9bd596cef83b7582a6b47b
- SHA1
  
  70ebbd871b4e1b33487178e8e9b017b9c15f3f73
- SHA256
  
  94ce78f6b9b6d42c2c1a149e074e7f3aa2394dc5be002996a16d0b425a7a3f55
- SHA512
  
  3a61411a1bb4872f626ebce8bf8c7046ea20f01f7bd66caf051f276e0ec52a4359a6b6c4c0d5a84e4528f5220c67e49f57f309f497d8da3edd25b39ff328702a
- SSDEEP
  
  6144:Yen2ej43h1ghTADBNh3tc3KVJ3crl26aXq+3+U/V:bn2f3h1gEIaVJ3+PUq+uU/V
Score

1^/10
behavioral27 behavioral28
- Target
  
  data/App/x64/ASIO4ALL v2/asio4all.dll
- Size
  
  115KB
- MD5
  
  de9b771e11a5800254354124e16856ee
- SHA1
  
  d86ec1217077f65bdae1bc207ba16ad5ed98feaf
- SHA256
  
  f53f755e8ae24f9e6d1b925bf32702cf4bd0a92511f87d6c3503830a1fbef9da
- SHA512
  
  ea0c022843997c05d9d542479dc8c32e6df9bb0e936b1d3e12aeba3ee46b45cee059e640bc0fa777535befc1cfb9d08cddfc32c6090999c19a4171cf479ababd
- SSDEEP
  
  1536:ZvzplGOrgSF1HpH01/n8Cx3TzN9CVmkcu32hl:xJjeRDu32
Score

1^/10
behavioral29 behavioral30
- Target
  
  data/App/x64/ASIO4ALL v2/asio4all64.dll
- Size
  
  142KB
- MD5
  
  74edb1ea4bee5a60a683b5bb801f3574
- SHA1
  
  55b62e45e7cf3e4b7255c1f3841c886394c8d851
- SHA256
  
  5564e99ce1d0ec73e762156af09e3d22bfec7af6f1bdcabe81e64825c7ca53da
- SHA512
  
  ff6b8ff3f7f68e2700591991a1b862b2c3311a349c27c0facd0a0277c6394e905162f0637ab48eaa94515af29700d2031838cdaf997f7d6c0d521e3a20114266
- SSDEEP
  
  1536:DbF0z8pabtCmKHCZm8d4vzi7YetKrZECd/dUgRqXxJkCVmkcu32h:vJ8d4m7YrZL/y1Wu32
Score

8^/10

persistence
- Registers COM server for autorun
  persistence
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Scheduled Task

Registry Run Keys / Startup Folder

Privilege Escalation

Scheduled Task

Defense Evasion

File Permissions Modification

Scripting

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

discoveryspywareupx

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32