Overview
overview
8Static
static
4Serilog.dll
windows7-x64
1Serilog.dll
windows10-2004-x64
1Setup.exe
windows7-x64
8Setup.exe
windows10-2004-x64
7Seven.dll
windows7-x64
1Seven.dll
windows10-2004-x64
1V2.dll
windows7-x64
1V2.dll
windows10-2004-x64
1d2.dll
windows7-x64
1d2.dll
windows10-2004-x64
1data/App/D...p2.scr
windows7-x64
data/App/D...p2.scr
windows10-2004-x64
data/App/D...p3.scr
windows7-x64
data/App/D...p3.scr
windows10-2004-x64
data/App/D...p5.scr
windows7-x64
data/App/D...p5.scr
windows10-2004-x64
data/App/D...p7.scr
windows7-x64
data/App/D...p7.scr
windows10-2004-x64
data/App/D...p8.scr
windows7-x64
data/App/D...p8.scr
windows10-2004-x64
data/App/D...p9.scr
windows7-x64
data/App/D...p9.scr
windows10-2004-x64
data/App/P...re.dll
windows7-x64
1data/App/P...re.dll
windows10-2004-x64
1data/App/P...pa.exe
windows7-x64
data/App/P...pa.exe
windows10-2004-x64
data/App/x...al.pdf
windows7-x64
1data/App/x...al.pdf
windows10-2004-x64
1data/App/x...ll.dll
windows7-x64
1data/App/x...ll.dll
windows10-2004-x64
1data/App/x...64.dll
windows7-x64
8data/App/x...64.dll
windows10-2004-x64
8General
-
Target
STР.zip
-
Size
12.6MB
-
Sample
221024-qn7eyagge3
-
MD5
c8bf1ab25c6f7e64ce9e87c79ee6be50
-
SHA1
aafc318aebc66283b0adf61ebfa531df24be740d
-
SHA256
6715c0eff16eb7fb62b4e3c5f355b0548c695e5b12705a731a9abb4f8c7fef31
-
SHA512
2575b487a744e83d10b02032c6d05d74a584516726fcf9c0e1e3c32b86ea599ec4f67732bffaacd49962b524099f1fb3c6f69f88f53d591a357e318a93b5677b
-
SSDEEP
393216:hzOYIZ6oyB8QxvldWZoXPiVk+Us32kbR0S7QoczC:hzOYcM1+KPiVB3/lh
Behavioral task
behavioral1
Sample
Serilog.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Serilog.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
Setup.exe
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
Setup.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
Seven.dll
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
Seven.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral7
Sample
V2.dll
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
V2.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
d2.dll
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
d2.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral11
Sample
data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap2.scr
Resource
win7-20220812-en
Behavioral task
behavioral12
Sample
data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap2.scr
Resource
win10v2004-20220812-en
Behavioral task
behavioral13
Sample
data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap3.scr
Resource
win7-20220901-en
Behavioral task
behavioral14
Sample
data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap3.scr
Resource
win10v2004-20220812-en
Behavioral task
behavioral15
Sample
data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap5.scr
Resource
win7-20220812-en
Behavioral task
behavioral16
Sample
data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap5.scr
Resource
win10v2004-20220812-en
Behavioral task
behavioral17
Sample
data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap7.scr
Resource
win7-20220901-en
Behavioral task
behavioral18
Sample
data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap7.scr
Resource
win10v2004-20220812-en
Behavioral task
behavioral19
Sample
data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap8.scr
Resource
win7-20220812-en
Behavioral task
behavioral20
Sample
data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap8.scr
Resource
win10v2004-20220812-en
Behavioral task
behavioral21
Sample
data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap9.scr
Resource
win7-20220901-en
Behavioral task
behavioral22
Sample
data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap9.scr
Resource
win10v2004-20220812-en
Behavioral task
behavioral23
Sample
data/App/Program Files/Common Files/VST2/Propellerhead Software/ReWire/ReWire.dll
Resource
win7-20220812-en
Behavioral task
behavioral24
Sample
data/App/Program Files/Common Files/VST2/Propellerhead Software/ReWire/ReWire.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral25
Sample
data/App/Program Files/Common Files/VST2/zalupa.exe
Resource
win7-20220812-en
Behavioral task
behavioral26
Sample
data/App/Program Files/Common Files/VST2/zalupa.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral27
Sample
data/App/x64/ASIO4ALL v2/ASIO4ALL v2 Instruction Manual.pdf
Resource
win7-20220812-en
Behavioral task
behavioral28
Sample
data/App/x64/ASIO4ALL v2/ASIO4ALL v2 Instruction Manual.pdf
Resource
win10v2004-20220901-en
Behavioral task
behavioral29
Sample
data/App/x64/ASIO4ALL v2/asio4all.dll
Resource
win7-20220812-en
Behavioral task
behavioral30
Sample
data/App/x64/ASIO4ALL v2/asio4all.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral31
Sample
data/App/x64/ASIO4ALL v2/asio4all64.dll
Resource
win7-20220812-en
Behavioral task
behavioral32
Sample
data/App/x64/ASIO4ALL v2/asio4all64.dll
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
Serilog.dll
-
Size
125KB
-
MD5
181f3e3d0c509566283156816eb317ca
-
SHA1
400debdd4fb9ae24719157132a87c4bfeff7fa6c
-
SHA256
db0a4c4a21a1ba0937d1c22095c2b0702422efd4c7a41aaa577608288a2e69fc
-
SHA512
039d5a0013d6f0e916a86baa95452d79d4524f5c83b913170daa73e1333b2d424c0d9a74193e71ede3a0866b778781c57993806baa08833d11df825626e6d667
-
SSDEEP
3072:6obKO7RaoWuUeZk/f0Sh1HlWZm1ZZTdyGFkNUMT+P65jDt:bbKKz1UeZk/Phv8lDuPa
Score1/10 -
-
-
Target
Setup.exe
-
Size
706.6MB
-
MD5
c3cc4a0e6e795464c7d4b5b96c91d70b
-
SHA1
dd398b58669733bbb48363f4ee163f3f9b1e6325
-
SHA256
856ee338756462e8041fa057c1a2a578536de2a6c559052c7e39f00760296e72
-
SHA512
d370f7c6bafe8676823b679706ab56a07ce60b84db2f97695a06813d538a16d42a7bf4f07dd879f0d12a9d3c3fbcdc5470ec584ade2e4b9cd0c14d4db88ba549
-
SSDEEP
24576:8PsWvw98o3C6ZC6BqNmK/cRgOnmq9g6ZB36rKX6sWWl3RuQ55313:8Z08ozZqfcOU7m6TlLl3
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
Seven.dll
-
Size
49KB
-
MD5
11eb138db53f5896f3cf95144d04132a
-
SHA1
204fd914b84630366c3a656254f39a99a884d8d4
-
SHA256
f80c92ce064a19d514cdaaf1838244f203c188462d26119df7b408291d68f8b8
-
SHA512
da60124b8c95e6bc7d123def35e61041f567df57401737ad3fdaeef12140d2a6410eedf6cd29889f401cae4cff7b6c0bdd71507b2885e06cb39d75da42bd63d5
-
SSDEEP
1536:Pyl9DERHUxDiJrVPpO+KeH8Ie1sGvLq4WMn:Kl9DGHUxDiJrRcIcsYV
Score1/10 -
-
-
Target
V2.dll
-
Size
976KB
-
MD5
b6dde6f8a1b88fe4aae962064a6f5271
-
SHA1
177543d5128191e4eabeabd4e99041ff4d193652
-
SHA256
a9f8f9c014a760b568212c99f17f2c1b4e0e4d6082f9971d04bd3250fa931927
-
SHA512
8c28819c5fc8c449b1ca6b395ff35deb099a44f857be35323347834c3285c87d65067b547eb6dead26183a06499f0324445103f03ca35935a2016e2e0af09115
-
SSDEEP
24576:2jveAn9tcCk5sYGKbqKmKVHIhMkVdyfcoET3qU/1+:2R9tcCEsd69GoAc
Score1/10 -
-
-
Target
d2.dll
-
Size
976KB
-
MD5
b6dde6f8a1b88fe4aae962064a6f5271
-
SHA1
177543d5128191e4eabeabd4e99041ff4d193652
-
SHA256
a9f8f9c014a760b568212c99f17f2c1b4e0e4d6082f9971d04bd3250fa931927
-
SHA512
8c28819c5fc8c449b1ca6b395ff35deb099a44f857be35323347834c3285c87d65067b547eb6dead26183a06499f0324445103f03ca35935a2016e2e0af09115
-
SSDEEP
24576:2jveAn9tcCk5sYGKbqKmKVHIhMkVdyfcoET3qU/1+:2R9tcCEsd69GoAc
Score1/10 -
-
-
Target
data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap2.scr
-
Size
123B
-
MD5
f52774e787d274875e8eb967f8b908e2
-
SHA1
bb9725667093d62543f6baf46de6a0e6fed256f6
-
SHA256
cad3bb02e1a95f3093256725d9c513925d97453861606a4f1fb9af42eda13e0c
-
SHA512
7ac292c31304fc6b566acef396ea72977db37eb9bb52013fc178887684c5b4a8f09ac40268be1d982e5f67b6eb38ffdacbeec79b84da9ff773392723db02d7cc
Score1/10 -
-
-
Target
data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap3.scr
-
Size
68B
-
MD5
d5b9b72a2be55229039e69fecdf75c97
-
SHA1
54522e65137dcabeb8075f07a029e46078128079
-
SHA256
533358055fa4a87047032ab1e96afbfb8a53ef0fa64655abf3d000151a8cb452
-
SHA512
1d4c1f3aa95e50b22e86919a37ab5fda4e70e72e034d86459e86fc31583bcd41d840590b182ec17c08b6bdb94eb61cedbaf846cbb207f274bea146f2bb1189b6
Score1/10 -
-
-
Target
data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap5.scr
-
Size
31B
-
MD5
9f55b4721767735801907b80989426c9
-
SHA1
456b37545db703f4dfd79162cce81de845268c63
-
SHA256
f261ddf2da69f59cf215286897bfb66dba3e8dbb4209564fbd654ff0144cfe6a
-
SHA512
0e13b9278e61a51e338aebad9058e8e3aa737158d919a285c4b74193d493ff70e5da0cd03d8cda0279b2ef664b034abea0417cf8d9af81dd2e5faf8f790bb976
Score1/10 -
-
-
Target
data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap7.scr
-
Size
31B
-
MD5
9f55b4721767735801907b80989426c9
-
SHA1
456b37545db703f4dfd79162cce81de845268c63
-
SHA256
f261ddf2da69f59cf215286897bfb66dba3e8dbb4209564fbd654ff0144cfe6a
-
SHA512
0e13b9278e61a51e338aebad9058e8e3aa737158d919a285c4b74193d493ff70e5da0cd03d8cda0279b2ef664b034abea0417cf8d9af81dd2e5faf8f790bb976
Score1/10 -
-
-
Target
data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap8.scr
-
Size
31B
-
MD5
9f55b4721767735801907b80989426c9
-
SHA1
456b37545db703f4dfd79162cce81de845268c63
-
SHA256
f261ddf2da69f59cf215286897bfb66dba3e8dbb4209564fbd654ff0144cfe6a
-
SHA512
0e13b9278e61a51e338aebad9058e8e3aa737158d919a285c4b74193d493ff70e5da0cd03d8cda0279b2ef664b034abea0417cf8d9af81dd2e5faf8f790bb976
Score1/10 -
-
-
Target
data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap9.scr
-
Size
31B
-
MD5
9f55b4721767735801907b80989426c9
-
SHA1
456b37545db703f4dfd79162cce81de845268c63
-
SHA256
f261ddf2da69f59cf215286897bfb66dba3e8dbb4209564fbd654ff0144cfe6a
-
SHA512
0e13b9278e61a51e338aebad9058e8e3aa737158d919a285c4b74193d493ff70e5da0cd03d8cda0279b2ef664b034abea0417cf8d9af81dd2e5faf8f790bb976
Score1/10 -
-
-
Target
data/App/Program Files/Common Files/VST2/Propellerhead Software/ReWire/ReWire.dll
-
Size
2.1MB
-
MD5
f402d709c9cc73b6754bc8b3eb03592a
-
SHA1
e58d5c787ab2096520128d75e6d6c3b48dbd9d6c
-
SHA256
5db19a996f7c0741e362115b58e66299bdd8ecedf01f632fbf82b8d09ee1e523
-
SHA512
ced3e9f3001aa3b4265ce914c400880439de6a190c614e73c35779488f4b2a50998e7601e8b53c3d20763ba160567e9ecd3f9515f96321416e0cc6417dda9f77
-
SSDEEP
1536:k6Elku9GdnyOvNJaooy/dwttuL9681ymX/1pHol9dlfKZS:1/nywSa6ttI081ymX/1poVxKw
Score1/10 -
-
-
Target
data/App/Program Files/Common Files/VST2/zalupa.exe
-
Size
3.6MB
-
MD5
1d07d94e8a1b2bee9cfbbc2172433715
-
SHA1
7d5d054d51e9a70cc96cfb5645b43bb217474033
-
SHA256
fcca557b7d36f5fa19122165040bad6807c18e7506e4007bde813aae676fc879
-
SHA512
2d892069350f1dbd34be616ccdf97d59249afb0ba6bb7e4fc7b97085537ee7ef911ec90e2d626655936a39609874f442cffe6559759898268447fe5f9ed9f4d1
-
SSDEEP
12288:rm4q5n9R45YrYD5lz3elmZb7mA2iAslHZ/7QWcflCgTeXeLSyT:bP15lzLOIAqR7qbTeyT
Score1/10 -
-
-
Target
data/App/x64/ASIO4ALL v2/ASIO4ALL v2 Instruction Manual.pdf
-
Size
247KB
-
MD5
882f5c35fe9bd596cef83b7582a6b47b
-
SHA1
70ebbd871b4e1b33487178e8e9b017b9c15f3f73
-
SHA256
94ce78f6b9b6d42c2c1a149e074e7f3aa2394dc5be002996a16d0b425a7a3f55
-
SHA512
3a61411a1bb4872f626ebce8bf8c7046ea20f01f7bd66caf051f276e0ec52a4359a6b6c4c0d5a84e4528f5220c67e49f57f309f497d8da3edd25b39ff328702a
-
SSDEEP
6144:Yen2ej43h1ghTADBNh3tc3KVJ3crl26aXq+3+U/V:bn2f3h1gEIaVJ3+PUq+uU/V
Score1/10 -
-
-
Target
data/App/x64/ASIO4ALL v2/asio4all.dll
-
Size
115KB
-
MD5
de9b771e11a5800254354124e16856ee
-
SHA1
d86ec1217077f65bdae1bc207ba16ad5ed98feaf
-
SHA256
f53f755e8ae24f9e6d1b925bf32702cf4bd0a92511f87d6c3503830a1fbef9da
-
SHA512
ea0c022843997c05d9d542479dc8c32e6df9bb0e936b1d3e12aeba3ee46b45cee059e640bc0fa777535befc1cfb9d08cddfc32c6090999c19a4171cf479ababd
-
SSDEEP
1536:ZvzplGOrgSF1HpH01/n8Cx3TzN9CVmkcu32hl:xJjeRDu32
Score1/10 -
-
-
Target
data/App/x64/ASIO4ALL v2/asio4all64.dll
-
Size
142KB
-
MD5
74edb1ea4bee5a60a683b5bb801f3574
-
SHA1
55b62e45e7cf3e4b7255c1f3841c886394c8d851
-
SHA256
5564e99ce1d0ec73e762156af09e3d22bfec7af6f1bdcabe81e64825c7ca53da
-
SHA512
ff6b8ff3f7f68e2700591991a1b862b2c3311a349c27c0facd0a0277c6394e905162f0637ab48eaa94515af29700d2031838cdaf997f7d6c0d521e3a20114266
-
SSDEEP
1536:DbF0z8pabtCmKHCZm8d4vzi7YetKrZECd/dUgRqXxJkCVmkcu32h:vJ8d4m7YrZL/y1Wu32
Score8/10-
Registers COM server for autorun
-