Overview

overview

8

Static

static

3

Virus.exe

windows10-2004-x64

7

disabler.cmd

windows10-2004-x64

8

enabler.bat

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RISE 6 CRACK 169% no virus cerebrus.rar

  • Size

    16.5MB

  • Sample

    221227-nzfp9aaa7s

  • MD5

    63dbc6fe48f66d66214c2b6c93b60fbd

  • SHA1

    4f92db404aec1f3497dbc9d226eee3a318a0f972

  • SHA256

    90e43d5ef6bc5d851393e5763ca7a671c0c8d06e88f214c060e14259d210909c

  • SHA512

    f9e4d99388b6ed1391c2a4fd3ab68ce2e769e9092359eead6f7849f3a952a7c68ed951655ec8f1016d7c7eeddc7016c2033715c5436ac6edebc48c3a1a4c4bef

  • SSDEEP

    393216:SJnM0Gk0e4TLr3yVjcS1JHev4wyjk1FGaTj0Lec2:SJnjeTLut1JHAyj4FYLec2

Score
8/10
discoveryexploitpyinstallerspywarestealer

Malware Config

Targets

    • Target

      Virus.exe

    • Size

      16.7MB

    • MD5

      f06f5a8f50371e478275eb640edfc713

    • SHA1

      525735b47003796e79d1c90af51fa74cc726ba49

    • SHA256

      9b398deef482f76973e7c03921562621b4fc989a9f64db43b3be50f37f63f4a2

    • SHA512

      3625981549e7c0b7bbd3ab6c35bf29f4e24b9d932257640f583af3414ac56d638300fce37e8e839fa515d09cfd742a6628b09b91875dc2047dc436cf7412c2ca

    • SSDEEP

      393216:nxdyJhoonQLDdQuslN/m3plVrAZYCuPJOmuSeg09BJHdJgp6bBc1JE:nzyJ+UmdQu4KlCJuxdfz013g2BMJE

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1

    • Target

      disabler.cmd

    • Size

      7KB

    • MD5

      4d42361b0d6e220010df143d52c6b80c

    • SHA1

      96eb313cac61b03bbc09c68b58f7b21dcab66515

    • SHA256

      ff15868d8299c75dfa3eaca43f248a12d53384685f3336055a5fddc883957435

    • SHA512

      13a44432563c170a674646052c09e59d27066ddab9b753f966ba42868a7b8445cc3310f62907d0dfc8760182f87c10237272680b1f349d46a5134f83e2cc1928

    • SSDEEP

      192:WtITvAcmR2bxKpgFQM3wYsP9+99ayAqnuMttcRL31w:WQvAcmR2bxKpg+M3wYsP9+99ayAqnuMz

    Score
    8/10

    • Downloads MZ/PE file

    • Drops startup file

    • Legitimate hosting services abused for malware hosting/C2

    behavioral2

    • Target

      enabler.bat

    • Size

      1KB

    • MD5

      1e5e70204c739cf66c27f018075f7f33

    • SHA1

      ceb2059a2dec9b2b8d47ef339b88e686f38fd25f

    • SHA256

      5b769dc0b1130e921a2e8ccf80410504dad33f39d859df8e1b939407a4de50bc

    • SHA512

      1b7286435484712c90a4d7bf27a1f0e61e7f52b9c48a09460ce290bff1c0ca8a0079b63182546955215f528b6aa3d729dda63200951909dbec5a6eb3f80b180c

    Score
    8/10
    discoveryexploit

    • Executes dropped EXE

    • Possible privilege escalation attempt

      exploit

    • Loads dropped DLL

    • Modifies file permissions

      discovery
    behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

BITS Jobs

1
T1197

Privilege Escalation

Defense Evasion

BITS Jobs

1
T1197

File Permissions Modification

1
T1222

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

2
T1102

Impact

Tasks