General
-
Target
RISE 6 CRACK 169% no virus cerebrus.rar
-
Size
16.5MB
-
Sample
221227-nzfp9aaa7s
-
MD5
63dbc6fe48f66d66214c2b6c93b60fbd
-
SHA1
4f92db404aec1f3497dbc9d226eee3a318a0f972
-
SHA256
90e43d5ef6bc5d851393e5763ca7a671c0c8d06e88f214c060e14259d210909c
-
SHA512
f9e4d99388b6ed1391c2a4fd3ab68ce2e769e9092359eead6f7849f3a952a7c68ed951655ec8f1016d7c7eeddc7016c2033715c5436ac6edebc48c3a1a4c4bef
-
SSDEEP
393216:SJnM0Gk0e4TLr3yVjcS1JHev4wyjk1FGaTj0Lec2:SJnjeTLut1JHAyj4FYLec2
Behavioral task
behavioral1
Sample
Virus.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral2
Sample
disabler.cmd
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
Virus.exe
-
Size
16.7MB
-
MD5
f06f5a8f50371e478275eb640edfc713
-
SHA1
525735b47003796e79d1c90af51fa74cc726ba49
-
SHA256
9b398deef482f76973e7c03921562621b4fc989a9f64db43b3be50f37f63f4a2
-
SHA512
3625981549e7c0b7bbd3ab6c35bf29f4e24b9d932257640f583af3414ac56d638300fce37e8e839fa515d09cfd742a6628b09b91875dc2047dc436cf7412c2ca
-
SSDEEP
393216:nxdyJhoonQLDdQuslN/m3plVrAZYCuPJOmuSeg09BJHdJgp6bBc1JE:nzyJ+UmdQu4KlCJuxdfz013g2BMJE
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
-
-
Target
disabler.cmd
-
Size
7KB
-
MD5
4d42361b0d6e220010df143d52c6b80c
-
SHA1
96eb313cac61b03bbc09c68b58f7b21dcab66515
-
SHA256
ff15868d8299c75dfa3eaca43f248a12d53384685f3336055a5fddc883957435
-
SHA512
13a44432563c170a674646052c09e59d27066ddab9b753f966ba42868a7b8445cc3310f62907d0dfc8760182f87c10237272680b1f349d46a5134f83e2cc1928
-
SSDEEP
192:WtITvAcmR2bxKpgFQM3wYsP9+99ayAqnuMttcRL31w:WQvAcmR2bxKpg+M3wYsP9+99ayAqnuMz
Score8/10-
Downloads MZ/PE file
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
enabler.bat
-
Size
1KB
-
MD5
1e5e70204c739cf66c27f018075f7f33
-
SHA1
ceb2059a2dec9b2b8d47ef339b88e686f38fd25f
-
SHA256
5b769dc0b1130e921a2e8ccf80410504dad33f39d859df8e1b939407a4de50bc
-
SHA512
1b7286435484712c90a4d7bf27a1f0e61e7f52b9c48a09460ce290bff1c0ca8a0079b63182546955215f528b6aa3d729dda63200951909dbec5a6eb3f80b180c
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Loads dropped DLL
-
Modifies file permissions
-