Overview
overview
10Static
static
Rufus.exe
windows7-x64
10Rufus.exe
windows10-2004-x64
10data/7za.exe
windows7-x64
1data/7za.exe
windows10-2004-x64
1data/compil23.bat
windows7-x64
9data/compil23.bat
windows10-2004-x64
10data/uiscript.vbs
windows7-x64
1data/uiscript.vbs
windows10-2004-x64
1platforms/...ws.dll
windows7-x64
1platforms/...ws.dll
windows10-2004-x64
1General
-
Target
Rufus.zip
-
Size
38.1MB
-
Sample
230119-sk786sdc7y
-
MD5
375da6b05826cca9dfb11378b438091c
-
SHA1
2b0ae1c1c003c6a72b74298e212673624ff45311
-
SHA256
388db9f88978c954403471f003cec9e90e2600fa3c30bed46b3877679a762250
-
SHA512
c3e2d8540cbe5a9ea2c0bf25433fd7860b8ff570494ddc608c600a5af380d3c5889061977f3ea966a895a4308db060869f77731a3f6d00844a782e89505feb57
-
SSDEEP
786432:jiI9AAmaERJvhKbbhFKIr4FPkBl2WJepUrojQHferw64SJmN6gfv4B3wGf:+2DLA4pr4FPwxb1gxmHH6f
Static task
static1
Behavioral task
behavioral1
Sample
Rufus.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Rufus.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
data/7za.exe
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
data/7za.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
data/compil23.bat
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
data/compil23.bat
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
data/uiscript.vbs
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
data/uiscript.vbs
Resource
win10v2004-20221111-en
Behavioral task
behavioral9
Sample
platforms/qwindows.dll
Resource
win7-20220901-en
Behavioral task
behavioral10
Sample
platforms/qwindows.dll
Resource
win10v2004-20221111-en
Malware Config
Extracted
aurora
77.83.173.136:8081
Targets
-
-
Target
Rufus.exe
-
Size
11.7MB
-
MD5
66da7da6e39a42cc5a59d7098d51b744
-
SHA1
5cb2b49063708ba0b2bea2f1867a7b474c827a05
-
SHA256
da35f99ce1e49cf539981fe52b80e58bdb0d6c1f8d8f9425169be1d9845e63a9
-
SHA512
ebb443e077e999f78c2bdde78cbc72d4ea70174cab171856e83bcd69471671a2e6a7f738ca2e61275e0c8fc38026a10cb8f0765014f0f5a3e997973182b56f46
-
SSDEEP
98304:cIAa/hJgvZIb8EA3qd70G8KKWzavKz4jEpfeOsUQCzCUQkmPZKpcleU:qKEv+AAQDrCzMTFnCzCUQlP6cl
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
-
-
Target
data/7za.exe
-
Size
796KB
-
MD5
90aac6489f6b226bf7dc1adabfdb1259
-
SHA1
c90c47b717b776922cdd09758d2b4212d9ae4911
-
SHA256
ba7f3627715614d113c1e1cd7dd9d47e3402a1e8a7404043e08bc14939364549
-
SHA512
befaa9b27dc11e226b00a651aa91cbfe1ec36127084d87d44b6cd8a5076e0a092a162059295d3fcd17abb6ea9adb3b703f3652ae558c2eef4e8932131397c12d
-
SSDEEP
24576:HWdp+y7/ya3yc7tfBA6rDUzfKrBxEATB:up+fa3rLA6s+/
Score1/10 -
-
-
Target
data/compil23.bat
-
Size
387B
-
MD5
4b9395348434c8f32b17feb587fbeaf6
-
SHA1
90fe1938ae399c0741e0a915fdc5fe3c7dbf0eac
-
SHA256
22bf2ac7bbd1a0a927ab40349aec1017dcd089f024126df972dd3d65e029b06c
-
SHA512
8ef6d9e51cfb9c3fe5b915baa3e799deba89d4cf308b420ee3b5d5508c45844e0684bc0e35c5dc6608f0b89803da16e6840ee2388b9de5e7b5f55767c2b64ce9
Score10/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
data/uiscript.vbs
-
Size
140B
-
MD5
43b80f54ea07b72e43ab3d7570689b09
-
SHA1
a52f34548c9ad0b1f289928c96d90aaaa16e2b74
-
SHA256
1555a8776e101b16f6177df4f257566ae0a9b58f1eede29526c709f56c9d6ed1
-
SHA512
4163acba57fa1a19bed211a253e7aa784bca2afe42e749f03d3d7eb534ec7ec0a7a77b59d17c76d45228082b837a0a3e56cc205fcc0c92e157369ed29a634861
Score1/10 -
-
-
Target
platforms/qwindows.dll
-
Size
1.4MB
-
MD5
ac584cbeb327e9d2364873f451e074be
-
SHA1
eb2d7b7f38c880ae4bc4f32c50e10e73ee15c816
-
SHA256
1fa4d2f13d22d9a859503d7b7c87ba39d379d9a14afcea7299d572eabb2bdf57
-
SHA512
4fca1fa9494799f382318d329a3040bc067d55e7cd99be6d768e975fb585f61f8c1360908284bb04c055dcf21a164464305e9255d52b1c57a0cfc49eea003203
-
SSDEEP
24576:X/JCM63NAI9HwxZ3tVuItJKLOlxrbzxTbhE3Yd3ZAX2NyX:XxlAL9Hw73aItqOPDxPUY4X
Score1/10 -