ba56d69c27026d8bc2648b47b6da8491c373d32cb0454d56ba2055c5b2509684

Sharing

Copy URL

Twitter E-mail

General

Target

first release.zip
Size

12.2MB
Sample

230210-xd7raafb3s
MD5

fab48aa23dd7ff87a6b0d2e708a0c8ef
SHA1

14e8cb055e86b6aeea190dfd61ce4bd092342ffa
SHA256

ba56d69c27026d8bc2648b47b6da8491c373d32cb0454d56ba2055c5b2509684
SHA512

c0cf1d90aef43556e19b997eb3fc944ae9997a31b783077ec1f24fe4e146e7b9e7a97ec044f1db5563a1eca698ab0dae38b39218612e3a24a9863c7db167cf51
SSDEEP

393216:b1S2Q1DbgK8EYbHO/mLfe25NPdJxCAJKv8U:b1I1wEYiue25PJMl

Score

9^/10

Malware Config

Targets

- Target
  
  first release/client/Dream.exe
- Size
  
  11.0MB
- MD5
  
  726f20dbd7ad8911d0e4e3641d6169a8
- SHA1
  
  ee692681ba0ffbb2671bba80a9fa4a01ff104889
- SHA256
  
  a5fd61f34eeba9e6a949a11be3b7a736c9c904978261cdd422181b34746d1d8c
- SHA512
  
  a1d37e5f845d93ae064158471244f472a5c1908cd370605aa9422f2ef4bdc908099ee6697cbd87bb78bcb2dd7f2001b5a705b35da7a9788df39af86f30890126
- SSDEEP
  
  196608:0uCcEILkwmDkQ4aDPWMac1CGuEEyG2hnDpdM8Bs1pXjZpo8pHDdCwJ6wuQ:0uCZCyk4fd1luKnDpRMtoUj3JzuQ
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  first release/client/injector.exe
- Size
  
  38KB
- MD5
  
  791139bb526c7fc6f35f5a35e366460c
- SHA1
  
  230e6531462f131779231b7e876323b0d3f3bd03
- SHA256
  
  c9c174ae7c2ad864c42bdada8543296b6d7d2a828b4986bd6aa477431636a18e
- SHA512
  
  1c664616f4bc2357d6990760c17ee97f2f3406fba78610f52e000e3ff0ee9061481ab6b80ec0cd9b522fcc4bfad0cfa96fe10f43e6e916e0b72b261540e0dcf8
- SSDEEP
  
  384:AmqwTrbZ/CH3l6VdIlrlBM+w+8vmtf9HI2+bGduw1kf+nAyiK9y4WMsgcjZSUSLf:AQTdC1ZwGSde5W/9SeXygWSjt0Gse
Score

1^/10
behavioral2
- Target
  
  first release/client/vroom.dll
- Size
  
  240KB
- MD5
  
  7f0fffa941f0023e712e206f41a0a007
- SHA1
  
  a94bf2fc9b5cb4905f1c7aa48264691f9b6e989e
- SHA256
  
  afef6425e53b671cf3aa440735c91ab3d467f1d95cd7f0c77eefe4f01bb97379
- SHA512
  
  0cbf98368eaef48bf6258a78b2f75d7af0529b87870c068486612cf0c845cd26032221e64ffa0b89aae41d55628be31c9553eb870b059df81e1378e495a50ab5
- SSDEEP
  
  3072:OHoyJqA3Jq/06BfOICuOyi2Pqq/+xdAerJgGsLByxX5OpoY46yvkve6jTIoBWa:OZqoJ006BmhuOyixqoOeyZoh+IoBv
Score

3^/10
behavioral3
- Target
  
  first release/dashboard/index.html
- Size
  
  65KB
- MD5
  
  e5dcb26037864fc566bbcda10ccb0e1a
- SHA1
  
  46a8cc89002d56e8adc99b2926288e760a3e1cea
- SHA256
  
  93ff430da563603c4456331915b838619f254aa9d0d827d623a5d2ad6aa2deef
- SHA512
  
  99f3ab876b7e0b7e67975cd827a47c4bfcc0182c0b696a2b4cb1a21cc0a98ef2436112b9953a876c12b189085791d1eab3b3db5d303c8efd05e6736ac05b930f
- SSDEEP
  
  768:ZVHDzuDYrUslKetSgSHSzS2EcQehnSNKLA6JTKedP:/WDYrUcKeJEcQesKL3KedP
Score

1^/10
behavioral4
- Target
  
  first release/dashboard/static/js/app.2b8ee4c6.js
- Size
  
  74KB
- MD5
  
  a9d45b39997b21486abcd72d98bab157
- SHA1
  
  d42778e8104898fcbd09492a51daf1e4642c46fa
- SHA256
  
  059ac8492ad78183dd27847c3641180bd8a8138e324209c67fb48371b191a587
- SHA512
  
  d1927c2a46b691b7904b3aa88df300524f403f26dfb01ecf8a2635823568488ff5ad18ab26372a707b01f5e2142f244aa1533bc963645445f799b86655055872
- SSDEEP
  
  1536:LNh5BwBPWON8Umr0g5r+uyrMGToELA/ST0DBV1w:6NtjMhw
Score

1^/10
behavioral5
- Target
  
  first release/dashboard/static/js/chunk-032c9c15.2ef02ff5.js
- Size
  
  5KB
- MD5
  
  4bd842896eee4907d65be958d0a80dad
- SHA1
  
  120ebdf1d7c64717af5b869d26fc98493d2dc6a7
- SHA256
  
  59fe6961d6a67b157bcdacc5c8718209467af27176dca1b73c7a1c45ddbf55e1
- SHA512
  
  89ad3f57e28f1f66b941f45face6268545ad1086a7c236feed0da5b7c1dd9933307b40cc7c702c7ac3525916ccd028fe57eb8b0f72e4a1c230cac990c4ee9bed
- SSDEEP
  
  96:2TJchP/xsGJVFnlTUBg7MBNtid4n7u0DL+mL0rfYi8uF4t4CMGCxh:2TJAPps6loBoM7tiSr8v8Mzxh
Score

1^/10
behavioral6
- Target
  
  first release/dashboard/static/js/chunk-22405cfc.f311c6c2.js
- Size
  
  15KB
- MD5
  
  b0362e81d2f0a394f7d75d40f1f7c9bd
- SHA1
  
  ca8f19fb2885a3409ef1e24a798c77457ed07729
- SHA256
  
  b9788c070f4f93d1afbfa36df087c692e4d1a409b07e1dce9999bba547d2c9fa
- SHA512
  
  3e5646d712d243dade104cf83b15b04bcbf058030f063294f348db72b8c1d10cee25818f9f475c0a504b8f6c3902afb204f784babbf4a0199dac9a99bc813c70
- SSDEEP
  
  384:VcXQUFYhVFoQ8AGTG/O+hAKUW1AWEjC2h4g7JteRCz7ORo2teXETd+bT3w:VURFYfFHDdAKUW192ag7JteRCzKo2teG
Score

1^/10
behavioral7
- Target
  
  first release/dashboard/static/js/chunk-24a3044e.8621a139.js
- Size
  
  6KB
- MD5
  
  e582ba34825dd20e7e23bc7714742923
- SHA1
  
  b1c53113c85b964aa016888cbac86053d76baada
- SHA256
  
  010cab716ab0b85fcffd9dfc828ab875c8356439521df1b93ab1452330a718d9
- SHA512
  
  6cf0d01fac056974b4f097a0428ad2aeb151601ca4fce19c5e29e78b3e66423d152310371f62dfd4d8782affba86bf4068561e1892831d626a532646dccf8472
- SSDEEP
  
  96:D457L7NDutgfVsGu81SbGT6nqQAs9MdroMybU4cuLlR2t5Uv:DA7L7NDgwBu818G+nQGMdMMy75v2vUv
Score

1^/10
behavioral8
- Target
  
  first release/dashboard/static/js/chunk-3eef3288.862d7f4a.js
- Size
  
  186KB
- MD5
  
  f578602b42de1712895205dbed42a2d6
- SHA1
  
  92508a33867dcacd0013790695c23671e1bbe96c
- SHA256
  
  d8672024beaefc517e09e1b3d0e922351fafa8a068068541471ff8c83b31788d
- SHA512
  
  b2e8f21e6e3d3def824a31fe8bbc132bb5daf733b60f107201112280fc2b12af9fd8dab359135fee80cd629c44117407aeae424dd0f39edee2b8e145394bd509
- SSDEEP
  
  3072:rVC7VXSFgT5ezG+0h/D2a4qT4MjK0FozipdZKSJazqx6Av30qtFbBmPrahrmpkT:rVqVXSFgT5ezG+0h/D2a4qT4chCMdZKY
Score

1^/10
behavioral9
- Target
  
  first release/dashboard/static/js/chunk-4e17a028.12eda3ed.js
- Size
  
  29KB
- MD5
  
  14665642dc00013b41fd22c52753fb1a
- SHA1
  
  3783e9519fd4cf3a992fc3043cf6f9ca16f49917
- SHA256
  
  be2340227e254245d1b81ea5fc20f8944a4f55e577d20def910b736835593071
- SHA512
  
  4b6e08ea59a718de1f9b7d307e19b70f02813c8df1bb324f0c30f99fb2eef597d8acefbe0f537170537a5cca62e76f717aad53f4efc31976aa7842216404469c
- SSDEEP
  
  768:TFVLobSugLs7QNzMo6BckI8k71JOS3uEeB56a8Cli/n9oCCGfHZR4NNS5:Pvwc98UqMwo
Score

1^/10
behavioral10
- Target
  
  first release/dashboard/static/js/chunk-68855d7b.29aac2cd.js
- Size
  
  17KB
- MD5
  
  556a4c92af31cfa139fd500b138b3330
- SHA1
  
  aecb9d5814ba747fb1a7046a8a37add29c259996
- SHA256
  
  9d1e22561a5f3fbfaf406f189c49ee4d8c9255cf27f44a0e3fb1fac330a77049
- SHA512
  
  b34d8966c1199ae0ddf1713e635575c8dcfd182b880d9d18adee55049d8610446b1dba98a79ea46858032daacd24aee481ec056340abfb9994f8ec989edc8481
- SSDEEP
  
  384:MoItYC4zHAQvVPhZ/hIOWR5ZRf0xTwudeE9CNgxWp:MoIi7x/hIOWR5ZRf099CGo
Score

1^/10
behavioral11
- Target
  
  first release/dashboard/static/js/chunk-695025fe.a88436c6.js
- Size
  
  59KB
- MD5
  
  83e2e004882bacd1548a66f096ef782a
- SHA1
  
  1dba9adf5f76c8613c676f584ef26f2af7ea6aea
- SHA256
  
  c5493346e29d9e75dc54e42328459d1e959bbf4e7ee4874054f5a7e0625852db
- SHA512
  
  d1b7e0e0592c7c7075da58bd8beb83d236db656187e0c256672d89e008b7921d746693428aabde34ebed86620ae2063a719c51d11a0407fa380355b4493b1c0c
- SSDEEP
  
  768:mutWW/2I2OOrp6+F17HciKgQOXzwGnLHj2IwOCXNh3ShXMqsFciWsPp:HKI2O9I1wiEOXYqmhCa62p
Score

1^/10
behavioral12
- Target
  
  first release/dashboard/static/js/chunk-a69d7bba.1c4f2927.js
- Size
  
  4KB
- MD5
  
  59d4f592bdd83775bc3785ba59e6e5c8
- SHA1
  
  36943877f564795439fce7bc3d641e8bfa059796
- SHA256
  
  0fb28ca19ffd63a949872695aba0d1959f4522463eaf20ecd61c4ce871e31147
- SHA512
  
  bec0ae29d08fea292fe28e77f2063150371d9c2fc21dadc9dc38f843ca01358eec3696ac8644695ccc78ed239f190b50402baf246f28da005ab2d5c9ccebdf91
- SSDEEP
  
  96:vcNx6rWms56EUBgNedt+ykI1TRIo4TarDAjBCi:vcXGWms5UKuNMUkCi
Score

1^/10
behavioral13
- Target
  
  first release/dashboard/static/js/chunk-c7105d2e.9ab0a563.js
- Size
  
  13KB
- MD5
  
  7e71ba39e66524e0c0ad6eb07bc88096
- SHA1
  
  f0cf238245212e77c27650f63320ea56a78fc283
- SHA256
  
  02ca00eec337f9345981c6682526dc5c7e4d9af5043793ecf37a0701e74b4ccb
- SHA512
  
  24bfcc4347ff39e8ef58a4f06f2c19732b7f7599aab6de65e16069a4cd5efa06e2c4192eecc4fcaf6770c208f412ac80e34a4119ca0c192d81c0eef6d8fca8bf
- SSDEEP
  
  384:m26PYecx+XuVdqc0006j0pN0Hi04a0yW0k0V0D0ZZp3GrjXC:m26PYecx+XuVdqc0006j0pN0Hi04a0yt
Score

1^/10
behavioral14
- Target
  
  first release/dashboard/static/js/chunk-caec2872.8d3ccd05.js
- Size
  
  5KB
- MD5
  
  2a864e847a1d1e808fbbabcd0d0bf97e
- SHA1
  
  75c3687c872ed0e73aefa0a823592e2548bbf402
- SHA256
  
  05c2897af0e6fe5043e85b25e0c39c9475034ca960d51f78dfba9e1216e154bb
- SHA512
  
  838cf56e9f4b641589006d3f93fdb85a029a0918479d712371e7447af337edde5cf38f2ef2fa28c9567d5af9875a327d5697fd2632c91880a209ecb070d89270
- SSDEEP
  
  96:N8KBBydiP4ibDOPyMtlSvFJTgR5feGSWZQigJ:nBBrAibDOP3cgnf1ZmJ
Score

1^/10
behavioral15
- Target
  
  first release/dashboard/static/js/chunk-cf066fea.108091cc.js
- Size
  
  7KB
- MD5
  
  3e6d2c1d2370207c2c3e0678c0546e39
- SHA1
  
  9801e541626514f3816ca9c97915038535e9d00b
- SHA256
  
  a5477325b914b6574edaca3bd700a133bede379bc3be66147e62a0af31ad2c31
- SHA512
  
  46ab4dfb3b38df96c8ac1d69378dd25d95a241624f97974e85606c538655a8d1ab6ee84a5b3caa061b71ec41bc4e4815983f6dca523fb9a24d4b2d284b90844b
- SSDEEP
  
  96:8nZm4dMDXTVDh6MUYX2rNAVlF30CC2eWSETCC/Zfgqpu6bBtyi2vSWYQh70b:1hDjVDASzlVgWSEZ/ZoqEqn2vYQh7i
Score

1^/10
behavioral16
- Target
  
  first release/dashboard/static/js/chunk-vendors.9ba20ffe.js
- Size
  
  303KB
- MD5
  
  7bb6a22e4a566d02adc4814b09f7e2c0
- SHA1
  
  f203c0c64b05f3dd71ecb567cfaeae28435d0937
- SHA256
  
  b1e711b4840ed72449c1774a71669b3556c2d2eaa3acf1ca2a884456c9eaa3d5
- SHA512
  
  bc436236c9b8825012c7ac0a4b5be9069b8910a38e5c5aee442742f62a4d575791a7b1057996a26b9234ce73f03d4ac7fede564c2ebe88d1ff5ea06440d13e10
- SSDEEP
  
  3072:5kldJc08Tv2QCH2awSGrK8tMJaYOTK9ksZ6YObucC7bdRhrL/Bf:5Ocz2QlBSGrKgKaYoq3uubdRf
Score

1^/10
behavioral17
- Target
  
  first release/dashboard/static/js/group-admin~group-tickets.1919adc1.js
- Size
  
  22KB
- MD5
  
  a5da91cf0751719db61bd176ffa4faa9
- SHA1
  
  54a8446bf38ac62fae5c8cbabe69e1f480683e5f
- SHA256
  
  94f78a52e796792b739b5365c1eeeb7f56132c99845a81e3ea4db5662ac3c5d3
- SHA512
  
  3f1004cc30408aa06d21cfddda5ec07a3b3fd665bd1ef1971c10c51876c72a5061b4394c400cb0f84ba73bd5f439976388dc2ae61321305769b8ecfdad2b508b
- SSDEEP
  
  384:fC3b3bPCH8CJIxaGF4GCgIr4ikT5EsVbuZ43TiiVcUGAkL3qVlHsp:fC3b3bac1xaGWr4uMbq8TijUGAkL3qV4
Score

1^/10
behavioral18
- Target
  
  first release/dashboard/static/js/group-tickets.e2727de8.js
- Size
  
  25KB
- MD5
  
  96da0fe46c338405c7be35d0ee93bf5d
- SHA1
  
  4a8e83213f2cb4effbebce7c720a58f62fa70518
- SHA256
  
  8160f58dc53e11eb8347b9592cda71b971b951e894a1568087502832b87b3b32
- SHA512
  
  ac1c976766af8ecf5c81c946d471bbf7ba893a86809eceb7ef7f4d8fb557bcfe51e145bc760bbc7c93ea82e8d5c4c919c374c7d2d6c8193228d0ea80451efa71
- SSDEEP
  
  768:YbPJBo6dzQ1IN0IJ97okfyN71gcultuxCFQ:cODwIL
Score

1^/10
behavioral19
- Target
  
  first release/install.bat
- Size
  
  42B
- MD5
  
  ef5a33dec8fa0ed991bf0518eb253d0f
- SHA1
  
  a4d9c63de2fe6008671cb431391d7203792c5495
- SHA256
  
  f6d0627765ae09e9cec83bf50f45bb94115d836aabc5d290ca628f13b8a250b9
- SHA512
  
  f52cc8fa5adb0482783cfb62b50c738ef19b63acee91549f53e2ca238b4ef0def094fc6b72f93a0cb206a4fd632c75257f983a0c26912d84a71fe4be62a78f8c
Score

1^/10
behavioral20
- Target
  
  first release/server.py
- Size
  
  36KB
- MD5
  
  4a5a8191e82d703f4abbb36df03ddbb2
- SHA1
  
  190900fe624511b5d6e3ea76f48a10fa7477454e
- SHA256
  
  0bff0c55cfbbf0b936cd5d7c25a28e84893b256a509170984350d705c73233a0
- SHA512
  
  6904920e44efddaae9ee4e6c256459f044a73165324e5f02c8decf56b863d85c91da019864e6ded348ae6e53b2753d50ae47072dda2ef108ce344c6c48022f93
- SSDEEP
  
  384:+sYUUOU8iTn5b7IIiz+1s1WVxhIjaEnoLeiFdNNr6YmpEUhcIgD0:4UUOUnTx7IIiz+1s1WVlEnoKC+sIl
Score

3^/10
behavioral21
- Target
  
  first release/start.bat
- Size
  
  23B
- MD5
  
  b5d8578c278dbdcdb08b018da5abfd79
- SHA1
  
  48da780990f493ee4a26eba5070becee2d6cc6ed
- SHA256
  
  1f596cda734e01cf85abb4fcbf86a916406dfcc1cb10367cf273840cad7a5dcc
- SHA512
  
  62e08dfe71aabe2452273eb8027c3893ed7cc50d00a3a4b5afa40509cd1e031193b17bfee8e2a9968d1a2e80c7d54b36cc0d4332643ccaec488cecec3938cd8b
Score

1^/10
behavioral22

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22