Overview

overview

9

Static

static

1

MSVCR100.dll

windows10-2004-x64

3

WebView2Loader.dll

windows10-2004-x64

3

at.txt

windows10-2004-x64

1

b.txt

windows10-2004-x64

1

exe.exe

windows10-2004-x64

3

i7.exe

windows10-2004-x64

1

jli.dll

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    m.zip

  • Size

    46.0MB

  • Sample

    230302-nkj45acc7w

  • MD5

    3c232f512c836183eccecdf29660397c

  • SHA1

    d005bf6153234b31c4581b53ded002068e52aa36

  • SHA256

    aa0f90996e9da3931786f8004bfa51a98c33e8b159ba07b688338196b2f936a4

  • SHA512

    27e762c09dab239b27ce06d7bb28f8abd59ebca4d8d6007887872cba1845ee02908e486540bb19535328b196092d493b2050f54b6474e6238d0fc7b345d5a77f

  • SSDEEP

    786432:MUYlO3yi1ZgSS8n1X33fU9eigIcRk5lt7fHv8LTXuuu64bWwa16oECDec8gN+dFB:LYt++SV53fUuO97/0VZ4bWJ61Cj8gsd/

Score
9/10
evasion

Malware Config

Targets

    • Target

      MSVCR100.txt

    • Size

      755KB

    • MD5

      bf38660a9125935658cfa3e53fdc7d65

    • SHA1

      0b51fb415ec89848f339f8989d323bea722bfd70

    • SHA256

      60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

    • SHA512

      25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

    • SSDEEP

      12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I

    Score
    3/10
    behavioral1

    • Target

      WebView2Loader.txt

    • Size

      105KB

    • MD5

      61e6b94ab6109254fbef360681f5b80d

    • SHA1

      204a5eda5fea33a56edb33b9ccd40af635a04564

    • SHA256

      446b4d19ed8fa1563b77a7f36261b76911b208af1d00a805d54e44b01ca3f54a

    • SHA512

      93fad29f13c0a18e4864ddf57aeba882fb411b84f6dff993b87295a1b5e4b488433802c2150fbf25a3132379dc2eb3aa02d836059b0ef24a2db4269eb0795a9b

    • SSDEEP

      3072:iTC3F6JkULenwAFqz5pV3+Zqocv0T+EtO5pf+gMl/1:iuV66kL5pjxEtqpWRl/1

    Score
    3/10
    behavioral2

    • Target

      at.txt

    • Size

      3.1MB

    • MD5

      5f8393c7aad567104706997c11f2d3d1

    • SHA1

      6d771013076c5fd0e3304705962129c49623979a

    • SHA256

      c65257696dca0b221ed855b8f84142e3fb9fc5b8d678bc871105f33766b888ba

    • SHA512

      caf61427bf8bf5792389231ee54ff89fc3095abe682f26a73f2b55daebbcd22a257c6b387df3d3d469411bf00fe4f7e224730610850109c9f7dded5664441e02

    • SSDEEP

      98304:geOKASNA59RnFTlcfR+qoQEPXjJZb5i8eAJQP9A7g:geFAVI+RjJZb5ijdlA7g

    Score
    1/10
    behavioral3

    • Target

      b.txt

    • Size

      23KB

    • MD5

      1a7a6bf11337f0de5ba28ebd93afed06

    • SHA1

      c5e6ffae9a8edc7fe4620a61d23f387b06ea63ae

    • SHA256

      c62acf95bf44552f63a3dc44616869c1c40475b971182f52606440b0eebfbb21

    • SHA512

      d7f93a1d44b687cee76a3982e935ff6e8e487db8d72b77d22022e6e46bac0c5ffe74cc613f5761b3ca33157a3454a9c8039c11e7c8f5f546795bbd13478915a4

    • SSDEEP

      384:MK/cBozUqKi8DsHqjFnKNSTYY0Rez/5QLkWN6vXiAq+7UYaiaeOaIfxVh+bJ/jIq:5/vUqKFsKw0h1QL7Qvy8UYP6aIfxVgb7

    Score
    1/10
    behavioral4

    • Target

      exe.txt

    • Size

      872KB

    • MD5

      c56b5f0201a3b3de53e561fe76912bfd

    • SHA1

      2a4062e10a5de813f5688221dbeb3f3ff33eb417

    • SHA256

      237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

    • SHA512

      195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

    • SSDEEP

      12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01

    Score
    3/10
    behavioral5

    • Target

      i7.txt

    • Size

      15KB

    • MD5

      4afcab972e98ecbf855f915b2739f508

    • SHA1

      615dc2fa827fab39e16a7e9721f484e7f4d34f8e

    • SHA256

      7cc34a5423bd3fc9fa63d20ebece4103e22e4360df5b9caa2b461069dac77f4d

    • SHA512

      58258f74d7e35c5a83234a98bc033846be5a65146bd992e738a8678706a18c30759bd405fbb30a296181e2f92acb0219df8979030cc45d1cdec6ac06e8bc00d5

    • SSDEEP

      384:Gpsx5cnV21mSHhV8b+lee84SzFnYPLr7aq:GpscnfS/8KUe8jC7aq

    Score
    1/10
    behavioral6

    • Target

      jli.txt

    • Size

      2.5MB

    • MD5

      cc1d1bf233e140add837f8e58556c583

    • SHA1

      c0abda8fd10d06947d66f5d23223ba56478db36b

    • SHA256

      95c8b94859d0145f1873d4a34cee1db3d84ff631bd60fbde85dd08240902ac19

    • SHA512

      621f4dbde4f208e61e79316a45a22dbac16bfa7e348f541b34712093e885625762d3922606b4983d1f0e78c3e2d7b2b04506e404c49f0a6fe0628fbbbc9413ac

    • SSDEEP

      49152:HHo7mQMMI3crq9nf+LMVbSuWcSEuEx4UmmTcdW54xl5YUhIRUc/cqmlZPIf:noCJMI3crqcLMVbm3Hm4dFL5YyIUc/cg

    Score
    9/10
    evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral7

MITRE ATT&CK Enterprise v6

Tasks