Malware sandboxing report by Hatching Triage

Sharing

Copy URL

Twitter E-mail

General

Target

ReasonLabs.rar
Size

185MB
Sample

230315-24qb5sfg86
MD5

ba1ee6a73ba3a4b6c813579681fd81e5
SHA1

e96394dd6a0b471f4d6a0eaa882a2599633ecf42
SHA256

ba0f13322211b52802b5876273575b36f7b5623008b5ce6eaa535788cb3087cd
SHA512

19d13d1483917c0aec06f908defdeff8b51d5c77d3f1da53ff0d00c71f7ed29e54bbda6b7381e45fcb19d110cdc83afa0d0aa2d809b25e53f506f4fedba36cbc
SSDEEP

3145728:O5R1HQlu4Qw7sUDsZgx8Cr1IjhxV4H6g9Oy0fA0smh+HtSicTdEK5oI7ll:O5jL4QRWsZ+F83TuOvf5h+NSBpEK5oQj

Score

9^/10

coreentity

Malware Config

Targets

- Target
  
  ReasonLabs.rar
- Size
  
  185MB
- MD5
  
  ba1ee6a73ba3a4b6c813579681fd81e5
- SHA1
  
  e96394dd6a0b471f4d6a0eaa882a2599633ecf42
- SHA256
  
  ba0f13322211b52802b5876273575b36f7b5623008b5ce6eaa535788cb3087cd
- SHA512
  
  19d13d1483917c0aec06f908defdeff8b51d5c77d3f1da53ff0d00c71f7ed29e54bbda6b7381e45fcb19d110cdc83afa0d0aa2d809b25e53f506f4fedba36cbc
- SSDEEP
  
  3145728:O5R1HQlu4Qw7sUDsZgx8Cr1IjhxV4H6g9Oy0fA0smh+HtSicTdEK5oI7ll:O5jL4QRWsZ+F83TuOvf5h+NSBpEK5oQj
Score

3^/10
behavioral1 behavioral2
- Target
  
  ReasonLabs/Common/Client/v1.0.7/LICENSES.chromium.html
- Size
  
  5MB
- MD5
  
  5201488d4139cb6976431b6bc6026e49
- SHA1
  
  566969157f998749e3c6b4ab6ac35097ea3a9df8
- SHA256
  
  5933e91a3978bac616a0cc85e67833a17cd44b7e4702c074fe2a641e0baa638c
- SHA512
  
  5e70a1056fbe49eb3766baefe0329f86f2c0870216d9e51dcb7849e3a0a8fa1e3e13bd66a4ea776e652e0e80bd540d700c9e219cb29b10c38146c67c31b7abb0
- SSDEEP
  
  12288:FetnJnVncnJnkncnpWQtnwn7n9nJnCnZnGn3eQSnqnBnununFn/nwnJnqnvnOnqi:nPDt5WXWSNkbfwVR8mfJvwH92EdpV
Score

1^/10
behavioral3 behavioral4
- Target
  
  ReasonLabs/Common/Client/v1.0.7/d3dcompiler_47.dll
- Size
  
  4MB
- MD5
  
  bf025b9d99c56903da03c8dc54ee9c5e
- SHA1
  
  09bd05e4422ea52ba57714a36786d0d65c888bef
- SHA256
  
  ef370bcb5bd8e6595e2e28136c15dce70d71e49c955a3692df121bbfc82d7ae8
- SHA512
  
  97e097baebcafaf08f69ab1ee45dcf2872b9ec1d7d9cf53bc9586920f9736c5d9ce4f9abd54aafb308302b3164fcf43e4f5857444ef9060c4835dd4ae0615605
- SSDEEP
  
  49152:QuhjwXkKcimPVqB4faGCMhGNYYpQVTxx6k/ftO4w6FXKpOD21pLeXvZCoFwI8ccG:Ay904wYbZCoOI85oyI9
Score

3^/10
behavioral5 behavioral6
- Target
  
  ReasonLabs/Common/Client/v1.0.7/ffmpeg.dll
- Size
  
  2MB
- MD5
  
  051361a922f5e30ffd0fae77718fa33d
- SHA1
  
  c3731333c4bf8de86f5c2e8d23445bc13a1d907e
- SHA256
  
  f3e0bdce2ae787f6b7f39a7ca512ddee2be0b8485dd95e356444da47b839f6f2
- SHA512
  
  1f880f90125438722a69c8f32de07530766c2fcfb2a40f7c115e5381b938df4d59e8749474a062e93de83d7cd503ecce919d358379a6adc90cc67a6ff4ce9bf2
- SSDEEP
  
  49152:+8qdAmBRsEsA2lydpsV2+ulbCVCbBdRXLvPznKF76ayToQVNU52kJ8dj02bfUCfh:qdZB6ssV2vWCbB7K7ryToQVNU52kJ0UI
Score

1^/10
behavioral7 behavioral8
- Target
  
  ReasonLabs/Common/Client/v1.0.7/libEGL.dll
- Size
  
  475KB
- MD5
  
  743c68e46c35c66c902d1ba96532b110
- SHA1
  
  8aae3c89137353ae891a64fbc15235d4dfa78f08
- SHA256
  
  9ba93a8411c0e86853f9ec129f345a113eb740b0bc02090f3ba8da890949c035
- SHA512
  
  16f1c2704860c0960ea138b64b6c000d33afe8f47e38d0df0884619e6c0582e06704c6193f71b43d9ba696e2b190751c3b5842a8c32f7f3c2f9ada244f69dbde
- SSDEEP
  
  12288:xKEcTs/jvtGCIb/BI/CLPzxk7wmrj0wkS:4EjIb/Jxk7zrAy
Score

1^/10
behavioral10 behavioral9
- Target
  
  ReasonLabs/Common/Client/v1.0.7/libGLESv2.dll
- Size
  
  6MB
- MD5
  
  90dde6b1c9da6ae4c851114d87e404c4
- SHA1
  
  90feace2d0e3ba8ad73369457b559e32e6cca02f
- SHA256
  
  ead8ee25c204db0bb0c5eb3872056f27803349196b747f69deda5cbfa6da576d
- SHA512
  
  7b9a6672847913c66b808be5d438d4083502fc9d0fe1d1665dbbb835de4ec2aaa0cd1279b7606f2f3c4ddc29a24a257ab40aea231f14a2ac48f5f9451a26e047
- SSDEEP
  
  49152:q59vei/JY5TCnQZ3/nWhLl/07TlVMpDFR96PEtMHPZO926fbFbtf6sgylZy8Y2c0:dZ/WhR/o2Yr8rAjWedDUVm2
Score

3^/10
behavioral11 behavioral12
- Target
  
  ReasonLabs/Common/Client/v1.0.7/resources/app.asar
- Size
  
  1KB
- MD5
  
  dc754ac5a63e59f01b3d1c0a4b4b693b
- SHA1
  
  a1c3756553befcf3a4200152ed7e6596b2c382c5
- SHA256
  
  87ca2733672b6fb902ad2b5889387ac4dd5fd2a679f897dbc2fc97f0b62b797c
- SHA512
  
  432270d6e1f8c058f2bd3f42198f01be149790ab2bdac377d4ae3c1af768e78ba437a2efb787e800437c4393c268d965ddd412f67d1541ac49f0fc0859e20529
Score

1^/10
behavioral13 behavioral14
- Target
  
  ReasonLabs/Common/Client/v1.0.7/rsAppUI.exe
- Size
  
  141MB
- MD5
  
  3cd56aeccaed5f98254b130a237e0bbd
- SHA1
  
  5723bf6e3d4ae2a26bfc4d45a68d88b92060722e
- SHA256
  
  5ad38f478c3812460233cfd6d1827ad09271a77b334dd3b3601c2d81cd5cbe4b
- SHA512
  
  a3216336a072e2b14a59b420950f8146d4d40ca9c680bc0923f3a3329295a14873b8f82b02e36a8c39cae930f472a48728be003db4710cffd1fa88c4c2d188bd
- SSDEEP
  
  1572864:d3K+SXfo9UK9IyLy4755ZgnAbYFt49e48NmeFH57eCQijD6N:p/SY0WyWbY0KPjjeN
Score

1^/10
behavioral15 behavioral16
- Target
  
  ReasonLabs/Common/Client/v1.0.7/vk_swiftshader.dll
- Size
  
  4MB
- MD5
  
  eb17e22624bcf2488a15d69c8e3df1ee
- SHA1
  
  bceb962f5c7ce56805c40cbe198c7360697b01c0
- SHA256
  
  121c6dfabc1e761fd0fe6e60a7dba7c57667348ef40c2dfc3481977e74bbea31
- SHA512
  
  ff35e3ae7c2c8d22d6d85f1ae88d7b96e13f9d0ab47dc56c6b88e14e9af7e36404b6398315c0f62682931743e13d96a071279dbcd74cd13ea7a51b1171635ad4
- SSDEEP
  
  49152:uO6IzWGejMxLmo/FxJga4kIKvGtY48loR/ciu4skCDC88PF/VoQ28iasG+Stxf+a:57/pEEkSUwsNYFds
Score

3^/10
behavioral17 behavioral18
- Target
  
  ReasonLabs/DNS/rsDNSSvc.InstallLog
- Size
  
  669B
- MD5
  
  e37047bc247256654b02753da7426053
- SHA1
  
  58c67d6554520543f82a9107689caf305728f88c
- SHA256
  
  001410b9d4a97411e00201fe23582bdbde9333852edc43b3afcf6abe2cc048dc
- SHA512
  
  5197a43f5c3b440ac3d66fa0ae830565cb4677336b0e5cb9480d66ef46d15866dc42187c8d5e17ce8900b8a698c19e89cdbf8a7021be923765e607334fad97bc
Score

3^/10
behavioral19 behavioral20
- Target
  
  ReasonLabs/DNS/rsDNSSvc.InstallState
- Size
  
  7KB
- MD5
  
  362ce475f5d1e84641bad999c16727a0
- SHA1
  
  6b613c73acb58d259c6379bd820cca6f785cc812
- SHA256
  
  1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899
- SHA512
  
  7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b
- SSDEEP
  
  96:R3DrP/zatgCnNjn1x62muDr9aHmzcv/65m7JDcm0BefnanGEkn56vT4ZvR++JDr+:NexdYX7OSRjXsaA0Ndhi
Score

3^/10
behavioral21 behavioral22
- Target
  
  ReasonLabs/DNS/rsDwf.cat
- Size
  
  10KB
- MD5
  
  e026bd7a24cbd3f72c403e4263060ef9
- SHA1
  
  b6c5ca836a9b20694258619fdbfaedb79abe4865
- SHA256
  
  591d04f9e2d64b3f815868e9e55cdfc4864967f058de1aca63b73d98daabc563
- SHA512
  
  dbdaebfef6e4e75c9c83cc685b9e344bdf0c298663d1642bc2fe7b66cd2e9c4f3a5075be85169f15d973317806f5f599112526d1da0678bcdd77009cf7c83b06
- SSDEEP
  
  192:bg6clO3JC4F1agjEwOXP6hYCkZL1aqnajKs4fKAs:H5/k6h3kSlGsO3s
Score

8^/10
- Blocklisted process makes network request
behavioral23 behavioral24
- Target
  
  ReasonLabs/DNS/rsDwf.inf
- Size
  
  1KB
- MD5
  
  9db3732ead10161d3c2883160a7016e6
- SHA1
  
  417483dcb0eafadd2894037e5c8b6d636b83b946
- SHA256
  
  b31592fb0e84b1609f0ebb61b78a4fffefd481e3a1707a0170a2357d3de06350
- SHA512
  
  411b8d82e65199acbe878f6718b01ba2db6874b327c0be70f18d78a4a69ecbf89f3b9c34bc3436fdf10d9f16df933f7eabd7b976fecb15791cb1823b47651e85
Score

1^/10
behavioral25 behavioral26
- Target
  
  ReasonLabs/DNS/rsEngine.config
- Size
  
  5KB
- MD5
  
  6959fd6d232e37c35ef913e10d66809f
- SHA1
  
  8781ed0a77fc7cbb5032ae34789b0352e5d740c6
- SHA256
  
  ed2cbc633848d2aafdd1e77bb6f3b6063b721b3555bda169ee662d4362a95dd9
- SHA512
  
  4d151e3001f379805b68f4834d415c4183fc742278181229851908383b7ee934374550505ed375eda8952055167d9b01d1f461c71c704f158f056d858bcec4e0
- SSDEEP
  
  96:xIHfPPfkmXiLorwJ1OLAQbc44dhL6GlDwLr6Qi6kQwI7HDKcPFexQFXwbcdeYgG7:xI/PX0LorNA2M6GJwLr6H6Fw0ZVFXx8m
Score

3^/10
behavioral27 behavioral28
- Target
  
  ReasonLabs/DNS/ui/app.asar
- Size
  
  12MB
- MD5
  
  b26d94752c190aa5dc54af6738df036c
- SHA1
  
  901fa2ee1e61583a7fc702dd82c121f84b2ede48
- SHA256
  
  5094cae0e43818efd025a8b3f4feead17ce8ac6332ac791c05f4366e3b19f454
- SHA512
  
  309853ff8c6c71b9dedd81bff0c04db620336718457c2423209bd14300b4fdac9cbaf48a303588a0e40ce81ac91097bdd0af209ed8e1661063137535df75c67e
- SSDEEP
  
  98304:7WWhZzgQEJnn/PJEuPhrrIzmkPF6F5iyNbQ0/y2:7WWnz3EJHJEKiP0IIn
Score

3^/10
behavioral29 behavioral30
- Target
  
  ReasonLabs/DNS/ui/app.asar.sig
- Size
  
  685B
- MD5
  
  74272b81bd5fbdcb6ea44dc21dbab660
- SHA1
  
  90bac7c9beb68c3f01f54f6fe7a8ca0cd5099378
- SHA256
  
  d88f8ff2dd70f944c479d0a0f6c9edbd375538f7849fc78dd25c5f8daab13051
- SHA512
  
  8b85106b13cd2fb756ee52a2e0905c40bfa561fba2cf4a9a90a02f89e587cba69f4fb7d4050d726925bbd913481506bcc64d402cbead755b9495ab3d6d4f0c99
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

T1112

Discovery

System Information Discovery

T1082

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32