General
-
Target
UnlockSoftwares-One-Software-To-Crack-Everything.zip
-
Size
3.7MB
-
Sample
230317-zee4rsbh7v
-
MD5
b0f63f9863b60d25cf57d9feb785244b
-
SHA1
06a4a798520aea7e11a0432987e6e979937715ee
-
SHA256
72677ad5fac8a1e593ccefdbba6e85734465132b36c39b0d9890b50a4325b16d
-
SHA512
fa28782e63edc6f9401c1575bc0ee08acfe8c33d6f423d6f4df81c474b3eb584c79cd63f3290e9cc6e6cf78877818565ce065bfdbfcebaa339531fe93d76eedb
-
SSDEEP
98304:uwJ3vkwFbhmujjTTfnCB2zum2sEPvyWMVMN3XxdKGdW:LJ37Fb4ujXfnXzPEvgg7W
Behavioral task
behavioral1
Sample
UnlockSoftwares.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
UnlockSoftwares.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
alocal.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
alocal.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
api32.exe
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
api32.exe
Resource
win10v2004-20230221-en
Behavioral task
behavioral7
Sample
libcef.exe
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
libcef.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
UnlockSoftwares.exe
-
Size
693KB
-
MD5
d56f28f26a94612d1d04275070136ec6
-
SHA1
95b7ced3d9e0b8c0f35181a8378027f316e3766d
-
SHA256
36d05512e6d6485eaca7550fc63db9d52687075b24c8b242e1da062448b33688
-
SHA512
275e92d50b572aa1afb4e92fcc2c3322fec79febc278f2ad2426fd739768b86ca85483f850aa7fa7c926849f690639e8a0854039fdbcf589318be748735ae2dc
-
SSDEEP
12288:KwAwpyjN3Xz1/uOg+6Io7FXr9KEvob1vbfPsGOG7P+KN5Lu4z5unF:KwAwkN3Xz1/uOg+6IRb1vb3sGO2O
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
alocal.dll
-
Size
2.0MB
-
MD5
c0ac0367a40430af221b8c03417c2a73
-
SHA1
7d883b5094f8dd9c4b5cb96910d21aa5eba49bc5
-
SHA256
4c01ded1e8e7171e860ebe7b2bb949a2bcdd9b7aad7e5905a8f2a393670f20ec
-
SHA512
0bc0a45b6f05042dc954c507350e14f811f973aab3b170141e9349a25a71b4699f2dd41db8175107d4e5938158b5712c9971654e6d3d174853b65b92e7c95955
-
SSDEEP
49152:1gQsyP4JX/sdwSQHjnpMRGbaMfJTTVVXIMSW5lnnRoe:1WJX/cwfDpUGbzdTVVYzORoe
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
api32.lib
-
Size
790KB
-
MD5
fe7ce21bcad0d45fbe169dca2fc2dba4
-
SHA1
fa09957401fdf1945894df9ba3de07f0add6da77
-
SHA256
aa25ceab55e9673a5781985303b01d3f8fc23df6ca4a92ab9028b49e01e43d7a
-
SHA512
ef41f9e037405f4d75705fccf5f645a69a2e90f184b54b4b94f1e23379fd15d3fc64a661de8034669983f6b38a9ed764a0e3ceedd94b2446a557be5c5bbdcd73
-
SSDEEP
12288:rofqGAgi6q7KmXjiLoSiv0Salc2stfWJlWJuQvJFvyC:UfqG3tq2mXjkd3rahF
Score3/10 -
-
-
Target
libcef.lib
-
Size
291KB
-
MD5
797f15c89fc3dc9d052061202c9d65cf
-
SHA1
d67178eedd91ab53c79ded28c0fd87d0149ac8ca
-
SHA256
6a2df4801d1b40e34b9b1be91b0aaa6e49da66fd5ed09254d83af2ec86c8d81c
-
SHA512
1193098cb4bbbe247dfa9f984959a6b1237d98793a232a3ce3ca6de9976310b8e7c0b63c27ac599afcb48c14576047090b53432b8fda3c7e5d093e31ecacd422
-
SSDEEP
6144:JKx4ytgiRFFTrouqPIJMWWnOYFqLBLMuHJ4BcpfLAOi7y:tyR1TrouqPIJMWWOYluHJqe0
Score1/10 -