Malware sandboxing report by Hatching Triage

Sharing

Copy URL

Twitter E-mail

General

Target

SCleaner.rar
Size

22MB
Sample

230325-v1x49afg5x
MD5

249f0bf011e32752d637cda120195dc3
SHA1

2a549111e07f845530c262d59bb76246b30748fa
SHA256

e48f6b1f03bb5e4a196898df7515cd834744b60f37713e0198a0767cac6b9838
SHA512

9b692a49d6131d441e574264df0f6428780b386e269742a059c4d0417f9ed064258a3b0b85c56bcb9d0723d9401ee708a51a1f8fffce757a173a9c1facd8bb56
SSDEEP

393216:TU5efi+lgDbbKsYQfm5rdyzHJZAG2mEm6VlL3LLi6uHkVIVngHQ0cgrx8:Q5ezlgPbKs9fmfu/2malLa6uHkVyiQ0m

Score

8^/10

Malware Config

Targets

- Target
  
  SCleaner.rar
- Size
  
  22MB
- MD5
  
  249f0bf011e32752d637cda120195dc3
- SHA1
  
  2a549111e07f845530c262d59bb76246b30748fa
- SHA256
  
  e48f6b1f03bb5e4a196898df7515cd834744b60f37713e0198a0767cac6b9838
- SHA512
  
  9b692a49d6131d441e574264df0f6428780b386e269742a059c4d0417f9ed064258a3b0b85c56bcb9d0723d9401ee708a51a1f8fffce757a173a9c1facd8bb56
- SSDEEP
  
  393216:TU5efi+lgDbbKsYQfm5rdyzHJZAG2mEm6VlL3LLi6uHkVIVngHQ0cgrx8:Q5ezlgPbKs9fmfu/2malLa6uHkVyiQ0m
Score

8^/10

bootkit discovery persistence spyware stealer
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2
- Target
  
  Password.txt
- Size
  
  4B
- MD5
  
  d6ef40273f691e1a7772a807cb1bc667
- SHA1
  
  f64c44e422bc7f256ae772e64a40dd71cba3cb9c
- SHA256
  
  e105a90d2a5b485d1f96c1895bc59b6a334425adb87bdc5d02580633065ba860
- SHA512
  
  1d6003ac2778c5179fa79424fd3bbb8eb3b9b352633742bb3c208e18975013c9b9148ad9ba1b7f67447dfa9a150a35b76efc39041dd01c0b01f36cfa7795b8c6
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix

Collection

Data from Local System

T1005

Command and Control

Credential Access

Credentials in Files

T1081

Defense Evasion

Modify Registry

T1112

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

T1060

Bootkit

T1067

Privilege Escalation

Tasks

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Adds Run key to start application

Checks installed software on the system

Enumerates connected drives

Writes to the Master Boot Record (MBR)

Checks system information in the registry

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4