7d5c55a30071acc646a6c894e2fb31ba150e79775ac80dbdc4f47826df96b442 | Triage

Sharing

General

Target

ValoKeker-Cracked-By-SpArtOr-Cox.zip
Size

6.5MB
Sample

230405-ac8kvsag77
MD5

9ec7f031dbc63767588d95ecaf4b2774
SHA1

64cc780657cce71dcb075ce5eb53135b49df2fdd
SHA256

7d5c55a30071acc646a6c894e2fb31ba150e79775ac80dbdc4f47826df96b442
SHA512

9020ef0fe8f912b61d4f7d8e694fff9e796d890ac24a3c031bf9f4f990babcd167f28d6835aa75d1bed60021859daea4123b1de786685880e62141fd8600c215
SSDEEP

98304:FwxN1u1uNxyvyWMVNwJ3vkwFbhmujjTTfnCB2zuYXQYEN3XxdKGdz:FwxN01nvggJ37Fb4ujXfnXz5XM7z

Score

9^/10

agilenet evasion themida trojan vmprotect

Malware Config

Targets

- Target
  
  Bunifu_UI_v1.5.3.dll
- Size
  
  323KB
- MD5
  
  e0ef2817ee5a7c8cd1eb837195768bd2
- SHA1
  
  426ea1e201c7d3dc3fadce976536edce4cd51bce
- SHA256
  
  76e1d3ec95fdef74abaf90392dd6f4aa5e344922abf11e572707287d467f2930
- SHA512
  
  5ad95dd7f0e712d543acfe7fd4539695f7e894988c0a2c44231c43e5ee29e743cb1ffe6bdf1fbdbdcfd3aa374f036113bcc6a1befd0114954093520bac47234c
- SSDEEP
  
  3072:cF7t/92eSp+nuthzYeSRwwdrmMaXyXL5NQKCZIWD144HcH0CbBxyKfoYA05bC61h:eOthMswV7aXyXLSO4HcHByY35b9DYr
Score

1^/10
behavioral1 behavioral2
- Target
  
  Guna.UI.dll
- Size
  
  1.1MB
- MD5
  
  8673eae95d67e5eb19f0eca3111408e8
- SHA1
  
  ad3e1ce93782537ffd3cd9e0bb9d30ae22d40ddb
- SHA256
  
  576d2de2c9ef5bc1ea9bdd73ae8f408004260037c3b72227eed27e995166276d
- SHA512
  
  65c4eadf448a643f45fa9a0d91497bb25af404c41a3a32686d9e99ba4f4e50783d73f5b13d5df505cc62c465be300746d84a2eaa8000531893cd0b19d6436239
- SSDEEP
  
  24576:hUsmpWNSUFmCqJPNsTuJDYYviEcHy1t6Y:hSUQWSF8q
Score

1^/10
behavioral3 behavioral4
- Target
  
  Newtonsoft.Json.dll
- Size
  
  495KB
- MD5
  
  283544d7f0173e6b5bfbfbc23d1c2fb0
- SHA1
  
  3e33b2ef50dac60b7411a84779d61bdb0ed9d673
- SHA256
  
  9165e595b3a0de91ac91a38e742597e12ebb2a5a8fa53058d964a06ceaef7735
- SHA512
  
  150b45cd43dc5cf191c85524c15dea09fbb48766ad802851270eaacfd73f3d097fef8dcf0ea042184220e7bc71413677d88a206d8bbe60374986e4789054040b
- SSDEEP
  
  12288:7MzH+hB/pzxJi3X3+b6umJBDARbeqTJge:HLpXk+b6umJBDAJeqtge
Score

1^/10
behavioral5 behavioral6
- Target
  
  TrinitySeal.dll
- Size
  
  304KB
- MD5
  
  0788cb32d5eb03916c701e0d18e25a74
- SHA1
  
  760162267263322208b979b587fa5d65dd997fec
- SHA256
  
  ea8e5043fce2ea44dfa01bff4336babc27e12dd0cb8509bbd1f3d1d2f98713b0
- SHA512
  
  875e369ce7a97dc061745e8c3b30099c3771f44b88359e56999fe09649e4d6458d1389d29defad62e4f398d95293a1e698d728390e4419f7409fd01c5e14b4dd
- SSDEEP
  
  6144:+Af3+mh/e+Z9f6Vg7yfFi55nyfep86fK5t9iVSHpVgMhX/tXm0jg7aO:BPZ9f6VFfFkykK5yV8pqMhvtXm0OaO
Score

1^/10
behavioral7 behavioral8
- Target
  
  Valorant Checker Cracked By Cox & SpArtOr.exe
- Size
  
  796KB
- MD5
  
  2310a0eb5dab4238a3a7735dead8876b
- SHA1
  
  0a5118d6a07481a5ccf2e2862876e4ce6065a1c8
- SHA256
  
  1c140db987c4b49a68a07a90aa24641219e7d6e3dc8179e7dc81c289738095eb
- SHA512
  
  aeac11350b8de578a38246fbb71c53d7e941ce3c7632b92174d495eacf1e9d9b4e6fe2afb30fb20495b3d6687fbc7c9f49b8fe240eeb69670160f0fb3194fbdb
- SSDEEP
  
  12288:iwAwpyjN3Xz1/uOg+6Io7FXr9KEvob1vbfPsGOG7P+KN5Lu4zAHvPi3F:iwAwkN3Xz1/uOg+6IRb1vb3sGO2Q3
Score

9^/10

evasion themida trojan vmprotect
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral10 behavioral9
- Target
  
  core.cfg
- Size
  
  1.0MB
- MD5
  
  b80c43bb6498b06af9810e786ffe6b36
- SHA1
  
  8a02118c517d72809db439baa7c2ed697428ad01
- SHA256
  
  e844b3cc77afb93588eee1f6e06932b7dd62cb863f5bf9e4195a09e443d526a8
- SHA512
  
  580f5f9095c77f40918227409772727ca1965eacf97b83dd11b9b3607d9052d1ed6681948fdd0d4fb8e17e9e374f63281141875b1b4b62c3455b9bd61803f074
- SSDEEP
  
  12288:IGSthdqeEufN+TorNM4aW0i+nrFPi8SyZPimPirPi/G0RAdtGPi:hudqeEiNAorNzIdDSyV/SCAdtm
Score

7^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral11 behavioral12
- Target
  
  libcef.lib
- Size
  
  291KB
- MD5
  
  797f15c89fc3dc9d052061202c9d65cf
- SHA1
  
  d67178eedd91ab53c79ded28c0fd87d0149ac8ca
- SHA256
  
  6a2df4801d1b40e34b9b1be91b0aaa6e49da66fd5ed09254d83af2ec86c8d81c
- SHA512
  
  1193098cb4bbbe247dfa9f984959a6b1237d98793a232a3ce3ca6de9976310b8e7c0b63c27ac599afcb48c14576047090b53432b8fda3c7e5d093e31ecacd422
- SSDEEP
  
  6144:JKx4ytgiRFFTrouqPIJMWWnOYFqLBLMuHJ4BcpfLAOi7y:tyR1TrouqPIJMWWOYluHJqe0
Score

1^/10
behavioral13 behavioral14
- Target
  
  libexec.lib
- Size
  
  2.0MB
- MD5
  
  c0ac0367a40430af221b8c03417c2a73
- SHA1
  
  7d883b5094f8dd9c4b5cb96910d21aa5eba49bc5
- SHA256
  
  4c01ded1e8e7171e860ebe7b2bb949a2bcdd9b7aad7e5905a8f2a393670f20ec
- SHA512
  
  0bc0a45b6f05042dc954c507350e14f811f973aab3b170141e9349a25a71b4699f2dd41db8175107d4e5938158b5712c9971654e6d3d174853b65b92e7c95955
- SSDEEP
  
  49152:1gQsyP4JX/sdwSQHjnpMRGbaMfJTTVVXIMSW5lnnRoe:1WJX/cwfDpUGbzdTVVYzORoe
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral15 behavioral16
- Target
  
  skins.list
- Size
  
  128KB
- MD5
  
  39169c9e54cc14285692937f205e5987
- SHA1
  
  b73d8f2ae37ca6c63b13a76db30449583572f713
- SHA256
  
  91b990b6375423883de0ddb25b76b38a079e753124594684324d3b979680c476
- SHA512
  
  03f1aa00c00d5c424c408020df83100812a91488c1a3fd790a9ec1f685e174b458ec6d23bc3c6b290b25795c42b8c212a77d040b63e3247bc7b11b8b4e52f2c0
- SSDEEP
  
  3072:rhPbD7h3ZZ/2LYhuFpMa7fQ6d/jkTj6mZnU:pjXhuHxI69jkTjpZU
Score

3^/10
behavioral17 behavioral18
- Target
  
  xNet.dll
- Size
  
  112KB
- MD5
  
  ee9562fa37c96db8e0f73970c91a3c85
- SHA1
  
  7196b61919bc7c304bdea78a6c2912668033b30b
- SHA256
  
  5ac962a9121ef7ab0f479e647961f3e2ca086e3cb306a47b8e3dc3f72e669842
- SHA512
  
  b25953ac960beb122e83b592a1ce96865283bd64de16c5e525dcafa7212e5b6426d7f4d27888aa26dd95dcc1b4bd6d72bdfd7e62350e5eecaced1b25a3f5ec1b
- SSDEEP
  
  3072:0jrGwxJJQeg49YnlMY3wiWo0YNyYTqnV+xnEdd:CrGwgplgYTqnV+xnEd
Score

1^/10
behavioral19 behavioral20

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

agilenetvmprotectthemida

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

evasionthemidatrojanvmprotect

behavioral10

evasionthemidatrojanvmprotect

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

evasionthemidatrojan

behavioral16

evasionthemidatrojan

behavioral17

behavioral18

behavioral19

behavioral20