d37c8dd3fc3ea661959c1daf53a68eac6cf1e88add3c6465a9f73b8707616051

Resubmissions

09-05-2023 00:46

230509-a459tade92 7

09-05-2023 00:38

230509-ay2dnsde74 9

Sharing

Copy URL

Twitter E-mail

General

Target

m.zip
Size

18.4MB
Sample

230509-ay2dnsde74
MD5

c30182ad83d8cd1383a879815cebbed5
SHA1

f055b621f89dd627bcdbc69bbf8f5ec4d9ca7850
SHA256

d37c8dd3fc3ea661959c1daf53a68eac6cf1e88add3c6465a9f73b8707616051
SHA512

a3634c79eec336ff4863b96d474458d0a54b8e93d4bfc0edcf7be0c533e0528337a25f0982507936fd6127995da555f213b2c639e3b9dab364d4a59d4e8ad711
SSDEEP

393216:ZtfNuS3tmsm1E+ee9QqQdPUFioUAMdfSVBQW1aB3s/3COKdJhNaNQzV04RSrpVqU:nfNu2tD+eeDQtSiobVBQWUs/3WdJLgeA

Score

9^/10

Malware Config

Targets

- Target
  
  m.zip
- Size
  
  18.4MB
- MD5
  
  c30182ad83d8cd1383a879815cebbed5
- SHA1
  
  f055b621f89dd627bcdbc69bbf8f5ec4d9ca7850
- SHA256
  
  d37c8dd3fc3ea661959c1daf53a68eac6cf1e88add3c6465a9f73b8707616051
- SHA512
  
  a3634c79eec336ff4863b96d474458d0a54b8e93d4bfc0edcf7be0c533e0528337a25f0982507936fd6127995da555f213b2c639e3b9dab364d4a59d4e8ad711
- SSDEEP
  
  393216:ZtfNuS3tmsm1E+ee9QqQdPUFioUAMdfSVBQW1aB3s/3COKdJhNaNQzV04RSrpVqU:nfNu2tD+eeDQtSiobVBQWUs/3WdJLgeA
Score

1^/10
behavioral1 behavioral2
- Target
  
  6.txt
- Size
  
  9.4MB
- MD5
  
  a30d69b5367d09f2ce35197e83951253
- SHA1
  
  e28e58cd592c8661143823c0003d3dcd630c2299
- SHA256
  
  5edf591f5c454dfe10103a76f18f0d5988a325cfb68c05cc604a17375e646223
- SHA512
  
  3f147116ab66351a6eaad4e4915954f2504029f83918319fcbde7a367b6a1ce9f509f2cc646f0de2692b3ef17744015f27cae731bedbfcf124c25ff02b853408
- SSDEEP
  
  196608:2APEmjmVCqHEcmRu9HbMsYBtisiYbL/hsstGO5z231DnssSOq/agsuA:gxV/Kc9HAsc5iYestGWmnzS9igsuA
Score

1^/10
behavioral3 behavioral4
- Target
  
  MSVCR100.txt
- Size
  
  755KB
- MD5
  
  bf38660a9125935658cfa3e53fdc7d65
- SHA1
  
  0b51fb415ec89848f339f8989d323bea722bfd70
- SHA256
  
  60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
- SHA512
  
  25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1
- SSDEEP
  
  12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
Score

3^/10
behavioral5 behavioral6
- Target
  
  WebView2Loader.txt
- Size
  
  105KB
- MD5
  
  61e6b94ab6109254fbef360681f5b80d
- SHA1
  
  204a5eda5fea33a56edb33b9ccd40af635a04564
- SHA256
  
  446b4d19ed8fa1563b77a7f36261b76911b208af1d00a805d54e44b01ca3f54a
- SHA512
  
  93fad29f13c0a18e4864ddf57aeba882fb411b84f6dff993b87295a1b5e4b488433802c2150fbf25a3132379dc2eb3aa02d836059b0ef24a2db4269eb0795a9b
- SSDEEP
  
  3072:iTC3F6JkULenwAFqz5pV3+Zqocv0T+EtO5pf+gMl/1:iuV66kL5pjxEtqpWRl/1
Score

3^/10
behavioral7 behavioral8
- Target
  
  at.txt
- Size
  
  4.3MB
- MD5
  
  5b0804d17be88b45955d8dd9daeb7489
- SHA1
  
  620d12a9ced5be117da596fd07faf49f51ef3bb1
- SHA256
  
  32d6b447a82448ae2cd9a2a9602ad65a7b3bd0094ba19855ede15de1eca9822c
- SHA512
  
  8378f6bc172e7507a558fefd34abbdcde1196bde71442f8a5e4c610f1459126a633ae7c2c208c783c83a60731545d9baa3a5d70fb587e4a492c1a53e173d77b3
- SSDEEP
  
  98304:Ned/gkRJ53hSpJnf531K4WWAMSP33ift1lkqHmYoWWoT6NXlfI9SJ:N+ZRJ5x0nhl7WWzSP33ifxkSoFs6vIQ
Score

1^/10
behavioral10 behavioral9
- Target
  
  b.txt
- Size
  
  23KB
- MD5
  
  1a7a6bf11337f0de5ba28ebd93afed06
- SHA1
  
  c5e6ffae9a8edc7fe4620a61d23f387b06ea63ae
- SHA256
  
  c62acf95bf44552f63a3dc44616869c1c40475b971182f52606440b0eebfbb21
- SHA512
  
  d7f93a1d44b687cee76a3982e935ff6e8e487db8d72b77d22022e6e46bac0c5ffe74cc613f5761b3ca33157a3454a9c8039c11e7c8f5f546795bbd13478915a4
- SSDEEP
  
  384:MK/cBozUqKi8DsHqjFnKNSTYY0Rez/5QLkWN6vXiAq+7UYaiaeOaIfxVh+bJ/jIq:5/vUqKFsKw0h1QL7Qvy8UYP6aIfxVgb7
Score

1^/10
behavioral11 behavioral12
- Target
  
  c.txt
- Size
  
  23KB
- MD5
  
  e91f05b459e3df011e8afd1f35eebffc
- SHA1
  
  425504c4e6eab03f91b07740b75989ccaab1fa67
- SHA256
  
  80d2c6b4174b91b2b2b5a189726b8e1d715745e2b8064a1a18663936187f62b0
- SHA512
  
  13e75c3fee33b78c2d61b2870c856e45f2f9ee208593720ccf7895cd759694762161a086f18f94701e0fc8f0a48c0ca798fdd81c939263964e7a149eb9dacba7
- SSDEEP
  
  384:MOQ/cBozUqKi8DsHqjFnKNSTYY0Rez/5QLkWN6vXiAq+7UYaiaeOaIfxVh+bJ/ja:i/vUqKFsKw0h1QL7Qvy8UYP6aIfxVgbI
Score

1^/10
behavioral13 behavioral14
- Target
  
  exe.txt
- Size
  
  872KB
- MD5
  
  c56b5f0201a3b3de53e561fe76912bfd
- SHA1
  
  2a4062e10a5de813f5688221dbeb3f3ff33eb417
- SHA256
  
  237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
- SHA512
  
  195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c
- SSDEEP
  
  12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01
Score

3^/10
behavioral15 behavioral16
- Target
  
  i7.txt
- Size
  
  15KB
- MD5
  
  4afcab972e98ecbf855f915b2739f508
- SHA1
  
  615dc2fa827fab39e16a7e9721f484e7f4d34f8e
- SHA256
  
  7cc34a5423bd3fc9fa63d20ebece4103e22e4360df5b9caa2b461069dac77f4d
- SHA512
  
  58258f74d7e35c5a83234a98bc033846be5a65146bd992e738a8678706a18c30759bd405fbb30a296181e2f92acb0219df8979030cc45d1cdec6ac06e8bc00d5
- SSDEEP
  
  384:Gpsx5cnV21mSHhV8b+lee84SzFnYPLr7aq:GpscnfS/8KUe8jC7aq
Score

1^/10
behavioral17 behavioral18
- Target
  
  jli.txt
- Size
  
  3.9MB
- MD5
  
  f07706176113cf4b97d4cdfc857347fe
- SHA1
  
  7757df85dffda89be5241616be2ec885e77d3a42
- SHA256
  
  1d3a991fcaeecf13babe0fa03994bdd098002bf45aef0eec47b67e73f9c86572
- SHA512
  
  3be9e56419302287fb039ad36859ac0783544066ae08a77d1d63679b6929091c16d21286bdcaece580e576647f5a5556490b6fb9b234f7bba240440983cc6ed1
- SSDEEP
  
  98304:4c2Hi8OKi8MYV7N4iixKqZpW2kR41p0z1gwOfVlHgHN:41i8G8xsAOplt1yzOtFg
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral19 behavioral20

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20