Overview

overview

9

Static

static

7

m.zip

windows7-x64

1

m.zip

windows10-2004-x64

1

6.txt

windows7-x64

1

6.txt

windows10-2004-x64

1

MSVCR100.dll

windows7-x64

3

MSVCR100.dll

windows10-2004-x64

3

WebView2Loader.dll

windows7-x64

3

WebView2Loader.dll

windows10-2004-x64

3

at.txt

windows7-x64

1

at.txt

windows10-2004-x64

1

b.txt

windows7-x64

1

b.txt

windows10-2004-x64

1

c.txt

windows7-x64

1

c.txt

windows10-2004-x64

1

exe.exe

windows7-x64

3

exe.exe

windows10-2004-x64

3

i7.exe

windows7-x64

1

i7.exe

windows10-2004-x64

1

jli.dll

windows7-x64

9

jli.dll

windows10-2004-x64

9

Resubmissions

09-05-2023 00:46

230509-a459tade92 7

09-05-2023 00:38

230509-ay2dnsde74 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    m.zip

  • Size

    18.4MB

  • Sample

    230509-ay2dnsde74

  • MD5

    c30182ad83d8cd1383a879815cebbed5

  • SHA1

    f055b621f89dd627bcdbc69bbf8f5ec4d9ca7850

  • SHA256

    d37c8dd3fc3ea661959c1daf53a68eac6cf1e88add3c6465a9f73b8707616051

  • SHA512

    a3634c79eec336ff4863b96d474458d0a54b8e93d4bfc0edcf7be0c533e0528337a25f0982507936fd6127995da555f213b2c639e3b9dab364d4a59d4e8ad711

  • SSDEEP

    393216:ZtfNuS3tmsm1E+ee9QqQdPUFioUAMdfSVBQW1aB3s/3COKdJhNaNQzV04RSrpVqU:nfNu2tD+eeDQtSiobVBQWUs/3WdJLgeA

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      m.zip

    • Size

      18.4MB

    • MD5

      c30182ad83d8cd1383a879815cebbed5

    • SHA1

      f055b621f89dd627bcdbc69bbf8f5ec4d9ca7850

    • SHA256

      d37c8dd3fc3ea661959c1daf53a68eac6cf1e88add3c6465a9f73b8707616051

    • SHA512

      a3634c79eec336ff4863b96d474458d0a54b8e93d4bfc0edcf7be0c533e0528337a25f0982507936fd6127995da555f213b2c639e3b9dab364d4a59d4e8ad711

    • SSDEEP

      393216:ZtfNuS3tmsm1E+ee9QqQdPUFioUAMdfSVBQW1aB3s/3COKdJhNaNQzV04RSrpVqU:nfNu2tD+eeDQtSiobVBQWUs/3WdJLgeA

    Score
    1/10
    behavioral1behavioral2

    • Target

      6.txt

    • Size

      9.4MB

    • MD5

      a30d69b5367d09f2ce35197e83951253

    • SHA1

      e28e58cd592c8661143823c0003d3dcd630c2299

    • SHA256

      5edf591f5c454dfe10103a76f18f0d5988a325cfb68c05cc604a17375e646223

    • SHA512

      3f147116ab66351a6eaad4e4915954f2504029f83918319fcbde7a367b6a1ce9f509f2cc646f0de2692b3ef17744015f27cae731bedbfcf124c25ff02b853408

    • SSDEEP

      196608:2APEmjmVCqHEcmRu9HbMsYBtisiYbL/hsstGO5z231DnssSOq/agsuA:gxV/Kc9HAsc5iYestGWmnzS9igsuA

    Score
    1/10
    behavioral3behavioral4

    • Target

      MSVCR100.txt

    • Size

      755KB

    • MD5

      bf38660a9125935658cfa3e53fdc7d65

    • SHA1

      0b51fb415ec89848f339f8989d323bea722bfd70

    • SHA256

      60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

    • SHA512

      25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

    • SSDEEP

      12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I

    Score
    3/10
    behavioral5behavioral6

    • Target

      WebView2Loader.txt

    • Size

      105KB

    • MD5

      61e6b94ab6109254fbef360681f5b80d

    • SHA1

      204a5eda5fea33a56edb33b9ccd40af635a04564

    • SHA256

      446b4d19ed8fa1563b77a7f36261b76911b208af1d00a805d54e44b01ca3f54a

    • SHA512

      93fad29f13c0a18e4864ddf57aeba882fb411b84f6dff993b87295a1b5e4b488433802c2150fbf25a3132379dc2eb3aa02d836059b0ef24a2db4269eb0795a9b

    • SSDEEP

      3072:iTC3F6JkULenwAFqz5pV3+Zqocv0T+EtO5pf+gMl/1:iuV66kL5pjxEtqpWRl/1

    Score
    3/10
    behavioral7behavioral8

    • Target

      at.txt

    • Size

      4.3MB

    • MD5

      5b0804d17be88b45955d8dd9daeb7489

    • SHA1

      620d12a9ced5be117da596fd07faf49f51ef3bb1

    • SHA256

      32d6b447a82448ae2cd9a2a9602ad65a7b3bd0094ba19855ede15de1eca9822c

    • SHA512

      8378f6bc172e7507a558fefd34abbdcde1196bde71442f8a5e4c610f1459126a633ae7c2c208c783c83a60731545d9baa3a5d70fb587e4a492c1a53e173d77b3

    • SSDEEP

      98304:Ned/gkRJ53hSpJnf531K4WWAMSP33ift1lkqHmYoWWoT6NXlfI9SJ:N+ZRJ5x0nhl7WWzSP33ifxkSoFs6vIQ

    Score
    1/10
    behavioral10behavioral9

    • Target

      b.txt

    • Size

      23KB

    • MD5

      1a7a6bf11337f0de5ba28ebd93afed06

    • SHA1

      c5e6ffae9a8edc7fe4620a61d23f387b06ea63ae

    • SHA256

      c62acf95bf44552f63a3dc44616869c1c40475b971182f52606440b0eebfbb21

    • SHA512

      d7f93a1d44b687cee76a3982e935ff6e8e487db8d72b77d22022e6e46bac0c5ffe74cc613f5761b3ca33157a3454a9c8039c11e7c8f5f546795bbd13478915a4

    • SSDEEP

      384:MK/cBozUqKi8DsHqjFnKNSTYY0Rez/5QLkWN6vXiAq+7UYaiaeOaIfxVh+bJ/jIq:5/vUqKFsKw0h1QL7Qvy8UYP6aIfxVgb7

    Score
    1/10
    behavioral11behavioral12

    • Target

      c.txt

    • Size

      23KB

    • MD5

      e91f05b459e3df011e8afd1f35eebffc

    • SHA1

      425504c4e6eab03f91b07740b75989ccaab1fa67

    • SHA256

      80d2c6b4174b91b2b2b5a189726b8e1d715745e2b8064a1a18663936187f62b0

    • SHA512

      13e75c3fee33b78c2d61b2870c856e45f2f9ee208593720ccf7895cd759694762161a086f18f94701e0fc8f0a48c0ca798fdd81c939263964e7a149eb9dacba7

    • SSDEEP

      384:MOQ/cBozUqKi8DsHqjFnKNSTYY0Rez/5QLkWN6vXiAq+7UYaiaeOaIfxVh+bJ/ja:i/vUqKFsKw0h1QL7Qvy8UYP6aIfxVgbI

    Score
    1/10
    behavioral13behavioral14

    • Target

      exe.txt

    • Size

      872KB

    • MD5

      c56b5f0201a3b3de53e561fe76912bfd

    • SHA1

      2a4062e10a5de813f5688221dbeb3f3ff33eb417

    • SHA256

      237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

    • SHA512

      195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

    • SSDEEP

      12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01

    Score
    3/10
    behavioral15behavioral16

    • Target

      i7.txt

    • Size

      15KB

    • MD5

      4afcab972e98ecbf855f915b2739f508

    • SHA1

      615dc2fa827fab39e16a7e9721f484e7f4d34f8e

    • SHA256

      7cc34a5423bd3fc9fa63d20ebece4103e22e4360df5b9caa2b461069dac77f4d

    • SHA512

      58258f74d7e35c5a83234a98bc033846be5a65146bd992e738a8678706a18c30759bd405fbb30a296181e2f92acb0219df8979030cc45d1cdec6ac06e8bc00d5

    • SSDEEP

      384:Gpsx5cnV21mSHhV8b+lee84SzFnYPLr7aq:GpscnfS/8KUe8jC7aq

    Score
    1/10
    behavioral17behavioral18

    • Target

      jli.txt

    • Size

      3.9MB

    • MD5

      f07706176113cf4b97d4cdfc857347fe

    • SHA1

      7757df85dffda89be5241616be2ec885e77d3a42

    • SHA256

      1d3a991fcaeecf13babe0fa03994bdd098002bf45aef0eec47b67e73f9c86572

    • SHA512

      3be9e56419302287fb039ad36859ac0783544066ae08a77d1d63679b6929091c16d21286bdcaece580e576647f5a5556490b6fb9b234f7bba240440983cc6ed1

    • SSDEEP

      98304:4c2Hi8OKi8MYV7N4iixKqZpW2kR41p0z1gwOfVlHgHN:41i8G8xsAOplt1yzOtFg

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral19behavioral20

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks