General

  • Target

    Malwarebytes Checker By PJ v1.1.rar

  • Size

    955KB

  • Sample

    230509-qbhwtaga25

  • MD5

    8bf2405ce79ecd6d4674973561dea1ee

  • SHA1

    8554911db848f7ba27e175766a510f45d5113d4e

  • SHA256

    301037e5a2b2da3f692ec0c269be54d88350740c42c4c059929457850f9edcc1

  • SHA512

    5a03c12183b6d3cebdd1abd1f10c903b7a6204074d45331d76c2c06d9f00fff21b7f7dc867cb75457b6080f4fed69a61b417cb596be24578fc8104f8693f67a5

  • SSDEEP

    24576:Mbqqp4Rg8o8C5eFyIMxtMoqGb0iKegm5G843:Qqqp04PgMcc09egSo

Malware Config

Targets

    • Target

      Malwarebytes Checker By PJ v1.1.rar

    • Size

      955KB

    • MD5

      8bf2405ce79ecd6d4674973561dea1ee

    • SHA1

      8554911db848f7ba27e175766a510f45d5113d4e

    • SHA256

      301037e5a2b2da3f692ec0c269be54d88350740c42c4c059929457850f9edcc1

    • SHA512

      5a03c12183b6d3cebdd1abd1f10c903b7a6204074d45331d76c2c06d9f00fff21b7f7dc867cb75457b6080f4fed69a61b417cb596be24578fc8104f8693f67a5

    • SSDEEP

      24576:Mbqqp4Rg8o8C5eFyIMxtMoqGb0iKegm5G843:Qqqp04PgMcc09egSo

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      Malwarebytes Checker By PJ v1.1/Guna.UI2.dll

    • Size

      2.1MB

    • MD5

      aca7f1ca2525160b85404e638732bd87

    • SHA1

      612b5fa896871ee2f8f5710ac4bc63701cb96e4f

    • SHA256

      bf7fd5efcd54d00bfda76187cb3f04dd36bb38d9b36b505e1493cffb7a7f3d9e

    • SHA512

      dbf6624da29167ac67ef8e2fbfa1a350f00f850a1c029fe427d54ddbc3299331633ee8e1c076cd54ff02fa219fbe9ab0397e89c1a32d502ccdd150df55e25ae3

    • SSDEEP

      49152:tvU6fD73waJnBA5lV8jldVmIgA5iKOvhn:tvU6vznglEldVmIJi/vt

    Score
    1/10
    • Target

      Malwarebytes Checker By PJ v1.1/Leaf.xNet.dll

    • Size

      129KB

    • MD5

      ea87f37e78fb9af4bf805f6e958f68f4

    • SHA1

      89662fed195d7b9d65ab7ba8605a3cd953f2b06a

    • SHA256

      de9aea105f31f3541cbc5c460b0160d0689a2872d80748ca1456e6e223f0a4aa

    • SHA512

      c56bd03142258c6dcb712d1352d2548a055fbb726ee200949d847cb2d23d9c52442b1435be0df0bf355701a2c1a3c47cd05b96972501f457d2d401501d33d83a

    • SSDEEP

      3072:gE3OJDHIfFLlL3pPiqhcLS/oZhttaMBM2cid:gHWZxJiqO

    Score
    1/10
    • Target

      Malwarebytes Checker By PJ v1.1/Malwarebytes Checker By PJ v1.1.exe

    • Size

      528KB

    • MD5

      6060d7633c720d9aeb219f3a875b99fd

    • SHA1

      7bd3e8accf96f89632eddf4463b2d14397045283

    • SHA256

      a590631ee4b10949e6d3cf12dbaf1dbe0a355ac9263dd65721f41698b2891eca

    • SHA512

      7ea3a71c9e3e4cd9b1b898ca64f591b6943d1f7dd9e96faffb6b4012e8b23940138bfc2d08f9a8251f1c0f77bf923cbcf7f2d8c2e3d4e7b369e034b73521441f

    • SSDEEP

      6144:Q7Osq+KrFr0RUx36nATyqoQXgu8xDl3F+UAFuGx1RXs8:Q4+EOD73Fn8p

    Score
    7/10
    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Target

      Malwarebytes Checker By PJ v1.1/Result/Free[11-24-11_54].txt

    • Size

      156B

    • MD5

      76a26dc9df838c43a1bc4e3eef7ff694

    • SHA1

      f534bf8fbb9fa8d65823cb3cc9db4bc7f41d64f4

    • SHA256

      dfde31e0228c2927b63d3ab189f0cd3b61cb4d423c8dd8710c94768e54d13660

    • SHA512

      ec76a615f2cb7496be6b161471862a4e2a2d33ab57bef4bebf42b6fa6cdd1a1f470978e960802e591663443477df1e91f93a64d17cfe773987cb5fdcbb3c7e94

    Score
    1/10
    • Target

      Malwarebytes Checker By PJ v1.1/Screenshots/screenshots[psgy0sbf.ppd].png

    • Size

      33KB

    • MD5

      b6de33ccb411b1a866b98116d4016373

    • SHA1

      37d5cab172c09d1603ec56ce48c4c2a2bfbaaad0

    • SHA256

      3e08447e857cbe82c861084aff327e016df5e13829afbde26b7a0a87a3612793

    • SHA512

      f49d8e0f69d3870ff70778fcddb2dd56c66b279293223cdcc4ba1becbe8df5d33e146c0973646d157b30220fee70571484dae0f488a90583cb9c1640e7564571

    • SSDEEP

      768:Y4g4YAFfbUeGchhSSSSSSSSSSSSSSSSSSSSSSSSVudKUKK6uFc38shVD3Zjm4UdF:Y4g4vFfhGshSSSSSSSSSSSSSSSSSSSSY

    Score
    3/10

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

4
T1082

Command and Control

Web Service

1
T1102

Tasks