1583519e3af26eccf1162002bd4b6a3398bc6df52182b4b61ef4c7abbc4acd0c | Triage

Sharing

General

Target

VPNReaperv2-cracked.rar
Size

555KB
Sample

230515-xjsjjsgh75
MD5

74fcb744806f05c77f0ce167a6488529
SHA1

32734e17fe02d67493af9b2e47c03b694394e0a8
SHA256

1583519e3af26eccf1162002bd4b6a3398bc6df52182b4b61ef4c7abbc4acd0c
SHA512

b394041e00008c7a516ee836972383680aaca57488689512d1f0a900cb191964b2841d86103ca63a4cb9546e6b30be4d85e62257933f3ecdc7bc7527d756e1e8
SSDEEP

12288:vS/UPrwzpQDt9EZv9HbDQivYd6GjQIOaUzOk4oBojw1dQIjl:v2WiQRaRQivYd9MlaQOw+w

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  VPNReaperv2-cracked/VPNReaperv2-cracked/VPNReaper-Cracked.exe
- Size
  
  199KB
- MD5
  
  ce782fb7de7261894c9af56359430010
- SHA1
  
  212398778a6083e42f8ed3b1cf76d37199fffdd0
- SHA256
  
  bf3a8b3291f50a88cfb4f27be8b3f3468d807c8c908c2db0716712bd86e47799
- SHA512
  
  cd7958f2ae2a71d00506ae61ce77c2e5344d87cc2f112581eff317f6c635d3bf2623adc410743fbb969c62eeccfd3827a60f08617b98269c0429308dc39d74fd
- SSDEEP
  
  1536:W4lMePvqi9JU8nx+B3eTD4q29nhM72h6Cg8zxJ8E/e+kN55fONQtiX+yj9C60tOF:W4lM0o6xYwkpnW706P6AlPY
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1
- Target
  
  VPNReaperv2-cracked/VPNReaperv2-cracked/dim/Launcher.exe
- Size
  
  53KB
- MD5
  
  c6d4c881112022eb30725978ecd7c6ec
- SHA1
  
  ba4f96dc374195d873b3eebdb28b633d9a1c5bf5
- SHA256
  
  0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32
- SHA512
  
  3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981
- SSDEEP
  
  768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral2
- Target
  
  VPNReaperv2-cracked/VPNReaperv2-cracked/dim/vpnr.exe
- Size
  
  112KB
- MD5
  
  dd5a7f573733a8e7425b0b471fe9b363
- SHA1
  
  b2c173aac3f38f32c37a79dee19fa8c8c4e83669
- SHA256
  
  20af557da12b46b80e3ef2535c8fd88a0583617bf4f1aec0ce35ed75f6834e85
- SHA512
  
  8fe37b7d04c2673435b670a23427364f358b202507b831107c901005158a1231055c6c59abd8e60e980946591ba482becb1414b414df9c673b44805c500254e4
- SSDEEP
  
  3072:vhftQKk1nNi93MwF3bdUXF/uVTdtwPD7:Ft8zXFx
Score

3^/10
behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3