r77 | 24e8c911a34e784acfeae70252c1c4c27c7d40883eeee9871d97691bcc0f9df7 | Triage

Sharing

General

Target

EONLY.7z
Size

241.1MB
Sample

230518-qm4bwshg8y
MD5

7f906ee671be2bcedce725aa77ca60e1
SHA1

d8766f0b8a1988757bb7d130d0f589590712f2e2
SHA256

24e8c911a34e784acfeae70252c1c4c27c7d40883eeee9871d97691bcc0f9df7
SHA512

9e5101d4cf2b9ffd1a457f13307ccecd207f36d12106e149818f28af6654dc2b1c2ad6896e77128b35bdd6468651898bcb774d5f730f61dd9b788cade751d84f
SSDEEP

6291456:CqJVpdZphF5kuf6k4iQdLdau2xAEtkHZv7Oe1Bob3k0gnpL2:BZphFf6k4x2qEVe1UCp6

Score

10^/10

r77 evasion trojan

Malware Config

Targets

- Target
  
  EMPRESS/EMP.dll
- Size
  
  16.5MB
- MD5
  
  152271c4b4ffef688f8afe097989b224
- SHA1
  
  df3bb0aa3f2ca3e27092b1ee2b316afa5234586f
- SHA256
  
  1a810d11ff37b79a348ceb52fe3a6c5b7aa83682ecff88764a78a92586c2803e
- SHA512
  
  33dd3768e24628294239acea1e86d158c049fb5dc937092cbe6abee77afd2c2165bedc070047ad553c01e6fae33409284d2f9a960368f17c92a83457f60a41be
- SSDEEP
  
  393216:6Wj4j1GtzkONfyf9Mah58FSz2pARmnfZQpeWeYO7Uy+JEMUv:6WaGtzkONk9huIRmnfZHDjIynB
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2
- Target
  
  EMPRESS/amd_ags_x64.dll
- Size
  
  41KB
- MD5
  
  9f4fa3c3a49497efb0b6737481fa2358
- SHA1
  
  997f2708d94718ed7a94e7cb0acefc8faf2154a5
- SHA256
  
  0cb9ee2d5bea42b2cb56a15c2763e20e77436107b13f187c8c7dabd27ee45f8e
- SHA512
  
  d373b10e1df2aff28d484a0d75bf6366de9f4061b848eb07acf1383c1d2cf7bf4c72a5891b87525ddfbcaad2bc74b97fcbf977f7289dec2dcb219398917b9462
- SSDEEP
  
  768:gUbBwQVwW2Wqn4p5hjufZbVa/FECPdAqTzUVGIM/o/:guYW2gp5hEoEMAqTgVGo
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
behavioral3 behavioral4
- Target
  
  EMPRESS/re4.bin
- Size
  
  528.0MB
- MD5
  
  889ae906f7906185e55eee339c7a98b4
- SHA1
  
  74b293a413b00bbfe3d54c64e2772762d20b6cc9
- SHA256
  
  656b8f8bce6dca7aa4294576bc8a0faf9d8860aa60bdba1c182c35be09413d9d
- SHA512
  
  0f13cfa9a2fcd4f4e781a4422cc5f6b0b3a3b15d1b006edd91225a470113fdfe14b49e66aad91571a38fedfdefa29a14fc3ff23cec2cd2771ae48f23d7fef743
- SSDEEP
  
  3145728:q0kQJSxSGr5c+rKjQSTjqiHxoFZV0rKozIAMk1w:plST5uRjqiaFZwX
Score

1^/10
behavioral5 behavioral6
- Target
  
  EMPRESS/steam_api64.dll
- Size
  
  288KB
- MD5
  
  500475b20083ccdc64f12d238cab687a
- SHA1
  
  b13f17561a9a0671befbebf0aae7b51bcc0072df
- SHA256
  
  4df999c0c8cb12589f0864d52be5d4c775577aeb27fee28b49b188f9ba083eea
- SHA512
  
  de926d38118c808cde4d3a8f6fde7b56b755ef7938b9adadf0efaac45c853f3d19f4cdd5906b02a7dcca7d2c38b8c01cbd401ce3a7f5e3f9221776f0ed49355b
- SSDEEP
  
  3072:ujTqkh2mB9mkVi635gRaeaZqk4YJDf32uB+rJFC9R+5z65lhTbCz+hnv91vFAyNp:Gb9mZOB3Zx4YUuoaRRFAymC2CPzbN
Score

1^/10
behavioral7 behavioral8
- Target
  
  EMPRESS/steam_api64.emp
- Size
  
  2.3MB
- MD5
  
  1d2488d510408bce5706e3fe34cd06eb
- SHA1
  
  8ae4c6739fae35011611b62a813798f141b7d670
- SHA256
  
  33c3ea60570abb7605e5fdb0e50ffdcba7bfd34351cccaefefe05cece0e61d0d
- SHA512
  
  37d73937c36c4c21ce7b37cec5800f33baefcc5ee9926045782ac96799c838c3eb53755edd2f1b2c96fc77be99981954f9e5ff7e6dc3b5d8880d1bc9ad2db7e9
- SSDEEP
  
  24576:B0urrg2LP+RaoIzVNvT9vfRYur0FujbG+aId3VS9YIsrnBzyOfCHG5:BRHg2LWookvJr0Fuj1rS9YTrfCH
Score

3^/10
behavioral10 behavioral9
- Target
  
  Extras/Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe
- Size
  
  1.6MB
- MD5
  
  bcacc9b5f549ea9f84b329bb2fdf9293
- SHA1
  
  e5e6b61d29a99deb53d69ef72e1153bbf0beeb55
- SHA256
  
  eabc658deece003f4e76ef76fd0932a0a2d91e63725bb11daf07dc7052689b76
- SHA512
  
  86a385a22595129c3059c834a175c303b722f197a59a12bb96a96d01998ca0e8eff5a27552f4921745b7e015b98b4ad46b277099927af89249ce79b22b706483
- SSDEEP
  
  24576:2inUIrP+Zeb+NKgNqRB+uCny6Dorar3QrLamx4wlKDSVXT5Xzwya:2iZGXN3IB+Tny6cGlwlfXT5Xzw1
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12