Overview

overview

10

Static

static

3

CLion_2023..._1.exe

windows7-x64

7

CLion_2023..._1.exe

windows10-2004-x64

10

JB Patch 2023.1.exe

windows7-x64

7

JB Patch 2023.1.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    592f323087f1a5071e81e0abcda30283.bin

  • Size

    670.9MB

  • Sample

    230602-b3a8qahc87

  • MD5

    592f323087f1a5071e81e0abcda30283

  • SHA1

    728c9c22f94422a50c4ce6dc7597a138db2172cc

  • SHA256

    b53056518bfec3c5164a401f088fa398871453fee7ebcfa4fdcc7a9a76f01162

  • SHA512

    6055705b86044e79945fe5864669760cb1913c915e604fa9dae2a46e743a6348a14b3523bf0fe7c581d825c725412218376c791ac8dca397cc7a6057efaaf9f8

  • SSDEEP

    12582912:wscHqXYBnVfAZWva7I5+lxSBEUdMyvE5pSUYnUcExTaRPqD/3M4NsQpKdAY:wNqXEVAU5+lx+7ELSUmUTisTssmAY

Score
10/10
discoveryevasionpyinstallertrojan

Malware Config

Targets

    • Target

      CLion_2023_1/CLion_2023_1.exe

    • Size

      661.6MB

    • MD5

      f02904df77df7f1296ebf54dfbbe1c2e

    • SHA1

      63d84a6c6c22da6a31a588525ae141aaa5eb4572

    • SHA256

      9bcd788abd1e2e37e5f4ff47fdddaa927cb57d67c91ab406e8bf6f87757edd0f

    • SHA512

      9f640b9bf4284607b4345e757b1d6b66958123a1c92c56fc73e34244262400c0539d3fa414d6fa98871c0dd60077abae3479c5f46dee1867b33012f5f42b6bf5

    • SSDEEP

      12582912:dCaOhgJIP5x5cpEX2NTdctVE76+hUKROtzgg090Em3xQe9DlDL8C7kEL+x:dCvgJ6xUFdctV0NOJgg0Kx5LLkS8

    Score
    10/10
    evasiontrojan

    • UAC bypass

      evasiontrojan

    • Blocklisted process makes network request

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      JB Patch 2023.1.exe

    • Size

      9.8MB

    • MD5

      2360d6a36a8ecb7cb1fb14b6381c72fe

    • SHA1

      d4d158d68ff8c2aba54ed994d990fb6bc7ead2f5

    • SHA256

      c1b26a6abb5aa499167b346e9d289c126c839e0b157fc1cccfbdff5f924982c2

    • SHA512

      7cfa5f20b7db2f0b6e6ec61ac2da7d207c75e6bd02636c8126349d675e10ac741c15b986e8a2bb7123e1f1c2493442a21d6c833a74dae10504f663447bb19a7a

    • SSDEEP

      196608:6wYJw515ev5zAp9uwi//sSsTUTIZjnX3uAx3N3rgiq3VzO6s3rr7jM:6PJEnp9ul/0UMRnu+3OFFzO13rrfM

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks