ff29601b71a6c27ca4b871b3931f25a70747bad313e79feb638d8a49f2569d65

Sharing

Copy URL Twitter E-mail

General

Target

AcronisWare_V6.zip
Size

382KB
Sample

230708-vaqmgsgf6s
MD5

026c9416bef319c43cb2acf9c4f4eca3
SHA1

6565af8d2fb7f560c2dbe2df7fcfd0d56dfda07e
SHA256

ff29601b71a6c27ca4b871b3931f25a70747bad313e79feb638d8a49f2569d65
SHA512

5f76502128b0d61937dccae730e304f6599e1b62fd6566c389484260390e98e1b479274bb148ea82b2398c372e23e579c61a9a64657b549cf80f8a7ed4722d29
SSDEEP

6144:2AoZTjPXalu5NwhVNtlPT5i7nMfFHaHDP8wrUgz42RjliZwwSKB:OXEIyDlPT5i7nqHoUV2RjlmLSg

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  vape/CustomModules/6872265039.lua
- Size
  
  81KB
- MD5
  
  2a9ff4a5647d443ce45c8817c6f2e762
- SHA1
  
  2e45ac39c1d7f96621be0e7f38cf7768377356fb
- SHA256
  
  c0e7bbfa8a213229e5b409b0aa9b93529a5ae87e9ddc9ec0ff5cd85d693dee10
- SHA512
  
  ea0ffee483829bcd7990420dc195e02f6da6496a43ceb8c6beab4e6a292fe563479addc303a99fbb76c74673dd3331ed91fdf6a3434aefe3d1261b2487e3ff9b
- SSDEEP
  
  1536:hLvBXGAkNFzDwwfdvPFZuWmzfD694On/3+5Rn:hb1GrLwwfdvL94M3+/n
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  vape/CustomModules/6872274481.lua
- Size
  
  398KB
- MD5
  
  4a5276b1ad300e950ca5369e16c15093
- SHA1
  
  c189891f86d50c6ea38d9d634c582291a0b045da
- SHA256
  
  b386de41d493d7d35a44ea996dbedba8ea0febc5006f300866b4a160b844affb
- SHA512
  
  38802b1b5bffc6667f93a0e90d41c275b7b5403783a1c1f8682e205f69f343519cf392a430a070808bd04b7f277ea9cd18380f3dc556357e5d6d03fef94b77f5
- SSDEEP
  
  6144:VkQtGRWtQJY/v2af2PZs8R01VsT4947/CCztlOQ4TZSaQoFM7zRZN:RtQJY670vsTflO5SloFM71H
Score

1^/10
behavioral3 behavioral4
- Target
  
  vape/GuiLibrary.lua
- Size
  
  319KB
- MD5
  
  a3b66273002d87181b6bb1cba476b5a3
- SHA1
  
  6badf43be0b41ef24ccfa34a238c1fb367e48bc6
- SHA256
  
  a6c4125ed7043f73e0daa255735d07fa5087dd54d950e8ae2964170f423519e9
- SHA512
  
  17871246894e553683a43fbf3963351fbcb9568544be656d178498fdfd790d8a74c7feb1150607692e5dc1e650c8a79332c4906497175abf93a92ce9114b1a14
- SSDEEP
  
  3072:BgkAJtW9bgoObMPQZX+uXCpxlz4QRwz5xk4BCjKbn+NMDnZOAwizk8lr8tY:BgDkbgquX4LRm6CfxqY
Score

1^/10
behavioral5 behavioral6
- Target
  
  vape/Libraries/entityHandler.lua
- Size
  
  8KB
- MD5
  
  5084a3e5fe80975893d9658430f8b067
- SHA1
  
  6cabb6cadd0b46f3e152f85a0fec49f9c76f4a49
- SHA256
  
  6e87834fefebf2d3749bf29c72eb9626e50cc5defc384c1564b042b7b2a2f421
- SHA512
  
  f94662fd80a1eac542ee860c9f76f777b5a1b6077367b4c1813e9c7be43aeb37e7d43b372fd20412a4cca811a22b790e5e12fe2f95a3b980446459e3af1bd3d5
- SSDEEP
  
  192:cACGCPCSV6sa7T+kuOlpKk7EyJZksIqFZ2vbpRdvBsJ3lnMtA:w7qrf+kukpKUEyrH2vlo3lnMtA
Score

1^/10
behavioral7 behavioral8
- Target
  
  vape/Libraries/sha.lua
- Size
  
  52KB
- MD5
  
  0611c8315d87ba0144f26ffd77b6ef0a
- SHA1
  
  356e8753700fdb1054c4eea1fe8ec93ffc0456e9
- SHA256
  
  f45856cbbdc66811cebfeb0215c31f8c23a1b40f4f0f54ab43e9faa703a1a6b3
- SHA512
  
  8ebd2e243e386ee0b212feb08a27c8c1ad6d4fcdbcf0f2feb646c699d7688a45ecfb1498ef138cf82635d9c49faca517e3ca89ff431a83c643766c17fd22e1c9
- SSDEEP
  
  1536:BJkjWUKqPDxWJQhgzFD+CtwzDZlzmXVKZKBHu3:BWKqPDYGgx+fzfmF2KBHu3
Score

1^/10
behavioral10 behavioral9
- Target
  
  vape/MainScript.lua
- Size
  
  83KB
- MD5
  
  dcae8898aa5159230060613f4d0037ff
- SHA1
  
  e36d7cb35ec8a28aac81f9dfa2ef66ade827e8a5
- SHA256
  
  3bfb1b8ae5958187809b014c1acef78eee7f9652213416a5a14f35be349a03b1
- SHA512
  
  31364850f27ee3460461a4f6d75076730d104c87b6a5866c723f71e04d6c84ab8241e86460497eb572514fb7a84c364de6837085f0374ff4b2795b94019019af
- SSDEEP
  
  768:aABxHdf9woNDfH9lM5snmXsWja1jpVxjfjTIkjblSBd4UN6j0jg/Qeij8j8jazYb:Nl9Fj9ltRktQwlnTpEJxrSC/9zK9X8XM
Score

1^/10
behavioral11 behavioral12
- Target
  
  vape/Universal.lua
- Size
  
  214KB
- MD5
  
  b86f6b53003858dd2eeff6978ffdaeea
- SHA1
  
  6f509119ab76b057dfed2b73ad83e621d306b679
- SHA256
  
  f5c884fa0283c7a4027f810a69a6be6b89a2c1f103947197f8a8d298c55ad972
- SHA512
  
  b0fa15258fdfb40a3d11540623f4de901076286c3fa595c8f744bef910e2e4857592939a33b1f35bc31de9b2b75837010817345b00d9f30c88e189ffa4d618be
- SSDEEP
  
  3072:g/WBs42TARc68zAxlee4jOEkWTPAp+GE0LGC4k/fPAx453N83jaQbbqRja0bbLai:g/GR2TAkk8D6aG80EBjoHYoODc3
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14