General

  • Target

    Release_JC.zip

  • Size

    1.5MB

  • Sample

    230728-wbknasfd4t

  • MD5

    a9724162dce3842d01909dd6cb75927d

  • SHA1

    513693ffcab5925b3d34998d8d576ac2bf82a735

  • SHA256

    cf7c149ddca88d85781c9f42ec85063bd961f2d9d1b51c808a465b28bd3ac6ab

  • SHA512

    7c502f51f0ed904eaf240b73c4cb7ba2f8a61d2e4373d2edb56379089da8fad4ec174d1ed59a82d0c0025a4385f9361fb4c0c47ea46fa3fbfe47a3af0861413d

  • SSDEEP

    24576:F8ejEgrs0hY2ESUEg92n2ohP4Yz1K/AsauWQOQWrxJzDTbEZMGSI/xIyM/zxQG2:/jJrsEZ019K2olH1eAsaFQvQJrb0Mtyh

Malware Config

Targets

    • Target

      Account Checker DLL.exe

    • Size

      605KB

    • MD5

      7d195f74cba7de61d65b8f56fe934b62

    • SHA1

      d2a82a92aa892b6ea91bf1242b4a9f53aa19245e

    • SHA256

      8b628bbbca171e01f51b744c52cd82c2868946296a7c36a6432e981fe9cedd7b

    • SHA512

      af35c6da0fe5009233c935e0800256f70fb2954c492d714b28ec90c9c9248f3c575f5cc6cab601d80bbc2f6a556c6c3306ac001a8b6c8818635abb035a107a63

    • SSDEEP

      12288:ut3LuN3BdlFnZ7yuHtYuS+7Vy/SzOPKBDDEFVtdskpnLWL:u+blTzNYwcSiPKKVYkpnc

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Target

      Checker.dll

    • Size

      381KB

    • MD5

      0c79b142b714a6b43bf81306dd2f6257

    • SHA1

      00fd13744c5d8da014bb84a76e4e252969b52428

    • SHA256

      a94f9de4a25b0d66cbe4640dbb9e74b626be585222397d0afff4b8cacaaea79b

    • SHA512

      0385ac3a924b30c44f0502fb09a2833f7b33ed68c79ec81b57558eaefe05359cae8b7af292469d9bada6f5ad36c940a3c5c29ef78224a47656cf129656cfddb1

    • SSDEEP

      6144:AAMJmZLoaAsMC42YLrSKXtQKkJSOSAn16dwrFUgioK7p7Mtv1i9/MjbNNe7OS:AA9ZLoa6P2YLrfrkJrr1ywyB7p7M/iRQ

    Score
    1/10
    • Target

      ENet.Managed.dll

    • Size

      827KB

    • MD5

      cf9a52a66d1646b5f3e57bcaee94fd73

    • SHA1

      dabd793aea031d58fd173bb752cf8adcc61845e0

    • SHA256

      e864c7b0aac1abe4eb9f74b28bb413586de1a48198b9e009eb3999e68a9c8583

    • SHA512

      557a351908310410562789f58b8f5c51049fd09394c4e8282838e0bec5338222131257b781e77d91a801de5bc38800ffb3f6f1cab494a10817c902c9f6d4b84b

    • SSDEEP

      12288:kE4RqwhxzcEtaJzhp/tDLb3Oun7H0HLv3rJmZLcyKu7RTT6akCNDV4X:kE4xYFVDP5ALTMLp/t7kCNG

    Score
    1/10
    • Target

      System.Memory.dll

    • Size

      145KB

    • MD5

      592a822d0136b14f8d661891ff17c33b

    • SHA1

      f05ce2a5891b62c968d30fad13d37fbeb42a4389

    • SHA256

      41b5e1a4c59abdb1ce1467f58c3d9fd06d39dff4fc61d500a2410fece8037f4b

    • SHA512

      6071c4d30283c9cf9c25023240fca97b33efbe51e2e4d1fd1d3692354e7f85963d87f38512260b37e71d7a7f5ac7a61396c8eeb1f862fefeaac90c53fef9e6a6

    • SSDEEP

      1536:Rxi8ae06y7Q0kSutmvEmFk0pBa/+h8k/6kY2F8xB0dhqABtx5yoG9QE+5Bv:P0vDkSutmhFpYqtDqAhjMQJf

    Score
    1/10
    • Target

      System.Runtime.CompilerServices.Unsafe.dll

    • Size

      16KB

    • MD5

      da04a75ddc22118ed24e0b53e474805a

    • SHA1

      2d68c648a6a6371b6046e6c3af09128230e0ad32

    • SHA256

      66409f670315afe8610f17a4d3a1ee52d72b6a46c544cec97544e8385f90ad74

    • SHA512

      26af01ca25e921465f477a0e1499edc9e0ac26c23908e5e9b97d3afd60f3308bfbf2c8ca89ea21878454cd88a1cddd2f2f0172a6e1e87ef33c56cd7a8d16e9c8

    • SSDEEP

      192:LGLxTyHvc4ROgcxAdWXYWJeaPtWsI9A9GaHnhWgN7aJeWw0fnCsqnajt:LgGLROZAdWXYW8aPcyHRN7WEqn1lx

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks