bc4e2e5e6b47482339f33f041636fc1b03f7ae31c7aaf575ebc3a090fdd51d32 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Virus_Destructive_open_source.zip
Size

283KB
Sample

231012-emkn1afg32
MD5

0592f326bdc30a76214b2a145f6ef04e
SHA1

3d7f82338a8ec90d3effb7d3f123c4e05a3b6178
SHA256

bc4e2e5e6b47482339f33f041636fc1b03f7ae31c7aaf575ebc3a090fdd51d32
SHA512

161646245dec8cb4f9a6195968eba8fb721c613b4ed6736ecfa6198e67fa894ac49247d026d814e19ecd5b9b03ef86a8d63b1b510b81b3329269434c1104b122
SSDEEP

6144:TqgYkgz2w8EOfqgYkgz2w8NK4O1c21TKQo:5Pg6MOVPg6lR2Mz

Score

8^/10

discovery evasion exploit

Malware Config

Targets

- Target
  
  Virus_Destructive/Virus_Destructive/Form1.cs
- Size
  
  1KB
- MD5
  
  356957ec9fa48cc0ec04068c78da2038
- SHA1
  
  06c36444b59f7f14dc2e4478d630bff5bb34ba7f
- SHA256
  
  3d40391136a7239c9fe333f255bb2b7b5b29f92f59556afbde64b41fa13656de
- SHA512
  
  b245cb2487cef7a9dca10c8403113c3802920ce4f4f22c25aa19ed49983545fce75a04175a5c312d055945d1217ff1b94447d798d8d6e080c42608dce282aab7
Score

1^/10
behavioral1 behavioral2
- Target
  
  Virus_Destructive/Virus_Destructive/Form1.resx
- Size
  
  5KB
- MD5
  
  4eb5913a0e5aa842250f7419538fa230
- SHA1
  
  31fb76e5d9babe97a11fea041081f96ce426107a
- SHA256
  
  4363cd7d5b8671c72442ce1a1bfc10d64ebd24b2d718b54bd4fcd025e4967298
- SHA512
  
  846207f9db4c05d2070482c27af72c50b8f423ac1c7efb5266b059f6a41362704e9f5a590e428f4aefd791edd2e21c1b34473361911cbeea2cfcaf741b5bebff
- SSDEEP
  
  96:fijrkiK5k5LPXbac9m5Lv6FzSvd4gIRjETUT2+0qSdvabvDBwbjBu3FqvuFZ:KjrbLPD9sLvIzSvKgIqUyahFZ
Score

1^/10
behavioral3 behavioral4
- Target
  
  Virus_Destructive/Virus_Destructive/Properties/Resources.Designer.cs
- Size
  
  2KB
- MD5
  
  789c29e4a1b431cc33a3a41816483c9a
- SHA1
  
  eaa1a1603d78ceed69c3da9867a302b8875632e2
- SHA256
  
  b63a2230442e8bcaa5ebe5e062e9fe97373404b4e976170cc481eefb643c5599
- SHA512
  
  cf296f506d3f006e5d0a273af919ceace2938110c9bc2840e82e51c3bdccbbc61d3a2d1f34d7811dbcd9f1b3d17a9cbb38b98461c8b8a9dc82edfed21d1ec8e9
Score

1^/10
behavioral5 behavioral6
- Target
  
  Virus_Destructive/Virus_Destructive/Properties/Resources.resx
- Size
  
  5KB
- MD5
  
  0cd8c971317d19bbed44757809bcb92b
- SHA1
  
  47b15748ecc8e952c5935170090db7c269ce4b4f
- SHA256
  
  66b5ebd1b0fc73f041ba669ce2184f6f471d5e3524efa34ca31233e9f5395262
- SHA512
  
  883dba84bf7daae3ea49f9d54c13dda4f125da82ba63f90eeba0900602896ad9492a0adf7b69b67d838034090af20926af5c2934797afaadb38aa069786c1fc6
- SSDEEP
  
  96:fijrkiK5k5LPXbac9m5Lv6FzSvd4gIRjETUT200qSdvabvDIwQBugqvA:KjrbLPD9sLvIzSvKgIqUEa2
Score

1^/10
behavioral7 behavioral8
- Target
  
  Virus_Destructive/Virus_Destructive/Virus_last.cs
- Size
  
  5KB
- MD5
  
  64e756b04ad64383458dba41a65a120e
- SHA1
  
  019e874d627329e13d0dd13b2709351d077f14cb
- SHA256
  
  5657d3c9b3a00e709d25c088796dab37f4e1f3d4b62de1d4351ce6be05ebe248
- SHA512
  
  500baef4228eda63764c3f6bb50cb44adbbaf58933882ac5448f6f6e68b3e789e87407b6aab6bab0662e380fd0137648605dcc644c92a395de6badd5e8003720
- SSDEEP
  
  96:Jo4h4Dcz02n1X//FyDENJvVf0h5TrGq92yw6p7p4d5xy8GBxcspFAgH:9KGpxo43u8G4sgE
Score

1^/10
behavioral10 behavioral9
- Target
  
  Virus_Destructive/Virus_Destructive/Virus_last.resx
- Size
  
  6KB
- MD5
  
  7efbb2e824f6c61b5fdec229007cc772
- SHA1
  
  df5bb5b6267ea0ae472a2489bdb12994577c5179
- SHA256
  
  a877409681a98cc43b8449488b607e9e76965a1377e3789d780f09a74e64ce9a
- SHA512
  
  de0de9305733e8ebdafee9ca88aa8bbd3c6aa7e37b67e9ce0a44924141d24ad19549b375e58475d72ea3c23339f5e4e435caa1e084d5401bb65155a60cfac68f
- SSDEEP
  
  192:KjrbLPD9sLvIzSvKgIqUyahFGbawQbawY:KjrbLPxsLvASvKgwyahF8aw2awY
Score

1^/10
behavioral11 behavioral12
- Target
  
  Virus_Destructive/Virus_Destructive/Virus_payload.cs
- Size
  
  5KB
- MD5
  
  d92f0dd60bcdc5f440c6d76646272ff8
- SHA1
  
  99c3f106ce5d2d5c14ba059c32cf7beba626b144
- SHA256
  
  a2092f5be90b6393ad8f949b232adf4ef0cbd975e8e6c5952e331eb6911e12c2
- SHA512
  
  5038a9112e75f66a85221f7976aa0da42831b3ae50abf7900da77002dc1fb535e887ab3fd7c3856cc6ea21579f7ca09844d881ebb46eb46243335b7f015419f9
- SSDEEP
  
  96:Jo4h4Dcz02nXyO4hL4+5Bcxv5Rx+2OC47VuWKRTuyCgzYN77p868Cq8zFzT+7cCE:9KGpZmc55RtWK53CgixtqQzTbUG3jHN
Score

1^/10
behavioral13 behavioral14
- Target
  
  Virus_Destructive/Virus_Destructive/Virus_payload.resx
- Size
  
  175KB
- MD5
  
  adbf622f0e2eaa1d80b97dca266f07a5
- SHA1
  
  aaee6cccf92fa2f349f2a316baac87a79cdbbee3
- SHA256
  
  18e744c703292f9f0ae7503bb12598f41de540557208696a6178bda3e878fdb2
- SHA512
  
  3af88245447f6bbda780cbdabecfd386187743d8492f794e290fd1b41f0ab4e64a93923aa9e43285ebf61f9886257e7b67d1c9415f2caa163ffd0a1b3911c2ea
- SSDEEP
  
  1536:Kj2v67EesVzeX3VzQDcWRbpoecWiBrrZMLbx:Kj2GczeHVznWxp7DUMx
Score

1^/10
behavioral15 behavioral16
- Target
  
  Virus_Destructive/Virus_Destructive/Virus_sound.cs
- Size
  
  1KB
- MD5
  
  a7b9ae59d96fc7e73fb7818568ca84d5
- SHA1
  
  33824ddf296cb69ecd11986ca1907f9a92e2aa4f
- SHA256
  
  be8c602d590c2e8a84471e05174a7e988adf6686c3a8948bcbfc599677a7232a
- SHA512
  
  9d7f37db736e2e1de45b7d920731de4d7925d4efdedcc59e7ea5ea98ea9522df67b0b8b2364ea9109b30f59d0c08cc073cc19868c09200f10c70cd8eb4c35272
Score

1^/10
behavioral17 behavioral18
- Target
  
  Virus_Destructive/Virus_Destructive/Virus_sound.resx
- Size
  
  6KB
- MD5
  
  442dd55a78720e0dd5008a8354a57947
- SHA1
  
  f62869fc335f0226a5d9048a17629dec9df3f8d1
- SHA256
  
  724c0183be05dec5a99d0f8bde5667f6ccb9e7cf4d7b2c2c9aefbe817fea1a47
- SHA512
  
  8177f8ed7445c9e7560b47b5e308ae1abdd8601dce064398dd4c4804c8d59c0c4118c9bbb3673f5fbc08a1cd64c4a17bffeaca6393e40cfed142b6e407f249c1
- SSDEEP
  
  192:KjrbLPD9sLvIzSvKgIqUyahFGbawmbaw4:KjrbLPxsLvASvKgwyahF8awcaw4
Score

1^/10
behavioral19 behavioral20
- Target
  
  Virus_Destructive/Virus_Destructive/bin/Debug/Virus_Destructive.exe
- Size
  
  249KB
- MD5
  
  1241c7fa483e828693d121d6933ccc19
- SHA1
  
  d766b6a14c9476aad4fb994fa06a24265f1eb24b
- SHA256
  
  4a132f5fca3763d8328c66ae447ac331e5bede35a63b6cac8bd845a3504d5bbb
- SHA512
  
  febb9519e5c63ea50d673c26a98fa675378c1d9205bd9bc878aeb3e0130c2cd877ad922df4a2c7dcea7a9815b6fae83becb896e38f59f3d7a7edf0e161cd28ff
- SSDEEP
  
  6144:I50tR/5gjbnI3OkLFxD5tKdHDunqIxynuzJ50tR15gjbnI3OkLFxD5tKdHDunkIs://5gjbnI3OkLFxD5tKZDunjxynuzu152
Score

8^/10

discovery evasion exploit
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
behavioral21 behavioral22
- Target
  
  Virus_Destructive/Virus_Destructive/obj/Debug/Virus_Destructive.exe
- Size
  
  249KB
- MD5
  
  1241c7fa483e828693d121d6933ccc19
- SHA1
  
  d766b6a14c9476aad4fb994fa06a24265f1eb24b
- SHA256
  
  4a132f5fca3763d8328c66ae447ac331e5bede35a63b6cac8bd845a3504d5bbb
- SHA512
  
  febb9519e5c63ea50d673c26a98fa675378c1d9205bd9bc878aeb3e0130c2cd877ad922df4a2c7dcea7a9815b6fae83becb896e38f59f3d7a7edf0e161cd28ff
- SSDEEP
  
  6144:I50tR/5gjbnI3OkLFxD5tKdHDunqIxynuzJ50tR15gjbnI3OkLFxD5tKdHDunkIs://5gjbnI3OkLFxD5tKZDunjxynuzu152
Score

8^/10

discovery evasion exploit
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
behavioral23 behavioral24
- Target
  
  Virus_Destructive/Virus_Destructive/virus_last_again.cs
- Size
  
  709B
- MD5
  
  4bba49e1690252c905d3a8a2a4fde009
- SHA1
  
  febcbb88b631c0f195b18393c8b0671ee4044818
- SHA256
  
  f14eedaef1e0daa6f41e06414f85b2d1f39e09b6273c0908301e21eb6724aa9a
- SHA512
  
  bc9780a887efc27e2df13ec40bf4da4f1c4abf11bc5e26866ee1cebe6f6dad1f2010d606657ae13416c0995c6dac5e6bf79f95c85e7668e0e978c5e1cee24de3
Score

1^/10
behavioral25 behavioral26
- Target
  
  Virus_Destructive/Virus_Destructive/virus_last_again.resx
- Size
  
  5KB
- MD5
  
  4eb5913a0e5aa842250f7419538fa230
- SHA1
  
  31fb76e5d9babe97a11fea041081f96ce426107a
- SHA256
  
  4363cd7d5b8671c72442ce1a1bfc10d64ebd24b2d718b54bd4fcd025e4967298
- SHA512
  
  846207f9db4c05d2070482c27af72c50b8f423ac1c7efb5266b059f6a41362704e9f5a590e428f4aefd791edd2e21c1b34473361911cbeea2cfcaf741b5bebff
- SSDEEP
  
  96:fijrkiK5k5LPXbac9m5Lv6FzSvd4gIRjETUT2+0qSdvabvDBwbjBu3FqvuFZ:KjrbLPD9sLvIzSvKgIqUyahFZ
Score

1^/10
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

discoveryevasionexploit

behavioral22

discoveryevasionexploit

behavioral23

discoveryevasionexploit

behavioral24

discoveryevasionexploit

behavioral25

behavioral26

behavioral27

behavioral28