General
-
Target
Thunda-Image-Logger.exe
-
Size
74.7MB
-
Sample
231125-wwvn1acd6w
-
MD5
3174ae95667750e4d5e05ff78d87be2f
-
SHA1
dbb858639cb707b1a5398048baf371f04a873971
-
SHA256
653436b2ae3722db63a7c682a64c07e30af684dd474139187e8e521672ddfe82
-
SHA512
933636c74efd8cf424de0b8ad26ebe2246d2aacc705a60ca4d126a1d756407b539df77b8b325a762473117675a8905cd72f8a61b215a4d3c1bf25c8439243677
-
SSDEEP
1572864:z22MLeQxH0FSk8IpG7V+VPhqGGE7XQHUzvWspyppiZzI+hR1sWgSaZpBBcW:6ZLe6UFSkB05awGPQ0SMg2zd7sv1GW
Behavioral task
behavioral1
Sample
Thunda-Image-Logger.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
Thunda-Image-Logger.exe
Resource
win10v2004-20231020-en
Malware Config
Targets
-
-
Target
Thunda-Image-Logger.exe
-
Size
74.7MB
-
MD5
3174ae95667750e4d5e05ff78d87be2f
-
SHA1
dbb858639cb707b1a5398048baf371f04a873971
-
SHA256
653436b2ae3722db63a7c682a64c07e30af684dd474139187e8e521672ddfe82
-
SHA512
933636c74efd8cf424de0b8ad26ebe2246d2aacc705a60ca4d126a1d756407b539df77b8b325a762473117675a8905cd72f8a61b215a4d3c1bf25c8439243677
-
SSDEEP
1572864:z22MLeQxH0FSk8IpG7V+VPhqGGE7XQHUzvWspyppiZzI+hR1sWgSaZpBBcW:6ZLe6UFSkB05awGPQ0SMg2zd7sv1GW
Score9/10-
Enumerates VirtualBox DLL files
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1