General

  • Target

    b2075a6a43316757737cbdba6d46c258961ead7a9ae6ee2f7027b246b8ba08a8zip.zip

  • Size

    11MB

  • Sample

    231207-x3jqraef59

  • MD5

    526b561766ae9df7eedcbbb7fd71eb48

  • SHA1

    2ab14b38bb4c0ccd587502554d531499463b44db

  • SHA256

    b2075a6a43316757737cbdba6d46c258961ead7a9ae6ee2f7027b246b8ba08a8

  • SHA512

    d945ebb8f1729d15187ef3d557d42a975e79105c8f4a85b0b40ca5c0f4ca3f0762d8c70c2ca37e590760cfd1e191fa0dc6e821d45bb888024d51a9ad8cb1ccc0

  • SSDEEP

    196608:+gjwwxblrwX/RcINpZS8axJDkCs5tEJvpYW2ee324CnKq6sVzDy8rLIgqnZYy/du:+gjwORwvRcINrMpy5tEZpYZY4CnNDysn

Malware Config

Targets

    • Target

      AnyDesk.exe

    • Size

      3MB

    • MD5

      7ad3fe26834a30a1bf7fe277a1709e23

    • SHA1

      4261ad92d93cdd25c0e4a7bf6c71742019eea69c

    • SHA256

      4857b57e94a509a0cedd1f9fe38b0807d5dd2727012fe6c06c40413a45275c13

    • SHA512

      c264a26cd8bd0985d2c5a7747813603383c703a4004c6dfae911fb44a24f51cf491091d992f3e828e39c61260e6b6dad5b556331cb47936fbc1cf3a04ca84f68

    • SSDEEP

      98304:OuVHHn17/icXj0+bnFCvJU6ik5VB2EATliyeTQZKdm52:FH17acXj0uUvJU6n5VABiXTQk

    Score
    N/A
    • Target

      LastActivityView.exe

    • Size

      130KB

    • MD5

      a19eb1487622a13402c0d63eede58f59

    • SHA1

      c662772fcd96c7d6decd629af28f26014c506a30

    • SHA256

      b1b7a772c927b4d3e2e4d59ba69e3fe955506ff80cee0947d54c6b3fabef6860

    • SHA512

      6b7b676ebac4e3127a63cc1fbde85144d551c7d38330c516ccb0aeaa7558155eefc1dfba3f3d7b18510f8e099c37fa2504f1ff00607f52187a03780fd7f75f94

    • SSDEEP

      3072:gnk4eDEnIUuBkxlXvVbZTK1TT4ik69L1X7Bom:gngdBeXvpZTK1P4Kp

    Score
    6/10
    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      Ocean.exe

    • Size

      2MB

    • MD5

      406ee8b2243cf8193acd0a0df35f6808

    • SHA1

      0bf35f3becd6870dc6711a72a1fa2a847f79015d

    • SHA256

      1227ebbc393db7aaf3b323370fc80cf5a8745ea4eb140a34eed25d6957db7208

    • SHA512

      d0bddd58918307f74c898c46c308f301ce039c43580cfe01f5dde1bc391daf96b7688cd823f701bb49258700ab42bf4d787a11548af282aa57be8fccf97cfd1c

    • SSDEEP

      24576:KqRlOPsiDcX/f1t5EWdrTxhYJtjQTac7rl1v0acs+l/VMZyCV1EN/6UdnD88Jw4:prOPsiDcX39drTz/7rkaEl99i2nf

    Score
    1/10
    • Target

      journal-tool.exe

    • Size

      13MB

    • MD5

      445fbbeb5d7ab4cf029200c856b20d05

    • SHA1

      50023e87a4b53e23f5b3437aa13f99d7ec887020

    • SHA256

      8226b5885ea94def0a895da5a98fdcbd826da231a0eaded5bfa380a84cf8d0d9

    • SHA512

      83735ccd417acba82064391174587e4de7d53b546c7eb902d756ba068518d7ef4bf59ec47e54089d09cb58b702baf7f4fcbf79c25b1327c9db3d6e9e383a1176

    • SSDEEP

      196608:CcfvFlLGQXArrpgVutHN5cmhJxmzwmjUg35Z6:C8vhXiAutHvgwyUcq

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      shellbag.exe

    • Size

      1MB

    • MD5

      463058236a0d84f8f8982d946eed0e07

    • SHA1

      800ab71ed3b3bf4fb67fc9e1628e59d0aab8b124

    • SHA256

      c93a0f4c6b5f24ee31cddb92b0ea3337021b5fb91faae8a381d3bd2c9b6add54

    • SHA512

      18bd9aea8489c5e873a679da92c83d2739de9532f5751bd23aea9eda226b9a95909f8fd525b0ce47859492997002aee32ecf37bb79e07f24b512287b8fd58a53

    • SSDEEP

      24576:HM33oPhoNsZ8IbF1lyDt3Ups4yAg7UrA2ei9QgTum+ApT:sHogIJD2y9oIreG

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Virtualization/Sandbox Evasion

1
T1497

Tasks