17da20b574a032fe666b373e92704b10ee26f3ab0a2a1258336e5d0aa9a6c2c6

Sharing

Copy URL Twitter E-mail

General

Target

5a12007875a268dc0c74d10f2322119b
Size

660KB
Sample

240114-c8ry4aaffl
MD5

5a12007875a268dc0c74d10f2322119b
SHA1

65a8f85b38f929449781c07c701b2b8b19091436
SHA256

17da20b574a032fe666b373e92704b10ee26f3ab0a2a1258336e5d0aa9a6c2c6
SHA512

9e224a4d4b25efc457e11a00b8927a44628c514cfde43c22cacca578e0547a1088a73bf61f243ce2eb00d50b46ca00ee4dec586ba428e3ebd3f0aace436cad1f
SSDEEP

12288:Yt9I0PSltlNm30W0WbxEqFQH9l7bN2Q6hlmkguRtD+pY0Czi9e0/E/xZ:YpKlc0iFFQ38bnguPKpY0WVsEP

Score

7^/10

Malware Config

Targets

- Target
  
  5a12007875a268dc0c74d10f2322119b
- Size
  
  660KB
- MD5
  
  5a12007875a268dc0c74d10f2322119b
- SHA1
  
  65a8f85b38f929449781c07c701b2b8b19091436
- SHA256
  
  17da20b574a032fe666b373e92704b10ee26f3ab0a2a1258336e5d0aa9a6c2c6
- SHA512
  
  9e224a4d4b25efc457e11a00b8927a44628c514cfde43c22cacca578e0547a1088a73bf61f243ce2eb00d50b46ca00ee4dec586ba428e3ebd3f0aace436cad1f
- SSDEEP
  
  12288:Yt9I0PSltlNm30W0WbxEqFQH9l7bN2Q6hlmkguRtD+pY0Czi9e0/E/xZ:YpKlc0iFFQ38bnguPKpY0WVsEP
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $LOCALAPPDATA/RavenBleuSA/bin/1.0.15.0/$OUTDIR/RavenBleuUninstaller.exe
- Size
  
  144KB
- MD5
  
  0e6df786ab3ecda3b43cd1d656492a4a
- SHA1
  
  a4cc62590def9182576bbdeea7aa6ebcdb071ae9
- SHA256
  
  d2ac8a821abda1a921e04c25d010db4aae74329eefa9059688c0fc47d24363b8
- SHA512
  
  a651a580db4fa90ce33b24590d7eab64a91fa8fa5d77989708505f497225b9902dc9b629ba46c55134a0d297c729675fe879c36eb2277606bdfce2e5eac1ddb3
- SSDEEP
  
  3072:nQIURTXJHAAX13Jyx7qFTbNRB+z1+Yi/VruwVPhw2AqaCd+VtY:nsirx7qFT5+h+L/VKYazGdIY
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/Install.dll
- Size
  
  276KB
- MD5
  
  9d6dfc7dceb09ed2308447045ce7036f
- SHA1
  
  2b6fc09cfec4cd9be5e0ba546c1d84634df43d00
- SHA256
  
  e83136b0ad2ad660c0287cb2a6716442c69939b9ab4ccded54f2c7413d635cf9
- SHA512
  
  6836feeb029f66eb6e08a52aaed36f2341a7d5df71b253835d4a668992e8d62623b716b510c238b342964a2d54a63a90794e031db4f2df39d1a5ef62748acefc
- SSDEEP
  
  3072:2NvIiB+blSyhzMdlEiYion+x/KSEhESOxMYatkd79fW/Ut95hzJsSEexbwtcV4xx:QzbE+lEioC/KtRYatkztR19V+x
Score

1^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral7 behavioral8
- Target
  
  $LOCALAPPDATA/RavenBleuSA/bin/1.0.15.0/$R0
- Size
  
  140KB
- MD5
  
  30f03249f5d1bd904fbe1442c95dd9fd
- SHA1
  
  0e93e1e1cc4563d02768548eaab7fc79663f98d0
- SHA256
  
  ba7c715e6b44b187024eaeb25168fa2fb104a6a0ceee22612f9083f31f78d6f5
- SHA512
  
  15f7d16868eb9756f8778c61efa57e23507d75cc83a091f9241eedb488c1d5957dc7dd3fc7310143d6b9393443c19b38f7106ec9f88433a64930a8348ade8e1b
- SSDEEP
  
  3072:cghCBhu9dtpfgmatc+yWDX5XA0VH8htRcsml:1hghu9dt1gNYWDX5J
Score

1^/10
behavioral10 behavioral9
- Target
  
  $LOCALAPPDATA/RavenBleuSA/bin/1.0.15.0/RavenBleuSA.exe
- Size
  
  763KB
- MD5
  
  a07ac42d2119fb500f4ba472483603fe
- SHA1
  
  fa949614578cee18162e59d4603f1c22dc25af2f
- SHA256
  
  9c83d9b7791699ed382e4d21b46dfb705c274ddc61809822e924e8c7051d4ef6
- SHA512
  
  8bf7463ac62332ecc8ef352546fcda58b0954d079090b98c7c7f881ddbf517cec4fc8ba037ac8e31446389ab0af817bd4834b1fd689b8b6f6fcaf960e15a4049
- SSDEEP
  
  12288:CiAqXBJsw7ypuQgAn7bMKXpyLLaAdI2lT8IvwCLk8Sp93121djfastWwdEVdJf:CiAqX7xSn7wKXHAW2pHvwCBo981djawq
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral11 behavioral12
- Target
  
  $LOCALAPPDATA/RavenBleuSA/bin/1.0.15.0/RavenBleuSACB.exe
- Size
  
  267KB
- MD5
  
  50b82d19cde1a443c60f8c4efc79cf6e
- SHA1
  
  33744768050b686799f57a45853bd04df2990a3e
- SHA256
  
  8e1a0afe620ac3dd8f14751b336a61b1818bd60625ddc0affba0da44495684b5
- SHA512
  
  fcfcf2401eb3500b91ec7a2e7a62e431c411b293e2d046f0d01301f343efdb72fb1ba73b0f241014bc4a005b8d8c24388cf28a2c2bfa8a0fe358b285ebc590b7
- SSDEEP
  
  6144:robwxLwuPOmBzE9uaH2IGeFAgJA1EHKYbDmI7:VxL6aE9lH2ITFAgJA1WXf
Score

1^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/Install.dll
- Size
  
  276KB
- MD5
  
  9d6dfc7dceb09ed2308447045ce7036f
- SHA1
  
  2b6fc09cfec4cd9be5e0ba546c1d84634df43d00
- SHA256
  
  e83136b0ad2ad660c0287cb2a6716442c69939b9ab4ccded54f2c7413d635cf9
- SHA512
  
  6836feeb029f66eb6e08a52aaed36f2341a7d5df71b253835d4a668992e8d62623b716b510c238b342964a2d54a63a90794e031db4f2df39d1a5ef62748acefc
- SSDEEP
  
  3072:2NvIiB+blSyhzMdlEiYion+x/KSEhESOxMYatkd79fW/Ut95hzJsSEexbwtcV4xx:QzbE+lEioC/KtRYatkztR19V+x
Score

1^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/LaunchHelp.dll
- Size
  
  66KB
- MD5
  
  66fd0bb3adb4cbfc2cbce88d951455b2
- SHA1
  
  1ca5b9b322886165748223107a1676a82cb3b3b2
- SHA256
  
  0ac3ca465b41fe6af0ba88fe774c6e6a1b3424597f6f0807c0313e3d12623c7e
- SHA512
  
  a8a5ae3300cff3c155bfaf48734f60b3e0f5dc7883776fb1169ab171ecb6f5f2266dd67802ec029c2c32fc21189b4337671c4d5f13bd43771c627d66ecff47ff
- SSDEEP
  
  768:NAVPzAnhYtIvY/09Xa/k1ZfEkO9QNxhJOfLYwLgEnBC/tkeeXvAiOUEDInTUC3Kl:NGzrtIiMjHQfLYwLJnI/tkzF00S
Score

1^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/Setup.dll
- Size
  
  70KB
- MD5
  
  9c8835822398961633c9d3310b496bc9
- SHA1
  
  b3b63d03f4404d5fc83381ae51674295f9d7afe7
- SHA256
  
  c6a82e900583a008d6eb44136da724feff6a308b9de729a4acc2da2ba1d13227
- SHA512
  
  2ee08d6017a857d46470d7502e2226fea4de580f70ecd8eb7b481135ea9005188c45987da201db4813f6144505aabaabb652091ae3b41ba02ec78d5a33d7b3c1
- SSDEEP
  
  1536:POp38HGenOtD+ZZeYJqwLNLWcjeEf/kiSGlt:PBZXJqwA/EfFSG
Score

1^/10
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  72KB
- MD5
  
  db6fa5497746c30f657d4f5273d4cf9d
- SHA1
  
  097b939914f2f12f5cfb7648359d0c6d95deb0ae
- SHA256
  
  c7d9989d927b4e0622983bb1fabe26d0c8a45c217b93f837e1855af76edb040a
- SHA512
  
  75d19d6161ac4648855b197ff02e326bd4b751e00e3ebbbb054124af50f89827c0f7676ed7ef6f8613f0027e999720229e2ebac28f156e57993d83bc7f318558
- SSDEEP
  
  768:wMWMshg75NF64QY04Xod0YmS4uYjHIyUg5luHT3W/Ipz6BTpeRpl/i5kUykfIq:washg44k44mnjHIigHTW/Ip0TpMy5/
Score

3^/10
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24