0436fd55a874ef3acf5a5ce382b8fd43014d39e5a59f788c4b4f66d943b48ad8 | Triage

Sharing

General

Target

Anubis_Cracker_v1.2.1.rar
Size

2.8MB
Sample

240114-wd133achh7
MD5

dc75f60f5d365f4b3687290ce84d9fed
SHA1

cccc2874b8e7c1015c872d5019cd2436f28eeded
SHA256

0436fd55a874ef3acf5a5ce382b8fd43014d39e5a59f788c4b4f66d943b48ad8
SHA512

65c7d5d619abfb45c31f3d169a7c58deb12d5bfc06b212775c34946be4c4b102d41bdffe0cb6b371d9289260c9ebfaebc4d609ca7663d1056320c4249ab03ba3
SSDEEP

49152:iBE/m+N/fm8PpX1G7TD3lR4ZdZgPf7z4dicOLED2PVVlyHthMbO/pLypgerRrsiK:g2/ffB1u3n4ZdmsQ9PVVkHtYOhKg8RXK

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  Anubis_Cracker_v1.2.1.rar
- Size
  
  2.8MB
- MD5
  
  dc75f60f5d365f4b3687290ce84d9fed
- SHA1
  
  cccc2874b8e7c1015c872d5019cd2436f28eeded
- SHA256
  
  0436fd55a874ef3acf5a5ce382b8fd43014d39e5a59f788c4b4f66d943b48ad8
- SHA512
  
  65c7d5d619abfb45c31f3d169a7c58deb12d5bfc06b212775c34946be4c4b102d41bdffe0cb6b371d9289260c9ebfaebc4d609ca7663d1056320c4249ab03ba3
- SSDEEP
  
  49152:iBE/m+N/fm8PpX1G7TD3lR4ZdZgPf7z4dicOLED2PVVlyHthMbO/pLypgerRrsiK:g2/ffB1u3n4ZdmsQ9PVVkHtYOhKg8RXK
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  Anubis_Cracker_v1.2.1/!!! IMPORTANT READ ME !!!.txt
- Size
  
  911B
- MD5
  
  50eb1d29ee56c6fa2504738d6607d449
- SHA1
  
  10c8571785fc36fa8a7e08d525f3f4289ce6aa45
- SHA256
  
  fbdfb987b40b18bf329dd55cb47444c3c40f39664708d530d207145d3d5b2962
- SHA512
  
  3310ef1f0781c587170708fe55dc605908af91262c168754fa31933b4ee45059d1548a103a71ffcbfd98b9a1838cb523bc824c500ffd5a2cc312484ec7a07275
Score

1^/10
behavioral3 behavioral4
- Target
  
  Anubis_Cracker_v1.2.1/Anubis Cracker v1.2.1.exe
- Size
  
  920KB
- MD5
  
  4f1e74cbedd1033099abb239630cb2e9
- SHA1
  
  f8bf80d0cf2036a0ecec220fd96c54ef505cf8d6
- SHA256
  
  8be2123a095d06a26874de6820b653e0e549e3e46df83ae67de64917c2d16dc8
- SHA512
  
  3ab8d61abf2ff8dcc0a6f4f40e2b2f90ec8aad11daffdc73c82ef4ddf3d6b58de44bfa01793ae431dd7c5696093d5dcac434a89cb660120f5441c7c5f65d64d5
- SSDEEP
  
  6144:DR89qOXN3RQ7wmaue5R4a1JdpdmBuyjA:DR89a8JVmBuy0
Score

1^/10
behavioral5 behavioral6
- Target
  
  Anubis_Cracker_v1.2.1/host.txt
- Size
  
  90KB
- MD5
  
  34fd66a8f0e18a0e766e2b49381f7c91
- SHA1
  
  0b84d8abd16872f19df7728e1a89c2ae904ac922
- SHA256
  
  c6f4c934b66ba7c1c37f68ccb5fdf687e0ef17f2c4bfb26fbc212636803edd46
- SHA512
  
  8deec46a92936bbb218673ea5521297ee02228f8f02d0fe330c2a851dd351215f6630c0511df61bf82f54f3ae0470245ef447ec37f34f211379e77787a7e5f97
- SSDEEP
  
  768:m8xGCfgoFy1Ubeo67f7BK+dNlD9QZYyqPK7NrKOkV8zQrVE+zJul7EI3rHOMWIR3:mh91oVg9K+Dzyk0ORLskHbj03
Score

1^/10
behavioral7 behavioral8
- Target
  
  Anubis_Cracker_v1.2.1/mstscax.dll
- Size
  
  6.3MB
- MD5
  
  d2ecfeb7878010245ab8b3df577bb33a
- SHA1
  
  5c0fa6f27812731b2e69e9fa9b65fed6a9e5a6dd
- SHA256
  
  2ace1854323cd9a19a96f7b1eb079580afe480483b10bc5058a811207a5a455b
- SHA512
  
  575c68a58dd358afedae7c7bee12b1c23b906ed88dc5c0251e8d92343427dc335622bbb9ae665fc98f5e9b6238310c198421fddcbd5f93026b339103e3b40be5
- SSDEEP
  
  196608:uJ0gWhydrU/OHs3xJC5yhjm8w2ZlJalR2BhakBaevJp/4OnnlRCNtdIohyiiPPQo:+0gWhydrUmHs3xE0jm8w2XJs4BhakBaQ
Score

7^/10

persistence
- Registers COM server for autorun
  persistence
behavioral10 behavioral9
- Target
  
  Anubis_Cracker_v1.2.1/msvcp100.dll
- Size
  
  593KB
- MD5
  
  4f096d96285e06cd51aef7d2d3de04da
- SHA1
  
  c90ef0eb5b1a0b1b85ad6792291747fb6307dcdb
- SHA256
  
  5bb420fbe28315f2117376052bb8488ce84a3398dda65005b8ae1f792017e9a8
- SHA512
  
  80f558c50a71ad9c4930b3838b481e4fb453c38d57c91f7f70c1f86e4043b9a4fbcec27d7c025285504cbf3bde7c50b4770f18121d7818ac58e2ee9c2071f97c
- SSDEEP
  
  12288:uoBFUsQ1H5FH3YUTd/dfePA7XrNvEKZm+aWodEEGblH6t2:LFUsQ1H5FHdggrNvEKZm+aWodEEIH6t2
Score

1^/10
behavioral11 behavioral12
- Target
  
  Anubis_Cracker_v1.2.1/msvcp60.dll
- Size
  
  558KB
- MD5
  
  6a3e8d68c222f6772c25d751e2732a71
- SHA1
  
  885964e871e76da56db8ccf90a0be0804085de5c
- SHA256
  
  d7b71b967ab109bd2b3da839cda31afc05eaf4e82cf4a947c09cf4439a39b5db
- SHA512
  
  bd2d3fd266c6eb6bb0e52326c1b3cc48399a0085f008a77d14fa2d8b46a5c3876bf52e9d49dd1448761e9b67bf02912e36a3ad879db618c04a95956670457ffd
- SSDEEP
  
  12288:y3Mn01EsPM0P9c7oR0FyF7QBlXbZGwz3ludFDISEKZBWodeA4:y3Mn01EsPM0P9c7S0FyCBlXbZGwz3luU
Score

1^/10
behavioral13 behavioral14
- Target
  
  Anubis_Cracker_v1.2.1/password.txt
- Size
  
  50KB
- MD5
  
  d70042a270597b2f00f32707319334a0
- SHA1
  
  f704499267bddc52160d9bd2cc46b96e6e862bd1
- SHA256
  
  090bc5cf508bc60f43be74100c752d3e49c104f2d325c9873fe447cad39d631e
- SHA512
  
  0fe7773e85344b78310e69d8d37c018ddcb18c73ec20ba748a42e3bec2e9abecc60c2235f4e9cd253851850ecc7771b90b1f4105ec4afb610069969b7e202a39
- SSDEEP
  
  1536:/I96/yVw+Ql3iuCBJC8nCxUsNT0XiDmPK1z9lHjNGLHvlega:/8AyVwRlKJBCiAT0XiDmPGz9lYDUV
Score

1^/10
behavioral15 behavioral16
- Target
  
  Anubis_Cracker_v1.2.1/sharpSsh.dll
- Size
  
  817KB
- MD5
  
  618ed9abe2867b4e4d8acdfe3938381e
- SHA1
  
  87693343c1f63dfb22c8f5f895aa0e623650df61
- SHA256
  
  b70117cf38b512ddde49ee176ca1bf96154d6ece51ef46d6c10f1d6b2d9e3d23
- SHA512
  
  6a40e7e2bb4a2037480481fa7e236e3bb91c4e3e7f626a4c0dd45078b5653666ad29ab31ce628a12e83e277cf57962ef813f5704e9f975dccc522dcd8369f758
- SSDEEP
  
  24576:CTWcfPOpFxTzmevkYK4FxTzmevkYK4FxTzmevkYK0FxTzmevkYK:CTJ+HNm8kYHNm8kYHNm8kYbNm8kY
Score

1^/10
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18