dceb403322c56504e7df3c96414097994ae92ef0e659a84ba6447aecc9e37fdf

Sharing

Copy URL

Twitter E-mail

General

Target

core RDP VIP.rar
Size

949KB
Sample

240203-tj9ahsdbe4
MD5

b4cf60cbe7e7fcc9f3711bc0a45429fd
SHA1

dde1b5992bbcec934d82d849abc14a472f712035
SHA256

dceb403322c56504e7df3c96414097994ae92ef0e659a84ba6447aecc9e37fdf
SHA512

1725a69f69be4053727e87251da23043d16c1759faf4bf3dff32e2e4ddfa6a4dd48f122ad5dd46fab05c9a3f0e3f307bfb307bc0aeeb5466023d6c39efb97e37
SSDEEP

12288:H2szzl6UIg+FQpK/9BeIm9Jf4UUlpTioEKrHZs5yVNu7Uvv8mWF+D9MYXUfqDyc7:WsPl+g+Gmd4Jf3oEKDO5/748mHX/8WL

Score

7^/10

Malware Config

Targets

- Target
  
  core RDP VIP.rar
- Size
  
  949KB
- MD5
  
  b4cf60cbe7e7fcc9f3711bc0a45429fd
- SHA1
  
  dde1b5992bbcec934d82d849abc14a472f712035
- SHA256
  
  dceb403322c56504e7df3c96414097994ae92ef0e659a84ba6447aecc9e37fdf
- SHA512
  
  1725a69f69be4053727e87251da23043d16c1759faf4bf3dff32e2e4ddfa6a4dd48f122ad5dd46fab05c9a3f0e3f307bfb307bc0aeeb5466023d6c39efb97e37
- SSDEEP
  
  12288:H2szzl6UIg+FQpK/9BeIm9Jf4UUlpTioEKrHZs5yVNu7Uvv8mWF+D9MYXUfqDyc7:WsPl+g+Gmd4Jf3oEKDO5/748mHX/8WL
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1
- Target
  
  Cracking/AxInterop.MSTSCLib.dll
- Size
  
  272KB
- MD5
  
  3eb679a6c517d8d1f30274fca43aa3dc
- SHA1
  
  bf5d0c744f858ffb38f8028084df1b1213255405
- SHA256
  
  0628dab4e012b1f8620971a822e1dce4edcc6f9e18599b04899d314c13274632
- SHA512
  
  c671b2a8f7181ad4fa8bee2efc977f5b882e1d84144bff7dc3bf6cee717902e7496b1fe2ed8c341f011f43d395157e1d107c9e42380ca7dd05da06f129e4b8b8
- SSDEEP
  
  1536:N/QMeE4qSDLX7LiatenX7L9oi6bGA5yBcLUqGSNl76k3xYzhtEySYJxlJRJ8M/Wv:5ebqSDLXOSz3mWKH5ntoGxT+0C1Z5o+
Score

1^/10
behavioral2
- Target
  
  Cracking/Core RDP.exe
- Size
  
  521KB
- MD5
  
  c0596a4239ffc9e162bac50b57a1351d
- SHA1
  
  0ea8c8873b947713957d80f0cfd2196ac6355d76
- SHA256
  
  075f1e405d224212be9dfce4f465ea042d5ffbc130c27173dfc574e926cbef99
- SHA512
  
  bf616a10eece91808b8563bedd54ed865e35e77a4a61a1773025b808ad1b0ab414b93cd27597b0fefa3f386bfe5fb44246247da792db88cc1c2b1902daa7b042
- SSDEEP
  
  12288:9rMIztyCK5x8CBmn+RrNbEyWYa0Ie1vUx9VS:7ZyCA8CBmn+RrNj9ay5IS
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral3
- Target
  
  Cracking/Interop.MSTSCLib.dll
- Size
  
  532KB
- MD5
  
  e0f0b9d47135701778bd913e2ab45074
- SHA1
  
  b66ac1ad20ba578a62df58df1811846b6a18b5dd
- SHA256
  
  d75fea26339ef6b646ff56fb42475e83363b77a5b0cfc3cd5d6a5bf5a3f7b16e
- SHA512
  
  2cfad7b3f636b76997aa575e74b56cc41f52d00640bf7e90fe780d93ca4adcb1f26468de844af77d3c929d53defdbe1b280fdf1180151af5be42161e853d3c54
- SSDEEP
  
  12288:UBWTIl6XcZeLA9CvURGjYVqHspObQtyf5dunAhS7kVGfIZUTN+QN/SZ5vlyu54Mg:UBWTIl6XcZeLA9CvURGjYVqHspObQtyX
Score

1^/10
behavioral4
- Target
  
  Cracking/SkinSoft.VisualStyler.dll
- Size
  
  1.0MB
- MD5
  
  60ac512e63a6b95eb37cfd530a01b94e
- SHA1
  
  4b5a1fa50008439ac074d732447ab9032a157114
- SHA256
  
  9f3e7ea22d052fee0e5be8cd904ac4425f3840df7452c760d5cc5357830c394e
- SHA512
  
  a6cbf2f1f6eedcb142aeca7218334dd16058b9f643e51cee4771e1a0f7124676361deac0c48d61468296e88035e4dd49b55fd139b80ece54c86c0338bdedd681
- SSDEEP
  
  12288:WsbIKGyxiGBHjhRjZSalYv4/EamVtHgaiyv:W2BxieHjhRjZjuRBbHbn
Score

1^/10
behavioral5
- Target
  
  Cracking/System.Management.dll
- Size
  
  376KB
- MD5
  
  16f62536febaa67a4bd758807a81de88
- SHA1
  
  d7260f9da524dacaccde322059b4227ad995a23b
- SHA256
  
  12c75fb75ee48ae22ea7bf6255eefe652134b574a9d5ecbc33efd9fcb97cdbbc
- SHA512
  
  cb3d518aee566e12b52dfaf8db88ab49d1fec674236502f647874031ab1ec357cced69ebb679243828fe60d5deb33d2a8dafd8f3713d8dbced599193a76bc9bf
- SSDEEP
  
  6144:2bpqJqm4qDn2ab91rgDTZJgHayD5Yj8KC0E:2bpqJ14qDn26rgfYPKC
Score

1^/10
behavioral6
- Target
  
  Cracking/arab.txt
- Size
  
  71B
- MD5
  
  f2c403c23e4b08379746cc62b2062f7c
- SHA1
  
  8a8870b98a0cf347843734c83d4c97b90050f337
- SHA256
  
  7d1a312dd0cb0d04703653ca05728143a9b84d8e6ff790a6badf7698d4fe66d0
- SHA512
  
  aaf83db40f9d4c5fb6770507c2274e2defcab1936c683833e61373a393a2606a1779ac313d935cd6ee55e17109a20d70a14fc28b1890fd2b8b1cab0b2dd94933
Score

1^/10
behavioral7
- Target
  
  Cracking/gCore RDP.exe
- Size
  
  1.2MB
- MD5
  
  3f3552b31301250608fec399088bf541
- SHA1
  
  69db13e5a61025d88e987b8cc93cd41be5ca8cb1
- SHA256
  
  246eb16061998e2ecb90485bc8eedc6300c4bb5dd221454ef4424ae17ed77ddf
- SHA512
  
  513f77b73e4a666aacbc47958350344b61344b93cb2429014a1e0faba0a07d282075653558488f1c646dcf3711c0dc413cba28eefd9ae06330b7a53bdb69c26d
- SSDEEP
  
  24576:JQBWTIl6XcZeLA9CvURGjYVqHspObQtyf5dunAhS7kVGfIZUTN+QM3lyu5nWtuSY:+BWTIl6XcZeLA9CvURGjYVqHspObQtyi
Score

7^/10
- Loads dropped DLL
behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Loads dropped DLL

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8