General

  • Target

    DirectoryOpus.zip

  • Size

    37.8MB

  • Sample

    240223-qm315agd9y

  • MD5

    6ebb13f501b4d0452eeffc08fa7fb381

  • SHA1

    e3788a1bd46d06ebe7185b6a3660a4dfe06cdb52

  • SHA256

    f0be34597af1f13ecb5297508075745ee2af467564bd0ed6fc025a4885924456

  • SHA512

    77355748caac5aef0682db26623077cf998751912dbcbd560f6fc0dc7e2b4a1b24b389faad1cdd721488bf86055fefb2d3105c988195e6901f02e4b21a130c4b

  • SSDEEP

    786432:mwxb7qwgheERJM+7O5XVvoBUHMGVQsmcO0zaTCySuuvWWFtKiS6peMiLeH:ms7ypRJM+7eXVvoBGMGrmfjlSV/j3iU

Malware Config

Targets

    • Target

      version.dll

    • Size

      67KB

    • MD5

      47f8ae27b9bd71108a86280e1c725e37

    • SHA1

      9a398eb8fe991fbb2c6bdf57b60f8c104127b2cd

    • SHA256

      b4e35d2d294ab6ef2b028b11766cdd52365b7347bc0255f37de3148984ea3016

    • SHA512

      1fb3dd049a636607dbe199be96eef883b220da15308582dc5322add5be68ed01d567a5f53f137f63f837670841d81d971482d2cdaa9882950f200a8565d147e2

    • SSDEEP

      1536:fVBOTgnOd9kcb98pJJXZIMZW3Lb2EU3rCSm53VmckVPxIiT:+Hwcb98pzXZIWW3vbU7p8UckVPxIiT

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}/Download Latest Cracks and Apps from CracksHash.com.url

    • Size

      117B

    • MD5

      2fe280a0aeda1ec09a93f82d81219217

    • SHA1

      b5e8792e2b7f729e714e1a8008fd9fec54f4eb8d

    • SHA256

      cdbfe5133e2845993b32f14966ee8998ef5c4593234065b8dd5081cb5ec69631

    • SHA512

      a34929f385b1302385f7f0d774ddd74d0c922e10f6b1b84fdf3e554a1a9e564abe08b65eea70a5c6060711467e4dfa8e587ce861272f8ea3e0b576d3150af3cf

    Score
    1/10
    • Target

      Directory Opus Pro v12.28 Build 8189 (x64) + Fix {CracksHash}/Setup/DOpusInstall.exe

    • Size

      38.1MB

    • MD5

      b196ebf4b0efe4ac9c000ec610e35e24

    • SHA1

      7c8a7d338948d01c312e31af7a8a8bb6cb32a1f9

    • SHA256

      316b7f525888eb67944f527e4ac50d7ce960e90658ffb715bf0a1fb9e3e52ac9

    • SHA512

      30038ab28015ed534b09f3fb8b29acc872dc30b68669faa7545e0d6f5e561279c8d923f47fae62bd371a2eb8d9d1591b0f092ab59bf873863b81d4053d28743e

    • SSDEEP

      786432:qi5dfOognme1j48rkdNXtUzWJQmpg8+MSAzUtq0ksEhoM5PmgcKHYM2Da7:q2fSb1j48ruNXtUz4QmR+z7vk7VFPWi

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks