General

  • Target

    baee2a8a64e9c56caf42609a8075f7a8

  • Size

    2.0MB

  • Sample

    240308-lpbbnscg6z

  • MD5

    baee2a8a64e9c56caf42609a8075f7a8

  • SHA1

    a8b4c49e5c2bfcc6b26cd45804312ef8ab0337fc

  • SHA256

    4fb539f018df9d7aa55be88184a499e0a37617f5a4f7c1b81fe685d34f4d4014

  • SHA512

    7bd0510f13371e7e0513369dc9674ab3f75e41c5a0e792632c3275be4c324dd40ed7a99bc1120699db2a8258b956cc610a4062ff9aa5d5d7e6abd4c03124b5df

  • SSDEEP

    49152:z1ZYSSvHI3jZszoYJfgi40+MMDLvw7jFNcZA92P8k:zvYhvoTOzoUfgi495bw7jFNcZA9y5

Malware Config

Targets

    • Target

      Caspue2.exe

    • Size

      3.3MB

    • MD5

      d25b66b301b05d48d4baa241585e7cd6

    • SHA1

      4be94b0b3208f0757f825ddd2cedf00acc068141

    • SHA256

      371303b3d4b620c733be8f5c8f87d9ea111d625b0b0e310e047db6deee0517d6

    • SHA512

      92e3122552c9de7ad3bd422edb3ef5c668971a8f5459eb024c6c43215cc220f893b690c02ad16e1b3a525cb67409949f6a59b706c05dd466efbdcb40bcdf9af3

    • SSDEEP

      24576:gaQVIaQ2QHfuutIcKOeOWyUaVFngOdz03qd:xIaiyRxzaU

    Score
    9/10
    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Target

      EAC.exe

    • Size

      90KB

    • MD5

      a2ca2e07eca8a95c1553e3ad4a2b7edb

    • SHA1

      2c418465d84798fb2a7dacd99faed5404a3046d4

    • SHA256

      c9770cc8890c72f902599eb70e43950e76d52943243d71f133d6da63ee41562d

    • SHA512

      a3bef40122aa384afd05df80363050d1a5636fd6c4fc905ab8ab1a6a2127a39e19a9c1373e94564e0bd29bbbe79cfc614b836351af3153e2d15011d22ba482a9

    • SSDEEP

      1536:RO2z7oYufXkFoIEEgmxUdUj10cL+yvVK2oiz7h9h2WthN5eySUo3:RO22aoIvjxUdUSM0Vi/h9MWt/5eLZ3

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      caspue.exe

    • Size

      161KB

    • MD5

      02e46be7c4aa2a1d8e779a54daa0083e

    • SHA1

      3f29b906e573f35d9398d8de2fd99487d0b7893e

    • SHA256

      0530c4fe19d38e7317789eabeef658b83617ae2d87e52b9c45712fd339880e95

    • SHA512

      18cba1df49517eae7e60f7f5ba8f8a6116b20fb58563ec6c9c0afa9953c6419c707d692c6e431f7e9cb47dd3f598dd5b9e2bb180d35595db8dbd53152682ae18

    • SSDEEP

      3072:TCdIFwtjvkg8iJXeAQMw5PknyLIh2PGM:3yLkqJtSPy6OM

    Score
    1/10
    • Target

      caspue.sys

    • Size

      6KB

    • MD5

      96756deaff1b2667883d4a21e43f4f65

    • SHA1

      bce3d6fb9eec3f2d2695d96e61442a58039d594a

    • SHA256

      1992c044963f5c77aa7b5462e2bb69a37c66bc0e13032524fb1663c0314fd420

    • SHA512

      b6f472c8296bbef5da4baf638e98c2e0c42ba3fa783c69a6c0cc1e2f92f4c365d6d1c0bcf26e1644bacd4a001fd97c19b5fe2b616ba3c0982fc7edefcb59ef7f

    • SSDEEP

      96:eA/w8VE6wC4NrkXyhWZ2JMQ4LI5aUZ1ZM2a3:v/f/skjZAMTOA2a3

    Score
    1/10
    • Target

      devcom.bat

    • Size

      17B

    • MD5

      057df71dcadd6c9dcb78ab37231fc5f4

    • SHA1

      f1dff8166f05ce3cccafe83c1f37d87c8141b2b9

    • SHA256

      843368160bbabb814a8d3022f518055f1961382e112fe30c5e6a5d8f3d922823

    • SHA512

      9d571a12396eb900255c65917fef271c7c43968d09dc4c5de528e133561e9a5862e20f86e17002318c7bf996ab89eecd0234a77dd2ec435b6f123025006daa11

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Target

      reset_adapters.exe

    • Size

      335KB

    • MD5

      bd624e99155ffa5868f39c73a1513cee

    • SHA1

      0a6c46d21faefaf29c992193e5dac6b4b4a58719

    • SHA256

      4f67490d6a7d952599180f26d167b74c70d4f840d36e73bb8ec7ffb29b6a6df8

    • SHA512

      46471f61f44f97d63993349ed005b26d0a415b4082c1a48321aba18e58d3e10415f24d18ece3016cf65967a29ca85b8d935f70e06fd5ef96cb046d7074d9368c

    • SSDEEP

      6144:QlGlXIiIGWbsTXO/P/bbUmmLhquD2S6FEJQzZnCvTkJCps9Q18RQj7dVJTrQkEjU:QlGlXIiIGWbsTXO/P/3mLhquD2S6DzZc

    Score
    1/10
    • Target

      spoof.exe

    • Size

      78KB

    • MD5

      75f926056bd5abc6aa62fdb919483a28

    • SHA1

      604db02f2e2b4e7e9c42b501a0e928d03e9ec82b

    • SHA256

      8b646cfdace2f07ce81efd6cb4cfff7fb3ee53bb02b5aa2e9365d8b107121b25

    • SHA512

      73f7b0d06c00ca90bff5f15261cc75def0ada0d6dff1fd420d811ec9e9302ebade88f4ab03c9514a1f865bd91389e0a048ce86955e06a6400ce0bd6c93813f2e

    • SSDEEP

      1536:pgyJWH4azSaXtJ+WVkADPQHQBK8JEOROwHX9vSBF:pgWWB+gkArQHO1Ocav

    Score
    8/10

MITRE ATT&CK Enterprise v15

Tasks