Overview
overview
9Static
static
7Caspue2.exe
windows7-x64
9Caspue2.exe
windows10-2004-x64
9EAC.exe
windows7-x64
3EAC.exe
windows10-2004-x64
7caspue.exe
windows7-x64
1caspue.exe
windows10-2004-x64
1caspue.sys
windows10-2004-x64
1devcom.bat
windows7-x64
5devcom.bat
windows10-2004-x64
7reset_adapters.exe
windows7-x64
1reset_adapters.exe
windows10-2004-x64
1spoof.exe
windows7-x64
8spoof.exe
windows10-2004-x64
8General
-
Target
baee2a8a64e9c56caf42609a8075f7a8
-
Size
2.0MB
-
Sample
240308-lpbbnscg6z
-
MD5
baee2a8a64e9c56caf42609a8075f7a8
-
SHA1
a8b4c49e5c2bfcc6b26cd45804312ef8ab0337fc
-
SHA256
4fb539f018df9d7aa55be88184a499e0a37617f5a4f7c1b81fe685d34f4d4014
-
SHA512
7bd0510f13371e7e0513369dc9674ab3f75e41c5a0e792632c3275be4c324dd40ed7a99bc1120699db2a8258b956cc610a4062ff9aa5d5d7e6abd4c03124b5df
-
SSDEEP
49152:z1ZYSSvHI3jZszoYJfgi40+MMDLvw7jFNcZA92P8k:zvYhvoTOzoUfgi495bw7jFNcZA9y5
Behavioral task
behavioral1
Sample
Caspue2.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
Caspue2.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
EAC.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
EAC.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
caspue.exe
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
caspue.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
caspue.sys
Resource
win10v2004-20240226-en
Behavioral task
behavioral8
Sample
devcom.bat
Resource
win7-20231129-en
Behavioral task
behavioral9
Sample
devcom.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral10
Sample
reset_adapters.exe
Resource
win7-20240221-en
Behavioral task
behavioral11
Sample
reset_adapters.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral12
Sample
spoof.exe
Resource
win7-20240221-en
Behavioral task
behavioral13
Sample
spoof.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
Caspue2.exe
-
Size
3.3MB
-
MD5
d25b66b301b05d48d4baa241585e7cd6
-
SHA1
4be94b0b3208f0757f825ddd2cedf00acc068141
-
SHA256
371303b3d4b620c733be8f5c8f87d9ea111d625b0b0e310e047db6deee0517d6
-
SHA512
92e3122552c9de7ad3bd422edb3ef5c668971a8f5459eb024c6c43215cc220f893b690c02ad16e1b3a525cb67409949f6a59b706c05dd466efbdcb40bcdf9af3
-
SSDEEP
24576:gaQVIaQ2QHfuutIcKOeOWyUaVFngOdz03qd:xIaiyRxzaU
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
-
-
Target
EAC.exe
-
Size
90KB
-
MD5
a2ca2e07eca8a95c1553e3ad4a2b7edb
-
SHA1
2c418465d84798fb2a7dacd99faed5404a3046d4
-
SHA256
c9770cc8890c72f902599eb70e43950e76d52943243d71f133d6da63ee41562d
-
SHA512
a3bef40122aa384afd05df80363050d1a5636fd6c4fc905ab8ab1a6a2127a39e19a9c1373e94564e0bd29bbbe79cfc614b836351af3153e2d15011d22ba482a9
-
SSDEEP
1536:RO2z7oYufXkFoIEEgmxUdUj10cL+yvVK2oiz7h9h2WthN5eySUo3:RO22aoIvjxUdUSM0Vi/h9MWt/5eLZ3
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
caspue.exe
-
Size
161KB
-
MD5
02e46be7c4aa2a1d8e779a54daa0083e
-
SHA1
3f29b906e573f35d9398d8de2fd99487d0b7893e
-
SHA256
0530c4fe19d38e7317789eabeef658b83617ae2d87e52b9c45712fd339880e95
-
SHA512
18cba1df49517eae7e60f7f5ba8f8a6116b20fb58563ec6c9c0afa9953c6419c707d692c6e431f7e9cb47dd3f598dd5b9e2bb180d35595db8dbd53152682ae18
-
SSDEEP
3072:TCdIFwtjvkg8iJXeAQMw5PknyLIh2PGM:3yLkqJtSPy6OM
Score1/10 -
-
-
Target
caspue.sys
-
Size
6KB
-
MD5
96756deaff1b2667883d4a21e43f4f65
-
SHA1
bce3d6fb9eec3f2d2695d96e61442a58039d594a
-
SHA256
1992c044963f5c77aa7b5462e2bb69a37c66bc0e13032524fb1663c0314fd420
-
SHA512
b6f472c8296bbef5da4baf638e98c2e0c42ba3fa783c69a6c0cc1e2f92f4c365d6d1c0bcf26e1644bacd4a001fd97c19b5fe2b616ba3c0982fc7edefcb59ef7f
-
SSDEEP
96:eA/w8VE6wC4NrkXyhWZ2JMQ4LI5aUZ1ZM2a3:v/f/skjZAMTOA2a3
Score1/10 -
-
-
Target
devcom.bat
-
Size
17B
-
MD5
057df71dcadd6c9dcb78ab37231fc5f4
-
SHA1
f1dff8166f05ce3cccafe83c1f37d87c8141b2b9
-
SHA256
843368160bbabb814a8d3022f518055f1961382e112fe30c5e6a5d8f3d922823
-
SHA512
9d571a12396eb900255c65917fef271c7c43968d09dc4c5de528e133561e9a5862e20f86e17002318c7bf996ab89eecd0234a77dd2ec435b6f123025006daa11
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
-
-
Target
reset_adapters.exe
-
Size
335KB
-
MD5
bd624e99155ffa5868f39c73a1513cee
-
SHA1
0a6c46d21faefaf29c992193e5dac6b4b4a58719
-
SHA256
4f67490d6a7d952599180f26d167b74c70d4f840d36e73bb8ec7ffb29b6a6df8
-
SHA512
46471f61f44f97d63993349ed005b26d0a415b4082c1a48321aba18e58d3e10415f24d18ece3016cf65967a29ca85b8d935f70e06fd5ef96cb046d7074d9368c
-
SSDEEP
6144:QlGlXIiIGWbsTXO/P/bbUmmLhquD2S6FEJQzZnCvTkJCps9Q18RQj7dVJTrQkEjU:QlGlXIiIGWbsTXO/P/3mLhquD2S6DzZc
Score1/10 -
-
-
Target
spoof.exe
-
Size
78KB
-
MD5
75f926056bd5abc6aa62fdb919483a28
-
SHA1
604db02f2e2b4e7e9c42b501a0e928d03e9ec82b
-
SHA256
8b646cfdace2f07ce81efd6cb4cfff7fb3ee53bb02b5aa2e9365d8b107121b25
-
SHA512
73f7b0d06c00ca90bff5f15261cc75def0ada0d6dff1fd420d811ec9e9302ebade88f4ab03c9514a1f865bd91389e0a048ce86955e06a6400ce0bd6c93813f2e
-
SSDEEP
1536:pgyJWH4azSaXtJ+WVkADPQHQBK8JEOROwHX9vSBF:pgWWB+gkArQHO1Ocav
Score8/10-
Sets service image path in registry
-