666f427bbf8bb4b0779c82fc16d531db287376ba16e6df2d1f984d9dbfd11970

General

Target

pv.rar
Size

28.8MB
Sample

240310-s5vtksfg31
MD5

9853575a933f5ceb0c537fe188f2e910
SHA1

50d06d07a31245fe128b0ad15044cf7901cd96dc
SHA256

666f427bbf8bb4b0779c82fc16d531db287376ba16e6df2d1f984d9dbfd11970
SHA512

da31a7be4e83fc5817b72db3ffeda4690df5d06eaf4de73d30630193d7924013ba4840d3da9dd2df243fa271b84db115a5784d04aaad8be9c1507e86a13c9c9a
SSDEEP

786432:ftXXJU7QPQ2eCVjRn3s/WYR4joHRNO9q1zwjQL:ftnlECjsObjoHbO9EzyQL

Score

8^/10

Malware Config

Targets

- Target
  
  ccvLX6b6iG.exe
- Size
  
  31.6MB
- MD5
  
  b207acf3639912c9e6cccc25ba6b374e
- SHA1
  
  3027cb0f0e17c1b79edd3d6a88ef4adbc08d267b
- SHA256
  
  83937419fa7f594e2c03bf473e6d7588581b2afad3c33c0f6798ce4e80fafd0c
- SHA512
  
  9dce4a3e1a316cea561040eb181c1a0ad0db49c1346654336412e54383a659f650ce627140e97b997b2bc23dda5ea6eb2977cad5e1c42ebfcb806142be12ff3f
- SSDEEP
  
  786432:K5anJ+Wyc5P2H2nm5MX7YnT4BHmNDdVv0YcDfzQMvV:K5aJ+T4PmQmOLYnMODr0nDflvV
Score

8^/10
- Drops file in Drivers directory
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  dpp.dll
- Size
  
  2.4MB
- MD5
  
  5099f2e9acae75ca793ada77a8d9c605
- SHA1
  
  6d2e16085f9a74db3948156eb07b39cf1fc8d936
- SHA256
  
  da523c334bc8d4c3dde7a350b325beb2abfdacda8387ae0f13c9af3d2be73fd0
- SHA512
  
  2c7a0857887b4ba22c19bd75249f39edf6e1de3461c0703a1bb4eb45e638ed0825831d5941470776ffd6c6b5f12b368f5d29604e7186998723f67f6891b60b73
- SSDEEP
  
  49152:SBUfn9wxuyJXuauJ2Ub1shYdLA6eavFG:JnMJWhG
Score

1^/10
behavioral2
- Target
  
  libcrypto-1_1-x64.dll
- Size
  
  3.3MB
- MD5
  
  bff0b8ffbfe4e6c9a21a47d86ebfce30
- SHA1
  
  aa9883fc52f16901e9a1bba7afb0033b7f15c721
- SHA256
  
  ae8ed4eb9c764c65611cbe78b849f383ada2675ab2e9d8b76b9b799be80c0951
- SHA512
  
  e594a9a7d83732f1d901a1f2bbaf1acd86219a56bd60ec0ebc179059a43524ae81eda55a06334e9ddf306b2fc08bab83aa11adb3aed58875ec3f18e00a9cb0ca
- SSDEEP
  
  49152:SVwASOTxIU6iC1GtlqRycFM4gXFOBM5QFOObP/1wf0U1D+xNPsWusDS1CPwDv3u0:CG+kMhOWym31DuWWuse1CPwDv3uFfJ
Score

1^/10
behavioral3
- Target
  
  libsodium.dll
- Size
  
  323KB
- MD5
  
  1b3a0b66a70b6b74666ac923fcd20d31
- SHA1
  
  52f0c36087a4260688edec6577590b376b4700a3
- SHA256
  
  3638b6d7cdd4828f5e53a314756b88f19da36aaa812eb6889a10f3f55860b85e
- SHA512
  
  fc28b60a32ef3362573022f5ba08fb48c037086a57b77d38ff01b87af69ffdf1e8d4d6ef69b63852d71cdc9a0f6153d632e9fe1c4f69b67c83ae5a9a54835179
- SSDEEP
  
  6144:htoTifGdN3JVghfnfxKEh15YILfR5vzzFiKMoJwV50DErmQeX:PoTifEJVyt5YIDbz3D
Score

1^/10
behavioral4
- Target
  
  libssl-1_1-x64.dll
- Size
  
  670KB
- MD5
  
  92d8f738dbe91bfa0ce88c7681035a05
- SHA1
  
  4fb6310a22a5964fd748b326d612539946e14f13
- SHA256
  
  640212220e73b2e2fd7ff2c08faf8d66fb5b9387300c0bb12a80379fda7288b4
- SHA512
  
  2b554a381c404f082053ac1f86fa8de300d3a879f9e4ce6aabb8a3f393a734151ebb763c76f709e7bc7a32dd0c41de3817ddf41fc02eabce10f90a38a961cb20
- SSDEEP
  
  12288:VfKP4Afz0RoezGbrfOZTpUG/zeZxeNEZ2LiR3inbwciXd8wU2lvz+:wyzGbryogLiRmiXdBU2lvz
Score

1^/10
behavioral5
- Target
  
  opus.dll
- Size
  
  386KB
- MD5
  
  c228e20cbbf036f374756b8c75fbf8d6
- SHA1
  
  b4bd4fe9a3f290a088b496823b4a806fba451137
- SHA256
  
  c740a704598d6c4bb550ff660cb531d98a62b8c182cc48318ef8756f407b5ae7
- SHA512
  
  a326bc13f19e50644d1d0d3665e075a7bc832dd68eea66c5b23713c26143cd1411c6aedadbee718eee08566c8e699d1de59b4e1891eaebc49d865f98b521cae8
- SSDEEP
  
  6144:mbEloNvDkihx3MmI2gFo+Pzk41CqKUC2TxoiqEHUl3rZ1AQY+MZl8zz+0/uWbBm9:loD3MDD0iqk6V1AwE8zz+02lj
Score

1^/10
behavioral6
- Target
  
  zlib1.dll
- Size
  
  85KB
- MD5
  
  b88fc4d41ac25f367a5fe5ee0286de22
- SHA1
  
  124017096d4c571b3f835af4d7e9b158a4abe4cb
- SHA256
  
  b98933d985116fd71869b879604347cfb630d1eb4b9eef16454913d251021502
- SHA512
  
  824df2a012b18e252a90177d2f3ab5a43272609024b72790bd249f981e7fca4f28291ab3e4cee06c26e189ba42fa2115648fc725f49a91666fae59bc022c68c8
- SSDEEP
  
  1536:8THRfzojvOeiRMPrpbAE1ApOal2qk0M2OnToIfUIOcIOYuWq3sf:8BzojvOeiRMTtAEepOT0fqTBf6SYZq3S
Score

1^/10
behavioral7

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Drops file in Drivers directory

Looks up external IP address via web service

Maps connected drives based on registry

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7