Overview
overview
10Static
static
3file_x86_x64.rar
windows10-1703-x64
10Language/WinRar.exe
windows10-1703-x64
1Language/an.txt
windows10-1703-x64
1Language/ar.txt
windows10-1703-x64
1Language/az.txt
windows10-1703-x64
1Language/mn.txt
windows10-1703-x64
1Language/mng.txt
windows10-1703-x64
1Language/mr.txt
windows10-1703-x64
1Language/nl.txt
windows10-1703-x64
1Language/pl.txt
windows10-1703-x64
1Language/pt-br.txt
windows10-1703-x64
1Language/ro.txt
windows10-1703-x64
1Language/sa.txt
windows10-1703-x64
1Language/sk.txt
windows10-1703-x64
1Language/sr-spc.txt
windows10-1703-x64
1Language/sv.txt
windows10-1703-x64
1Language/ta.txt
windows10-1703-x64
1Language/th.txt
windows10-1703-x64
1Language/va.txt
windows10-1703-x64
1Language/yo.txt
windows10-1703-x64
1Language/zh-tw.txt
windows10-1703-x64
1LiteRes.dll
windows10-1703-x64
1LiteSkinUtils.dll
windows10-1703-x64
1Resource/C...TF16-H
windows10-1703-x64
1Resource/F...td.otf
windows10-1703-x64
1Resource/F...ue.otf
windows10-1703-x64
3bentonite.png
windows10-1703-x64
3setup.exe
windows10-1703-x64
9General
-
Target
file_x86_x64.rar
-
Size
15.7MB
-
Sample
240312-2wj56afb36
-
MD5
66d593035319546aef95712abaeae75d
-
SHA1
a3cd36b8662f2d99583c6bbd84f99a8cc76ed05d
-
SHA256
6956b6c3c3e9c09c46dea9e2a1badd3de102fa788bad6dfc14d3489dd58bbdef
-
SHA512
9c742ed10c422479693f61a4c3223314955a6c184517626e56559ea8f261d21b83335c784483aa76572e0c533b03067bb4e4b0f7fc71f36aa5d95ed8ea0996be
-
SSDEEP
393216:47x5e3LyXU/hKPPLAIKZ7N81KTWbHLaOyXRm7Fb9Z61O/IAozZaJDbgIvG:K4CU/hEAxZ77TWbHLcXEhP61O/ZUZMDS
Static task
static1
Behavioral task
behavioral1
Sample
file_x86_x64.rar
Resource
win10-20240221-es
Behavioral task
behavioral2
Sample
Language/WinRar.exe
Resource
win10-20240221-es
Behavioral task
behavioral3
Sample
Language/an.txt
Resource
win10-20240221-es
Behavioral task
behavioral4
Sample
Language/ar.txt
Resource
win10-20240221-es
Behavioral task
behavioral5
Sample
Language/az.txt
Resource
win10-20240221-es
Behavioral task
behavioral6
Sample
Language/mn.txt
Resource
win10-20240221-es
Behavioral task
behavioral7
Sample
Language/mng.txt
Resource
win10-20240221-es
Behavioral task
behavioral8
Sample
Language/mr.txt
Resource
win10-20240214-es
Behavioral task
behavioral9
Sample
Language/nl.txt
Resource
win10-20240221-es
Behavioral task
behavioral10
Sample
Language/pl.txt
Resource
win10-20240221-es
Behavioral task
behavioral11
Sample
Language/pt-br.txt
Resource
win10-20240221-es
Behavioral task
behavioral12
Sample
Language/ro.txt
Resource
win10-20240214-es
Behavioral task
behavioral13
Sample
Language/sa.txt
Resource
win10-20240221-es
Behavioral task
behavioral14
Sample
Language/sk.txt
Resource
win10-20240221-es
Behavioral task
behavioral15
Sample
Language/sr-spc.txt
Resource
win10-20240221-es
Behavioral task
behavioral16
Sample
Language/sv.txt
Resource
win10-20240221-es
Behavioral task
behavioral17
Sample
Language/ta.txt
Resource
win10-20240214-es
Behavioral task
behavioral18
Sample
Language/th.txt
Resource
win10-20240221-es
Behavioral task
behavioral19
Sample
Language/va.txt
Resource
win10-20240221-es
Behavioral task
behavioral20
Sample
Language/yo.txt
Resource
win10-20240221-es
Behavioral task
behavioral21
Sample
Language/zh-tw.txt
Resource
win10-20240221-es
Behavioral task
behavioral22
Sample
LiteRes.dll
Resource
win10-20240221-es
Behavioral task
behavioral23
Sample
LiteSkinUtils.dll
Resource
win10-20240221-es
Behavioral task
behavioral24
Sample
Resource/CMap/UniKS-UTF16-H
Resource
win10-20240221-es
Behavioral task
behavioral25
Sample
Resource/Font/AdobePIStd.otf
Resource
win10-20240221-es
Behavioral task
behavioral26
Sample
Resource/Font/CourierStd-BoldOblique.otf
Resource
win10-20240221-es
Behavioral task
behavioral27
Sample
bentonite.png
Resource
win10-20240221-es
Malware Config
Extracted
stealc
http://185.172.128.210
-
url_path
/f993692117a3fda2.php
Extracted
vidar
8.2
4275d1ec6a7d641620468013a0ce345b
https://steamcommunity.com/profiles/76561199651834633
https://t.me/raf6ik
-
profile_id_v2
4275d1ec6a7d641620468013a0ce345b
-
user_agent
Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
Targets
-
-
Target
file_x86_x64.rar
-
Size
15.7MB
-
MD5
66d593035319546aef95712abaeae75d
-
SHA1
a3cd36b8662f2d99583c6bbd84f99a8cc76ed05d
-
SHA256
6956b6c3c3e9c09c46dea9e2a1badd3de102fa788bad6dfc14d3489dd58bbdef
-
SHA512
9c742ed10c422479693f61a4c3223314955a6c184517626e56559ea8f261d21b83335c784483aa76572e0c533b03067bb4e4b0f7fc71f36aa5d95ed8ea0996be
-
SSDEEP
393216:47x5e3LyXU/hKPPLAIKZ7N81KTWbHLaOyXRm7Fb9Z61O/IAozZaJDbgIvG:K4CU/hEAxZ77TWbHLcXEhP61O/ZUZMDS
-
Detect Vidar Stealer
-
Detect ZGRat V1
-
Glupteba payload
-
Contacts a large (3888) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Creates new service(s)
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Language/WinRar.exe
-
Size
3.2MB
-
MD5
b66dec691784f00061bc43e62030c343
-
SHA1
779d947d41efafc2995878e56e213411de8fb4cf
-
SHA256
26b40c79356453c60498772423f99384a3d24dd2d0662d215506768cb9c58370
-
SHA512
6a89bd581baf372f07e76a3378e6f6eb29cac2e4981a7f0affb4101153407cadfce9f1b6b28d5a003f7d4039577029b2ec6ebcfd58e55288e056614fb03f8ba3
-
SSDEEP
98304:lJXOBfK92HbAw0CNB3kJElzNsy8vGUvfCo3ABH43:lJ192HbAXCvDlzNsy8vGUyo3AB8
Score1/10 -
-
-
Target
Language/an.txt
-
Size
7KB
-
MD5
bf8564b2dad5d2506887f87aee169a0a
-
SHA1
e2d6b4cf90b90e7e1c779dd16cbef4c787cbd7cf
-
SHA256
0e8dd119dfa6c6c1b3aca993715092cdf1560947871092876d309dbc1940a14a
-
SHA512
d3924c9397dc998577dd8cb18cc3ea37360257d4f62dd0c1d25b4d4bf817e229768e351d7be0831c53c6c9c56593546e21fd044cf7988e762fb0a04cd2d4ec81
-
SSDEEP
192:ifEAGRBQ0p/74r5jMdDTSBXgDQ7V8vBOC:iV5o74r5jMdY8l
Score1/10 -
-
-
Target
Language/ar.txt
-
Size
12KB
-
MD5
1c45e6a6ecb3b71a7316c466b6a77c1c
-
SHA1
04bf837911fa31ffca8e034158714b47f6489d38
-
SHA256
972261b53289de2bd8a65e787a6e7cd6defc2b5f7e344128f2fe0492ed30ccf1
-
SHA512
5358bb2346c9f23318492b5e7d208e37a703c70d62014426eadd2dd8cda0b91c9d9c2a62eafe0137faefb38bf727fd4d5d8dc18394784ccae75ae9550558e193
-
SSDEEP
384:7+CIwRJQh3hY4+6TRxAFqpdQbCs7ZpN4QyRl3fcxMZXj4V/2QT:LJi3K4+60Fqpd8Cs7ZpNryRl3fcxMZX6
Score1/10 -
-
-
Target
Language/az.txt
-
Size
9KB
-
MD5
81b732a8b4206fb747bfbfe524dde192
-
SHA1
4d596b597cf25ff8d8b43708e148db188af18ef9
-
SHA256
caec460e73bd0403c2bcde7e773459bea9112d1bfacbe413d4f21e51a5762ba6
-
SHA512
8667bff18a26fe5b892ecfdc8d9c78ecc5659b42c482e1f9e6eb09f7cf5e825584851cd4e9a00f5c62d3096d24cc9664f8223c036a4f2f6e9c568269b2fbb956
-
SSDEEP
192:iQMqAQbtI+SY+oEDQM0ia9mh/Vg/HksiM0ko3gvje2ojVPC1vUZzxEBa2U:i7SrSYzEsMDV4P0kggv6pCahxEwr
Score1/10 -
-
-
Target
Language/mn.txt
-
Size
8KB
-
MD5
8756027adf94b3cc3d6c42f0d3fb4af0
-
SHA1
823bdbc5abf1d2f3528aa319a417ee090d1c6928
-
SHA256
cf5245d17224f85011ed85062957dbfd936dd760a214980fc8f2eb69e6ba3cfc
-
SHA512
92715a814d24318533ba26af542b174df12e5d8cd40251bc27890345eb6c64d174448745b2b138bd0a7e0fa0d96b803fab9b29f89767729e64a95b164fb27f29
-
SSDEEP
192:i2GVqAYj834yHocynU6GwgeBLHvNlIfYfFCkMupHCwFxhjPQtQP1d/R1JTPUJ:i7kIYfUjuZxhDDHZQJ
Score1/10 -
-
-
Target
Language/mng.txt
-
Size
20KB
-
MD5
ba28c5c312d1a7827b40ed84f1f6f85b
-
SHA1
72788c4b14c47a3988245e81fc6e7bbb8f88442f
-
SHA256
92898472c1db5248b0556fb5bafda8090684249b561de5ef2a84c10f2f4383ca
-
SHA512
35871824adede6169118087d28fe3c78ea09cb259c7c168e83a22ca74c024d9f0d61250ad1fc9f75b71a8ee5235a12ffd52c146b8232b7bea84ec024b19da7d5
-
SSDEEP
384:ip3jpGUSlwi6aHQIXqB6B22bKP995BOqB8A5Y8KsC3u6cIVFJFGtMksJYkXoFs85:MWJbm50qN5Esd6t/XWjgqVpzs4XZd8sL
Score1/10 -
-
-
Target
Language/mr.txt
-
Size
10KB
-
MD5
2e9fc42dbd17e30f8db8205fa2d18543
-
SHA1
60639e6d06a38d5c507136c130a172d606b698e7
-
SHA256
08b8f7ff35dd4315133e04fd17b6fb896d63b9c87040a2cc68a83e81ea4efd78
-
SHA512
7e1aa7234dc2c07654847de01600787ba735e9ccf5d376d37696f3810418a357beb1d611a164fdfd7a24ca33e7bed150df08187d4ade6c973c45be5df74fd95f
-
SSDEEP
192:iSdCIrunpyKHseL4bzwltFrjVL0TEpbpFeki8rJNhBB:iSt6pypS4A7FYA1r
Score1/10 -
-
-
Target
Language/nl.txt
-
Size
8KB
-
MD5
54169e744254bb5a4182bcb2678f8479
-
SHA1
244ff8c38c8da10e20282cf74a08e18ab165640c
-
SHA256
8a74f64c91c25da6056b054d388bf1bbd97384ad7d0086f86df0240e077c6149
-
SHA512
b798027c10f2aa7f06fa4fc3473f3040a23968d967aa93c08d072f86da2747d7847f8d7b37bc796a8270721c200978c61b1a4a5c6fd8b87845fdbb1337a142a2
-
SSDEEP
192:i3oJFqYSagoQss8Yok0y0qiqfUaep0XTrsv3H2TzQEjsrKdOZhGcicbyoL0rnycW:i3AQZUaemXTOWTMosI9loAry34sf
Score1/10 -
-
-
Target
Language/pl.txt
-
Size
9KB
-
MD5
2cdf63e6b3f3a474465d0d88e5386718
-
SHA1
aa4f3f839b35c68ea2a17e7a63053262e94f952d
-
SHA256
223c109301a7bbf01fc57c42609083b28e3fcededc1f6e6dcdfdc8ec1580c51d
-
SHA512
db7c086b9fd9111d468b7bb4f55455524fe161869c20c20ad7e65e5b8eee38fd4e3b19aaa183c69c87d2c61f4561d12c90aa966a07156f193af59bcb6db10ff7
-
SSDEEP
192:iny0xONopVdHc+Xmy9hk1s6i+6rELzpZ6+0FVEleeNRChH6ufZfjp8Rb:in3xOgvXm9s5+6QLz+jUlX2rp8Rb
Score1/10 -
-
-
Target
Language/pt-br.txt
-
Size
9KB
-
MD5
7b02e1ae16e2e709d7c97de560b4dbe9
-
SHA1
191a54644417f7d36f5cb4182dcdb3737d74be51
-
SHA256
da0b58f52bbc131f967942d1d8e9de1b5721ae864bc21852a0ad4062332297cb
-
SHA512
4f689f854db3f766b5e53ce2f19e9f8293c075ee3f9b18098eb05b352f2ec95df85e49a78540781eb531bce60c7b1f7890f1fe3c65200dec3cb908e90fb827a1
-
SSDEEP
192:icoGT04mzNN8hYivh5gtE/PkjY09fdNQuQ:ibGg4mzNhi4tEHoDfHQuQ
Score1/10 -
-
-
Target
Language/ro.txt
-
Size
7KB
-
MD5
e3ee837f02a1f6e4b2213eb36c025284
-
SHA1
56ccafa0f9c3d805a845311c2ebd80c93a595b17
-
SHA256
f168bb4d026782134cc6c261006b815850e753a27fb47c4f23ee617666459a66
-
SHA512
a923f953af5df72e04b5c38e523a003b85c0ed74e20ae1c3a2d4848828e03de8e703953cfcf653c148a0eeaa9365f9187804de0d534435ccb90dac1c4ea68a63
-
SSDEEP
192:iVF8khF2yUYtHwfajHwKlPVS6LWbsWGGqZfG7ORVCPF27l:iD8mUYtHCxuPjWQu6KP0x
Score1/10 -
-
-
Target
Language/sa.txt
-
Size
19KB
-
MD5
9fe4da297163a84fe9d0b0289b1af077
-
SHA1
d14a6a318a50f2f13e45b2269ea2ad8fc5e3c44a
-
SHA256
a44e8c328bf809890aa6ca883e2cb82b6c5207d9636e9a91253da4cd893668c8
-
SHA512
a6fee2f3d6448f1f5be6ec88b51fb65ebd07c7ba3dbaf2f7a801fef54b9da410e6b800094853180a884889b304ea9a54672781fa7d0f1067af6c4a63c494a44b
-
SSDEEP
384:isw3ma17q9ntvNTsld5VFxxwMkAGO310F0klrfofmR7HOwPyng:HwQvVnQg
Score1/10 -
-
-
Target
Language/sk.txt
-
Size
9KB
-
MD5
ca2b22d21945a478757a099eeafdf9a9
-
SHA1
5efbf215647e82ddeaa4c83d064ef83b51413dea
-
SHA256
e571c0d87b50f4659099b4ca618057533c22578066e411c5ceb3df8be1e77cff
-
SHA512
40365ac6cdd70ff7b7ab09482e1e9263b1b131772019eda357007d029a879111da72b05756adbfc3206b1c060211a16b5f10d507fb0caa3696907c8433fe9537
-
SSDEEP
192:ihqYyHuLGHP372c79qAFklXva+hF+zmTzeNMR:iMjUGHP72cJqAFAXi+hs0aNMR
Score1/10 -
-
-
Target
Language/sr-spc.txt
-
Size
11KB
-
MD5
ffd26304b9b5fae8547703515e84460d
-
SHA1
cff3f023bb47ca3c6c3db202cd8c126b0bb2f59f
-
SHA256
283dd99ec8d13784b3d79c36766cdb16dac0ede0c1c09e8b1efa64f5dc2c1a55
-
SHA512
0a4e39e2598c73f936e4c8bd56201fee00aeb5daab0d7b735d5137a8b7c15830b40f028c77b528b75653540836098f5e8fc059111dd2efbd0a46ddbdf97465c1
-
SSDEEP
192:iCk9ED/u0/rzMXyBMtR/TL0wN1i9Rd9u3ZDxoAF9sOVbvmyz3xnvze0kIqLm3HGX:iCk94zBWv0b9P9gZ1lLhnbe8q0tfsH6o
Score1/10 -
-
-
Target
Language/sv.txt
-
Size
8KB
-
MD5
2ec8b6f0c0c05157ae90aba540debed1
-
SHA1
56de30674cf6ed17ae1fd42080214573b8383789
-
SHA256
54112b265ec01759adbf72dc856ff0f9dbb2b3029eff8a56de08dffc5d3dc954
-
SHA512
6cb83b0d3db5254e47f86100c38be073f257b4f2e643f14e91df9ccac36a631bf06e52ce8f98106f5a17cf19745f2b6277605968bfeb9e0d423b1fd3ab5c0a06
-
SSDEEP
192:iIRthqlCnYhI0sbVA28ta0obRFz+3uCFQ9/FLFDLb0Y620X9CWHdfSzuQ3lBMjiC:iIzhdnY+bi2tWIFLJb0Y62dWHuTlC
Score1/10 -
-
-
Target
Language/ta.txt
-
Size
12KB
-
MD5
228ca6d7b8d850853233c4575a7ebf1f
-
SHA1
4bc90fca87925f7d855972f5dc67ef5e9e29b438
-
SHA256
0a3b285566bbeb3f188b3c72ba21cbfc545ea05471eab706e972c828da5234e0
-
SHA512
2995d1c2bacc8c0ee757fc47fe9c8ac07f1ee74ae3a70bbbcc66cbcfa13a924855b3f7515d04031434870829be34f0fb49a35388eaffacc0e7a33f9a44a02870
-
SSDEEP
192:igMxAhP2NKfBuRZjaaC1e13/BNhpYY+KEHtiAnCuu1+AuvB1nNh11N:irlNZjagbAn3
Score1/10 -
-
-
Target
Language/th.txt
-
Size
15KB
-
MD5
8ee06a03dc18e5f8bc750cb6a78f6d9c
-
SHA1
179c195700df844216c2cabdc17062cddbd1d6b3
-
SHA256
01e7b965bd4b722003f74b4e4b30ef6a1baea67108816d1b9f8d6add39c7fa10
-
SHA512
4c908ba391bac8bd36bf76b5c3b59dd59eb71f2513bcd04c47cbde683ad463c0feac5d5aada67730f3f566156c4beff09cd7b7d1eb043b988ad7938b9041c4ec
-
SSDEEP
384:ir9n+rMUfsqjeWnShfO1LpBIB9jip10zsPRO2a8fUhe1RBC6sl4wjn/PqIpqINAG:09n+4csqjeWnSh21LpBIB1O10zsPRO2e
Score1/10 -
-
-
Target
Language/va.txt
-
Size
6KB
-
MD5
639741f687d4427c9d3b170b1ced41a9
-
SHA1
ad3d3a09b8877381df520e6eb654227da045b89d
-
SHA256
f43c31bd959a752eefbb7c76ed918c4cacd50d43706121c55093d72a638fa7a5
-
SHA512
eb63b0437624782d2bcd033905c7c0538902f9644e4facdc52d094ede5353309613b4eef3cb437d4f69c2a4fd4b2e0f241990aaa3a38366685b10cabec20a357
-
SSDEEP
192:icd/FL0HKwFgPqtXdN3K3TIcmqHfc39vNH:i65wCitzaj5E3P
Score1/10 -
-
-
Target
Language/yo.txt
-
Size
10KB
-
MD5
698af9267c08d61b712417491da6a3bb
-
SHA1
01f21ce60e571699b006098afe9520c02d4e11dc
-
SHA256
ffab6b91ffd2d3c2b1f7f431b47f7d28aa17a11587b876565613bb26c173402b
-
SHA512
d37f63d3824d12d9bd4749ea94fce924f3a5469874d6777261f0570a2a7ef28574825fae199408c0e1eee7061b08c447da8744a1c2fa486981165ab5062fc8a9
-
SSDEEP
192:7XgmEsBVCxtNc/EcoGFGDbMOw3WmkmSAGplG0v6k6P89Y6QVkixHxXUE4zVG9uRt:7XgECxuGbMO3/J3PL9zyezVGw5
Score1/10 -
-
-
Target
Language/zh-tw.txt
-
Size
7KB
-
MD5
acfc57de6b0e4489287bdafe2062409a
-
SHA1
dbf62f8c6dd239aa16bfd62500517b849ed8e5b4
-
SHA256
37c79297f8d4e491d681b556c23d957bc830068ae1d5f4535fd054c2233f3474
-
SHA512
50a76a2c5a61056b2b9efaf143335d86c5882d97c9d42acf29ca87cd39d79876d561ec0fe83fb377e25379cfebf593b782ecd8613d2a84ac33cbb6d8314481f1
-
SSDEEP
192:i965RTllmRwM4cO+VnoF0HDczLXO7AJ8YRcaBxU+G9dDRI:i9MRTPUZO+VaoDcmRYUhXRI
Score1/10 -
-
-
Target
LiteRes.dll
-
Size
735KB
-
MD5
88962410244bc5c03482b82a7e3cb5e1
-
SHA1
4622be2d3deda305bf0a16c0e01bc2ecf9d56fad
-
SHA256
afa884228afc5c05f4b47e90b6de42854d5a8886ec5ed15a253faeccd5309036
-
SHA512
c6e7667f91c1439e33ad4d9e2052b7c9fcc3ca2c7688d9e2bc0550b71a5762b76aa76427331df0217429d9bd984925997c7a8d009f25e44e2776c5ce7cc9d98c
-
SSDEEP
6144:x9Ej/jb82/HRoXO1q2pt+Mc1/PDPicsUzM+gYESoE/wOuET8F62bH5vnGfcJvl+b:fqptG/PDPo0no2Iq8F6CHBTWqU
Score1/10 -
-
-
Target
LiteSkinUtils.dll
-
Size
48KB
-
MD5
059d94e8944eca4056e92d60f7044f14
-
SHA1
46a491abbbb434b6a1a2a1b1a793d24acd1d6c4b
-
SHA256
9fa7cacb5730faacc2b17d735c45ee1370130d863c3366d08ec013afe648bfa6
-
SHA512
0f45fe8d5e80a8fabf9a1fd2a3f69b2c4ebb19f5ffdcfec6d17670f5577d5855378023a91988e0855c4bd85c9b2cc80375c3a0acb1d7a701aff32e9e78347902
-
SSDEEP
768:FPGeoWyuTx6vrP/zAdWQS6Z9CSKh64crVKTl9inMUAK:tGeJxIHepSKzjVK9iMUAK
Score1/10 -
-
-
Target
Resource/CMap/UniKS-UTF16-H
-
Size
128KB
-
MD5
f65c06189a55139e13885d9716bfe35c
-
SHA1
394285fed905d0f4c2c21230da50626b0a31a037
-
SHA256
ab87d320c81e4c761b7a4cbd342e212db4ebe169b5d10848f2f57d828874e342
-
SHA512
caf07d2623861f60d79acfb313978b89f9cd8feea0bed0fe28d25286d197b62b9ef9a41130586d731dc43aeae817eaaa87c9cac31d9bd1fdb82591146e0fa2cb
-
SSDEEP
3072:EbOks6xITS4gmLJpAEhFDDvBB4TS+JjXsc:jjTvIN3
Score1/10 -
-
-
Target
Resource/Font/AdobePIStd.otf
-
Size
83KB
-
MD5
8653bfe4c32a8528e981748e28c59570
-
SHA1
dec8dd8cba986f5852286c8b8e45c6270aeab65a
-
SHA256
5dbc496c0b5a12d9f9ffdb83a46b9fcda8d1fc1fcd50832c783be5e9277a698e
-
SHA512
66e39798ca8bba9af51f44e81b77ac1703f488b6361bfb05de632fbb2726e5f1291f0210be0fc933459bea78fa433177b33e34be977c079c97c5330d6590e7fb
-
SSDEEP
1536:PmsMC/asb+Q+fGZNbDvdtlT9Mnlx643McbQqc80U0zy26RR38e8kscXqHZ3MD4ea:BMjlINbrdFMnP6hcbQq8Bn6IPksF8E
Score1/10 -
-
-
Target
Resource/Font/CourierStd-BoldOblique.otf
-
Size
31KB
-
MD5
6804e7413898972e05823add91b1dfc5
-
SHA1
4dfc3cecd9d3c26afaca087a69376eb6abfedeaf
-
SHA256
698fd9169ad62bd6faedd1c8e8637abc9cc65b3b1a5ba8698242b1447303fbee
-
SHA512
f89a494aa7dae22022cb4bddf911c9fb8f40220c5d49bba79e5b7f97191fcc2740088437d3e56e6903e0b10aaf5535b4ce08dbe793a0e800d23038196ebf5fc6
-
SSDEEP
768:edluzc2NPniJMT9BvYsWShVcbZks6AnkXhUZxX:edluz3piJMpusWShVcbZkfAnk2Z1
Score3/10 -
-
-
Target
bentonite.cfg
-
Size
963KB
-
MD5
e7c43dc3ec4360374043b872f934ec9e
-
SHA1
6514933e53c6eb9594786a773f75595b0eafeaf7
-
SHA256
658ac17f4047ccc594edfd7c038701fe2c72ec2edf4aefe6f3c2dd28ab3dd471
-
SHA512
43b8cb4cacf8bc1e26f7c6af4e58d877287057975b3e28c52d4a3afa478b447a921fbde729ef24be9eb3858c00968455a6873a67e409a6a3fe6a35703470bd6b
-
SSDEEP
24576:gvnQ8rX+HfLmktxk2ZtrWIxff17XIDHVuJnUNObt/D+jQ9e+k:gvnD+SaZt5X2qAyasev
Score3/10 -
-
-
Target
setup.exe
-
Size
799.0MB
-
MD5
1056261febd0e026b9743d803c68b437
-
SHA1
22405989ed8a34ab2a55872b2e19e58c36ba4544
-
SHA256
47a436775683fe0139dd874f8348030ff1a9a5aaa34ff279f4f22aa002c33ddf
-
SHA512
9b1616658e22e605e91ef2cd7766de1e70b055d1260bedc90cda16de0070d84a8836788253ae1595250794323615435480bb70dbe8917ff5ea67c4e07b609993
-
SSDEEP
98304:eT/dSjTOJNuv9NvJFkvE1SvKPxqY9Cfgsx7ehATwlfm1F4gjnk+GlU/1:4wTdNvJCEQ8qYwfgQJwm1mik+G
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
3Windows Service
3Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
3Windows Service
3Scheduled Task/Job
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Virtualization/Sandbox Evasion
2