f347973d730b52f21e66403f825530a4110b8c15f808e6326869b06c3a7d9c58

Sharing

Copy URL Twitter E-mail

General

Target

earnapp-plus-setup-1.437.973.exe
Size

12.0MB
Sample

240313-v4sc6sba3w
MD5

c261fa445a56cf8b2ee717241cc55229
SHA1

8a6e63d89b64e68ada6950f7d02675de355c49c6
SHA256

f347973d730b52f21e66403f825530a4110b8c15f808e6326869b06c3a7d9c58
SHA512

47e9704e5596eb189adf72f2c26d12260c82966271e2d7e56682472918a910f4701601f481a288c2d3825d493262aeb32b7edd312fe6a0cf89ad306fb1a2449a
SSDEEP

196608:7Z9AHGfu3bNvVc1gjBu8hpYvyrVZHhSV61ThXWFBhiED4+NbqtFVkEX64CcW1IcP:78GmhJZpYaJdhSV61wFBgC4+AtXtKyaf

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  earnapp-plus-setup-1.437.973.exe
- Size
  
  12.0MB
- MD5
  
  c261fa445a56cf8b2ee717241cc55229
- SHA1
  
  8a6e63d89b64e68ada6950f7d02675de355c49c6
- SHA256
  
  f347973d730b52f21e66403f825530a4110b8c15f808e6326869b06c3a7d9c58
- SHA512
  
  47e9704e5596eb189adf72f2c26d12260c82966271e2d7e56682472918a910f4701601f481a288c2d3825d493262aeb32b7edd312fe6a0cf89ad306fb1a2449a
- SSDEEP
  
  196608:7Z9AHGfu3bNvVc1gjBu8hpYvyrVZHhSV61ThXWFBhiED4+NbqtFVkEX64CcW1IcP:78GmhJZpYaJdhSV61wFBgC4+AtXtKyaf
Score

4^/10
behavioral1
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  cff85c549d536f651d4fb8387f1976f2
- SHA1
  
  d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
- SHA256
  
  8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
- SHA512
  
  531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
- SSDEEP
  
  192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score

3^/10
behavioral2
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  2f69afa9d17a5245ec9b5bb03d56f63c
- SHA1
  
  e0a133222136b3d4783e965513a690c23826aec9
- SHA256
  
  e54989d2b83e7282d0bec56b098635146aab5d5a283f1f89486816851ef885a0
- SHA512
  
  bfd4af50e41ebc56e30355c722c2a55540a5bbddb68f1522ef7aabfe4f5f2a20e87fa9677ee3cdb3c0bf5bd3988b89d1224d32c9f23342a16e46c542d8dc0926
Score

3^/10
behavioral3
- Target
  
  $PLUGINSDIR/modern-wizard.bmp
- Size
  
  25KB
- MD5
  
  cbe40fd2b1ec96daedc65da172d90022
- SHA1
  
  366c216220aa4329dff6c485fd0e9b0f4f0a7944
- SHA256
  
  3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
- SHA512
  
  62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
- SSDEEP
  
  24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
Score

3^/10
behavioral4
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  6c3f8c94d0727894d706940a8a980543
- SHA1
  
  0d1bcad901be377f38d579aafc0c41c0ef8dcefd
- SHA256
  
  56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
- SHA512
  
  2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
- SSDEEP
  
  96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc
Score

3^/10
behavioral5
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  7KB
- MD5
  
  675c4948e1efc929edcabfe67148eddd
- SHA1
  
  f5bdd2c4329ed2732ecfe3423c3cc482606eb28e
- SHA256
  
  1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906
- SHA512
  
  61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683
- SSDEEP
  
  96:J9zdzBzMDByZtr/HDQIUIq9m6v6vBckzu9wSBpLEgvElHlernNQaSGYuH2DQ:JykDr/HA5v6G2IElFernNQZGdHW
Score

3^/10
behavioral6
- Target
  
  brd_config.json
- Size
  
  263B
- MD5
  
  43b667b782194f4adf763acece2369c2
- SHA1
  
  7d092c9ad330ceaa98cc7811c74db59c876b66f0
- SHA256
  
  7f7e6f7330bd46f4147e644bfecd2ea3bbf02d9d4774c42c55a89801ac645276
- SHA512
  
  18e6a9955c9d4cae91fd8dfb46e0c7342b228d980dabf1ba18cb757a81bcc1c85abb46aed6e05180485ba210309bd0463de7933ea006f2560156502458be89bb
Score

3^/10
behavioral7
- Target
  
  earnapp.exe
- Size
  
  15.3MB
- MD5
  
  0336733e248140bbcca488d8a5674f0c
- SHA1
  
  036eded4bfda21c85b7c8678b5fdbb3c245d8658
- SHA256
  
  8718b381f3b36e59a42ed26e555ee45020db733b43479b39474cb007e4648d6e
- SHA512
  
  4c5ed58f1425f5744c10e31b49bea75781f8a83fcb28792f02fcd68e2d5f2c4fea92e664f0ad3b551a8983636b5af2e94f995e453c9ee11beb45d733c39031fa
- SSDEEP
  
  196608:Qb30eJxG+z/MuYBEZHP2mpZSSZ/MuYBEZHP2mpZSvP:QIUpz/MNS2mpfZ/MNS2mpwP
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
behavioral8
- Target
  
  lum_sdk32.dll
- Size
  
  6.9MB
- MD5
  
  62756fc7fc2e2d2aaa3a77eb26d63d4f
- SHA1
  
  e7ba418aa9e70a6841543968d782383d83a50764
- SHA256
  
  cd7331b1d3dad5a76975d20c2197af7c543289af1e007e2d6216bc510fa901f8
- SHA512
  
  c037ba7790e7e4c84aa7a9260e2057cb474749804d206efd4c2d93027f1fe23ea480b4cc930800403a45433ea8a6f92c2cf034fa7beb2aab49cdc37334d1cb7d
- SSDEEP
  
  49152:bMNODPeeK6Bc9JFUNqWXrx2l4JnqprHfq6MSXMBrh6N9JjxXpMyvfQQ/F06oa9Ey:AkIPUxhApWBEZHi/mT2mpj9SoCNuI0
Score

8^/10
- Blocklisted process makes network request
behavioral9
- Target
  
  net_updater32.exe
- Size
  
  8.9MB
- MD5
  
  59964281a15524edf4f6bc3b8cf62956
- SHA1
  
  7f8ddd88f4684715c2648d05027607d2ba3182aa
- SHA256
  
  0e288662eec858eb90de4ff0d68b94394d866a575345cece59b3f80b27eba053
- SHA512
  
  bf174f64b91f862a4f6227be58fad297174064f9cba507651b29462740bb58587dde54e89cec676ca306855d14f6dfd081a6f7a052da61711de6247e9c6a6988
- SSDEEP
  
  196608:nGgZJBED6cMBHweVlBZ/MuYBEZHP2mpZSJ4I/:nGgZJBED6cMBHweVlb/MNS2mpI7
Score

1^/10
behavioral10
- Target
  
  uninstall.exe.nsis
- Size
  
  5KB
- MD5
  
  f79384f52f41bbe16d4a92b45eea8490
- SHA1
  
  de0b12b4627968fdf339194e1056eac13e7a7a2e
- SHA256
  
  cd762fe72044d8ca84d89bf0cb09a0cdcc3542fdf23841875369294df0658214
- SHA512
  
  df8f54b2176481ca19a28693962e8d6b5edbeff2897acc2e9129a64df543d977c4564c80669a658f361fa36e77f24ce0d20194a51b8981f7d8390a53a515ded5
- SSDEEP
  
  96:jqtMP8QLB5cK0fZuNmfU45fME4NpvlOzR1FDnURG7zfHg03oRfVJAj1:jIQZDC5tMEQpvkF7UQ7zPC9U1
Score

3^/10
behavioral11

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11