0afe4ad2eb7df24e1880f2b6c1c9f965a1d4e1d1b70a276487c1705ebd20cffd

Sharing

Copy URL

Twitter E-mail

General

Target

vblob.rar
Size

472KB
Sample

240406-h24bfadh94
MD5

3f6d2008648730e00b03c35f8dc7c219
SHA1

33edc8277c52cd2b1c9e0cab846c9f63e5bc5a9c
SHA256

0afe4ad2eb7df24e1880f2b6c1c9f965a1d4e1d1b70a276487c1705ebd20cffd
SHA512

45a1b18e32c094c0818ff8a9ea10a28b29b723129a3753950170288dca7e6c0f4483063659cc6404a7ef0a1a9acfa45eac7a8105912547cde556841456d6e7b1
SSDEEP

12288:NP3aC4AtoXOgZzSRV844+qLSZZfJimiqXCWL9w:p0Og0lnUSZjFXlw

Score

7^/10

Malware Config

Targets

- Target
  
  vblob.rar
- Size
  
  472KB
- MD5
  
  3f6d2008648730e00b03c35f8dc7c219
- SHA1
  
  33edc8277c52cd2b1c9e0cab846c9f63e5bc5a9c
- SHA256
  
  0afe4ad2eb7df24e1880f2b6c1c9f965a1d4e1d1b70a276487c1705ebd20cffd
- SHA512
  
  45a1b18e32c094c0818ff8a9ea10a28b29b723129a3753950170288dca7e6c0f4483063659cc6404a7ef0a1a9acfa45eac7a8105912547cde556841456d6e7b1
- SSDEEP
  
  12288:NP3aC4AtoXOgZzSRV844+qLSZZfJimiqXCWL9w:p0Og0lnUSZjFXlw
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  Vblob cs2 external/Vblob external.exe
- Size
  
  1004KB
- MD5
  
  f325bca9e8b0f6b0ca69341376117e43
- SHA1
  
  523e681598aab11464c3b7b6b321c0c000c56e86
- SHA256
  
  d75551b96e7c9112aa131f85a6a55f3340d4db1599ed867d262bde0fcca6865c
- SHA512
  
  a6daf6d75cb107b281b04dd510e7c91fde96e9609e23897956a3286d624e2f41ba576c96e8c3c499967814502f8d93691310a7864a944d06037e7c6f7d71fc3d
- SSDEEP
  
  24576:rMZoUgU7z9gMK8rmbLh0lhSMXl2pnnJDen:rMG/G99rmWcnJ
Score

1^/10
behavioral3 behavioral4
- Target
  
  Vblob cs2 external/client.dll.json
- Size
  
  305KB
- MD5
  
  cefd76d568b06cc0bfc8bee53d10434c
- SHA1
  
  b2533d5e0625a8bb177a09c38a4e65eb4f6c8a3a
- SHA256
  
  310a7952852e6b5e44b3a53e6861f5cb6020a1429a6d705000d32686af308ab9
- SHA512
  
  cbcf455ff3d87fd244e37b9f68177f466ff61b55d5f82f63cf282f65723df86759a968ad1c704034398171f8cef8fd191dc5300f1e79652a3d8769569c91453f
- SSDEEP
  
  1536:upEp/kWPNgY5eVxMdOVXDmMgyQtbXuqKREqfWUbqGTjnVX:OQ/kmYC8DQFuq3UbxX
Score

3^/10
behavioral5 behavioral6
- Target
  
  Vblob cs2 external/imgui.ini
- Size
  
  135B
- MD5
  
  4a04e54f13b6ad18a2ec025c0cc8cd87
- SHA1
  
  2910d79396ee9daf603501797656b18433c6c815
- SHA256
  
  df3cd9448f2b957d29caff8f81ab981082232600b5f5a99c9dabde89eb3e8ded
- SHA512
  
  b30215b0a6a846be64b3cd227742be96213c46b4d6593a4db2c646b361efd09709850f5e9137e34398769c992ec7a5aa3614e36ecfc13f3f5481a9bdeb060c76
Score

1^/10
behavioral7 behavioral8
- Target
  
  Vblob cs2 external/offsets.json
- Size
  
  3KB
- MD5
  
  7442751c4ae1785eb18698c53e7701fa
- SHA1
  
  2a3c775253ff0ce9ab6308c541723b8105448215
- SHA256
  
  ffbfff7c75a6b49279d64c99fbb4b30dd00fcec2ce332f157f690a7a9cc21b99
- SHA512
  
  a5c32785cee0c2c16e5ef3a5a1c2f2bb06392a2b9103dbf4c6be1a59a2ad09205752f267a551891b5006032153b4fd157de03606d34aad4eeaf728ff7de77f8a
Score

3^/10
behavioral10 behavioral9
- Target
  
  Vblob cs2 external/password.txt
- Size
  
  6B
- MD5
  
  209d439cb668c11fc8657c4d90dee1d2
- SHA1
  
  a391966db543be345a32253e253945cdf5d18996
- SHA256
  
  095bd725ce5687fb57da31700bd214f1165170468a996a7a21071df91e5f9cfa
- SHA512
  
  c31ae785ddb0e66540fd8d76240334cb3dab6110f38e4f42f4760d6a33f8282ee48e5b6e93bee262bf4c34dfe522907736b07cc2c032c8f0b190ce236fc415b9
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12