General

  • Target

    ver3_release_file.rar

  • Size

    11.2MB

  • Sample

    240409-sdhd6sde5v

  • MD5

    a58741d016d402019ab53477fd58d8a7

  • SHA1

    795678c7f0a514edee7195ec70e1b3195a9c3fe1

  • SHA256

    3ea1e1a174c2142f3555390abc038568079b822e1ad3aa542c184ef296f848af

  • SHA512

    dc631db4b8fea6f3725a62a4ffcd1e97ad7b26e6f47f712bc5a0f1171da4130586342fa7e04b4f14b4f907388a166d93bf2aaf376b9c07aedfeaab44e4cd1663

  • SSDEEP

    196608:PAJtsefIc0qb3M7Jfh+ZDJeOH1AbjFQopetoADg/khQR5qTRAK:PAJtsoI/U3Mhh+ZVeOH1ujh1cSR5NK

Score
10/10

Malware Config

Targets

    • Target

      LiteRes.dll

    • Size

      735KB

    • MD5

      88962410244bc5c03482b82a7e3cb5e1

    • SHA1

      4622be2d3deda305bf0a16c0e01bc2ecf9d56fad

    • SHA256

      afa884228afc5c05f4b47e90b6de42854d5a8886ec5ed15a253faeccd5309036

    • SHA512

      c6e7667f91c1439e33ad4d9e2052b7c9fcc3ca2c7688d9e2bc0550b71a5762b76aa76427331df0217429d9bd984925997c7a8d009f25e44e2776c5ce7cc9d98c

    • SSDEEP

      6144:x9Ej/jb82/HRoXO1q2pt+Mc1/PDPicsUzM+gYESoE/wOuET8F62bH5vnGfcJvl+b:fqptG/PDPo0no2Iq8F6CHBTWqU

    Score
    1/10
    • Target

      LiteSkinUtils.dll

    • Size

      48KB

    • MD5

      059d94e8944eca4056e92d60f7044f14

    • SHA1

      46a491abbbb434b6a1a2a1b1a793d24acd1d6c4b

    • SHA256

      9fa7cacb5730faacc2b17d735c45ee1370130d863c3366d08ec013afe648bfa6

    • SHA512

      0f45fe8d5e80a8fabf9a1fd2a3f69b2c4ebb19f5ffdcfec6d17670f5577d5855378023a91988e0855c4bd85c9b2cc80375c3a0acb1d7a701aff32e9e78347902

    • SSDEEP

      768:FPGeoWyuTx6vrP/zAdWQS6Z9CSKh64crVKTl9inMUAK:tGeJxIHepSKzjVK9iMUAK

    Score
    1/10
    • Target

      bentonite.cfg

    • Size

      963KB

    • MD5

      e7c43dc3ec4360374043b872f934ec9e

    • SHA1

      6514933e53c6eb9594786a773f75595b0eafeaf7

    • SHA256

      658ac17f4047ccc594edfd7c038701fe2c72ec2edf4aefe6f3c2dd28ab3dd471

    • SHA512

      43b8cb4cacf8bc1e26f7c6af4e58d877287057975b3e28c52d4a3afa478b447a921fbde729ef24be9eb3858c00968455a6873a67e409a6a3fe6a35703470bd6b

    • SSDEEP

      24576:gvnQ8rX+HfLmktxk2ZtrWIxff17XIDHVuJnUNObt/D+jQ9e+k:gvnD+SaZt5X2qAyasev

    Score
    3/10
    • Target

      setup.exe

    • Size

      759.0MB

    • MD5

      ecd36a87035b88802b3c4f773cac0111

    • SHA1

      3c28b5ef80d4426d6581cf28ca77277f3f16e2cf

    • SHA256

      8b956cd61b9ac4136b0116e82921f9caa51a88243f903714024e0a8ae825eae1

    • SHA512

      d477daf4c1aeb34eba8fc83f34f9aac43cef5bb2536f43a287c238708234e4ecfc4e6dd64e1ce520d85d3f69d839443656a9d140e0ee078b0424353af9467689

    • SSDEEP

      98304:xTTvNIr32pbNW8gmZAC7qrMMHxq2w0PMnVJZ2/plj17:xTTc3qhjgIlqrMc1b9

    Score
    10/10
    • Modifies firewall policy service

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks