General
-
Target
ver3_release_file.rar
-
Size
11.2MB
-
Sample
240409-sdhd6sde5v
-
MD5
a58741d016d402019ab53477fd58d8a7
-
SHA1
795678c7f0a514edee7195ec70e1b3195a9c3fe1
-
SHA256
3ea1e1a174c2142f3555390abc038568079b822e1ad3aa542c184ef296f848af
-
SHA512
dc631db4b8fea6f3725a62a4ffcd1e97ad7b26e6f47f712bc5a0f1171da4130586342fa7e04b4f14b4f907388a166d93bf2aaf376b9c07aedfeaab44e4cd1663
-
SSDEEP
196608:PAJtsefIc0qb3M7Jfh+ZDJeOH1AbjFQopetoADg/khQR5qTRAK:PAJtsoI/U3Mhh+ZVeOH1ujh1cSR5NK
Behavioral task
behavioral1
Sample
LiteRes.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
LiteRes.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
LiteSkinUtils.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
LiteSkinUtils.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
bentonite.png
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
bentonite.png
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
setup.exe
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
LiteRes.dll
-
Size
735KB
-
MD5
88962410244bc5c03482b82a7e3cb5e1
-
SHA1
4622be2d3deda305bf0a16c0e01bc2ecf9d56fad
-
SHA256
afa884228afc5c05f4b47e90b6de42854d5a8886ec5ed15a253faeccd5309036
-
SHA512
c6e7667f91c1439e33ad4d9e2052b7c9fcc3ca2c7688d9e2bc0550b71a5762b76aa76427331df0217429d9bd984925997c7a8d009f25e44e2776c5ce7cc9d98c
-
SSDEEP
6144:x9Ej/jb82/HRoXO1q2pt+Mc1/PDPicsUzM+gYESoE/wOuET8F62bH5vnGfcJvl+b:fqptG/PDPo0no2Iq8F6CHBTWqU
Score1/10 -
-
-
Target
LiteSkinUtils.dll
-
Size
48KB
-
MD5
059d94e8944eca4056e92d60f7044f14
-
SHA1
46a491abbbb434b6a1a2a1b1a793d24acd1d6c4b
-
SHA256
9fa7cacb5730faacc2b17d735c45ee1370130d863c3366d08ec013afe648bfa6
-
SHA512
0f45fe8d5e80a8fabf9a1fd2a3f69b2c4ebb19f5ffdcfec6d17670f5577d5855378023a91988e0855c4bd85c9b2cc80375c3a0acb1d7a701aff32e9e78347902
-
SSDEEP
768:FPGeoWyuTx6vrP/zAdWQS6Z9CSKh64crVKTl9inMUAK:tGeJxIHepSKzjVK9iMUAK
Score1/10 -
-
-
Target
bentonite.cfg
-
Size
963KB
-
MD5
e7c43dc3ec4360374043b872f934ec9e
-
SHA1
6514933e53c6eb9594786a773f75595b0eafeaf7
-
SHA256
658ac17f4047ccc594edfd7c038701fe2c72ec2edf4aefe6f3c2dd28ab3dd471
-
SHA512
43b8cb4cacf8bc1e26f7c6af4e58d877287057975b3e28c52d4a3afa478b447a921fbde729ef24be9eb3858c00968455a6873a67e409a6a3fe6a35703470bd6b
-
SSDEEP
24576:gvnQ8rX+HfLmktxk2ZtrWIxff17XIDHVuJnUNObt/D+jQ9e+k:gvnD+SaZt5X2qAyasev
Score3/10 -
-
-
Target
setup.exe
-
Size
759.0MB
-
MD5
ecd36a87035b88802b3c4f773cac0111
-
SHA1
3c28b5ef80d4426d6581cf28ca77277f3f16e2cf
-
SHA256
8b956cd61b9ac4136b0116e82921f9caa51a88243f903714024e0a8ae825eae1
-
SHA512
d477daf4c1aeb34eba8fc83f34f9aac43cef5bb2536f43a287c238708234e4ecfc4e6dd64e1ce520d85d3f69d839443656a9d140e0ee078b0424353af9467689
-
SSDEEP
98304:xTTvNIr32pbNW8gmZAC7qrMMHxq2w0PMnVJZ2/plj17:xTTc3qhjgIlqrMc1b9
-
Modifies firewall policy service
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-