2a22be4c7e3a17d6a408b0c0547cc181e148ab20c2e3f048791b421280686544 | Triage

Sharing

General

Target

REAPER_KeyGen.exe
Size

688KB
Sample

240410-dvfvcace88
MD5

fd5a3b2e2933ea1151d71f9cefc9fbcf
SHA1

8c7596bc39e7945ac58396102386f77db6dda4be
SHA256

2a22be4c7e3a17d6a408b0c0547cc181e148ab20c2e3f048791b421280686544
SHA512

3299c6534b2a09158c3decdec536e4296c2a2a31f32edfb5da1de413036a0f9475549ad14a7b891c0e413839f1dbaf03e1bb75b576e545e6a4138650b3533a30
SSDEEP

12288:sc9t2SllULgBqjW0PPdH5DVIXKGE6/gBQpoZmp2FTV0RY5wmm64a:scLyLBW0VHpag2KZmp2F2Rd64a

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  REAPER_KeyGen.exe
- Size
  
  688KB
- MD5
  
  fd5a3b2e2933ea1151d71f9cefc9fbcf
- SHA1
  
  8c7596bc39e7945ac58396102386f77db6dda4be
- SHA256
  
  2a22be4c7e3a17d6a408b0c0547cc181e148ab20c2e3f048791b421280686544
- SHA512
  
  3299c6534b2a09158c3decdec536e4296c2a2a31f32edfb5da1de413036a0f9475549ad14a7b891c0e413839f1dbaf03e1bb75b576e545e6a4138650b3533a30
- SSDEEP
  
  12288:sc9t2SllULgBqjW0PPdH5DVIXKGE6/gBQpoZmp2FTV0RY5wmm64a:scLyLBW0VHpag2KZmp2F2Rd64a
Score

8^/10

evasion
- Downloads MZ/PE file
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
behavioral1
- Target
  
  $TEMP/BASSMOD.dll
- Size
  
  33KB
- MD5
  
  e4ec57e8508c5c4040383ebe6d367928
- SHA1
  
  b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06
- SHA256
  
  8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f
- SHA512
  
  77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822
- SSDEEP
  
  768:qQmS5iUgi5czW+DlrQOS1DeDdjgNtbX4O6DHix84H0:qQz5Tgof+DdpS1+djctLSHiZ0
Score

1^/10
behavioral2
- Target
  
  $TEMP/R2RRPRKG.dll
- Size
  
  232KB
- MD5
  
  42bd86289f5d56522d73f5b1d14a2300
- SHA1
  
  ec577994687bdac4fb5cd237f89583ea87fac5a8
- SHA256
  
  f4004b3d39093bd1ea159c285b12c3a94ed110d48f29d4548f4fcb891e6c6530
- SHA512
  
  686f9a8538b7603a43bd6266817f4c4d94b8186b5a9ac057bd100691add36253751a5d2455527353d61c3512cdb8658dec01cf490ba05fe36522674653077f57
- SSDEEP
  
  6144:4a5ns9BtiFOcYlbSLDpZLopjNCsgSoYzN96vQt4K+7:thOzlWvpZLAjNCPQNcvQ7K
Score

3^/10
behavioral3
- Target
  
  $TEMP/keygen.exe
- Size
  
  477KB
- MD5
  
  7867ffa49a15b1c1c98fa28f6f4915d5
- SHA1
  
  841ab6d9e30f89022129243cf7c15b7ce02b55c3
- SHA256
  
  11f7d1889f87bcdb136e2ffcd4d4dc6daddfaeee4c2d418585e11aeabf45afa3
- SHA512
  
  a705ef34997ed5a083e0c1436a707da0eeb00ee74da928f397cbd6fe5ef4c17e11f461092ac8cd395752b8a51bbb1d94537d1933c2316eacd1f5a06bba3d2712
- SSDEEP
  
  12288:tpGVQ4KQonRBVrzRNGh3GvfFWvppDxHGfPlGw4:tp1QonRBVrziC01HGfPo
Score

1^/10
behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4