Overview
overview
9Static
static
7UB Downloa...ir.exe
windows10-1703-x64
8UB Downloa...or.exe
windows10-1703-x64
9UB Downloa...ix.bat
windows10-1703-x64
1UB Downloa...h2.exe
windows10-1703-x64
5UB Downloa...ix.bat
windows10-1703-x64
9UB Downloa...ix.bat
windows10-1703-x64
1UB Downloa...b1.exe
windows10-1703-x64
5UB Downloa...ix.bat
windows10-1703-x64
9General
-
Target
UB Downloads 6.4.24.rar
-
Size
30.5MB
-
Sample
240411-f9grasdd66
-
MD5
49e8f9b808581d545b161247bf01729c
-
SHA1
3cf799565e285793113d7dbfa1fe514697733ac3
-
SHA256
9a6ae29076f271ff9d607732b48762f12689dd7ab3887d4638a22ab7948b8e32
-
SHA512
c8bed70ee04d30190658e9cc7b243ce865b8c47ee11df255e84d399930eb3025203a25351841dc791dccf4373fc39f986df1e5ab1f3742b7d74c2b8a6d1701cf
-
SSDEEP
786432:kA+bKqRlFt1JBlXKsUWRI+l4kQhk2Ek33zba6:kACFNXKs5l4RkkXa6
Behavioral task
behavioral1
Sample
UB Downloads 6.4.24/UB Downloads/Loud Chair.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
UB Downloads 6.4.24/UB Downloads/Privacy Protector.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
UB Downloads 6.4.24/UB Downloads/UB Silent/bsod fix.bat
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
UB Downloads 6.4.24/UB Downloads/UB Silent/u237cgatAh2.exe
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
UB Downloads 6.4.24/UB Downloads/UB Silent/w11 fix.bat
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
UB Downloads 6.4.24/UB Downloads/Unlock All/bsod fix.bat
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
UB Downloads 6.4.24/UB Downloads/Unlock All/nRi28Wtqb1.exe
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
UB Downloads 6.4.24/UB Downloads/Unlock All/w11 fix.bat
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
UB Downloads 6.4.24/UB Downloads/Loud Chair.exe
-
Size
13.2MB
-
MD5
98bacaf4133c9b00d4f84bfc4ae8eecd
-
SHA1
29d668c06dcf1b03be9c29039b41853fd164c8f6
-
SHA256
357b7b31ebafb438f27e9117b9385d5423f69c6704416adb9bfafd9b0822c42d
-
SHA512
6f221e477ceed21bfbbd6942ce1d3ddbca0991a4ab2266988f42dd7380041b7e68f154761ef10c943d669cd357f909889c578459aefe7a6814bd8f8a09e7fde8
-
SSDEEP
393216:dF8GsIpSpyQyAwgag97/TLBjnj15XqvG:dFRlpSpyFAwgLbTLB94vG
Score8/10-
Looks for VMWare Tools registry key
-
Deletes itself
-
Executes dropped EXE
-
-
-
Target
UB Downloads 6.4.24/UB Downloads/Privacy Protector.exe
-
Size
8.6MB
-
MD5
fbf038e5ef2e30da99e88371531dfebc
-
SHA1
b0507491cf241aa4da8b73ef513528b2a937aa2c
-
SHA256
0890f0b89e5c5745ad4bfaf1ca6459c5b765adae9cc2d0988e9456894350b434
-
SHA512
2526c6e621b64c861aa5baddd9e80d2bdd5cd7d628be115584e3f0471536ab95ef85be48ae06b5207bc70f9e6eeeb75ceebc2594ebda6b1878cbc22f8321ea84
-
SSDEEP
196608:gAHP6FQVWZ0C1+eqy/rRXEChq+ZExY37lJo9aM2yf/2dI:KPqWRUChqCtLlW5X2dI
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
UB Downloads 6.4.24/UB Downloads/UB Silent/bsod fix.bat
-
Size
415B
-
MD5
392f331dc1744fbe560a2a17d7ca838f
-
SHA1
817559945e137d036f47b26696d4fab5f22572c1
-
SHA256
318ae14fd3712848ed06c109d36a9df600964e1d827581f980c121d52a7b5df5
-
SHA512
0b1023402d8bf343cdee0e1e643209a65879dca4a7e22862b28ba08dea2d1a72ff651ab757ce32ad11add2aad61b44f36a64d1c754bdbe1ea740c44c2857c0dd
Score1/10 -
-
-
Target
UB Downloads 6.4.24/UB Downloads/UB Silent/u237cgatAh2.exe
-
Size
5.6MB
-
MD5
0e2c1ee8e6bdb339094ec24026a01e20
-
SHA1
449972cb63e21bf25d03ad1e85cf87af97c75a2e
-
SHA256
ffe104f44b6a84074e2305fba55c1cb777446d1dace44c23eaf873536dcc542f
-
SHA512
c0a71a9d796802bdf7110c8f69ebdaeb9c968df69b41a8bc1ff52f3a4082f40df93085ec278863acc93763ca11114b4eac5278db136540be0bea67aa93c607c5
-
SSDEEP
98304:6s2vdJmvMwJ2liHiHeCJ+46C2m0B/YMh6FuLChc4n5Gc6jLq:6pdJK/46iHu4525Vh6FuLChRn5l6j2
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
UB Downloads 6.4.24/UB Downloads/UB Silent/w11 fix.bat
-
Size
507B
-
MD5
6fb44052dc5a85a097feeb91d7a81712
-
SHA1
29db33e6cf3286a6ba82af684ac535d42b43d257
-
SHA256
7ec1b31de3b0114c266df0b475c5c582a504c7c38f7127949df27f78a5d1c026
-
SHA512
ee9dbcc0a7340ec6fe968ba611f0849fd1b77b88cb5deaad4c6a516a417abaf14055021e949ca04fde979364f060504c911fede81b0c492b651ea1b3f246494a
Score9/10-
Modifies boot configuration data using bcdedit
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
UB Downloads 6.4.24/UB Downloads/Unlock All/bsod fix.bat
-
Size
415B
-
MD5
392f331dc1744fbe560a2a17d7ca838f
-
SHA1
817559945e137d036f47b26696d4fab5f22572c1
-
SHA256
318ae14fd3712848ed06c109d36a9df600964e1d827581f980c121d52a7b5df5
-
SHA512
0b1023402d8bf343cdee0e1e643209a65879dca4a7e22862b28ba08dea2d1a72ff651ab757ce32ad11add2aad61b44f36a64d1c754bdbe1ea740c44c2857c0dd
Score1/10 -
-
-
Target
UB Downloads 6.4.24/UB Downloads/Unlock All/nRi28Wtqb1.exe
-
Size
5.6MB
-
MD5
872b0fa8c0306040f181d08c5d7a252b
-
SHA1
a08cf74361c96aa4d7e4503af6563c63b95f1973
-
SHA256
3a5576c4e7d9ed56cc295fea24ef0fa68cf4235dfefa434caa32015887e757c3
-
SHA512
23d8610ac8bfcb68695b652dd8d35edcc5f17994c90966ef0cabf11489d983cc852dd8e6d36ec85c78ec6f63cb6a7b21238a6d9687494f3ef99bc7ca86a4a277
-
SSDEEP
98304:GRx4heu/+/tswG+PJPigEtVTH41ZE6HqM/aZeOO4wZivrH/LXmfI1ZWQpy:GL4gy+/tbG+PJa3txT6KKaLbwZivrjdJ
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
UB Downloads 6.4.24/UB Downloads/Unlock All/w11 fix.bat
-
Size
507B
-
MD5
6fb44052dc5a85a097feeb91d7a81712
-
SHA1
29db33e6cf3286a6ba82af684ac535d42b43d257
-
SHA256
7ec1b31de3b0114c266df0b475c5c582a504c7c38f7127949df27f78a5d1c026
-
SHA512
ee9dbcc0a7340ec6fe968ba611f0849fd1b77b88cb5deaad4c6a516a417abaf14055021e949ca04fde979364f060504c911fede81b0c492b651ea1b3f246494a
Score9/10-
Modifies boot configuration data using bcdedit
-
Executes dropped EXE
-
Loads dropped DLL
-