9a6ae29076f271ff9d607732b48762f12689dd7ab3887d4638a22ab7948b8e32

Sharing

Copy URL

Twitter E-mail

General

Target

UB Downloads 6.4.24.rar
Size

30.5MB
Sample

240411-f9grasdd66
MD5

49e8f9b808581d545b161247bf01729c
SHA1

3cf799565e285793113d7dbfa1fe514697733ac3
SHA256

9a6ae29076f271ff9d607732b48762f12689dd7ab3887d4638a22ab7948b8e32
SHA512

c8bed70ee04d30190658e9cc7b243ce865b8c47ee11df255e84d399930eb3025203a25351841dc791dccf4373fc39f986df1e5ab1f3742b7d74c2b8a6d1701cf
SSDEEP

786432:kA+bKqRlFt1JBlXKsUWRI+l4kQhk2Ek33zba6:kACFNXKs5l4RkkXa6

Score

9^/10

Malware Config

Targets

- Target
  
  UB Downloads 6.4.24/UB Downloads/Loud Chair.exe
- Size
  
  13.2MB
- MD5
  
  98bacaf4133c9b00d4f84bfc4ae8eecd
- SHA1
  
  29d668c06dcf1b03be9c29039b41853fd164c8f6
- SHA256
  
  357b7b31ebafb438f27e9117b9385d5423f69c6704416adb9bfafd9b0822c42d
- SHA512
  
  6f221e477ceed21bfbbd6942ce1d3ddbca0991a4ab2266988f42dd7380041b7e68f154761ef10c943d669cd357f909889c578459aefe7a6814bd8f8a09e7fde8
- SSDEEP
  
  393216:dF8GsIpSpyQyAwgag97/TLBjnj15XqvG:dFRlpSpyFAwgLbTLB94vG
Score

8^/10

evasion
- Looks for VMWare Tools registry key
  evasion
- Deletes itself
- Executes dropped EXE
behavioral1
- Target
  
  UB Downloads 6.4.24/UB Downloads/Privacy Protector.exe
- Size
  
  8.6MB
- MD5
  
  fbf038e5ef2e30da99e88371531dfebc
- SHA1
  
  b0507491cf241aa4da8b73ef513528b2a937aa2c
- SHA256
  
  0890f0b89e5c5745ad4bfaf1ca6459c5b765adae9cc2d0988e9456894350b434
- SHA512
  
  2526c6e621b64c861aa5baddd9e80d2bdd5cd7d628be115584e3f0471536ab95ef85be48ae06b5207bc70f9e6eeeb75ceebc2594ebda6b1878cbc22f8321ea84
- SSDEEP
  
  196608:gAHP6FQVWZ0C1+eqy/rRXEChq+ZExY37lJo9aM2yf/2dI:KPqWRUChqCtLlW5X2dI
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral2
- Target
  
  UB Downloads 6.4.24/UB Downloads/UB Silent/bsod fix.bat
- Size
  
  415B
- MD5
  
  392f331dc1744fbe560a2a17d7ca838f
- SHA1
  
  817559945e137d036f47b26696d4fab5f22572c1
- SHA256
  
  318ae14fd3712848ed06c109d36a9df600964e1d827581f980c121d52a7b5df5
- SHA512
  
  0b1023402d8bf343cdee0e1e643209a65879dca4a7e22862b28ba08dea2d1a72ff651ab757ce32ad11add2aad61b44f36a64d1c754bdbe1ea740c44c2857c0dd
Score

1^/10
behavioral3
- Target
  
  UB Downloads 6.4.24/UB Downloads/UB Silent/u237cgatAh2.exe
- Size
  
  5.6MB
- MD5
  
  0e2c1ee8e6bdb339094ec24026a01e20
- SHA1
  
  449972cb63e21bf25d03ad1e85cf87af97c75a2e
- SHA256
  
  ffe104f44b6a84074e2305fba55c1cb777446d1dace44c23eaf873536dcc542f
- SHA512
  
  c0a71a9d796802bdf7110c8f69ebdaeb9c968df69b41a8bc1ff52f3a4082f40df93085ec278863acc93763ca11114b4eac5278db136540be0bea67aa93c607c5
- SSDEEP
  
  98304:6s2vdJmvMwJ2liHiHeCJ+46C2m0B/YMh6FuLChc4n5Gc6jLq:6pdJK/46iHu4525Vh6FuLChRn5l6j2
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral4
- Target
  
  UB Downloads 6.4.24/UB Downloads/UB Silent/w11 fix.bat
- Size
  
  507B
- MD5
  
  6fb44052dc5a85a097feeb91d7a81712
- SHA1
  
  29db33e6cf3286a6ba82af684ac535d42b43d257
- SHA256
  
  7ec1b31de3b0114c266df0b475c5c582a504c7c38f7127949df27f78a5d1c026
- SHA512
  
  ee9dbcc0a7340ec6fe968ba611f0849fd1b77b88cb5deaad4c6a516a417abaf14055021e949ca04fde979364f060504c911fede81b0c492b651ea1b3f246494a
Score

9^/10

evasion ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Executes dropped EXE
- Loads dropped DLL
behavioral5
- Target
  
  UB Downloads 6.4.24/UB Downloads/Unlock All/bsod fix.bat
- Size
  
  415B
- MD5
  
  392f331dc1744fbe560a2a17d7ca838f
- SHA1
  
  817559945e137d036f47b26696d4fab5f22572c1
- SHA256
  
  318ae14fd3712848ed06c109d36a9df600964e1d827581f980c121d52a7b5df5
- SHA512
  
  0b1023402d8bf343cdee0e1e643209a65879dca4a7e22862b28ba08dea2d1a72ff651ab757ce32ad11add2aad61b44f36a64d1c754bdbe1ea740c44c2857c0dd
Score

1^/10
behavioral6
- Target
  
  UB Downloads 6.4.24/UB Downloads/Unlock All/nRi28Wtqb1.exe
- Size
  
  5.6MB
- MD5
  
  872b0fa8c0306040f181d08c5d7a252b
- SHA1
  
  a08cf74361c96aa4d7e4503af6563c63b95f1973
- SHA256
  
  3a5576c4e7d9ed56cc295fea24ef0fa68cf4235dfefa434caa32015887e757c3
- SHA512
  
  23d8610ac8bfcb68695b652dd8d35edcc5f17994c90966ef0cabf11489d983cc852dd8e6d36ec85c78ec6f63cb6a7b21238a6d9687494f3ef99bc7ca86a4a277
- SSDEEP
  
  98304:GRx4heu/+/tswG+PJPigEtVTH41ZE6HqM/aZeOO4wZivrH/LXmfI1ZWQpy:GL4gy+/tbG+PJa3txT6KKaLbwZivrjdJ
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral7
- Target
  
  UB Downloads 6.4.24/UB Downloads/Unlock All/w11 fix.bat
- Size
  
  507B
- MD5
  
  6fb44052dc5a85a097feeb91d7a81712
- SHA1
  
  29db33e6cf3286a6ba82af684ac535d42b43d257
- SHA256
  
  7ec1b31de3b0114c266df0b475c5c582a504c7c38f7127949df27f78a5d1c026
- SHA512
  
  ee9dbcc0a7340ec6fe968ba611f0849fd1b77b88cb5deaad4c6a516a417abaf14055021e949ca04fde979364f060504c911fede81b0c492b651ea1b3f246494a
Score

9^/10

evasion ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Executes dropped EXE
- Loads dropped DLL
behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

T1490

Tasks

Sharing

General

Malware Config

Targets

Looks for VMWare Tools registry key

Deletes itself

Executes dropped EXE

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Modifies boot configuration data using bcdedit

Executes dropped EXE

Loads dropped DLL

Suspicious use of NtSetInformationThreadHideFromDebugger

Modifies boot configuration data using bcdedit

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8