General

  • Target

    Setup-pass-2024.rar

  • Size

    220.0MB

  • Sample

    240411-ykgn4sbc83

  • MD5

    be5044b2726e37905f48fec2671bab5a

  • SHA1

    e21a92e5cc46a24349fce2fb3eabf6532273fb70

  • SHA256

    160542f4cd93589d1cc84e6e43be8e2adfb8021fee0b02917d23fdf7fad7b652

  • SHA512

    1708d179f7e87562edd38085965a743acd1f37bb5ba69ea175fd61c20e0e410d2f357a56ab3557a72908f8bae5c5f8db56e500027ccb125c6b7d38eff575d4df

  • SSDEEP

    6291456:t3eNI+WtsMeXrJXzhGM0ZnotGiCi7WwpFCz:9ee+EsMkdgtZoZ7pFCz

Malware Config

Targets

    • Target

      Setup-pass-2024/Engine.dll

    • Size

      277KB

    • MD5

      393b1e735bfbb4eb477e5e874a2df143

    • SHA1

      6add86d9df22768650091327801d955d44ac254a

    • SHA256

      7dd90579f190d6f57fec82372dc1ccc525ae02e0312c7b48f063ce1de4159fe1

    • SHA512

      294f2b3cff13641af1ed52521be1862dee42eb320f89b2491f99c6bc83c6838397a3eb43c57ebee8407aa85628abebda279ed15994e6c31e1ad6fbdda72ac18e

    • SSDEEP

      6144:XiHBjjCdNQ+rqEJ/HT8dAhzMdCOJUuHMFx4M3Xjz:XPdC+rz8yqdH2qn4z

    Score
    1/10
    • Target

      Setup-pass-2024/Setup.exe

    • Size

      5.3MB

    • MD5

      f8842eb19e08fabccc6b44e3d486f421

    • SHA1

      b385bfa4fc281209226573e5ff30cb054ef8fded

    • SHA256

      52bc27b219b3048e1dadf4f673281ced218a0ff023bea21f9d4fd09156bdf24d

    • SHA512

      ec1aa745908a98b65e36213ece61fe0d488196e2a3135cee8937f3e3c7d6268ad040fff81b9ad961325e41012654bb5c41ffc92c95b9068bf0c9b44a2f86ca01

    • SSDEEP

      98304:hLvMDe7SkB8nRHA3UYazCf/NH9ahq/yVlhs4VfSJXtHpivPrYGNgR2:hLvMOSkmnR+dazCf/NdyZNrqnePrfNgw

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      Setup-pass-2024/Setup.ini

    • Size

      2KB

    • MD5

      3428c5c1c70a362e1e843902b72fdf00

    • SHA1

      3d3f116cf71537e87811baa1fc396288e99b136b

    • SHA256

      23010034944e02f06cd16bccebbb5e697d43cfd80d82d5f83fe163a1734d21c5

    • SHA512

      60489fed8c74caf318fd451571f778f417f23a019e42e40818ace3bca85a53431577f8c1d0813b3644903e31d3e6db71b8ccb5c8b1f2157365e006458cc44e54

    Score
    1/10
    • Target

      Setup-pass-2024/SxsMigPlugin.dll

    • Size

      3KB

    • MD5

      f99cc48affc494fe82fc907fee9e9a2d

    • SHA1

      54e393648404c48e77b869de6a99a8e2094c8160

    • SHA256

      e2fa70d020ad492849ba1d60792ab2a8ab259fc7e3609a9c5f2a07deea765eec

    • SHA512

      7b58da286d3b46344d9563397a9f145d741a89935c28d015183918458f8649301b3005288d3da658e863e0235b43ba6fe648ce0c5f6960ca7538bf3b0a9444b6

    Score
    1/10
    • Target

      Setup-pass-2024/addins/FXSEXT.ecf

    • Size

      802B

    • MD5

      18515f8ddaee2750c81d768f2c0e7117

    • SHA1

      6f597c85e807c88d4bbf5dee7996ffb1df86825b

    • SHA256

      eb747d87c739be28189684a84afcf6026f83e10c572492093b1e2efc573554bd

    • SHA512

      b9aaf3900b80e5132c2cb8d5ba93f164a3f52bfea9267b93172edfb2c57fefa7558d7a447ae3bb8fbc99f8abdc0ae0e17eae1fbcfe383031e6b4b5487ba0eda6

    Score
    3/10
    • Target

      Setup-pass-2024/bcastdvr/KnownGameList.bin

    • Size

      428KB

    • MD5

      1fd787a28854979a68541a69e7f66928

    • SHA1

      a2bc97cb5888c1ce92f5ca9017611dcaa6b795ff

    • SHA256

      5e11cb486d2dafe5c5cbe61e4cc9fb3ce0f9d2d2595ac5ea4a6d8f368c29bfa7

    • SHA512

      12e8f9be11986736d14998d091ebb70d2f861f97a84fbecdd8dc2fbb84c7c8d730ae8188c22ac481dca75c52fa761c5946899a106d5b234d2be752e120e1ac82

    • SSDEEP

      3072:oQhTLwP0eyR9ZB1hjlMdN01qEbAo13wm7ldJneLHbpDbJWbg0DqdJJuFGDlQRTb/:fhTkP0j7ZLhls01171gm5neNFetc6b/

    Score
    3/10
    • Target

      Setup-pass-2024/bcastdvr/broadcastpause720.h264

    • Size

      294KB

    • MD5

      067d0a32b6b1509486339a3e307abc9b

    • SHA1

      5a709d13e6967c0a30d3077f4883253fd6bbf194

    • SHA256

      0ad4fda30f59be8c596757a591ef45cb00ec2f88b522d827e1e100bf4c503af1

    • SHA512

      45e0a92bb8dbadb36d0994f3d6a76f54611a5d988ed16a4c62716cc5f4f960bd89c458b70800037ad2ffea160db0458e53509b144dfca3109490c3194dc09ee9

    • SSDEEP

      6144:+I42B6W+6MlWnt8+0rKvx+tEfHiIgyn28PoQfdp2:t+6BnqzrKvx+t4HiIhPoyz2

    Score
    3/10
    • Target

      Setup-pass-2024/data0.bin

    • Size

      214.2MB

    • MD5

      bff3f63753d4981820d3618a640590b6

    • SHA1

      e9f46c448c1168290132b97c8768db5b6a944807

    • SHA256

      28063ee166a278a299f8da0cc3e32ff44a2942826d6822f9b5394e16a9b62cac

    • SHA512

      a96c6c434e1dcccac93b072eb5250280bc87945d0efbb50c91752e0c4676524bfe466c912c442d59813381d49d4707c1e2b627ee4f7684eb4e06affe89760bdc

    • SSDEEP

      6291456:/3eNI+WtsMeXrJXzhGM0ZnotGiCi7WwpFC/:fee+EsMkdgtZoZ7pFC/

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      Setup-pass-2024/sxs.dll

    • Size

      36KB

    • MD5

      085f577b4c62e09f75976a42ad6e0ba6

    • SHA1

      352b0ceff96e2b447f0b5831074ac64d4151fc31

    • SHA256

      2a3f610ffb12bd04f14410ca0c4a597170a27100253d368e437d582e1294ff38

    • SHA512

      c7b8107a13e86a8ff69eefb29dd78b57e2bd8867ba83ad8745c0ee14bd11e91d73c57c16d6dfd2a5660e2ed56b1b63b4d7aa524a7e89b18e31aca078018af152

    • SSDEEP

      768:KuEgDJRJIxsudVcaiTGDIleiCoJAZ935ZEXn9i7dzv+Zj8+qyevh:K6DJRJIxsudIKDIleiaLsUp+9oh

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks