Overview
overview
10Static
static
30577b7e8c6...49.exe
windows7-x64
90577b7e8c6...49.exe
windows10-2004-x64
10$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3EpsilonFruit.exe
windows7-x64
10EpsilonFruit.exe
windows10-2004-x64
10LICENSES.c...m.html
windows7-x64
1LICENSES.c...m.html
windows10-2004-x64
1d3dcompiler_47.dll
windows10-2004-x64
1ffmpeg.dll
windows7-x64
1ffmpeg.dll
windows10-2004-x64
1libEGL.dll
windows7-x64
1libEGL.dll
windows10-2004-x64
1libGLESv2.dll
windows7-x64
1libGLESv2.dll
windows10-2004-x64
1resources/...dex.js
windows7-x64
1resources/...dex.js
windows10-2004-x64
1resources/....2.bat
windows7-x64
7resources/....2.bat
windows10-2004-x64
7resources/elevate.exe
windows7-x64
1resources/elevate.exe
windows10-2004-x64
1swiftshade...GL.dll
windows7-x64
1swiftshade...GL.dll
windows10-2004-x64
1swiftshade...v2.dll
windows7-x64
1swiftshade...v2.dll
windows10-2004-x64
1vk_swiftshader.dll
windows7-x64
1vk_swiftshader.dll
windows10-2004-x64
1vulkan-1.dll
windows7-x64
1vulkan-1.dll
windows10-2004-x64
1$PLUGINSDI...7z.dll
windows7-x64
3General
-
Target
0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe
-
Size
69.7MB
-
Sample
240418-bdn4aafg2y
-
MD5
3b75fbd96388d92a64dc14d9aeea8235
-
SHA1
5e8ac216d79c651babaff716638433e0ec1e3b36
-
SHA256
0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149
-
SHA512
9294154deae66eb89c03dc4d5cd018025eaa3b943f4c193edd8216ae13acdf549ea0a5687da1ee39e51c3b8b8dde76f94b37da1186ce05bb5b359f5f2ff6f79e
-
SSDEEP
1572864:U45L3pDgGUo6tl3M4nqp9rLqDND6+wO+OfbQHe2G2hCN/h:7Dgx3Zq/rLfRO+HeXKCNh
Static task
static1
Behavioral task
behavioral1
Sample
0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
EpsilonFruit.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
EpsilonFruit.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral9
Sample
LICENSES.chromium.html
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
LICENSES.chromium.html
Resource
win10v2004-20240412-en
Behavioral task
behavioral11
Sample
d3dcompiler_47.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral12
Sample
ffmpeg.dll
Resource
win7-20231129-en
Behavioral task
behavioral13
Sample
ffmpeg.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral14
Sample
libEGL.dll
Resource
win7-20231129-en
Behavioral task
behavioral15
Sample
libEGL.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral16
Sample
libGLESv2.dll
Resource
win7-20240221-en
Behavioral task
behavioral17
Sample
libGLESv2.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral18
Sample
resources/app.asar.unpacked/node_modules/screenshot-desktop/lib/win32/index.js
Resource
win7-20240221-en
Behavioral task
behavioral19
Sample
resources/app.asar.unpacked/node_modules/screenshot-desktop/lib/win32/index.js
Resource
win10v2004-20240412-en
Behavioral task
behavioral20
Sample
resources/app.asar.unpacked/node_modules/screenshot-desktop/lib/win32/screenCapture_1.3.2.bat
Resource
win7-20240221-en
Behavioral task
behavioral21
Sample
resources/app.asar.unpacked/node_modules/screenshot-desktop/lib/win32/screenCapture_1.3.2.bat
Resource
win10v2004-20240412-en
Behavioral task
behavioral22
Sample
resources/elevate.exe
Resource
win7-20240221-en
Behavioral task
behavioral23
Sample
resources/elevate.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral24
Sample
swiftshader/libEGL.dll
Resource
win7-20240319-en
Behavioral task
behavioral25
Sample
swiftshader/libEGL.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral26
Sample
swiftshader/libGLESv2.dll
Resource
win7-20240221-en
Behavioral task
behavioral27
Sample
swiftshader/libGLESv2.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral28
Sample
vk_swiftshader.dll
Resource
win7-20240221-en
Behavioral task
behavioral29
Sample
vk_swiftshader.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral30
Sample
vulkan-1.dll
Resource
win7-20240221-en
Behavioral task
behavioral31
Sample
vulkan-1.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149.exe
-
Size
69.7MB
-
MD5
3b75fbd96388d92a64dc14d9aeea8235
-
SHA1
5e8ac216d79c651babaff716638433e0ec1e3b36
-
SHA256
0577b7e8c6a4d394e8be1eff342905b2f2c08490835716bd44e8e5158a3d7149
-
SHA512
9294154deae66eb89c03dc4d5cd018025eaa3b943f4c193edd8216ae13acdf549ea0a5687da1ee39e51c3b8b8dde76f94b37da1186ce05bb5b359f5f2ff6f79e
-
SSDEEP
1572864:U45L3pDgGUo6tl3M4nqp9rLqDND6+wO+OfbQHe2G2hCN/h:7Dgx3Zq/rLfRO+HeXKCNh
Score10/10-
Detects executables referencing combination of virtualization drivers
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
$PLUGINSDIR/StdUtils.dll
-
Size
100KB
-
MD5
c6a6e03f77c313b267498515488c5740
-
SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15
-
SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
-
SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
SSDEEP
3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
0d7ad4f45dc6f5aa87f606d0331c6901
-
SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457
-
SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
-
SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
SSDEEP
192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score3/10 -
-
-
Target
EpsilonFruit.exe
-
Size
139.8MB
-
MD5
85f4bf8349f324f0ca541059a8e5a5e0
-
SHA1
685097888c606190c99c1321f970192158cd5121
-
SHA256
46aaa87d0bff37acb4950a172739283666e191e5570189f13a98f89d545c1d2a
-
SHA512
95e7d670b83f5256384f1cc14f1c70250ed1be1fc0eb3bd91386ebdab8177a8c782533f6d60a00fa0cf6eba8995005d9162bfe1395983625d1ec9eafd852be0a
-
SSDEEP
786432:sSfg0tbLs2cRE3FsdxwBFyAaZZiljQWohhjbj6S46P845IPD:sSj5szmFcxwBFyAaZ4jMhhXcyC
Score10/10-
Detects executables referencing combination of virtualization drivers
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
LICENSES.chromium.html
-
Size
5.2MB
-
MD5
df37c89638c65db9a4518b88e79350be
-
SHA1
6b9ba9fba54fb3aa1b938de218f549078924ac50
-
SHA256
dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463
-
SHA512
93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67
-
SSDEEP
12288:/7etnqnVnMnBnunQ9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX0YnpWQZb:sPM95FCWStQj6ERs/mfMl6H0skDpS
Score1/10 -
-
-
Target
d3dcompiler_47.dll
-
Size
4.3MB
-
MD5
7641e39b7da4077084d2afe7c31032e0
-
SHA1
2256644f69435ff2fee76deb04d918083960d1eb
-
SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
-
SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5
-
SSDEEP
49152:aYlc/220PPiMLKam+VMrLi21f4i3jn5ZO3XUDmOZQwVd2uQpN3WsGVUWd55i/jrs:a6KD2Mrdaix4NQnLt
Score1/10 -
-
-
Target
ffmpeg.dll
-
Size
2.6MB
-
MD5
12cb29b61007fd6cd166882635241038
-
SHA1
31bacefd2d7238fb5ac77f728bb39a27b400dbb0
-
SHA256
2e60bc5a05d3e98d12d2bd577d63b6dc77bd1b3734633259fcaf50fa3688ca9c
-
SHA512
cbfab7708a01fe47904facfdf9604025d6f1c680e40ada0b4c1b1ef35a4eab7de5de96c22d0491c6d202175d2c66693216efab6cfab73e316d466811d834b126
-
SSDEEP
49152:uECJ65OaQWBt2agP7TsyRT63/aoFHSgaYrUgZtAc/9Z3xB0a4Tml0m+af:BIbRTeioFNUJc304
Score1/10 -
-
-
Target
libEGL.dll
-
Size
437KB
-
MD5
979b72ca6e98fc7fdcfcc50d77906fb5
-
SHA1
dc4b874f495ed73c90b39feb566a48a081371c4b
-
SHA256
73d1f5880980a2ccb8e5a15e285a4a11fccd80754829e85aa9a3b8ffecf39dd9
-
SHA512
bd4d25a591d1c52d9a4a850a5bccbbf5ec8d174f5f093c0fd611a18af8d337b918464220a4f9591d03582aadf1c9cb392596a5449fb7d0a928889b0f65f8c619
-
SSDEEP
6144:qdpiWYLBViWOSdAr1Knk2mI3LpxE0RYqowpW6VmHrtCf1FI:EpvYLbiWBqrQnPxE0cKmHZiP
Score1/10 -
-
-
Target
libGLESv2.dll
-
Size
6.7MB
-
MD5
5300049a47fd88310ef94f9e37eeb247
-
SHA1
89672d16382a75781eeca002c850c17cfc46e851
-
SHA256
33863ea4047e4eaae8f24bfa3491bb809d4c3d44489ae2bbe5e3af9e5cc1fe50
-
SHA512
b38ef83cb40923654ae1efcdb8af63e1fb47f640a0cbeac350b97f24da1365da23d757cacef1f9e994ace0b076b4bc1408644347aec3c94995bb27d184a93c09
-
SSDEEP
49152:sK2UPH7xqUcXJQ/jprR9tf3NPj3O92E+hvk3aOosZPYkZXup70MUgSgcS87ExQhV:UUcXJ8950X+KS5nUSoPYirbm
Score1/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/screenshot-desktop/lib/win32/index.js
-
Size
3KB
-
MD5
d226502c9bf2ae0a7f029bd7930be88e
-
SHA1
6be773fb30c7693b338f7c911b253e4f430c2f9b
-
SHA256
77a3965315946a325ddcf0709d927ba72aa47f889976cbccf567c76cc545159f
-
SHA512
93f3d885dad1540b1f721894209cb7f164f0f6f92857d713438e0ce685fc5ee1fc94eb27296462cdeede49b30af8bf089a1fc2a34f8577479645d556aaac2f8e
Score1/10 -
-
-
Target
resources/app.asar.unpacked/node_modules/screenshot-desktop/lib/win32/screenCapture_1.3.2.bat
-
Size
13KB
-
MD5
da0f40d84d72ae3e9324ad9a040a2e58
-
SHA1
4ca7f6f90fb67dce8470b67010aa19aa0fd6253f
-
SHA256
818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b
-
SHA512
30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9
-
SSDEEP
384:4cr8sEcBeIXxqXhQsBxf5oBLBfXQM8ybCpGW1KTM+:4KEcRQBTxWlPZxWpG+Qx
Score7/10-
Executes dropped EXE
-
-
-
Target
resources/elevate.exe
-
Size
105KB
-
MD5
792b92c8ad13c46f27c7ced0810694df
-
SHA1
d8d449b92de20a57df722df46435ba4553ecc802
-
SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
-
SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
-
SSDEEP
3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score1/10 -
-
-
Target
swiftshader/libEGL.dll
-
Size
450KB
-
MD5
2ffc36c5555a36a4f26c1aa7a8108b4a
-
SHA1
2ec38b17a0e9d5b0a4c397921aa4430607d32edc
-
SHA256
f8b8b96cc384171268cbd543d9486a97b2f2066d45ac118421ff974baf18d2e5
-
SHA512
0df87d336e223ade77eecaee88d8af2832f1cec3b5681699646e0be933b3f0acdb3765492e9d8fd713453dea2a7fd38d46c201c96313a06a484f23a78a716cfe
-
SSDEEP
6144:GFzcMPKWOp0q29LDwK3p3KHvDstVpphcSGbwSi6wH0hl:i2WOOqiLDrthhcSG0c
Score1/10 -
-
-
Target
swiftshader/libGLESv2.dll
-
Size
3.0MB
-
MD5
41d3387761bbb79d4820e8d242561027
-
SHA1
27dfda8ce933af12578fb64f3171f40f56bace55
-
SHA256
ed005ae1d388e0256e9ae304933980897ec2cfa957ed5babab6ae2a5dcf5c5f5
-
SHA512
cc396d0c2a94c31b8a42697f456f74e8ede1ad1fbc7eb1e4983544166041ff878048f60af9b1525320770ee477c63d6c466746c2c33fd30bc2d7ec903f8af944
-
SSDEEP
49152:N0mOy4fytPTlZQPF/IBCfG/owBx8iqQyehF3Hn0gPD2vzFW/GyCbZpjGKiqZ/nYU:NgfyjyeelZ/YNg/Yr
Score1/10 -
-
-
Target
vk_swiftshader.dll
-
Size
4.4MB
-
MD5
37bba2c66e2364a5b3e6666864f3b604
-
SHA1
f2ecffd48760482ba055aa50cd78c5ac02d09ba2
-
SHA256
23e6927733549be11d506b862cc7148b7b08b50b4387837db522ec9380babc46
-
SHA512
6e7835fce0e988c997049796125b4f2ef83cb9c2e326edeb54d4bad77fa31bf4b4227aeb1db445d3ee21e6cb959d65310a1bbda2d14e567d4123cf6544a947ea
-
SSDEEP
49152:vx2VjoakX4pb7QH1fUlTB7zmNmdpTE5NSomaZXYjLlHks2RPF/lOzl+LZ/n6du7F:A2DtJ+wixdag
Score1/10 -
-
-
Target
vulkan-1.dll
-
Size
819KB
-
MD5
ad4a5dcf631afd553b4fed8a269c7897
-
SHA1
f1bded0b28ee8aed4a52a6d19d871eba4828e0f2
-
SHA256
3141825bfa3a8cecf8b59767e8b6ac41c20685932d6000b9c6cd0e40ddca12db
-
SHA512
8e01379201f2a907cff7f32dfbac6b1eb8ee014312755884b35e4065477d8a8069e3188086d7cced11d437b461211bca6abb6e582e98473883cf35faad41eae2
-
SSDEEP
12288:4kyJJLfcn5To6PuXtLvEdGnZSss43uobpoD:fnhoR5Ed8S2uTD
Score1/10 -
-
-
Target
$PLUGINSDIR/nsis7z.dll
-
Size
424KB
-
MD5
80e44ce4895304c6a3a831310fbf8cd0
-
SHA1
36bd49ae21c460be5753a904b4501f1abca53508
-
SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
-
SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
-
SSDEEP
6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
5