2c6a1adc320f8512e7163ea1f624a248f323bd5d4c73eb14ba84f463b6b8f3e7 | Triage

Sharing

General

Target

Verse_crack_from_feds_and_nex.rar
Size

44.9MB
Sample

240420-d2fg6aga7y
MD5

ecc7330ca08f495670054173617861d6
SHA1

754203f2f19596ff59437ce0b271674e3efa1475
SHA256

2c6a1adc320f8512e7163ea1f624a248f323bd5d4c73eb14ba84f463b6b8f3e7
SHA512

ec4670b6340e9c5269d15de855efcac12f5e3c4911d0729eafd664bfd4fb2270dd7c4d02829e546d32b38fca58aa759ebb2402dd00d578120a9928e8cc2b3998
SSDEEP

786432:h+Xffdv0lEEnyNXloQk8fLgVXcqzJjnK7O0T378jDkV94zQBAtc0YZMh7CCQqVln:afdva8DfHfLgVMeKLT3OkTYiASlZIBK6

Score

9^/10

evasion pyinstaller themida trojan

Malware Config

Targets

- Target
  
  Verse crack from feds and nex/Injector.exe
- Size
  
  38KB
- MD5
  
  a19948457af73fe0f3c49b49badf6abd
- SHA1
  
  4ea1c82444ba61bcb7dfa189acbfc80847fe42da
- SHA256
  
  3b6136a46763fc80aa5e6bcffd52023ec36678bc9d2dbf87f1f8527861a67a86
- SHA512
  
  d035be1546ae86a33aaf682dfa20aa35d3d5ea350e11ef61849e4ec03d63673e1726b18b3f9abfa8e7b4d4d76cca45411bf106bb6425c2da048601ccaf2848f0
- SSDEEP
  
  768:agK4Vns9VKClWwy0pGtqXnF/PME2+0nhMkTdhKVlD7+ZsRID6+:agWLKCl9yYW5TikTdQVlD7JID
Score

1^/10
behavioral1 behavioral2
- Target
  
  Verse crack from feds and nex/Monitor Spoof/CRU.exe
- Size
  
  1.2MB
- MD5
  
  0f69af48c32613f73c6acb87a7d18661
- SHA1
  
  0756ae84f3b58aec29f4b9a2888624ca879f7856
- SHA256
  
  0351a943ca93558ff36f74c3f0c768dceb724e833e282abcf1be5b2e71d5c67b
- SHA512
  
  2b30c079831a30683aabc0effa6bb60c84a960c2bcda1ce5da204bebc2050a359ec2cf36df426a0d227165afb9c4b9401fd0316b2504394c7876ed177fff2377
- SSDEEP
  
  24576:tLEWuIj9T0gR1U2vfVD8sA15qkJ1K3mbDQca9L32GY:twfIj9T0ujvTO6L3
Score

1^/10
behavioral3 behavioral4
- Target
  
  Verse crack from feds and nex/Monitor Spoof/reset-all.exe
- Size
  
  51KB
- MD5
  
  3d47586c62bf61dac639d8cc1bf43ee7
- SHA1
  
  36f605e1fb7cae972c6723ded6a5f126f36a8d01
- SHA256
  
  70639c195430afb92799d711ed784406bfdfd04c648d5f3e4d9873da0063660b
- SHA512
  
  638a75c0159de8553e8071a68b5a4355bfc002489d9ed62bfbb1019d287073a555133bd4a55abd68c51b3e2a1616f586a26998ce32ade322cd72ffeab5ffe105
- SSDEEP
  
  768:Jd0XBRNU+hV81e14G8xGvMhBmqVHhc6ZrLy01fA5Egt2rHNZAEDFn27DQNE5B:b0XbeQ8xG0Kqjc6lLFfSortZBMDu8
Score

1^/10
behavioral5 behavioral6
- Target
  
  Verse crack from feds and nex/Monitor Spoof/restart.exe
- Size
  
  63KB
- MD5
  
  8242ce426ad462eff02edae1487a6949
- SHA1
  
  9a4f382d427e0de729053535aaa3310cac5f087b
- SHA256
  
  b68ee265308dc9da7dbb521bb71238d27ac50a5ee816f21c13818393be982d7a
- SHA512
  
  aff43a78d29ede49eac386d9b0b44d0f37d5a20bdda8553369d68dec90bbc727c6dd8fe239987a9d2e3affaeff8b72b5023ed973d7aecfbb99de46dca8c99ef1
- SSDEEP
  
  768:xa+/MMnf2XivrjhmxEQSQIjDaGva2XaT+CSxKUAch9Itvo7vq2XFelWn2iED5Vx0:xa0wstmSpDaGS2RCSxK28otXFQwUx
Score

5^/10
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  Verse crack from feds and nex/Monitor Spoof/restart64.exe
- Size
  
  73KB
- MD5
  
  297aa19bade534a791d053ca190b74ad
- SHA1
  
  15cb6a33994f75fe9e30a2afbc8a7e4616b63962
- SHA256
  
  5f779bb822aedaf5bd11693cdf73f6c7c3342f37371a78c07c2aca1e15dbfd00
- SHA512
  
  df883950c598f31b81f22a68b2a9fed7459dcad5084ec6e39399658b0492bcc458d9fc5bb80fda6bc994bed3241f969fc67a0b8e021fb82b040455d64776c625
- SSDEEP
  
  1536:8vXMJl7uRupZzidl/T+Dnx86Rpy4roKsIrryeq3OTM:8vMJl6RAZu/T+7x8qpRM8rNcOTM
Score

5^/10
- Drops file in System32 directory
behavioral10 behavioral9
- Target
  
  Verse crack from feds and nex/Serialcheckers/Backup serialchecker/Serialchecker.bat
- Size
  
  2KB
- MD5
  
  88d4cd0ecd8b80204a867b085cc7af7f
- SHA1
  
  88367c0259581943a45f77683e22a180d3286ca5
- SHA256
  
  40e615e60f1de58259a9d440ebc2e9f757221ad07f35ff3dae2ef57ba8279976
- SHA512
  
  b8949ef027e08c742f7a681991532e0fee97abd96b720b8cdb2bb6a9e1fea4c9c7c693ccc62a220e20c0832e47a47869bc045f3e997b742d9db51a988f832ece
Score

1^/10
behavioral11 behavioral12
- Target
  
  Verse crack from feds and nex/Serialcheckers/Mac-checker.exe
- Size
  
  4.3MB
- MD5
  
  23c1ce038611001835e2192fc31229e8
- SHA1
  
  13c0c1944de37603265115ed5cf2a934de449f36
- SHA256
  
  577c7eda29b869de5793131ced4cd54fd222619e1c00765e0b3f16f1240239a3
- SHA512
  
  b560f1c4b7bb9ccb57d36099320ab70790f2b04954483a4d8ff2bcb67cfcece1234bddbb4f0c8c9685dc209bfac74dae161b38cc83cdc61f504b29c095bbc22f
- SSDEEP
  
  98304:xOFr0xNl6tHTzYcJnoqVgKw0RGVGB5kv3Hav+2+VeE5Hd:US/GTuq9MgxUeE
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
behavioral13 behavioral14
- Target
  
  Verse crack from feds and nex/Serialcheckers/Serialchecker.exe
- Size
  
  10.6MB
- MD5
  
  cf543d52d92d821555096ccefea80b9b
- SHA1
  
  b0c9e85d0738164562d9e5fc0d70a4cb2a971a51
- SHA256
  
  232e2e13b72be736fd0517b01daaa51236a5023d265050bbc2e92651837c96d8
- SHA512
  
  7592a9e1b5f2d56f25a7a131f87b99030b4048fecd0d6eab253c77890755afee112c4002dd5d0519ff61626382526f4d1deba35655f935c4b45cba3563c0dbf5
- SSDEEP
  
  196608:8soA+1W903eV4Q+tpDjIIAcwD/au5p0W8/LQhoANNOSEDRPQv/k9jpIi:wW+eGQ69jo/au5qW80hoA/bg5u
Score

7^/10
- Loads dropped DLL
behavioral15 behavioral16
- Target
  
  Verse crack from feds and nex/Serialcheckers/Wifi & Bluetooth disabler/Disabler [Run Admin].bat
- Size
  
  1001B
- MD5
  
  f231be56f8dd034fd9e62fe67b120dec
- SHA1
  
  c0a4b9d91f5934f00a6cc28cdad56dfee45d3116
- SHA256
  
  ff5735d7157d43beaf0ea13eae9dc29619d9384a79c0009c7b0ada9d722f0a30
- SHA512
  
  0da567136e8e24ed1cdcd27633ba2f68c26c9fcc3038d1d7a041516e187d97c9a1fc22eb57552f4a4378e58daeb297991e95f388530fa38e12c67ddcf50b22dd
Score

1^/10
behavioral17 behavioral18
- Target
  
  Verse crack from feds and nex/Verse V4.15.exe
- Size
  
  30.0MB
- MD5
  
  15ee2efb6fe685d6d5217c58c33d98e2
- SHA1
  
  4a6b8fcb5c21621a81c35cd367e186985044408c
- SHA256
  
  336c6f0d9de3de21f971c92e2239dac504580b4259602f9d602d0c4d7a2dacce
- SHA512
  
  23f0b7cd6b1412bd1a97910efd0462e3078139fafe3cc857d0969fb432448d85b65273822bee6daee8903394230fa15a83fb1a1326580d02490dbf8015f43239
- SSDEEP
  
  786432:3zKrKrbA+pjd0AG04wFoVKjPZCgJVehG4+d:D8K/A+pB0GZomCeVS+d
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral19 behavioral20
- Target
  
  Verse crack from feds and nex/rip.dll
- Size
  
  115KB
- MD5
  
  b865b83b699bad54c7cfdb66154b806b
- SHA1
  
  fe3a90ae3df5dcd25a27435a4137c8a6ecb89585
- SHA256
  
  a9c39d3bf6befec28b85950841353eab96e83812dc6f5e05d91a8bcbe9be6704
- SHA512
  
  272f4101c62e1345edbbb9c217c81930c0be5b1363a14047da7395ef778c6651160ec2f98eac9138ab22e78e9aef4352ffbae4f13baf0f1495b61f3efabc4dcc
- SSDEEP
  
  1536:+9Dtf0cwp0UFw5G//pu3nj7alhA3DADLA/PX1TACXOFe9sTAt8IAm+:+tt8cwp9puXfal2EDuXEssct8IAm
Score

1^/10
behavioral21 behavioral22

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

themidapyinstaller

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

evasionthemidatrojan

behavioral14

evasionthemidatrojan

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22