Overview

overview

10

Static

static

3

ver4_file_...es.dll

windows10-2004-x64

1

ver4_file_...ls.dll

windows10-2004-x64

1

ver4_file_...le.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ver4_file_x86x64.zip

  • Size

    16.6MB

  • Sample

    240424-txctgadb9z

  • MD5

    0e8591caf04581b4103d207548b65cca

  • SHA1

    e9acceed7ba2dc8efdf1e8a61dcb90ca5f1b7acb

  • SHA256

    365c6f98647915ead6699e2bb6a8d479dafbb2d743a7f48868fd6ecd9d6e6942

  • SHA512

    36a9e3931a4eef76fefce2f6bfa93cbbb66249cde9217d6760927c34a17a1976488d530252c4d3b032201f594ab31a77247b452cb6c223624474d8fd546a7e66

  • SSDEEP

    393216:880c4MUtjw7BOiS9PQQhJ21l8H5qNHjrja+5GKmD6C/xcvEPjIzR:L0cOtc7kiwhJWl8ZYP2ZKg6CJQELIl

Score
10/10
evasiontrojan

Malware Config

Targets

    • Target

      ver4_file_x86x64/LiteRes.dll

    • Size

      735KB

    • MD5

      88962410244bc5c03482b82a7e3cb5e1

    • SHA1

      4622be2d3deda305bf0a16c0e01bc2ecf9d56fad

    • SHA256

      afa884228afc5c05f4b47e90b6de42854d5a8886ec5ed15a253faeccd5309036

    • SHA512

      c6e7667f91c1439e33ad4d9e2052b7c9fcc3ca2c7688d9e2bc0550b71a5762b76aa76427331df0217429d9bd984925997c7a8d009f25e44e2776c5ce7cc9d98c

    • SSDEEP

      6144:x9Ej/jb82/HRoXO1q2pt+Mc1/PDPicsUzM+gYESoE/wOuET8F62bH5vnGfcJvl+b:fqptG/PDPo0no2Iq8F6CHBTWqU

    Score
    1/10
    behavioral1

    • Target

      ver4_file_x86x64/LiteSkinUtils.dll

    • Size

      48KB

    • MD5

      059d94e8944eca4056e92d60f7044f14

    • SHA1

      46a491abbbb434b6a1a2a1b1a793d24acd1d6c4b

    • SHA256

      9fa7cacb5730faacc2b17d735c45ee1370130d863c3366d08ec013afe648bfa6

    • SHA512

      0f45fe8d5e80a8fabf9a1fd2a3f69b2c4ebb19f5ffdcfec6d17670f5577d5855378023a91988e0855c4bd85c9b2cc80375c3a0acb1d7a701aff32e9e78347902

    • SSDEEP

      768:FPGeoWyuTx6vrP/zAdWQS6Z9CSKh64crVKTl9inMUAK:tGeJxIHepSKzjVK9iMUAK

    Score
    1/10
    behavioral2

    • Target

      ver4_file_x86x64/file.exe

    • Size

      757.0MB

    • MD5

      68e8ed3f60a0490efd9a8bdb424ad86f

    • SHA1

      d3031182e96e72c0975188fb2be5e8f03775e62c

    • SHA256

      1e26c09a3c7d6523b4b73c52fe5d7a5fa252fe94b81cf746539560f5027f038c

    • SHA512

      33874f17c49e9bb1992667514e49cf2816ed985a71cc950091ac4af9ab81f450be812e8f081eeceef1605229ead05107de9afea56b67967347230d75f06763e1

    • SSDEEP

      196608:luiK1gpUhZ+uMjAIUDIQJKalBqfgyNiZfJ1jUBeIRX:lSgv1PUEQLHryNAh1jOX

    Score
    10/10
    evasiontrojan

    • Modifies firewall policy service

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3

MITRE ATT&CK Enterprise v15

Tasks