24fe65718394b79c9d647247a56788d65b3027391ab9f09484705b1d57635818

Sharing

Copy URL

Twitter E-mail

General

Target

LUXONIX Purity VSTi.v1.2.4.exe
Size

51.8MB
Sample

240424-zwevbshf55
MD5

00fc9eb69c94289d9d6ca90db5eb5e3f
SHA1

41299831b2aeb1feb460b2bfc7b40e5c42a0fafa
SHA256

24fe65718394b79c9d647247a56788d65b3027391ab9f09484705b1d57635818
SHA512

428cdb4174592fe813861010e3846d29729053490cff0f16bb90e99bac6572a71aff69471cc9c77c77956b30155152d735c774130dcbd056276b0d5dfcb09777
SSDEEP

786432:+I/s4XCJrQXhuHnYvw6rbMtmHcZ3oiqB6hyGBC3Ig4UTKVgEWkoG6ef3+z:+ID2EXIHhCQo8FoiAZ4UuVgEW/GI

Score

7^/10

Malware Config

Targets

- Target
  
  LUXONIX Purity VSTi.v1.2.4.exe
- Size
  
  51.8MB
- MD5
  
  00fc9eb69c94289d9d6ca90db5eb5e3f
- SHA1
  
  41299831b2aeb1feb460b2bfc7b40e5c42a0fafa
- SHA256
  
  24fe65718394b79c9d647247a56788d65b3027391ab9f09484705b1d57635818
- SHA512
  
  428cdb4174592fe813861010e3846d29729053490cff0f16bb90e99bac6572a71aff69471cc9c77c77956b30155152d735c774130dcbd056276b0d5dfcb09777
- SSDEEP
  
  786432:+I/s4XCJrQXhuHnYvw6rbMtmHcZ3oiqB6hyGBC3Ig4UTKVgEWkoG6ef3+z:+ID2EXIHhCQo8FoiAZ4UuVgEW/GI
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/ioSpecial.ini
- Size
  
  211B
- MD5
  
  e2d5070bc28db1ac745613689ff86067
- SHA1
  
  282e080b4cf847174c5c11e4f9157b8c338ecb19
- SHA256
  
  d95aed234f932a1c48a2b1b0d98c60ca31f962310c03158e2884ab4ddd3ea1e0
- SHA512
  
  a50ca2014869629135b54e848f03cb4983ad8029cd811300d02b0fc54de0436185f418fea4d3db888eb0f3170e33a59d486aa885f024ab29e630e9bc0ae1a2de
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/modern-header.bmp
- Size
  
  25KB
- MD5
  
  a9fab50dc9481b8816c4ca5bfef3bc5e
- SHA1
  
  8f5c50a80d1f8047392550da13c06b7880c737eb
- SHA256
  
  9be91a9c0aac1f429bca0500af3d656e9a3b8eeb1c953af799c2c3160d290d0a
- SHA512
  
  176b37fac1b45d0fe6ecdd246360d6b4f614a313d730931ea2a57a342b0c23bdc66f005a27ea154deeabd1716ca0c76136d5b97b2b555f2723e1dc80ff219164
- SSDEEP
  
  768:OB5VCb+02JyZ2ybrDGf7Vf0WG20q0ib5CEp:OBDCb+0/2kDGJ89w0y
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/modern-wizard.bmp
- Size
  
  150KB
- MD5
  
  990c32c42e6a316738ea1d7f380d8440
- SHA1
  
  c42978831035f45b9f575725ed26aac452aa3f3f
- SHA256
  
  b327ff3e5c3a88b785f2084cc6bcf6b49fa8f2a3f87e7f0fa7b359e2e71cbb1b
- SHA512
  
  8ecff4892906686136aaa36452150f174318990cd20bed1bc3387ce78aa45088ef8148f990b6cb7d4ddee865dd0102a1fb021b4e491f1598fbb133bcb3a5eff1
- SSDEEP
  
  3072:ucBrAfhHIUx8OI5lyd3V5/B1KFko4YL5fFG:HBrAfho6I5lOHB1Sb4eU
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7 behavioral8
- Target
  
  000 GM Normal.pth
- Size
  
  376KB
- MD5
  
  b786f758eae203bd531920c58c46d15c
- SHA1
  
  ba220a563da9a0d07398c19664f6347c5869549c
- SHA256
  
  18c2e3c0ed69e3b2bf19cdff71d6a404606c4ceb9185ad6ab647014d77362f85
- SHA512
  
  707b9deb57c516dd209322012f731d1aab40e2f8c9794e81cc929a24f0dba2f5aa26043f6130abbf201b5fbde392db834f7babab098f88ab55064f6e3a60f995
- SSDEEP
  
  192:GbBBBBvBBBBABBBBzBBBBhBBBBZBBBBEBBBBGBBBBLBBBBpBBBBMBBBBVqBBBBS4:PN1Oeb/VAC0ZfPy
Score

3^/10
behavioral10 behavioral9
- Target
  
  000 GM Normal.smp
- Size
  
  25.1MB
- MD5
  
  43450d39b0ba3c48e8b3e1126c762126
- SHA1
  
  890710386c64e9362b225ec4619e6236da9dfcba
- SHA256
  
  b0b3955abf25fbd9fd3fdd9a945f87c5fe13e970658fb98f7a16c8ddfb06d99c
- SHA512
  
  3354b16307ef8377c75e9c7df19c3cc1a7b17de68d39c17065b0804f9f7fe63e0cf9ae3bf0f06165282a986ebe48720e99993deb05c1ac6ecbced5a5bdff0a6d
- SSDEEP
  
  786432:AzbGa9F1J3Hm5xAVatU7jtSrzZcUesrZnaiBKCF:A2q3GIVaAsr1hrlZk
Score

3^/10
behavioral11 behavioral12
- Target
  
  000 GM Normal.wvt
- Size
  
  7KB
- MD5
  
  7d232f4b50acc62c9eaab34a61ed4be0
- SHA1
  
  b6be51f62bf9011d2c2938c0583953ea8243bac8
- SHA256
  
  41d3f1a5fa4861bcdb0fec0c6c6c6ad8145d064a093b8174d36d0da9687f1556
- SHA512
  
  ea1fbe2efee9d18783e381bafd368e4415a02db1ef21a61276eab98214293e5ac65bd2c63fffd3fe21fa0b434d10d6fc57859f33615719dd1ce5cf0814bb54e5
- SSDEEP
  
  96:sn+JH49D80nR5He+x2j4N/IFvAmwlXVyHgdFSr+D05WKsVfGU/:sn+CDxXHe+x2jI/CIXVyHAw+D0jsF
Score

3^/10
behavioral13 behavioral14
- Target
  
  001 GM Rhythm.pth
- Size
  
  63KB
- MD5
  
  822bd645d56d3bc352e4573c0b0c6ccd
- SHA1
  
  bf520c87f13db48d1ca638960da10f6554bb4f23
- SHA256
  
  dcc789142b45f2ce2c2c789d8150319942d3dee0148a0a08aea6b47bdd4d070d
- SHA512
  
  ab1349449dafb1d8753d8d0efda484e9a406905d288772047d32f318b1bddf324ba018a5101f9437fb925204c45d6ff6568c9c3f69af53625a67e11837849468
- SSDEEP
  
  192:GpBBBBpsvJBBBBHDsvzBBBBTsvVBBBBisvhBBBBafFnBBBBlsvlBBBBD5v4+XBBB:L
Score

3^/10
behavioral15 behavioral16
- Target
  
  001 GM Rhythm.smp
- Size
  
  4.1MB
- MD5
  
  1d434d82660df481c21c50093d665caf
- SHA1
  
  3b90f64aa2125a11459244dfef1f544300c60bdc
- SHA256
  
  2e885b96c731751f13cfce91937b299111b0a589a797741023b80eba50791156
- SHA512
  
  26625d429390ba946fe1ae70296c601e0dd7e41b2333efce12541f54ed33813dfffe45df7ad62a7d4b36063a0fd18cf63a66dae2c67c37ca58263e5dfb614ea9
- SSDEEP
  
  98304:MNfY4cHWZNQxNhOVTNIFKt1eV2QvZ2HhV0FfrKCzshIycwmAEbfH+zH2:MN/c2PQMV+DQQhS70pKThIycwpEbP+72
Score

3^/10
behavioral17 behavioral18
- Target
  
  001 GM Rhythm.wvt
- Size
  
  4KB
- MD5
  
  8d8b675bb8ef49d8846c7e7140dfd015
- SHA1
  
  d7b8d3177f112c16daa0e9d2872228f0b42d4985
- SHA256
  
  2bd7490dcd842aa7a4a52664dfb4c2f296b7fb792d82d0e926665661181eb829
- SHA512
  
  1debbc588fecfe640b37675fafa9bcee79959cf7c19484e95ce36b1a09f97f68a2457a522a9d9c3c3601a54deb1726371368370505590cf07fa7f87a428695ab
- SSDEEP
  
  48:z48yLJaRejo45u717NolX1Tex0msfjjBjzBeWZ3y9laWtqkQ4ITAfy0sY:sfto917elX1Tex0Nfjlj9lZiU44Af4Y
Score

3^/10
behavioral19 behavioral20
- Target
  
  010 Factory Melody.smp
- Size
  
  24.6MB
- MD5
  
  12055682a696529cdcb726c067be7224
- SHA1
  
  b5ef5c821fbaf4fe3cd3c1e5d4eedfef165fb2a8
- SHA256
  
  977811e4cf853f2c196cf8f0a024f5b05b75a47a0efc4fc24269e6021aab64a0
- SHA512
  
  00621fd3c37d70a4b93e5f219f13a04f0f032dede44e4e6f88b367d532945ca4ff67866ee04f2f22ba05fce1da3bfb9e46fdf3d72161b7599ee42febb945406c
- SSDEEP
  
  786432:buTuf8R2XJgzHjROJZEDEd3P/hauuumbs9:bXkGIFOJZEDEdB0s9
Score

3^/10
behavioral21 behavioral22
- Target
  
  010 Motive.pth
- Size
  
  566KB
- MD5
  
  c835ea84b5256a41cdf5c363f4068706
- SHA1
  
  88ae3a1c28bf3e1ca74c3965652637fd2abec9bb
- SHA256
  
  42d7394d8fca0f3ff0c1ae36ea2c847552480351f29c951130c4f1747e5e2616
- SHA512
  
  18bf4a6f9fdd03b2330183b6b0956352a674bfb78cd534dfd1dce2e5a93eed7582aa94d7bff3f9383f8100a0685c7f0d208581fdf12cad74b4a7b7e27ad1dfaa
- SSDEEP
  
  1536:CHhWuh7x+UQ/Vu4DE2RzLMeqRvyodqsQHh/:u7x+7/Vu4D/tLMemvyodTy
Score

3^/10
behavioral23 behavioral24
- Target
  
  010 Piano.wvt
- Size
  
  848B
- MD5
  
  e2631326b56f1fa9f578bf8252991bcc
- SHA1
  
  ff56b2dbadd5ff8cee74f0248d0885071c9a4ba6
- SHA256
  
  6ef0f2c819b83d0e2468d1d80148d9c5a8e92cde4068aff679b6295c1b2349c7
- SHA512
  
  640bd9805ffedbeadf78a1de9389d4e4308d2682087af3b6acba26aa67d07b7a3c3064b336e427c81cba505d10ed0a030bb8e1871502a74b6169992e37e8cff0
Score

3^/10
behavioral25 behavioral26
- Target
  
  011 Factory Drum.smp
- Size
  
  5.9MB
- MD5
  
  d9e4ad431608cf98383a6eae4eacccfc
- SHA1
  
  027e810908464624644b8d2cf8aa7e30a310f475
- SHA256
  
  fda31e31be1e999425778157c41f636b48532282b0c0734479aa68a3371e3395
- SHA512
  
  fce5d01d3b50cd88e1b1e566ae5923e51c7bc73196ae85328f49ec632a39cd6640a0481dfee0d84bcb8ce81a828eeb6153b05dd80ee62a0a978b9f6954ba0e23
- SSDEEP
  
  98304:FPNnxvMW6kdOvYWl+Q0A1e7Fph0Km2OXgsVGVLE1d5Zie5rYINwdw19lRutmEBXO:FPNRt6kMvNl30xh9vwRVyEb+eZYINp1l
Score

3^/10
behavioral27 behavioral28
- Target
  
  011 Organ.wvt
- Size
  
  493B
- MD5
  
  307e6edd33179398df8bca17635bf6d4
- SHA1
  
  33ae5937094bbb0d9226c17b589ca28ff6519d38
- SHA256
  
  3938f45badd1d19ff00d8b281eceb0e51bf455c90ca7194326d80d76afaefb75
- SHA512
  
  5b0bfc83282b9706d6cff91e64d012e980c0dee18b2deba3c7d37efb1491597a99a14264ead1b8d539e2275060ecbcb5eac03e7c39e2cd13e75518c304212f4f
Score

3^/10
behavioral29 behavioral30
- Target
  
  012 Percussive.wvt
- Size
  
  1KB
- MD5
  
  d9b1c9f4d3b2c0067aacf6e0478395de
- SHA1
  
  b1cafbc733bb5ddad2874fd181d251a185824b61
- SHA256
  
  37ff381604bec32617369fc6f9c7a590f28c4733bd3d390d3245662d41844973
- SHA512
  
  12f3ced8b8cc4f2177fac378b788117ee69803b21bd9de22f5ca167bf5c204ff9a03ed97867767b5d58c3165b88280a110b47fb1a6491a0754cff4570be48626
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in System32 directory

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32