8728e6a252a6831f67662c898943881e43bf2f7b931cfe9302c3f1886ad98f13

General

Target

Assassin_X_v-9.zip
Size

9.4MB
Sample

240427-lhl5lagd3y
MD5

b09adb7372205f6a80aa0671c9b5d597
SHA1

c72e2de1aca5f4a75f61c5c0cf5b5743c299f4e1
SHA256

8728e6a252a6831f67662c898943881e43bf2f7b931cfe9302c3f1886ad98f13
SHA512

f662de0998562e74b6cb4e2b176a00c0ce0b5b676672da1d90054d127b19358fa16d30d5bce58064ff34db11e9595c1f1d76f7fcf4b3aca425e7ac1b7ccca8c3
SSDEEP

196608:K0yuheYEfsVLQBfnxylR8lrLwGQhYPT/5JsoZcBeYy82Df1c/4qlGRnR/Eubc:TeYEyLixyMrLTrcBeE6fe/7GRsu4

Score

9^/10

evasion pyinstaller

Malware Config

Targets

- Target
  
  Assassin X.exe
- Size
  
  3.4MB
- MD5
  
  7faf649716f9b6a6a3089c654701a3dc
- SHA1
  
  c7fb3b7dda5dfd03ac34b44a5d1689db308373a2
- SHA256
  
  5a47425989935d96012305f548d6d1b5583f693dd61ff1a8e1fe28efb6665b2e
- SHA512
  
  f1f05901974cf44374bc273d2b45d82c4ad6ff3f9b2425d03178eb3249eabc7d581764086a9ab8ea2a3bba17453fa2f58bc974123726d6c5f652ede77d0886aa
- SSDEEP
  
  24576:qNgyNilNR2zTJF2ZHuduTJTyCA59q0aSeQyW72/JW363Qf0ukHe7cOF0hF:+gizdwlyCA59qRSnh2/0se7cOe
Score

9^/10

evasion
- Looks for VirtualBox drivers on disk
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1
- Target
  
  Injector.exe
- Size
  
  8.1MB
- MD5
  
  ca1e0eb7edfeaf15cdb5891b54920281
- SHA1
  
  9e640c2e25a0ae32d0605afeb84b5bf2392b7f88
- SHA256
  
  0bf1c919402204686cdcbc447aa112844ca6160718a38204f2e87e92d19ddb74
- SHA512
  
  436f6a01ef6cc17d0f2b72a844b2ede4747c9e6820af00a9391fa131cc6c8fc6606246ba8185a03a7d6e684e8328af9a724e42a6afbdbe959d146ec303a8782c
- SSDEEP
  
  196608:IspaEbGXV1kyICteEroXxcwxV3zlxZV3Gu5D4S26cSEqCS3QCRwHjH5Eu:GEG9InEroX2s14S2IlwCuLeu
Score

9^/10

evasion
- Looks for VirtualBox drivers on disk
  evasion
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral2
- Target
  
  HookerV2.pyc
- Size
  
  42KB
- MD5
  
  5fcfc9b2ff8243289511503c02461da2
- SHA1
  
  b93ea142ed4429fd6c5965d803660bdd8f15cd56
- SHA256
  
  2bf94e6cd95c5dca6a01437f9efce609a1f299b5a7101b804c01f225f664f2bb
- SHA512
  
  4ecf1b1bf9d20d96625fb6dc7546137b674c240e865a20a4817c567f82bda4d361b09624a632bb67b5e164bc1a153cec36dc7a6b63b49ccaa523cee864e38ebd
- SSDEEP
  
  768:Ybn2jsGnIavohhLzQ2LK4QRb8xn4gujfLc8WK8BM+oaSixrx2YpV6o2LHksz:Yb2jsGnbwhA4QRb8x4xHcCAM+PSiH2YU
Score

3^/10
behavioral3
- Target
  
  Microsoft.Toolkit.Uwp.Notifications.dll
- Size
  
  140KB
- MD5
  
  b4ec92287b0d96daad899236192de30e
- SHA1
  
  7e0ae9fd688f4a122acc38de99d166cdddde3f52
- SHA256
  
  8750440e6049ae487c02b41fbe3692790667504d2f31a7247c14179d302f887a
- SHA512
  
  ab547e3dfa75d21820416be1a38e7a7664080312efed13e9b4f14d6f9c6c759f962b6912a18fd4995cac22d9ad11bd857c61f7bbd9d1ed09effef743bdbd922f
- SSDEEP
  
  1536:5RdbKFBNaWYYK8gwb+zPws86WGkGaBb6ktu4YLHwYfJe5K+Q7GeH7I/65tWI6LXh:P9ENDYz2GLm6MBYLHr1+/47O/Ki
Score

1^/10
behavioral4
- Target
  
  System.ValueTuple.dll
- Size
  
  24KB
- MD5
  
  23ee4302e85013a1eb4324c414d561d5
- SHA1
  
  d1664731719e85aad7a2273685d77feb0204ec98
- SHA256
  
  e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4
- SHA512
  
  6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32
- SSDEEP
  
  384:VyPa16oAL4D+wW9IWmDIW4IWYDMFm0GftpBjMIraQHRN7VlmTpF0:VWs6oqDjADKeDYViG+LN
Score

1^/10
behavioral5