General

  • Target

    !@-FulL_SoftWare_2024_PassW0rd$_.zip

  • Size

    18.1MB

  • Sample

    240506-j6y3yshc46

  • MD5

    5b9d86501de0fc2b4dba6d3b1e1c9ac4

  • SHA1

    8ec839cafe4d144d3166c1f1b9da854fa85c0846

  • SHA256

    8c585bfa11483a908ab04c4492a44d701353ed2ceaa6ea82eb4d71f4e9da0123

  • SHA512

    09312b1c3002bcad6e80de20889c54ba54a38c702a0c0f7fb6655d08865e400c1097298ff8bd5c354ec55a77a2a2a29fe4df27cb42b9e60a841e581696cfdffd

  • SSDEEP

    393216:flD7PpwPSxfeIKkxonRgcsLu8zoJO/jrFzfifS/Jb8W:9DGPQGIKkxonR/sLQObrFW6/RX

Malware Config

Targets

    • Target

      !@-FulL_SoftWare_2024_PassW0rd$.rar

    • Size

      18.1MB

    • MD5

      2c531ab5de72b3dea51ee62cef214e59

    • SHA1

      20676bb9065b828050b98dce1e983ddc8415bd52

    • SHA256

      9c3a371d452d44422fad9c4628758187f686527d36ad9a6f3e17766cd7c690f2

    • SHA512

      f9c52edcd1087400be4b86b32b50f6f56c583a8352c5ecff9bd48233f056c406480288840f7708e888eb1c6f2378d7f7887ce9428b3c77c0ad4beb98f87725d9

    • SSDEEP

      393216:ylD7PpwPSxfeIKkxonRgcsLu8zoJO/jrFzfifS/Jb8H:SDGPQGIKkxonR/sLQObrFW6/R4

    • Banload

      Banload variants download malicious files, then install and execute the files.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks