General
-
Target
!@-FulL_SoftWare_2024_PassW0rd$_.zip
-
Size
18.1MB
-
Sample
240506-j6y3yshc46
-
MD5
5b9d86501de0fc2b4dba6d3b1e1c9ac4
-
SHA1
8ec839cafe4d144d3166c1f1b9da854fa85c0846
-
SHA256
8c585bfa11483a908ab04c4492a44d701353ed2ceaa6ea82eb4d71f4e9da0123
-
SHA512
09312b1c3002bcad6e80de20889c54ba54a38c702a0c0f7fb6655d08865e400c1097298ff8bd5c354ec55a77a2a2a29fe4df27cb42b9e60a841e581696cfdffd
-
SSDEEP
393216:flD7PpwPSxfeIKkxonRgcsLu8zoJO/jrFzfifS/Jb8W:9DGPQGIKkxonR/sLQObrFW6/RX
Static task
static1
Behavioral task
behavioral1
Sample
!@-FulL_SoftWare_2024_PassW0rd$.rar
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
!@-FulL_SoftWare_2024_PassW0rd$.rar
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
!@-FulL_SoftWare_2024_PassW0rd$.rar
-
Size
18.1MB
-
MD5
2c531ab5de72b3dea51ee62cef214e59
-
SHA1
20676bb9065b828050b98dce1e983ddc8415bd52
-
SHA256
9c3a371d452d44422fad9c4628758187f686527d36ad9a6f3e17766cd7c690f2
-
SHA512
f9c52edcd1087400be4b86b32b50f6f56c583a8352c5ecff9bd48233f056c406480288840f7708e888eb1c6f2378d7f7887ce9428b3c77c0ad4beb98f87725d9
-
SSDEEP
393216:ylD7PpwPSxfeIKkxonRgcsLu8zoJO/jrFzfifS/Jb8H:SDGPQGIKkxonR/sLQObrFW6/R4
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1