eda533334f0690bfd96b796212c8331fd1c7fe16e24a42de9a2bdcbe30bad9a6

Sharing

Copy URL

Twitter E-mail

General

Target

vac v415 full.rar
Size

564KB
Sample

240509-w2jhxsgc3w
MD5

fb02f8f49f460ee3fb5b457e4117cb21
SHA1

f3d362e31690b6b7f10d102d32dcb7dace25e242
SHA256

eda533334f0690bfd96b796212c8331fd1c7fe16e24a42de9a2bdcbe30bad9a6
SHA512

82ceca33ebfc927f2c9875b7f088f0c14d69b6e1e7be54b05f2d0db5a422ba0dd10f23396f5aafaa55566b90957a55778745b90f10edf535bd20f8961eaf1e9a
SSDEEP

12288:lHmpzNDx1RTkbGSLIvsHR1Bnlqs5C2dkqd8PJpQJI/cz4ryrOqvX:lGpNvRTszsMR1BnP42uc8PMI/cz4XqP

Score

8^/10

Malware Config

Targets

- Target
  
  Beni Oku - Read Me.vbe
- Size
  
  391B
- MD5
  
  9258ef48f15691fa336d87561f5584d2
- SHA1
  
  213755c8390e0ad1d3cb971a56e733998c6650b7
- SHA256
  
  f0763cbfba80af6f5fb8e7f957a8553c6b86a0c902697a05e9201a8f20ed2190
- SHA512
  
  c7fc4366ab8d480168b46bc230b084a7e4ed0c3e5cb99cda73a4080786653c14857a38b499f5bb4dee6a17702509f23e62ec90a8408b2ce1e5ccd46fd4c7d992
Score

1^/10
behavioral1 behavioral2
- Target
  
  Ne ararsanız mevcut tılayın--indirin.url
- Size
  
  61B
- MD5
  
  2495966adeeb17e839bcf19f75abe345
- SHA1
  
  058e6648aac96c18675fc1a4a2395a5e06fdfde3
- SHA256
  
  3c253bf6bf6546c619e6a337483b2e2c74921d4688f923577c9b4f182d1f360c
- SHA512
  
  c0f0aa2d694a5799344b587467b4f85551d8a0bb34c8f5bc6df2cc25824b02656135b0be8944a789e6f7175664b56540b550c5272d33ad4b1ee0b2516b2941ae
Score

1^/10
behavioral3 behavioral4
- Target
  
  homepage.url
- Size
  
  68B
- MD5
  
  f6683aafffcb30ff1dfdd0888e71c828
- SHA1
  
  08355528191844add18c235956a04f8baa5b1201
- SHA256
  
  8963abe390e47cc5dc4a2d18fed9e8e457323e401cde87856c80d0f47e0ad5ee
- SHA512
  
  682e69a3a91d2a1b6cbb2c82cf8dd79b44da92a967c2adbdfab7ab10c1484a82bd20dc613775bc976e94f0eb72f84e1ecaa0822cce6a995b3f624e4d1a38dd8e
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral5 behavioral6
- Target
  
  setup.exe
- Size
  
  82KB
- MD5
  
  39d9f87b6eac02adac83157f55a65e26
- SHA1
  
  67c7d19666939804e1d08261b915e49c8829be20
- SHA256
  
  19bde26e840546d79ac6930106c0edeae0b61412eeb1634dd7e2379618e9ee27
- SHA512
  
  75c15fcecb1829cf003b2c925337bd264da38307c0123c3ab1e34bf5f8723a9201836498437939a1caa69c8cd74fad70e8416404530895da784c028db1559818
- SSDEEP
  
  1536:9gagi9op3hsjWdC2Re3jeTSWpqyViZXseg:9gK9oZhsjWdCPKTSWpq4iJ5g
Score

8^/10
- Drops file in Drivers directory
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  setup64.exe
- Size
  
  94KB
- MD5
  
  2e20228c3c51a193037b6a26bda04d9c
- SHA1
  
  5e951af9dacaa49a298349552fbd98ff23660af5
- SHA256
  
  8ee7977bebe6286238ebeaee977b87dea0f2bc00f256f5ecae0bef6e6414573f
- SHA512
  
  b73f8cb39a1218b2438d31ed48429e2f67ad3e06133c0c6d79fe162ddaff12ec60f95a13d91a427b09af83f4ff46b21948dade14acd8bbb019d066fa310a8e25
- SSDEEP
  
  1536:d7uAINjpg5osxzMU4uqvC2tmO/tfIw64XyZaVArSGz:d7ENj/azr4uqvC2tmOtIt4X35Gz
Score

8^/10

discovery
- Drops file in Drivers directory
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral10 behavioral9
- Target
  
  vac.chm
- Size
  
  205KB
- MD5
  
  9865dad49ca2a8e25a61b8e588d8e723
- SHA1
  
  abfe336a9104b6f87ca0141cf8703508d89b58ac
- SHA256
  
  9e14aab573e70f330c3ce37a3f5d6727caecdd1c9caa3855fdf7a05b75713ffb
- SHA512
  
  641fc3c69267b4f00f856c06e5f82d68fe4c9ee34b4125edbf268b31f1ff4c4732450a49032ce1b927e8f710ace1fed4961811ba809fc89c638406178ace4a60
- SSDEEP
  
  3072:s/2Ln7UgexP4yPtr4On05CDRwuKQyRL3pGTau3TTx5s1slJyBBrLnkbgYmmS:s/i5e1nFtn0lMU30THx5sQgYbJmf
Score

1^/10
behavioral11 behavioral12
- Target
  
  x64/audiorepeater.exe
- Size
  
  43KB
- MD5
  
  083fe8d8ea14d13bbd7d397880a83f9c
- SHA1
  
  466ec02e7fb587e4e2d54982a6ecbd22aa576db3
- SHA256
  
  3fdab2a445aa7f66e55c623f12b5c00a2f589cf4b6bc6d322f7c9f1b949525d9
- SHA512
  
  2ef7b7f6747aa143f118fa7359d8e6adab7b6056301f0ea8ae568a6c48c106b611c8607ec5ffaf30538f97d2ebdd7cd6a7bf7af6fd9cc1a712784b578039724e
- SSDEEP
  
  384:2W8Sd89FaMnB4j0qBjjErp7O+wX3lGE5L8GvozaPfb4ps5Q0HdH75XJldgb0ibNI:2EwMHxjE91GEGPTyCdtakJ6K2LsC4
Score

1^/10
behavioral13 behavioral14
- Target
  
  x64/audiorepeater_ks.exe
- Size
  
  69KB
- MD5
  
  df85436fb7df1fd4a42e09328a47f9c9
- SHA1
  
  5575195dfb181ec61a95d3b5ce9eb8be89f0e59c
- SHA256
  
  8ea0f046b5d8976371bbdf463a543d97caa1762dcc8b61dfd4ecc902cfe040a2
- SHA512
  
  8268ed58241edda2cc5d6e9020cbc0d9eb31bbb9346c6e920ed74a17c7c124f1db2807c9fb60fd2c94cf19ad7b35c7a988e05eb292633b4a5c56a3435bad5603
- SSDEEP
  
  1536:Tz4Ejc9fbUeIfUpccGcYRvOxD671WjeCNiC4QW2K:jc1xIcpccGHxOx01WNf4UK
Score

1^/10
behavioral15 behavioral16
- Target
  
  x64/vcctlpan.exe
- Size
  
  79KB
- MD5
  
  2be1766707981ffd4113c7f0b55d4335
- SHA1
  
  988a06a7e758c0023e44581fe18cb762cb5b39e2
- SHA256
  
  e346a5b8e3ce5470dc3ebcc42597dcfb5e99df80efd75f7c3b01e899b4e66a24
- SHA512
  
  23c8ad6b212c47ecf623234611d62b8959f2541257758a777acd9aed3cd528479bf186b68c012fef7b28a5935225bed3803d6d207e58bc68e2e6f0420926a1ae
- SSDEEP
  
  768:Z3YoqbRL5qdiO4mkjhxbt1aifNVREiIPHMyZz+yFIKkhWCC5MJ/mBHqWtks4Fqxe:9ny5qCZtzfNVRSPHMS+LKkNHczu+8
Score

1^/10
behavioral17 behavioral18
- Target
  
  x64/vrtaucbl.sys
- Size
  
  111KB
- MD5
  
  fa179e2c627478688aea97755be41e08
- SHA1
  
  7fadc17c026a0c2071d0f83363be1d739ceb4510
- SHA256
  
  93f0e39029a802abb06115a89827a9a1d2a2eb28e0cacef16a59ed06c9d30113
- SHA512
  
  3da57630cecfd6eab011df8820ca35f9a11cce770b8333b3ee9a74a2ee1cb105c5b036553666f77ffa78eee4f1d9605cdd69c2eba8757c13a2746466b683b3a4
- SSDEEP
  
  1536:kNfCFiNj3SoyobONSJhI4uSvmWDYj5CKkcVAU8/ujepfpT/LDL8O46rbDk1y4B7/:kp7XON4Xk9Czay/yYLDLzhrU1y4JNdYM
Score

1^/10
behavioral19 behavioral20
- Target
  
  x86/audiorepeater.exe
- Size
  
  39KB
- MD5
  
  62d85fc3dd8a841bae817f78bb9bba9f
- SHA1
  
  e49ec987bf6fd1ad019ceda018bf377abc63889e
- SHA256
  
  64e4ae0c44f96e80eb208895daab5f9c65418053ce8b9169b20d568123cf3388
- SHA512
  
  c5c561517e6059ad9813c34ec13b4dca23193ab1e49e9fa039c6d05b1dab020d7e8898e2706aa69176ce1b1e14c461d694e919cd000720182497fce4f7fdbbdb
- SSDEEP
  
  384:by6cSNlLK+pYxUle2XK2ecTkYcrcduVSBGo4qV4u/dYrQO9q+jibNkJRm4tOfmnT:WIlG+pJDXK2eXP6Go4qBFs8kJPofm2LQ
Score

1^/10
behavioral21 behavioral22
- Target
  
  x86/audiorepeater_ks.exe
- Size
  
  61KB
- MD5
  
  28d2ba0705c87102b943b3e13d8da7d1
- SHA1
  
  dfa7aa9d2ac587e5581ef9f83d9d78df74d5b6a7
- SHA256
  
  2f99c27bb433168be86ed2e873064891c62a5237d329a266ad543d729ac87d1b
- SHA512
  
  e4480d1ac3275a5584e9eb0806f80574eeeb08101abf5865db8d4f9aac52d84b01281bd6ef129f8b60b097b92253ceb54da8927da4b22dd93b972deab879821f
- SSDEEP
  
  768:9riOQXVzcc/LyHu/U0V6d0NDUQR5MMZMQETi6KHJcUrGo8nw9L/+8vVWJJlyRxr2:sOQFhDA0V6dWrgcZ5Q/nu/bWxi2
Score

1^/10
behavioral23 behavioral24
- Target
  
  x86/vcctlpan.exe
- Size
  
  68KB
- MD5
  
  7664a4e5554b6c6caca22d65b638dede
- SHA1
  
  51083401a0b192235ea7359e4b0990f0eddb4994
- SHA256
  
  b9760088eaffc2b6c6e613757423f7aacf2815fc786d4737a1803e4836a280da
- SHA512
  
  3c6ee110f40035bf47e88bbfd2436413dda03d2a9dce1eba19ff06a01f76cb065f0d3515d9e90300db3522cadaa044f8ee1be03c6a8c57a8319116b9bda35d8f
- SSDEEP
  
  1536:V9tgBDZl/NK5sPq7dc5I7L9fk6pX/b9pL8EQCAm6ZJ0pXCcy:V9mBDL/NK5sPq7dc5I7L9fk6pX/b9pLa
Score

1^/10
behavioral25 behavioral26
- Target
  
  x86/vrtaucbl.sys
- Size
  
  89KB
- MD5
  
  4ba7df6bd567a0e47bfcb30edc30582c
- SHA1
  
  13153294cce9ac3fb9882ac7d7eb33fccd574d82
- SHA256
  
  d11ca9ae755e187015859883d588912db195657a1abc80eb6a0422b8487e5c40
- SHA512
  
  9898edd67c12d68dd2bd46924a626648420a7fe84dee803b56fa12cface3b93a4424b9cbb4508be3db5fedfcdc71e5bb1235eddc606ad89e5edb63578a36b780
- SSDEEP
  
  1536:Bbi57reesz58T0/HkbD3ffIlUVr/PPflETt1t:9i57CeoWAHkHIl0r/PPflot
Score

1^/10
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks whether UAC is enabled

Drops file in Drivers directory

Manipulates Digital Signatures

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Drops file in System32 directory

Drops file in Drivers directory

Manipulates Digital Signatures

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Enumerates connected drives

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28