Resubmissions

10-05-2024 05:18

240510-fy9ypsdb6y 7

10-05-2024 04:59

240510-fmrb8acd5z 10

General

  • Target

    FabFilter_Total_Bundle_v2023.02.06.zip

  • Size

    126.5MB

  • Sample

    240510-fy9ypsdb6y

  • MD5

    e35795babb75e5870c4b8da8c402ea49

  • SHA1

    e281dcf13b68134cdf360df7bc242430fb221fc8

  • SHA256

    9b1c965430289c82edff635e1b7650abddf9753e6ebe5e66f13770a766375f2e

  • SHA512

    750321b13aa8c44323ebf590355c24c4a5221c4a5f9d1e2e9758714de39247918ab2b6a71fd6b43844fa7ffe605a3f1b7f4ec65f061ee336b60993bd57c03caf

  • SSDEEP

    3145728:/rGjaL8IENmkccUFjTXYFPv4otXtWhn0owFivgdDZsqKh+ufD/hqFmVc6uAW:ajaNUmkcZjTXwkh4jteJESr0YVcRf

Score
7/10

Malware Config

Targets

    • Target

      FabFilter Total Bundle v2023.02.06/R2R/FabFilter_KeyGen.exe

    • Size

      595KB

    • MD5

      c482cbba8d390a0488f33ef36daf2a9e

    • SHA1

      cefb2cd5a09c7f20bb42187acae38fbd3f2da4da

    • SHA256

      7d35e4d663f952f93ef7b271772fc9ce9bc2ff22cb07d9a99f48e47b21517a28

    • SHA512

      b18575e6537d936cd97a0efbf9805081d3e97c540022b46104905a30eae404c0bfbab33a09cf282bfb5cad834886c27e21fda5198bac8d431d5a75af236cab78

    • SSDEEP

      12288:XYkc9t2Sll/5+Fu/dCzO6bqTYFD3fUtPPR5HnCYLJZKrdezL:XYkcL54S4RbYIz89PR1LGBuL

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $TEMP/BASSMOD.dll

    • Size

      33KB

    • MD5

      e4ec57e8508c5c4040383ebe6d367928

    • SHA1

      b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

    • SHA256

      8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

    • SHA512

      77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

    • SSDEEP

      768:qQmS5iUgi5czW+DlrQOS1DeDdjgNtbX4O6DHix84H0:qQz5Tgof+DdpS1+djctLSHiZ0

    Score
    1/10
    • Target

      $TEMP/R2RFBFKG.dll

    • Size

      91KB

    • MD5

      62695f6fa2a85fc9993f57dfcbdc2749

    • SHA1

      07a9b478df63fba4cf3002974b4cf56b404d0914

    • SHA256

      1ab33027c4965b027298651781a1c780c272818da189e2c3a8101ac578069260

    • SHA512

      69dd0de913629853400106811bffdebd8ec2037c93c9f9820d3f140e84576912de3ab57434086e20cf8698185015c27fa307e06047e2219dcf38a927a36f3c95

    • SSDEEP

      1536:NWTHBAtr5cPLOWpTo5iw4AInivibbb+S4A39:0ThAtr5cPLOiaBRIig3

    Score
    3/10
    • Target

      $TEMP/bgm.it

    • Size

      80KB

    • MD5

      5e3c083251880c635f5ea6a0a6ed8e76

    • SHA1

      e7fb44133e223140057243493159bdce01c5f080

    • SHA256

      9d460a48d7f7f461967c9065182456871606eef1c27f21767335b7d81384e141

    • SHA512

      b4a6a5ad71a13f51989e1fccedb542ab528f6ab9bc3d60a4c93c59e544b8eaa06ca7b9fe79c1d9a5c92b61345c18e38736561cd21426bc9e43ae3a4c59424284

    • SSDEEP

      1536:G7BhXbmwVEwJy9W8Diwi3jlhQn5NcSjtgoVm+qiAg:GFxbmvkbwi3jv6cSjOoVqXg

    Score
    1/10
    • Target

      $TEMP/keygen.exe

    • Size

      1.0MB

    • MD5

      d46b062d7f8ecf948d579ebe809cd597

    • SHA1

      bba400b955bca8729bfdffb343d3b9f54cbb42f3

    • SHA256

      9dca86bab19f5f0cd7c71ac4797921c93c03894f2378b8b3f4e97d742c9c2ea3

    • SHA512

      2c93a1e061a9a77b5c4b5ba8e5f6b4809f225c28b9279cf341c54b8cb586834c7e1ca583df8d8ad4ce8458fcdee306b9f43043b5c2e3f9441f024b4591ce7d49

    • SSDEEP

      6144:bcmzikEPDonRgNgz1+hw6hNgPfHv9PAimIAOhn43xFLNhBa41v2jrPzYjYXlMyhQ:bc/kEPDonR6Y436vRrynhSlMyhq8uH

    Score
    4/10
    • Target

      FabFilter Total Bundle v2023.02.06/Setup FabFilter Total Bundle v2023.02.06.exe

    • Size

      224.7MB

    • MD5

      cf7e7c52026ad39841cb2cd91d2b01c6

    • SHA1

      9269c6fac0bccbcbe8974bec5a451046c0e6157d

    • SHA256

      8d8e1a85176a4b63f06b6b97dffb6f8496f2334e8c057cda57043e65e23188d5

    • SHA512

      b96dec17fc1e6f884272896fa159f09450dcdfdb4f90949b5f1bf7f2ceccc177850a5ee617af74f537e5bb73e3c70f4f979464d49bd45f663251091195dc9b65

    • SSDEEP

      1572864:hD90CHrfyJbgLBL1No+oLLLOL6UF05hje9SL7do+oHwL6FV5hjerDLqyBx9Cs:52gaqNS6K7XMC/3

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      FabFilter Total Bundle v2023.02.06/TEAM R2R FabFilter Signature Checker/FF_SignatureCheck.exe

    • Size

      289KB

    • MD5

      31e412fbfaced130a576e84433f2fc5e

    • SHA1

      8b4ccecdcfdcd6584143e46ac77660e6ab6913ec

    • SHA256

      ab83d7c50c30ba305ab70a61270687a72fb45a325276f5a7cbe4221e78ebe242

    • SHA512

      6b87dbd7648dec3bd00dd8f346c1044a76aac8d9f17cb791476e8a49b40094fc0f6d52bec09ad98629f3b5af757414114f55f08a672e361352e9b3e6fb3bcc82

    • SSDEEP

      3072:zWCtCVkMiRiWsWlYyxWVFy96EAwe2N1b4+cwOGuuB:zW+BB

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks