General
-
Target
4423890.RAR
-
Size
11.2MB
-
Sample
240515-m31zxseb7x
-
MD5
ff7553a8d62ba75491119628aa7ede6e
-
SHA1
105b16f65c61570fd9c6ff2077597ba626026cda
-
SHA256
58fb41c622cfccae8febc06e0c04f25bdb613a5b260ae6f404e9d0eda5ea86ab
-
SHA512
ee01b5273fa7fb49eb8f55b995174bb869ebe77854427c4691e8980f5c2b49eef66a9e3fc8ecb6dd2388f390423318653b3573d1002af3124c70a42ed5815c22
-
SSDEEP
196608:f9VizBum/MJuS5PuZBv5z7/AGUnfbhI7epRSv6EjBGu0wcDGIuPJGopuS5R:X4BF/GuS5PuZLQGOfeavSNjgu0tiI1o/
Malware Config
Targets
-
-
Target
Predstavlenie № 6-51-2024 .docx.exe
-
Size
11.3MB
-
MD5
45ae0c08a1fb98fe77e4cd127b79ef7d
-
SHA1
12c7847fc2567ee9e6c0010f5c311753c017fa48
-
SHA256
bb8165b8f60818061d12cac775d8d41436b16c9b40e01071fca7fb96f6ef435e
-
SHA512
21cc13630fc1fe3bea4d45e356e63d4e94db7357040793b4d091ef75b2cf05191037380c493b944d1ecf748b9bd9935f1f91ba0c8654c57dbbe4530ab4fff4cd
-
SSDEEP
196608:fxtCbFLyXyLm+2WzU4qrVTcHHRBTue9iSoCVMbgb/x3/18afx:fWxL4S2kCVsHRsekTCVxhjx
Score10/10-
DarkTrack
DarkTrack is a remote administration tool written in delphi.
-
DarkTrack payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$TEMP/rupedoras.exe
-
Size
11.2MB
-
MD5
d483c1a9718cf5d880b3cce5d6ff7423
-
SHA1
72be5e949dd6923a43e7eaab1811baea4bc4b644
-
SHA256
8df595a1528a09fdcfe237a7dd1009d1380a886875747d1b145925968463f7bd
-
SHA512
370e220b3bdb617a12479db075ee26741075306ce7a72237115b2d79c452baadf931ccf3b422e9d0ef1eb0138316c3233f3ecd27074f3e797dc20ee974eb6fe4
-
SSDEEP
196608:BtCbFLyXyLm+2WzU4qrVTcHHRBTue9iSoCVMbgb/x3/18af:mxL4S2kCVsHRsekTCVxhj
Score10/10-
DarkTrack
DarkTrack is a remote administration tool written in delphi.
-
DarkTrack payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$TEMP/zapros.docx
-
Size
11KB
-
MD5
9871272af8b06b484f0529c10350a910
-
SHA1
707979b027f371989fb71e36795b652a2d466592
-
SHA256
c2a256547433bec8d7afbed923f453eb2df978f18ed498e82bb2b244b126a9f3
-
SHA512
5bd60de706ed3ef717177b08fa69ebc8117fe52bf53e896b91d102430b4b976b136f2df75fe4d1cb9cf16f5e73052e030e364bdf212148b1471e9c2b99f76a4c
-
SSDEEP
192:CtNCOdi9y6MGLnTCXK8b5o5psQrW8t6I6YjyodJYUeUgPm6E9S7P:aN9di9SQCXK3gQa8QI6gldSUezPmzAP
Score4/10 -