1b475e95186ce2a8843516be389b66a6c53c6b77bdac33ffcf5d00af133e7570 | Triage

Sharing

General

Target

sapphire_cracked.rar
Size

29.5MB
Sample

240522-jgtf6sge34
MD5

dc71e40b02fb2a0652dbabe211ffe66c
SHA1

0a36bf46ec65e45bfe765798a12abb08472331b5
SHA256

1b475e95186ce2a8843516be389b66a6c53c6b77bdac33ffcf5d00af133e7570
SHA512

426a48995be934ce183169319a0b86bef8e0017e102e9f15004f456ba3fe892dc997c70c40c71354710ddc521d79322864cd3b0e9170c330309222c363fd9ba1
SSDEEP

786432:wXc4PlLQExdSwksSqylouXwS9VQJ9RJRrhAgC7oV76:wXPxQqM7yr8kHJJ1C7oVm

Score

9^/10

evasion themida trojan

Malware Config

Targets

- Target
  
  sapphire_cracked.rar
- Size
  
  29.5MB
- MD5
  
  dc71e40b02fb2a0652dbabe211ffe66c
- SHA1
  
  0a36bf46ec65e45bfe765798a12abb08472331b5
- SHA256
  
  1b475e95186ce2a8843516be389b66a6c53c6b77bdac33ffcf5d00af133e7570
- SHA512
  
  426a48995be934ce183169319a0b86bef8e0017e102e9f15004f456ba3fe892dc997c70c40c71354710ddc521d79322864cd3b0e9170c330309222c363fd9ba1
- SSDEEP
  
  786432:wXc4PlLQExdSwksSqylouXwS9VQJ9RJRrhAgC7oV76:wXPxQqM7yr8kHJJ1C7oVm
Score

3^/10
behavioral1 behavioral2
- Target
  
  config.toml
- Size
  
  780B
- MD5
  
  f5ec88df425e13717288aefb6f6bdbf1
- SHA1
  
  1ede83c1df8a9f54d2f66dabd1ccca0b34b484bf
- SHA256
  
  b5c1ff30db8d16ab078be8417b129656f85b1752abdd5f8a10ee3cda40ea68ef
- SHA512
  
  900842b340d46e2294157ad893473d9ac40b63599a550086c1040d6574f43c89188db97d188ce0c16eaa93bae6e132d1ad3b50e9ebf07e4f06d0c0f009ff1ee0
Score

3^/10
behavioral3 behavioral4
- Target
  
  crack.dll
- Size
  
  5.0MB
- MD5
  
  7ae4309d363db9abfe45f8469f5338a9
- SHA1
  
  05318a3103fbd1515719394d9cbb32c55e015dfc
- SHA256
  
  8fae0e62e9a8989a74e631d754dd71acf6b93142abfa7281d2fcd1b26eabcd54
- SHA512
  
  830dbe93d878d51c13a4d0fec31062813b64d92be05bbea54a33e71deafa3f55238fdd97ae5198ff387480f0a88482cdff2c33e238a033c7def1087134aae795
- SSDEEP
  
  98304:+oSYCYbuF/KS6d3+3tv3qTfffzXS0j6fdmjLdGGf:7MBdf+ff7TjZ
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
behavioral5 behavioral6
- Target
  
  data/assets/config.json
- Size
  
  47B
- MD5
  
  664dc416138afccfd6f76633d07ac157
- SHA1
  
  91b13dbca6ce1357c6a3c34934b2bb816f754680
- SHA256
  
  fa010bcb6fbae39487af17656600f18566d3462432aa4980ddbe5bdf0ad55413
- SHA512
  
  5d20388c9f4a698e72ad4f3b887cbebf9db98d1aee9658016b78f48afb245313f4ea8cb490d8301ae9cb0352b38dae45f3abc1a6e487be37d672e43b04d60eab
Score

3^/10
behavioral7 behavioral8
- Target
  
  data/assets/soundboard.json
- Size
  
  1KB
- MD5
  
  c30ed256257c213dd6253373f9943625
- SHA1
  
  710608a26b279117d5e22cefb0f028d18afdd19a
- SHA256
  
  76beda061dcdeeff9531a258800e681dd4688e0a99421a3ff8f0a448a6bee54b
- SHA512
  
  d3eedd39fc3d164eca55f4ef166594eff26fd6e87eadc39032cacb59a227ff455375bfe90f960ed6c006da5b68a9cba74a2fbbaf6fac9540916adc7a924b3ae9
Score

3^/10
behavioral10 behavioral9
- Target
  
  loader.exe
- Size
  
  8.4MB
- MD5
  
  d1833b094db1e4c4c11123282365a44a
- SHA1
  
  44ac20657fdab59a5ca47afbdd08443adc59b973
- SHA256
  
  341c5c573350df8f79d7f2152bb239305b3df4f87fe18f8eb2cf9dbbb7aea375
- SHA512
  
  da1d8d0fc174a53c38b21b000846a1b250df05759436769f4453f03313028d92204660e45c172770a7ca1d6755b0833c92b766114993b65bd6d95ae20f626cbf
- SSDEEP
  
  196608:8QCjP+Q3V+80miPUHtXmDO/Jxwxvrqz7xdLqIjS:SP+2VDKUNV/3MYxdLq/
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
behavioral11 behavioral12
- Target
  
  main.exe
- Size
  
  17.5MB
- MD5
  
  92f642212cdbe6ac3a8e6f48243a2489
- SHA1
  
  6c5b3c6fa506dc92cd0bb4aa36dc4ccdac77a727
- SHA256
  
  ef24286fb0f5c05f739109f955521ae44bc74b52414c05722a06daccc07ca4e6
- SHA512
  
  0af07851e1d2f014efe2ca6a943999cb746fa595dca564b18d3226bbb4866f4c4c642d6eaa2126297cbcb11fdcaa6c721a24c44d678aa643e1e2a32029480e95
- SSDEEP
  
  393216:oJT9O22UETklFz4Uu1u2u+rJvtNqe6ZNIllZEzhtMkQ:oJhTETklx4Uu1xfd1Km/EzhvQ
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral13 behavioral14
- Target
  
  output/filter/captcha.txt
- Size
  
  12KB
- MD5
  
  199f1f87360a90d73ceff39bcc291437
- SHA1
  
  64a070a18fe52ff77b34f9ce761106d2792e12b4
- SHA256
  
  0228c294e43ff45577961730238a472cce7fcf607deb17c593d426fa3b05d958
- SHA512
  
  6588f9770c5e80a1a803b82e389e6ad36d3fac0899b05fe66ef8ecc396d5b805538f00d96872666d1d127bcb41783de0bb626dcc832fd06d5f5bf150ef94a5a9
- SSDEEP
  
  192:zPJVFVcjv4OAeiIr1H/h8jvrKSAPJ/8HEcatF:zPJVFVcjQvDm+j2bPjVF
Score

1^/10
behavioral15 behavioral16
- Target
  
  output/filter/invalid.txt
- Size
  
  8KB
- MD5
  
  f1fa3c2243477fa9aafbe7380847301d
- SHA1
  
  960bfc63f7f8af7818c19a15c129b1da52ac1e84
- SHA256
  
  ddb2a42f09c14e100abed51492a4b6aa7455ebe58f4097837f95d49a85f3b864
- SHA512
  
  258f1a72578ddc8c54f72e8968fe0e900fae7484b1645905834cf53f93f40a64f0f8e81b1c1e909550045bca108930fd53afe20163de607ef2c9ab2210e12be8
- SSDEEP
  
  192:rkIFq8HF8/5oaDbtUonYbiPVM9Y+xWxVMYWke+Y82RJ7GcLVYCYoSdF12x+ep1DS:1hl8/53btnnYbiPVM9Y+xWxVMYWke+LZ
Score

1^/10
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

evasionthemidatrojan

behavioral12

evasionthemidatrojan

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18