Overview

overview

9

Static

static

7

sapphire_cracked.rar

windows7-x64

3

sapphire_cracked.rar

windows10-2004-x64

config.toml

windows7-x64

3

config.toml

windows10-2004-x64

3

crack.dll

windows7-x64

9

crack.dll

windows10-2004-x64

9

data/asset...g.json

windows7-x64

3

data/asset...g.json

windows10-2004-x64

3

data/asset...d.json

windows7-x64

3

data/asset...d.json

windows10-2004-x64

3

loader.exe

windows7-x64

9

loader.exe

windows10-2004-x64

9

main.exe

windows7-x64

7

main.exe

windows10-2004-x64

7

output/fil...ha.txt

windows7-x64

1

output/fil...ha.txt

windows10-2004-x64

1

output/fil...id.txt

windows7-x64

1

output/fil...id.txt

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sapphire_cracked.rar

  • Size

    29.5MB

  • Sample

    240522-jgtf6sge34

  • MD5

    dc71e40b02fb2a0652dbabe211ffe66c

  • SHA1

    0a36bf46ec65e45bfe765798a12abb08472331b5

  • SHA256

    1b475e95186ce2a8843516be389b66a6c53c6b77bdac33ffcf5d00af133e7570

  • SHA512

    426a48995be934ce183169319a0b86bef8e0017e102e9f15004f456ba3fe892dc997c70c40c71354710ddc521d79322864cd3b0e9170c330309222c363fd9ba1

  • SSDEEP

    786432:wXc4PlLQExdSwksSqylouXwS9VQJ9RJRrhAgC7oV76:wXPxQqM7yr8kHJJ1C7oVm

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      sapphire_cracked.rar

    • Size

      29.5MB

    • MD5

      dc71e40b02fb2a0652dbabe211ffe66c

    • SHA1

      0a36bf46ec65e45bfe765798a12abb08472331b5

    • SHA256

      1b475e95186ce2a8843516be389b66a6c53c6b77bdac33ffcf5d00af133e7570

    • SHA512

      426a48995be934ce183169319a0b86bef8e0017e102e9f15004f456ba3fe892dc997c70c40c71354710ddc521d79322864cd3b0e9170c330309222c363fd9ba1

    • SSDEEP

      786432:wXc4PlLQExdSwksSqylouXwS9VQJ9RJRrhAgC7oV76:wXPxQqM7yr8kHJJ1C7oVm

    Score
    3/10
    behavioral1behavioral2

    • Target

      config.toml

    • Size

      780B

    • MD5

      f5ec88df425e13717288aefb6f6bdbf1

    • SHA1

      1ede83c1df8a9f54d2f66dabd1ccca0b34b484bf

    • SHA256

      b5c1ff30db8d16ab078be8417b129656f85b1752abdd5f8a10ee3cda40ea68ef

    • SHA512

      900842b340d46e2294157ad893473d9ac40b63599a550086c1040d6574f43c89188db97d188ce0c16eaa93bae6e132d1ad3b50e9ebf07e4f06d0c0f009ff1ee0

    Score
    3/10
    behavioral3behavioral4

    • Target

      crack.dll

    • Size

      5.0MB

    • MD5

      7ae4309d363db9abfe45f8469f5338a9

    • SHA1

      05318a3103fbd1515719394d9cbb32c55e015dfc

    • SHA256

      8fae0e62e9a8989a74e631d754dd71acf6b93142abfa7281d2fcd1b26eabcd54

    • SHA512

      830dbe93d878d51c13a4d0fec31062813b64d92be05bbea54a33e71deafa3f55238fdd97ae5198ff387480f0a88482cdff2c33e238a033c7def1087134aae795

    • SSDEEP

      98304:+oSYCYbuF/KS6d3+3tv3qTfffzXS0j6fdmjLdGGf:7MBdf+ff7TjZ

    Score
    9/10
    evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral5behavioral6

    • Target

      data/assets/config.json

    • Size

      47B

    • MD5

      664dc416138afccfd6f76633d07ac157

    • SHA1

      91b13dbca6ce1357c6a3c34934b2bb816f754680

    • SHA256

      fa010bcb6fbae39487af17656600f18566d3462432aa4980ddbe5bdf0ad55413

    • SHA512

      5d20388c9f4a698e72ad4f3b887cbebf9db98d1aee9658016b78f48afb245313f4ea8cb490d8301ae9cb0352b38dae45f3abc1a6e487be37d672e43b04d60eab

    Score
    3/10
    behavioral7behavioral8

    • Target

      data/assets/soundboard.json

    • Size

      1KB

    • MD5

      c30ed256257c213dd6253373f9943625

    • SHA1

      710608a26b279117d5e22cefb0f028d18afdd19a

    • SHA256

      76beda061dcdeeff9531a258800e681dd4688e0a99421a3ff8f0a448a6bee54b

    • SHA512

      d3eedd39fc3d164eca55f4ef166594eff26fd6e87eadc39032cacb59a227ff455375bfe90f960ed6c006da5b68a9cba74a2fbbaf6fac9540916adc7a924b3ae9

    Score
    3/10
    behavioral10behavioral9

    • Target

      loader.exe

    • Size

      8.4MB

    • MD5

      d1833b094db1e4c4c11123282365a44a

    • SHA1

      44ac20657fdab59a5ca47afbdd08443adc59b973

    • SHA256

      341c5c573350df8f79d7f2152bb239305b3df4f87fe18f8eb2cf9dbbb7aea375

    • SHA512

      da1d8d0fc174a53c38b21b000846a1b250df05759436769f4453f03313028d92204660e45c172770a7ca1d6755b0833c92b766114993b65bd6d95ae20f626cbf

    • SSDEEP

      196608:8QCjP+Q3V+80miPUHtXmDO/Jxwxvrqz7xdLqIjS:SP+2VDKUNV/3MYxdLq/

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral11behavioral12

    • Target

      main.exe

    • Size

      17.5MB

    • MD5

      92f642212cdbe6ac3a8e6f48243a2489

    • SHA1

      6c5b3c6fa506dc92cd0bb4aa36dc4ccdac77a727

    • SHA256

      ef24286fb0f5c05f739109f955521ae44bc74b52414c05722a06daccc07ca4e6

    • SHA512

      0af07851e1d2f014efe2ca6a943999cb746fa595dca564b18d3226bbb4866f4c4c642d6eaa2126297cbcb11fdcaa6c721a24c44d678aa643e1e2a32029480e95

    • SSDEEP

      393216:oJT9O22UETklFz4Uu1u2u+rJvtNqe6ZNIllZEzhtMkQ:oJhTETklx4Uu1xfd1Km/EzhvQ

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral13behavioral14

    • Target

      output/filter/captcha.txt

    • Size

      12KB

    • MD5

      199f1f87360a90d73ceff39bcc291437

    • SHA1

      64a070a18fe52ff77b34f9ce761106d2792e12b4

    • SHA256

      0228c294e43ff45577961730238a472cce7fcf607deb17c593d426fa3b05d958

    • SHA512

      6588f9770c5e80a1a803b82e389e6ad36d3fac0899b05fe66ef8ecc396d5b805538f00d96872666d1d127bcb41783de0bb626dcc832fd06d5f5bf150ef94a5a9

    • SSDEEP

      192:zPJVFVcjv4OAeiIr1H/h8jvrKSAPJ/8HEcatF:zPJVFVcjQvDm+j2bPjVF

    Score
    1/10
    behavioral15behavioral16

    • Target

      output/filter/invalid.txt

    • Size

      8KB

    • MD5

      f1fa3c2243477fa9aafbe7380847301d

    • SHA1

      960bfc63f7f8af7818c19a15c129b1da52ac1e84

    • SHA256

      ddb2a42f09c14e100abed51492a4b6aa7455ebe58f4097837f95d49a85f3b864

    • SHA512

      258f1a72578ddc8c54f72e8968fe0e900fae7484b1645905834cf53f93f40a64f0f8e81b1c1e909550045bca108930fd53afe20163de607ef2c9ab2210e12be8

    • SSDEEP

      192:rkIFq8HF8/5oaDbtUonYbiPVM9Y+xWxVMYWke+Y82RJ7GcLVYCYoSdF12x+ep1DS:1hl8/53btnnYbiPVM9Y+xWxVMYWke+LZ

    Score
    1/10
    behavioral17behavioral18

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Credential Access

Discovery

System Information Discovery

10
T1082

Query Registry

4
T1012

Virtualization/Sandbox Evasion

2
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks