7e1c3dcffb185feb832f89d6f55b23a39abb83adcb56728a46f4785aeb9eed71 | Triage

Sharing

General

Target

Basic.rar
Size

12.4MB
Sample

240522-znb4gagc46
MD5

6b3632b98884296d30916ed34497f28c
SHA1

c3271e60c7458c74f0aa337d468ec29a256aa336
SHA256

7e1c3dcffb185feb832f89d6f55b23a39abb83adcb56728a46f4785aeb9eed71
SHA512

b8361c99bdefe6814fba27a2dbd4d33b886e2b00781b861f570aaef411568bc517446a804acdd6a8257bde083e3cea839bfb3a360eccf130f54658f67e9fe202
SSDEEP

393216:cH00/rAA/ElN7oZxAzu+5ppGFF1tzl/2Sh3SvJiC3CU8sC8fmFSQbyEb2QM:cHF/z/Er7o70X4zlDi3CsC8aSOy02QM

Score

9^/10

evasion execution themida trojan

Malware Config

Targets

- Target
  
  Dream Basic/client/Dream.exe
- Size
  
  11.0MB
- MD5
  
  726f20dbd7ad8911d0e4e3641d6169a8
- SHA1
  
  ee692681ba0ffbb2671bba80a9fa4a01ff104889
- SHA256
  
  a5fd61f34eeba9e6a949a11be3b7a736c9c904978261cdd422181b34746d1d8c
- SHA512
  
  a1d37e5f845d93ae064158471244f472a5c1908cd370605aa9422f2ef4bdc908099ee6697cbd87bb78bcb2dd7f2001b5a705b35da7a9788df39af86f30890126
- SSDEEP
  
  196608:0uCcEILkwmDkQ4aDPWMac1CGuEEyG2hnDpdM8Bs1pXjZpo8pHDdCwJ6wuQ:0uCZCyk4fd1luKnDpRMtoUj3JzuQ
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  Dream Basic/client/injector.exe
- Size
  
  38KB
- MD5
  
  791139bb526c7fc6f35f5a35e366460c
- SHA1
  
  230e6531462f131779231b7e876323b0d3f3bd03
- SHA256
  
  c9c174ae7c2ad864c42bdada8543296b6d7d2a828b4986bd6aa477431636a18e
- SHA512
  
  1c664616f4bc2357d6990760c17ee97f2f3406fba78610f52e000e3ff0ee9061481ab6b80ec0cd9b522fcc4bfad0cfa96fe10f43e6e916e0b72b261540e0dcf8
- SSDEEP
  
  384:AmqwTrbZ/CH3l6VdIlrlBM+w+8vmtf9HI2+bGduw1kf+nAyiK9y4WMsgcjZSUSLf:AQTdC1ZwGSde5W/9SeXygWSjt0Gse
Score

1^/10
behavioral3 behavioral4
- Target
  
  Dream Basic/client/msvcp140.dll
- Size
  
  576KB
- MD5
  
  7b92a6cb5d2cad407c457ab12d2b211d
- SHA1
  
  e04020b3448fc6084fa31b7f791f22ff15e31328
- SHA256
  
  3c6a772319fff3ee56d4cedbe332bb5c0c2f394714cf473c6cdf933754114784
- SHA512
  
  b28740c1aca4f0f60a9e4a9ab5a0561af774d977ab6d42a7eea70c9e560c77c50be5d9d869f05d0435e2923f4f600219335d22425807ab23cbbcda75442c4b42
- SSDEEP
  
  12288:RI88L4Wu4+oJ+xc39ax5Ms4ETs3rxSvYcRvbQEKZm+jWodEEVhQ:RD89rxZCQEKZm+jWodEEPQ
Score

1^/10
behavioral5 behavioral6
- Target
  
  Dream Basic/client/vroom.dll
- Size
  
  240KB
- MD5
  
  62e81336c90cfdb251e512b2bab334a6
- SHA1
  
  787723dec21657ac129b1d2405a0de1a5a007096
- SHA256
  
  7e817e11d5c452a56868a78168fce662d07c664ab42c4c2f1de0a7083dc49d2d
- SHA512
  
  785e5c5de823df54320463e326b2b37686554e3d624474039c50afecc23bc41adbf42d5a69b77d084bcc943af5dc98ab5bc9bc71aebd225a39b44a7791cf8ac5
- SSDEEP
  
  3072:23TItZCDfevcCnoOLOT5VogjIsSd7md4tztgIwro4eaOT+mYoY46GX25CfATX5dl:qISfqcAoeOnogjfSIGxWg1alohToX5G
Score

1^/10
behavioral7 behavioral8
- Target
  
  Dream Basic/dashboard/index.html
- Size
  
  65KB
- MD5
  
  e5dcb26037864fc566bbcda10ccb0e1a
- SHA1
  
  46a8cc89002d56e8adc99b2926288e760a3e1cea
- SHA256
  
  93ff430da563603c4456331915b838619f254aa9d0d827d623a5d2ad6aa2deef
- SHA512
  
  99f3ab876b7e0b7e67975cd827a47c4bfcc0182c0b696a2b4cb1a21cc0a98ef2436112b9953a876c12b189085791d1eab3b3db5d303c8efd05e6736ac05b930f
- SSDEEP
  
  768:ZVHDzuDYrUslKetSgSHSzS2EcQehnSNKLA6JTKedP:/WDYrUcKeJEcQesKL3KedP
Score

1^/10
behavioral10 behavioral9
- Target
  
  Dream Basic/dashboard/static/js/app.2b8ee4c6.js
- Size
  
  74KB
- MD5
  
  a9d45b39997b21486abcd72d98bab157
- SHA1
  
  d42778e8104898fcbd09492a51daf1e4642c46fa
- SHA256
  
  059ac8492ad78183dd27847c3641180bd8a8138e324209c67fb48371b191a587
- SHA512
  
  d1927c2a46b691b7904b3aa88df300524f403f26dfb01ecf8a2635823568488ff5ad18ab26372a707b01f5e2142f244aa1533bc963645445f799b86655055872
- SSDEEP
  
  1536:LNh5BwBPWON8Umr0g5r+uyrMGToELA/ST0DBV1w:6NtjMhw
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  Dream Basic/dashboard/static/js/chunk-032c9c15.2ef02ff5.js
- Size
  
  5KB
- MD5
  
  4bd842896eee4907d65be958d0a80dad
- SHA1
  
  120ebdf1d7c64717af5b869d26fc98493d2dc6a7
- SHA256
  
  59fe6961d6a67b157bcdacc5c8718209467af27176dca1b73c7a1c45ddbf55e1
- SHA512
  
  89ad3f57e28f1f66b941f45face6268545ad1086a7c236feed0da5b7c1dd9933307b40cc7c702c7ac3525916ccd028fe57eb8b0f72e4a1c230cac990c4ee9bed
- SSDEEP
  
  96:2TJchP/xsGJVFnlTUBg7MBNtid4n7u0DL+mL0rfYi8uF4t4CMGCxh:2TJAPps6loBoM7tiSr8v8Mzxh
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  Dream Basic/dashboard/static/js/chunk-22405cfc.f311c6c2.js
- Size
  
  15KB
- MD5
  
  b0362e81d2f0a394f7d75d40f1f7c9bd
- SHA1
  
  ca8f19fb2885a3409ef1e24a798c77457ed07729
- SHA256
  
  b9788c070f4f93d1afbfa36df087c692e4d1a409b07e1dce9999bba547d2c9fa
- SHA512
  
  3e5646d712d243dade104cf83b15b04bcbf058030f063294f348db72b8c1d10cee25818f9f475c0a504b8f6c3902afb204f784babbf4a0199dac9a99bc813c70
- SSDEEP
  
  384:VcXQUFYhVFoQ8AGTG/O+hAKUW1AWEjC2h4g7JteRCz7ORo2teXETd+bT3w:VURFYfFHDdAKUW192ag7JteRCzKo2teG
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  Dream Basic/dashboard/static/js/chunk-24a3044e.8621a139.js
- Size
  
  6KB
- MD5
  
  e582ba34825dd20e7e23bc7714742923
- SHA1
  
  b1c53113c85b964aa016888cbac86053d76baada
- SHA256
  
  010cab716ab0b85fcffd9dfc828ab875c8356439521df1b93ab1452330a718d9
- SHA512
  
  6cf0d01fac056974b4f097a0428ad2aeb151601ca4fce19c5e29e78b3e66423d152310371f62dfd4d8782affba86bf4068561e1892831d626a532646dccf8472
- SSDEEP
  
  96:D457L7NDutgfVsGu81SbGT6nqQAs9MdroMybU4cuLlR2t5Uv:DA7L7NDgwBu818G+nQGMdMMy75v2vUv
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  Dream Basic/dashboard/static/js/chunk-3eef3288.862d7f4a.js
- Size
  
  186KB
- MD5
  
  f578602b42de1712895205dbed42a2d6
- SHA1
  
  92508a33867dcacd0013790695c23671e1bbe96c
- SHA256
  
  d8672024beaefc517e09e1b3d0e922351fafa8a068068541471ff8c83b31788d
- SHA512
  
  b2e8f21e6e3d3def824a31fe8bbc132bb5daf733b60f107201112280fc2b12af9fd8dab359135fee80cd629c44117407aeae424dd0f39edee2b8e145394bd509
- SSDEEP
  
  3072:rVC7VXSFgT5ezG+0h/D2a4qT4MjK0FozipdZKSJazqx6Av30qtFbBmPrahrmpkT:rVqVXSFgT5ezG+0h/D2a4qT4chCMdZKY
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  Dream Basic/dashboard/static/js/chunk-4e17a028.12eda3ed.js
- Size
  
  29KB
- MD5
  
  14665642dc00013b41fd22c52753fb1a
- SHA1
  
  3783e9519fd4cf3a992fc3043cf6f9ca16f49917
- SHA256
  
  be2340227e254245d1b81ea5fc20f8944a4f55e577d20def910b736835593071
- SHA512
  
  4b6e08ea59a718de1f9b7d307e19b70f02813c8df1bb324f0c30f99fb2eef597d8acefbe0f537170537a5cca62e76f717aad53f4efc31976aa7842216404469c
- SSDEEP
  
  768:TFVLobSugLs7QNzMo6BckI8k71JOS3uEeB56a8Cli/n9oCCGfHZR4NNS5:Pvwc98UqMwo
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  Dream Basic/dashboard/static/js/chunk-68855d7b.29aac2cd.js
- Size
  
  17KB
- MD5
  
  556a4c92af31cfa139fd500b138b3330
- SHA1
  
  aecb9d5814ba747fb1a7046a8a37add29c259996
- SHA256
  
  9d1e22561a5f3fbfaf406f189c49ee4d8c9255cf27f44a0e3fb1fac330a77049
- SHA512
  
  b34d8966c1199ae0ddf1713e635575c8dcfd182b880d9d18adee55049d8610446b1dba98a79ea46858032daacd24aee481ec056340abfb9994f8ec989edc8481
- SSDEEP
  
  384:MoItYC4zHAQvVPhZ/hIOWR5ZRf0xTwudeE9CNgxWp:MoIi7x/hIOWR5ZRf099CGo
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  Dream Basic/dashboard/static/js/chunk-695025fe.a88436c6.js
- Size
  
  59KB
- MD5
  
  83e2e004882bacd1548a66f096ef782a
- SHA1
  
  1dba9adf5f76c8613c676f584ef26f2af7ea6aea
- SHA256
  
  c5493346e29d9e75dc54e42328459d1e959bbf4e7ee4874054f5a7e0625852db
- SHA512
  
  d1b7e0e0592c7c7075da58bd8beb83d236db656187e0c256672d89e008b7921d746693428aabde34ebed86620ae2063a719c51d11a0407fa380355b4493b1c0c
- SSDEEP
  
  768:mutWW/2I2OOrp6+F17HciKgQOXzwGnLHj2IwOCXNh3ShXMqsFciWsPp:HKI2O9I1wiEOXYqmhCa62p
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  Dream Basic/dashboard/static/js/chunk-a69d7bba.1c4f2927.js
- Size
  
  4KB
- MD5
  
  59d4f592bdd83775bc3785ba59e6e5c8
- SHA1
  
  36943877f564795439fce7bc3d641e8bfa059796
- SHA256
  
  0fb28ca19ffd63a949872695aba0d1959f4522463eaf20ecd61c4ce871e31147
- SHA512
  
  bec0ae29d08fea292fe28e77f2063150371d9c2fc21dadc9dc38f843ca01358eec3696ac8644695ccc78ed239f190b50402baf246f28da005ab2d5c9ccebdf91
- SSDEEP
  
  96:vcNx6rWms56EUBgNedt+ykI1TRIo4TarDAjBCi:vcXGWms5UKuNMUkCi
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  Dream Basic/dashboard/static/js/chunk-c7105d2e.9ab0a563.js
- Size
  
  13KB
- MD5
  
  7e71ba39e66524e0c0ad6eb07bc88096
- SHA1
  
  f0cf238245212e77c27650f63320ea56a78fc283
- SHA256
  
  02ca00eec337f9345981c6682526dc5c7e4d9af5043793ecf37a0701e74b4ccb
- SHA512
  
  24bfcc4347ff39e8ef58a4f06f2c19732b7f7599aab6de65e16069a4cd5efa06e2c4192eecc4fcaf6770c208f412ac80e34a4119ca0c192d81c0eef6d8fca8bf
- SSDEEP
  
  384:m26PYecx+XuVdqc0006j0pN0Hi04a0yW0k0V0D0ZZp3GrjXC:m26PYecx+XuVdqc0006j0pN0Hi04a0yt
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  Dream Basic/dashboard/static/js/chunk-caec2872.8d3ccd05.js
- Size
  
  5KB
- MD5
  
  2a864e847a1d1e808fbbabcd0d0bf97e
- SHA1
  
  75c3687c872ed0e73aefa0a823592e2548bbf402
- SHA256
  
  05c2897af0e6fe5043e85b25e0c39c9475034ca960d51f78dfba9e1216e154bb
- SHA512
  
  838cf56e9f4b641589006d3f93fdb85a029a0918479d712371e7447af337edde5cf38f2ef2fa28c9567d5af9875a327d5697fd2632c91880a209ecb070d89270
- SSDEEP
  
  96:N8KBBydiP4ibDOPyMtlSvFJTgR5feGSWZQigJ:nBBrAibDOP3cgnf1ZmJ
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionthemidatrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32