Overview

overview

9

Static

static

7

release.rar

windows7-x64

3

release.rar

windows10-2004-x64

3

release/ma...at.exe

windows7-x64

9

release/ma...at.exe

windows10-2004-x64

9

release/ma...er.exe

windows7-x64

9

release/ma...er.exe

windows10-2004-x64

9

release/readme.txt

windows7-x64

1

release/readme.txt

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    release.rar

  • Size

    8.1MB

  • Sample

    240523-j72v8saf23

  • MD5

    550f5e261d58b60ad66fe0303e3a1234

  • SHA1

    69bca3605b33b4043e0c730b73ceee2a596db82d

  • SHA256

    d414a91153d3003d9026994389a629203aa3f8fc83017f0e727273560315e181

  • SHA512

    14f157e0d1f44dacd12b5a6f13583d156a8b261956e97d47cc014536709f4402eb303f26b58ea6987323afa88ffa0b2332d5f6efa0eeb620afd35905f1309b40

  • SSDEEP

    196608:E7BFRsgkFbyhlu0X4f0ZvpBxAvGUFi0gpuKLoqizxw1j:EVXsg2byTu0NBA+UA0gxLonzG

Score
9/10
evasionpersistencethemidatrojan

Malware Config

Targets

    • Target

      release.rar

    • Size

      8.1MB

    • MD5

      550f5e261d58b60ad66fe0303e3a1234

    • SHA1

      69bca3605b33b4043e0c730b73ceee2a596db82d

    • SHA256

      d414a91153d3003d9026994389a629203aa3f8fc83017f0e727273560315e181

    • SHA512

      14f157e0d1f44dacd12b5a6f13583d156a8b261956e97d47cc014536709f4402eb303f26b58ea6987323afa88ffa0b2332d5f6efa0eeb620afd35905f1309b40

    • SSDEEP

      196608:E7BFRsgkFbyhlu0X4f0ZvpBxAvGUFi0gpuKLoqizxw1j:EVXsg2byTu0NBA+UA0gxLonzG

    Score
    3/10
    behavioral1behavioral2

    • Target

      release/main/cheat.exe

    • Size

      4.1MB

    • MD5

      d1895f02df8810e698741d4805317916

    • SHA1

      b45eb5ebe4184b6249f514122838b582c8030a0b

    • SHA256

      b2304109f2212ccf8b49c9fe8999b178ce7563c1c7540a05ea3d2836b22d361d

    • SHA512

      bf9449415ee28b84319df57dca23ce43b345e5dfa042e2613fd84f183a02154bca859785a8b51434ed5466ea7def19a2d562822d9d9f1c7a9de72055843d60b1

    • SSDEEP

      98304:bSXAizswlu7vCx/0nrEw1PP3rSDdV+8Tz7kI:bS/Qa50RP3rSP3II

    Score
    9/10
    evasionpersistencethemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Sets service image path in registry

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      release/main/loader.exe

    • Size

      4.1MB

    • MD5

      9ecdc9ed1bea6c226f92d740d43400b9

    • SHA1

      b5b5066cd4284733d8c3f3d7de3ca6653091ae10

    • SHA256

      60c57f14c2e0e0df0bda16646b21dddceaee0159dafbbb8daba310d4e1b5be6c

    • SHA512

      30bc705a2438288e3647d5adfc6119d751823970972b9c6b39a60384a2b7ac261986026b8d1c0b0ca7ee3d7e95363c97b873fdc5fad4096c903cb4e15bf57e43

    • SSDEEP

      98304:vnUGAC+hqc8lqvdzw2nsNKYYURyc9JirsN4JzmUPj:PTn2qcUzp6UYeJRCxPj

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral5behavioral6

    • Target

      release/readme.txt

    • Size

      57B

    • MD5

      83eb57baa8d488be71cf1fd0a3b53031

    • SHA1

      f77b686d14bacd629937f18917eff5efca2e00de

    • SHA256

      855091ca408b3b9a0f27a9fe0f143165c86c056f14f0c56bb239e986aa6b4246

    • SHA512

      3c608249e01f7cc3425fd91e67fe37165f1e21bceb65d785124696ef06ecd9256ddfffd9e34239e84c4f4eaf4f1dda67721f7e49b4c8546b2aba7183ea65606c

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

System Information Discovery

5
T1082

Query Registry

4
T1012

Virtualization/Sandbox Evasion

2
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks