Overview

overview

9

Static

static

7

VastGen.exe

windows7-x64

7

VastGen.exe

windows10-2004-x64

7

crack.dll

windows7-x64

9

crack.dll

windows10-2004-x64

9

data/usernames.vbs

windows7-x64

1

data/usernames.vbs

windows10-2004-x64

1

loader.exe

windows7-x64

9

loader.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vast_cracked.rar

  • Size

    54.7MB

  • Sample

    240525-x2afpafe95

  • MD5

    45b452fc473f80f24b9d8cd49bf443c1

  • SHA1

    4684c7c84da5c28150831538049b2c17dc93b8ba

  • SHA256

    94a5ce690a94c018e35d0562541520f43535cc393d5e0da746e524e04d086a8d

  • SHA512

    31a3412a62d22bfd0da7681d2377a4e7365037c05ed5f092683fbb06e45aef1e9baf5cf58caef38b80b118266b668410bb810df0e900006b8ef3f7687f420e1b

  • SSDEEP

    1572864:qa2VMvs1aK4oQ2Vs4f+UwjmLw5vKvCW9YV+Qk:qVVGskK4oQ2S8EqLriV+Qk

Score
9/10
evasionpyinstallerthemidatrojan

Malware Config

Targets

    • Target

      VastGen.exe

    • Size

      39.3MB

    • MD5

      9c5ff43c0f29ccd9e0a5682565e6e45d

    • SHA1

      800574f0a4dfadcba94340c3d64a3e00fdd3ddce

    • SHA256

      edb0f506950965f4af08ce445f137360129f061624a96424ecc19e70c20c3fb8

    • SHA512

      f05a09e26dbe21a16cd33fde937b24dfccc820273886bfee5dcdec033588d6d576fa1eedceb673aa2aad0177281bff737a90ede22d814cd8132835b964ba3b55

    • SSDEEP

      786432:DQtsgYVHiRyc0KaU2j6+s7LWB75zuk2F5F0nC9/JqrYEap9WMNmBHqeU:DQtCVHLc0KaU2qHWB75ikKzZ9p3p9WMV

    Score
    7/10

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      crack.dll

    • Size

      4.9MB

    • MD5

      69723359992ce5115d9b42638cc002e2

    • SHA1

      72a48b2a1499a1588c9b9f3802cac8b2c672203f

    • SHA256

      60c9cf09e8a9c2b2226b7088caea9ec876bfc9cdf890391bd05232114073dc9b

    • SHA512

      598ca6dedf80c30eaea5a74b309f739b16a833bcaac00489b9d7bc97d4dc858023f2bcca60b3dc6374292c0bff1a082540bb9a3217da90381834cc8dfa664b91

    • SSDEEP

      98304:+SyfeXYCYOJ0fn/XqE/1Y7UN3HGuHWGUKxEbem/4MBNDfdmjLdGGf:+SyKkx/e7D8WtbeY/LC

    Score
    9/10
    evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral3behavioral4

    • Target

      data/usernames.txt

    • Size

      8.2MB

    • MD5

      080e4f2554e1f7eb9f7fa4f4fbf59a3a

    • SHA1

      7e46fb6d5cb053e4808a285c056d2246c076a1e6

    • SHA256

      7d54721afa018d835ae7ec2ce96cb2f1240d14325683d14d2f3b31dd88ee17db

    • SHA512

      e5d8c43a7df8e25890050e894a69a953cb7ea6ec56e817967679738eff3f7da99a10fa3730653a434c828164ed5b0cb2c0b5cd42fd9656eeb4c3aaf23e354294

    • SSDEEP

      49152:a/GZ2z3hup05wWj1FtRUIH3/6tlESTbyA2T4Lj3LnPbEMWvu/l8k/YB0fw+oME0y:wdK1SZWKs1Q

    Score
    1/10
    behavioral5behavioral6

    • Target

      loader.exe

    • Size

      8.5MB

    • MD5

      851dc1231b62cca3b63f7f2287dff84f

    • SHA1

      16915a97ff71586cb033319a3f81c18d8792e1b7

    • SHA256

      2019edf4b004995ed0cc16da5a8746a6154b16df7663cbe6d3fc7782ba5dbc17

    • SHA512

      507c6038f9b65ccb74fe6947ac9caeeef35dcc1b0d01fd68e10a7d2cc5cf6997bdd04cb10b1cc25fd2966b266c7ff471f91618da6021ef4cd0ba24803c7482f9

    • SSDEEP

      196608:lWU/XIK3djYTPtJyCAaws5WJqHqJLkSXNzeHrldm:lWU/4kU7tJy7DhJQyNSLl4

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks