General
-
Target
sillyboost_cracked_v1.zip
-
Size
40.4MB
-
Sample
240527-p63c9sed57
-
MD5
9999e496ea39c2cd016d4e893811c01d
-
SHA1
f1de7c2e4767d764fe46e118581f2c6908ade992
-
SHA256
5a0461545da96488d576540bc526e5c1a861d09f2c73f528e3191212d2f9f1b1
-
SHA512
a13e5a3ab1dfd2857602fd7fa8ddfa5e404b644ec057bf2bebfd38ad27628ed6080cd39254df6da4af979c800bc46fc7a4f9b8949ec70962172e645d04c43c82
-
SSDEEP
786432:djWwTiwq0JgcbRI3IqVCQVcZQ+iurECpdBekLw8WtYt3LFLI:dzTA0JgcbrqAQVD+NEWP7LLtRLI
Behavioral task
behavioral1
Sample
sillyboost_cracked_v1/crack.dll
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
sillyboost_cracked_v1/crack.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
sillyboost_cracked_v1/loader.exe
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
sillyboost_cracked_v1/loader.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
sillyboost_cracked_v1/silly.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
sillyboost_cracked_v1/silly.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
sillyboost_cracked_v1/crack.dll
-
Size
4.9MB
-
MD5
d8131fd472e3f921dca592b6c0872c26
-
SHA1
3be46fc189d169673e3f8779128b42f17be131d3
-
SHA256
e923fb5d56d8f8f7bb2f0b11be779ca5d87164c536d9f8c0c24a89b52a372c06
-
SHA512
9fa8978e2f6549b56cc077e8d857cbc5e106cb9da0cef976326110ce0f6dee11ca0fe72751e63d862e42cad80508a0747377e08b72cc4faaa9f614381ebdf6a9
-
SSDEEP
98304:bd1z1vEYCYWcv4DoirkjuQM/OMc7/2QIqLAIOiqrr8HfdmjLdGGf:bdx1vMlDEXMc7MqcIOjH8O
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
-
-
Target
sillyboost_cracked_v1/loader.exe
-
Size
5.3MB
-
MD5
ed358d5c060320055e0a1bfce6b1e419
-
SHA1
12853b07f03fa86e2d859475ff16243a8216c1c7
-
SHA256
b7e0248552ac34bd73e2e6ac4f6b5edeb2ad27f094df41addd8e989c7256bc18
-
SHA512
d63c96aa4dba2684e210d7893a9b166490b674a34e4acf95b8f80df4c04284d58c23c0295d27451fa971c1cb9beff1fc499057f5afab0a1d790dab9ac8cba00d
-
SSDEEP
98304:V8ihICaLqaR7bM++vEeIML8+vTV6oQpSJxtN7h0w27jVGDLhM34CLCIqgFF:V5Iaa5bM3IML8+7VZ30dM584CL5nFF
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
sillyboost_cracked_v1/silly.exe
-
Size
31.7MB
-
MD5
edf5231904acc98d0aa6e8dac9e6f57b
-
SHA1
ab01505afc25fd2286fcc52a52a12c510b298fa4
-
SHA256
4400e10819840cbbe5238f4cb4560ec2c5fa6dbfca6124d6065aa8df42506472
-
SHA512
b4e01b5e2756fae3f7872d909bcb1e26618c6713d5428af6c96d08613154f65e749840ee07c3d6ce42af974a2c6c87b2bcd90e494e2e61722a377982b7070291
-
SSDEEP
786432:EYSoQBHU9SuW1HMqG5qkOIRFbRBYvHjwouTtRLzx:EYSoQBD/NMqpk9FdKfjQtNx
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-