7213f30970c9764e1e0f85f15125f9241cf2619fb4724d322b5fe6f8ee3d9da0

Sharing

Copy URL

Twitter E-mail

General

Target

setup.exe
Size

2.4MB
Sample

240530-sxtljsec23
MD5

d1be561690e1d91e515faf9581cf81a6
SHA1

9fed9a02c3845ca78bd72319bbfcf5140e64a36a
SHA256

7213f30970c9764e1e0f85f15125f9241cf2619fb4724d322b5fe6f8ee3d9da0
SHA512

919e7bd14b65bf4fc778ce3409a92fdb5a59516cdb43d5dd3626ff2d18be9389951a289afe7453aeb6f8b9e314007c007a6f3bb7137f4fd167ce5688cebf28f5
SSDEEP

49152:Ytavs+rX1wXzrf7XC4yY86lG8mFMRkoma4ftd0B8K4QH9SsmHFDTWU:Yn+j1wHzyb38mORkdtdCzdSsmHRTn

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  setup.exe
- Size
  
  2.4MB
- MD5
  
  d1be561690e1d91e515faf9581cf81a6
- SHA1
  
  9fed9a02c3845ca78bd72319bbfcf5140e64a36a
- SHA256
  
  7213f30970c9764e1e0f85f15125f9241cf2619fb4724d322b5fe6f8ee3d9da0
- SHA512
  
  919e7bd14b65bf4fc778ce3409a92fdb5a59516cdb43d5dd3626ff2d18be9389951a289afe7453aeb6f8b9e314007c007a6f3bb7137f4fd167ce5688cebf28f5
- SSDEEP
  
  49152:Ytavs+rX1wXzrf7XC4yY86lG8mFMRkoma4ftd0B8K4QH9SsmHFDTWU:Yn+j1wHzyb38mORkdtdCzdSsmHRTn
Score

4^/10
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/AdvSplash.dll
- Size
  
  6KB
- MD5
  
  13cc92f90a299f5b2b2f795d0d2e47dc
- SHA1
  
  aa69ead8520876d232c6ed96021a4825e79f542f
- SHA256
  
  eb1ca2b3a6e564c32677d0cdc388e26b74ef686e071d7dbca44d0bfa10488feb
- SHA512
  
  ff4e6e6e7104568fc85ef3a3f0494a5c7822a4ceaf65c584ad534f08f9a472a8d86f0a62f1f86343c61e2540b2254714b7ea43e4b312ff13d8271ff069386fa3
- SSDEEP
  
  96:6hNSXIcmYjkvTS6MnBNZ1BMjDfhkkEkkXstWpPwoS:JXIpzTSd1BSk/kJtWpP
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  a4173b381625f9f12aadb4e1cdaefdb8
- SHA1
  
  cf1680c2bc970d5675adbf5e89292a97e6724713
- SHA256
  
  7755ff2707ca19344d489a5acec02d9e310425fa6e100d2f13025761676b875b
- SHA512
  
  fcac79d42862da6bdd3ecad9d887a975cdff2301a8322f321be58f754a26b27077b452faa4751bbd09cd3371b4afce65255fbbb443e2c93dd2cba0ba652f4a82
- SSDEEP
  
  96:2fiqP7bO2qHkAC40KhvSE+6nrxtMn0iGd88qRLqtJ1tbRhElfRx2:siqP7OHX1Q4xtcf8qo/ttgfRx2
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral7 behavioral8
- Target
  
  $SYSDIR/frapsv64.dll
- Size
  
  103KB
- MD5
  
  2e5bfef71637ac61c0b96c4e1b5ef2d8
- SHA1
  
  56af94478781b036161c5c5f7fe27d483c62ea48
- SHA256
  
  bf12399f4e00cadf27c1207d20ff7be2a8895a5f8385caa48a75364ed3b75796
- SHA512
  
  80615b8a4e62c3d9875d79652831abbb3f17df0122b50a5c9857d8f13062475ef3e3e4f5bb19cbfa4cd75b2d19e82b229e0702b12a0876473bb8cd9a7f38c16c
- SSDEEP
  
  3072:qf8rrdZ7TMD0ms8Drf6FGOLWT483lMYbN0h4sf:jTHmrf6FGOSU83B0Cs
Score

1^/10
behavioral10 behavioral9
- Target
  
  $SYSDIR/frapsvid.dll
- Size
  
  92KB
- MD5
  
  88be8fce67c977fa48e0105990779137
- SHA1
  
  f6785cb9d91f125704b69807e3bd17e18d1695c5
- SHA256
  
  9246354e999750b19f8e16314d7e64f072a705adb03dc2aa55742c03454761de
- SHA512
  
  a71dd611f7e13ef56c2f6365a5ad5a632e4351a2ac8efeeb9c6344b9348032a3dc52e2cfe9eec1db10fcb2595ce89cb86be40089eb34f6b3a9a7344cffb58b7e
- SSDEEP
  
  1536:yxOxmRqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq+9H+3mKwvmAiUj9IIyQMjH2LNkdT:yxOxwqqqqqqqqqqqqqqqqqqqqqqqqqqh
Score

1^/10
behavioral11 behavioral12
- Target
  
  $TEMP/beepa.bmp
- Size
  
  386KB
- MD5
  
  1ac1185d0e10ef4d48f5ee334b4c6a6d
- SHA1
  
  611dd2b48b544522c93320ed1dc8f74bdce63b29
- SHA256
  
  0bf79b0b07c1da6b6183da39378b32953d7e5c3ba42449a03ec742b597c5c181
- SHA512
  
  b8d312f5b289e7a28a1d45f6c074b0935e15bbbe7df047b287e46e2395b53a333a86e02ff27aecfd7812cbf9acce0c8616287fca0b5f49832505206790fd200b
- SSDEEP
  
  768:IGGqTq9W1NiUvU/fFuEVBnCstGxxYDLfdWVU+:IGHeWumU3FuEVBnCstGTYnfUVU+
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14
- Target
  
  HELP/help_fps.htm
- Size
  
  546B
- MD5
  
  f335e9e4e8a45c7dcfc30b5b8b61d838
- SHA1
  
  cbaa325097d7c203d7c875325a79de76f60e4d3e
- SHA256
  
  b1419a421ea79de26a910c941c72d8eef7f97f42e55c28e8f7df9d31be3a0889
- SHA512
  
  4f7d27ede6eb61ba7d656d44d1c442e1ac9db016f1278c67afcf6f4674ea3786d1f77f0cef1930f0f07e0db587c11ba79f652916b96b2e1995ed89f27762290b
Score

1^/10
behavioral15 behavioral16
- Target
  
  HELP/help_general.htm
- Size
  
  550B
- MD5
  
  ca2111dcbc54a05e596894f3b0b3e453
- SHA1
  
  4f22bd6da136ed717e06cc7abbb7d4995fbcaa02
- SHA256
  
  731aa299a4024b9574282c12ff9385b6bc972a360d327633259c5bfff7bd8b86
- SHA512
  
  83a76b771711ef883de7808f0f5e9143614554bb6b82f810e3ffe0b936bb51ebcadd14df725869beed3cfe5dda122f57412a10d114eea79821d84c12c9bbb2cf
Score

1^/10
behavioral17 behavioral18
- Target
  
  HELP/help_movies.htm
- Size
  
  549B
- MD5
  
  28ae0688b33354b80e4d29d980d648a3
- SHA1
  
  69fa776c403f75ce5961f04f9ac2b25479d6a17b
- SHA256
  
  241da611a040ed0d1b9e51d92eaa7ef7f9821cd1bcbfcbc6759db2babc4d6881
- SHA512
  
  d9e00c72a1bbfbb5376a65fd98335346593765bea0a7c7739d5b927e863ee54cc7a93b397e8c745a48bf9ef51cd9b56228ed0f3f76844298c7779dc5459397be
Score

1^/10
behavioral19 behavioral20
- Target
  
  HELP/help_screenshots.htm
- Size
  
  554B
- MD5
  
  834e553c909b7600700f25fcdfe8046a
- SHA1
  
  3d8a844cd24e519f73e6e14c83464ca801188aa5
- SHA256
  
  b2bebc38395e4678c78af793b1c5ad214a3f832fbe860dedb0d8db36118350fe
- SHA512
  
  245dce23051e67dc786ef07bb0dcdc2c98bcad859bc4b4bc522a64b72db28a7d0fb657df7b27a7d0f3ab7612a11275ba04307847eb7836917b39d25517221205
Score

1^/10
behavioral21 behavioral22
- Target
  
  README.HTM
- Size
  
  1KB
- MD5
  
  5d333847ea3381ede70b2e44ee020416
- SHA1
  
  ac04265c3e1af4222c417216282ce16a7b63c5a1
- SHA256
  
  68030a6f628f860115432c4ab704d8a8cd6b7a511b09c63f1c0c59e35c38a00d
- SHA512
  
  a0fd61dd88d9961903f53c82adaae503acce8c1ef8e8505a07b0245d629ec8eedc946961bf8ae6d9f631f2f9ef950a7cda8ab697c2102451807185d7d4c23bec
Score

1^/10
behavioral23 behavioral24
- Target
  
  changes.txt
- Size
  
  27KB
- MD5
  
  ec966f0695144d69258c2431d182cb6b
- SHA1
  
  02e0f81080d4c6b5e2fd60029b4c058b82065155
- SHA256
  
  a9efa59f631e97b1e0afadde3722531b45b0565ff2e71f920073fb5485808e31
- SHA512
  
  a34e5fdd8e57f3173bdd701a050fb211dafad3cb556d5d66850a9f8dfd0f85e7f607559626cc8cb0053c1e2a7535849f98eae03cfa4477c48147d00fe75e0747
- SSDEEP
  
  768:DEFJIroNZpnWGYZyAUdCEY4Wd3fZQT7WlTqREGr7id7BTUvOYsMYiDn:D0skSE72h85
Score

1^/10
behavioral25 behavioral26
- Target
  
  fraps.exe
- Size
  
  2.5MB
- MD5
  
  0ff5b5161a78bf5721811779376db71d
- SHA1
  
  35308429117b514237d34bd8015bfe4efa8e7d55
- SHA256
  
  da7f61f2b04266a2ae897a0b001e721f1920cb579d5e08a8e5930a79c5d2fb80
- SHA512
  
  d701440fa49f287a9631c8fb98cef5ea89b4f135901519d3ff3c45d0a7b8c464901514078bcf5ea8d2ffd23dbc7e30816ec0beaf06a531af045fdd1f5aec0204
- SSDEEP
  
  49152:FE2Bj+HwlrUcObnP6q8m7X3wYdurAFfCUOvtig+wf0PUVKje/rJFz6:r9+MrpObnPH851rNUOV/+wIngFz6
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral27 behavioral28
- Target
  
  fraps32.dll
- Size
  
  263KB
- MD5
  
  6328007efe11f2ad0a50f122367ce743
- SHA1
  
  3f48580a32d0c5cd2551dcbcbce885c9337ce044
- SHA256
  
  e800f37cb2efa8ba13a25278cdd578dae4a2c86d23d4247349673160b0301e4f
- SHA512
  
  67d38b4dadecf020d1dc1e567327b5c0ebb72391448956e3e5a99943b6552851a94236d407da47c70abeed841898d2681382d78c522a40f28f22bbb654f7a8ec
- SSDEEP
  
  6144:4DOK/Uddz0HzTLcy2q5lylI/QkvD8q6LkWhFOlHg:bK/Uddz0Hzncy2q5lylI/QkvD81kWalA
Score

1^/10
behavioral29 behavioral30
- Target
  
  fraps64.dat
- Size
  
  112KB
- MD5
  
  79856998086dec03fa34a614708ae1e2
- SHA1
  
  f858dd68780063527953aeccdcbfc955b3ea2cb9
- SHA256
  
  a62a9241f3bf39176956d6fa45cec7a9aae12908c7156e4b533b81d35e902a9e
- SHA512
  
  ca63ea0f8f269b957efa65faf4c836133c93cbe38b76f5c0117bdb3e9a1719ef1b1943a9a3f2f7e51e31e08fdc0a02b24233baaa12aa6087112db9b4b7bb7f48
- SSDEEP
  
  3072:XcH4TH6vYjeTtyvsfGIBrYUYAv4tYRfNNgS:XcYTyYjUUKGIBEFE4+f3
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Identifies Wine through registry keys

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32