de0b3317103aa920db6f390603f5a9afeaad58edc081c333fbb8d5a462465f83

Resubmissions

31-05-2024 23:46

240531-3sea6saf93 8

31-05-2024 23:43

240531-3qkp6saf27 3

Sharing

Copy URL

Twitter E-mail

General

Target

AcesX.V.2 (2).zip
Size

10.5MB
Sample

240531-3sea6saf93
MD5

9de8cbb3b7680df28f523099b0aac9c8
SHA1

f1b914392c2e72e3c93747c6453106cc1e23c678
SHA256

de0b3317103aa920db6f390603f5a9afeaad58edc081c333fbb8d5a462465f83
SHA512

63b396dd27be7b67158e89cbca33c6b2b510fb9b34ab5f84698041f80866f259b57abd5756d8221bb53191aa13d6506cba6b280ed8675632cbf2deb1205fb087
SSDEEP

196608:3NNSUj77I3h0wGZ13tI7vzRbsvjZqRC9TSCFVasKe4ckmm9Z7nhBLoNB06:3NNSE7Ux0r19Irz5F+SCvjhJmhA5

Score

8^/10

execution

Malware Config

Targets

- Target
  
  AcesX.V.2/Aces X.exe
- Size
  
  259KB
- MD5
  
  8f583e9118d18e67dc5334e060a7269e
- SHA1
  
  3dd4ae11c37291e2fb69f4f4dcea220319d6d8cc
- SHA256
  
  eed4fc802562ffef745b65a9eb8812c9d5111307d64bbc49ad31b777c3323d3c
- SHA512
  
  709ca3cc262607ef1509db6e8401533131c3a8d85d1c53ad05ea3cc30bdb795d3e473f5e16f4900e3ecc6e7a5611de1164ae0ddf2337e8c2904be278ec93476e
- SSDEEP
  
  1536:8Cs6ju2mbVY4/dRXVL6s5zjalOYCXuVyOkd3/BKFnYjn+C+2RlxYHe8qUMvELKk7:HtibVY41RXD5YxyOkuiXXfL8rOCJaG
Score

8^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  AcesX.V.2/Bunifu_UI_v1.5.3.dll
- Size
  
  236KB
- MD5
  
  2ecb51ab00c5f340380ecf849291dbcf
- SHA1
  
  1a4dffbce2a4ce65495ed79eab42a4da3b660931
- SHA256
  
  f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf
- SHA512
  
  e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b
- SSDEEP
  
  6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
Score

1^/10
behavioral2
- Target
  
  AcesX.V.2/FastColoredTextBox.dll
- Size
  
  323KB
- MD5
  
  8610f4d3cdc6cc50022feddced9fdaeb
- SHA1
  
  4b60b87fd696b02d7fce38325c7adfc9e806f650
- SHA256
  
  ac926c92ccfc3789a5ae571cc4415eb1897d500a79604d8495241c19acdf01b9
- SHA512
  
  693d1af1f89470eab659b4747fe344836affa0af8485b0c0635e2519815e5a498f4618ea08db9dcf421aac1069a04616046207ee05b9ed66c0a1c4a8f0bddd09
- SSDEEP
  
  6144:0R0J4lx4/7BA4xvNdcwCOg04j0y5mwZkdmsqmLDi5eNH+Dl1SIP0:0R0J48lAovNd7CO34D4b4eNO
Score

1^/10
behavioral3
- Target
  
  AcesX.V.2/Fluxteam_net_API.dll
- Size
  
  6.2MB
- MD5
  
  2295c5b937ea6facd25a4aed6546cd69
- SHA1
  
  d9891e3086820f4caa10d3e8e0e754672da5f505
- SHA256
  
  a0c6057548ec5f2294f16ab6cdec2bd101d23970bf7e96ee271093c1946f26ea
- SHA512
  
  5f2f51bb012c73d0f197bab866c92e38157ef2ed40041ed9f3f70bd6a5a13964156cbeabbea9902622b1f4a5369ba7c14cfb15c95c280cf8e6dd129fef75eddf
- SSDEEP
  
  196608:in1xmGmh3ySCjpRFW7bpvCwZqkaGXUc8zjPb:iIxyZpjW/pvLCPP
Score

1^/10
behavioral4
- Target
  
  AcesX.V.2/Module.dll
- Size
  
  5.4MB
- MD5
  
  a3f17a12dc9763de4335abb9019c1dc3
- SHA1
  
  0d7238a1a0a5237fc19b9a54fda3add73793ab2e
- SHA256
  
  47fbe4181082820cf7d3e2f10d8db4d4ff79bec7afdcf21e71d5c6614306eaa1
- SHA512
  
  e2a17887ccb448a9ce7a2c4ebfd10b4cf5d769b31f150007b03c7bcc4de420e44ac39a6b3473833e0d2d6cb892d4962d98d044207de14143d8b2edffbc8e6a41
- SSDEEP
  
  98304:bfleZWdDsTnfQI9Qf3Zqq/lgQ/6STibqZB:bigQ9Q2GciB
Score

3^/10
behavioral5
- Target
  
  AcesX.V.2/Newtonsoft.Json.dll
- Size
  
  685KB
- MD5
  
  081d9558bbb7adce142da153b2d5577a
- SHA1
  
  7d0ad03fbda1c24f883116b940717e596073ae96
- SHA256
  
  b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3
- SHA512
  
  2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511
- SSDEEP
  
  12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
Score

1^/10
behavioral6
- Target
  
  AcesX.V.2/Oxygen API.dll
- Size
  
  291KB
- MD5
  
  e9034685deb48ee57d574239573d7196
- SHA1
  
  5a4c0b346a7fe5e2c7624d86426c40819bf8cacb
- SHA256
  
  f4c75595e44dcdbbade39a477540f0de2656abf10a02bcbbcd8c05e8bd432bda
- SHA512
  
  b9d8b84b1dbd3b597e1e1831516b71c2f0d658e2a69977f4eb2bb3581a7fbd5d9554640a7a2b5fee229a224f265102707cfd708f244ca582b1d62d6c9de8dd00
- SSDEEP
  
  6144:kgaRZVLlfh7rZthO+JjkuHEEAt/wz/60baxHU6b:kgoZdfrXg+JwuKt/S/605
Score

1^/10
behavioral7
- Target
  
  AcesX.V.2/Oxygen_API.dll
- Size
  
  291KB
- MD5
  
  e9034685deb48ee57d574239573d7196
- SHA1
  
  5a4c0b346a7fe5e2c7624d86426c40819bf8cacb
- SHA256
  
  f4c75595e44dcdbbade39a477540f0de2656abf10a02bcbbcd8c05e8bd432bda
- SHA512
  
  b9d8b84b1dbd3b597e1e1831516b71c2f0d658e2a69977f4eb2bb3581a7fbd5d9554640a7a2b5fee229a224f265102707cfd708f244ca582b1d62d6c9de8dd00
- SSDEEP
  
  6144:kgaRZVLlfh7rZthO+JjkuHEEAt/wz/60baxHU6b:kgoZdfrXg+JwuKt/S/605
Score

1^/10
behavioral8
- Target
  
  AcesX.V.2/WeAreDevs_API.dll
- Size
  
  607KB
- MD5
  
  ea1ad1e19e81df5cfcb4207563896153
- SHA1
  
  d0391630a4d1eab58b59b62062413fd9a6d70461
- SHA256
  
  ba4ede69fef9675f0c8dd546cf41d0c529fa2bd75965d6964709f20ae3681109
- SHA512
  
  a9b65263739bb794f7d54db06ffbb1c42eeac367b252b820e2e93313e328592652890fa3c6e3ea5d04fa193854c87b499cb07e9b7afc1627de27b27d1cec8471
- SSDEEP
  
  12288:XURkGrbk/x95DR7XZdfrXg+JwuKt/S/60pR5kjo5Bda7EptO:XIkyk/x9L7Xfw+Jwz/S/69k5BkApt
Score

1^/10
behavioral9
- Target
  
  AcesX.V.2/krnl.dll
- Size
  
  883B
- MD5
  
  17ae0d3301e4c913ccc7f5b7f2931297
- SHA1
  
  830cbea44525aaade61632457f7ba2658c41cccd
- SHA256
  
  6f767ddd0f2f74481aca176faad44f9674c88aaaf73e1afb931697d62594171f
- SHA512
  
  633cc58134edb30e26cf1c642d583e21c2a303d608200c275ae4dffba0fe72b8c269ff19df8f01f1859032ea8e8ea257b9f2c810755614e67de61abbb082e53a
Score

1^/10
behavioral10
- Target
  
  AcesX.V.2/krnlapi.dll
- Size
  
  17KB
- MD5
  
  ab7cdb00e85533757bb540106bec1ee6
- SHA1
  
  b53f46b732a15a05763473d0cbd03cb7d303176c
- SHA256
  
  c70037a084f5982f1669bb3b86932118884b7e04c3cef9a0911bbfffc35d95b3
- SHA512
  
  3dd0a5feed3567051f833131673797461c1ac1b6f912a9e84520a3ddcb4c4adc488f4078147a46eaeb167fdc0be590745d66af5ded8613c9c83b2d04b84cefb0
- SSDEEP
  
  384:WG/frX1WcjM4vrX3pXKxbgSEH/FgNuenI1B58L://fJWcXrX3oxbQACj8L
Score

1^/10
behavioral11

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11