General
-
Target
2e18394457424727246f796b80d9c36ce095791b279c2eb55f61158eaa27edda
-
Size
224KB
-
Sample
240603-er9hxscb85
-
MD5
9077ec98bd1a022616452acdc2d59799
-
SHA1
b70a2e8f750b9ff50f6d747725c0ff0ec5ad7823
-
SHA256
2e18394457424727246f796b80d9c36ce095791b279c2eb55f61158eaa27edda
-
SHA512
45c6b984d084509122a4c8afe0e82f8a179614fe7f0498c9dfc37fe7561cd60a47224e7b724f9b381ec9802221d28819d11fe8ab01309b4110e49005fa9d261e
-
SSDEEP
6144:SVSkzVWbiexiQOCJAsCOrastbs+6HdwNg:S0kRiiTQOcnraEsZdL
Behavioral task
behavioral1
Sample
WalmartForm_San_Antonio_78218.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
WalmartForm_San_Antonio_78218.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
d0000.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
d0000.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
80000.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
80000.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
US_Airways_E-Ticket_Print_Doc.exe
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
US_Airways_E-Ticket_Print_Doc.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
WalmartForm_San_Antonio_78218.exe
-
Size
90KB
-
MD5
d062d420e2ac73b0211afe30063807fa
-
SHA1
c3ba72fb3f48bd3b4a5fe8b04e3f8b8398e624c1
-
SHA256
f1b8a10f27cc597281bdd423fd7e9829ecbf036ebe6e7e00d054c55f01454bd8
-
SHA512
761ec98c589349e4e511fc255531c5f074b810c56b9b3cec1d9477ec383686e6b8c1d99840f67540c8e83ededc5abf573371b2743ae5a5f58c3900fe9bd8e599
-
SSDEEP
1536:eTFOnhmTIgT+jv+d6tS5s8li+C89pjIk7xpPnXv0HX0cFNFXf3FBsThnzUsHR3ey:eBTdPj22FLnIS/0HEQFIn5HRg/
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Deletes itself
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
-
-
Target
d0000.dll
-
Size
74KB
-
MD5
0d655ecb0b27564685114e1d2e598627
-
SHA1
9834d2149842cb807dcfd6b9282eebbfc27f64dc
-
SHA256
c56792bea8ac5fbf893ae3df1be0c3c878a615db6b24fd5253e5cbbc2e3e1dd3
-
SHA512
657172e7b19bfd286d7f1f6336ff8638cf9a62686f72f955a3dfe519a923c1aa953bdf4f533c39cbd6b9c10dffa2101f0f0770de2696f3a8e79c413a535a25ee
-
SSDEEP
1536:MS1LKOuMVMCL5D8Nbv5BXg06v/0DNHUYbLOyZeZjOLfJxFwKW01uGR/xOi7OCAf7:MS1HVMCL5EL/9KCRihn
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
-
-
Target
80000.dll
-
Size
66KB
-
MD5
400439a05c61cfd61625749a7f1fd8f1
-
SHA1
8f5b0e02f9c6ff5547410e45554996fb64df7002
-
SHA256
0abbe08ec50615e8c1e87192d61b1419e7780251a035e72ffd92e0c6cde60ca2
-
SHA512
2b05470280fde4fecda63035fa397798ae6b18f529a634040282ae9f8969ddaea488662e9f17848db0443b0ce99aa35bd43e01ddaa295c81629c95ac06514beb
-
SSDEEP
1536:i1CNFN96i6NI7q8U3gW6v/0DNHUYbLOyZeZjOdfJxFwKW01uGR/xOi7OCBKzR9dT:i1C3NSeW8UF+hT
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
US_Airways_E-Ticket_Print_Doc.exe
-
Size
92KB
-
MD5
53fec0c29fb30de88c9a6a369e8cae62
-
SHA1
597b9aab24a0bffce34407f5ea8c5082dc4bb3b2
-
SHA256
4bb1d2130bb7ac35a03eb2f1eb483fc74103cea2086f3fc6984cb8724bcbcbfc
-
SHA512
852645ae4e7cd4f9f80061f01a56715b3240a7831f00f72f897d12809cd0bfdffdcb218aa15e89b99bb269e83e82cac2d5adfda628969dab8b8f4fac7698bcb8
-
SSDEEP
1536:IKt4CZ0XlXogPZEtEFNxVJz4sqAbyYPNwHBTUeC3R0FrPQxnLiaO:34CZ4YghAqVFX3PahTULmkn
Score7/10-
Deletes itself
-
Suspicious use of SetThreadContext
-