507641e3047216809af93a127af70a266e273cd95c1cfaa06605a753b9166388

General

Target

Delta V3.61.zip
Size

22.2MB
Sample

240604-rr8ylsab8x
MD5

2692ff99a5f94520b6caa33bbd0cf05e
SHA1

0bf675fad129bc61f7c2763177a4314288cce4cd
SHA256

507641e3047216809af93a127af70a266e273cd95c1cfaa06605a753b9166388
SHA512

65d9665d29684325ca27a33ec187be8ccb142f98f662f888b944750ffcfcea43c496403331ab00e5e408dc5b1c3d39d7fc2defdecb1133a41dcc5d00c7c0392c
SSDEEP

393216:p1DbvOskyq5reDYwFpIgDDLB3IwuZcnO7BjOOPhQEFu9QZay7qPF4zjop3Lr:zDbvOPADJpIelBnO7B6OPhjFu9eaDPFj

Score

8^/10

discovery exploit

Malware Config

Targets

- Target
  
  Delta V3.61/Delta.exe
- Size
  
  17.0MB
- MD5
  
  774ffee84d8e760761b8819edd2bc252
- SHA1
  
  74ff2bcc3baf64790181b97dc09ab951d9440379
- SHA256
  
  3c2cbcfb0dc0b92e1a0f15e725a1f8c4756a990e298098d94087cdd3fd491758
- SHA512
  
  935624fdaa9ae57d4515a456a9383c20240988848046fcab69948450413e573167c0f17a456f0f5120ec13e3215759ad11c4857873900606116c3e495dd69650
- SSDEEP
  
  196608:LOM8QZXcqPrn0guhegnueaIN3l4X+yBXeLUpcgwBj9aR:LOM8EmegnBaS1C+yBaUpcgwBj0
Score

8^/10

discovery exploit
- Downloads MZ/PE file
- Possible privilege escalation attempt
  exploit
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  Delta V3.61/ICSharpCode.AvalonEdit.dll
- Size
  
  598KB
- MD5
  
  b6142f182a86adf382ea845935a327bc
- SHA1
  
  841367a389b4df1207224a26f9e201e593d551d1
- SHA256
  
  7225253a9ca59db879340f9ea8ee4f48006ceadf878d04b446522007fbe3ebb3
- SHA512
  
  a5e4941409b4b06fdf44ec5ebfb5d99cec47b1f348e266e7dc20254e5465deb1abf60d67092b5aa1bd14f52d637b52b380382f838d601b0f3734ea5a406fb068
- SSDEEP
  
  6144:m7zJDqOpyhu6XzDnHYRdioOfP/5GvVTBz/xz0z77OxRmvdM+lNsjXU+9NKsTLO0l:C/9R9VONf
Score

1^/10
behavioral2
- Target
  
  Delta V3.61/Newtonsoft.Json.dll
- Size
  
  685KB
- MD5
  
  081d9558bbb7adce142da153b2d5577a
- SHA1
  
  7d0ad03fbda1c24f883116b940717e596073ae96
- SHA256
  
  b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3
- SHA512
  
  2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511
- SSDEEP
  
  12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
Score

1^/10
behavioral3
- Target
  
  Delta V3.61/bin/590.dll
- Size
  
  5.7MB
- MD5
  
  9d947d9f9432cc466f17d6999c82e097
- SHA1
  
  92de10cdb741536c4d143324798629531779a88d
- SHA256
  
  dd220cfb8765304d9705bb162c570fdb48dc07dfe68cd2d2629dc6d5d0460fe1
- SHA512
  
  baf09afa9c164cc8c08e08877b8d0f1f58a7e6d2ecec54b564b27ed73baf6a2c2a2d76bbbeaa3ab9f5f36db2080f27b93acecea0e99a4575bee427af1093af77
- SSDEEP
  
  98304:450ZEc3CPEdzS3iFYcuZwI9lu/lgQ/6SCGeqH:2bPWEiqGBR
Score

3^/10
behavioral4
- Target
  
  Delta V3.61/bin/592.dll
- Size
  
  5.7MB
- MD5
  
  1334786e5f623e65c3b7c4a8272655ef
- SHA1
  
  9dbbf9dc8ecaa9096181ec217468e41acc6c0c84
- SHA256
  
  f91da9a8fafbc3c5933e6f97e75e0c9251dc83c58d4cd419979d53859548fb02
- SHA512
  
  1a988dc15818ac08fedcd0548f1e472ba034ab9a721bc50ac10dbd3dc0995127e3d5b1198f1bf5fea17b3ea3992be2a03c4447e438cc971bdf92c5c761034059
- SSDEEP
  
  98304:zO0rvcHXlDZHYf5vibU6yFA/lgQ/6SPA3WO:zOV3HHbuG4m
Score

3^/10
behavioral5
- Target
  
  Delta V3.61/bin/Fluxteam_net_API.dll
- Size
  
  6.2MB
- MD5
  
  cdf73079a63074805810016f13fbbfce
- SHA1
  
  f7ecbbd392820ea6fb8cbc72911325c440c0c271
- SHA256
  
  c1eb4052b0a9d672595be10d21ff60a79039c5842d8c98e837251a721549c60b
- SHA512
  
  2eb5a41dfe01d6b58aba5d27a4b359f8b6ea2b913e465ca839f09b3c334aabe550d4925a6e786540a5c28c9086ed97b2187722f3bf62c54ae92922550f5e36e9
- SSDEEP
  
  98304:ff0ldnefVuuvtLonWJ7gatg6QrkP6G9qvPpZDI0evx+AquS/gdV7Wme+OEDl:kH6tvP613pZkvquddNLhOW
Score

1^/10
behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

1

T1222

Credential Access

Discovery

Query Registry

4

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Possible privilege escalation attempt

Executes dropped EXE

Loads dropped DLL

Modifies file permissions

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6