485ddbe13e2b499550e9a904bcdfe5db5b2f5a0bf8b3f7607a2ba13219e607f4 | Triage

Sharing

General

Target

maple (2).zip
Size

49.5MB
Sample

240606-sydaysha29
MD5

5c2c5e4a0e9dacf50393213eed7fc65f
SHA1

acc4cf364389605095c88c489db8370c9e274a43
SHA256

485ddbe13e2b499550e9a904bcdfe5db5b2f5a0bf8b3f7607a2ba13219e607f4
SHA512

4ec4cc13c0d54a41053e12a2ae0034f2e19c4531259e655e62776090ba6f164357c47da30f70467484c63e0c8b43b55de4222321007762695be855b7b3eeb46f
SSDEEP

1572864:POUY4Zr06QNBsV3yIamhHKC7Re5DntXS8LoGqV6oDU:2Upr06GBsV3yq7On9op6+U

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  maple/maple/crack.dll
- Size
  
  5.0MB
- MD5
  
  b5b1b26e855eda6268b9a2008e0fce86
- SHA1
  
  d7925f7de5835e3564b187d8654bb9305ea945fb
- SHA256
  
  06dec4f9857f7b9a43157756606546d04a0f34c87681c7db9aab9125a43b33a7
- SHA512
  
  14ad2e93ed5876dd246ce6f32674e994b4f35a5acbb1ac46388bebc682a70ce4eca974fda102c273c71dae3c9bc7b69f965fd636cb2d5c579de9cd23e8b35799
- SSDEEP
  
  98304:j+YCYfXbb8DckgAEhxWiHF/5DoNZ2qkFVwz7583lfdmjLdGGf:jP8QDDRF/eNsqgiZ
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2
- Target
  
  maple/maple/loader.exe
- Size
  
  5.3MB
- MD5
  
  e630d72436e3dc1be7763de7f75b7adf
- SHA1
  
  40e07b22ab8b69e6827f90e20aeac35757899a23
- SHA256
  
  59818142f41895d3cadf7bee0124b392af3473060f00b9548daa3a224223993e
- SHA512
  
  82f0be15e2736447fae7d9a313a8a81a2c6e6ca617539ff8bf3fa0d2fe93d96e68afea6964e96e9dd671ba4090ddbc8a759c9b68f10e24a7fb847fe2c9825a83
- SSDEEP
  
  98304:MY5XZjNqBeNp4iSgPKpQ9CKhqkaIWvO9SYCxBKXyaxVdb+tSVGHyYDMMl7qg7:MYpMeNp4irCmWISnTz2VtIVDMg7n7
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral3 behavioral4
- Target
  
  maple/maple/maple.exe
- Size
  
  40.8MB
- MD5
  
  db7b4b030f0a44a2f51c957d949f8e1e
- SHA1
  
  7814eaffb9c68fb78f3f69380439aaf94d556828
- SHA256
  
  8f5f582788ce95ba51ca37dac8e45fff1674e0d36e4129731edded7e71a94c30
- SHA512
  
  be6f371423a0bee1b3d3f61640e1b6ca64290a4a864d4a1b3ad8ca6250650ca01d42b635f650138733b3817c491f64a8bc82622e7f1b565dc4cc8da37e43a63c
- SSDEEP
  
  786432:GmtGTz74LgKKoB7fgM3QZ2ciA4DS+mC8yZ9BSmPpnbP3EwlIFFnHpu1Ckf9+uKcY:GmKoLW233u2cipDM+Z9LFPI/nkUg9M6S
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6