0741f494b00bf8b9b84372fb75bf8e4e047280f7bcf5b90dcd696a855b7eade1 | Triage

Sharing

General

Target

maple_latest_cracked.rar
Size

49.5MB
Sample

240613-qp1zjsvdjp
MD5

568678c038170c1be74b738ef78e79e4
SHA1

3128defccd314222f079d7c95bfb60d93dacacef
SHA256

0741f494b00bf8b9b84372fb75bf8e4e047280f7bcf5b90dcd696a855b7eade1
SHA512

1cf113cf9146652fc568e5191673176eac084705f648c2e019f0a93b9f5a7f4e7e690ff5b2f84e6abaef940d39423e39aaac52400bc41ef3782542db923528d4
SSDEEP

1572864:yKc6Q7ZY3wIG74Kjb/BMARnWAeJ2MCcBRy/hNM56xZ:yP6QiASijBMNJ2DcBahC6xZ

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  crack.dll
- Size
  
  5.0MB
- MD5
  
  b5b1b26e855eda6268b9a2008e0fce86
- SHA1
  
  d7925f7de5835e3564b187d8654bb9305ea945fb
- SHA256
  
  06dec4f9857f7b9a43157756606546d04a0f34c87681c7db9aab9125a43b33a7
- SHA512
  
  14ad2e93ed5876dd246ce6f32674e994b4f35a5acbb1ac46388bebc682a70ce4eca974fda102c273c71dae3c9bc7b69f965fd636cb2d5c579de9cd23e8b35799
- SSDEEP
  
  98304:j+YCYfXbb8DckgAEhxWiHF/5DoNZ2qkFVwz7583lfdmjLdGGf:jP8QDDRF/eNsqgiZ
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2
- Target
  
  loader.exe
- Size
  
  5.3MB
- MD5
  
  e630d72436e3dc1be7763de7f75b7adf
- SHA1
  
  40e07b22ab8b69e6827f90e20aeac35757899a23
- SHA256
  
  59818142f41895d3cadf7bee0124b392af3473060f00b9548daa3a224223993e
- SHA512
  
  82f0be15e2736447fae7d9a313a8a81a2c6e6ca617539ff8bf3fa0d2fe93d96e68afea6964e96e9dd671ba4090ddbc8a759c9b68f10e24a7fb847fe2c9825a83
- SSDEEP
  
  98304:MY5XZjNqBeNp4iSgPKpQ9CKhqkaIWvO9SYCxBKXyaxVdb+tSVGHyYDMMl7qg7:MYpMeNp4irCmWISnTz2VtIVDMg7n7
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral3 behavioral4
- Target
  
  maple.exe
- Size
  
  40.8MB
- MD5
  
  db7b4b030f0a44a2f51c957d949f8e1e
- SHA1
  
  7814eaffb9c68fb78f3f69380439aaf94d556828
- SHA256
  
  8f5f582788ce95ba51ca37dac8e45fff1674e0d36e4129731edded7e71a94c30
- SHA512
  
  be6f371423a0bee1b3d3f61640e1b6ca64290a4a864d4a1b3ad8ca6250650ca01d42b635f650138733b3817c491f64a8bc82622e7f1b565dc4cc8da37e43a63c
- SSDEEP
  
  786432:GmtGTz74LgKKoB7fgM3QZ2ciA4DS+mC8yZ9BSmPpnbP3EwlIFFnHpu1Ckf9+uKcY:GmKoLW233u2cipDM+Z9LFPI/nkUg9M6S
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6