1590e2efd5142338b56790e0bd492b5c117078dc60cfcb57c77127839acfd0e9

General

Target

NiggaSploit.targz
Size

278KB
Sample

240615-ematssscrr
MD5

fb44663383577e72cb1d59c6a16adfe2
SHA1

1c33fffe182c18a17cc6fc1f6fe4a89bead052ed
SHA256

1590e2efd5142338b56790e0bd492b5c117078dc60cfcb57c77127839acfd0e9
SHA512

18e5b619a527b835cf122c024dbb974eed0078e6fc4ae697b880b2e45476a3dc56523c2c4bad334f915b1db97988b80c34769af6443f77e77437a7c68c8f4cc2
SSDEEP

6144:SAsnviz4uS0NLr42O0Lo7c94nLbr+oUKkBDV6MfmAP:SAoq8uS0ZGI+n/r+TDsMfmk

Score

9^/10

Malware Config

Targets

- Target
  
  NiggaSploit.targz
- Size
  
  278KB
- MD5
  
  fb44663383577e72cb1d59c6a16adfe2
- SHA1
  
  1c33fffe182c18a17cc6fc1f6fe4a89bead052ed
- SHA256
  
  1590e2efd5142338b56790e0bd492b5c117078dc60cfcb57c77127839acfd0e9
- SHA512
  
  18e5b619a527b835cf122c024dbb974eed0078e6fc4ae697b880b2e45476a3dc56523c2c4bad334f915b1db97988b80c34769af6443f77e77437a7c68c8f4cc2
- SSDEEP
  
  6144:SAsnviz4uS0NLr42O0Lo7c94nLbr+oUKkBDV6MfmAP:SAoq8uS0ZGI+n/r+TDsMfmk
Score

3^/10
behavioral1 behavioral2
- Target
  
  sample
- Size
  
  810KB
- MD5
  
  ff32e175229d6243fdc9567c5df26518
- SHA1
  
  c4e3383ff4516107c1d6f0a2cc7e5863a9375119
- SHA256
  
  e3c550cf10c51b592c7b4a5c23e3814728a454e6ac74762dbdff032d2ffeab8e
- SHA512
  
  b035541857fab45eb3e4960325b9d9761bda370fb58b80ab6d9fc485f277a9b729f129c0ed5adcd67aba80d8186626dafaa4a1f1e25c41df0c022887badf31ba
- SSDEEP
  
  12288:WfSmzhHoAX5TyQvgwRojAojGdJaTGLLvlguxD:dmzhHWQDRojAojGddLL
Score

3^/10
behavioral3 behavioral4
- Target
  
  SolaraB2/SolaraBootstrapper.exe
- Size
  
  798KB
- MD5
  
  7416a188b82e9dc4b020a59d3c9267d5
- SHA1
  
  15b67c0e13667dd00f2f1d1d2d3132e629e746f3
- SHA256
  
  6a6990c2da4da8f8870da3e33865a1dff8f16874793b232971194c074f3b7838
- SHA512
  
  3f2616216e8dc70362cc6d3f8e76a009108fe04d98697a744c131b76f3c693364ef2a80716ccd9a8f9987d2ac10b0316b0328a0066260055fcbadcd449aaf704
- SSDEEP
  
  12288:pfSmzhHoAX5TyQvgwRojAojGdJaTGLLvlguxD:smzhHWQDRojAojGddLL
Score

9^/10

discovery evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Downloads MZ/PE file
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6