Resubmissions

16-06-2024 02:32

240616-c1rclazdnr 9

16-06-2024 02:29

240616-cyj6hazcpn 9

16-06-2024 02:26

240616-cw4r5awbqb 9

General

  • Target

    release.zip

  • Size

    11.3MB

  • Sample

    240616-c1rclazdnr

  • MD5

    4115cd94afc46e92446a5ed4c6e02034

  • SHA1

    a27d793c873e89366625e8c2577fac9bcc22f55e

  • SHA256

    3a521e8eb6c4a7bc7e8981b6377b5ca5a50b47862cd29c15b394a3e1a91cb4f1

  • SHA512

    5bc3d1459061e0285f8f6fd9af8fc884bc7495f34bdf165af4374320db698b3f6563887490dd342bb4865758d14a9df8f080c59978a2d89137fbebeac810a2bd

  • SSDEEP

    196608:S6oLLrxYCD3GH4sfsx+QlK6GDoudi0E59ythnAB+rJYmd5wyj:6iCSFskQE6Grdi15AnAB+dPEyj

Malware Config

Targets

    • Target

      release.zip

    • Size

      11.3MB

    • MD5

      4115cd94afc46e92446a5ed4c6e02034

    • SHA1

      a27d793c873e89366625e8c2577fac9bcc22f55e

    • SHA256

      3a521e8eb6c4a7bc7e8981b6377b5ca5a50b47862cd29c15b394a3e1a91cb4f1

    • SHA512

      5bc3d1459061e0285f8f6fd9af8fc884bc7495f34bdf165af4374320db698b3f6563887490dd342bb4865758d14a9df8f080c59978a2d89137fbebeac810a2bd

    • SSDEEP

      196608:S6oLLrxYCD3GH4sfsx+QlK6GDoudi0E59ythnAB+rJYmd5wyj:6iCSFskQE6Grdi15AnAB+dPEyj

    Score
    1/10
    • Target

      release.rar

    • Size

      11.3MB

    • MD5

      5c001e7cd4bead1393a073f4db374f2b

    • SHA1

      126db88412f3b4c26c7c03c7ecf003dafa69b671

    • SHA256

      957bc987044ba0adaa749cdca6e8e74b560d2484a00ce8eeda77b4964f25bf97

    • SHA512

      fc48c73a1869cb2f6a89f792e1a50bb3349b4a1625d4ba8e22839c5ded2b4ec7a81763749ec05d4c94081659dd50a6395fbee059a7c24a84640be132121dbdb0

    • SSDEEP

      196608:nCwrLldq0DxetYixAvGUFi0gpuKLoqizxw1p9o3IVTiypXyGv:ho0o9A+UA0gxLonzc9o3IB/sGv

    Score
    3/10
    • Target

      release/main/cheat.exe

    • Size

      3.9MB

    • MD5

      200e4d1a5f37c511d30b7c778556b1a1

    • SHA1

      809060eed706b528705b9e0082a9d0b8f1449aaf

    • SHA256

      ab2b268de451ce6bbc5879b014180e47aecd874181d1e03c34159f78839ded67

    • SHA512

      8fbf7d4b092c7a0d964fe4a1a0158811fdd1ed0a8ff49aa7de02c6dbcfbf70fa57959b2a922a731da598cd37e3fce008fa330a9daa892f32f61696a44cf1672f

    • SSDEEP

      98304:F3t8oJL3g4KQWRa49EwOIJ/enT55/FPeO5hOCEI47zFk:H7hKQW84O4eV5FZjOCEIu5k

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Sets service image path in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      release/main/loader.exe

    • Size

      4.1MB

    • MD5

      9ecdc9ed1bea6c226f92d740d43400b9

    • SHA1

      b5b5066cd4284733d8c3f3d7de3ca6653091ae10

    • SHA256

      60c57f14c2e0e0df0bda16646b21dddceaee0159dafbbb8daba310d4e1b5be6c

    • SHA512

      30bc705a2438288e3647d5adfc6119d751823970972b9c6b39a60384a2b7ac261986026b8d1c0b0ca7ee3d7e95363c97b873fdc5fad4096c903cb4e15bf57e43

    • SSDEEP

      98304:vnUGAC+hqc8lqvdzw2nsNKYYURyc9JirsN4JzmUPj:PTn2qcUzp6UYeJRCxPj

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      release/map/map.exe

    • Size

      3.3MB

    • MD5

      a5a681b19458d693464f24f0d22d7b32

    • SHA1

      10b9edb6e510ee582815b3779064698ed9e90db8

    • SHA256

      04a72e5f734b6d97c78477d82b1bd24d45e47769b98d908920265a01bbde2d37

    • SHA512

      e27f08721444474d7f37e45b6636f71cd5e9823ab197b6665f5c48106f8f84ec57bd5f1e953a3c2d0200ae0f9e80b72a261444bea6e828a62cd0b44bf128ab31

    • SSDEEP

      98304:GyVbJ5frOxTN0fAptwDUB+psfprlsg/zG3lC:f2JN0fG6wgsxrqQzGVC

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Sets service image path in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      release/readme.txt

    • Size

      136B

    • MD5

      fcebdd8b5fb2375817096c3ccaa7d983

    • SHA1

      9c74429eb7a9bdbd41da10f53e688e32db937f80

    • SHA256

      84e202ee56be41944643b1fa8b99b29450469d3bc64493edc37c5c6644c25b01

    • SHA512

      a2d58fce370788a77dbb8b33fd7227a5118aebd406dd9e945a80a3b8572420fff49d4621ffa37911074becf0ffdc655bf01cb6101e5e9bc60fa1036534da6813

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks