General

  • Target

    Growpai_4.59_6132024 (1).zip

  • Size

    13.6MB

  • Sample

    240617-wlgz6aybnc

  • MD5

    9566602deaee120241649c7a16819e4e

  • SHA1

    3f8b407371df1ab2b675aa4366553279edc9b5af

  • SHA256

    ccc547cd841c5f6441497e1d3732775749992b2b0900593fd642c45b7109a631

  • SHA512

    97a9d41fa21a8c99bdc609e83234096420eae391d92dd576549fb074076713255b800755ce10aac63dee368d8504940f4e1a16001e43f664bd26017695cbbd65

  • SSDEEP

    393216:+gvIQbPObcgXI7suk4Ch8zIX06uCJFsbZIO4fEjmDJ:TQmwfB4G8N6uaXEjmDJ

Malware Config

Targets

    • Target

      Growpai_4.59_6132024 (1).zip

    • Size

      13.6MB

    • MD5

      9566602deaee120241649c7a16819e4e

    • SHA1

      3f8b407371df1ab2b675aa4366553279edc9b5af

    • SHA256

      ccc547cd841c5f6441497e1d3732775749992b2b0900593fd642c45b7109a631

    • SHA512

      97a9d41fa21a8c99bdc609e83234096420eae391d92dd576549fb074076713255b800755ce10aac63dee368d8504940f4e1a16001e43f664bd26017695cbbd65

    • SSDEEP

      393216:+gvIQbPObcgXI7suk4Ch8zIX06uCJFsbZIO4fEjmDJ:TQmwfB4G8N6uaXEjmDJ

    Score
    1/10
    • Target

      Growpai.dll

    • Size

      5.1MB

    • MD5

      b532a9987cca5bd6a28dca9df78c4306

    • SHA1

      b72425f3b5dbe3f82f635ab9a922ef4c07a33695

    • SHA256

      488c688651b244afb390e80755ab4b8dac0be649e7ee005343f6440b058bc360

    • SHA512

      7de9a21c567ec9611f5c5a6e945434e96c29bd12fa742a15a6028ef9858100cf35c4579b8efaea51d0a275451b1fe3e735986293fcd35e591c320b1693ea84f4

    • SSDEEP

      98304:8jYvd6apdyjLSoFw0mEuKvdg4BaE8KHebKuTp3QIM9dZtncxSrJ1Cd:8s1tpdyjLiJKvdPBaEJeuuazdZhcxGDY

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      Inzector_protected.exe

    • Size

      8.6MB

    • MD5

      e1feaf2ff147638b619f722952eeb275

    • SHA1

      b6d213178211fa5b85e7592a22bd66ab359ad8c3

    • SHA256

      c388047bd2432fb129eddaff43fda64d1f895a48a7c1445ebd7153041df17f89

    • SHA512

      03366dae3cf77b87e2f411bbf504b12306c81e384ba375bf9302f0bc62bb1ec7a63b38ac050ee150c0ef17b75267a99a85c2f5e23496257fbf70fc08e6485169

    • SSDEEP

      196608:eS6h3lCjSUNqPQ4BK4HkkeoZuiudtDpwCCwHbS/pSR640:en1CjKPQ4I4EkLZkdRVC8bShSR6f

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      loader.exe

    • Size

      14KB

    • MD5

      9e25530dde3c4d19216983ad1cc9e516

    • SHA1

      5b600acbee56cd300e0336e9586cbc60d25df573

    • SHA256

      66975a5814ee58e19ad967e2f96a86ac4dcd941a764c52e37db7a8e3cc0803fb

    • SHA512

      c4e4889747b2c1d05411b80ac9ac6fa3b24f34318570e4fe2353208ce4a030686391b86389c4fe514bf687b9084edc15d0d3fbc0f253021e5e7f37a183810376

    • SSDEEP

      192:KGsy159/j/H3nCCBc21q5efqBF1EV0A5TV1McfJ0PaFFOIV9s3Q5tfBDSJGp:KGsy1597/H3CCBcNmqBF+VVlC3NJ0

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks