General

  • Target

    AnonymeTrialUi.rar

  • Size

    175KB

  • Sample

    240617-xq3cbszgjh

  • MD5

    68c2d323d1f5e7d0ae8b9e6ec80b92bf

  • SHA1

    a2e99e4d14aa8eb4c9d9815ead40d339edd38712

  • SHA256

    956e9c0262ec999222d773ef856b1ca6788f02d864101b940d310693478077c0

  • SHA512

    92aa3eaa95ccfcf5b4bb63b63a888ac01c40180722d13530b98b75f6d2eda52c5939e127485263458f978e09c51a857d5a5f485d9b10e778e0db0fd6b91d75db

  • SSDEEP

    3072:3w8sJCPsZNC58cCnpyw9PryazL74qvxnW39NhmslOQ8yirkL:3XP7enQEus3Y39vZlONML

Malware Config

Targets

    • Target

      AnonymeTrialUi.rar

    • Size

      175KB

    • MD5

      68c2d323d1f5e7d0ae8b9e6ec80b92bf

    • SHA1

      a2e99e4d14aa8eb4c9d9815ead40d339edd38712

    • SHA256

      956e9c0262ec999222d773ef856b1ca6788f02d864101b940d310693478077c0

    • SHA512

      92aa3eaa95ccfcf5b4bb63b63a888ac01c40180722d13530b98b75f6d2eda52c5939e127485263458f978e09c51a857d5a5f485d9b10e778e0db0fd6b91d75db

    • SSDEEP

      3072:3w8sJCPsZNC58cCnpyw9PryazL74qvxnW39NhmslOQ8yirkL:3XP7enQEus3Y39vZlONML

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      Lmaoo/AnonymeAPI.dll

    • Size

      5KB

    • MD5

      50dbc4f076ec0feec5648db3e09c85eb

    • SHA1

      466c6c60be0d2a1a0a24832b5a8f1d90392eea66

    • SHA256

      fa67ff8d8fd7553975444d7aca6893a4b42b0dc9d25626862c4e9f6dee4dce76

    • SHA512

      701762af3caddf7b12a8e7db54e48307f69e2d1cb61e8de0412a18745af26b0cd8290316c9fa4c7f549cb420127911fe050d9d50d532fbf078ae89d04451936f

    • SSDEEP

      96:Nl6dOdVdeGgCe0JphEv9fXXG9TtVI3gsil7D0jDu:P6dOdVdvgC7pofqVI3gsM7wji

    Score
    1/10
    • Target

      Lmaoo/AnonymeAPI.pdb

    • Size

      23KB

    • MD5

      8ccff85350dafbae1b29078c9808bfaf

    • SHA1

      61573e943857cf5f7bf565ee19ef0ddb0c9a2e27

    • SHA256

      cb00e38ffc28f0c6a0b9189c9ad0ebae6f0a8e5146d1fbf17e9f1bdfb78e92a0

    • SHA512

      abe3a6f7f03ca1402c0b550ba1627547ef750b38bbf2e5e260bd408fd2750c8c3a03fb226eebbc001d1abbccd50ed21da93a9315d47f770c05e3db9e57dffc9a

    • SSDEEP

      192:CAPRAP8SAPoHCAP8SAPVHrvDTI2hpIOmosSIhIM9O5ArDg+vBMArDgc:dS2o92lDrm2QZ

    Score
    3/10
    • Target

      Lmaoo/Solara/SolaraBootstrapper.exe

    • Size

      13KB

    • MD5

      6557bd5240397f026e675afb78544a26

    • SHA1

      839e683bf68703d373b6eac246f19386bb181713

    • SHA256

      a7fecfc225dfdd4e14dcd4d1b4ba1b9f8e4d1984f1cdd8cda3a9987e5d53c239

    • SHA512

      f2399d34898a4c0c201372d2dd084ee66a66a1c3eae949e568421fe7edada697468ef81f4fcab2afd61eaf97bcb98d6ade2d97295e2f674e93116d142e892e97

    • SSDEEP

      192:konexQO0FoAWyEfJkVIaqaLHmr/XKT0ifnTJ1jvVXctNjA:HnexHAWyEfJoIaqayzKAifd1LVEj

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      Lmaoo/Solara/autoexec/newinjector.txt

    • Size

      102B

    • MD5

      fb4bcbadff658e7d720773012e8bc7f7

    • SHA1

      f79749149e4f797466fe4ddf131ac34d1bb84134

    • SHA256

      3099eb64c5c4f49022388624f8cb18545e97c885ac66935907818583d70ca073

    • SHA512

      1f80c488b0be8b88aa78cb064a5f226b8a160478a1605f88746348204e8e863808018e64c679add0095b14bdad487312e0107ffba5e01a32b67be1669ee90eec

    Score
    1/10
    • Target

      Lmaoo/Solara/scripts/qsdfsdfsdfsdfsdfsdfdsfsdf.txt

    • Size

      573B

    • MD5

      3155f3a1967de4aa9b1e34b3195253cd

    • SHA1

      1d1c9e34225afdb5440413d7961b45a44621853d

    • SHA256

      58e2971b886918c6cef16f57915dc42aa0ac2e40240456d5d6af201a0c179a40

    • SHA512

      2360200ceb2391138d3459d06163d5ae4e7e08ee67737a309c6f997d8a138cdcb42409a26c68208046c4060ddb187651ebc872fa93b36ca84c095dd5d3ac8e4f

    Score
    1/10
    • Target

      Lmaoo/Solara/workspace/.tests/appendfile.txt

    • Size

      7B

    • MD5

      260ca9dd8a4577fc00b7bd5810298076

    • SHA1

      53a5687cb26dc41f2ab4033e97e13adefd3740d6

    • SHA256

      aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

    • SHA512

      51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

    Score
    1/10
    • Target

      Lmaoo/Solara/workspace/.tests/getcustomasset.txt

    • Size

      7B

    • MD5

      260ca9dd8a4577fc00b7bd5810298076

    • SHA1

      53a5687cb26dc41f2ab4033e97e13adefd3740d6

    • SHA256

      aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

    • SHA512

      51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

    Score
    1/10
    • Target

      Lmaoo/Solara/workspace/.tests/isfile.txt

    • Size

      7B

    • MD5

      260ca9dd8a4577fc00b7bd5810298076

    • SHA1

      53a5687cb26dc41f2ab4033e97e13adefd3740d6

    • SHA256

      aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

    • SHA512

      51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

    Score
    1/10
    • Target

      Lmaoo/Solara/workspace/.tests/listfiles/test_1.txt

    • Size

      7B

    • MD5

      260ca9dd8a4577fc00b7bd5810298076

    • SHA1

      53a5687cb26dc41f2ab4033e97e13adefd3740d6

    • SHA256

      aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

    • SHA512

      51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

    Score
    1/10
    • Target

      Lmaoo/Solara/workspace/.tests/listfiles/test_2.txt

    • Size

      7B

    • MD5

      260ca9dd8a4577fc00b7bd5810298076

    • SHA1

      53a5687cb26dc41f2ab4033e97e13adefd3740d6

    • SHA256

      aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

    • SHA512

      51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

    Score
    1/10
    • Target

      Lmaoo/Solara/workspace/.tests/loadfile.txt

    • Size

      1B

    • MD5

      8fa14cdd754f91cc6554c9e71929cce7

    • SHA1

      4a0a19218e082a343a1b17e5333409af9d98f0f5

    • SHA256

      252f10c83610ebca1a059c0bae8255eba2f95be4d1d7bcfa89d7248a82d9f111

    • SHA512

      711c22448e721e5491d8245b49425aa861f1fc4a15287f0735e203799b65cffec50b5abd0fddd91cd643aeb3b530d48f05e258e7e230a94ed5025c1387bb4e1b

    Score
    1/10
    • Target

      Lmaoo/Solara/workspace/.tests/readfile.txt

    • Size

      7B

    • MD5

      260ca9dd8a4577fc00b7bd5810298076

    • SHA1

      53a5687cb26dc41f2ab4033e97e13adefd3740d6

    • SHA256

      aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

    • SHA512

      51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

    Score
    1/10
    • Target

      Lmaoo/Solara/workspace/.tests/writefile

    • Size

      7B

    • MD5

      260ca9dd8a4577fc00b7bd5810298076

    • SHA1

      53a5687cb26dc41f2ab4033e97e13adefd3740d6

    • SHA256

      aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

    • SHA512

      51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

    Score
    1/10
    • Target

      Lmaoo/Solara/workspace/.tests/writefile.txt

    • Size

      7B

    • MD5

      260ca9dd8a4577fc00b7bd5810298076

    • SHA1

      53a5687cb26dc41f2ab4033e97e13adefd3740d6

    • SHA256

      aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

    • SHA512

      51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

    Score
    1/10
    • Target

      Lmaoo/Solara/workspace/IY_FE.iy

    • Size

      539B

    • MD5

      291d5636a434c4f1ceb0f3f776c2a51f

    • SHA1

      ae287e08f71c522a72812f0dace94b8ffb569341

    • SHA256

      73bb58ba5b81960caf5a8e66675cc89b5761b77db99c6ceb9435f7211d400452

    • SHA512

      7dab8034f85aef1b2b7a86cc8220ebdbb95a3f083d1565e1cff38414367aa69fc597a11aaba11dbef411e13fbfb285855d9c46ae59738f6e88c22dd55c81a743

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks