General

  • Target

    val.zip

  • Size

    4.8MB

  • Sample

    240618-hm1l1a1hjb

  • MD5

    98bc3561ac145048cae97b73d23354dc

  • SHA1

    5a89d1bf153c02401f1379abdab64f7c073115fd

  • SHA256

    d54e2b9b5e3fa5f0da07fbbae1fe722d89d9e98579dad3096ff8f7331ac7cb2a

  • SHA512

    463a5ca7bc162c02552829224928bf15b85b522f43f2849b6157d7614d3701b18b80a50b7dec62bd1eff0398f25aaf5d16f4df2780095cfb283aa2dc99b90fe6

  • SSDEEP

    98304:J3AL20ooQzxA3AL20ooQzxgutYP7Ttf9PkxXfnCHSLXpw:eLNoTzx1LNoTzxgVPPtlavWwXpw

Malware Config

Targets

    • Target

      ValChecker/SSQ.dll

    • Size

      1.7MB

    • MD5

      56a504a34d2cfbfc7eaa2b68e34af8ad

    • SHA1

      426b48b0f3b691e3bb29f465aed9b936f29fc8cc

    • SHA256

      9309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961

    • SHA512

      170c3645083d869e2368ee16325d7edaeba2d8f1d3d4a6a1054cfdd8616e03073772eeae30c8f79a93173825f83891e7b0e4fd89ef416808359f715a641747d7

    • SSDEEP

      24576:YPUxmkgSxPgobZPRjZ22H6edtOZzWySRO3mlE0i/Yl5P+qF+8k+ao/si6:8UxXPgo8e6WYBSJZSS5P97I

    Score
    1/10
    • Target

      ValChecker/SSQLite.Interop.dll

    • Size

      1.7MB

    • MD5

      56a504a34d2cfbfc7eaa2b68e34af8ad

    • SHA1

      426b48b0f3b691e3bb29f465aed9b936f29fc8cc

    • SHA256

      9309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961

    • SHA512

      170c3645083d869e2368ee16325d7edaeba2d8f1d3d4a6a1054cfdd8616e03073772eeae30c8f79a93173825f83891e7b0e4fd89ef416808359f715a641747d7

    • SSDEEP

      24576:YPUxmkgSxPgobZPRjZ22H6edtOZzWySRO3mlE0i/Yl5P+qF+8k+ao/si6:8UxXPgo8e6WYBSJZSS5P97I

    Score
    1/10
    • Target

      ValChecker/ValChecker.exe

    • Size

      615.1MB

    • MD5

      796c4e013accc1d47e263f2438248e5e

    • SHA1

      dbca3bb74c9715a4b21259fa644a39a59bb438a7

    • SHA256

      e934ef0b1bad86d0a8d2a08a90b64b309404b2983649f8e34d400704ce8c65c0

    • SHA512

      5ae71ea3ac4f15c6143a424e1e2491294e5f2e5508ca4c05b6fa2676634140ec03e27b698ab0378726b421369e36988f56e016e145ba10b2d517577a00de926c

    • SSDEEP

      49152:lNjqYcOatzfsFfG/oDx4tDhdLDG15f9pTo0trQyYxQw:lNjFcOaxYG/M43HA5fVt8Q

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks