fc68b3caca07d921a32145f0ec67f47bbd7745bd862f54e3d6b77d875646ce55

Resubmissions

25/06/2024, 21:29

240625-1b52fsvakc 7

25/06/2024, 21:27

25/06/2024, 21:21

25/06/2024, 21:18

25/06/2024, 21:12

25/06/2024, 21:06

25/06/2024, 21:01

Sharing

Copy URL Twitter E-mail

General

Target

Virus.zip
Size

44.5MB
Sample

240625-zty57avhpr
MD5

0a49f97b7766149285024d288dd66782
SHA1

5399e669a2b69514c2d78d18c66502d6ec021f7c
SHA256

fc68b3caca07d921a32145f0ec67f47bbd7745bd862f54e3d6b77d875646ce55
SHA512

f6a6d8b1b6cd4cf8ea60f93fb395b14bdf38fee4e51868884f0002939509da5c679ed2dbc0a9af53db7f2e4bc8e214f12668e74cefab5bc9dc6dcf04c3481e25
SSDEEP

786432:acizmit5N2MUcWLuVobyUGmQyoYNbCDy6SnEuvpy8OH90k6og0B55p99YCVJm900:aciSit4LAobyUGmQINbh3nEIQ8O+M55u

Score

8^/10

Malware Config

Targets

- Target
  
  chrome_rus_Soft.exe
- Size
  
  45.1MB
- MD5
  
  2843e88bf70aca4632cbab57aa4568fa
- SHA1
  
  6f13da5bd61d64e82562f36dd1b07fee32aadb2b
- SHA256
  
  d9585445dbd47d61d3b171c1061af798bdcd7387eb8a7a6442907af15ffdccce
- SHA512
  
  d3ca24d1170af6d435bcab681bde7857a8a10427e24ae622dce23ff64e5be6c036d7ae8c7a1c54b8de677913cfd18af1815cec71b0033ed18c8e914909daaa60
- SSDEEP
  
  786432:CwExaKVx/KYI520nUvKD6iyCOAoetpy1aIuDge5paAIHPyyQ8CQBDp1jDiK9DQHM:CwE0KVwxnMKD6iyCOEtpP1DgQ4AIKkDb
Score

8^/10

bootkit discovery persistence privilege_escalation spyware stealer upx
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1