69deb4c238c29a0473d6aa41f3ad5f7a57a99b22d4da7c408978b1beac61eb7c | Triage

Sharing

General

Target

aquatic.rar
Size

32.6MB
Sample

240627-1s53sashqb
MD5

1d86f76e37964225989fb45678e9b317
SHA1

6f1b1ef21123b02d70b443e7ce28ca2536995107
SHA256

69deb4c238c29a0473d6aa41f3ad5f7a57a99b22d4da7c408978b1beac61eb7c
SHA512

20d6db0b9ffd08e818be6c2c32d3212aa9871804798d307f62e8b1715528d643176bae93a4d81b4630392c1df32dfb46c46866463da660fe9f4ae3159fa4548c
SSDEEP

786432:ynJRoDIze1k/p7IhMsrNwImc/4K3nm9T0J241JI8LIgX:4JRoDke1c0Wcw5q4qET0c41JI8cgX

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  aquatic/crack.dll
- Size
  
  5.1MB
- MD5
  
  fe7dc4218e47f5c31e7a2db9b2e55ddd
- SHA1
  
  6d30688097e87755b5d59429e5dfb9ce0562f931
- SHA256
  
  1cbaa9f954edae2e9a6ccac8e0119ff533ee01b42b1bb24fa10adfa80064b780
- SHA512
  
  922048e800411cb7f21618647b88b0d8b5c98aa45a55eb8ab66a838f3900bed6e03cd247e27af0b304bd4b71fa6402d1b88aa320aa4c23a42088a1617dac73c7
- SSDEEP
  
  98304:ZvNYCYPKFV3CIz5igBo6qO90Pqp8YVH/6yG/fdmjLdGGf:ZvyWLNia90S7iyb
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2
- Target
  
  aquatic/loader.exe
- Size
  
  5.0MB
- MD5
  
  c679369a7270cb8f284b96ba9325b007
- SHA1
  
  c33955d7a9f44ab9ef7e67031960fcbb13690714
- SHA256
  
  a0fb1568891680d66efb9f545ed1cdc9c8124d96e220cbdd8b618769be6e6083
- SHA512
  
  081152540c6579c0cd27f201f8b0a8956a1debc58c538c47dc88a99aa64929ca28f2eb9b3229d61618c6d979d583cfeca6a930d3dc56ff6f138989774372079f
- SSDEEP
  
  98304:Hc/jJ36G67LQVRzp6ELW++55YhTO1mv3JbYyIeq1SWdeHV6IKpqAMX0O54cy0:8NqoXzpbKKOQRbGv6HAHwXsf0
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral3 behavioral4
- Target
  
  aquatic/main.exe
- Size
  
  24.1MB
- MD5
  
  c4639a9dd4fa418a1e2e5537b9a53bfe
- SHA1
  
  9fea0f4615170667aa59dac92f6d424455b5fc54
- SHA256
  
  6548853e51522d28bc2d4ee6dbecdfe7be496462cb87f26587f830374ce07ec7
- SHA512
  
  2e5f53a2d4bae0028ecb715485327db9da7aeb45176e7e54db039516dab6002f41b5f44ae728f7752ee840f34b14ac78698cea3bc4cc2d00ea815873bad6b692
- SSDEEP
  
  786432:8Ljr7FsBzlI0ecXYc1xk/cBFG8zv7NRDZPA:oezlI1kLxJBFGu7HFY
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6