9a1469845776be2ec28018a6a93034b7f63d5305e10f8a65fdf846b79df3e6d5 | Triage

Resubmissions

30/06/2024, 09:28

240630-lfnkmswaph 9

30/06/2024, 09:17

240630-k9jm4svhrh 9

Sharing

Copy URL Twitter E-mail

General

Target

mapple.rar
Size

54.4MB
Sample

240630-k9jm4svhrh
MD5

19368eccfe00a49285d4af9c95b2e07d
SHA1

ae25875a42ac30e10ea7a5676f62d33394d4406c
SHA256

9a1469845776be2ec28018a6a93034b7f63d5305e10f8a65fdf846b79df3e6d5
SHA512

42ea8e7d681746c25a344efe36f4ea8d7b2a7db608bbec9fd5ef9c36384d14ea2267c42327cda8b46a94cefaf6a4c2af4465303de12c8eb6f5fffb190fd1d836
SSDEEP

1572864:0EyGu2oNPPOlovcxAK4hPsNa9me5FtEeUooBorQw4YX:w7tHcB4OaMe5Ftlk8Qlw

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  mapple.rar
- Size
  
  54.4MB
- MD5
  
  19368eccfe00a49285d4af9c95b2e07d
- SHA1
  
  ae25875a42ac30e10ea7a5676f62d33394d4406c
- SHA256
  
  9a1469845776be2ec28018a6a93034b7f63d5305e10f8a65fdf846b79df3e6d5
- SHA512
  
  42ea8e7d681746c25a344efe36f4ea8d7b2a7db608bbec9fd5ef9c36384d14ea2267c42327cda8b46a94cefaf6a4c2af4465303de12c8eb6f5fffb190fd1d836
- SSDEEP
  
  1572864:0EyGu2oNPPOlovcxAK4hPsNa9me5FtEeUooBorQw4YX:w7tHcB4OaMe5Ftlk8Qlw
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  mapple/assets/avatars/image.png
- Size
  
  9KB
- MD5
  
  5f7eb1034bafd175dc02891dd4053fbb
- SHA1
  
  fa825c4e990621bc21d58d09277643f5eca96f88
- SHA256
  
  f2eebedf2d777ac44b09f761a61b51b3411d1bc3687a6801ccaec45eaaa689bb
- SHA512
  
  107f27bc7685473f63eb4e674973cf97a65a3212f4114def849c71eb59e2f13f51c61312b57e490f5565075a74184ace4f6a3c26a1e6c8095803509fe1c4034e
- SSDEEP
  
  192:ISWi29akgO8zkHdkDcdFVKSkAjtKbO2EaGKkMP4ui6IkULA/:Pr248VHdxFSAjEO2EaNg6Ikd/
Score

3^/10
behavioral3 behavioral4
- Target
  
  mapple/assets/config.json
- Size
  
  143B
- MD5
  
  f3638ce35ac2849b94e90d727ee91331
- SHA1
  
  b4560b835d4a73ad3fdd488f8a3b7a4bcbc9ffd9
- SHA256
  
  5937cc67a658e086440059814f478287e1d6cd6dbc52187c08325d34369229fa
- SHA512
  
  c73715c11b33a52df15a62f0c5eeb5aaa8a34b3a6b3787ecf90758ea708f45979664630855df49e2cd7cfb269012521ced0bbb0cd36958dea4855987ed2d8dd5
Score

3^/10
behavioral5 behavioral6
- Target
  
  mapple/chromedriver.exe
- Size
  
  11.7MB
- MD5
  
  3d29a6367f425c50b6b8597f252864df
- SHA1
  
  18e153c0458016d892719455e1f89dac2382f2ae
- SHA256
  
  908484397b7fb52cdcb0851d68e671f0349a877fa27d7a2186f0d20c0a79f0a8
- SHA512
  
  daf5d866c0a57af0e07849e1a496227f480b57e8295a920a4edebc6375f69a425dba2d7d4934f30fc1e9fd36ec327dda5720b050f8e6bf9a465351f3f0bde6d0
- SSDEEP
  
  196608:Em/gCQVBvGc8mkijo3hVoYYo/giRTxkS8uBb3V75rbFErndRu23rR21G70iBRqG6:J/gfGhijo3hVoYYo/giRTxkS8uBb3V78
Score

1^/10
behavioral7 behavioral8
- Target
  
  mapple/crack.dll
- Size
  
  5.0MB
- MD5
  
  b5b1b26e855eda6268b9a2008e0fce86
- SHA1
  
  d7925f7de5835e3564b187d8654bb9305ea945fb
- SHA256
  
  06dec4f9857f7b9a43157756606546d04a0f34c87681c7db9aab9125a43b33a7
- SHA512
  
  14ad2e93ed5876dd246ce6f32674e994b4f35a5acbb1ac46388bebc682a70ce4eca974fda102c273c71dae3c9bc7b69f965fd636cb2d5c579de9cd23e8b35799
- SSDEEP
  
  98304:j+YCYfXbb8DckgAEhxWiHF/5DoNZ2qkFVwz7583lfdmjLdGGf:jP8QDDRF/eNsqgiZ
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
behavioral10 behavioral9
- Target
  
  mapple/loader.exe
- Size
  
  5.3MB
- MD5
  
  e630d72436e3dc1be7763de7f75b7adf
- SHA1
  
  40e07b22ab8b69e6827f90e20aeac35757899a23
- SHA256
  
  59818142f41895d3cadf7bee0124b392af3473060f00b9548daa3a224223993e
- SHA512
  
  82f0be15e2736447fae7d9a313a8a81a2c6e6ca617539ff8bf3fa0d2fe93d96e68afea6964e96e9dd671ba4090ddbc8a759c9b68f10e24a7fb847fe2c9825a83
- SSDEEP
  
  98304:MY5XZjNqBeNp4iSgPKpQ9CKhqkaIWvO9SYCxBKXyaxVdb+tSVGHyYDMMl7qg7:MYpMeNp4irCmWISnTz2VtIVDMg7n7
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral11 behavioral12
- Target
  
  mapple/maple.exe
- Size
  
  40.8MB
- MD5
  
  db7b4b030f0a44a2f51c957d949f8e1e
- SHA1
  
  7814eaffb9c68fb78f3f69380439aaf94d556828
- SHA256
  
  8f5f582788ce95ba51ca37dac8e45fff1674e0d36e4129731edded7e71a94c30
- SHA512
  
  be6f371423a0bee1b3d3f61640e1b6ca64290a4a864d4a1b3ad8ca6250650ca01d42b635f650138733b3817c491f64a8bc82622e7f1b565dc4cc8da37e43a63c
- SSDEEP
  
  786432:GmtGTz74LgKKoB7fgM3QZ2ciA4DS+mC8yZ9BSmPpnbP3EwlIFFnHpu1Ckf9+uKcY:GmKoLW233u2cipDM+Z9LFPI/nkUg9M6S
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14