4ee85019c1ae4d1abf8ea1908f635339d0a4af88ba185dc30e1104e68c7c902e

Resubmissions

10-07-2024 02:30

240710-czl2gstcke 10

20-06-2024 12:39

20-06-2024 12:36

20-06-2024 12:35

20-06-2024 12:33

Sharing

Copy URL

Twitter E-mail

General

Target

cleaners.zip
Size

4.3MB
Sample

240710-czl2gstcke
MD5

89daae512bcf605f191336ef8a461b75
SHA1

747f3997bf80e6083c2a4a8032262c440ae4de8d
SHA256

4ee85019c1ae4d1abf8ea1908f635339d0a4af88ba185dc30e1104e68c7c902e
SHA512

7c280cb9a325311a1e8b575bcb99a26590db2435633a78da3383d177f4c93d1744d842e8c792b921d80aef7305b58fa83f5caa784466d9393d15024827611ed7
SSDEEP

98304:/Bk7AtkbjSTuW+wI9a7OCq4MrdN0wIvQxk5XxeJMWrd6B9JO:JRW2ar4X/MP0tvOR5SPO

Score

10^/10

Malware Config

Targets

- Target
  
  cleaners.zip
- Size
  
  4.3MB
- MD5
  
  89daae512bcf605f191336ef8a461b75
- SHA1
  
  747f3997bf80e6083c2a4a8032262c440ae4de8d
- SHA256
  
  4ee85019c1ae4d1abf8ea1908f635339d0a4af88ba185dc30e1104e68c7c902e
- SHA512
  
  7c280cb9a325311a1e8b575bcb99a26590db2435633a78da3383d177f4c93d1744d842e8c792b921d80aef7305b58fa83f5caa784466d9393d15024827611ed7
- SSDEEP
  
  98304:/Bk7AtkbjSTuW+wI9a7OCq4MrdN0wIvQxk5XxeJMWrd6B9JO:JRW2ar4X/MP0tvOR5SPO
Score

1^/10
behavioral1 behavioral2
- Target
  
  Spoofer.exe
- Size
  
  24KB
- MD5
  
  7a4a3fea89bfe8810ef9835273d6fc84
- SHA1
  
  cd411d7d4eed7b622ca2d1ea5495055da76216ee
- SHA256
  
  2d9b399a3a584808b4bd38d9f6a12752e2b02875f92252f944a5bd7bf129e2f0
- SHA512
  
  a921faf7de2ae61421432ba176ef7254f005bc052d41054019d1fbc5714c213266c598a64cd4c3edd4cec35130e3ce8d7595bb2bcc7c669a20d69b0ca93277d4
- SSDEEP
  
  384:IfedtZWjBkCUo6tqt7glQcpF3dPBlcR8lfZKlD04tEGD4PTeB2DKiES3M+f:KVgtrYD0iEG4SBWUS3f
Score

1^/10
behavioral3 behavioral4
- Target
  
  cleaners/applecleaner.exe
- Size
  
  3.6MB
- MD5
  
  f96eb2236970fb3ea97101b923af4228
- SHA1
  
  e0eed80f1054acbf5389a7b8860a4503dd3e184a
- SHA256
  
  46fe5192387d3f897a134d29c069ebf39c72094c892134d2f0e77b12b11a6172
- SHA512
  
  2fd2d28c5f571d40b43a4dd7a22d367ba42420c29627f21ca0a2052070ffb9f689d80dad638238189eed26ed19af626f47e70f1207e10007041c620dac323cc7
- SSDEEP
  
  98304:z7m+ij9HD0+jCihNRkl/W6aG/wcKnfu8NUT6Ko:e+y4ihkl/Wo/afHPb
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6
- Target
  
  cleaners/cleaner.bat
- Size
  
  3.2MB
- MD5
  
  0bef79984a785d284e225d3576239802
- SHA1
  
  0a759883c5cd8822f269eca241c4dc8c43d86220
- SHA256
  
  33da2dd5c5ef66be92bc9024f58e5b967746ff2f4b693efe68e98df7da6d4c80
- SHA512
  
  d5d5aa1e7b3a46af0fd2f94eb5c45c451d3dd3a99debfba1fcda4f704dd3bb54d15fe7d4cda84fa5ca049a81115de73a583aa32da35db862ff6f00799f7700ad
- SSDEEP
  
  49152:ZTOB4ynYygOvXsMruROZyUpWvWOLZkOReK:1
Score

10^/10

evasion execution persistence privilege_escalation
- Disables service(s)
  evasion execution
- Server Software Component: Terminal Services DLL
  persistence
- Stops running service(s)
  evasion execution
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  spoofers/CupFixerx32.EXE
- Size
  
  451KB
- MD5
  
  feac8b5c2d2b99e7a3c8f1ba41ba3472
- SHA1
  
  002bd5344c44f288c22e69b5e2846d515bfa429e
- SHA256
  
  7fce635cb66dc1286856a1f1f281b90431288be4a9647a8e0cbd2a0346748b95
- SHA512
  
  b95b83545ca45453e6d64b7c2cf276932eded9658187aa91dcff948e59c313ae071b0059a481cd7b01aae778fc4fda71aa830fb99b84197fb17e03e9a10e8e68
- SSDEEP
  
  6144:Traq37wODH1cNaej2JMBO+1ObTq45kCNYczkF77TlfFBYdHJz6:B7wsAKJMBAFNVkF77Rfz
Score

1^/10
behavioral10 behavioral9
- Target
  
  spoofers/CupFixerx64.exe
- Size
  
  377KB
- MD5
  
  b4eceb90668db85712e66fd493ce4ca5
- SHA1
  
  951f3e9503b9b31a0c944355870dbfea0df32441
- SHA256
  
  bf8df68bbac80b4382206917b9bb46e8fd6cf76f6acd7374a3e6f5470681597c
- SHA512
  
  b912554fd863b237edd9f6518676ca9a190b7c7dc54024973a6062da8bf5ce8c6ad16219032cb0ed1ade7d2b5a855a6dc2aeb71c0ddde476a8bec64068ba0284
- SSDEEP
  
  6144:4NFU+vVycygjjsp5dcAONdA22xVK8LRPo4WBIeX+oD9/nwLk9C9I6i:4bygjjsrdcAONdA22xVK8LRPo4WGkD9Q
Score

1^/10
behavioral11 behavioral12
- Target
  
  spoofers/CupFixerx64.sys
- Size
  
  27KB
- MD5
  
  2b3e0db4f00d4b3d0b4d178234b02e72
- SHA1
  
  622e7bffda8c80997e149ac11492625572e386e0
- SHA256
  
  8c748ae5dcc10614cc134064c99367d28f3131d1f1dda0c9c29e99279dc1bdd9
- SHA512
  
  8f200a2e13aa8a977c94509af5a0fe20e7964a7611e11aaa5ecd5aba73a60275f6f57ed3a6861b82832babfcfe5ec90f0c9067c65ef48f6c7fce69f7ad87baff
- SSDEEP
  
  384:FgJ1Nv1Z/my+fmTOlfdi0Z909luSzJnabHVxrG52rHu1HGf/vrkd1SUNygUKLVe6:2n9+pli0X09luuJ4j/2HGrJhEJPxHP
Score

1^/10
behavioral13 behavioral14
- Target
  
  spoofers/gsoftgmx64.sys
- Size
  
  29KB
- MD5
  
  f22740ba54a400fd2be7690bb204aa08
- SHA1
  
  5812387783d61c6ab5702213bb968590a18065e3
- SHA256
  
  65c26276cadda7a36f8977d1d01120edb5c3418be2317d501761092d5f9916c9
- SHA512
  
  ac1f89736cf348f634b526569b5783118a1a35324f9ce2f2804001e5a04751f8cc21d09bfa1c4803cd14a64152beba868f5ecf119f10fa3ccbe680d2fb481500
- SSDEEP
  
  384:qvOTI5HIPy54ygZOq0HMMKf69JG8QnuOfZFnJtQSZsHLPK6jjMYiWPFRUI5xl9Wn:qvsUoK54ZCMMb9U82uO7Jt6PKg4YHUc+
Score

1^/10
behavioral15 behavioral16
- Target
  
  spoofers/serial_checker.bat
- Size
  
  437B
- MD5
  
  0c088b6adc55c20fc375badef6f7e9a7
- SHA1
  
  37c865ebfe537b94534844281e9086462f3e2462
- SHA256
  
  51f783d41ad3a807344eb9550d65cb4638793aac71f4eb4a1a11414b24e339e1
- SHA512
  
  7f82c647413f997a537148ab7d1e8a5cff9fef18561783f329485dbb67ab76a2a8defa0a7304feb7e1e79645b50b8cb2d4a069ff3ec668542fdefb1adbde6f5d
Score

1^/10
behavioral17 behavioral18