a66c098839b737d3e7a068735fce1146d6bcd512cb66a11cdd3f99904d8b8f99

General

Target

Antares_AutoTune.zip
Size

109.6MB
Sample

240712-zt5b7szelp
MD5

2d23523334fa45decf23246c439af68b
SHA1

82bc2006e2a60d578aaf9a39ca408d21ba34601d
SHA256

a66c098839b737d3e7a068735fce1146d6bcd512cb66a11cdd3f99904d8b8f99
SHA512

cb15632d42e03393266ee1a2e73921452d4c3c52f08a528ac0d308d319024c86fb493261359155929e4ee04f84325ea8ef9e91f9f8b89b29f2c2253005da5824
SSDEEP

3145728:UEHmwddZZjtAYLOrNYLl2RL451NkYp9htc5Ph:UKBddZZjHL+uJ4U57kYpzm5p

Score

10^/10

Malware Config

Targets

- Target
  
  Antares_AutoTune.zip
- Size
  
  109.6MB
- MD5
  
  2d23523334fa45decf23246c439af68b
- SHA1
  
  82bc2006e2a60d578aaf9a39ca408d21ba34601d
- SHA256
  
  a66c098839b737d3e7a068735fce1146d6bcd512cb66a11cdd3f99904d8b8f99
- SHA512
  
  cb15632d42e03393266ee1a2e73921452d4c3c52f08a528ac0d308d319024c86fb493261359155929e4ee04f84325ea8ef9e91f9f8b89b29f2c2253005da5824
- SSDEEP
  
  3145728:UEHmwddZZjtAYLOrNYLl2RL451NkYp9htc5Ph:UKBddZZjHL+uJ4U57kYpzm5p
Score

1^/10
behavioral1 behavioral2
- Target
  
  Antares Auto-Tune bundle V9 CE/Antares Auto-Tune bundle V9 CE.exe
- Size
  
  110.0MB
- MD5
  
  cda53632778d1ced63a7c0809b71cb86
- SHA1
  
  f7d30963a0d45f35cc015f5c5e5ed58276b0e628
- SHA256
  
  fb83741f29e99b8af74f9e182c3f1eaebeb2f401a5c6886f1c045d406e282c23
- SHA512
  
  8b6cd507fc76d75aa2d96d5546ef1d12f0c25c015bd195cee914d5501ec277b41801f1adb171ba67b164a3e7e68fd3d232ea9f7903cf11443f9a83db0be18b2e
- SSDEEP
  
  3145728:8aDfXHRtVR2oE76WDIJZZPlPZrbsAjHMZN1cy:86vHRtVRu7JsnN5ZfsAjsn1H
Score

10^/10

defense_evasion discovery persistence privilege_escalation spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Drops file in Drivers directory
- Modifies RDP port number used by Windows
- Sets service image path in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral3 behavioral4