66d98baccf204383ee64d744e01305be78428acb6218042f8bdea6bcda82a8b6

Sharing

Copy URL

Twitter E-mail

General

Target

reaper718_x64-install.exe
Size

15.3MB
Sample

240714-vzyz6asfnf
MD5

56127d36c71a0bf77c514709c755d566
SHA1

06250de6061e00ce462d7d17a8b5e452766c1edc
SHA256

66d98baccf204383ee64d744e01305be78428acb6218042f8bdea6bcda82a8b6
SHA512

8d782034714b9d3200607624c1da3bc084621c86d14070b79e2a52a14e560f308df1b63696d6168a29432a290b682736f255a2092d40113e637c33bea5e827f7
SSDEEP

393216:1ObDlkiuiJnvNfVKYyQheR+/QquyNv95m2KhkKGv3nGrU:1Otkiu8nvNXyJ+QquumkKGv3GY

Score

7^/10

Malware Config

Targets

- Target
  
  reaper718_x64-install.exe
- Size
  
  15.3MB
- MD5
  
  56127d36c71a0bf77c514709c755d566
- SHA1
  
  06250de6061e00ce462d7d17a8b5e452766c1edc
- SHA256
  
  66d98baccf204383ee64d744e01305be78428acb6218042f8bdea6bcda82a8b6
- SHA512
  
  8d782034714b9d3200607624c1da3bc084621c86d14070b79e2a52a14e560f308df1b63696d6168a29432a290b682736f255a2092d40113e637c33bea5e827f7
- SSDEEP
  
  393216:1ObDlkiuiJnvNfVKYyQheR+/QquyNv95m2KhkKGv3nGrU:1Otkiu8nvNXyJ+QquumkKGv3GY
Score

7^/10

discovery evasion
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $COMMONFILES64/Propellerhead Software/ReWire/ReWire.dll
- Size
  
  2.1MB
- MD5
  
  3f7d6398717d9bc8bd9116aeadc5234e
- SHA1
  
  a487aec494e27567c1e8dd4c794188547873a001
- SHA256
  
  08bd9c37ae6f38ee4410b8a5dcab992eb2082ef5845c2cc5dda9bfa88a086831
- SHA512
  
  b1b01cf1a952d40df897b3eb699986d735ec93e76a4cb4ce4a1e59b1526040cfdff827117c34f95c935a1687d4d9ed8390e26e27a518340815a5b9a43ec95c0e
- SSDEEP
  
  24576:/vluOWI/TLARZeFJ5kOnPpvJmS52vhahB7RtZid19MiyeFiAV:/vlUIugF7HtJmS5cqtZ019MiyeFiA
Score

1^/10
behavioral3 behavioral4
- Target
  
  $INSTDIR$_8_/Effects/Liteon/deesser
- Size
  
  15KB
- MD5
  
  0f1c9b808f72e17015fe643ad9fbbac9
- SHA1
  
  4326c0fc4b0fa309a23655a2c07e13bbfdb10fa1
- SHA256
  
  3e822ce973a47bcf37f59f4227d6651089f0733ebbf7b630f26fd6547a63b687
- SHA512
  
  6f57a5238b22ab41f04a2452f9184932680fc26dc4ee5892e812213629d7f2dce30c8e0abb361bbabd507c33c990815e6bf258c807cbd400ae17350ea1db72ff
- SSDEEP
  
  384:8rNViUpNbcE559BWoXj959hFn9ShO7Q3b:8rNoUpH5hfRa
Score

1^/10
behavioral5 behavioral6
- Target
  
  $INSTDIR$_8_/Effects/Liteon/np1136peaklimiter
- Size
  
  15KB
- MD5
  
  683bb9cd691ed9be9d87c5135be312fb
- SHA1
  
  4682295dee92d35a571159062d7dd3f706bbe6c8
- SHA256
  
  4aeb6fe6f8da9c7c8fb1d162a41fe1f53a459040a2a508f6ac5f69771d5a30c9
- SHA512
  
  b6f99a6b66f6769c4a89c3c61f313d0b089c280a81303e795fc26540ce5918391cf40abe9615308e60820f397536fb309b55c34275c8c221fe6de5af70386824
- SSDEEP
  
  192:S3rt1SjHaA3F3+i1EmP/JNcD88U6aSGS8LU/qTs+S8nMPbYvG6wK:8r+71+iBcD88UVLUKS8nMPcvG6R
Score

1^/10
behavioral7 behavioral8
- Target
  
  $INSTDIR$_8_/Effects/Liteon/ringmodulator
- Size
  
  9KB
- MD5
  
  86bcb8d15adae36a60aeb83a3cf85ba2
- SHA1
  
  49db15967dfbc88ba3af076ba95c551f702be4d9
- SHA256
  
  1a0e69a718654133a4dff2b5dc7854deb94e721100c7a906af7a9460a3b4229e
- SHA512
  
  42da5e39d70362c16c1cdbfa7fe303a4d0086647b341f23cb60a7ac7a4cadce0ea60103d7aa3bb01f1c1884b3526e052af0768e88bb3b3a64d3f51453cb7877c
- SSDEEP
  
  192:H3rt1MVUyTi2p+zgHDpsB+NIWD38bYd+Bq9kHsknjtn2xK:Xrap+zkuB+NIWEzk9En
Score

1^/10
behavioral10 behavioral9
- Target
  
  $INSTDIR$_8_/Effects/midi/sequencer_megababy
- Size
  
  119KB
- MD5
  
  e0d5ab5987ad81e94e8feddae4039dac
- SHA1
  
  c6c2f6257148ed918200b17670421c9df08d8001
- SHA256
  
  fcbcfae159a158460595a83c3a6db95903729ff2565b0860ecbc787156934cd5
- SHA512
  
  98f760d3b1b10740c5b36adc3da30884afeff7aa66607a8b80487bde68cb99dd4876b86834b657be1b3d1728cc1131c18a33bd93c2f64c44ffb0725996a054c1
- SSDEEP
  
  1536:toCEkjdOeJjlkj5wIy8ddFHm7wP6JHyIXKV:uCEvjj/dz+Q
Score

1^/10
behavioral11 behavioral12
- Target
  
  $INSTDIR$_8_/Scripts/Cockos/Default_6.0_theme_adjuster.lua
- Size
  
  90KB
- MD5
  
  ced3b32321a4a064754e6f28bb9a8588
- SHA1
  
  e56a7ef7d300019a7ce20bf45e115320c80e7d00
- SHA256
  
  0a2ad4bc677e8c270c6e3683ac4967a41fcfa935414c94298515d5e718014de8
- SHA512
  
  16fff0244dcf416d58465ede24f698842a5ad655157cbdaaabf0eff20dae74eb4dcc268e030e4a47ccd6c0b04663325f602a83c3af68bc862455a36a4dd3b7e6
- SSDEEP
  
  1536:oqUq183rloYlYqSbmfps5bOn97fohbOvbU11vRbxvJqYGwwCk1uZO3YPo:9Uq18bloYlY7bmfps5bOn9UhbOvb6/vo
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  56a321bd011112ec5d8a32b2f6fd3231
- SHA1
  
  df20e3a35a1636de64df5290ae5e4e7572447f78
- SHA256
  
  bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
- SHA512
  
  5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
- SSDEEP
  
  192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8
Score

3^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  4814167aa1c7ec892e84907094646faa
- SHA1
  
  a57a5ecbdfa9a8777a3c587f1acb02b783afc5ee
- SHA256
  
  32dd7269abf5a0e5db888e307d9df313e87cef4f1b597965a9d8e00934658822
- SHA512
  
  fb1f35e393997ecd2301f371892b59574ee6b666095c3a435336160481f6ef7ed5635c90ce5d2cf88e5ef4a5affb46cb841b7d17e7981bd6e998531193f5d067
- SSDEEP
  
  384:3A7q72y8XYDSDJe7H+KXKKK2KRKuKZrjVo787foI7:3sygyraXjQ7Zl99
Score

3^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/portable.dll
- Size
  
  24KB
- MD5
  
  c9397d267d0d10169c4535f6d5e06a6c
- SHA1
  
  2fc5d2e909d56042d32b3fe0a5ae39fc58d110ef
- SHA256
  
  25e5a428e663c6b6c352e7eb313d9fd265e944e0f8f88c7406c3fc15d1ad82b6
- SHA512
  
  143943d8e02392ef41c2c43641db9d1737a108defb9cd62a3ed3dce800ccbc8f5997f1d0ea4846ae675e3f2b0efbbd9cebd5c5c0022822d10a89a356983440e6
- SSDEEP
  
  48:q9aX7AL2vnYLtSFs4p3Wj4vLj4GWTQfQx2m28gF244m4y+bAghX:YaLArMpGjsjdTUt2t25m+
Score

1^/10
behavioral19 behavioral20
- Target
  
  Docs/REAPER Quick Start.pdf
- Size
  
  98KB
- MD5
  
  1bddb792fec19750ccbbb8352b2b8ffe
- SHA1
  
  dd300cb011e0d9abd57f41503e31367167fddd68
- SHA256
  
  58045223424d936adcefc09c06f635c30a1aaba0335fc5d5954b43833b53fd72
- SHA512
  
  1438030735aa9549e13b2e275210a9c6bb825329acd568d8c38f8debe04474ce01be5e44ef6b76913d47b59d33c58954615754cffbce67de04f9ccbaa8341631
- SSDEEP
  
  1536:loTqjohGkVSC9aZHu40Y7w58PxeVPM6b24k8frIP4T8m0qd4gBE:1lHfEU03kPm8m0qzBE
Score

1^/10
behavioral21 behavioral22
- Target
  
  Plugins/FFmpeg.dll
- Size
  
  4.2MB
- MD5
  
  205257b906b1b84beaabc01e9191deef
- SHA1
  
  94c12b955b1292bc5294f7b3280e471a588bb5b4
- SHA256
  
  fa49a2f6f1e1cc710bdda167b5bc0ae8f9fc4bcb50051864a719237dcc920607
- SHA512
  
  403a15cc19274e3cf3f9369cc85b5dd3cf6584d36ff103cfe09b00b7405b1553767abf056a6f5793617eae515f2003697960d290affe17f69a84169ca2636264
- SSDEEP
  
  49152:hZZZQDDcpcPqWtaJehWa97nKFB73MJrQyHzhwmYsbM6XNWS/GI:hZZZig5qZDrAS/p
Score

1^/10
behavioral23 behavioral24
- Target
  
  Plugins/FX/reacast.dll
- Size
  
  418KB
- MD5
  
  a1b80484a7e489d41999148fc02ecb3f
- SHA1
  
  2de86c3d4cd94fde5406022690443711534f529f
- SHA256
  
  f29d3f78e21301dfabda772878b29de15eb10eb6f29acd65dbd006bcfef3ee75
- SHA512
  
  ef01c2a6b1765a2dfb080d8c9eca4df8242e6b09ceac591abc36aae3cb972c43a96786931606c8e621cd13ff3f168957f15e729d2f24c6e7f8f774b98e187ec3
- SSDEEP
  
  12288:w6Zb1R7P0rrvhK5c+8s18Eba+eB9JCxF:waVMrrvhK5c+8y8Eba+eB9q
Score

1^/10
behavioral25 behavioral26
- Target
  
  Plugins/FX/reacomp.dll
- Size
  
  334KB
- MD5
  
  8cda4c2b82ae532c40f7c995d1bbeea4
- SHA1
  
  400c60d04ec9100eda97177459136a36cf23c98c
- SHA256
  
  bb77cc14a449852ad64d7243a4864eb363e091f19aee9a8af1fad65e42d09ea6
- SHA512
  
  40be27b61e22d5d3e18c8b69a67c5c12057a799e404d0c8bda103789113ce3f17eb587b84ac25a93293fc1812fa3b3134c232cc896fb0d4e64e0321cbdbdf5d3
- SSDEEP
  
  6144:0rtW9yrJXx7s/8z0vSCnTVPbhBLdHCXjmZOKDzrJmIAwX5rYU7L:mtW9cB7s/8z0vSKTNbnZCTmJD3JdyUv
Score

1^/10
behavioral27 behavioral28
- Target
  
  Plugins/FX/reacontrolmidi.dll
- Size
  
  376KB
- MD5
  
  ec40310d553e2b6be6cc7856af168d75
- SHA1
  
  997eaf3f3a61f99ab89d2215dd3017554a3aa013
- SHA256
  
  73104cd163eed073ff700afb729c0afda41ebf0d4fa83ec2d168f09832d817f1
- SHA512
  
  2febe9bb200d77d2625ba913868c098ba35a97e8f8d336307e1a1eca0547c67903fed6d7bde55eae781aaee449fbb526cd0d3162e2003416b2ada5e1912a0ab2
- SSDEEP
  
  6144:6ZCy9WR1pAfQfeZJAwPT5uneHi3E9bWm5DxuHWj1GHbANhHROSDctZOFZJfBedJd:6oRntFIT51DmSoU1Ret4JJq
Score

1^/10
behavioral29 behavioral30
- Target
  
  Plugins/FX/readelay.dll
- Size
  
  294KB
- MD5
  
  81602b9d892323f6836e263dfbe41146
- SHA1
  
  10bd09b41a0cce28aea0342ebdc0e059dc315f64
- SHA256
  
  11f302ef46850a8b7ef001f67386e2d6cd789843689b38a3f5dfe5aa24bad6ee
- SHA512
  
  7f388445d10f57e0e5325afd242c788ba90379198ba293677ec66c31bf95d2c5594ffbaa1c5d99464540aa3b81cd484f9df0698b31b348438d17cb16d6efb1a6
- SSDEEP
  
  6144:EOFOjUPO53uUKAc/HbrNn4yl69AcwZOMHtkQJblw/5rYs1OK1G:EOMjU5UKAc/Hb1499lwfHNJ3joG
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Identifies Wine through registry keys

Loads dropped DLL

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32