Overview

overview

9

Static

static

7

UB Downloa...ir.exe

windows7-x64

1

UB Downloa...ir.exe

windows10-2004-x64

8

UB Downloa...or.exe

windows7-x64

9

UB Downloa...or.exe

windows10-2004-x64

9

UB Downloa...ix.bat

windows7-x64

1

UB Downloa...ix.bat

windows10-2004-x64

1

UB Downloa...h2.exe

windows7-x64

5

UB Downloa...h2.exe

windows10-2004-x64

5

UB Downloa...ix.bat

windows7-x64

9

UB Downloa...ix.bat

windows10-2004-x64

9

UB Downloa...ix.bat

windows7-x64

1

UB Downloa...ix.bat

windows10-2004-x64

1

UB Downloa...b1.exe

windows7-x64

5

UB Downloa...b1.exe

windows10-2004-x64

5

UB Downloa...ix.bat

windows7-x64

9

UB Downloa...ix.bat

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    UB Downloads 12.6.24.rar

  • Size

    35.6MB

  • Sample

    240715-mddhbs1frn

  • MD5

    c0c5d65703c3d32cb57f285130fcc615

  • SHA1

    001288d9dd22f071ab0d84a3846ce4493adb5983

  • SHA256

    ff95ef4991b31a1e2d3a0acbccb205234842bf2e1157510846d01136a6b26a31

  • SHA512

    1fbed24ced68735366db8fdc899b7104ec7a65355084f67109c389582fd7f24b56555fa8eb5bf9ee76599796f6a23b74814a6ce49dab6ac15cfed898db070254

  • SSDEEP

    786432:xmz9PINeL/8/IK7ZuBlXKsUWRI+l4kYhk2Qk33zbQ2:xmpieL4IK7GXKs5l49keXQ2

Score
9/10
evasionexecutionransomwarethemidatrojan

Malware Config

Targets

    • Target

      UB Downloads 12.6.24/UB Downloads 12.6.24/UB Downloads/Loud Chair.exe

    • Size

      18.9MB

    • MD5

      e85d8cd73a221953c10c6ae719c4daae

    • SHA1

      a78ad50dd874b8a159c1300035927ffae558930f

    • SHA256

      320d56906b73e07663ae65f53e6ee1008042e3ecdd640f34d60e48c035fa7eb5

    • SHA512

      10c36ff7963159f6b76e80105aefefef3d6a075ad6d9d9a79397ce4f24f9f2f8deed59033543b0722614340ac9a9524c466509c609458b0160d826bc8e77fcd2

    • SSDEEP

      393216:Infyt2vkj2gwfhbjlZDnJAKqnPg69iG4C7NH:tt2Q2XtRtnmVFJp

    Score
    8/10
    evasion

    • Downloads MZ/PE file

    • Looks for VMWare Tools registry key

      evasion

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      UB Downloads 12.6.24/UB Downloads 12.6.24/UB Downloads/Privacy Protector.exe

    • Size

      8.6MB

    • MD5

      fbf038e5ef2e30da99e88371531dfebc

    • SHA1

      b0507491cf241aa4da8b73ef513528b2a937aa2c

    • SHA256

      0890f0b89e5c5745ad4bfaf1ca6459c5b765adae9cc2d0988e9456894350b434

    • SHA512

      2526c6e621b64c861aa5baddd9e80d2bdd5cd7d628be115584e3f0471536ab95ef85be48ae06b5207bc70f9e6eeeb75ceebc2594ebda6b1878cbc22f8321ea84

    • SSDEEP

      196608:gAHP6FQVWZ0C1+eqy/rRXEChq+ZExY37lJo9aM2yf/2dI:KPqWRUChqCtLlW5X2dI

    Score
    9/10
    evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      UB Downloads 12.6.24/UB Downloads 12.6.24/UB Downloads/UB Silent/bsod fix.bat

    • Size

      415B

    • MD5

      392f331dc1744fbe560a2a17d7ca838f

    • SHA1

      817559945e137d036f47b26696d4fab5f22572c1

    • SHA256

      318ae14fd3712848ed06c109d36a9df600964e1d827581f980c121d52a7b5df5

    • SHA512

      0b1023402d8bf343cdee0e1e643209a65879dca4a7e22862b28ba08dea2d1a72ff651ab757ce32ad11add2aad61b44f36a64d1c754bdbe1ea740c44c2857c0dd

    Score
    1/10
    behavioral5behavioral6

    • Target

      UB Downloads 12.6.24/UB Downloads 12.6.24/UB Downloads/UB Silent/u237cgatAh2.exe

    • Size

      5.6MB

    • MD5

      0e2c1ee8e6bdb339094ec24026a01e20

    • SHA1

      449972cb63e21bf25d03ad1e85cf87af97c75a2e

    • SHA256

      ffe104f44b6a84074e2305fba55c1cb777446d1dace44c23eaf873536dcc542f

    • SHA512

      c0a71a9d796802bdf7110c8f69ebdaeb9c968df69b41a8bc1ff52f3a4082f40df93085ec278863acc93763ca11114b4eac5278db136540be0bea67aa93c607c5

    • SSDEEP

      98304:6s2vdJmvMwJ2liHiHeCJ+46C2m0B/YMh6FuLChc4n5Gc6jLq:6pdJK/46iHu4525Vh6FuLChRn5l6j2

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral7behavioral8

    • Target

      UB Downloads 12.6.24/UB Downloads 12.6.24/UB Downloads/UB Silent/w11 fix.bat

    • Size

      507B

    • MD5

      6fb44052dc5a85a097feeb91d7a81712

    • SHA1

      29db33e6cf3286a6ba82af684ac535d42b43d257

    • SHA256

      7ec1b31de3b0114c266df0b475c5c582a504c7c38f7127949df27f78a5d1c026

    • SHA512

      ee9dbcc0a7340ec6fe968ba611f0849fd1b77b88cb5deaad4c6a516a417abaf14055021e949ca04fde979364f060504c911fede81b0c492b651ea1b3f246494a

    Score
    9/10
    evasionexecutionransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral10behavioral9

    • Target

      UB Downloads 12.6.24/UB Downloads 12.6.24/UB Downloads/Unlock All/bsod fix.bat

    • Size

      415B

    • MD5

      392f331dc1744fbe560a2a17d7ca838f

    • SHA1

      817559945e137d036f47b26696d4fab5f22572c1

    • SHA256

      318ae14fd3712848ed06c109d36a9df600964e1d827581f980c121d52a7b5df5

    • SHA512

      0b1023402d8bf343cdee0e1e643209a65879dca4a7e22862b28ba08dea2d1a72ff651ab757ce32ad11add2aad61b44f36a64d1c754bdbe1ea740c44c2857c0dd

    Score
    1/10
    behavioral11behavioral12

    • Target

      UB Downloads 12.6.24/UB Downloads 12.6.24/UB Downloads/Unlock All/nRi28Wtqb1.exe

    • Size

      5.6MB

    • MD5

      872b0fa8c0306040f181d08c5d7a252b

    • SHA1

      a08cf74361c96aa4d7e4503af6563c63b95f1973

    • SHA256

      3a5576c4e7d9ed56cc295fea24ef0fa68cf4235dfefa434caa32015887e757c3

    • SHA512

      23d8610ac8bfcb68695b652dd8d35edcc5f17994c90966ef0cabf11489d983cc852dd8e6d36ec85c78ec6f63cb6a7b21238a6d9687494f3ef99bc7ca86a4a277

    • SSDEEP

      98304:GRx4heu/+/tswG+PJPigEtVTH41ZE6HqM/aZeOO4wZivrH/LXmfI1ZWQpy:GL4gy+/tbG+PJa3txT6KKaLbwZivrjdJ

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral13behavioral14

    • Target

      UB Downloads 12.6.24/UB Downloads 12.6.24/UB Downloads/Unlock All/w11 fix.bat

    • Size

      507B

    • MD5

      6fb44052dc5a85a097feeb91d7a81712

    • SHA1

      29db33e6cf3286a6ba82af684ac535d42b43d257

    • SHA256

      7ec1b31de3b0114c266df0b475c5c582a504c7c38f7127949df27f78a5d1c026

    • SHA512

      ee9dbcc0a7340ec6fe968ba611f0849fd1b77b88cb5deaad4c6a516a417abaf14055021e949ca04fde979364f060504c911fede81b0c492b651ea1b3f246494a

    Score
    9/10
    evasionexecutionransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral15behavioral16

MITRE ATT&CK Enterprise v15

Tasks