c7e8f1e7524fcbedbe7c80a7dda4e75b79d114d8b0f38c7a94db554ecc348449

Sharing

Copy URL

Twitter E-mail

General

Target

Test.zip
Size

98.3MB
Sample

240715-vzzxfstfqg
MD5

77b7a7c5f7b9fc908795a47f97003a92
SHA1

c5c22b42ec1e3d8b1a81607942726ad5003bc38c
SHA256

c7e8f1e7524fcbedbe7c80a7dda4e75b79d114d8b0f38c7a94db554ecc348449
SHA512

5eac023aacff41fbf0bc19bc8392222f25d8a2d010de2b339bbe59c815b0e762e344377414b3647e549010a428030ca52eecaa15b5b066b27a33e470f8f9d085
SSDEEP

3145728:kSQBaG/sLrNkiTFRNTiYLmDwtlZdpicLYC2UDGNpWg5h6Vbh9k:St/sLrKiBRNTiYKopRYC2UCNnD6ZA

Score

8^/10

Malware Config

Targets

- Target
  
  Test.zip
- Size
  
  98.3MB
- MD5
  
  77b7a7c5f7b9fc908795a47f97003a92
- SHA1
  
  c5c22b42ec1e3d8b1a81607942726ad5003bc38c
- SHA256
  
  c7e8f1e7524fcbedbe7c80a7dda4e75b79d114d8b0f38c7a94db554ecc348449
- SHA512
  
  5eac023aacff41fbf0bc19bc8392222f25d8a2d010de2b339bbe59c815b0e762e344377414b3647e549010a428030ca52eecaa15b5b066b27a33e470f8f9d085
- SSDEEP
  
  3145728:kSQBaG/sLrNkiTFRNTiYLmDwtlZdpicLYC2UDGNpWg5h6Vbh9k:St/sLrKiBRNTiYKopRYC2UCNnD6ZA
Score

1^/10
behavioral1 behavioral2
- Target
  
  Loader.zip
- Size
  
  2.9MB
- MD5
  
  0351d3ca23aedfb4d84e1bf19830fbee
- SHA1
  
  787da803762975b9dba33edac4b77f76fea1cdb2
- SHA256
  
  8771231330cfc4072955fef42852bef3ba2c4626b4d7dabbc3167931eb7fa743
- SHA512
  
  eaaa1d6e4741d25a470d6e420e4a696d5430b296777384272e2765320e81fcc00d4ec7902575b801b8fd6ce71f89a48df9fac8c44690c55e63c8f4b9fc3ec221
- SSDEEP
  
  49152:1zA2x5+9aHmF3nTU5kvxKYqBsUEZh41rVlBTQ5Ur3Y+gqagyNVaBLc3H7W5wtSaw:1zA+82mNI2vpq7llBTZ3Y+gqagcVa2bO
Score

1^/10
behavioral3 behavioral4
- Target
  
  D3DCompiler_43.dll
- Size
  
  2.4MB
- MD5
  
  d010ab113ed06bf6b42c7746ef395e21
- SHA1
  
  5d6b1763f38ffe6d70146e74e9abeae15e3fc35b
- SHA256
  
  ffedb064adc25328b24dcf145b04045a867a5574c931516d7845babf2a08937f
- SHA512
  
  0ca4656d0ea2af368b0f667dcfbbc819f8f1209cebba3e5a2bceb9b235e5443eb0452f0f0c3970b419fe6199d4d7cb7390a1f9cd46b689954f8e58ba9d0c2b9e
- SSDEEP
  
  49152:wf59zPxKcvHzDB6t3+C0/aJfyLg7Ie4Xy+5j4m2CTv:92642o7lftT
Score

1^/10
behavioral5 behavioral6
- Target
  
  Loader.exe
- Size
  
  1013KB
- MD5
  
  121f40b877e0db403d580b0eef6ee6e5
- SHA1
  
  1198e5dc195ad02950bda3df3f156402f92cd140
- SHA256
  
  c08b31a3b9db166b695c307313df2905e1ccd0c89ca42c17b268ef2c431d4a7c
- SHA512
  
  de1f88738843b1de99933984ea5d34f1f6ea857312fb312f8f956d733e76f86e46edfcd61f13effe20a0e5064b0ad726be19644dd69d0a97a7eaba099e05b95b
- SSDEEP
  
  24576:9Xrk4uI8+GTXgSiFBZhnumcQUKU/ayTW:9XQbTQ5nnumLuJ
Score

8^/10

defense_evasion execution persistence privilege_escalation spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral7 behavioral8
- Target
  
  d3dx10_43.dll
- Size
  
  502KB
- MD5
  
  190649d410964753a54a306caeb33cb8
- SHA1
  
  b45752e0558a9b0b70a9b490e8a7148b807a4f42
- SHA256
  
  b5f2e4d842c758fae91323888ace39328c47d9546231757f73831e2369ae58ed
- SHA512
  
  8321a42608947bdca156b48c019b999d01aaea6a558026493b42ca54c18b1f3eb7d0d343c998af16fd27dea63fff662c2f645962e261aec0fa04d8fcb72b92fe
- SSDEEP
  
  6144:dIHyAfFvQet8lzb3f3+UHWIVPfkKS7GXzeARN85BwC5uhFcuiZyoO2uwpapnlJRX:aNFoet8lzbv17VPfkKS78zBN8LgIappX
Score

1^/10
behavioral10 behavioral9
- Target
  
  d3dx11_43.dll
- Size
  
  273KB
- MD5
  
  015743813e8d70a91cce6319fd2ec94a
- SHA1
  
  14c224c566a28168be62de535445d527a1156f01
- SHA256
  
  25814402ce1d74f198958aa38661242189b4e5d640177087d0ba0ecf65d19a44
- SHA512
  
  163971668c8d34baccd6cd526b589b91792a2a6437ceebfb9080e2c98d0e33a59c9f084f98ccc2f117b872836407595b6166b09f3830b4875036db95ec2aef5f
- SSDEEP
  
  3072:FCWVWFOaVgP7BzvjYlTc91N6Vkg4eK6DvDBcMqpcJbMYBu1+Iz54+vJds:/Ww4gPdz7YlTc91i1DLopYMvIIhs
Score

1^/10
behavioral11 behavioral12
- Target
  
  d3dx9_43.dll
- Size
  
  2.3MB
- MD5
  
  460d2b03615d8c0697721ce26aee1e60
- SHA1
  
  e2dbd56d24cd783fb3c4bc2b527665623fb6435c
- SHA256
  
  36b84dfa0ef9d3ff3549a7ad54d2a8032bd22c879219ee1a959137c4ef8786c4
- SHA512
  
  7d2a6c0593269aa74af6e53ffaede1e805c795410f97c5eeef6f4963e3e5785d02db81630758747dfa6bad60082ec1e118869b27f3f6995e11d9f592956d5b2f
- SSDEEP
  
  49152:2bCJsk4VlPXA+15Om5wxw9Qsi55K+31BhZ64nI:1IIBnI
Score

1^/10
behavioral13 behavioral14
- Target
  
  Visual-C-Runtimes-All-in-One-May-2024.zip
- Size
  
  95.4MB
- MD5
  
  e4fa025c8e3739b76b2450fa8bf90498
- SHA1
  
  ce9213b1137749676f996f148626355c5cd6fc06
- SHA256
  
  b9e2daf2a76b3d7dbac2a657cd4a2ffa5c0052b01fc955088e988f6eea91f934
- SHA512
  
  1e0e38cf23f8793fff3d14c1323bcf99df3af5cd8c77db722ddf3705f5cb5c8356439e30a2f77997d33bffe252b898ae54e64c85efb8fc93fae06914bd3edae5
- SSDEEP
  
  1572864:Z65ClBYdsFz5l/sNmmlrNkiTqy/JEps3Q2WhYLmDwVDlxbNldpic9p1RYCZAUDG5:QQBaG/sLrNkiTFRNTiYLmDwtlZdpicL6
Score

1^/10
behavioral15 behavioral16
- Target
  
  install_all.bat
- Size
  
  1KB
- MD5
  
  eb55aae630088c91b88d2bfae4115ea0
- SHA1
  
  1495c69946edca474fe30c2b713aacb9f03bbf3a
- SHA256
  
  492ee4c16ac45a5483088583c9caa08252d3a1bb3922dbbec834d61673538f17
- SHA512
  
  48e4a3fa644b1859131cfec782641aaee9938c88f939ca0509df0f4120b922187753ce7cd7d912d2f90108526ba34d767baa28c9eeeb25d43fff77d38ddfd882
Score

7^/10

persistence privilege_escalation discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral17 behavioral18
- Target
  
  vcredist2005_x64.exe
- Size
  
  3.0MB
- MD5
  
  56eaf4e1237c974f6984edc93972c123
- SHA1
  
  ee916012783024dac67fc606457377932c826f05
- SHA256
  
  0551a61c85b718e1fa015b0c3e3f4c4eea0637055536c00e7969286b4fa663e0
- SHA512
  
  f8e15363e34db5b5445c41eea4dd80b2f682642cb8f1046f30ea4fb5f4f51b0b604f7bcb3000a35a7d3ba1d1bcc07df9b25e4533170c65640b2d137c19916736
- SSDEEP
  
  49152:+r67+stI6RWGTAdyvlADUrpTmcOgohwJpEM5grO3oc1OXZViFeRyDErkLUMHzkRN:AM9l8pUr9m30L5grOQXZKAsErkbQRN
Score

7^/10

persistence privilege_escalation
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral19 behavioral20
- Target
  
  vcredist2005_x86.exe
- Size
  
  2.6MB
- MD5
  
  ce2922f83fb4b170affce0ea448b107b
- SHA1
  
  b8fab0bb7f62a24ddfe77b19cd9a1451abd7b847
- SHA256
  
  4ee4da0fe62d5fa1b5e80c6e6d88a4a2f8b3b140c35da51053d0d7b72a381d29
- SHA512
  
  e94b077e054bd8992374d359f3adc4d1d78d42118d878556715d77182f7d03635850b2b2f06c012ccb7c410e2b3c124cf6508473efe150d3c51a51857ce1c6b0
- SSDEEP
  
  49152:rqGRIgg2SirwkF9xdtb43lyGKCafpKkiwnaDahmPzpY4FPyaza:rxxLFfY/KCCpKk9aWMzZyau
Score

7^/10

persistence privilege_escalation
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral21 behavioral22
- Target
  
  vcredist2008_x64.exe
- Size
  
  5.0MB
- MD5
  
  e2ada570911edaaae7d1b3c979345fce
- SHA1
  
  a7c83077b8a28d409e36316d2d7321fa0ccdb7e8
- SHA256
  
  b811f2c047a3e828517c234bd4aa4883e1ec591d88fad21289ae68a6915a6665
- SHA512
  
  b890d83d36f3681a690828d8926139b4f13f8d2fcd258581542cf2fb7dce5d7e7e477731c9545a54a476ed5c2aaac44ce12d2c3d9b99c2c1c04a5ab4ee20c4b8
- SSDEEP
  
  98304:98I8/pCVmdbx2rU/xFnTBU8UeNeagEXtIgvjyGFDdo85qyKYr5NM62dNKViClWPg:9Avx2rw5Th8XeNyGtW0DJr5uDdQdWPet
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral23 behavioral24
- Target
  
  vcredist2008_x86.exe
- Size
  
  4.3MB
- MD5
  
  35da2bf2befd998980a495b6f4f55e60
- SHA1
  
  470640aa4bb7db8e69196b5edb0010933569e98d
- SHA256
  
  6b3e4c51c6c0e5f68c8a72b497445af3dbf976394cbb62aa23569065c28deeb6
- SHA512
  
  bf630667c87b8f10ef85b61f2f379d7ce24124618b999babfec8e2df424eb494b8f1bf0977580810dff5124d4dbdec9539ff53e0dc14625c076fa34dfe44e3f2
- SSDEEP
  
  98304:vT4tlQ0aeY51XNURYxaA6qjEb9tRuPmBmWBDLTMTtbslyzRt9cuISY6Qa:vKlhE9U6476itR+mLPw6lyZY61
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral25 behavioral26
- Target
  
  vcredist2010_x64.exe
- Size
  
  9.8MB
- MD5
  
  c9d9eebccef20d637f193490cec05e79
- SHA1
  
  15d032d669078aa6f0f7fd1cbf4115a070bd034d
- SHA256
  
  cc7ec044218c72a9a15fca2363baed8fc51095ee3b2a7593476771f9eba3d223
- SHA512
  
  24b56b5d9b48d75baf53a98e007ace3e7d68fbd5fa55b75ae1a2c08dd466d20b13041f80e84fdb64b825f070843f9247daba681eff16baf99a4b14ea99f5cfd6
- SSDEEP
  
  196608:n9A3D5MBD0vwqMKgL29M2JWMWiKV/nPlnqIaAAVINqsAsbPnpCxmz7dU8:23D5MBwZMd0b4oSQ7VSrAs1gEdU8
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral27 behavioral28
- Target
  
  vcredist2010_x86.exe
- Size
  
  8.6MB
- MD5
  
  1801436936e64598bab5b87b37dc7f87
- SHA1
  
  28c54491be70c38c97849c3d8cfbfdd0d3c515cb
- SHA256
  
  67313b3d1bc86e83091e8de22981f14968f1a7fb12eb7ad467754c40cd94cc3d
- SHA512
  
  0b8f20b0f171f49eb49367f1aafa7101e1575ef055d7007197c21ab8fe8d75a966569444449858c31bd147357d2bf5a5bd623fe6c4dbabdc7d16999b3256ab8c
- SSDEEP
  
  196608:e9A3DAnfudQZKuNK0kMp2Wxw2tr3aA5Jegn9kaK6Hj0aaNz9ZBJ7C:t3DAnGKZKuNK0SvAn9kaK6gaaNRZbC
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral29 behavioral30
- Target
  
  vcredist2012_x64.exe
- Size
  
  6.9MB
- MD5
  
  3c03562b5af9ed347614053d459d7778
- SHA1
  
  1a5d93dddbc431ab27b1da711cd3370891542797
- SHA256
  
  681be3e5ba9fd3da02c09d7e565adfa078640ed66a0d58583efad2c1e3cc4064
- SHA512
  
  6c2f4eeb38705c2dafc4d75d8de0036a0aed197f83e9cb261d255fe26e4391f24b0b156e9019c739dd99057041c2bb80f9ab80f56869bc1e01f0469a76f24f75
- SSDEEP
  
  98304:vRWKtOl5CCGomEBkHUBmExJrIUg32t9RRyvo7VnOcyP24Vc35re94tb0eYbY1poo:v3tO3CCT/hBxtVtyUVnmSprzVIY7QKAk
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral31 behavioral32