Overview
overview
10Static
static
1sample.zip
windows7-x64
1sample.zip
windows10-2004-x64
1Setup.exe
windows7-x64
10Setup.exe
windows10-2004-x64
10battuta.flv
windows7-x64
1battuta.flv
windows10-2004-x64
1datastate.dll
windows7-x64
1datastate.dll
windows10-2004-x64
3instrucciones.txt
windows7-x64
1instrucciones.txt
windows10-2004-x64
1madbasic_.dll
windows7-x64
1madbasic_.dll
windows10-2004-x64
1maddisAsm_.dll
windows7-x64
1maddisAsm_.dll
windows10-2004-x64
1madexcept_.dll
windows7-x64
1madexcept_.dll
windows10-2004-x64
1maidenhair.cfg
windows7-x64
3maidenhair.cfg
windows10-2004-x64
3rtl120.dll
windows7-x64
1rtl120.dll
windows10-2004-x64
1sqlite3.dll
windows7-x64
3sqlite3.dll
windows10-2004-x64
3vcl120.dll
windows7-x64
1vcl120.dll
windows10-2004-x64
1vclx120.dll
windows7-x64
3vclx120.dll
windows10-2004-x64
3Analysis
-
max time kernel
140s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
23-07-2024 06:40
Static task
static1
Behavioral task
behavioral1
Sample
sample.zip
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
sample.zip
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
Setup.exe
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
Setup.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
battuta.flv
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
battuta.flv
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
datastate.dll
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
datastate.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
instrucciones.txt
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
instrucciones.txt
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
madbasic_.dll
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
madbasic_.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
maddisAsm_.dll
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
maddisAsm_.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
madexcept_.dll
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
madexcept_.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral17
Sample
maidenhair.cfg
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
maidenhair.cfg
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
rtl120.dll
Resource
win7-20240708-en
Behavioral task
behavioral20
Sample
rtl120.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral21
Sample
sqlite3.dll
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
sqlite3.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral23
Sample
vcl120.dll
Resource
win7-20240704-en
Behavioral task
behavioral24
Sample
vcl120.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral25
Sample
vclx120.dll
Resource
win7-20240704-en
Behavioral task
behavioral26
Sample
vclx120.dll
Resource
win10v2004-20240709-en
General
-
Target
battuta.flv
-
Size
21KB
-
MD5
8274785d42b79444767fb0261746fe91
-
SHA1
8c26e85bddfe4f24c229468b5faa0b2ad3a05549
-
SHA256
be074196291ccf74b3c4c8bd292f92da99ec37a25dc8af651bd0ba3f0d020349
-
SHA512
df14f6bdb4736d620eee7294d4d4fac5caeb5a382cfd63e0f0afd6779282fa2f498354d221bc7aa1d2c657a0953088bffb253be8c128d2cd9fd5957613eed9bb
-
SSDEEP
384:Mb4Cr91VOCquEG5CqjQaygy1MFznhPqLPL+IbbjXjn4oppc4gEaq:s1r91h5tCyyVSzST+InH4opWvEb
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
vlc.exepid Process 2640 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
vlc.exepid Process 2640 vlc.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
Processes:
vlc.exepid Process 2640 vlc.exe 2640 vlc.exe 2640 vlc.exe -
Suspicious use of SendNotifyMessage 2 IoCs
Processes:
vlc.exepid Process 2640 vlc.exe 2640 vlc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
vlc.exepid Process 2640 vlc.exe
Processes
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\battuta.flv"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2640