Overview

overview

9

Static

static

7

bin/last_data.json

windows7-x64

3

bin/last_data.json

windows10-2004-x64

3

flint.dll

windows7-x64

9

flint.dll

windows10-2004-x64

9

runtimes/w...er.dll

windows10-2004-x64

1

synapsex.exe

windows7-x64

7

synapsex.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    flintsrc.zip

  • Size

    15.7MB

  • Sample

    240724-bz6kfs1alm

  • MD5

    7fefe8766e0fb0dd17a9764da07f2f7a

  • SHA1

    7165b5220fc45ac34c92bf80965760dbb7c50e79

  • SHA256

    9149cff48f823bf1f162f87af1721001285f2734be0643573ccc6386a3b77588

  • SHA512

    3ec2be72f5c1db9c9997b6086a917922c368dab8a2f94426cf6ea92dba335ed431371a0ead53de516e52b87a92fa81eb46539e38481a138eb34d5c549371a334

  • SSDEEP

    393216:zUM9Wo6LXi5EwTVKIUD2cd85IjDvCvP/K9k:z9lt5EZNA5IjLOPN

Score
9/10
discoveryevasionthemidatrojan

Malware Config

Targets

    • Target

      bin/last_data.json

    • Size

      2B

    • MD5

      99914b932bd37a50b983c5e7c90ae93b

    • SHA1

      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

    • SHA256

      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

    • SHA512

      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      flint.dll

    • Size

      4.0MB

    • MD5

      2a0e4a3c4f1f38f9d6b9be820cc781c7

    • SHA1

      c8973021c55d7d673b1cee051e509fcb9f09e083

    • SHA256

      a46649a1827ecca60e439c4a26a6f288fb332c2c3f0f4a613530273fbf53a9ff

    • SHA512

      91cf729f04f575192e1bedaba63cb8222b1a0a201ee72b794b4faf5ce9589455c4096cdac113323e5d85993374a9e04f952a19e8c1bca5f0feee3208cd4b3f7c

    • SSDEEP

      98304:k5ae36yod9PKIq7DfeL5RWG0SGZxNLtB10sGAK9:Be36yodEI+W5RWaGdpBm19

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      runtimes/win-x64/native/WebView2Loader.dll

    • Size

      161KB

    • MD5

      c5f0c46e91f354c58ecec864614157d7

    • SHA1

      cb6f85c0b716b4fc3810deb3eb9053beb07e803c

    • SHA256

      465a7ddfb3a0da4c3965daf2ad6ac7548513f42329b58aebc337311c10ea0a6f

    • SHA512

      287756078aa08130907bd8601b957e9e006cef9f5c6765df25cfaa64ddd0fff7d92ffa11f10a00a4028687f3220efda8c64008dbcf205bedae5da296e3896e91

    • SSDEEP

      3072:7evoTTlTRTyiuPThTNTKm81SbbMYSPLNsknZiZ2HZ5AaliiT88FEtJ57dXSvlCW:HTlTRTyiuPThTNTKmFQdhsknZiMHfEti

    Score
    1/10
    behavioral5

    • Target

      synapsex.exe

    • Size

      8.6MB

    • MD5

      75c773432e8687e11cbef1c57d0f51da

    • SHA1

      c773ab179485ea2d470a1b8fa9b7e2c551c2652c

    • SHA256

      9c4d909ca35d48d6267328c191a18cfcc16156a9a9e274023bbc91970e4b78a1

    • SHA512

      a4b55473fa8516f6fffb2a1b9c648ff1344c55d836446f670d80b14bc3fb8df304b9c46bca9c73ee1813c5c35b8db04513f4ec5333955b83df571f6b0a5d1778

    • SSDEEP

      196608:Tpk/EOlXEGH1qvuVj5EmqxWdMe7cb5nNARzQY:V6lXEGHcvuVdErIdMdbjU

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral6behavioral7

MITRE ATT&CK Enterprise v15

Tasks