General
-
Target
RAE_2024.zip
-
Size
39.0MB
-
Sample
240730-ad1awasbmh
-
MD5
5d7abfcf8e8398438091750bda9ff31a
-
SHA1
e8b169db60fb4c4564c1e5f19ee59998f6df78f0
-
SHA256
0fa575b56483b84433329d8d518baffb34d7f825735ef7851b762d83955f1e34
-
SHA512
f998ba2127d6d4cf0538f89c5d5a3a2dbebbd1112f48c292fb151ee91a41176bf70e51eea4114d0bcc625d0ddb57c5d8b8d53f236c94643f75f7db3dd1e009f0
-
SSDEEP
786432:6BtjjwbEXKJdSYNoDKD88pDZB9wQmTqIIA8GgOwEzN7GUN6bZ5kdj2u5+3n0jeG:YtnwbEaroU8Aw3yGgODZ7sk51+30iG
Static task
static1
Behavioral task
behavioral1
Sample
1. NET_Framework_4.8.exe
Resource
win11-20240709-en
Behavioral task
behavioral2
Sample
2. VC_redist.exe
Resource
win11-20240709-en
Behavioral task
behavioral3
Sample
3. RAE_2024.exe
Resource
win11-20240709-en
Malware Config
Targets
-
-
Target
1. NET_Framework_4.8.exe
-
Size
1.4MB
-
MD5
34a5c76979563918b953e66e0d39c7ef
-
SHA1
4181398aa1fd5190155ac3a388434e5f7ea0b667
-
SHA256
0bba3094588c4bfec301939985222a20b340bf03431563dec8b2b4478b06fffa
-
SHA512
642721c60d52051c7f3434d8710fe3406a7cfe10b2b39e90ea847719ed1697d7c614f2df44ad50412b1df8c98dd78fdc57ca1d047d28c81ac158092e5fb18040
-
SSDEEP
24576:xGHL3siy910NSmtLvUDSRbm4Jah1rVx8MjoGO8W6cbZtgd6AmpITsz0+lLF7cy:mL3s7K8eTUDBzrVx8MjoGO8W6cbs8NpT
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
2. VC_redist.exe
-
Size
13.2MB
-
MD5
9882a328c8414274555845fa6b542d1e
-
SHA1
ab4a97610b127d68c45311deabfbcd8aa7066f4b
-
SHA256
510fc8c2112e2bc544fb29a72191eabcc68d3a5a7468d35d7694493bc8593a79
-
SHA512
c08d1aa7e6e6215a0cee2793592b65668066c8c984b26675d2b8c09bc7fee21411cb3c0a905eaee7a48e7a47535fa777de21eeb07c78bca7bf3d7bb17192acf2
-
SSDEEP
196608:oRjgvJ2flpQcIIS/Rj7BWl+aV8t8z72BxBwBgO42BE6+2DQlMp1sHW5ZDmCCM0Xr:IgRIlptVYmfr7yBG/4pXMHsHW76CsGE
Score4/10 -
-
-
Target
3. RAE_2024.exe
-
Size
26.1MB
-
MD5
52ed73c74614cc4309e958406d3a2ef2
-
SHA1
5b85c1c336d6dc8efc07e430c83194ef2109d747
-
SHA256
d0b4026d7684607ef94ad4ae4cb3666000ba588ca9fe40d210de5519290d1b4d
-
SHA512
f34ea34a2d5b50eb272484ebed9ca1d7bc5df01772f7115b628863172a6012926fb8e93d7845d40d72562d102b6c8572d58bc28992448fc311ed29aa9f20c150
-
SSDEEP
786432:za1hq2C6sudmKIboommuvFI+pPncLt5+PLM2RqAosPOaeE:4C6Vyoomz9I+i+DhqA12jE
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-