578993fcf8d57252bc34536c01dc853a374e60def68f60b2826c3de0826ea00c | Triage

Sharing

General

Target

ventoy-1.0.99-windows.zip
Size

15.9MB
Sample

240803-bf55ksxfqq
MD5

fcc8ff8dce28310f9da295f28f1735d7
SHA1

51e689ccd7260f240b53e560e549462208dd1a6e
SHA256

578993fcf8d57252bc34536c01dc853a374e60def68f60b2826c3de0826ea00c
SHA512

22a29a02dd9f03d5fb820592c818917f4b0ed39741d8223b1c74be10bba79220ec0f321a0c57b8bfc928c99588544a278b53bf2a07b44b66f6c8c428b8474f55
SSDEEP

393216:C/42RL228fi5n/g7qrpMTh4+lrPylv+U81QNABtmKRKXmchqPMKqfjaLi4TR/O:hYL2o/g7MAh5gs8ytmKQ2chDjqTc

Score

6^/10

discovery

Malware Config

Targets

- Target
  
  ventoy-1.0.99/Ventoy2Disk.exe
- Size
  
  589KB
- MD5
  
  f8d95eb8c84c6de968a90496256180b1
- SHA1
  
  52ec2c2d0dfb4e0ee4cacf58c06308673caf7535
- SHA256
  
  d0fbb98b3de71b571276016743d1a2b56fc71b8708455a533a7489fdb64e63de
- SHA512
  
  0b2a33093ecab5307c496283bec5d8fcd40a53921b7f73ea643c2b43c712c6264337fc16f340c9021fa17f45a02e888c19b4d2a244f970376720416bbbfb883e
- SSDEEP
  
  12288:tubXcwafJcLln5QwnVWqqPIBONhxsU/E:turP90r/xsU/E
Score

6^/10

discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2
- Target
  
  ventoy-1.0.99/VentoyPlugson.exe
- Size
  
  364KB
- MD5
  
  38f18ebb5b81b4481b732f68d2b9fe90
- SHA1
  
  eae6a3ea6b5b8ac5ccafcc6dd0bbdbb07d6ee6c0
- SHA256
  
  a27bef270abb8e0649358d89a004573b45156c7a2bb520fb62cfe1f50300145b
- SHA512
  
  9c38a92d015f8524b28d5b99c83f6923f2505cd65817e11b8079201148f0299cb38646bdbb8fb5f64c97b178507cf8a851c3edb38fb442f0caebfdc0482c2749
- SSDEEP
  
  6144:l/C8Y4XmCtaOInjZpAbxdxDcWcnR4bfXfwiSeias+8xHgbYpj+w8NO0ctwxepgP7:l/J+CtaxnjZpAbxdxDcWcnR4bfXfwiSO
Score

6^/10

discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral3 behavioral4
- Target
  
  ventoy-1.0.99/VentoyVlnk.exe
- Size
  
  148KB
- MD5
  
  8e84aa749ac62d5dceb600cec8d86c96
- SHA1
  
  3a224340c4e361b2383e96ad86f2d515f40f7d8f
- SHA256
  
  fcfaa10af53eebef4a986b002006a7acf7af9c2465caed7e37edab9626bcfc4d
- SHA512
  
  8cda75b9954ffc3df9f0b9f00b943372a6be5637603ef392959439f0509662832b7ff73aea5cac1afaa2d76281b23f85c5d2a99d6e92f8c1fe9253598a8dbf1a
- SSDEEP
  
  3072:l8nH9j2ziuvAaIBlCn24Rc4Yn0NJKckH2Fe7E29A/zdGt69heo4J:lyR2zi7ajvRcGLKZH2FaLw9hH4J
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  ventoy-1.0.99/altexe/Ventoy2Disk_ARM.exe
- Size
  
  564KB
- MD5
  
  7dbf0eb7a2c5ef088951ddf215eec1c9
- SHA1
  
  5519b3c64d02d5270c8623483374ff19e29a57a0
- SHA256
  
  b9f1a23ed9ff7f5e07995786f1b46a29c2b9fb441db8ac059b5200b6a79ab191
- SHA512
  
  8899c1ae8694119f22dea5614445fdc053d9860c75efc9be019d963c1e4b6cbccf7d767483cd2d670558f0c7e621eed6a8f5a70bd43c85746b65996aafdfc32f
- SSDEEP
  
  12288:FwaZPNyDPCwn3/oSwpjnVWqqPIBONhxsUbPqYy:FBjTwgSww/xsUbPO
Score

1^/10
behavioral7 behavioral8
- Target
  
  ventoy-1.0.99/altexe/Ventoy2Disk_ARM64.exe
- Size
  
  623KB
- MD5
  
  01b0539efb3f9b097b189b54d21511aa
- SHA1
  
  da14a76eecbaeec85151f184816b7142740ec0e2
- SHA256
  
  6c0551769a2ed1f6ebb22ebe019f3edd058cc19178f0a5b95ea8f213a5a3b96e
- SHA512
  
  49788c09bc8b815c70c8068c2d5fc5546a1904a7a8207de0f322511db4ee9fef34c45e32a7d976c35b619570bf0e8a90b085ea9f9a8b55f2b5e2e59d2038b4c2
- SSDEEP
  
  12288:4QL0e9Fnysj1CMl/YnVWqqPIBONhxsU5:JLbFny4oU7/xsU5
Score

1^/10
behavioral10 behavioral9
- Target
  
  ventoy-1.0.99/altexe/Ventoy2Disk_X64.exe
- Size
  
  633KB
- MD5
  
  a58b82d238c6abac8fe55f14b6011d90
- SHA1
  
  ee1c7d6ff2ca5cf3af53524518f4fa3973f4db7d
- SHA256
  
  74cbd7ddb84474a0207636c5f73577c9b746b0f1d7768fd3c21deefa35a910c5
- SHA512
  
  bb8a75eae39ff4e7bc8e22c0c1e6fba1d33a7b45ec28cfdbe6bcc8841f24dcb1e478e20090779bb8179df40b537ccbaff72fd3fb903f1dd305920e1197ad78c3
- SSDEEP
  
  12288:seO5Hmk/10nJQDrQ+27UQnVWqqPIBONhxsU5:Ywk/UwQ+MI/xsU5
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral11 behavioral12
- Target
  
  ventoy-1.0.99/altexe/VentoyPlugson_X64.exe
- Size
  
  450KB
- MD5
  
  b12066183b66c7238a5cdf916dcbf58e
- SHA1
  
  ee7e7c80e67adb871dc6f86d2069a938e7960931
- SHA256
  
  cc50e92dfacbbab0d436c6f7c283c5ce7cab0e4578f137d8306237bdd4fd5f25
- SHA512
  
  9d8be1ecdd36697d02761f1d80e9c3f4128b45a36c6b031f6f045f55e78ea5e9b5f18d258a587be95009206b45ea000c4d1e5ad2742783d1910527dd91ac185a
- SSDEEP
  
  12288:mZDhU+g1NufmjdQNzhaibzFKzy/MJQC8J:mHUizhai3FKy/MJQCA
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral13 behavioral14
- Target
  
  www/index.html
- Size
  
  50KB
- MD5
  
  1b24d46748fdec03b31a48f859da9742
- SHA1
  
  5fadaf1195f99fe59c2cfe664027caba57103b28
- SHA256
  
  c0eeec86ba2a127f72747602f8cd8b60cd87aaf8dd7851f98d6145a98ed97ab0
- SHA512
  
  f8ab283014fc4ea5b858ee8d41898bccb05649c0cf17517ff5a36aa71f0e0668df300041636cc879c5c8c3c0ec55de7c029662596ae1247485d022317b0cd989
- SSDEEP
  
  384:nIe5xaPzFzvgy3ur4qa+MDP16NEqmXIhNroSMW/L:IQIej
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  www/plugson_auto_install.html
- Size
  
  19KB
- MD5
  
  de12d82e09f032b7a95c710ed1535a2a
- SHA1
  
  f5d86b8ba25c08abf3fecc783dbc5a941f3dab47
- SHA256
  
  0362539891ba03869fd3fba69e6a76462f319063c78a266615ff41c62ccb0218
- SHA512
  
  b5ff88470c8d7915b05639741521364f9f10710c41edf59ad60e95b071406aaca30879827dc268e1021e6e23e659af0f2ef99ff968f8fa620e788645438574c8
- SSDEEP
  
  384:Ha2ZxXGy+QQRTQ+gTQQQocBhxQYtT+3/BR:6QxzbBR
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  www/plugson_auto_memdisk.html
- Size
  
  7KB
- MD5
  
  f4618d186e06910e3866729e74c117a4
- SHA1
  
  27df2e9b3d59b1e632e54d748c08a852d5c40d33
- SHA256
  
  b9e954c4b1127a60d1b07b3f5e9f26c592d90e413d6216ca50f85a92bd29812c
- SHA512
  
  fb22eb535c4aea786c35ab873503b6e5de4b65510a92cf651e85417b9a6a703f66e9eb910c0f5b8eb6e851f4ce94c137220b378f5e3ba6d53efce64fa673756c
- SSDEEP
  
  96:Hit2Hy9tGVxSkzoG2u/I0xoXR3oz+p2/koKQQ7ThsfK1xd5bpBaqcUJH:Hih9I2Sqoj/koKQQ7ThsfKB/Baqcy
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  www/plugson_conf_replace.html
- Size
  
  11KB
- MD5
  
  ab7b0e0ae2c6b2b2b59ded3c7a9e0f12
- SHA1
  
  12fa135573590621add9ed6d869bab4dfe07f8c2
- SHA256
  
  70c1dda4026cf56c01bdac997a652cee7eda60229dc51c9ec6d3609687a1a3f8
- SHA512
  
  620721497f67d4f4346737fe67e20901aca00592067b1d9d873c28360eba58ecc806fac91d9a8332c0e8dc841dc0e10702f96d8bb09d7890bb73d1a699973a3d
- SSDEEP
  
  96:Hit2petGVxQBkzoG2pm+0+pntioGQQQQQrYMEpyJJgAZKKqpqWCFKs4UbbpVMhPD:HilzO2pm+qoGQQQQQsMEc/ZKkth4wVQ7
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  www/plugson_control.html
- Size
  
  78KB
- MD5
  
  5c809dfd8994140d798a776dab998f05
- SHA1
  
  1d166d5558a6d596e55d91a621151469c166d041
- SHA256
  
  d49bc96bef2d89fc008266c0495707d2617f3be55db8273b56e5dc93b1fdb860
- SHA512
  
  ad5317ac99e7bf6182503186a2672643f807bbc726133ec1ea7b37074a5ad3fa04e4df6012d17461ee480f2ba6b57f7989d9f7e32f8dbe6c4eaee1ff5d86198f
- SSDEEP
  
  384:Hw2jcH45VJTlz/2vOUlTQ6kiorPN0vXJFVTipOL3EDUbq3+x7MRH+wmTp3/ovl9/:QoJCO28dJog
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  www/plugson_donation.html
- Size
  
  2KB
- MD5
  
  caaa14ff8fdf7eabc84e5a84cd576976
- SHA1
  
  c86f9b85ebecac6c31c41763e88d205da26db894
- SHA256
  
  2aa2c70ce61b1b1703451ca25ffe5584fcd1282d6cfdd4722520128e4ece066f
- SHA512
  
  a5955e980d92f285004fb4ededd7a98e9167a71b453323d4789f55e7be5fa49b8ab28f512898745d53dad1b632199bbd0098f379189348dc60da99c55db9b2e4
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  www/plugson_dud.html
- Size
  
  12KB
- MD5
  
  2b19fb484fffdbbf55db1884afe07e33
- SHA1
  
  2fc0aaa09e1f0643a71512dac426461e4f95cdbf
- SHA256
  
  1b0a7dd079a909208bdbacf3648fb6c942bc38e40a073e53edf3ca029d1048fc
- SHA512
  
  2b3a1553c68a0d9fafc4b280c4866429f5c2bd6e75822fd69735be57f57d22744875ce4149d31a43131cd85d3fb67288354db5f37a5c4a7e196115b385bcad81
- SSDEEP
  
  192:HiiU2I7/WQQyac6QFc9YhxQcscKKVQisx1wZo7:Ha2QuQQdFQFcehxQU/Fq
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  www/plugson_image_list.html
- Size
  
  12KB
- MD5
  
  1bb7db835bbfef8d24ebe94db5eee3a4
- SHA1
  
  f50efd65f01737d90ede00c17740d8d95942e286
- SHA256
  
  55994e2ff5d37ce0292e5d52bae8fbe9af5722b329fa54b26675b6408005f893
- SHA512
  
  30f1e7672d5e85729c1cd0164a1998edf3436cb0eb7e2b0cf559386943fbdc986167c4688e012a661e7faab442b477be08c57dc836ed2648e8d18e2e7b806372
- SSDEEP
  
  192:HiN942gr4n7A2Irggm/WoKQQypc/nJN8R2sd8Kt8eNz:Hgu2SsAkYQQyp84mnex
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  www/plugson_injection.html
- Size
  
  9KB
- MD5
  
  55584b0075d9774db5c6e79bdea5ca7b
- SHA1
  
  7972e4b60809a40449854e3b3f1a10019a03c876
- SHA256
  
  92c23ca335d0a260cb875bb94f1fc7c76b1eaa6d38b04ffd3eef3a58c845675c
- SHA512
  
  bbe3bc4498f2476190cf73db9ba841b374def0b588e2b168fa96888c3b40dfc29b57320af1a760e51829dc8400b201a8706261671191a5cc8f1d0f681f5758c4
- SSDEEP
  
  96:Hit2qQtGVxikzoG2wcguQ+pg3BZBPQQQQQxQ/HsgMK4AgSBwPYmbp1zniK:HiUA2wcguUZBPQQQQQxQ/HsxKbC1zP
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32