b3409b2aeac0378d1164049e7f7e32fe3ad4d626fd4420d467268eb0edc5bc98

Sharing

Copy URL

Twitter E-mail

General

Target

imtp.zip
Size

402.0MB
Sample

240804-a1vc5s1bjj
MD5

752701d01dade5e029359dd9365a7684
SHA1

a647a19cd1080136a0230c26f368e6a224b0d3ec
SHA256

b3409b2aeac0378d1164049e7f7e32fe3ad4d626fd4420d467268eb0edc5bc98
SHA512

84163273380166c9dba460418bc5476300874ada04afb4c96f799ec9171d65faf5e9346581a5335ee8d052370ddb5cc86fb3392e1519f73156bed45e2659d98d
SSDEEP

12582912:jSrDAbNIfKK6HmMJ9qA/4GMKyPFfjfhvyC:jHNICtX994drtjZyC

Score

10^/10

Malware Config

Targets

- Target
  
  imtp.zip
- Size
  
  402.0MB
- MD5
  
  752701d01dade5e029359dd9365a7684
- SHA1
  
  a647a19cd1080136a0230c26f368e6a224b0d3ec
- SHA256
  
  b3409b2aeac0378d1164049e7f7e32fe3ad4d626fd4420d467268eb0edc5bc98
- SHA512
  
  84163273380166c9dba460418bc5476300874ada04afb4c96f799ec9171d65faf5e9346581a5335ee8d052370ddb5cc86fb3392e1519f73156bed45e2659d98d
- SSDEEP
  
  12582912:jSrDAbNIfKK6HmMJ9qA/4GMKyPFfjfhvyC:jHNICtX994drtjZyC
Score

1^/10
behavioral1 behavioral2
- Target
  
  setups.lol/DiscordSetup.exe
- Size
  
  108.8MB
- MD5
  
  8a74c6f5d610cb136aa24415ba837541
- SHA1
  
  ae8b152d75129630cabceda73abfe961a479cc07
- SHA256
  
  12a56a6df3f57af96c0f2cb95fa26fbed515b5e98e36c6ab266c16928c1744ef
- SHA512
  
  263d5ef9cc4ea20b1414927af6c841a66640ec5c5aee9b42a24149162eb41019e99dbeaf878a942855366b7df6243704f5ac84f8f306ff0edd3f9cff96a8d23b
- SSDEEP
  
  3145728:3nxcd7Su2b+gvdzdbZhcHxBXE8/ObjfC/KDkl:3i7iqqxw4VJAl
Score

7^/10

discovery persistence spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  setups.lol/HorionInjector.exe
- Size
  
  147KB
- MD5
  
  6b5b6e625de774e5c285712b7c4a0da7
- SHA1
  
  317099aef530afbe3a0c5d6a2743d51e04805267
- SHA256
  
  2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d
- SHA512
  
  104609adf666588af4e152ec7891cedafd89ad8d427063d03fb42a228babefc59428b0c8b1430cb3fc319a5014d2ee1083ff2b74fa585cab2d86cdad346e8b08
- SSDEEP
  
  3072:ckgHqUGSCoEslON/q178+oO3BAE4T/DvueX:cNHqUGSCPBh+7VST/Ke
Score

1^/10
behavioral5 behavioral6
- Target
  
  setups.lol/MinecraftInstaller (1).exe
- Size
  
  32.3MB
- MD5
  
  4f02ac057355b5dc73ea28aecd2d56b4
- SHA1
  
  32591cb75779a3e308a44e75a76f821e7dee11e0
- SHA256
  
  83a5f942b2a15eab4826ef1709ec6a7f9637a7ec0fce16585776848797307fa4
- SHA512
  
  9eb08f85559df6af9192bec8904097d4e43a832ba9e9cc1c7be1a366af8d103c3a6db3886f00927ae5eb62055fbc770c7b5a3d2a122a0b460b51136083015368
- SSDEEP
  
  393216:nbekuyo9nMK50UGRXLePuq2ZWy/c5zFviMKe2OHmwv9CsTmsueFFza9ye:6Zn/G4Gqk1cWe2iTVCMue3E
Score

10^/10

discovery evasion
- Modifies security service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7 behavioral8
- Target
  
  setups.lol/RobloxPlayerInstaller (1).exe
- Size
  
  5.5MB
- MD5
  
  87e3d886a3716e6ca0370324c8599553
- SHA1
  
  9c0f902dcac08193d13990b2c46702ce1ddeb3a7
- SHA256
  
  a1d6267bcdc07ab4d900111ee56102d95f2aa1ca5f3a052cb7c11945e0ffba48
- SHA512
  
  860a67582c4cd2df7fe1c21307450356ca8270b448fdb96de957a5af5f6b38c87da84f47cfceb91804afdec693d52029bb7151e02a753793889daf4ff4779a25
- SSDEEP
  
  98304:edv4xixgrOYvLtWV9SxAPZl+RqgSRe4rcSRhE1RKsJgHXe8WDuLNzTf:M4QqrvvySshgSsR/mOdANP
Score

8^/10

discovery evasion persistence privilege_escalation trojan
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral10 behavioral9
- Target
  
  setups.lol/SideQuest-Setup-0.10.42-x64-win.exe
- Size
  
  100.4MB
- MD5
  
  97359fb1c9f557c85bd80ee8252f55d5
- SHA1
  
  b9f9cc8abf66e74ec199ef487aeea456f724bf03
- SHA256
  
  2d0cd4cbe441b1403217c2c9e9acfe2201da9b765e9de4cd88595e0d7b60cfee
- SHA512
  
  c75cf641590eaa8cd17bd50fed30e7d4359c5f7840957ee4bf692e01af4741029f471217df1716a3266f6c66ab446410fc84f9d011e591566bbf46555320f177
- SSDEEP
  
  3145728:U/Tm4v7LTOfOz65hv8oCjumSi0RyXjFwDMwU:8C43TOh5p8jbSTRyRw4wU
Score

4^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  466179e1c8ee8a1ff5e4427dbb6c4a01
- SHA1
  
  eb607467009074278e4bd50c7eab400e95ae48f7
- SHA256
  
  1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172
- SHA512
  
  7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817
- SSDEEP
  
  192:olsHeylO012En8pqHtcE0PuAgkOyvIFc:oATI0d8pUP0WAgkBvIFc
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  ec0504e6b8a11d5aad43b296beeb84b2
- SHA1
  
  91b5ce085130c8c7194d66b2439ec9e1c206497c
- SHA256
  
  5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
- SHA512
  
  3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
- SSDEEP
  
  96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $R0/Uninstall SideQuest.exe
- Size
  
  636KB
- MD5
  
  707b72e4a1badfbcc283ac374c7dbda2
- SHA1
  
  9c5be8346167a6e8123454103b9c4fed5e3f16f4
- SHA256
  
  49c71570a7120b1258e9ed9d65255e15ea66e33dbc4c57b7548d2bafbbffe8fa
- SHA512
  
  ae503dcb12445dad015f5493d3dfa217684b3c593fc4160ef2a47f93dbfdbdcf8d1a1fb37e1f7a43309a7af4a8785874b1ec046a0202b9a0ab1565bade8e993f
- SSDEEP
  
  6144:c740ILE/rLx0hzFnK3ieyE4PPvUwUa8T2t0EyL+9gJOaNva:e1r10vKQEAJCLRKMVk
Score

4^/10

discovery
behavioral19 behavioral20
- Target
  
  setups.lol/VBCABLE_Driver_Pack43.zip
- Size
  
  1.1MB
- MD5
  
  3e2f6ddf5a06c66dc4daed708f8bb2a6
- SHA1
  
  0fc70fd364b76b3dbdf6c9780369a834ed9efd3e
- SHA256
  
  66fd0a4d9f4896ff41632b7e3d53892c085c4561f53e8ae8d0f0bc10eedd1cdd
- SHA512
  
  64f004e60f9d47ef6ad5f6d3be2f790f7f369097c8f800a262bc38e6d5e68cc1f4cf96718147e6bcd63741ff1646cf99ed1cb939200445dcd94f6fc85c95e13d
- SSDEEP
  
  24576:dqtBKwfPZ5JLfG/Dtl27gdahBUV1G7h4si2KRayG81atW8:dsKwZ5ZfG/Bo72aQVeh4siZaA4tW8
Score

1^/10
behavioral21 behavioral22
- Target
  
  VBCABLE_ControlPanel.exe
- Size
  
  847KB
- MD5
  
  bf51f5d7f3caccbc18d4b75c0b5161ac
- SHA1
  
  26b2a247a162a59e95d1b389cd28a3220c7ba13a
- SHA256
  
  290ce0f5a52ab17c35de5782c390ef62d56ee61ac6f64290cb6c96873400718c
- SHA512
  
  87645c65e45d93f568cb8856bea4ceab4854e26fec3c115d52e41d64e7181db4caa59fcf7cc26d40e41aaa519daef0e19eb27cf27b28273059a989f309b5d7c8
- SSDEEP
  
  6144:IC+J+1Hh9aphA2hwrYqrgLuBj2Xhntm5hJ2r9Un+LdqscE6:iJYDkLuBj2xntmgr9+yRh6
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  VBCABLE_Setup.exe
- Size
  
  886KB
- MD5
  
  832496a8928b1bac71ddc5564ba52108
- SHA1
  
  e5d2ae24c76095338bcce905e8716932e158dac6
- SHA256
  
  42800f5720cec0d1da064bd5e2341c05227b03409815267aa5cf457782628a56
- SHA512
  
  2b1dbc293b0ef602c0dd966ed576fde538616d49b7054357f3fc21c586295845a9366ff1abb03453055255374bafef434c3fb4edce8f9ee0c485f9a62fbe6a26
- SSDEEP
  
  6144:gfj+EqZQkyKdibdK2UTmPLagFOdhufzlmZeT7UmQBCDyUtHKwwo6dCnS9AzrLT2x:uShTZUI6HKhgS9APmGKRH8MYmmBH1K
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  VBCABLE_Setup_x64.exe
- Size
  
  901KB
- MD5
  
  aad9093bc9182081a386325d9c931f90
- SHA1
  
  1d06ad447b60b147c05369e6e761e1aa8ba7a54d
- SHA256
  
  186892503330970c8e8d561adf9b71bd15cd93589306ec00fa60009ebf611ee6
- SHA512
  
  cd56bf05b32df0314e9f70e5808813c78a0b687e55426d2f333c835412e1631befc84af72fb31d00eff41e180aea021b719f57033f92474063a9629ceca54225
- SSDEEP
  
  6144:9sQl2TpetmQ8jiiVS6tQkyKdibdK2UTmPLagFOdhufzlmZeT7UmQBCDyUtHKwwo5:WzxnhTZUI6HKhgS9APmGKRH8MYmmBHf
Score

1^/10
behavioral27 behavioral28
- Target
  
  vbaudio_cable64_2003.sys
- Size
  
  40KB
- MD5
  
  326fab289623bcf815c38fcd71330f3b
- SHA1
  
  fbf2925e172903220367421225cd2f103b44cb43
- SHA256
  
  5a726f3f1616f587c9f118bf337fd359df3f7cb9fc967a14229d59a31f2a9720
- SHA512
  
  e41bcf4546ca6622814f0e7ef1bf3d0419368dc4e6255564e4af26b35bf1180b26e10491db4ad8e05356f7ee2c995b481f948df732ed49886bd1cc66e88ba10c
- SSDEEP
  
  768:MvF2FV3Pibpw3bDe3Hs/iWyuZ0wuePi+4gj+qBbtWbZ:M92HibbxQu+JVbtmZ
Score

1^/10
behavioral29 behavioral30
- Target
  
  vbaudio_cable64_vista.sys
- Size
  
  40KB
- MD5
  
  96b795de860f111144632a3aae5422c5
- SHA1
  
  f33e58da294213a95ff6037db392e5e0656a9017
- SHA256
  
  703572fa9e8aa1616e6b2abd36b91a4718de77eadc02ae05ed2c8f304d058afc
- SHA512
  
  1642e9befffcb72e9daeb7a678df45b18216a0a0b64dbd4972ad4c9066fe61568e6caeb2a96ee8229c6b0999d79903a8af2685e605b4bb1a4a7c75e4b17fe652
- SSDEEP
  
  768:Ak2Fde3TzpnexUGb/ieyuZnw+eXCd4gxqBmtyb09R:R27WzGO1+1Jomtq0n
Score

1^/10
behavioral31 behavioral32