General
-
Target
release8-16.rar
-
Size
8.1MB
-
Sample
240817-q4bcfaydpf
-
MD5
7b8a172974a32f9d1c093d1c35e8f1a1
-
SHA1
9110827d5a5a39306ee26e3e8b763abf22ae555e
-
SHA256
ecab58d9e2edf6539e3cca667a72cb0ced2567bf30073f9f216af4a872c5beaf
-
SHA512
458f52e0cba4801acce10f062207939f7749365dcfad4a2473e96ccfd91213d0a91b15d07f40b5588e1ebacbbdd5852711dd81252772cc0b9c3232b174a32850
-
SSDEEP
196608:DyPpgjLDA8M2X5et5MNhJNlixAvGUFi0gpuKLoqizxw1wK:Bj/A8MHHMDXAA+UA0gxLonzM
Malware Config
Targets
-
-
Target
release8-16.rar
-
Size
8.1MB
-
MD5
7b8a172974a32f9d1c093d1c35e8f1a1
-
SHA1
9110827d5a5a39306ee26e3e8b763abf22ae555e
-
SHA256
ecab58d9e2edf6539e3cca667a72cb0ced2567bf30073f9f216af4a872c5beaf
-
SHA512
458f52e0cba4801acce10f062207939f7749365dcfad4a2473e96ccfd91213d0a91b15d07f40b5588e1ebacbbdd5852711dd81252772cc0b9c3232b174a32850
-
SSDEEP
196608:DyPpgjLDA8M2X5et5MNhJNlixAvGUFi0gpuKLoqizxw1wK:Bj/A8MHHMDXAA+UA0gxLonzM
Score3/10 -
-
-
Target
release/main/celex.exe
-
Size
3.9MB
-
MD5
2ae7fb5557a3501e32e3528873d83100
-
SHA1
86b632d455e6651d5e6d6293ed3c4b0613660976
-
SHA256
16027e06f365940fcf8699655d34f22804361b4409cfa57dc97889bb8db8c306
-
SHA512
f42ceafdf978cfc6bc2dd25fb72bf0b5963aa24146b33cf74bb68eff785c757f5237a37f44a0991487cc4250ad5fc97bfd7b0827eee444bab9cdb6c828e4238c
-
SSDEEP
49152:CfpIS9hSoXZRIusMK8sJ6SaskwLPQgA0ddqKpDVvleDBMkZsdSsypzHDBaNOIsdh:iQcmaBqogAS9TleDOQsIrpFjNlwUz
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
release/main/loader.exe
-
Size
4.1MB
-
MD5
9ecdc9ed1bea6c226f92d740d43400b9
-
SHA1
b5b5066cd4284733d8c3f3d7de3ca6653091ae10
-
SHA256
60c57f14c2e0e0df0bda16646b21dddceaee0159dafbbb8daba310d4e1b5be6c
-
SHA512
30bc705a2438288e3647d5adfc6119d751823970972b9c6b39a60384a2b7ac261986026b8d1c0b0ca7ee3d7e95363c97b873fdc5fad4096c903cb4e15bf57e43
-
SSDEEP
98304:vnUGAC+hqc8lqvdzw2nsNKYYURyc9JirsN4JzmUPj:PTn2qcUzp6UYeJRCxPj
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
release/map/Map.exe
-
Size
416KB
-
MD5
36c50332466b6e921edb79ea4b240278
-
SHA1
5b858fb375235e7638b7cef22ca972d27ce9cacc
-
SHA256
0a76f7d189b368598ee017d0094a6698ffff66d0f981f85769971170ca29e042
-
SHA512
fbc23c9d21e9dd3fbb7eac87fcee7e9db52d6c6450402ec90a7ba43940029af00d4ab9db8f0e662f30d8f99a34326673f26051932e2ae7afcfb377d053f4cc41
-
SSDEEP
12288:rbNG38Jf2mCsCTyTH8+vtQ7BWD24cVLxSf0:rbNG38Jf2mCsCTMc+laBH4cVLxSf
Score8/10-
Modify Registry: Disable Windows Driver Blocklist
Disable Windows Driver Blocklist via Registry.
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
release/readme.txt
-
Size
136B
-
MD5
fcebdd8b5fb2375817096c3ccaa7d983
-
SHA1
9c74429eb7a9bdbd41da10f53e688e32db937f80
-
SHA256
84e202ee56be41944643b1fa8b99b29450469d3bc64493edc37c5c6644c25b01
-
SHA512
a2d58fce370788a77dbb8b33fd7227a5118aebd406dd9e945a80a3b8572420fff49d4621ffa37911074becf0ffdc655bf01cb6101e5e9bc60fa1036534da6813
Score1/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Impair Defenses
1Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
1