a0e1885fb81525a9722128e36fe3bcaceddbff18f6e2f6ea253958c720372eec

Sharing

Copy URL

Twitter E-mail

General

Target

EasyExploit.rar
Size

13.8MB
Sample

240820-zl7glasfkd
MD5

471e2ac23078830600bf47ce591ff1ce
SHA1

126c429aee788ee262d1378ae83c186eae241793
SHA256

a0e1885fb81525a9722128e36fe3bcaceddbff18f6e2f6ea253958c720372eec
SHA512

f4c82fc1c521647efc3a54ee2ac36da26d0823d75431181ad112395923e59e35a477c8154861f5685cf60981069c78a758bfc5a1767b4b8b8afce84edb25e3f4
SSDEEP

393216:hxdPSTpW2MQroE4pxFDQL57F5bAtzOIbpZ+zPkW4zopZsq3Cov:9SVrGFDY7F5bQI7McpZswv

Score

9^/10

Malware Config

Targets

- Target
  
  net6.0-windows/Synapse Launcher.dll
- Size
  
  2.3MB
- MD5
  
  f553d4c216830a6fa652526e17b472ad
- SHA1
  
  37a34b396060da64ccb892b6efcc6d48ef4456cd
- SHA256
  
  1527753d9fd361ff1950ea5208e7020615d6f3344fc0acf420f531c7900c50a5
- SHA512
  
  a801fafd50c3f777d8e48278fbff094288c7e562c2c0bee66085e877b268c66665f2490a3f56d5f5773b075cce5fd9c7eb5be41fbbb83ec8f19155c2a5f3e7b4
- SSDEEP
  
  6144:CFSLTbV9uGrD120B6N+p2frT/cYRC/fh8c2SMyUSwgGxCM5Uiwv7bk6pqXfks673:Cps6N+p2cYfcVF8CTtMG3sRpc/tyR
Score

1^/10
behavioral1 behavioral2
- Target
  
  net6.0-windows/Synapse Launcher.exe
- Size
  
  367KB
- MD5
  
  8461d2adc84bc31f16bde8e59aa946a4
- SHA1
  
  446b6d78fbaa6dfeeacda9b86b4e64b6d573aa8b
- SHA256
  
  9153444a39f82810fd19f2bae2fa07dfba9293c5199c2de7b005973dedcafa4f
- SHA512
  
  5cdb0c0ccadb820ae767db5ba3f2afe220c26da8cfc95fca2d69a28fd0f475b07d02c44b40d525a8fea3e27ee1c0e395534bb825486cec4380bbfd9fc16b9d61
- SSDEEP
  
  3072:Y5vnr5Tbx829UOeKnn2LFzZBp13u36wKp4FULC8oFKWzzY:YBKjK2LFzZNf+ULpK
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  net6.0-windows/lib/Microsoft.Web.WebView2.Core.dll
- Size
  
  760KB
- MD5
  
  1901b4219adc066f3920aaabce33a929
- SHA1
  
  b6189bd755232d5e9c2dd04ae3134a08b3fa9475
- SHA256
  
  e07e183025a4946d4111b7e410b84bac5dc437b78cc92f98977aab59a464205f
- SHA512
  
  4d107dec00ce360b195ca68c62221466974e9320d3f51493bded1629723b8e320af318ab5d8bd3274a363ede33c1a5eba713f20a00203f23dc4d563027f6d713
- SSDEEP
  
  12288:WQmBvD/e+4hM+gj1fdbwzGfErpQt5IE3zFI26Jaor+uFA81hKmYYDnM7RFXTSONV:WQMD/N4hM+gj1fdbv
Score

6^/10

discovery
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
behavioral5 behavioral6
- Target
  
  net6.0-windows/lib/Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  9f744fb8ccbbc95054643a81a3e9f896
- SHA1
  
  075202e07053b0a97a6c50462abd87b6fe4c3fb6
- SHA256
  
  00c21b95e9e8c9d3ace56c4d0c77f03c7dac331ee272fa3ab21ee8e6bbf96d28
- SHA512
  
  ba59e774ef0e1e9c0147d254ed88ffa5b0b42629996da572ef97bc276e3541568672de6d3c26b9142cd0cddd7e4014ea3a5ee4d22493c3ce9b464edfd9ba7f7e
- SSDEEP
  
  768:csjCEEHJ9J0EeFZ2sittZDgcEST3p4Jjrjh2jJ+SG2au8vxJKia5/Zi/ZGQKju6h:FCEF15ittZDgcEST3p4JjrjaJ+SG2aul
Score

6^/10

discovery
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
behavioral7 behavioral8
- Target
  
  net6.0-windows/lib/Microsoft.Web.WebView2.Wpf.dll
- Size
  
  80KB
- MD5
  
  2081d284db55879d63666debd8fb2831
- SHA1
  
  88b4a3ef34df32a1c2bfffdbfd22d9b5ac2463e6
- SHA256
  
  4a43aaba2fb388fa0c8147e88d70751730d6b26f1aa2549ee9eb8392b14a5496
- SHA512
  
  a85046fb1c919828b3e65a554f21b613b1d4582c7ece65aae16d49e0d18ff54c93322f7fd5fdd19dfb687ed1403bb0d8bbae8ec00d408b002aaec09c683a7ea8
- SSDEEP
  
  1536:kLSqStnh+Er+T72ec0XblcoObMhZ8fYSDHf9WyER30mpc4Jjr4YeUqEGhgU0v2zQ:kLuHda72ec0XU4Z8TDHf9c30mpc4Jjrq
Score

6^/10

discovery
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
behavioral10 behavioral9
- Target
  
  net6.0-windows/lib/Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  adf3e3eecde20b7c9661e9c47106a14a
- SHA1
  
  f3130f7fd4b414b5aec04eb87ed800eb84dd2154
- SHA256
  
  22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07
- SHA512
  
  6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b
- SSDEEP
  
  12288:mFIM0KteTMN4Or4D3OdmZg5WHEaEDIGBBjgrIQtD+tVqDMW:6zMTMNNd+g5Wk78GBBjgrIQtDF
Score

1^/10
behavioral11 behavioral12
- Target
  
  net6.0-windows/lib/PagedControl.dll
- Size
  
  45KB
- MD5
  
  e8e69786645597510317e1cb775e2344
- SHA1
  
  3a9078acde00f02d65e38e78572f51b13882913c
- SHA256
  
  88e543039146ea173096b7f3109c7040d9c32cb9f7a749e46b11037c4b639c33
- SHA512
  
  b9d2951810200d9fa5c25ab7d2d3487b497fb74d94960b6930a2bb27d5396205b953e3ce322ea98b15613e4cf1f0cd8f5c7c8d63b92cbbdd8706a2d1af5cc2ff
- SSDEEP
  
  768:wuvrA3ggQmCuvgZh2L3yXpO2tEnjSFOZjZkK8:TvoQ/Xh2Li82t0jSOZZP8
Score

1^/10
behavioral13 behavioral14
- Target
  
  net6.0-windows/lib/TabControl.dll
- Size
  
  66KB
- MD5
  
  d133bc61af9146b21083f93cd7972efb
- SHA1
  
  4723a9368302d1df63f278d6f6b53d55c040b6a4
- SHA256
  
  adae07f028c67901ce68ad393ef34c03ee0bf24443b807a73506aa5f72ca358b
- SHA512
  
  38f4140ac58bffd30009ba5cbbfb91f60f04b9c9eec45416db57586208cf8af08e6b475975e8ddcd7260bb4f8c09280bac80675fe0e314ae42feebe26dfa09f8
- SSDEEP
  
  768:ng6coxxWdPr3F1o066/cfLDzwYO0DuPZ1IAl86RZXX8yAsAZSUz7/f4GiXY8:ioxxSP/oFDzdanIAl86Rd1h5m+n
Score

1^/10
behavioral15 behavioral16
- Target
  
  net6.0-windows/lib/VirtualApi.dll
- Size
  
  4.1MB
- MD5
  
  e3710cbc198551fa6800800820202d5b
- SHA1
  
  1fa4486948651eb09b1193f6f66ed8fdb8a9876a
- SHA256
  
  730c9a8aca3c2057b2462f0255838b78994527abf78e0e186d211ed00e497df3
- SHA512
  
  4e55d15f0c0fafb6075409de9573099e4d39e38e6c9f70ef2a8f25dcf1218fd6ce4ef6908e513dc11cfa9946c2119e3e03f9f7b4a7a8ac32f3759222e903db3a
- SSDEEP
  
  98304:huf3xhg2rqe4J3Qbc8g7nj/kPMSFoua5AB34Sr:M9TLNg7njWFoua6340
Score

9^/10

evasion themida trojan discovery
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Blocklisted process makes network request
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral17 behavioral18
- Target
  
  net6.0-windows/lib/WebView2Files/EBWebView/Speech Recognition/1.15.0.1/Microsoft.CognitiveServices.Speech.core.dll
- Size
  
  2.6MB
- MD5
  
  0ee2b50c85a110689352fccfa77b5b18
- SHA1
  
  d9ecc4b12d2d50e3cbce40e75edad804c9988b25
- SHA256
  
  62a13d8459e0992c311dc3551bf3c2d1ce167ea7fa40f0ec62193f3bd760b36e
- SHA512
  
  a4f94a05a69b5ae3a0ecf8bdb7592f698d0df81e2f1fae679f38890ad04a2384883837bc792c73848955ff4af7afed49d38839f7ab174454e61919ed78655bff
- SSDEEP
  
  49152:NodIJ85qaIU7ui8DDR5s8L0Oty8CvFqwsNcrCY2/YUZzQ7L9qhV6O8mOn0k10:gEDRwrcAwDl
Score

6^/10

discovery
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
behavioral19 behavioral20
- Target
  
  net6.0-windows/lib/WebView2Files/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.54/adblock_snippet.js
- Size
  
  2KB
- MD5
  
  f5c93c471485f4b9ab45260518c30267
- SHA1
  
  ee6e09fb23b6f3f402e409a2272521fdd7ad89ed
- SHA256
  
  9aa899e0bf660ee8f894b97c28f05db06cc486915953b7f3b2ff9902fa8da690
- SHA512
  
  e50a1baf20db9bc867e85ab72f9976430e87d8516ca552f9342a5c91822c9e1404e4f915042d48d841cca3fb16fd969bf0aa01195791ce29de63c45814fcdcda
Score

6^/10

discovery
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
behavioral21 behavioral22
- Target
  
  Microsoft.CognitiveServices.Speech.core.dll
- Size
  
  2.6MB
- MD5
  
  0ee2b50c85a110689352fccfa77b5b18
- SHA1
  
  d9ecc4b12d2d50e3cbce40e75edad804c9988b25
- SHA256
  
  62a13d8459e0992c311dc3551bf3c2d1ce167ea7fa40f0ec62193f3bd760b36e
- SHA512
  
  a4f94a05a69b5ae3a0ecf8bdb7592f698d0df81e2f1fae679f38890ad04a2384883837bc792c73848955ff4af7afed49d38839f7ab174454e61919ed78655bff
- SSDEEP
  
  49152:NodIJ85qaIU7ui8DDR5s8L0Oty8CvFqwsNcrCY2/YUZzQ7L9qhV6O8mOn0k10:gEDRwrcAwDl
Score

1^/10
behavioral23 behavioral24
- Target
  
  adblock_snippet.js
- Size
  
  2KB
- MD5
  
  f5c93c471485f4b9ab45260518c30267
- SHA1
  
  ee6e09fb23b6f3f402e409a2272521fdd7ad89ed
- SHA256
  
  9aa899e0bf660ee8f894b97c28f05db06cc486915953b7f3b2ff9902fa8da690
- SHA512
  
  e50a1baf20db9bc867e85ab72f9976430e87d8516ca552f9342a5c91822c9e1404e4f915042d48d841cca3fb16fd969bf0aa01195791ce29de63c45814fcdcda
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  net6.0-windows/lib/libcurl.dll
- Size
  
  546KB
- MD5
  
  2024156665356070ea193498d076ea7e
- SHA1
  
  304fd6c02e788ce55404560e88ecc45d78961d1f
- SHA256
  
  815e4160ca9fcf4f6bf2b44b004a35cdb5988103d1204102eb7320ce2146a9bb
- SHA512
  
  dec6441fe2fe25e5c2bce8f916d58d3be2bb218f2e82d27e346bce5100caac239c484f4e10f0fdfdc152fda209b066ac04d89b62bdcbe5cfe0393734beb16962
- SSDEEP
  
  12288:TIEuXoN7eLmPPIy/KN2nalkLPrEOkTR1VcTo/w4l8DJCLd:EEAoleL2PIyyNrlkLPG1VcTo/w4l8DJs
Score

1^/10
behavioral27 behavioral28
- Target
  
  net6.0-windows/lib/xxhash.dll
- Size
  
  45KB
- MD5
  
  fd4a9c28c2b7b7f7cae985eed789f0ce
- SHA1
  
  44b51dd9a141f3dfcc090549e6c90071f8b55fb4
- SHA256
  
  dc354e7ea9046cadbed8645e4666975a523463500c877574f8e8306d958b7304
- SHA512
  
  b3ae3d523a1a2de93f05cfa856ac6984d444ee5180f862f0046be3acd02fb499400909449c7e47f764aea2d7d3863e42c7029b0cfc8803b79a91c9f56f3b8bc1
- SSDEEP
  
  768:f9otvM7DZ1LMDJdj+LVvgFlJus4zBYdXK3QDV:f9UEDLMDJxKM0scCXKA
Score

1^/10
behavioral29 behavioral30
- Target
  
  net6.0-windows/lib/zlib1.dll
- Size
  
  87KB
- MD5
  
  46b86e47c082b3ca753e264538c6b9ba
- SHA1
  
  aafa06e387ab9eddc120de3fc0127332cdb8fe1d
- SHA256
  
  cf0bf2746b40710452df596fabd497df250f7693db652c13971aee7c69226c18
- SHA512
  
  31a396fe4349c81067f1936b92e68b058dea5fee2faf972c3bb39d7e2c6ce48292eac5bbc5b43545e07e8aac03f299fb504bfe651b3e432b64e302c651f3d81b
- SSDEEP
  
  1536:47wjHHWwn1rhEzjEp70E2thqlzY2qIOcIOZIelMbHi:4cjH2w1EjEpIqa24SZICMri
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Time Discovery

T1124

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Network Share Discovery

Network Share Discovery

Network Share Discovery

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Blocklisted process makes network request

Checks BIOS information in registry

Executes dropped EXE

Loads dropped DLL

Themida packer

Checks whether UAC is enabled

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtSetInformationThreadHideFromDebugger

Network Share Discovery

Network Share Discovery

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32