ff4fc742e574556e8049da7e23a34acb5ba49a8dafc924d54ef00b777ffbf09d | Triage

Submit
Reports

Overview

overview

9

Static

static

7

CanLedger/...er.exe

windows7-x64

9

CanLedger/...er.exe

windows10-2004-x64

9

CanLedger/...eck.js

windows7-x64

3

CanLedger/...eck.js

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

Target

CanLedger.rar
Size

16.6MB
Sample

240821-kl8bkayhje
MD5

d5b043581098d2d0b0c00979ba1920e8
SHA1

92df7f49a6cab61edf981151463ddb9528f6e414
SHA256

ff4fc742e574556e8049da7e23a34acb5ba49a8dafc924d54ef00b777ffbf09d
SHA512

2635ac3c7076b417003662d331ca746c21ba184bed382e06bdf237e00f01411a490290cdaeadb3ee2b927229c2d821c0a5c7bbe7e063614f2f5558c98084e15a
SSDEEP

393216:ElYBAqrrtEzi3UB7r5OukJ0I9Aigq7/m2n/D3jT1+HdD/q+:ElXqrrMie7rXk+SAij+2n/TjT1+HdD/N

Score

9^/10

evasion execution themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

CanLedger/CanLedger.exe

Resource

win7-20240708-en

evasion themida trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

CanLedger/CanLedger.exe

Resource

win10v2004-20240802-en

evasion themida trojan

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

CanLedger/scripts/TheDeluxeCanHeck.js

Resource

win7-20240705-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral4

Sample

CanLedger/scripts/TheDeluxeCanHeck.js

Resource

win10v2004-20240802-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  CanLedger/CanLedger.exe
- Size
  
  16.6MB
- MD5
  
  8734cb11cf7a85b52ad4febf9e7599e9
- SHA1
  
  305c6a73d8e8690f84a1c3da01f64cf745b15af0
- SHA256
  
  46e9fc89c3dac162635794c54300f77b661a870562aec4fdf2ea56a0c86f42c6
- SHA512
  
  c8205874bced0c4f4de1870ac928d8138d5051307b69dab1edca539b3574ded7b267eb70bfecc50656b41a8abb6f8306fbca64f0d350832fa8ea7b47aedf25a4
- SSDEEP
  
  393216:tZovfvKZMsGirYu+ckzfiRCPCaYn+d26v6eg3u/d+/bHuRST:tiXvp/vpckzfiUgwS+/dwiRST
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  CanLedger/scripts/TheDeluxeCanHeck.lua
- Size
  
  816KB
- MD5
  
  99a834a74bca09b78b09728bc7c1f432
- SHA1
  
  f608a246da3dbbf5841a8797328d2b9d3ddf1b91
- SHA256
  
  31c59a77845f19bd02ca81712f6849578f344e0d2f91120654293f877267573b
- SHA512
  
  955c0e25103866afa506e3ed4f01271eff1c337fc48e7e8530a932938aa3dfe7cc80c91f100a594d8f115c4c721bbd4c2e8799c1f200d0112b74cdb0afdc3167
- SSDEEP
  
  24576:aFd8lFd8uLq49T2n4dPtImI6W4LePH/tgYnXFtgYnXdToABRD:RLq49T2n4dPtImI6W4LePH/tgYnXFtgQ
Score

3^/10

execution
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionthemidatrojan

behavioral3

behavioral4

© 2018-2025

Terms | Privacy