b685dc6bcc9670e5d8f487fb6ad74f5853a791984f11ddfe31fb61b4cabc886e

Sharing

Copy URL

Twitter E-mail

General

Target

Cloudware.zip
Size

54.4MB
Sample

240821-vd25patbpq
MD5

c478bb90fc2ef409fe36c013a883a216
SHA1

78ccc7a966e2a9b9b730e6db4290702ce932567a
SHA256

b685dc6bcc9670e5d8f487fb6ad74f5853a791984f11ddfe31fb61b4cabc886e
SHA512

1ce91696a75eef205fdf98cbc9ac0d9fa12993a2dbfdd2d2883fa25eb2b1256c91b4a0d922fdf7b40b42682fe9ea69cfe5e0f8634cbd2157645dfe5e4b000bf3
SSDEEP

1572864:1hlzK60Ky0YMxdKCmFQ6jOuorOIM26RDfyEZzbmJPbSQ07+e:1ho6dyxIdKCiQ6jOzizdD64mN+ue

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  Cloudware.zip
- Size
  
  54.4MB
- MD5
  
  c478bb90fc2ef409fe36c013a883a216
- SHA1
  
  78ccc7a966e2a9b9b730e6db4290702ce932567a
- SHA256
  
  b685dc6bcc9670e5d8f487fb6ad74f5853a791984f11ddfe31fb61b4cabc886e
- SHA512
  
  1ce91696a75eef205fdf98cbc9ac0d9fa12993a2dbfdd2d2883fa25eb2b1256c91b4a0d922fdf7b40b42682fe9ea69cfe5e0f8634cbd2157645dfe5e4b000bf3
- SSDEEP
  
  1572864:1hlzK60Ky0YMxdKCmFQ6jOuorOIM26RDfyEZzbmJPbSQ07+e:1ho6dyxIdKCiQ6jOzizdD64mN+ue
Score

1^/10
behavioral1
- Target
  
  Cloudware/Cloudware.exe
- Size
  
  297KB
- MD5
  
  0bf0db39b67c5e2c2568032644fb3b19
- SHA1
  
  f37d67f69a49413c445fba5d5f856c01838fa47b
- SHA256
  
  9e734987ac3f35994c15a092409087db7de9fb312d6f557c7f485a856e083fed
- SHA512
  
  82bf0626515458cd1a39db870f7c73011060b50d12f26fb696b6cfd4d55f9c30cf7c13e59d57c4c537f1b22fbbc49eb46a32134f473ad85802b5fb443cee58e3
- SSDEEP
  
  6144:0lqrZuknt47WpkGXgTyObsHTTxF4wA7Se5ipWLZ0MLdcFCdYvJyL28yi0uuhb9jw:27smszTxF4wA9hLZViQYvJs28yVuuhbG
Score

9^/10

discovery evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral2
- Target
  
  Cloudware/bin/API.dll
- Size
  
  1.3MB
- MD5
  
  157fd035b2a344a94166d7db3756df0e
- SHA1
  
  f221d28c1deb80b4e8d9201226435aefce6b0f75
- SHA256
  
  8716c75aff75941711aff8770836f47eb9a254416089ef3571c6fc9a338b3009
- SHA512
  
  fad0174fbd22f58dd4fcdaad8378c214270b4faeaca64d9cb306f50e9316072a4c417c5723c4123b8bf94a3dba6ef4e3303ec60f4a2cf0c3a54d8ab375ea717d
- SSDEEP
  
  24576:ZqBSLRktEBl6blwTUMD4zB1VU2bFjYWR0pMQUAqLRAovh4bSAXVVRNRfMXZO:ZqBSLRkt8l6blSU//+2bFfvA1SQVVRNk
Score

1^/10
behavioral3
- Target
  
  Cloudware/main.exe
- Size
  
  58.8MB
- MD5
  
  1cbbf983223927f30d8bf360f7c5b9a3
- SHA1
  
  7665e7a36f64c30174c3eb089a4bcd37708a09ee
- SHA256
  
  70319165e241903deed47b334507154d51e54ef98dc41ef275584eca6adcb0dd
- SHA512
  
  5bdc6f0ff365a296c23ab354a7c5a0ffded5d4125ec7a2a86d518214ba8041c36b8929ed0f61efff06a3ffd20b84f2cccda841fbf6093e2f3779da9c068559e7
- SSDEEP
  
  1572864:WA6ezIASFPRjqCU2lwBANMu3cTLtsNMe:WA6ezIASLjCBIMU
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral4
- Target
  
  Cloudware/workspace/.tests/appendfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral5
- Target
  
  Cloudware/workspace/.tests/delfile.txt
- Size
  
  13B
- MD5
  
  6cd3556deb0da54bca060b4c39479839
- SHA1
  
  943a702d06f34599aee1f8da8ef9f7296031d699
- SHA256
  
  315f5bdb76d078c43b8ac0064e4a0164612b1fce77c869345bfc94c75894edd3
- SHA512
  
  c1527cd893c124773d811911970c8fe6e857d6df5dc9226bd8a160614c0cd963a4ddea2b94bb7d36021ef9d865d5cea294a82dd49a0bb269f51f6e7a57f79421
Score

1^/10
behavioral6
- Target
  
  Cloudware/workspace/.tests/getcustomasset.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral7
- Target
  
  Cloudware/workspace/.tests/isfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral8
- Target
  
  Cloudware/workspace/.tests/listfiles/test_1.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral9
- Target
  
  Cloudware/workspace/.tests/listfiles/test_2.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral10
- Target
  
  Cloudware/workspace/.tests/readfile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral11
- Target
  
  Cloudware/workspace/.tests/writefile
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral12
- Target
  
  Cloudware/workspace/.tests/writefile.txt
- Size
  
  7B
- MD5
  
  260ca9dd8a4577fc00b7bd5810298076
- SHA1
  
  53a5687cb26dc41f2ab4033e97e13adefd3740d6
- SHA256
  
  aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
- SHA512
  
  51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score

1^/10
behavioral13

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Looks for VirtualBox Guest Additions in registry

Looks for VMWare Tools registry key

Checks BIOS information in registry

Maps connected drives based on registry

Executes dropped EXE

Loads dropped DLL

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13