15082d63b8d260ab182000b054b43679961bb1086ea8fdfdd53833e6148b3c55

Sharing

Copy URL

Twitter E-mail

General

Target

crack.zip
Size

22.9MB
Sample

240914-h6pzlssgna
MD5

9ba83e0b8e55bf950de08bf9cfe0d2f2
SHA1

a982b4dcc1a197aad9e81a22aa13212e18e9202b
SHA256

15082d63b8d260ab182000b054b43679961bb1086ea8fdfdd53833e6148b3c55
SHA512

9e37678ad1161709e0ad22d49a6f548579f87c6e83fb43aaa1c8e101f1c949a680a79261969658aa81d1a6ef2843d2a6df3f3aa16184d95e19853c4a716733e1
SSDEEP

393216:uuBv7rsGjaaMNWdz1AXCLH2RB1R4spIYlWuijCpz/P0KLiGgsU:jBfZjzjdz1KCLHq1R4spdWYprpLiHZ

Score

9^/10

Malware Config

Targets

- Target
  
  Defender_Settings.vbs
- Size
  
  313B
- MD5
  
  b0bf0a477bcca312021177572311e666
- SHA1
  
  ea77332d7779938ae8e92ad35d6dea4f4be37a92
- SHA256
  
  af42a17d428c8e9d6f4a6d3393ec268f4d12bbfd01a897d87275482a45c847e9
- SHA512
  
  09366608f2670d2eb0e8ddcacd081a7b2d7b680c4cdd02494d08821dbdf17595b30e88f6ce0888591592e7caa422414a895846a268fd63e8243074972c9f52d8
Score

1^/10
behavioral1 behavioral2
- Target
  
  dControl.exe
- Size
  
  447KB
- MD5
  
  58008524a6473bdf86c1040a9a9e39c3
- SHA1
  
  cb704d2e8df80fd3500a5b817966dc262d80ddb8
- SHA256
  
  1ef6c1a4dfdc39b63bfe650ca81ab89510de6c0d3d7c608ac5be80033e559326
- SHA512
  
  8cf492584303523bf6cdfeb6b1b779ee44471c91e759ce32fd4849547b6245d4ed86af5b38d1c6979729a77f312ba91c48207a332ae1589a6e25de67ffb96c31
- SSDEEP
  
  6144:Vzv+kSn74iCmfianQGDM3OXTWRDy9GYQDUmJFXIXHrsUBnBTF8JJCYrYNsQJzfgu:Vzcn7EanlQiWtYhmJFSwUBLcQZfgiD
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral3 behavioral4
- Target
  
  Flexlm/RLM_Redshift_LicServer/CGHotman_Redshift_Server.exe
- Size
  
  7.7MB
- MD5
  
  b0d6ae3bae0ecf922835e88f0d2651f2
- SHA1
  
  ca62d67d5eeec91bd5d7b683198af9b5c3afe396
- SHA256
  
  802ff85804d2980c56a008faaf630d43fbabd1cf3926d154189fb482d9e64948
- SHA512
  
  26fc0a5e5fa3e1849afc4090cb74edb712f72a12495026d3d90d4d75190ce153d340c63d3ee57c32fa5810637d8598442de240c9e27a3f149c8d7fcfcac0c87a
- SSDEEP
  
  196608:1s17JSE4L3c0+njos7ZnAz6J7Cul06xy1QpwoYdj:15nojbZnyuplBw15Ddj
Score

9^/10

bootkit evasion persistence trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6
- Target
  
  Flexlm/RLM_Redshift_LicServer/PatchCode.dll
- Size
  
  352KB
- MD5
  
  6f4d1ca799db5b697020b766cb4e7e0c
- SHA1
  
  990c3115d2735e21372172bc68582942baa345fd
- SHA256
  
  ba6bf08993a7af731350c033f0d8baef60cbf1be1dc7b5470ffc94346694d3f5
- SHA512
  
  d8c5de383d5fd458313b0d7dc90dfae058c31cac2c082e3f59b7aee68d03b7d6bd97eab461aa553d796e7b598f7fd4cca18d217f38f7182b2e06b1b705bb6045
- SSDEEP
  
  6144:h19DH6EvbWViXhlDMRbFiM1JtwXJNZrxwcjWcNOR3dSk:BDH60bWViXhlyFiMntjc
Score

1^/10
behavioral7 behavioral8
- Target
  
  Flexlm/RLM_Redshift_LicServer/start_rlm_Redshift.bat
- Size
  
  980B
- MD5
  
  25300a269b8dd5c89876495ef98088cb
- SHA1
  
  0131acd6ef015b165b29dd3bf488011eae74dc8f
- SHA256
  
  0920c2445e2af510161894d000726dc9e0dc2b1df90bc10184fd09a92eb68ec9
- SHA512
  
  4ad63a12be7f235d0991844ddd125bc2001e7a6bb66daa2205676a49a8c5d9d904e49526da4a53bf341a1a98fd5895eb3e6bd51309e1b79ac0d504fa19c0eb71
Score

5^/10

discovery
- Enumerates processes with tasklist
  discovery
behavioral10 behavioral9
- Target
  
  Flexlm/RLM_Redshift_LicServer/stop_rlm_Redshift.bat
- Size
  
  871B
- MD5
  
  dd42a41304b17ecffaed8c5c41a425cc
- SHA1
  
  08facc23eb93a58b816384533e4c16c975bdeabd
- SHA256
  
  ecd34db7e7aff5aa843f048b64f76ad19c4123d6d77616855a8613eb0c111458
- SHA512
  
  ca8c16242aed2b842d6e7859109d4ea5c9efb435773af0b52304f9531274f57b50883ea6950e2672ec5fc3dd3f7503f57e04d21122b5417d3e6a7e398245bfd9
Score

8^/10

discovery evasion execution
- Stops running service(s)
  evasion execution
- Enumerates processes with tasklist
  discovery
behavioral11 behavioral12
- Target
  
  block-network.bat
- Size
  
  1KB
- MD5
  
  138e11a6ce35f64ce29c50bcbf2ccda6
- SHA1
  
  6350bc57b36c94e6d02738465bcd487d5e28876b
- SHA256
  
  63489de63aec61f65ccad8bff5c7909b6a07838b47169681512558d4d3685c15
- SHA512
  
  e68f596ae7edbb3e839f2f0752289c546e9cf3511eb771c08d2d3ca4de8a46c91439805e611ffaf32d545847a9607be725bd0a11cfd3861a7d3f304e3e7edde0
Score

1^/10
behavioral13 behavioral14
- Target
  
  clean-before-install.bat
- Size
  
  579B
- MD5
  
  5a3a73772412245ee7bed6122d8dec42
- SHA1
  
  cd26b631afff5bce55a3d6c0b864855d03c44eb6
- SHA256
  
  8902569579c5125ca8da3ea157729c01b246bfef7b727bdb0dbc1d85695e6c53
- SHA512
  
  9a7c65750ec55b63b471e55584c051327402bd3008afcb9e7f6ed7af036b05f835ba249cfa269c3233f57f61338db66d6c85726dc87aa27338ef483b3a473070
Score

8^/10

evasion execution
- Stops running service(s)
  evasion execution
behavioral15 behavioral16
- Target
  
  exe/VC.dll
- Size
  
  352KB
- MD5
  
  912f9472b0a8c5d467c5c35d9fc4887d
- SHA1
  
  77c59f71674726fed7619f0e9aff7cc3bab2ded6
- SHA256
  
  daea44d2a2c4aabfc74d88e2eee1a40c77057606d2a8341ca7670ed6e1a77068
- SHA512
  
  86ff9149f210d7d5c070523e55fed022b8e98e8871b7dba18ffa5a136b3daae8cb3724897ddfd6af6f31c3b6a4126439d142b39046e920f9b53c1aab16c8c7f2
- SSDEEP
  
  6144:2w/rPlhctwa6iXh0cM04cEI+NcYSLyAOrhwcjMMGmYIrEUEa:brPlWtwtiXh0uBEI+eYSJMa
Score

1^/10
behavioral17 behavioral18
- Target
  
  exe/VCRUNTIME140.dll
- Size
  
  5.3MB
- MD5
  
  73dc0eb11eb9eb17e48d1f0b2828c4d3
- SHA1
  
  d5008d174c12b8a7d3c0d566296e964b61959383
- SHA256
  
  3dd18e207c2dcc3e48a678eaf1ef498043d3abc6bad02c17ea16d6fc4f6c25f8
- SHA512
  
  8b76223f8b2369b72cb96dbf852335663d7e110771d148dfca2ce828d18b6e76a44a127a52f6a4cea6948d0d51624b1771837c170b6404e844bc46034fe6fa6c
- SSDEEP
  
  98304:QkulTNF7ipgtYfJTCv23Az5NJZYr8UUmUtkume7al7/X6wasDiaqfq:nGNdAgufJTCv23KrQrWml7+sGaF
Score

9^/10

bootkit evasion persistence trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral19 behavioral20
- Target
  
  exe/version.dll
- Size
  
  5.1MB
- MD5
  
  5e9ff92f32c567e00a501c194f6aa507
- SHA1
  
  e7bb3dfb31cf8e9cd48de558b648b3868ab63269
- SHA256
  
  4f7c6ba05f9c2d4b847e898dd5eb33004a9dde0782d17b182768d301ff5d06a9
- SHA512
  
  2edd2b1f66a01663e67570c546e72872f70a995f9dcd27d9619258023400bbaa6b15f41dd48601e08572c0aeac1cd3f0eeb5fd7a3832e1dcd6af6acb889b0720
- SSDEEP
  
  98304:N8isYLlc4EqtHscSK5hilPNyEbeGV34tyAg3HuW+j3svi7EqPldcI9hY:6isYC9qtMYaPFbey34tyvr+j8axldcI9
Score

9^/10

bootkit evasion persistence trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral21 behavioral22
- Target
  
  prs/version.dll
- Size
  
  4.3MB
- MD5
  
  8a2fc7ebc76da1e8678935f5f4a44ed7
- SHA1
  
  b48c739c9ccdfa2754debc6eaf43b9604891725e
- SHA256
  
  8ad2ddc42e5f00c1a88193ad89c1cc65fca983122d705155534154601c9ce28e
- SHA512
  
  6f5afab2261d9078a6f809f8bf40799fed4136cb33a96138efabc704dba140348542c29d2a2ed128cba7ecb5b0d0de138031c9d76a54c651599a66edd6c58825
- SSDEEP
  
  98304:iIlGfN1CcHe3M6GeQRqIajWggLdWSor0dflm9Qx3g5wwaW5xe6jL:hlGfDCYe3M6usIWWfvoriflAQxQdaWzL
Score

9^/10

bootkit evasion persistence trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral23 behavioral24