dfe0dd22539e96209446f564c20a81f632bcadf6e0282b527051ab9a4ed244b6

Sharing

Copy URL

Twitter E-mail

General

Target

InformaalMacrov0.4.6.zip
Size

20.0MB
Sample

240929-f821vavakc
MD5

4168b9dba0f17917de1b9067b2f83315
SHA1

953d697395b8bace877f2f0437688770be757b26
SHA256

dfe0dd22539e96209446f564c20a81f632bcadf6e0282b527051ab9a4ed244b6
SHA512

995dc85ac6a86d6c16490babc66b6edef6766d49ce9787236e6d209d7f05bec691ea58fa4a697777776016f0cee28c6a23a79c09d6412fdf20a2e9eaa0414b7e
SSDEEP

393216:KHlHyHlbybpwNAGWSGuTx9PItPupxkPJaX6RTJ2y1GvijP9SnI1DKMZa:6RyZybp0AGWSGuTxitmzkPsITJ3XJSnB

Score

8^/10

execution

Malware Config

Targets

- Target
  
  Informaal Macro/InformaalFrog Anime Vanguard Macro.bat
- Size
  
  34B
- MD5
  
  c5b5a728fb30ed009c977cac3231aa20
- SHA1
  
  77bcf9aeaa0dbb7533c9fe9034863ad76e3f5ad1
- SHA256
  
  3b287ea3193d5ae799d49ce7ae04167691dd4fc39781a5b666dcc22764cf12b2
- SHA512
  
  af3595c732075a209459e1ae305e17d4ec282acc792151b0fab8a12ce83a172cb7b46c52b5723d54c548a6acf3e6594842922c4e67abf2587f8c9d279017e542
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  Informaal Macro/defender.bat
- Size
  
  1KB
- MD5
  
  a4f35a45aa28c9464a91314193e800dd
- SHA1
  
  91a97efb81f69fbc553bef8a529f31224d855bad
- SHA256
  
  e876a2f135e89e540d75246f15d3ed776ab09519b189775ae2097e353e8b772c
- SHA512
  
  08cf067f0c60ee8b93d663d3998d0805e5f39ce53c935bef33cc501723bf0f45a657439e5bb09a6099fc54252bd218cd997cfb99f70f31d0bdb81dbc3ee0304e
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
behavioral3 behavioral4
- Target
  
  Informaal Macro/dist/AutoHotkey64.exe
- Size
  
  1.2MB
- MD5
  
  d0cc6a21113957474e095fca77d75abd
- SHA1
  
  ea84155577bc74bf65d902425c15543509c80f4b
- SHA256
  
  70031669fef8c365a243322c52df9c3f854271489e67c5a9fc3139f56bc357e9
- SHA512
  
  2ad8fdbbf79934560b42ac6064d86276a7e24f6d8610d163b4d551e736b72b8dd6070e0e0b21599f781ef638be9c3d6aff8e8e3e9b7a2c00be948477b6558934
- SSDEEP
  
  24576:nwdJ+Nl9N8xUD85eLZBjGjfkOD/KwZ3PpfkBumEE:Mylb8xUwQl0jT/H3PNkom
Score

1^/10
behavioral5 behavioral6
- Target
  
  Informaal Macro/dist/Cryptodome/Cipher/_Salsa20.pyd
- Size
  
  13KB
- MD5
  
  b736ee946d6cf2be817dc71d8cd5ab51
- SHA1
  
  448f22d6c3ec66d576ab9773a6266a965d31008d
- SHA256
  
  ddfa617ccf867e40d83a7938c6a0f3a5bd18c265b18b463c32ab7585c39a5c7e
- SHA512
  
  5788890eeebd97ec51a6e9ab4745483b988cfa5bf31695b76651824cfe1cdcdca5c355d24cb8cd4ec353ed7e5c9de4818c084204e0ac0b9e41dc967291874a21
- SSDEEP
  
  192:2F/1nb2eqCQtkluknuz4ceS4QDuIA7cqgYvEP:M2P6luLtn4QDLmgYvEP
Score

1^/10
behavioral7 behavioral8
- Target
  
  Informaal Macro/dist/Cryptodome/Cipher/_raw_aes.pyd
- Size
  
  35KB
- MD5
  
  2a449dc36558991ce6c08acdb99b93e8
- SHA1
  
  663c6da5f141fbc3c19cef5eb13821f1d431598b
- SHA256
  
  1fff03da4c0b342028057a931d6976e8d45ff63e39003cb990899e95d04c1480
- SHA512
  
  ad727b1f3209cb578a19faa1f17f280b861e9be8f9421864dc8b501f71451ac48ec11df93481e6f33ba3a528632f41dc7d1db6125376cb19ec945dba6805af0d
- SSDEEP
  
  384:bf+7nYpPMedFDlDchrVX1mEVmT9ZgkoD/PKDkGuF0U390QOo8VdbKBWmuULg4HPy:bqWB7YJlmLJ3oD/S4j990th9VUsC
Score

1^/10
behavioral10 behavioral9
- Target
  
  Informaal Macro/dist/Cryptodome/Cipher/_raw_aesni.pyd
- Size
  
  15KB
- MD5
  
  260ffb774e6d81efbb00ba62c1bce5a4
- SHA1
  
  63115c762a8b4f7ca8117817badb59a50bc8505f
- SHA256
  
  cfa07caa1e4026753379aeaa5739a2be4b3a5fbb7a5b2133af202aa4461aa21e
- SHA512
  
  08d65970fb4dab1f68341ab2435f5cf1b47e25997dfd64bef45bc75c4d0a6970f509a6f8cfa2b9f4ac93a76734b8d22304a08c6e64253df9a64b848ead33a819
- SSDEEP
  
  192:CJBjJPqZkEPYinXKccxrEWx4xLquhS3WQ67EIfD4K1ccqgwYUMvEW:kURwin7mrEYCLEGd7/fD1wgwYUMvE
Score

1^/10
behavioral11 behavioral12
- Target
  
  Informaal Macro/dist/Cryptodome/Cipher/_raw_cbc.pyd
- Size
  
  12KB
- MD5
  
  9717fb30ef626e6afdb2841b09e992b9
- SHA1
  
  41cde70e45caee67c16ec2f85a252ee9ec0382f2
- SHA256
  
  1cb0883d470bf0f24bcb563bd9c247bd63659f6a224bd961b9368a20589e8197
- SHA512
  
  ae7d38cc9930bdb04128eb79d1de5d4f1e1e32fb6a98f5aa66775919399d471ff010b61e30c7d08446b141e84059047fa2fefc1d0ac58583294f0a99d6cdda76
- SSDEEP
  
  192:NF/1nb2eqCQtkrAUj8OxKbDbHecqgYvEkrK:52P6EE8OsbDqgYvEmK
Score

1^/10
behavioral13 behavioral14
- Target
  
  Informaal Macro/dist/Cryptodome/Cipher/_raw_cfb.pyd
- Size
  
  13KB
- MD5
  
  f5998840565b2446efe4522235ebcf74
- SHA1
  
  fd4f3d9e902b9a6e1d9107aab9668454ae83ec55
- SHA256
  
  10b5ade34be7c513cdb0c1d375e37e3a0de99494732eba81fda4e69cae678e9f
- SHA512
  
  d80b29cdc9766ea5bf25d7ef9c72371e63bf1e0662b759efbe434583db95ccffa3ffb9977620e600d747be28466dd055c4ece709ce675ec6f667c031697f0612
- SSDEEP
  
  192:YTIZRgPfqLlvIOP3bdS2hkPUDkhoCM/vPXcqgzQkvEmO:YT7YgAdDkUDvCWpgzQkvE
Score

1^/10
behavioral15 behavioral16
- Target
  
  Informaal Macro/dist/Cryptodome/Cipher/_raw_ctr.pyd
- Size
  
  14KB
- MD5
  
  c6d62b2f36eeb323aff19b6aad67e8e7
- SHA1
  
  b511de60a528847ae4203d3e0fc2a2fb713167b3
- SHA256
  
  dc4b1435d43fa8b589a04f14b3e30085703b4b7ea6db2e4d2d656b822ebc6133
- SHA512
  
  e8e09059747cf88571f1e75cbd0ee555768fcf5f088983e8e1ae0f59506471e9784235d5d28057eeaa6df7d972934add6fc410af1af2d49d6f871950db2419d6
- SSDEEP
  
  192:WJ1gSPqgKkwv0i8NSixSK57NEEE/qexcEtDryDjRcqgUF6+6vEX:WE1si8NSixS0CqebtDargUUjvE
Score

1^/10
behavioral17 behavioral18
- Target
  
  Informaal Macro/dist/Cryptodome/Cipher/_raw_ecb.pyd
- Size
  
  10KB
- MD5
  
  7def2968588572beeef529c584e8863f
- SHA1
  
  6a12bb1d8fa856b83addebc389f314b2a43437b0
- SHA256
  
  0284e8659ae65422ce90caeb23c59ddfcc5ac57a2667ffaf6fbfd120a745c21a
- SHA512
  
  0bd0e62ff7c0007c42e78a2af7bfd0a396a40a326f69c6ee6f3032b3af3359d733abea4142bc2d80136bf5c6f7e75ba5b9c0b0c4128f7845e853d65e02dd0154
- SSDEEP
  
  192:PzCVddiTHThQTctEEI4qXDg1CkcqgbW6:Pz6Mdsc+EuXDg0YgbW
Score

1^/10
behavioral19 behavioral20
- Target
  
  Informaal Macro/dist/Cryptodome/Cipher/_raw_eksblowfish.pyd
- Size
  
  21KB
- MD5
  
  13ddfa2e1ade08e953c917895ec2527e
- SHA1
  
  d410bb4add1d11d197734ab6d02a8856e08c6b65
- SHA256
  
  96037463c8874a49bcc54452051b41d9fa996ee4c1b3066c04b4762bd75c17d4
- SHA512
  
  8a937dae59d054059f3c72fd50c7b8fd1e13cd513856e3287264d9c652bf507d0d61b4f91439f6885e5ab8c5dc22375fa2d8acf4ec0235d5ee2e7c6d65ae01cd
- SSDEEP
  
  384:iU/5cRUtPMbNv37t6KjjNrDF6pJgLa0Mp8QP0gYP2lcCM:vKR8EbxwKflDFQgLa1ZzP
Score

1^/10
behavioral21 behavioral22
- Target
  
  Informaal Macro/dist/Cryptodome/Cipher/_raw_ocb.pyd
- Size
  
  17KB
- MD5
  
  4ad5cd73045ec630d9fc01f57c6beaa9
- SHA1
  
  d79abe1abeb917d403cd48bad9b0bcf22fa6fca3
- SHA256
  
  5d325810ebbc8520b9281471d128808bc4338afd939b9d454edd66f09aa08e69
- SHA512
  
  380c3e377d179aa19f0ba4ef42061f57078eb89b75c0d0817824a8eba0886ddb431c65ca5e2bb47f592a38f6c3cc1ef0793eff05135463fb401088156f2dd8d6
- SSDEEP
  
  384:KPHdP3Mj7Be/yB/MsB3yRcb+IqcOYoQViCBD8Ig6Vf4A:sPcnB8KEsB3ocb+pcOYLMCBDi
Score

1^/10
behavioral23 behavioral24
- Target
  
  Informaal Macro/dist/Cryptodome/Cipher/_raw_ofb.pyd
- Size
  
  12KB
- MD5
  
  bd385b4d447711a590f69b631caa65df
- SHA1
  
  5ac9f44043cec1049129af9cbe48fc678b3fc1a0
- SHA256
  
  e5247aaee8849bd50cd6f956ff7ae73dee8bcb14cdbac63de2bd8fcd8d5898d3
- SHA512
  
  f430d43cd87611a88df305808e246454499b5f3fc53481104afbafc00a2638ea88b32d39a556f5fdaaf1099e65c73680c70213c2f51c588bb370fc18fd6b7210
- SSDEEP
  
  192:MF/1nb2eqCQtkgU7L9D0c70fcqgYvEJPb:G2P6L9DBAxgYvEJj
Score

1^/10
behavioral25 behavioral26
- Target
  
  Informaal Macro/dist/Cryptodome/Hash/_BLAKE2s.pyd
- Size
  
  14KB
- MD5
  
  8d1902d5dbb1f8d12f964c1f0b125399
- SHA1
  
  9961eac49419e6916a08d16b2a7740ca395c3e95
- SHA256
  
  2073e5156f75b1b2f11723126ed6474d963b1b94c2936a54f5de9f16729e643d
- SHA512
  
  f3ac69844ae28a046b31d032fd896770fda0e03093e21ad35fae3353913600b424ba8e83aaba22b56e1e2aca419d9ba1ee94baa291e34963ac18d263f37a35be
- SSDEEP
  
  192:GF/1nb2eqCQt7fSxp/CJPvADQpntxSOvbcqgEvcM+:82PNKxZWPIDexVlgEvL
Score

1^/10
behavioral27 behavioral28
- Target
  
  Informaal Macro/dist/Cryptodome/Hash/_MD5.pyd
- Size
  
  15KB
- MD5
  
  f4b238bffc04d34ff9fb509141f58b52
- SHA1
  
  7bf15ad20c48e5f4960a5d3bfad5e83d08b1114a
- SHA256
  
  90d27d5ffffaa94d1d01e23fc90ff657ab44d632dc595c7c17e8b7b94152f3e6
- SHA512
  
  b5a61b0253d91bea1dd7d16e7c6c059040f556021a03397cc940fe0c1273f1c5003ceca9cced03a9a189613b84404e6341f6f9591d2b2e8716360f2cffb8a9da
- SSDEEP
  
  192:1Z9WfqP7M93g8UdsoS1hhiBvzcuiDSjeoGmDZFRBP0rcqgjPrvE:oA0gHdzS1MwuiDSyoGmDbr89gjPrvE
Score

1^/10
behavioral29 behavioral30
- Target
  
  Informaal Macro/dist/Cryptodome/Hash/_SHA1.pyd
- Size
  
  17KB
- MD5
  
  22df527f40ae3c8e6eb5a7931f487b20
- SHA1
  
  7ce2893f7e2c672899dd1b871a92559688f854d9
- SHA256
  
  8faba5b380b2991a7864ed35d46164dfcfb4cb5bff5b683dd3bb13b3d6046ac8
- SHA512
  
  9d331dd53ddb11f74ee6f17b97caf38fec6a4558991209837791363e9cdfb9ef3928cc538fb5103b2115dee4e586effd318d732320a652be7db11f780d8dfa5d
- SSDEEP
  
  384:PPHdP3MjeQTh+QAZUUw8lMF6Dy1tgj+kf4:NPcKQT3iw8lfDIej+
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Command and Scripting Interpreter: PowerShell

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32