0c0d0317981aaccbc47b6ad8179020837648e3b81ac0c26de395cf5ce6ac2d1c

General

Target

Artemis.zip
Size

1.6MB
Sample

240930-l1g9csyfml
MD5

1b7f48b8dd8e28c8828871b9bc7bb6ae
SHA1

2834baf78b7c97cda7436c0b35b088e286f69091
SHA256

0c0d0317981aaccbc47b6ad8179020837648e3b81ac0c26de395cf5ce6ac2d1c
SHA512

97a8d780df5fc41495eddff77ca7dc7f543137be39af3d90968d3ff4b0f5e299ebf7ea1f8289b0b4fda755c927c7e5998125211d5fcf89c868f57b56630d8dd5
SSDEEP

49152:VacwC6I7dtTOsl/DAZMIR3ExyUwkoWPkjfzamI5:mIhksl7AsyTkoWPcLI5

Score

8^/10

Malware Config

Targets

- Target
  
  Artemis.dll
- Size
  
  2.3MB
- MD5
  
  ff5398ae17c9e829a6b0a00d930d1af8
- SHA1
  
  f59549f4ef0b2fb2152916154cec1911e09de0bd
- SHA256
  
  b4c0b75d62763bebec0d16c2108f714b2c2fef22c9c520964398d9202a1ca954
- SHA512
  
  4ed1dbebcde12c84f12c3febdbbad562f42da0bb65c43e7dc7b8213b93bc3609de39683c13411966f1667a03c06b279f509d4da26c234963215022d17d0e46c6
- SSDEEP
  
  49152:lLULMzHf/cHSk0n2Uo/7HG+ZHDNy32i78:GLsY2n2Uo/7HG+ZjNT
Score

1^/10
behavioral1 behavioral2 behavioral3
- Target
  
  Artemis.exe
- Size
  
  1.2MB
- MD5
  
  6d6ac0135187d979f9a24d4960803cb4
- SHA1
  
  495a6825b9bff60866883791185e84e93f507d12
- SHA256
  
  62f05fd35bdb0bf22444a389b483b5fdd52a43cfa5dca80b097360a48128a03a
- SHA512
  
  977c5d4d806708d2aefc27c1a8b6c1412009cb4a8b0509ff516c0a2ff6ed0f5bc982ab0397fbbfc8627ed91010ac247d54b8f3c94258d1b80d3c226ee56f1fd9
- SSDEEP
  
  24576:Q+y83yX1PoUvcUMfPIOK2tOK02WokflCYH+7PK0lOnkh0lhSMXlb0niTXpw5KC55:Q+nWQUbMfPIneMllCYH+7PK0l6JwniK
Score

8^/10

defense_evasion discovery evasion persistence privilege_escalation trojan
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral4 behavioral5 behavioral6