cace3079524d2060fcb48be98c6ce547f603158c71f01a11c273281bfe97b296

General

Target

cace3079524d2060fcb48be98c6ce547f603158c71f01a11c273281bfe97b296.zip
Size

4.4MB
Sample

241003-ch7xmasfng
MD5

c1a97c76fafb1ee4386c114860d65974
SHA1

9eab8127e865cbd3abeadb148fe1885b4109219d
SHA256

cace3079524d2060fcb48be98c6ce547f603158c71f01a11c273281bfe97b296
SHA512

e4a5739c52dca6abdc74bf433a381272d718787c8b94ad581279f6f546e941eea8e95d4367bdf5c48a5bd5167b8b24ec77fcc1300cf79c297c1c1b9610708f3d
SSDEEP

98304:YZzk3chsIqqhhbeTXMP5dTUtaSGGwlmux0elYl4l3Ch3xLqD:Y+tIPhhiYXUtzGGw0uGelYl4QxLqD

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/massgravel/Microsoft-Activation-Scripts/b1b5299c4725d97349b18b59061647198f7cc59b/MAS/All-In-One-Version-KL/MAS_AIO.cmd

exe.dropper

https://bitbucket.org/WindowsAddict/microsoft-activation-scripts/raw/b1b5299c4725d97349b18b59061647198f7cc59b/MAS/All-In-One-Version-KL/MAS_AIO.cmd

exe.dropper

https://codeberg.org/massgravel/Microsoft-Activation-Scripts/raw/commit/b1b5299c4725d97349b18b59061647198f7cc59b/MAS/All-In-One-Version-KL/MAS_AIO.cmd

exe.dropper

https://rochaservicos.online/www.zip

Targets

- Target
  
  OrcamePDF.exe
- Size
  
  178KB
- MD5
  
  7cd87f8ad0cd8279f8699cd441238338
- SHA1
  
  523c83c22647164b7e7465fecaf798f3be5ac2d8
- SHA256
  
  71a7f53796731bd270704b825af080d1e84e2bb4d2184bb77926cd895dc87214
- SHA512
  
  b5ee28a24ba6fc4bb0e8a5b0c1a5adbfac204be43635ad99998bd4617726a5b5f95876dbdc7807b30cc74569b431ef7eb4a540f3e62b759e2fb36df9cff10796
- SSDEEP
  
  3072:k+sGBD3O9O6qe+4T+vqwqYROyCUbSIMAAAAAAAUAAAk2o5U:kZGBD3O9O6qe+4T+vqwqYROyCUbSDv5U
Score

10^/10

discovery execution upx
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  QtCore4.dll
- Size
  
  2.1MB
- MD5
  
  2fe0599b45e4f112cedc69986d10d21b
- SHA1
  
  3391843c5ddde45b17df309fe182c8dee1cb862a
- SHA256
  
  29aba16000167af9217510f93e6da8def731a8a5132024a7b7d1ba4c9116b7a9
- SHA512
  
  daa55eb9c223433b4d332e6aa40f2558057fcf98b01cf17f8aa68c9f53ffee9c56a86127efb37f7904282f7670608be9b4813a758d134e4c3ab501b4d0bdf39c
- SSDEEP
  
  49152:tU6a2PjSQTUEZtQqhJXbQKFdu9UTj6ep+Tqv:/vjT9sKFdu9WpX
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  QtGui4.dll
- Size
  
  14.0MB
- MD5
  
  037deff0b71fe3256c8fdedcbbc6d99b
- SHA1
  
  ff3d8ba7856ba50f813550fd27d034ddc3fafd92
- SHA256
  
  2faf62fe1a6b12ef73bd2cbaca87f729fe2e4a7473819f64562f0883baa516bd
- SHA512
  
  0dcc531605495ed4a9f2f4a8aa446fc3b9736ee9b4d2094b7611738131a81ac45ae9e707c5a5342c8cbd0c9be1b824fab9b95a58f9de2af78391d711dbe70953
- SSDEEP
  
  98304:ptevagZxEeF1Uky/4Yz4yfluiTn+gpDb1H3rZjRalZLCwpokCFCxJD9LKvq:R7ky/4Yzvf8iTxD5bFq
Score

3^/10

discovery
behavioral5 behavioral6