General

  • Target

    LoaderCerberusVIP.rar

  • Size

    78.7MB

  • Sample

    241031-xlt56asfpn

  • MD5

    d79a22c91816897db66bf1035a1bc585

  • SHA1

    1bb75f7d7f80aef05f98596b92ba393414b94716

  • SHA256

    945bf08a9fb25a834da26364960b1d3caeba019b80b7e1f3ce4220b567c85631

  • SHA512

    48ea0d498b56761254f2e14892d901fcbe718251d6e4bab8d7d7cb8b02c6bc253e5813bc9b621fc30f587b710b6cca45b2399c20028739ab72005f917a10e5ed

  • SSDEEP

    1572864:OIdVABMBNVHcktVmn6LuhXAoS1LG6L8SrGvaQn+ftGi7KP:Oe7VXtVmnWuclGxSO5+ftGvP

Malware Config

Targets

    • Target

      1Loader Bypass VIP 3.4.exe

    • Size

      30.6MB

    • MD5

      a13004e5c12b677cda08b43fa256fdf4

    • SHA1

      aba4dea9806ae25cb9cfafc52fb863fa161db868

    • SHA256

      7d64934a49d0947b234084ac1d4c2c6c7bdf5a4c5146f255d5570d8b24ed4aa3

    • SHA512

      f187f7fe571b5ba47c3ab75de9d797af9ed8c988870d0dcbc165783107b30981457e3708fe89d8ab0b08f18ef8df3d23a064d947d244061f37809f5fc691b0f9

    • SSDEEP

      786432:k2A6xqW4cLV92MtIeBzj0hlsUBPiB9VlsDioXauEHm+iEtWCwjob:46sW4cV92MtI2vKBPipyDnKuEHzWH0b

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      AdbWinApi.dll

    • Size

      104KB

    • MD5

      3087f2106433219a76510241bff024b3

    • SHA1

      2cd243dcc5158b7e17df3b8f9c901ab8e8ee3512

    • SHA256

      74df4d288dcd7bae1f5ebe7d60236fc4b7b16d3959e1041321880e0ac405b19e

    • SHA512

      f652436d0d5550801e91958e8e68afc8bf9074fdbaed856b6f8440932ee801304b9aed5b9ab47a4434e3970108c9e84fac1a15fa64aacec71c29008ff4c0dde0

    • SSDEEP

      1536:apCxybY0FS6MqS6WvgD9xj03TabrFvY5J6sCGtdjk:apo0k6ZWVTaif6sCGX4

    Score
    3/10
    • Target

      D3DX9_43.dll

    • Size

      2.3MB

    • MD5

      7160fc226391c0b50c85571fa1a546e5

    • SHA1

      2bf450850a522a09e8d1ce0f1e443d86d934f4ad

    • SHA256

      84b900dbd7fa978d6e0caee26fc54f2f61d92c9c75d10b35f00e3e82cd1d67b4

    • SHA512

      dfab0eaab8c40fb80369e150cd36ff2224f3a6baf713044f47182961cd501fe4222007f9a93753ac757f64513c707c68a5cf4ae914e23fecaa4656a68df8349b

    • SSDEEP

      49152:dbCJsk4VlPXA+15Om5wxw9Qsi55K+31BhZ64nW:YIIBnW

    Score
    1/10
    • Target

      msvcp140d.dll

    • Size

      977KB

    • MD5

      37dc8cc78ecbcd12f27e665b70baefa7

    • SHA1

      46fb9910cc10c4c0c52b547700e1950ce233be89

    • SHA256

      b53add5b7bd6bb11fecc7be159885d0b75736d02423c11edc6eeb6f4bea80f6c

    • SHA512

      078b0b408510c07eac85518f03a9e3fac8e4c8e2e36ccb8cd26962498c7f5bedbd79f7034af3ebfef9984f85d81c9032446b1b5c156b2174a769657ea0ab60a1

    • SSDEEP

      24576:NWJjEJM48ZDBXci9fHQEKZm+jWodEEw9N2:NWJjd48rJw

    Score
    1/10
    • Target

      ucrtbased.dll

    • Size

      1.7MB

    • MD5

      c3130cfb00549a5a92da60e7f79f5fc9

    • SHA1

      56c2e8fb1af609525b0f732bb67b806bddab3752

    • SHA256

      eee42eabc546e5aa760f8df7105fcf505abffcb9ec4bf54398436303e407a3f8

    • SHA512

      29bab5b441484bdfac9ec21cd4f0f7454af05bfd7d77f7d4662aeaeaa0d3e25439d52aa341958e7896701546b4a607d3c7a32715386c78b746dfae8529a70748

    • SSDEEP

      24576:JUV0C8E3W4JoceLErS6P0qoc6uoPrT5PgVBHmaw+zrGOzli7Gi0m9ZRXyYk:i8/B90ozghlGJ7js

    Score
    1/10
    • Target

      vcruntime140_1d.dll

    • Size

      58KB

    • MD5

      868fd5f1ab2d50204c6b046fe172d4b8

    • SHA1

      f2b43652ef62cba5f6f04f32f16b6b89819bc978

    • SHA256

      104e5817ece4831e9989d8937c8dfe55d581db6b5bc8e22a1b492ca872eda70e

    • SHA512

      402a0402b318539f26eac2fcd890700d2103f8eabd4b5289b64e2cdb5c30f4bb2b18f342c8a1ecc2cafb3f1d4258387a5300f9a86056f27b176b3fe995f9fc9d

    • SSDEEP

      768:BoKFGMoBcNmO1Um5Y/tHvzvlurMiqWJ8XAG:+KcM3m05IHT+nyl

    Score
    1/10
    • Target

      vcruntime140d.dll

    • Size

      128KB

    • MD5

      f57fb935a9a76e151229f547c2204bba

    • SHA1

      4021b804469816c3136b40c4ceb44c8d60ed15f5

    • SHA256

      a77277af540d411ae33d371cc6f54d7b0a1937e0c14db7666d32c22fc5dca9c0

    • SHA512

      cd9fc3fc460eba6a1b9f984b794940d28705ecb738df8595c2341abe4347141db14a9ff637c9f902e8742f5c48bbb61da7d5e231cc5b2bad2e8746c5a3e3e6ed

    • SSDEEP

      1536:QB6NlnzaWMj6FBknM+eHLEQE9gHAWdwfP5sd4Sohg7vMHvqZecb399R0BqZEBFP:QBYl5MOcM1HAb1wM0ecb39/0BqZEjP

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks