cee065a78a687c149c7c7410b734290b33ed7d665121de0283311b2c868fa117

Sharing

Copy URL

Twitter E-mail

General

Target

new21.zip
Size

38.0MB
Sample

241101-vgtygs1nex
MD5

67273f4daa2a3c49c9574efb174914e9
SHA1

051edd6e08fbaad846512826580a281a537fd10f
SHA256

cee065a78a687c149c7c7410b734290b33ed7d665121de0283311b2c868fa117
SHA512

355db37e64c16d05519c6cfb8262b6fb818a2ea0a357a693a59167067b9dea955e3efe30f9db75b165a0febd3f83bd40b274b2a111935a3bc7fd5b5df61fee57
SSDEEP

786432:KJI1fZGz+1sKJjfbkEcAgt+V+6mOFRmqAc4inPfbbnIlfP0wk4V/546F+QrOz62V:9ZUFKlfb1cAVV+lKmqAcDCrjs51tJzt

Score

8^/10

Malware Config

Targets

- Target
  
  7zxa.dll
- Size
  
  74.9MB
- MD5
  
  7debcf459eda4083f84755ebf4f86b2e
- SHA1
  
  836415a2569edece9d171eb5466e2937cd6ac968
- SHA256
  
  34aba14b155a63db5f40ca0784104bc1003c5098752c52e726ee34d51bfabbdb
- SHA512
  
  607b39c4836c408db19a8739c44af1da0b39398b009c356162fbef28faeb4cd8ae811dcffbdf3b20b411376e45593cfabb34a83f3b8f3c8a30cb576d29d9f63b
- SSDEEP
  
  393216:FN6KVjMOasRE0Sepz8A6AUPattEG2aEUbwi5iHEJIa5yJBz7h8zxPtYLx5mYfAHb:Vj0X3A2z5H8IaIp8zxtYd5mYfc
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  BLOCKBUSTER.dll
- Size
  
  415KB
- MD5
  
  dac35720be4d4105234c4c99208c43d9
- SHA1
  
  ca13aec5182035ac053004d51ddf4ec9a018b494
- SHA256
  
  dadf7277164ac0d065fead44b1ed3e3fd9bccca39315ab35def952036a0b0b80
- SHA512
  
  e4fff267040503457de828fafaf73c7a1c095ff87e85bd6cc9d1991193a8a1e51faef1ddf9ea5400849a6aaba9793dd9ffa68e032a293acd134f3274d05aa525
- SSDEEP
  
  12288:UtoqntFyEUT4agzv5asqKIBqbGoLJV3Tvl8M8CIh5:UtoctFrUTVg9asqKgOxJV3T6DCU5
Score

1^/10
behavioral3 behavioral4
- Target
  
  BLOCKBUSTER.exe
- Size
  
  9.1MB
- MD5
  
  74d3f521a38b23cd25ed61e4f8d99f16
- SHA1
  
  c4cd0e519aeca41e94665f2c5ea60a322deb3680
- SHA256
  
  1d822b3faabb8f65fc30076d32a95757a2c369ccb64ae54572e9f562280ae845
- SHA512
  
  ec1c8b0eb895fd8947cad6126abc5bca3a712e42475228b9dcb3496098e720abb83d4cba4621edbd8d3ad7f306a5f57ced9c2c98fe2c2d0c8ebbbf99d7faf0f1
- SSDEEP
  
  196608:bmFQso3Id5AypjCIN325pMKhQaLh6sOo5LZvqy1f:OQseId5AyZIpMKVLhJtJqS
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral5 behavioral6
- Target
  
  hcx.dll
- Size
  
  398KB
- MD5
  
  287c055b14d6ab41b021486e4fef3708
- SHA1
  
  d705e8d163d60b39e0265e30a56966c58323bef3
- SHA256
  
  3976547348f3cd6887ad0bc6a1f1f54010b58ca5cc1a77a937e882def475ab9e
- SHA512
  
  fbc627c5d06ff4440d67f7fe97ad187bf6b6472ce9f0584e7ad3d1a391e7006db97d81ac6800a80bd8304172959f01a3bc72c55773d421f2332148731a71f0b1
- SSDEEP
  
  6144:tQHhNFuDiobkJcsXKrh86ZAASiFt5jiykLQIW471VOuGHT1H7EqQ+hOO1l:OhNFuvgJV5hDiFd8QIn1QbHY+wOT
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  unrar.dll
- Size
  
  174KB
- MD5
  
  4289541be75e95bcfff04857f7144d87
- SHA1
  
  5ec8085e30d75ec18b8b1e193b3d5aa1648b0d2e
- SHA256
  
  2631fcdf920610557736549e27939b9c760743a2cddec0b2c2254cfa40003fb0
- SHA512
  
  3137a7790de74a6413aca6c80fd57288bcc30a7df3a416f3c6e8666041cd47a9609136c91405eee23224c4ae67c9aebbba4dd9c4e5786b09b83318755b4a55fd
- SSDEEP
  
  3072:4Jb18kAn0/QVt5ch1fIBNXaQpZj1JtmosqpdFBVhz3s5xqW3W5/9rSgvWFI:g58kA0/QVPch1QXK6HmosyBhY62Y9Lee
Score

3^/10

discovery
behavioral10 behavioral9