f578d77e5264494fd9cf4b740953b12b348745c43cc256cc5339c6a91413f909

Sharing

Copy URL

Twitter E-mail

General

Target

$RFDB4ES.rar
Size

13.7MB
Sample

241123-v2gtnavncj
MD5

f43a112608b3f0973436b37d87b0a52b
SHA1

560e06b4b1158691db16afc64100cd9bc6d4b616
SHA256

f578d77e5264494fd9cf4b740953b12b348745c43cc256cc5339c6a91413f909
SHA512

aca61d94c6a13e6620d5f0df240804dc71c049bc53ff1d53a3ae50a7a22f2a6ade7effba6be7d60367fe3d5c6ab3124931ed38c50240f933fdb98fea72782721
SSDEEP

393216:1NfaZPrGlu2oRZ2+JmaFiTH3K+cFIoRZ2+Jmag:raZPaIRjmaFyH3Vc1Rjmag

Score

9^/10

Malware Config

Targets

- Target
  
  lcb spoofer_updated_quack/Loader.exe
- Size
  
  7.6MB
- MD5
  
  e4076e54cccee49cee936ad763a0e46a
- SHA1
  
  7aa026b03dd0532fd9f9677624b38729c43bd506
- SHA256
  
  7f0109b00a1e644a7af8c517fa8749d764d952434f3e192990e97a64b54ad4bb
- SHA512
  
  0cca0c2b9e45713a5ed89e1055c7bec6f6bbfe1db31d66b549bb82a8e8f7902096b27bae53f15f65641d0f885be3bfd18759ee04e7fd2274ef75f392b62aca5d
- SSDEEP
  
  196608:pkbgJsau4PqC1qLAgz27O7PNYODgH0ZW0dTqnc52:ebgFu4PqC1qLAgh71rzZJ2nc
Score

1^/10
behavioral1 behavioral2
- Target
  
  lcb spoofer_updated_quack/Serial Checker.bat
- Size
  
  831B
- MD5
  
  119a816fb17e3c634deda5fa650bbb50
- SHA1
  
  ee6fbcfe647a2b943e991797b08e10e2dd9eef5f
- SHA256
  
  8e04607e18f90a99e360f4bffe37102b20006143859c87ae845694512b41094f
- SHA512
  
  78d69503835da46a427afb50fd3dcb7d0dc246b89751d42533afb8bf8a0a0e5f78f78d350507460b5b421af0ae4b822ee2a435ab1962bf411fa5d94a663d6e2d
Score

1^/10
behavioral3 behavioral4
- Target
  
  lcb spoofer_updated_quack/cleaners/FortniteCleaner.bat
- Size
  
  1.5MB
- MD5
  
  2429db21a224c48fa6b17e55a6762328
- SHA1
  
  f86eb0c2de25e8970add83b66253d3f18b0994e1
- SHA256
  
  365685c1e71944bc955c6be46cc33a44099bcb0f8c625228e89445f18866b778
- SHA512
  
  0487e79a9b2b427f8c0e5bb860e78039bcf29626bd58ad8190df858fcfa130d15add3fcd350cdadaccbc1d2e13f822dab76e418029d692d2ccd972594b4c0e23
- SSDEEP
  
  49152:9TOB4ynYygOvXsMruROZyUpWvWOLZkORn:b
Score

1^/10
behavioral5 behavioral6
- Target
  
  lcb spoofer_updated_quack/cleaners/Midnight.bat
- Size
  
  104KB
- MD5
  
  98c35392bddb76264b1004a0dbf67236
- SHA1
  
  2a32cd70da5f7a7fd43952d066f705538e980191
- SHA256
  
  5a21145b429b84651b8b30506382c7643e631bc917de152d70cf6aa8fdfb15b8
- SHA512
  
  532b6a175755d340f8f5424dadbbd1ee0dac1680979e2365000024a63d226869c12384600597276217b73be7664fe6735da96fd6fb9dc1bd8fa6a5208c219202
- SSDEEP
  
  768:l/KZzmezl/svUsfg8gVhCBL1oPY8xC01n5xpoL8oPlRPOpL5LvLpLjLgzJu/:Fg8gU61nvplxL5LvLpLjLw6
Score

8^/10

evasion execution
- Stops running service(s)
  evasion execution
behavioral7 behavioral8
- Target
  
  lcb spoofer_updated_quack/cleaners/Toruney_Cleaner.exe
- Size
  
  135KB
- MD5
  
  03c9069653a814dd3a0d69d1431145eb
- SHA1
  
  d57ca643bfb63dc9df696054ff12770132a81038
- SHA256
  
  d5b857f4972fea91c9d476905d4fb6f80de89df311da0dce83adfbef4d32d1b3
- SHA512
  
  b7958fa0c0d2953ed4062f2e241f982377b4b0f990a179da9bf328a39e0a00b79ee76a537cd42482d2d782e33e36f390c85585d88fe16b882e67c4c9edd366cf
- SSDEEP
  
  768:EcLW2SN3ItwfkDG7FIMXVGBzn5v1QLKeJunPxrU+lP/X3Zwkin9Sbh9Sb:LLWDN4qfkDo8z5tMGP9U+BBBuC
Score

1^/10
behavioral10 behavioral9
- Target
  
  lcb spoofer_updated_quack/cleaners/cleaner.exe
- Size
  
  63KB
- MD5
  
  ce27988cc633ed4e1ea1ed4bfd94e6af
- SHA1
  
  ea627f85d7b710266d6eaf4c741fbce49d329c94
- SHA256
  
  ce283342401e7fe747fe0ba57befb47465bdfe0f96ddfbeb869496684d6dc967
- SHA512
  
  6204358139fc5bf8b8b12f8fdcfb5c3f615ce20e651fcb60042376b9d1cf5e5e02ec886a20bdb71ff94ccab16c5881da508431c288e31c9c134dfa10c79e48e3
- SSDEEP
  
  384:y943jeTsybDGc9VIJ9KWSCGEcTvMtpAqFAgZl3QfBX8d7ptPQ9Z7L:vyPLoMMnAGZlGB6PQ9
Score

1^/10
behavioral11 behavioral12
- Target
  
  lcb spoofer_updated_quack/cleaners/leakedshit/New Cleaner.bat
- Size
  
  21KB
- MD5
  
  18c77961f8086f26c028643ba76e9b46
- SHA1
  
  a9bb449bfb90526b98aac929ec578c387838a132
- SHA256
  
  b1ed8ef4d46bfb260356e37b884ad4a86bee9f0415bc6a73ef3acedc0dd8f1f4
- SHA512
  
  37615ab1a60b643f8741a3de628f72d79077de66bd7aa05ff012d5941ca16cfb22e77a0ec700d79446a7d636d4b7e539f99cbc9412d70c721bdc5930e939f53f
- SSDEEP
  
  96:YXRVejIXO4C4AyCT5bWV7oJnJddsK4hSQX4V4j4V4z5ig51fH84f/vWqj/NbvTyR:YXoI3m9asdsth6IhU0M
Score

9^/10

evasion ransomware spyware stealer
- Clears Windows event logs
  evasion ransomware
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral13 behavioral14
- Target
  
  lcb spoofer_updated_quack/cleaners/leakedshit/applecleaner.exe
- Size
  
  3.3MB
- MD5
  
  ba268b881bccd2784fe98289eec8ad72
- SHA1
  
  0c4e7f1473fb7ab22427480c3d784b6e0e404956
- SHA256
  
  c83921c8dda800ef24ebe873ec175617110dc9deb2629d1107f219ca30caece3
- SHA512
  
  30c836bb91ef96f5952571bba27d08c32011e619890fae392f882e5c7db7558ed26e6aa1fbdc2ce7d22c0a6aebc580e17ae807de70d99945cb2b438bd8cbbb3b
- SSDEEP
  
  49152:98jzvhuGMsOTenal2tV594MzhJD3TMgwQiPRxksa2EQUFO0JIbn6/ubWYY725hXQ:9QFXlbnal2XDhZRwRVsE0JDoWYJPXLk
Score

9^/10

discovery evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral15 behavioral16
- Target
  
  lcb spoofer_updated_quack/cleaners/leakedshit/clean1.bat
- Size
  
  567KB
- MD5
  
  4bf8dd140901a615b1a5fa5136728521
- SHA1
  
  00e8b5a27ecea6d6a9c52739f15a71c5559724c7
- SHA256
  
  e2b6ce87a5fa871709665b0306e15d45cd7b5550a4de6701a8ce31e811a646ed
- SHA512
  
  5600ff59e7383fafc77ca98849b34c784fb85a86c2b6bb0d7cde2aec83c0db026f84cce7259ad3c20aec75a561f97150563e6f1068e9f9993bd4443ef4eb7537
- SSDEEP
  
  1536:iYLmcHjAkpYLmcTzg8gFDRnvplGL5LvLpLjLw3z5z5z5zg:iYScHNYScTzg8gRRnvpFz5z5z5zg
Score

7^/10

persistence privilege_escalation
- Deletes itself
- Drops file in System32 directory
behavioral17 behavioral18
- Target
  
  lcb spoofer_updated_quack/cleaners/leakedshit/clean2.bat
- Size
  
  260KB
- MD5
  
  049fce145abfed6afa90599762b08c6b
- SHA1
  
  563036667eb0a743c138f9f245cabfffe07c424e
- SHA256
  
  97377c7ae3ff41e72dac718a4dd82cdd079ff50e026ce159d3435e6edb8bc543
- SHA512
  
  e610806fbbf5365370538a1055637b5bf3ae9ae09f8779c1289b7800a9472f4f95db051c15c21af45bb70bfb99d2ef59846814ad36d8ecb6cd31c73e7dc443bb
- SSDEEP
  
  1536:gWNoZxBOz2ouKKCWZr3PwUWg28361L5LvLpLjL5Azf4oH9Yzf4gH9c:gbKKCWCUWg284oH9Q4gH9c
Score

8^/10

discovery evasion execution
- Stops running service(s)
  evasion execution
- Deletes itself
behavioral19 behavioral20
- Target
  
  lcb spoofer_updated_quack/cleaners/leakedshit/clean3.bat
- Size
  
  22KB
- MD5
  
  fbd3ebe26a823f86ae2deed72df613b9
- SHA1
  
  ac360161007807aff1577ca90edc57b21c3d14c3
- SHA256
  
  8e43a6e232e9842777d3fce8c552bf942359757e6af092595c98ae101ee0e94d
- SHA512
  
  2def0b5306711a7806cdfe58196877cda39f3b0bcc5786776d9164f28310dfd85cbf922dc1619f2bba3dfa5c84a5701d1b948042e0af28b6af5c4c893ce045f5
- SSDEEP
  
  96:tVeN1ZifiB1ifIXi4C4AySST5bWV7oJnJdwTK4hS9X4V4j4V4z5Rg51fH84f/vWo:KZifinifILh9aswTthIIhU0
Score

7^/10
- Deletes itself
behavioral21 behavioral22
- Target
  
  lcb spoofer_updated_quack/cleaners/leakedshit/eac install/EAC.bat
- Size
  
  68B
- MD5
  
  8e25b700f094c22cf9545b24df4b3b98
- SHA1
  
  58bd8197a3b4f1e687179b0c611a4db3869004ef
- SHA256
  
  5a98534f6de39af620b6520d25ac388d1ee46f10d10c7a05f34f6593098c99d7
- SHA512
  
  2712e9e9b08dcd00eef9504bcafb45e92554240ab8dd7033483305ad1eddae9b60f7577bca987ddc7c4ad4762467e596ecef6dac2502b0c3e3f2f1870fb0b898
Score

4^/10

discovery
behavioral23 behavioral24
- Target
  
  lcb spoofer_updated_quack/cleaners/leakedshit/eac install/EasyAntiCheat_EOS_Setup.exe
- Size
  
  933KB
- MD5
  
  b2cf34920a4010ef3799921d8e0d18d7
- SHA1
  
  1956c3da751cf7601c8eae613ada5c54473b3441
- SHA256
  
  6108a4f378ae293a5ea2ba74058beae388d85fc199edde903ba81375d8744396
- SHA512
  
  118ba08014819490894368696a0be5a6e4b460868674e0b8475b086a65ff6d0dfe285ed7ac5071e920964e6e413d61b4d19327ccb1e8207d2149983205ce3d6b
- SSDEEP
  
  24576:aNbP+i822rvtMR82UumYYmyUjWmfy7NWlVeh5WKg8QT6c9:a5+j6+2UumYYmy4Wmfy5WlVeOKgQc9
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  lcb spoofer_updated_quack/lcb_spoof_crack.exe
- Size
  
  7.6MB
- MD5
  
  c5c7253e68ea5d96ad86b7a99c465386
- SHA1
  
  1f6197326f53c231929f90b01d0afae65ae75c6d
- SHA256
  
  c38ce83359b11c63b187f1fe5d3c3a8ef2eac3377d67eada3299758f24d33cc5
- SHA512
  
  bf4221643f50ea2b9a3fd84e7c49219178f4e6d63b8f9e6505b512277534df945d7f0527d793981e37440abffdd78d93d04ac6a69532a64dea94a4e7e54355c9
- SSDEEP
  
  196608:BkbgJsau4PqC1qLAgz27O7PNYODgH0ZW0dTqnc52:WbgFu4PqC1qLAgh71rzZJ2nc
Score

1^/10
behavioral27 behavioral28
- Target
  
  lcb spoofer_updated_quack/libcrypto-3-x64.dll
- Size
  
  6.1MB
- MD5
  
  e7463d58d7aff43c7d71a3847ba8201e
- SHA1
  
  1a030443545820af4edea017c64da1233a6177a8
- SHA256
  
  2249476a14dea73ae271d661483bdc6c15e45b931f8dbfd0bd1b84193cf420ea
- SHA512
  
  2155a8fda32b9cb0f9029ce9fd6b418322b392523bf641b67eb885afc219a9b4942bc37292f32d190f128864b3f5830a8eee44dfc29623689bf0d5b259d0859a
- SSDEEP
  
  98304:dP+C5HnwdCqOB1rpZtC78tPq1CPwDvt3uFGCCN:x1HnwNOLpZtC78tC1CPwDvt3uFGCC
Score

1^/10
behavioral29 behavioral30
- Target
  
  lcb spoofer_updated_quack/libssl-3-x64.dll
- Size
  
  1.2MB
- MD5
  
  10cbd37c4df0aeff2346ba2c2038b420
- SHA1
  
  499495a812dcc64ae01f75522eb8ed57699ee090
- SHA256
  
  18babfe5f3de3d0ceaa4bd671d7d3c808c8f788ca9782117b74d5b4900a2d250
- SHA512
  
  f859a516c4a5c73b68c9051bd28392aa4617b1f9ca45879257c8e43321ff0cf35b71f176f267184ac892be8b1c87e816aa78fcc1ac77fad2bd932ec7300c564a
- SSDEEP
  
  12288:o3IaOMsTeC9cz8D7qs4SjIgtBwfcVXPz6dVr5yQH+BrMnfdEVB3:o3IX99c43D4S5kcVuTQQHmqdEVB3
Score

1^/10
behavioral31 behavioral32