51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b | Triage

Submit
Reports

Overview

overview

9

Static

static

7

RippleSpoofer.exe

windows7-x64

9

RippleSpoofer.exe

windows10-2004-x64

9

Sharing

General

Target

RippleSpoofer.exe
Size

15.6MB
Sample

241123-yyxbqatpf1
MD5

76ed914a265f60ff93751afe02cf35a4
SHA1

4f8ea583e5999faaec38be4c66ff4849fcf715c6
SHA256

51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b
SHA512

83135f8b040b68cafb896c4624bd66be1ae98857907b9817701d46952d4be9aaf7ad1ab3754995363bb5192fa2c669c26f526cafc6c487b061c2edcceebde6ac
SSDEEP

393216:QAiUmWQEnjaa4cqmAa4ICSSF1a0HPRV8gtFlSiZh5ZlZ:bhnGhMAXSmHXFA+

Score

9^/10

discovery evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

RippleSpoofer.exe

Resource

win7-20240708-en

discovery evasion themida trojan

windows7-x64

13 signatures

60 seconds

Behavioral task

behavioral2

Sample

RippleSpoofer.exe

Resource

win10v2004-20241007-en

evasion themida trojan

windows10-2004-x64

8 signatures

60 seconds

Malware Config

Targets

- Target
  
  RippleSpoofer.exe
- Size
  
  15.6MB
- MD5
  
  76ed914a265f60ff93751afe02cf35a4
- SHA1
  
  4f8ea583e5999faaec38be4c66ff4849fcf715c6
- SHA256
  
  51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b
- SHA512
  
  83135f8b040b68cafb896c4624bd66be1ae98857907b9817701d46952d4be9aaf7ad1ab3754995363bb5192fa2c669c26f526cafc6c487b061c2edcceebde6ac
- SSDEEP
  
  393216:QAiUmWQEnjaa4cqmAa4ICSSF1a0HPRV8gtFlSiZh5ZlZ:bhnGhMAXSmHXFA+
Score

9^/10

discovery evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionthemidatrojan

behavioral2

evasionthemidatrojan

© 2018-2024

Terms | Privacy