Resubmissions
06-12-2024 23:33
241206-3j458szmbl 906-12-2024 23:30
241206-3g4rpatmev 928-11-2024 15:07
241128-shavws1mdx 10Analysis
-
max time kernel
121s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
-
submitted
06-12-2024 23:30
General
-
Target
RippleSpoofer.exe
-
Size
15.6MB
-
MD5
76ed914a265f60ff93751afe02cf35a4
-
SHA1
4f8ea583e5999faaec38be4c66ff4849fcf715c6
-
SHA256
51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b
-
SHA512
83135f8b040b68cafb896c4624bd66be1ae98857907b9817701d46952d4be9aaf7ad1ab3754995363bb5192fa2c669c26f526cafc6c487b061c2edcceebde6ac
-
SSDEEP
393216:QAiUmWQEnjaa4cqmAa4ICSSF1a0HPRV8gtFlSiZh5ZlZ:bhnGhMAXSmHXFA+
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer 3 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 53 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe"C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/Qt5NMSgdzU2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
Filesize
252B
MD5bec2abd9690bfd53483ab5f9f38d9f24
SHA1a775214dba33da82dc5a24ead7906ee11c84c0b5
SHA25600fd0016271cbb9696734d2a8882e2e61efd65dd3db4556d5ebbf19263c45bc2
SHA51273036106591bac08116b400abc8a9a7eb9b52b435481c3bb98d45e5fc01ee6d9acfda79c8915c75992550985e6ed0d0238c7ee632abc307685bdbdc191ef0e71
-
Filesize
342B
MD55be0a2402388a8de06879329bf037522
SHA1b6dc11c5bbe0ce26dd3c2de12126a0fb2c72e65f
SHA2562aa7cef1f52e08e82a8960f4745f51eec3447244d0e88bc2c50832c32ff02f1f
SHA512536dbea8e8349336281aa429cb48de90044329dca99d9468ff68acf2a18e0f500ab01869acfd4e66b8cf90c8418f0d55393b75e786825b67cfe550b1d856a965
-
Filesize
342B
MD5fc027fae2e49be8046f8c92bf0f8e12d
SHA14a1342e4b433732094209a2dbbc079ed4fb299eb
SHA256fdfc41434e5fd3fc6fca856b9724e6fb2fae0689493d9d758c7087eea000bfa6
SHA5127e0d7593013374b718b442f4c7e78e49c96b59cfe337c8d113d4f44b1dcff0317e501447d587b63a2c4c186e585098cd6d68f486ae061db086a9c650f23705dd
-
Filesize
342B
MD5f87fea3f382b5813baa8aecd2eb18820
SHA10b349a1cc3b396080ca7a83a0de70d2093f990f8
SHA2561ee2d5c835dbcc13d2a5059c89a8c28cdae232a47a51d423942b16a31f8d596b
SHA512940287ad54290bbde2aac00a010208dac0d69caefa951fede2d5a2d97644a0cb654a7259900ecead3d7ce54428f5cf0d850822394aa8bbbb896991241c13faba
-
Filesize
342B
MD5027dda57a9c990977e1ab408aa5d1b6f
SHA1b8d38a5f0cadda89422ea8a5a1ca7f9b801ef21f
SHA2565c7d07f1985dd823f74d880635740beaaf4ef8ac7afc8041244c1ae978caa6f0
SHA51258965cbe31e9e70e902f32a33e5bd5699cd3725e13a8279a1f1e85e7df77e90d292962bd65fc60392403244ca33c331a552a9833cc52a51d696db4d1355f6d55
-
Filesize
342B
MD5f4833471170078b1e673623aa3d3217f
SHA1d80cf2c343b707b21b12715c3e1c7f8b91a98184
SHA256b7b06530ff64e5e3920c75f6848f2729cb082a5f3a1edffa5f81f21586dd2215
SHA5123e896bb8f5370cb575925191ed87a0abd72c67ae34a5811f4d5e59a78e2efca8b96f7e450299fcfa9f3410af82f6653e857ce4b1b812eecefe9479fab3484728
-
Filesize
342B
MD55469d5c10b30a597896e8f7d551d52b4
SHA1e1a132bff647cd80cfaae6580030fdc0bcaca4b6
SHA2567ff53e47b57fcfc1a8ac10ed4e87e363a3be89763dcde699f1a41255a050302a
SHA512f4be981a86da95b54716d1aa7740e919ec4d6cc8f318e77087f3842a5c45ad55c6e512355775f999f62b7040f164bc99beb711b890b8d61622334889bbb528fa
-
Filesize
342B
MD5c4f4ca8dccfb08071714bc66f6d2e530
SHA1546c3c2c12f789769b4d6574978bfa1ef8dc055e
SHA2568e0f470772a2a362b662cb4bb0c876d2fb2809f0c58e51586864124fb31c5fce
SHA512974a91850d73076966c95f362eb9ccacbdaa8fa59ddb71c424d2df5f2e645154dd7012625428deb880917696345f357190e37921bc73a05b8e7e19f23637bdca
-
Filesize
342B
MD56d65f5154938aab53cc8bf564f3f128a
SHA1268a9fefd0a81aaa9b7e7284b03a17574c7d8911
SHA256cdb3c67d1dffc7e339bb8a1f61e76185f3cb928e9aad51f1013412ab25107880
SHA512788353c845b7348f1952e32d4f300482997704f40cb2175cc425a334fe6523dc491c6b49961ca060365f8fdebf97bb72c11764cd2823ca95bbdfe022cb286aaa
-
Filesize
342B
MD5fc14bb8080912c2d7687c62b46e90150
SHA10e6a83ea59528c0df1e0fb28c318063ae1568629
SHA256992ffa8645b3864d3939da5ddec59acefc76a7b22a95aef1e9a90766b20db1c9
SHA512c7efb3482ce666dd4ba51382a650fedfc7d14d04c14e18a6973d7f2f8e8ff6e29c9b962b56ed6a661533e0be387ec16ef459bcd9fc88f49ed07dde1734996fc1
-
Filesize
342B
MD530e6fd0e00cba5ff1b7f9822ef4b08c0
SHA10b7af99e16b5c8d8a087c823fe5c7c43a0f93ece
SHA256c17e920c43a6ea0c6588c5b0bdb3a836242a0fea74e5164c4d3271bda6aef81b
SHA5121fc4e6dc7301bb0d2d9ebaf8a05a4dc1873918a6520c6e9091389fe711d7acff00cb38d4a0bad7f17304b6f335d7cd2038e08ff1282f0f1cd3c66d106acfe8c5
-
Filesize
342B
MD584f97cb1c6c56a569dc74cfb542312c8
SHA1b0d8015de4f2360e8baffa97779038f2c7828326
SHA25626ba239524fc6028632cdd33b4341d26b3749e9e5000778f0995eb7629f29dd9
SHA5125f5340879b91fb01e9d488eea85ebc01fbff6c16ff4236d439001485f59d1bb02c3a63bb599612bbc11ec833d23e9f6f59e16b85c4d06a70ad412de30b941bd6
-
Filesize
342B
MD55da1acf2fc11e50570a4d74a2e99c5d8
SHA11b01a13466a48f280de7a96419a794352b3ccae4
SHA256c3a8b179b723dd261265c6a74e597754f9f713b8b1e7ef4ee3a3745c814d598e
SHA512d805de2f95b2e8c03b5d45286096cf7aca98404414182fcf19ee1fe9848a2b780cfdc2411f7aef9d9c92c2488cb8fec9e90ce3fc6842e76904a5bdf4fd651fac
-
Filesize
342B
MD5e88444226d6cd8bd0cf895b46c85f29a
SHA160df688900b6c8124ef126631a36a6b474823372
SHA25692b67837d37767550c69717459337af63652622e02326e807a956aaa19fb9bae
SHA512d3da9d8a657a8642cb6dd323d0275873fa894cc8ba33e235fb578858c51c48774916bb91146814d81ea5c376a3c387ae55acf0a1feb8a27f01bca2395974d79a
-
Filesize
342B
MD5f76b91a479f925d4c8478037e70c86b2
SHA1ba8015db99ff390f0f0e49e36b9683b31bf777c2
SHA256e3e3716599880dacc2406aa3d636664701f882a3eb7ed0396a47e7b8e1d7b6b9
SHA5124dafac9319e5b3eae7b30476bd8fc69d5888e457ad4d2aecae80a0f83733b8a45b8b4d93efee9f2e37383ff56d100e50a33439619b5b92c8a75d5350b628696b
-
Filesize
342B
MD520493d55a69535de72dc35c1a67dd760
SHA1c68905820850defe4d133c8ca63a122d6a1bce1a
SHA25693645265e393699ec3668883ff2322b6f6e3c087e1937c6caa55fadcc2e81b02
SHA512d2f893d5d4f861186ab86fa3bb0e9a1f9b19355f81f76f82664844ee02fdae3d38e8d862cacc722a7eca52df9b59bb866a7fd370bf85fba141fd88bd4d35c560
-
Filesize
342B
MD5a402acc814a48e1f0e20f2fb9e61b714
SHA17e56b42c23caff03f0335f255b1b47707d640e9a
SHA2566c25c8d1263664371f03bad7d8de88d64bdea1c3af5fd5b91156e6078ac73fbc
SHA512f4d292e6cddd95b5ea637a1f894da0a0b501eaf339f1fd49b198234229a0d26ccac712258296a97511c25c436cd2c372da3755b9c896f3bf0ab27ddec6f51cae
-
Filesize
342B
MD5c576a3c54c2fb58b5f7e05dca055a875
SHA1a119e421947d3a0840e54b4bef651a52177a5f1c
SHA256d227f613163e4cbeb2a7dee042472009cdba195f9482ca5f207b9f5ad1d0ae90
SHA512b031c0ec402e474e7d218b9329fc48878d49fb04d9d4c71dc666c469612dab58ed45c6e2dc56eee38b2bdc92110e16d53613e82373d75a9efc6d58db45589739
-
Filesize
342B
MD5b19ab4432a0a83c0bbb1de41bbdc90df
SHA1f74a210d81684a20a240ebf6e9c006c905dd8b7e
SHA256806db8f76cf1b815f0d5704583b6a5b1c39887cdcb8b3401aced470d92ccc7d0
SHA5123e4a2b2d55cba09cae0aafb6e6c37a8721c5dcd9e7d22fbee653f27d2451d43839bbeedc0dc7f8828ccb8e18439705acee6efba3089402e1a03a085566b70808
-
Filesize
342B
MD531bfcfe6da05dd89e0d8e63b92d4ca20
SHA1f81b16569b3f3fc59277264e49a2cc2b20338401
SHA25608ef3dc0910b5c2e809ba61751a768a11dc08f627ede651aaa84c708bc364e4c
SHA512800f54c62cd45b3013bca60f7eed068d5154a2317ab53da21e90f4b0db992ff885deffe359c24c790df9c346ae7e78ecd208839119771cbad9f4ba8ef96f2685
-
Filesize
342B
MD505ca65be14c887b6833af81b96b2c793
SHA10970082bd0927ca06d6f2a46b233adfcd00e8e2e
SHA25607a250216668c0e70ec2d83517e2c4a58e00747c732cafdaf0362fd5c9c05de1
SHA512b163f217a3f440c3929e1f4bebf0113181679fc6aca6c186839bf10c738f46afdd12983a0075ce97d357d4af51215ca73f68a959f67e9e8521c7756ff9541883
-
Filesize
242B
MD5b924a84e4dfe86d78b3b324a92dac2df
SHA12dc914695c9b8fc76971bdcf94c4e4c2a0b84a97
SHA25608e2cf064672458ce2b0d6ce5c3a7eb900641cabfb10052dc21179d6a9587ed1
SHA512ff87bdec948aa48a9c0f4eb8238ae786c3844fbcf2e9ba1142972499e6c1a3bf2b5b7d0077cd95245c535db6a6b055a34e5125280af14df3c8f634710f78246a
-
Filesize
242B
MD5e4ad8022faad589305d9316d606186bf
SHA1efc5db194a10aa18eaada6e13a823564d91d405c
SHA2567470748ebf3d7c016cfec06dcd1b4986108404f3d028ca1c8e30e39ad1115776
SHA512e34c06a04207245b2a9f2a6e2c36bd0e639b4bdd2aa7cdba4f87486a8af82839ac46be33db41e233a296f39ad68bf3295b976576529dc05bf77c0d53b2a6f2a8
-
Filesize
24KB
MD56c734c830b3b59039c80b872bd4a7898
SHA1657e1651e4dfb8c552f9c1a6944548f188a25e12
SHA256c40b4f66a175ded04353bebde2ea01ae243e630bde1146cae4637153e825aa58
SHA512eb5632348dbd1304fbd05e6556ebabb11388eaf1bb1d98f00b5dc4ce4a3bd59c8dda03f50b9145859ebfe593dad680384000f23dd1d7bb4b1f11292473e1f977
-
Filesize
1.4MB
MD5bdf4185a3d8a8758f04a1635bca3db68
SHA17666a56afe26b2329cf0be71893f27f2086a845e
SHA256599666c729d5cccf4f634fb6f1e0e755bf3fdacec0a91f8f280314bf72462174
SHA512b8ffea1ffd1e41db4a072d8305534afe4171980f3c54e5c0efd5be273815c24cb8e5aa44126770d0c6ec6ae656a0885bf41bb75ab3c84c20166a238dec7fe72b
-
Filesize
1.1MB
MD51598d9a368db2a85f7f643063d42622a
SHA182e3f1e54e53543411d30633c97123c9cebb9ffe
SHA256b74838ee826bc2f97f8fc2ab2fa29890ff8a17dbe5d9f73fdddc16057481cf7f
SHA512dfd34fb742478a125cd21e69313bd428d81af0b31dfa2cb0a088380e051152bd0bd2fe5290394e446d96a4351d8a19acd3b80beaebe2db367a176f851e2665d1
-
Filesize
13.0MB
MD5b3c9045a2313575377e5dd1617f9eef1
SHA116fb16ce2b705fdbd72d994c71af54df596647be
SHA2561bc8f3acd54b05747584afe7826ef232cbcaf4b987901d6b2bd49ea630f5fb5f
SHA5125dc1b41704a85e62acb867e49fef7f6282dc5e6e10af7997c982936ddc172b4c76c3c2427ffef21365b9dcbaf7db128286491d9bec57f1e3f5fbafe7477975b8
-
Filesize
23KB
MD5ec2c34cadd4b5f4594415127380a85e6
SHA1e7e129270da0153510ef04a148d08702b980b679
SHA256128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7
SHA512c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c
-
Filesize
8KB
MD57770e52347d794efe8da92268a38c451
SHA13c3ece2921b294b120358a397fc496054a563567
SHA256c07d6fdb171d1277b91a812ce21cf4399359b4eb674d1bc4bc0e2e53d393d361
SHA512d0ed453c9f59c8cfc54aad96e06e7299c89c9e19e8a297687e2be0ecf0cd3d32b0fd90cbd37d1371b9ea752c0cd25844905d0b952f9e771734cb87e5a7ce7be9
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
28.5MB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
4KB
-
Filesize
28.5MB
-
Filesize
28.5MB
-
Filesize
28.5MB
-
Filesize
28.5MB
-
Filesize
4KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
712KB