Resubmissions
06-12-2024 23:33
241206-3j458szmbl 906-12-2024 23:30
241206-3g4rpatmev 928-11-2024 15:07
241128-shavws1mdx 10Analysis
-
max time kernel
357s -
max time network
358s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
06-12-2024 23:33
General
-
Target
RippleSpoofer.exe
-
Size
15.6MB
-
MD5
76ed914a265f60ff93751afe02cf35a4
-
SHA1
4f8ea583e5999faaec38be4c66ff4849fcf715c6
-
SHA256
51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b
-
SHA512
83135f8b040b68cafb896c4624bd66be1ae98857907b9817701d46952d4be9aaf7ad1ab3754995363bb5192fa2c669c26f526cafc6c487b061c2edcceebde6ac
-
SSDEEP
393216:QAiUmWQEnjaa4cqmAa4ICSSF1a0HPRV8gtFlSiZh5ZlZ:bhnGhMAXSmHXFA+
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer 3 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 39 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe"C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/Qt5NMSgdzU2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2580 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
Filesize
252B
MD566d6adef7ca6c1693acca37faf3edf34
SHA1225f7396b30ebd2dd230dac1f8ab9fdb698eea63
SHA25640341b75d971c5726028c0e1e25ec1eb2f4344a60bc1e107771111e3294a277d
SHA51298d6a59b9822f03fa7007841d9e5d31cfd27024d80285df88b895b411b85e0e4606049326d4ead78309c1b936126df7f1379b15e0f8f933681eb678422da2f68
-
Filesize
342B
MD5b943ee3138c9a53ace48e8dd3cda7e9f
SHA143bd64d64a648a8070abad2ed01196d32c266561
SHA256e7709727b82a97b013c0408d42405dda89f4520e9ab9b1f8e4221ecb1f701375
SHA5126ba75be83fea47db794c2b12f9efc5c80c05d3d3e7818a04492454355ccb173225fae80f7addfe4bef863a4c7464659d7f81a4c1b26915d465e52132df7389a2
-
Filesize
342B
MD5c502be23d6e002172db1374fc97e6a27
SHA1cef07901d30f72750493e00977fdbacdf3dd6185
SHA2568a4227690e4a7f72cb11ed0f77bb855eb347601e20ef632d3608f5623bc079d0
SHA5124e755577a3f1f99f6b44781bc588f53468f2cabdcbe5904216cd4a9b16fd25184d1d4a3b01b0b7dc479cc2475e99f68b11937aecc5d2c96084b8861bed60cefa
-
Filesize
342B
MD5f361ac2ed1173329d1160a9782c3c145
SHA191e542367855c0e9c04c0ad6fe417a91cdd1b735
SHA25698aaf0624f0f6685415a400bab39334cd623296eb4ee8b27a7f5fac442dde535
SHA512c15b34f8ced573f788317d206cc76a5820cb62ca7cbe93e4d735339f75242fa99ef33f2056a935cbc8b941d91b8f7c9500ed97a8512488ed3f23708e21b1c427
-
Filesize
342B
MD5761e5bfdc3d3c58be60c805785f13d7f
SHA1294ef99bbd2daff622bce9a6d933f94238053268
SHA256806bfe87de9cda31547caed00945cab00ad3467c5f04c90b87cb37ed6c6a5c4b
SHA5128fb9e7b45b04e81ea846b8ac6e3f5558c63821403dc686ec3105e9121fe23b3f46f077882a7077f66d6470d5a34d66f7b8c225a42cba5748c35e387ffc6ad43d
-
Filesize
342B
MD59976cd20d767975fe06965e9e9022084
SHA17c6646a3ce13f5bc8c3132a825665cb2512a0523
SHA2567ad66b770ae3f49cac6afa90b419019b988f98d3639fa283d6e414d77d94a612
SHA512283c24662f0d84bc9841b196911cb700b51e6fe3033fadb7252048cc17520a9aa0dea3f9faba70f4faf64479e8919569f46f61ce0eb62510ced6e35519ddb60b
-
Filesize
342B
MD5bea00642e2b800c68cc499b9ce62afd8
SHA12ce56e0314045ca07dedf24a891e198279c46433
SHA256fc654731018f9b629885927f7bf0a9ed9bae87fa00640540ff5573f22620c765
SHA5127a80c6cee7d82979fcf34e0ed179b82b28bffe07bad5bbcc6eab539152f2595871058824b3ad548b7ce9000966f15299245208355b58d6de989ca3daacbec74a
-
Filesize
342B
MD51e4599df90bb5dd46dc3549a6f30f712
SHA1fa328058b12a9f806eac6d6e9aea71785853e6b4
SHA256a3b3bd1027fd80f9cc8900c00a7fc466bd8dec5518a5b314f50dfb6d809c7fc9
SHA512d8a1fc65ea96976c880ef59343ce26abe1e0691ddb97c2e09c2322167eab0e2d12b31a8ee9a4f4a8c7758739b21da5821a01efbee96fd148edb3a7f687735694
-
Filesize
342B
MD519ced2b287ab7b03e7f4653d4e21f859
SHA18c91447d08313c7d8dc49829b00bdb476c00d71e
SHA256e327b8ad3100f01318c7423a60511aad1a6073905703683cc3029456b66d2151
SHA51282e59637044675219b7a48cead34e45453c1cd38a70807071be7cf6f0e48793d88d18b229d14369acd2412207d373eec5cd03089260ef87b1feacba80fb0a306
-
Filesize
342B
MD5e1b13b055e337efaa570acf7630d23c0
SHA1c84682eda484702564ffa3b50984a106da00f212
SHA256709183ced21b50bef416cf313d2bd0d27bbea4128a5247488db880955316f541
SHA512a0961472ca8e349323000f0eb9ab14cf6d355477166ea42e6807b7befe47f51be9f07edb66896c522c5765a3bb8d1e0d662c87f8d191243cdf85bd946e5f4c6a
-
Filesize
342B
MD5cb5c3ba0aad956aa85a4c00a5ace6969
SHA116b967572732df5eaf5be15d4fb1d3fc08f25467
SHA2562c97513811e649c0c06188a7cbc7f13b34ff9b8348d07902e998a9092911853e
SHA512af9078954f06d3e5113f79c79010dc0fd12fc4315f7e87c53161ce6c30873d115d5816c9330e0983d030aaae16a644200041d5e51321245a3c5d3ee1d9072913
-
Filesize
342B
MD54033b79cb961dd67d45eef1166c6e7fe
SHA102ac7dd7f992607cc3eba2f4cf8a8217e538c150
SHA25607c85ed0981170416adf45dc332eed34b288b7ae5edc3c3a9257173d8cd55566
SHA51298d6b6641e5fb3856a18d405ad1ff4f8204547dfb12a6d597027e01014d8096f704e0727f0a532d233c307cb8d416df05617d522120ff2be3de25d0654213e6f
-
Filesize
342B
MD57510fbc06f05a72397be7eb46a73dbe9
SHA186e5e6dec888c018cdb51cb039575309ff0bcb27
SHA2568811ba47897e3fb99b74f8cf08e65d664b8d51bc08a6337d3f7ac3d3a0d6f13d
SHA512821d4d1a87631501eaac7670e027f47d5087b94578d8ca29b2082998230fda7e20cb22b8746a335faeecde00cba4552231e6289dced777123e2492e5a0c74a7d
-
Filesize
342B
MD52664ff67b0206135dcc124639660f800
SHA167e4343ea1ca27f5bca3695017911fe2467042ac
SHA256d2c48f77a1228e340f72646b3798b2a56107d672aadd917c24760b7e92fe69f5
SHA51212b2b6c4287d640c83949dfffc5404537e2da200fe5c67c536c60a3e5b0b2a3ed4774ddf10aeff3af2058f886e04611dc272167f43d5bbd2e35a4ff3f054efb3
-
Filesize
342B
MD5d67dddbc3aa26fd341a838805159906a
SHA1b407d7f7dc05a17b341da8cf905455cda8556c62
SHA25628bd6abfe992432d72902b23aca028aca0160bbae41e5f4a6e5408cd7d68c862
SHA5120c27118f438eb5d261607eba3a6bd4200c2a7b93033b1048c2666b6542fb7887d02a8b6169a9b07bd98998338534309a779f34b307b6cacc8c66dbfcd6de1628
-
Filesize
342B
MD543f84f8daf19193e96e03fac1ef4c4d5
SHA149e70b89d941bb40200706c8e9110eb62b23eceb
SHA256fa38f1b03aa1c5c92a9d9a05bd7a7b8fe777bd8cdc58095f4473662a2cf6fdc0
SHA512c2bb923302f86f88016ebddbd1d3530eb93feefb73a81b94a01a7ee85f1ec3c7438b6ed81aba4f827a36b2540b8ec9e961383adbaa776a5b8181a1239f4381b9
-
Filesize
342B
MD59072299509c498c960af472f9503f699
SHA1e35645dcb36fd0923c899758d22a908d05396a08
SHA256223823bafffefa1f80cffec9b7e3a8e84a90845e6a746219cd743e96e6d99c83
SHA51297b9516f1861b6f2cda14e793ea7a58bb3bf4e86d2762fd6ce4b7a5abacb14f5ea1bc8a6706650b759aa8e1d9880268b9779bceb8c6dd2f10a46c4cf56a45127
-
Filesize
342B
MD5d15c613b1f6505cbdc89fc85797e2121
SHA1dc88d9d1fe8482a4732cd3a72d77804de508c575
SHA2561d1bf0137e334db076c87e5ca74deb7ced2c1a3b72be7f590fd9fde98109d15e
SHA5122bb7b37bcb3c75dee93211f822332def0a3020960c6209b4a867aa546e72797fa0d25464d116aad1ea16afc98e5c063b8d8e8f49f718d5a077a7462670c968e8
-
Filesize
342B
MD58e176877b20ee9b7e3b73be4e8a6ca9b
SHA142995cea9ff6131b686a83ec7d2ccc5a4bfaf568
SHA256aaa627a7808bcafa05b2aa343abd83deb987c220a5292c402dbd61e883b47a24
SHA5120f4ef2a35d3dda04c796a118131b88176c7cf71243ab6b32086f24051493e7b9b595850ae69af44bd93d85ade095f33e85e3d1e8006ecb35f51db81e482cf6e0
-
Filesize
342B
MD56a172f18112ab40f313aa792335280a5
SHA1229d53f11263d4d93a5b43acffc0f1f3fbbb48a8
SHA25690826ceb508a568ef11c972036db4695318a9b392ddbff115f866da17ddc042e
SHA512439b846471d6985ef4b1c69c0007232ba5d93542c480632d2eb35f659ee700b6a5c03c3d00538558ec4b8bc1942e8c53dedb728613fe8c9ce504ca9e1898958b
-
Filesize
342B
MD5244110b82164962874c9c81b3f851fd9
SHA139d28fe3a9815e69276e036ee943442e174ea655
SHA25683b5b9713c34a0d0abc97b820daa99723aaa8729f86822992eaf74b98ec0e7fb
SHA512a477ff984e9eb13ddf8f49653a54acc37a6f53a944aee5bded38c2a0bce1793db5e72ccf004814112a6cd533c45aa690f3af99792c377178f709b4187499c405
-
Filesize
342B
MD5779ec557db9eb77ff87e6cf4f3ad7a25
SHA13a4a5d531a0ed85db43b3ded8dd68f28e3224fe6
SHA256feaa5882923293dcc1b2c9e76f01339d555ed490070450455275d9906417c38c
SHA5122bce048a20fd5711ccaf1caaea8400d999828ef646a81d61d7a46cdda3b7707270f2303806e6a459ba79b93a545058ef0b230c2ded5f1329573971c6affe9862
-
Filesize
242B
MD52296ab12bfa3bf4fff8389ed67d084b2
SHA1bf09fb42f99753695a95655156b3155bde23229c
SHA256bc2d8320607176dc9818dc0154ceb172a333c6560801215f2f27d4d42a5cbd39
SHA51208592176a402c76eb59b1335c48e1d77f2b92ce0aa3e37b128dde74f4604a0958d2b6ea73423791beab4ea890e9b6bc268f7c94d648e35649e5958b3f119e1be
-
Filesize
24KB
MD53018f7e735fde4a1e6ab62e3c95c700c
SHA142348f8c3228137304885a0be84c6a535e1f434e
SHA2563b5c530f00b958a253ccfe74d460d0b9e2d09f8f145d372d182b710faa6daa1c
SHA512a8e1b6533cc6f6732b9627a64f452730b30968321ae1dc2254ec4709bf23d4888f4a5ce7b74714297efd59104f6cf81f014f1958d364aaa3072de9db9321e5a9
-
Filesize
23KB
MD5ec2c34cadd4b5f4594415127380a85e6
SHA1e7e129270da0153510ef04a148d08702b980b679
SHA256128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7
SHA512c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
712KB
-
Filesize
28.5MB
-
Filesize
28.5MB
-
Filesize
28.5MB
-
Filesize
28.5MB
-
Filesize
28.5MB
-
Filesize
28.5MB
-
Filesize
28.5MB
-
Filesize
4KB
-
Filesize
28.5MB
-
Filesize
28.5MB
-
Filesize
28.5MB
-
Filesize
28.5MB
-
Filesize
28.5MB
-
Filesize
28.5MB
-
Filesize
28.5MB
-
Filesize
28.5MB