Overview
overview
10Static
static
3Versium Re...fa.exe
windows7-x64
10Versium Re...fa.exe
windows10-2004-x64
10Versium Re...er.exe
windows7-x64
3Versium Re...er.exe
windows10-2004-x64
7Versium Re...ll.exe
windows7-x64
7Versium Re...ll.exe
windows10-2004-x64
7Versium Re...um.exe
windows7-x64
7Versium Re...um.exe
windows10-2004-x64
7Versium Re...it.exe
windows7-x64
10Versium Re...it.exe
windows10-2004-x64
10Versium Re...it.exe
windows7-x64
1Versium Re...it.exe
windows10-2004-x64
1Versium Re...ch.exe
windows7-x64
6Versium Re...ch.exe
windows10-2004-x64
6General
-
Target
JaffaCakes118_a8eb804aed19ff28f8125358d3e2349afd613e423c081fd6b027a0ea345c2886
-
Size
5.4MB
-
Sample
241223-yy4e2azmaw
-
MD5
9ce41df34f5a485145196b97ec695f00
-
SHA1
7548743eb28c9241b51472cca7e79cafa87074b8
-
SHA256
a8eb804aed19ff28f8125358d3e2349afd613e423c081fd6b027a0ea345c2886
-
SHA512
77cbc3c9adec8b848db5c31e170632c902693ff2e525ccb55da05592078e268e584b2095029cfe3aa7ad2cfb26e2a23f9a1f8ff046a5b1239291a153c4cdc24e
-
SSDEEP
98304:6IxYMuVTHphqbk6Ao0Bs3+4dbi8R1BV5qxRJ36XUR+o0LVAeShTu47LYRrCdJKyW:7GpVrvqdAoSEb/rBV5OuToVjLYBkJrTi
Static task
static1
Behavioral task
behavioral1
Sample
Versium Research/028d53f5224f9cc8c60bd953504f1efa.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Versium Research/028d53f5224f9cc8c60bd953504f1efa.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Versium Research/Bot_Checker.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Versium Research/Bot_Checker.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Versium Research/Uninstall.exe
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
Versium Research/Uninstall.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Versium Research/Versium.exe
Resource
win7-20241023-en
Behavioral task
behavioral8
Sample
Versium Research/Versium.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Versium Research/VersiumResearch32bit.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Versium Research/VersiumResearch32bit.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Versium Research/VersiumResearch64bit.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Versium Research/VersiumResearch64bit.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Versium Research/Versiumresearch.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
Versium Research/Versiumresearch.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
metasploit
windows/single_exec
Extracted
raccoon
1.7.3
5c07c7a19b0c108c44d95accd1e1b897aa1528e1
-
url4cnc
https://telete.in/fsp1boomgasio
Targets
-
-
Target
Versium Research/028d53f5224f9cc8c60bd953504f1efa.exe
-
Size
4.4MB
-
MD5
90a0bd1a164b2af8a7b15f75ab07e3f1
-
SHA1
c8def0f5b75c51b2efa40b07ebe035566d8be1a1
-
SHA256
276387214b560792419a07b097ee76400519c2c902f378207d30acf851ac2213
-
SHA512
b0cd55af23728cbf3a63392c492aff201df688f1185eb5f577e56151c8d871d49ae392d51bdfdf0dde360d86fc919174015d6d6cabbd3c3f59cdec5ca53bf4c0
-
SSDEEP
98304:N9q+oGJo+qJJL2CXFhmOdc3hKpw0dx4juSWejiXkiOvNqwf7BiqK8XaYtXBr:zq+oGeyUw0wjuSW/XkfNJ74qXDr
-
Glupteba family
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
Versium Research/Bot_Checker.exe
-
Size
56KB
-
MD5
391ca27e1e5cc0da88d1fcc8df1d0d85
-
SHA1
25bd7c5b7d88bcd01610226fccb0910b48dc1eee
-
SHA256
a9ee4862c1e7931ef8366b090ac1f3212e79cc17d7737f537978d9a3fb0c5ef1
-
SHA512
2dbb84eb664798766a669c7d407be76d5154bd7d0b99f2c2371ad0ae3e1124605df0771b228f7a3406f023fa9cbba3022afb5b48207cf1eb14d94cda7a5117f9
-
SSDEEP
768:dQR+JJlY3yGJxNojkTnJI6TWzzejkZy/xbD9BxufhqXKClqp9:NAoITdT0Zy5bZXYmlqp9
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Versium Research/Uninstall.exe
-
Size
97KB
-
MD5
a8c53399726fea24e4af993e971df5af
-
SHA1
50b4c4d3cf172106417dc0e59eaa63bf7cd0603e
-
SHA256
6b13a733947bc2395695cc6f9a8b59eae88cf6467e368a810bcac0c10d6c46a6
-
SHA512
b2159712ecfa8f7e9a75a190e858cc791bcdcd19118a6db40041d7ffbda531343a63244d35012702dda8514191e8bf6e838ab896c9db232f2c163fc4d4cd2bf9
-
SSDEEP
1536:zO/z6hPABUjO/Zd1716EoLiL4l1HdIaqQPDm0xK8i6f0Zn9PRVW8sW45o75U:kzgjO/Zd1RePDmZ8tf05iW4u1U
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
Versium Research/Versium.exe
-
Size
746KB
-
MD5
393d6260e39b68b2d60300e4f62ebc83
-
SHA1
16c58c5b7dee3ce4c3a40925ba4eed3c188faf46
-
SHA256
e7431a806b1b1928256376ec29207a342f4b860f4332bb523a53ac2d9d3d35d3
-
SHA512
d1916b2f2f8deddf331735b4b6f4b329d65696481c6971694c3bf64fa38feda8472c700d15311aad3ec3eeae5a6f9e6c85f204f955555a57eeea131ec4e8a198
-
SSDEEP
6144:d/QiQXCz5m+ksmpk3U9j0IMsoxvjFEOTb9WmZX/8shzdsY4CpHPhnBvudg:VQi3zc6m6UR0IMp1hf39Wkv8xwJB2i
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
Versium Research/VersiumResearch32bit.exe
-
Size
504KB
-
MD5
8479bce60218cd871c118308ded82d39
-
SHA1
0388ec861b2ac5c7f4dc6eed249d92d3002fe66e
-
SHA256
15078be80772a449383c5f6a7631955039b82ebaf507ab67e61093b70b98dc43
-
SHA512
f4be47baee6baeacbe1e27174ad83700efc78ab2d02262d718c7436d2304fc16618a5911bed63ed8d2e947af3c511d17b77ddfccea9a4e6aab9f3956fcf322f8
-
SSDEEP
12288:KZCvp4LezCdIzVgs4Bi9ecBTBB85c50J3FTI:KZuKezCqzVgsy8acqBI
-
Raccoon Stealer V1 payload
-
Raccoon family
-
-
-
Target
Versium Research/VersiumResearch64bit.exe
-
Size
252KB
-
MD5
ee19bc8a2b6c6fd7c30037389457a4df
-
SHA1
e1fca1cc33574e59dec62763ee6e7de1a5198095
-
SHA256
76af8837a5ac0384faeeeff8c8987f796206fc4a1691428dbd44a14378ff28c0
-
SHA512
38db6d4ca6f106849f2ba173e20dae0a53c3e558eb676adba380761cc0318769c6add3a2e816705c094596fc305dab1dd39eb2b83e9f3e066ffc90de580af001
-
SSDEEP
3072:45uNO+8s6V5WQZV08YLmqa/Qh10UNtGOWmA3hLKKKKKU8AAFTbp8ELQHsoOJNuY2:45W8sscuVVYLOoh1MGfJXnIZRhv
Score1/10 -
-
-
Target
Versium Research/Versiumresearch.exe
-
Size
163KB
-
MD5
b1dbc3b027105d8032541bc0c5e71abb
-
SHA1
1ef1950ecb44e6bd8d0a3849868ec9a0ceaa1130
-
SHA256
b0eb54f46e5919460cb8d21fdcd695e3356b6311ab0547f18dc3d84a66a14bc4
-
SHA512
3f7fd0aa71e6fae5eeaf16cc47a1ac43cdd1f643c1e7e439eb068685558929cf3c74552ad70fbf2d6cad94cc11bb8ea9c099ef1401b868947f1a9e5e44b34f7b
-
SSDEEP
3072:3iwHlYGynq3D2/NS6hskuAM44ht1kENNUUd/mYK:bGGD21S6hskuAC/vNNw
Score6/10-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
2Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1