Overview
overview
10Static
static
10AQUA PREMIUM (1).rar
windows7-x64
7AQUA PREMIUM (1).rar
windows10-2004-x64
1AQUA PREMI...of.exe
windows7-x64
7AQUA PREMI...of.exe
windows10-2004-x64
8��M̵L�.pyc
windows7-x64
��M̵L�.pyc
windows10-2004-x64
Respoof.cmd
windows7-x64
1Respoof.cmd
windows10-2004-x64
1first.reg
windows7-x64
1first.reg
windows10-2004-x64
1General
-
Target
AQUA PREMIUM (1).rar
-
Size
5.8MB
-
Sample
241224-kz3y1atman
-
MD5
f71e4dec9ba49a0996f577257ec31ed8
-
SHA1
55c9af15d1c9e55f8966d819a623b225fd06f5cc
-
SHA256
05266a1e82541f3908c2acdb6596791f842c4f483546e89cd52c22bb67a3f0f5
-
SHA512
113ff3f29821ea93c71dd32854714caf8efec9ea6f6e78f39254f44358bf6cfab40984d6c72e4951156c03233bbac0a6de748e94459d3ac5ddc91cbb875c9ec7
-
SSDEEP
98304:WoJ7oTgg90I9kbDh3D6cRxeqmN06/JGq46iZ1XNSNxCIH8GYwCudG8pUT0u/:Wopozd9ADpDWNeAJHADSrMw5ju/
Behavioral task
behavioral1
Sample
AQUA PREMIUM (1).rar
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
AQUA PREMIUM (1).rar
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
AQUA PREMIUM Spoof.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
AQUA PREMIUM Spoof.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
��M̵L�.pyc
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
��M̵L�.pyc
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Respoof.cmd
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Respoof.cmd
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
first.reg
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
first.reg
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
AQUA PREMIUM (1).rar
-
Size
5.8MB
-
MD5
f71e4dec9ba49a0996f577257ec31ed8
-
SHA1
55c9af15d1c9e55f8966d819a623b225fd06f5cc
-
SHA256
05266a1e82541f3908c2acdb6596791f842c4f483546e89cd52c22bb67a3f0f5
-
SHA512
113ff3f29821ea93c71dd32854714caf8efec9ea6f6e78f39254f44358bf6cfab40984d6c72e4951156c03233bbac0a6de748e94459d3ac5ddc91cbb875c9ec7
-
SSDEEP
98304:WoJ7oTgg90I9kbDh3D6cRxeqmN06/JGq46iZ1XNSNxCIH8GYwCudG8pUT0u/:Wopozd9ADpDWNeAJHADSrMw5ju/
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
AQUA PREMIUM Spoof.exe
-
Size
5.9MB
-
MD5
47911cfecd3dcd8b505235dd9b187992
-
SHA1
9c874cead1208b3b77f0ae535d07522629e6e676
-
SHA256
3aac1ef0cd3825fbb753199f1fe31430f4aba354cc4fb8e7db74b63ac8f7efdf
-
SHA512
cac06ffeb06e83c2e0a4c98512dde8292c2800a35a4653621e6cdd2877293381ebf7f773456974b4181838e98916ff9a6c6d5ec2ec145398cfddbb2668889eec
-
SSDEEP
98304:V2De7pzWqe8MMhJMjarCtaCObO/OH9KkqQz4W1kgeDtFMai3lMmg8N:VzNzWKB6yA+KO0WR4iarmg8N
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
��M̵L�.pyc
-
Size
857B
-
MD5
e7a8bc78dc6ec3f0e7ddb9cc483cc9c7
-
SHA1
1fe74f2f901d11ad069e206aec341f373cd5ca68
-
SHA256
d2000ea06472c5f500276f5b188b4afc99b64ce6bb2a459e2ed1855eafd7e1ce
-
SHA512
cda63d07f7801233ed0ff66e6d52445b152a6dac976f16c411e8cf9a6834a44a62e0c43566d96c15540da17a5c1d5b559e8fb382d15f927802f6c5c3e9437c22
Score1/10 -
-
-
Target
Respoof.cmd
-
Size
65B
-
MD5
a64d3a4c1d61344273de4e3f2dd3b652
-
SHA1
245859a286db226f15a0c8c51c9b71f31ea1b79a
-
SHA256
6f4b8912c0f77f2e589e8fed98246680bdd01a442f91729ce15ee812b8f4d50e
-
SHA512
e564799596d11b71590569f8c7b31fe7446cabc2dc6bc423308edf7ad2fcb74cbc621891cc594a6b2ebc8320600d0ca2530e92042477246914c55f369d2856cb
Score1/10 -
-
-
Target
first.reg
-
Size
180B
-
MD5
a8d8e8a3e08f69287db1ac4b22722264
-
SHA1
d28720d9d369b6c3fab3d035cc7508f5797bc0b3
-
SHA256
626e406859c1f1e1ed6519faeb0e8d3f48507c5d204d7736d1d33c894cf1ae66
-
SHA512
caae2df1b4e88e0978d658df7221d1af47050f10596ac393281e06c84295097b79ce33b3d5cd6c4f9b5fcba009992ea3cb3891a4ce1cf3a768f612ed12ea0d31
Score1/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3