07d3885c26f6b485ab8b4283b04d53f58b64f6b43f4eb734658cc2a64c524d92

General

Target

Malwarebytes.Premium.v5.1.0.102_AsanDownload.ir.zip
Size

346.9MB
Sample

250117-gac5havkaj
MD5

921d4d3124ae071493568c90e52fd99b
SHA1

baeace2ee67fa2e124ee26dae720f5481efdc2f8
SHA256

07d3885c26f6b485ab8b4283b04d53f58b64f6b43f4eb734658cc2a64c524d92
SHA512

9eeda4edcd58b5775902815d1ad4312459833fdd29f96513f162f66a9a46e5098814a12ba040502f985eee0ff92c96c9bc4d19a2aca2296b231a37197fba5c4b
SSDEEP

6291456:hrlrz4rRor4n8LH0h3HIfbMd2R85h+NJjRwfd77Pp+TgFxV73M5we:pZ4NgdL0oYlscbFxVIh

Score

10^/10

Malware Config

Targets

- Target
  
  install/Keymaker/Keygen 1.exe
- Size
  
  521KB
- MD5
  
  31cea736b899295526b0f750bfc5362b
- SHA1
  
  5b5bbc8a8405f870f2e91ff41fb4f9a9acde1028
- SHA256
  
  6ab07188ef43720f78d19fbcbdf31a65768c27fcae0899e9dc96106a5589c574
- SHA512
  
  7d2d11ccfa21986d9c4bcf296bd6f77c221b5b053eaefbc74b452137ba93b7e7efc3f695fb9fdc1a910a10dd40a61bc19f08ee13a68e74d5d9c0b7f6fcfb84d4
- SSDEEP
  
  6144:vrPQlDeTCksUShpmwa/Jl8yK2vlVQdGqdPnuKUuh1XN8Hld3zg6Ul8MQBUUxDPT3:slDgCksUwIwkB9Qpuw9+d3tQ8M/S0
Score

5^/10

discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  install/Keymaker/Keygen 2.exe
- Size
  
  26KB
- MD5
  
  c2f2769432b81a1d82f9190f07290a6e
- SHA1
  
  79f23d89dea5afeb2c953ed46508345b2b33615c
- SHA256
  
  b60b225ff5f99c0b4a6d4559dc7fdff7c55f53652715b1439f71578eb27851da
- SHA512
  
  4dabcb853aca55fc5ef7d547163e190024cc24c39d69e4ba844dfe72f9289d3a8451ec356ef6df19bea2ea29ed11d5a41f76d4597fbc15c99ae5c242f8e56b2f
- SSDEEP
  
  384:uMeI8QKtv4DXxknBd5PCBfB5xPnob2dyGLeviIy05TrdbYz59tWLqIAyjsW73771:KI8QuEXGxYDbNLevRhdY9tWLjR0y
Score

1^/10
behavioral2
- Target
  
  install/Malwarebytes Premium 5.1.0.102_AsanDownload.ir.exe
- Size
  
  289.6MB
- MD5
  
  7bf249f29c0f90525228f52cf3281803
- SHA1
  
  4720ba9b465aa2f0b40627eb40f82ae2ca29ad71
- SHA256
  
  85ed3fa765a0254606bf24c91a5120d3cf27b19293ea3c3d1b6f84818335af67
- SHA512
  
  d1abd7b0f21ad87d8ec9c0bd3894086e5e80920f4198b33dd6a2c1dbfc37d87fb6fc1440be60b8e96f2368806c0050472ae282b5eede1b9f67f262117997c369
- SSDEEP
  
  6291456:o33qeowQ/oDRnL8G3zPG3hqdud7e4yOzzoOwPLPwQ/oDRl/JxqCtIIO01vm:o3aerQgFL8+rG3Uc6U/oOwPL4QgFl/JM
Score

10^/10

defense_evasion discovery persistence privilege_escalation spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops file in Drivers directory
- Modifies RDP port number used by Windows
- Sets service image path in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral3
- Target
  
  install/Patch/Patch_MB_5.x.exe
- Size
  
  66.7MB
- MD5
  
  e3a3662da8c190c7e522f3aced8b97e1
- SHA1
  
  20ae6afe4f851e79c3cfec8375b0fbd53518032a
- SHA256
  
  dfe7a2d70f947979258da2ae8636bc084e4905775f2185bc6c2ee21e2a57eb6d
- SHA512
  
  357ae70d5c2f59bae01519da26b6fb631eb41dbf97e3e95927ed9f67c9423a004785e2e6cf8ab97a40102cc3ece552908456e038a9575550f2762bd6e9b43564
- SSDEEP
  
  1572864:7Pk/elMidYLdjeXqY+jFvyDg94ZJF/+wRRWSJxd8:78/ehdYLdqXqFvy/AwRR3d8
Score

8^/10

defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
- Drops file in System32 directory
- Enumerates processes with tasklist
  discovery
behavioral4