General

  • Target

    loader.zip

  • Size

    335.5MB

  • Sample

    250120-tj9laaxnfx

  • MD5

    d674550c79874b4e698108e78c0972e6

  • SHA1

    d24e0f7df1d8a9ed049901caaa56a16c7840ae68

  • SHA256

    b422869f2bfe5b0f322c4c9cab65c53de742e846202bd8854f2c74a869aed1ec

  • SHA512

    dcb54866591e844a89b9ff1a7fdac3d070bcfbc0069c58361615a5e9c30a64d75594812cf936d2b04c4b43e1b5ab70a42077ce6acad8ea3e9edde66445596dbf

  • SSDEEP

    6291456:jJo+nU4FBOF1N32GNW6n9KPlgB7w6BviYOtFxuLbTLoRrwDS2FATO:Voy7a1N32GNMPmBEYEbu8rwHFAa

Malware Config

Targets

    • Target

      loader.zip

    • Size

      335.5MB

    • MD5

      d674550c79874b4e698108e78c0972e6

    • SHA1

      d24e0f7df1d8a9ed049901caaa56a16c7840ae68

    • SHA256

      b422869f2bfe5b0f322c4c9cab65c53de742e846202bd8854f2c74a869aed1ec

    • SHA512

      dcb54866591e844a89b9ff1a7fdac3d070bcfbc0069c58361615a5e9c30a64d75594812cf936d2b04c4b43e1b5ab70a42077ce6acad8ea3e9edde66445596dbf

    • SSDEEP

      6291456:jJo+nU4FBOF1N32GNW6n9KPlgB7w6BviYOtFxuLbTLoRrwDS2FATO:Voy7a1N32GNMPmBEYEbu8rwHFAa

    • Drops file in Drivers directory

    • Possible privilege escalation attempt

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      Buildbox_2.3.3-1986.exe

    • Size

      73.1MB

    • MD5

      9b2ecb1f95301a8e76ffbaed050fff82

    • SHA1

      67dc37f65486db3c590531b0641e8dd903d24d5d

    • SHA256

      7652dd1511c8d8e8a00f90ce3cb576ed948c1e198ccb9b84a6a40e5cc951d5a0

    • SHA512

      dc58176acbab4a6ede103bffbdcb76813b9cd426758a6ba0b329fa4dfb4012354025a5d28f942138a6c1de5f378f08c405d67ab8995245ce47f92c04f8b47b33

    • SSDEEP

      1572864:5lEPKDpk+3Pxd32li14xgms5bSdZXpW9QUqAPOy+xYyaFJGWI:5jpr3PxdmliqxQ5uJW9QUqjxY5FJ5I

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      Crack/BuildBox-2-3-3_Loader_Setup.exe

    • Size

      616KB

    • MD5

      ec7acd8acab5bf247491004d68ca89c6

    • SHA1

      1b8b393b753d3946220704437d4fbbddac69aa69

    • SHA256

      c27d61a5fa480cb181aab2b5d5645dbefc24b2d7cf7a6d4d616f203d79fd7ea8

    • SHA512

      058dbf07312139b13f03668fa6984cd5bd9a612901b83fbd79f45c36837b9e789895c45d58854398ee8de9dc2d167ce2870eb67485126185627fbcc30caf92d2

    • SSDEEP

      12288:i7blM9ncHg42Om2KgXY3o1HUeI7VtIw2kB2K6sOT:i7blinY32Om2KgErxV+w2kB2NT

    Score
    7/10
    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks