99b421b433eae70d9b28445cfcfee2185de5511a0c98355f817ba63e65b842c1 | Triage

Sharing

General

Target

Build.zip
Size

13.2MB
Sample

250328-mwkdlawry5
MD5

dc27a05bca028fdea32ce70deb829e30
SHA1

87df8d8884a8119651a881d3a3d2d66bc42e845c
SHA256

99b421b433eae70d9b28445cfcfee2185de5511a0c98355f817ba63e65b842c1
SHA512

e7721c9872a20c0646fe2d5a64e6edc730dab3b4105a04a7768331f16fd45f10976e250123a2c1d35b155658407ddbe9775fa3522deca9affcf4b7f96f05ea97
SSDEEP

393216:IilLgkSGJ2ErGI1uV7PfmL04PSQQ2ZgvhR2Essh:IiirZIona08IhR/sU

Score

7^/10

defense_evasion discovery execution trojan vmprotect

Malware Config

Targets

- Target
  
  Atlantis.exe
- Size
  
  11.6MB
- MD5
  
  b4a63e7514db5d7a0cffc05b0b56967b
- SHA1
  
  40c2c9cf437a80474fc689ac98fc6e7b172c4508
- SHA256
  
  976816e7af7990a3acbfdc9258b4cb6e8c0134a832390ae5d3a95bcc0e3faa29
- SHA512
  
  02108ce095c996c8f8665b8d08e4c36d8761bcf68ed81e00cdfb87d5965f43e8bc4de979bbea57eadf9bc80c7e93527baaefc6c17ad8641d07a2eff9848ebf66
- SSDEEP
  
  98304:gGuyIXRfVUr/AuOfVE768+l4eW9k3R78HEEhc2+z82bbIcNlaZuj9nGZyLlsZ5:3uxXRfmDAuEVEKW9IRIk2bcW69nnL05
Score

6^/10

discovery defense_evasion trojan
- Checks whether UAC is enabled
  defense_evasion trojan
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
behavioral1 behavioral2
- Target
  
  bin/Injector.exe
- Size
  
  3.4MB
- MD5
  
  859d36f3e841dff847048cedda17fe95
- SHA1
  
  9c522dfbdfcb67835c6fa1d801952738c3759bed
- SHA256
  
  65618512752c7c4f02fd7f10b54b27b1c3a26a433ccbff0f2e90bfc98b306e4c
- SHA512
  
  a52fdeffc368d7932e94042710c90502a646909e4fe949602416064fc4715751be017e8b23590feca1dd390cca45f4ae6fe24967ec1697d5df234fcb2bb737ae
- SSDEEP
  
  49152:Wx2dqYFpl0sk7CQuZ6MKxGA6DWd2LaDreCoMPGHCgSx4Citttf985qFzXT84B2c6:Wx2dbU7C9cMK4ydSaDiTMOHCt7itt64
Score

7^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral3 behavioral4
- Target
  
  bin/VMProtectSDK64.dll
- Size
  
  116KB
- MD5
  
  147fe4c34c7eaeaa4cb1fc0c253f79ed
- SHA1
  
  c5ad57e2ad6bdfd5132c36c3d7f21e90b1f119b0
- SHA256
  
  5c08aebd5793fc7c531e04133abef6362636254b27ff1f84ab14a48da34d5f71
- SHA512
  
  fdf36950f71ae17a27db365fc37b101a2aeeaba32982655a711dabfa4cc9f1bdc37cb73ddbee32759f18bdc90677bedb191a72dd7c0edecc4e240c604f0743ab
- SSDEEP
  
  3072:FmcqYHq7Aiytzg2ScpvgJcG5sqYX6UOHNlBS:Q0Hq7AiyegZgJZSXmtH
Score

1^/10
behavioral5 behavioral6
- Target
  
  bin/amdxx64.dll
- Size
  
  9.8MB
- MD5
  
  f37c9e112d4a3712d8cb26f8cdf9b643
- SHA1
  
  4ef8da3805fad6733c14ca28706158d805338cd8
- SHA256
  
  b0d425537245c5d37525b2d35d9c568fa798810f1e03148efa0d3c6784ac4ae4
- SHA512
  
  13077b06de1a951ee605e654878fed95cc5fe3aebf5e0fdacb078a2c30c80b666fc9a5a4cbf359727130589953b76abf17af98dbed7333af4d767fefd8c34121
- SSDEEP
  
  98304:PUh2hxpOLw0yoDB/0C7hwv+9kNZW8puI0GSXK5Ofc9KPPz3z64pfoCu/H5s/+SWI:C2hkKKPzz64pfoCaZmx
Score

1^/10
behavioral7 behavioral8
- Target
  
  workspace/f42f3746fb3eb60f837d3673581c14a5-cache.lua
- Size
  
  290KB
- MD5
  
  ec28de6e94c1906cfb3f34e7891f9e46
- SHA1
  
  da3a8e757f2be4f7148673b40eb229e6544d0b37
- SHA256
  
  92fed37af8baead5ec50e82a0fbf169430a45429c5edf7b3c0aa18f0c36cdfcf
- SHA512
  
  77a92eb96896e6e14a75006e135e36122d1d7a48f6d1972f1250b2541b1eee1517d913eb1ae8019196254cb78e882a015b30588c7513097415fed791f914671e
- SSDEEP
  
  6144:PVSYWaUDzhjQI/qKpIeARd8pz03mU4iH2tAwNxL/MdPiRWZmOpojwN8AanVZprfp:AZhX/qMKWS3/4iH2tFM9iRJ
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  workspace/newvape/games/universal.lua
- Size
  
  228KB
- MD5
  
  7b5dbb2d14de91608c5dda45c3cdf517
- SHA1
  
  206df5e0b0eba37d1470e0d537f4167e01cf97e3
- SHA256
  
  7a9c0fc3faf13509b2187c4a384d73749943b7caff6f6c95258f57e8a816389e
- SHA512
  
  3e959b5423a52f5b911a3cbd5be36111d6b16af4d13d8acbb098e0b6113a0815fe3489673f5830523ef6a1d73d6fde31b320306428039af095a99daa52808660
- SSDEEP
  
  3072:IKdF9LGCVh6f3o/uftpsg2pd8GVxcrWeeu0/A72R4JjvS/oXpxi4927HFQTirJC2:IKdyC0GouI/EeEQaKaXwI
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  workspace/newvape/guis/new.lua
- Size
  
  230KB
- MD5
  
  a7558543454c1175a1bb1352becc5206
- SHA1
  
  c8d4f09fa044d22fc8257161abc539d4583ecdf0
- SHA256
  
  89e17a83bac708db445e02acf25f0669c32ace9466754acb8e8d686719845ba0
- SHA512
  
  16932a9d7b6d3cc82bdbf74ffaaa05867c189b5ab0436e59bf8ee5aadf236f2e42d574a09ee8ef6116030c3d5a570ea6b9454856a73134a57ef222d0b4da5fc6
- SSDEEP
  
  3072:JPEq8E2j0f8DaPxSqv02lvEBaUbVvscI93p4MPMsadOYxVVE9P6Xlu+5qvp6AQIN:w2j+VfdOYxVVX1u+5qh6AQIanZatx
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  workspace/newvape/libraries/entity.lua
- Size
  
  11KB
- MD5
  
  70b7cfd85bec5f655eed125db907786f
- SHA1
  
  c52dc8d44f8d17aef5e9329fc3f06a9cb1126861
- SHA256
  
  fca28ceca2a647f4e2da2ad9adfad98881fee88372d63a130c0990ad2f172366
- SHA512
  
  872b27e0c7cebff6a51620580476af60cadb716a3843e2fa81102cae5492004c83483cb4602c136478c6215db92bfcd872563995b676efaff04c2aa93bedf5da
- SSDEEP
  
  192:cg0CZApIk8tKgVSsl0qTZoz2vv/dlf/F9/wK0Bp:ZZAik8tnb+2vv/dNUVBp
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  workspace/newvape/libraries/hash.lua
- Size
  
  52KB
- MD5
  
  4bc7dc6ae23dc83d362b1b36279ffa0c
- SHA1
  
  285b010b9531da87d318f716fb4cc29074ea0f46
- SHA256
  
  c5d2026d18f836b74b94180a754c3482ffd9f796672fc0303993726092ccdec2
- SHA512
  
  d0e596036e4dc51a78f5a257da359276465755cf7a33a5a9c0629e27e6b061f81a0a967f6da3f84d1a81a55f3fa4f81d454a928dcabc14d6387a0541c194c3be
- SSDEEP
  
  1536:JQkjWUKqPDCWJQhgzFD+CtwzDZlzmXqEZKBHu3:J7KqPDBGgx+fzfm6sKBHu3
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  workspace/newvape/main.lua
- Size
  
  3KB
- MD5
  
  c58dc2748dba3ede319e98a8b83bcae4
- SHA1
  
  20bf00c7d188e0854ddf667be0c5d8d23cbfd40b
- SHA256
  
  2d3d9a56539cea8d47056ed01477881a1e056bac34ea4b0256bf106982fd498f
- SHA512
  
  423e72c4fa94d5ad1bd88534724acd64ea73450a35635316be6f4c67b4af0e000cc884b109dcd6e4064b91c57a650f5fc74a602ccb133e7c22be1d6f2862a426
Score

3^/10

execution
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Network Share Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

defense_evasiondiscoverytrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20