8b0f9d248e67199bb7f1a778a03e4caee7d267e61d8a7d70fa1c1f6d7944e96a

Resubmissions

28/03/2025, 16:52

250328-vdc6kazry9 9

24/03/2025, 22:22

250324-2aphra1jx7 10

Sharing

Copy URL

Twitter E-mail

General

Target

Batch_2.zip
Size

6.0MB
Sample

250328-vdc6kazry9
MD5

4b0434ee95a7ed21bd35a7824360f6e6
SHA1

595bca71378490bd11db6237735c4ab524b43cc6
SHA256

8b0f9d248e67199bb7f1a778a03e4caee7d267e61d8a7d70fa1c1f6d7944e96a
SHA512

1b35d0d0304a52a13d41e0ed979fee45d1b238df7a0ab6d9ee590cda33da4c4bceb44c2bd567763eb54e893882853b81aff42a2386b8b1c05c7dcfc07173cf4c
SSDEEP

196608:KpdJTVD7+Ts66FiucqX0gJqSrjj56onVjnqK1prd:cdJV7+AKucqEgMwXoshTprd

Score

9^/10

Malware Config

Targets

- Target
  
  30bc4934d7e29c8c4c4c9be0510fc7558fddf8db666a0343784c5cf1587b3af0.exe
- Size
  
  184KB
- MD5
  
  ee041688d36494fdddf710a3ddb873bd
- SHA1
  
  1a93d78c2b2262c02e1fffd54d3f5f4aa8400b76
- SHA256
  
  30bc4934d7e29c8c4c4c9be0510fc7558fddf8db666a0343784c5cf1587b3af0
- SHA512
  
  c76e2b1bcdc179e358c159c87dde5c185cdec3659e7c33db686f04e3845547ef489ce600a51e99e10b26b0d33fbdca25edf2e1b9dbb81d4ed7f845c9167a17e0
- SSDEEP
  
  3072:zsj3FGQtB/fDq/8QJ+mkkk9mADOS0WlbEJV1OaqpEZtBgoh1vErXhcKrWfyB:gj3cQtB/fFQJekHSLbAxpmcKrW
Score

6^/10

discovery
- Drops desktop.ini file(s)
behavioral1 behavioral2
- Target
  
  338fdf3626aa4a48a5972f291aacf3d6172dd920fe16ac4da4dd6c5b999d2f13.exe
- Size
  
  6KB
- MD5
  
  f297544a20bda66ee6f98e3dc91060c6
- SHA1
  
  3e140a5df3161ff5d3935b1139275e07903cfff5
- SHA256
  
  338fdf3626aa4a48a5972f291aacf3d6172dd920fe16ac4da4dd6c5b999d2f13
- SHA512
  
  3f626ba5a5153a0a0a0d7b09e810689f5c79e9d0d017bb639fbc18b3d0c052ad179bb994b4fb25f0030c06bb8b741819620e65622c6bc47584ca24e2520c78a7
- SSDEEP
  
  96:lia+ERqIgNI9X6xIzKSnjeKk/GJi/T9oCN1GzNt:liauIq/SnjC/VpRQ
Score

1^/10
behavioral3 behavioral4
- Target
  
  342933cb4cbb31a2c30ac1733afc318a6e5cd0226160a59197686d635ec71b20.exe
- Size
  
  1.2MB
- MD5
  
  a393b9536a1caa34914636d3da7378b5
- SHA1
  
  5aced706d9f6a0bb6a95c8bdf1e123485219a123
- SHA256
  
  342933cb4cbb31a2c30ac1733afc318a6e5cd0226160a59197686d635ec71b20
- SHA512
  
  4ac4b2c2f87d305f3073f79136cec44cacca296f75451c6d67653b9de4a2b871409a11631e5ff5d76478c3043e5f47040e72e2f86db1536079f586c12ebd42de
- SSDEEP
  
  12288:2CdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBgac9Q9bNHTQx:2Cdxte/80jYLT3U1jfsWakQpNHTQx
Score

9^/10

discovery persistence ransomware spyware stealer
- Renames multiple (402) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral5 behavioral6
- Target
  
  343ace5874a5854858e11e6c196007bffc045717ed29db9b03f23d01568e8303.exe
- Size
  
  510KB
- MD5
  
  565dacda99cc8d28d3e650b4d85e8d24
- SHA1
  
  6c5f2ab498ae16332a3863e45d35e47e1aabe001
- SHA256
  
  343ace5874a5854858e11e6c196007bffc045717ed29db9b03f23d01568e8303
- SHA512
  
  534eeda2e7c99ffef2bf023aa3f68739953ecbdfabcd57ad41af08c8c563fe27f7f8be04e80bdc2904ed0632984968551ddb107917fbe6dfc7a0e704af313946
- SSDEEP
  
  12288:M7iBDowvTfS6ublBri5g3D7eJit/mUZ5jI0B57g3l1TV0:/EkStbjfdteUZ+0BQ7TV
Score

8^/10

discovery defense_evasion persistence
- Disables Task Manager via registry modification
  defense_evasion
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Executes dropped EXE
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  34818CE171EA150B91429AC1DD6FBE49.exe
- Size
  
  170KB
- MD5
  
  34818ce171ea150b91429ac1dd6fbe49
- SHA1
  
  765f7cea9ae6e126181e5a78b897304913530d4d
- SHA256
  
  502386cb2288ce85af522da55916b5a05c71d9a32a80cec396bc4cdd0e0ac665
- SHA512
  
  e44b009eef9710787ddf63d5038e15112969ef5ac952520f772b5ab78dfe57c42f7562044642f573c9480c76569ef9a7912cc5cd1b0472e4d61c25e79a03bfb0
- SSDEEP
  
  3072:xUiScf7Taa44mVg6zMe4sfPZfE8dreM9aSW3OKojVbc7n4CRWLvSFlp6+qvv1:xUUm4mG6zwQLaM9aKjRg0SLlK1
Score

8^/10

defense_evasion discovery
- Disables Task Manager via registry modification
  defense_evasion
behavioral10 behavioral9
- Target
  
  360390_crypt.exe
- Size
  
  2KB
- MD5
  
  955fc65f54fa12afaa5199585d749e67
- SHA1
  
  b4b401f7ce39cdc1444c7505206f22e2d8177336
- SHA256
  
  286f57eb83302eaee7fda4836e4197136f7f9de0b6e4ff3df7649e3bf2f82389
- SHA512
  
  d9b35e6e92af712586424228986b9a45dea5ac1b7e54bcaecc6b24d558589d4fb1976c66f11de591be2855b0900bfb0b111bad3b0c1e81f62387f1d3f725245a
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  360390_tree.cmd
- Size
  
  15KB
- MD5
  
  49163792f3b8c4f62018670033e9fc82
- SHA1
  
  f2d8da51a9371cebc0fd41cb3d86f3768e791fae
- SHA256
  
  4637c6b332d640450e7cb3ae6a6b0d7d4451454770699acf364d855e28805267
- SHA512
  
  2fd7a02da20ca41c27b30f272bbf3bb186187492fc927a9dc8c7ea36b22c9e8ac6906428cab27eb7f907a21f352a2c7ed6ce60e48e0d9c35238a71ee8be6efad
- SSDEEP
  
  192:iJCJ+JGJ6JaJeJWJSJSJeJ2J2bJ6JeJGJiJiJ+JmJ6JaJeJWJSJSJ05:iIU8Ao8Ug4UMcbYM0goUcAIcUg4C5
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral13 behavioral14
- Target
  
  3896f8a37034429e9784d767765d85ef6dcde105320568516fac4e31400514db.exe_.exe
- Size
  
  516KB
- MD5
  
  b2b0e6184b82144f65389d39f1eadd0d
- SHA1
  
  17311fb1fb33da5f303ae30ee7b4b60b80985d2e
- SHA256
  
  3896f8a37034429e9784d767765d85ef6dcde105320568516fac4e31400514db
- SHA512
  
  d1abc2c74aa2bad9ac8a59c1552904e6d65717786ed7a193c4fcda23218371bcad0953848f1e1c5b9df50a86e2549c6da35c6e372366826dc25f042107a8babb
- SSDEEP
  
  12288:j3nZMhJ+ubNmzdCanVtkEY70mOpFRxd/GAXl0xtiNe96bgRO:j3nZqfbkzkcvElOpPj/DA2+6ERO
Score

8^/10

bootkit discovery persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral15 behavioral16
- Target
  
  3a061ee07d87a6bb13e613e000e9f685cbffb96bd7024a9e7b4cb0be9a4af38c.exe
- Size
  
  831KB
- MD5
  
  093e50c2d493f7300abcbfc4ed40c955
- SHA1
  
  8ffa33374b41c1ff4a209de04badac2c51fcd081
- SHA256
  
  3a061ee07d87a6bb13e613e000e9f685cbffb96bd7024a9e7b4cb0be9a4af38c
- SHA512
  
  2e086b06c64c610971e804365394b6e1607eff7036ae43dca7f49104086c2a57e1a8360959e3ffce6efb034044a3326feb3ffa7331ee5993ceb92f8f1ccf1166
- SSDEEP
  
  12288:DWvcsSHPUCdmmBeBCvxg1AcqY+4w5sZLZWp9VR3kb5L+s5ENOeQiV1Li/k6Xm:eummBqaJG7qRGLeYeXV1i/kS
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  3af4fa2bffaab37fd557ae8146ae0a29ba0faf6d99ad8a1a8d5bf598ac9a23d1.exe
- Size
  
  603KB
- MD5
  
  1a81ed9b043c7bffb1177a4d13dd8065
- SHA1
  
  c47711d08eaa7dea7299bc205b86e99dd3c40fcc
- SHA256
  
  3af4fa2bffaab37fd557ae8146ae0a29ba0faf6d99ad8a1a8d5bf598ac9a23d1
- SHA512
  
  b5842a22df1c77c49b86e348008b8eeb8f295d6b34f93c0ed8ea1b0edfdaeacb2446cf952de7b2fc7a5943e22495caf3f68f893809919376642e91103cfcd041
- SSDEEP
  
  6144:QuML75oIlCGJPY2Z2AlptXbgz0+Q4odCGfTnpbEdd/fudqsa0jucQgBMacCGNoEx:koHEHblpWz0jPLhEfgP6WMDoEOYQwfE
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  3bb691982de416a7a4e57b91211e80bea82dcca7b4bdbf25c0c80451dc138421.exe
- Size
  
  205KB
- MD5
  
  458c1cbd0ff849119214e739d8815f37
- SHA1
  
  64d26b1614693f15bed6bd4f4d2a6a35b2c4bc9f
- SHA256
  
  3bb691982de416a7a4e57b91211e80bea82dcca7b4bdbf25c0c80451dc138421
- SHA512
  
  695f17ca034f7c894bb87bf04db20a2387f144ade77188f497870d3711d0871c721b86327769cd393366b162229ad649671e111aa5b5b80d676156f47ededd08
- SSDEEP
  
  6144:JJOIZvsEy+fDjKSGXwLfjFU/coiqilMi:JJOIKEy+ffKerjFtoiLMi
Score

9^/10

credential_access defense_evasion discovery execution impact persistence ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Credentials from Password Stores: Windows Credential Manager
  Suspicious access to Credentials History.
  credential_access stealer
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral21 behavioral22
- Target
  
  3e3f980ab668ccde6aafee60ce16e3c35cd91e9b59bff20ce1615d5fb362a458_Dumped_TDS=4FBA3695.exe
- Size
  
  72KB
- MD5
  
  facdc4646b7f1876349cf72d6490f1d4
- SHA1
  
  27bfa893b2f73ed61764a2f2f3bfa0b03b5f76fa
- SHA256
  
  fef9c6c514e2ee00b96f6d33026f91080e43ed854d3aff103826d5063c9e7778
- SHA512
  
  8a8f08230ced45ed6e06351ee5c2ae5afe2e52a7a0284fbe74474cb9aab848a5e4226d041f4c3d50ab45c855d627e5e581a4fb66c43ace6c4ab092597985aa4a
- SSDEEP
  
  768:Fchho/bbYYwktIZwTUtv3h12jG6hdYWnXAjpWTbBbIKP077hPsxPaq77tiy/r:KjoDMYwEINR8j/Yu2pqOd77hPxy
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral23 behavioral24
- Target
  
  3e3f980ab668ccde6aafee60ce16e3c35cd91e9b59bff20ce1615d5fb362a458_TDS=4FBADA26.exe
- Size
  
  52KB
- MD5
  
  ca61cd4036c218e8197896c5b97515dc
- SHA1
  
  26520452eda2e766052d35630e59ecf7ce8de629
- SHA256
  
  9118d694540722bf703ae0b0e7fdfd5d04878fc289615bbed9aeea524535ec9c
- SHA512
  
  4528291fe2a96ede9a886b579b40923d7d0951b59e6bc51a397db84c413854a213a68e0abe6c0a4aece80101167527f2b1cce0a08c5ba2539de9a0e0c1cb103f
- SSDEEP
  
  768:lGUGWHeFkc68dT0Ju3GBZJBATs6lV3jWpG0R5Kb8AD:lBJeKO10JWKCIesPrK8
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral25 behavioral26
- Target
  
  3e75e8238a6bbd8817164658696198af_72889f61171de37d6b4d59016c55ec52__2.exe
- Size
  
  244KB
- MD5
  
  3e75e8238a6bbd8817164658696198af
- SHA1
  
  3c0246b41063f5ea26de9d96301774836270eff3
- SHA256
  
  669ae51d73a3fac117ec39195efb969cb41a16fadecfe412ad83b767b25ae2ae
- SHA512
  
  7e0ba0eac7395162c071fd21bd9b525de6df25067c01dbda28e1d33072159b9c4c40ec87e52e9abe1b186aaaef36f0de728f1849f566fb4c2d42a620da6d65af
- SSDEEP
  
  3072:JrwLB3HRdkT9MyJHT+/PBuZqWq6aIDMVV3dWklykCbZx5:Jrw5HjkT9MyJHeBuZh3DMVNbykgZx
Score

6^/10

discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral27 behavioral28
- Target
  
  400cad56ff3d210346cf6c4795aeb607e5b211b3dc4a8421b9437621c254239a.exe
- Size
  
  1.9MB
- MD5
  
  b2db12c684763da2cba50c6346376ef5
- SHA1
  
  f186ccba2d7566968b8d14552e7dd3e6898c35f4
- SHA256
  
  400cad56ff3d210346cf6c4795aeb607e5b211b3dc4a8421b9437621c254239a
- SHA512
  
  db2be27e5bc919bff1f8c58b9d66a9767f15731391cdc1a185755016b17461d8c7c77b62ecace75cc226011537a0dc3de6e9b38fef5a1f2db20d0bebc203abfa
- SSDEEP
  
  12288:uNE0rbJMurexwCPEbA0RgxegWWDeNNU1TH1wd6PO:RxSb5REjSNIVwd6W
Score

9^/10

defense_evasion discovery persistence upx
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Looks for VirtualBox Guest Additions in registry
  defense_evasion
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Adds Run key to start application
  persistence
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral29 behavioral30
- Target
  
  40b3cb2a210fafdaabdebefe1430862bd1192a80fcde84f51ceb387136d1410c.exe
- Size
  
  268KB
- MD5
  
  12666b5054cc0cb62cf758736340c1bc
- SHA1
  
  0f9ec608413918adef409e8e97612b6e71fd1bc7
- SHA256
  
  40b3cb2a210fafdaabdebefe1430862bd1192a80fcde84f51ceb387136d1410c
- SHA512
  
  df49dbcd1f2f0bf0d0129cb4e5dd343fc9fba1b46a7fc24db3e1fd560816ae86e79c360873ac06c62876051f622a9a54a327c3aa3019ecdad4a32f9dc9a68a77
- SSDEEP
  
  6144:1AZMCVtysJu4wCZt953XCWSntmb6IEACyoO+:u2wXCBWLEA5n+
Score

9^/10

defense_evasion discovery trojan execution impact persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  defense_evasion trojan
- Suspicious use of SetThreadContext
behavioral31 behavioral32