012b7be96be0d30ed45f40421750db504c2fdddf0eebffea4170dfd7f1107254

Sharing

Copy URL

Twitter E-mail

General

Target

buscaResultados.zip
Size

16.0MB
Sample

210416-wyq2kbawxx
MD5

612020517b1111207e40165da4711f39
SHA1

bb278550b8a3c182e52cd37dee282d2fb52ab774
SHA256

012b7be96be0d30ed45f40421750db504c2fdddf0eebffea4170dfd7f1107254
SHA512

2c3eeedb6b1130aecef586b2038553d92a2f28f47b71a731b4e2dfbc6dce55375924b95907e30ee022358b6baddd86987b4b8ab81d1e5be605cacc2dffaa9d3f

Score

9^/10

Malware Config

Targets

- Target
  
  ASYCFILT.DLL
- Size
  
  144KB
- MD5
  
  c89e401800de62e5702e085d898eed20
- SHA1
  
  72fb4f088c6ac02097b55fb267c76fbf5e0fa1f7
- SHA256
  
  de83c9d9203050b40c098e4143ef8f577aa90016c7a64d4f2931b57a4c43e566
- SHA512
  
  70006d70dcb47361ff43e4f7c458655ad2474b70cb917873aa77d2cc06465a68d375d36c494d154a03dbbff891df7dd6cab3d2c7b08e8650b9ff170e30838070
Score

3^/10
behavioral1 behavioral2
- Target
  
  MDAC_TYP.EXE
- Size
  
  7.7MB
- MD5
  
  eb58dba7f3fc9d8ba0d486d8e08b60e5
- SHA1
  
  05ac649932a05297cdbba554f5d3349bb5beac36
- SHA256
  
  dc14f8710e7281a5e1722edb53fa397e29405e9e2be8afa17716aad9b1c13782
- SHA512
  
  738d2c1badb587aa81e732685aacfa4f32cc8ae8ad2f5bdcb9b896000d6c24a8bbbe987b7f28e8526bbef4b2d8cdf6ff5af52083bbcbfcc3a4a2a58890d5de5e
Score

8^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  Resultados.exe
- Size
  
  152KB
- MD5
  
  e34af3d0586e785971c9d9ccadf0b458
- SHA1
  
  705aed2bdc553d8e206d3ee1338594959fc2b1a6
- SHA256
  
  4fb726abfb709f47cb0dc7015afd46cb59156cd018cee677644943aadc5f7606
- SHA512
  
  d89935c8a2b7a5cda77e57959ffbdc858641c99c3d890c18a6038c40e5b551e11976dec15e15a48a9fc1e42885fb76c2a113e2dd318a1ca2dfc8a839569515f5
Score

1^/10
behavioral5 behavioral6
- Target
  
  SETUP1.EXE
- Size
  
  244KB
- MD5
  
  c6264b17629f6f9f0bd2ba7671ceff69
- SHA1
  
  67a6b419740c1d6b780789bffcfcc83129e36d1b
- SHA256
  
  5b82b27da9bbaae1abc32095942c60017b275e002cbb2c0cb44580131f4789b4
- SHA512
  
  7ebab7444620146a065b520491faea53612d627ae85dfb4bd92201864e5cdad55fe5c94ae66a8c7a3bf7950a60c54c20b9291a70f3801e937711f1b596543f1d
Score

3^/10
behavioral7 behavioral8
- Target
  
  ST6UNST.EXE
- Size
  
  71KB
- MD5
  
  ea4e2ba0d35eeadee23b0c1397c71367
- SHA1
  
  e715ddf7c568a745e7990534f06460556e20b3ed
- SHA256
  
  dafb5d89135fa565080c9c6beafbdeb7611089e946a520001a7ef02facb002d3
- SHA512
  
  64b1521c1d03683479f41f27b5a4feb4a703b70f8db45080d74d14ac1747c8fbd393adfba3b8c96748f8bc6a4bfbce00d12c44ebc1bb7285d5cf7528f5c7ab86
Score

1^/10
behavioral9 behavioral10
- Target
  
  configura.exe
- Size
  
  32KB
- MD5
  
  9ef8dd2cb761afe2ad8448e923ad19c4
- SHA1
  
  8f761ae0f966b50168d4ba2fa4cb3d87b0a0e949
- SHA256
  
  435b075fa65425f9d8902f2595c5f29406035860648a70904431eb3f57d63a87
- SHA512
  
  f8d9fe46098f49deeb97d4078f20c2a0ba47ae8bde892247304ad25c49b901638c6966a7e7ad8a0c8918bfd75aa673d740c8e8b7e069a81757f56b5c905314b2
Score

1^/10
behavioral11 behavioral12
- Target
  
  setup.exe
- Size
  
  136KB
- MD5
  
  a77a5e80020273ff0f6eea3990c76cb6
- SHA1
  
  8eefea2d1bb7d93037976429340793c1bcce0d84
- SHA256
  
  3d0041832e8b6f5b95cb33d286c24c53ccc9341549589ae8822c6084e8d2aa5c
- SHA512
  
  ab296892cb314914c9c04a37441a2f9a41cf5b5e1eafdaee6b576338f2be9501170587eb13bdbb715cf0d79e3beef0f57e3e472b187c51196e1d2d38a3be2cb6
Score

8^/10

discovery persistence
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral13 behavioral14

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Executes dropped EXE

Drops startup file

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Enumerates connected drives

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14