33bea9bd56f58000c389dc296d9d5a38f2074fe13bdeaa6dbe43f68ba677c837 | Triage

Sharing

General

Target

253974365d44484db5e21d45a2717431.zip
Size

49KB
Sample

210706-rcr8vj7wvs
MD5

9571bc9843e23d70b0b17744249667a1
SHA1

9ac9b7cb2ceb6503523e2d33933bf735343d44eb
SHA256

33bea9bd56f58000c389dc296d9d5a38f2074fe13bdeaa6dbe43f68ba677c837
SHA512

a83167c9aaccee151efd267fc5f56326bb2cea95d1cada457c020ac8d317e20d71aeeb5f991463db6ae33d8ed135d3daf047e7e4117c0e49f6efc5efc8d97d4d

Score

10^/10

evasion macro trojan xlm

Malware Config

Targets

- Target
  
  HWUpgradeScripts/ConfigureSourcePC.bat
- Size
  
  1KB
- MD5
  
  193fe6afda2a54421997d6d04a8738ad
- SHA1
  
  d927d91c623b6b5f8baa9c005367ae9a71d265fd
- SHA256
  
  2459c1a2f2565eff03fb925a9898d3e8df320c95a784d17c9295cab16b20e10f
- SHA512
  
  2dd04be3af31c482dfee06112d3b29899a945e1955e486d4be26ab515b1d9b0f95fefedce800a150ed282c85eee30794e67f2213e3b85ac409302fbcb008d89f
Score

1^/10
behavioral1 behavioral2
- Target
  
  HWUpgradeScripts/ConfigureTargetPCAndCopyData.bat
- Size
  
  870B
- MD5
  
  f3976f83b048f6b476ce19e8e4919b5f
- SHA1
  
  3d7dc715894bcf0f4296bacb504beeafcb858088
- SHA256
  
  ab9c0637acf1a6f1a7aed6b1829941228ddf1f37bfb93e17e2d1b5756e1e51ba
- SHA512
  
  6b85b7e88ff2e3e4ef242f3de741b01073f68667822a3188d36c5aa66f52573b88c9d4369c5638d6a1f8e72f3ae29ef7ba0df298826bffea4e428c435b14c8f4
Score

1^/10
behavioral3 behavioral4
- Target
  
  HWUpgradeScripts/PreConfigureWindows7SourcePC.bat
- Size
  
  983B
- MD5
  
  81307c4fae02336dd550c4662f880dea
- SHA1
  
  29c0417e3e305e6f42461dedb9d9449cfcfe15d5
- SHA256
  
  92654778a60ba89d61c85e437a6649bd3e56c2c0fa49826ef6a1da4289c724b1
- SHA512
  
  325f67d47fb11dc62e7b5c729c86e30454a90da672e2b3a51114346037c9c64387209ed581ccaef30edf8736a036d16aa68c016f43c4d5579ddb2b99d7c6c530
Score

1^/10
behavioral5 behavioral6
- Target
  
  HWUpgradeScripts/Scripts/CopyData.bat
- Size
  
  471B
- MD5
  
  2225b9c49c8f7a9cdc2676dbe1cc7063
- SHA1
  
  0237f37b745cfd6bb52d5b52069a551d49142d55
- SHA256
  
  af8c847a664a411c3930d7860236dd9128bb4c2a98c10900d3ecf9971c56baff
- SHA512
  
  dd93a703f4031a69073a564f9273b6a5639b89aa06f90aae05458e9497b75e413a521165fde799186b212a91e00f610126ff26b7c2f8cead4f6b904d909c5377
Score

1^/10
behavioral7 behavioral8
- Target
  
  HWUpgradeScripts/Scripts/PostConfigureWindows7SourcePC.bat
- Size
  
  1KB
- MD5
  
  8be1f8982607274316410e43bef3517b
- SHA1
  
  f136b00754753dc3ef61eb697eb8f617c56bddae
- SHA256
  
  75174d7721ceafbe7ebf1134a52f14ef7df9caf18c95427cb428ae72ffa1370e
- SHA512
  
  ceb27d777c2cddc6856131a0ae3fc0d839cb1a84566895644f9db88d1bd502d7db224e0a3f52df43375025f72c54afe52e9b8e0c1350258039ed9c686a83cae6
Score

10^/10

evasion trojan
- UAC bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
behavioral9 behavioral10
- Target
  
  HWUpgradeScripts/Scripts/Source.bat
- Size
  
  1KB
- MD5
  
  5f2a987fac78167598ddf408f371ba87
- SHA1
  
  60b90b6b4ace18fc0e7e0e3e7bfd0099eadef5bc
- SHA256
  
  0cb4f79bea322d70128471abcdbbca6c03dd213c130712142290e670289b0265
- SHA512
  
  2ba65e3715fc05d7154ed4419fd85858c2c526f0c400ac27db67de78bb21235bff1700b6be55f0e9a1ed872c5b372e7e03d5c9a932397f468cb6925dec48e608
Score

4^/10
behavioral11 behavioral12
- Target
  
  HWUpgradeScripts/Scripts/Target.bat
- Size
  
  1KB
- MD5
  
  3fe88169ee644d2507a04e67f7226b30
- SHA1
  
  a8170152bdb1c27c56a9e19e2636a3566af3dccc
- SHA256
  
  46d70e6d92f3e185d9712363d6389868f2e546e062ae22a4c757936d32cfbf1a
- SHA512
  
  4e9eae65d8b51482743f85ed472116adf7b045f405e560de70eb2fb40672338bfcc9954afe056df8f20dd8144c8d83bbb3593f051ac7346ecb2b6eecac0162a5
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral13 behavioral14
- Target
  
  HWUpgradeScripts/Scripts/UndoSource.bat
- Size
  
  954B
- MD5
  
  43890edee5a50be953d56da8a7ab9d6b
- SHA1
  
  99a889d17760b1798ba48c19ba0681919835964a
- SHA256
  
  424aa5b0b3d654138e27203f3a303553c690ebf5687ee96c612b52377334d437
- SHA512
  
  3fdcee5b1ed8eb69bb9e762734a0baf01b3c78ffb3a29f0788ccf312b61dc248549dddac12bdfbcf8f90b9ac6ddf2e83083b3c9ff7888c3ec0876562187953b1
Score

4^/10
behavioral15 behavioral16
- Target
  
  HWUpgradeScripts/Scripts/UndoTarget.bat
- Size
  
  957B
- MD5
  
  69201f78234ba6b6844d131631124a4e
- SHA1
  
  26534c1642a4067b0e2de9c9d9f0805de0b63f60
- SHA256
  
  68e6cbcd3c7675996b9a9de83144934b0910b9d33ef4c0f3b0f404e90a828b65
- SHA512
  
  876a0ce45fc099486593448218cc42ade68feb9b180731c8e5b2ba9b6a9b01945ab5b7b2935804137f53460302f4a5a27b94f7347cb8be8b09bd57ada0253ef6
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral17 behavioral18
- Target
  
  HWUpgradeScripts/Scripts/dirsize.bat
- Size
  
  469B
- MD5
  
  9b1f181814fa20c473003d1e22ef2ced
- SHA1
  
  11d20e05ffc906181cf24bfab393ca63d0ead9c9
- SHA256
  
  f57033716a8456498ff2f2720be5f75f59d84959e2a3d7cece0ce9f434edce36
- SHA512
  
  fe5fb14fa79e793d2454cbed968e92d876f95bc34366bb859910c98b41368707ba4b698bc992ab85b970d807bbd355d6529c2fd35e5dbb55ec8670544520668e
Score

1^/10
behavioral19 behavioral20
- Target
  
  HWUpgradeScripts/UndoChangesSourcePC.bat
- Size
  
  291B
- MD5
  
  8eb6958effb4f9cf16d5f7854d5410b5
- SHA1
  
  8161497c44d8b354834a4330ee70d31ef31b56a0
- SHA256
  
  534985eb818183cef54bb1c59d85ca230b38486f0e880654125784019d620946
- SHA512
  
  57d7793912e3a5c7d786f484068ddbc01382795650a4826fe8b9f9b43e662e75f98614bf41b9d5b8df9bac60f623d51e73cfb5e818a983fdc0160c067785b0d3
Score

10^/10

evasion trojan
- UAC bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
behavioral21 behavioral22
- Target
  
  HWUpgradeScripts/UndoChangesTargetPC.bat
- Size
  
  239B
- MD5
  
  b9033489466d2699616a055d0cb33d4c
- SHA1
  
  9f0574c611c8a0755836b7202e83d4e5a7966120
- SHA256
  
  ad0f14acc8af05bec2a531390a32bc3b39a482fa2dd659eaf91739b8c60b0210
- SHA512
  
  e7fcd567cce31e1816af9d80aefd70a1735cd42872e6e0efec05b355d65c823b8c8e89aba2cac9c627efbb99c23be498e21503c0ba712f65242de0a1d8d19dd1
Score

1^/10
behavioral23 behavioral24
- Target
  
  HWUpgradeScripts/XP_NVSPBIND/README.doc
- Size
  
  55KB
- MD5
  
  116721ba15df9d5c676704ddbcba52a4
- SHA1
  
  17629ef3d3389363a0b7f84ac97d62d371da3abf
- SHA256
  
  d71b8fb3b7339873655905e20810133009cec60cbe433cb245279dae7f836cf7
- SHA512
  
  22cf9e54a661af2002e3d9330946f94e7f5f3e9347cb1a7a146586b910b77e8900d0725a77c1f338dfa9b8c029eef3de368a465626da113b864805b53b6bec0b
Score

4^/10
behavioral25 behavioral26
- Target
  
  HWUpgradeScripts/XP_NVSPBIND/nvspbind.exe
- Size
  
  70KB
- MD5
  
  98530647cfb395c673d282b9b0640a98
- SHA1
  
  c65e5a3dc6004a01eeddd1bb36fdae69db69a50a
- SHA256
  
  22405573dead2316c43239963234172dfb61f7809f9fe1457f2a864989bb11f1
- SHA512
  
  29b531e5cced28923554498594167d85121c82c415414a27168c5f5798393efe699f32f7aafbbfb3b6f115da2131bce085eb8f805ae159fcf36b3f17b4abe57e
Score

4^/10
behavioral27 behavioral28

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28