0d6870a3d1b27ae23c9e2c413fb2b367b69323ead81bf38524a54cc17e8a809b

Sharing

Copy URL

Twitter E-mail

General

Target

02934313
Size

95.3MB
Sample

220413-a35a5adfd5
MD5

cf9184f18b0e93390057deb2ae6a284d
SHA1

22fad60e1564d58f1a319f089c7b543ce351383b
SHA256

0d6870a3d1b27ae23c9e2c413fb2b367b69323ead81bf38524a54cc17e8a809b
SHA512

d6819551a8c741209de004e820ef05c67d94a77b9e844c3463efa78f17242cc286cd35ffbaa017abb87fe42c813fb0be7db166d85ef8571c99790a4b41d03502

Score

6^/10

Malware Config

Targets

- Target
  
  mfc140kor.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A
- Size
  
  52KB
- MD5
  
  045c404e2b47e4d2098ae64b0810b6de
- SHA1
  
  a579a3824ff61276803ff5ee6ea2481092f73e87
- SHA256
  
  1d48540e073e32b4bc702b58fe2378958bc00a7e4df63d5a24ac9cf444ebec10
- SHA512
  
  6e3a26659af103b4b4ce4d391e4478ae72685be417cdea49061ab49c941d4fce74c24798c79c0c5ca3d3f8e747af072a3fb9cdb047befe3135547b0e45169130
Score

1^/10
behavioral1 behavioral2
- Target
  
  mfc140rus.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A
- Size
  
  69KB
- MD5
  
  defa7b90fd1fbbf64de250a1b48dd0bc
- SHA1
  
  cd96b8cfd877619041799b04ff2ff7c7ddf8329a
- SHA256
  
  988addf111d9d0ffe5d6eb7c35e49dc3cc53f5ab24d9079b33736e6345a70b39
- SHA512
  
  d263b8766e15b0a8f1ad96eb4e45ed5aeaf54eb5c8a13ddf8e8d9692e6848a5e2daffdb4f8a341273ab416e6ef7402003da9bb0458bc78cb0dc6b980250f7ac1
Score

1^/10
behavioral3 behavioral4
- Target
  
  mfc140u.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A
- Size
  
  4.9MB
- MD5
  
  d6c87b75c8641349d2ce1fcd0757b6d4
- SHA1
  
  fc4a354d08f7b2bc8f86f577d495d2c5c7760905
- SHA256
  
  69e0f71e6ed1a17ecbe67e93ecf2a65c55a87ba1cbbbb258ada33dbc2977ec9d
- SHA512
  
  947752c2b171097c1f5c1e63aa043464673e8738289e342e43916a66c4401b38faff8a5efb753623be09f50911c0b7976dfb0289845efb0a0b3151ed88e357d5
Score

1^/10
behavioral5 behavioral6
- Target
  
  mfcm140.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A
- Size
  
  90KB
- MD5
  
  8e030107ad8e7614e3fc2f7b6b3ae3d6
- SHA1
  
  eb10c41c9e1cf6085a6d6e2901a38382193be0b1
- SHA256
  
  2abfd142bf578b90f3938337dd9986ab339e30d0ca60c4a2fee4cfb2299b2ad8
- SHA512
  
  f8f22894e0503cb604a5eeb9fec68174c6784cebb7ff5141c843aabef1ed8124b0b789e993d6275737bd6d609e7855597bfc72c59d4f1f38297226e49fbd9820
Score

1^/10
behavioral7 behavioral8
- Target
  
  mfcm140u.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A
- Size
  
  90KB
- MD5
  
  71f8b79bf46a2348e5de572a1b66de66
- SHA1
  
  7b1d349f8a3273a45c1343e336ee7d89ff13dfe8
- SHA256
  
  42216cd1644a2cd6146b79a48cd68ead88c71413f860218d7b38da8b5db59626
- SHA512
  
  bc19c7ca2903c5308eb4f9456b641e0f3fa8f0a4715ba4b22fc10e87f8ba201a00e6925634b0af276ec2cf1cbab671e9d07ace49d3330dfb0e8e94c2e4681b1b
Score

1^/10
behavioral9 behavioral10
- Target
  
  msvcp140.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A
- Size
  
  446KB
- MD5
  
  4835a9b8749970d0ad04f22a546042af
- SHA1
  
  f89d579c0b0c4afe2ca8283d222f44051d2e7c94
- SHA256
  
  fa21058e50d0d6860da87d784f573670bf5d3efd65158145954ef96d0cd403cf
- SHA512
  
  7379678fd9454bac2042e69636718c0c568d61fba40cd0ca064baee044018f007625fb0acfb77d249768c0e36ba1353078167148825df4f4496ecf860e57ce00
Score

3^/10
behavioral11 behavioral12
- Target
  
  node_sqlite3.node
- Size
  
  275KB
- MD5
  
  4ef8392550dea714b50f6c820e707c78
- SHA1
  
  6aee464956b76809ab24f4841ba64cae7a683f05
- SHA256
  
  e866f4418d86319f07a809904d8bce0c095ba858976078fcdaf7a23681b62f11
- SHA512
  
  b2edbcb2ccf0dd88277d49a52fb4c7f39f2858a4efe6282b62888d35af88dfc0653f884299b340d121b79c71bc49f091ce059b308f70c575210ed35aedf5de5f
Score

3^/10
behavioral13 behavioral14
- Target
  
  onlinedocumentation.url.4E6EDC62C0B245CF831D3C5D4806F990
- Size
  
  61B
- MD5
  
  878dd1f05f73ef7c4701564992f85953
- SHA1
  
  6a761b0e64d50b36c70047c36efc24b88a6f71f5
- SHA256
  
  b6bd8bad56285a8317351e36c40986946d44ee6d1fce6e4d84c5e736079bc32c
- SHA512
  
  c8bb9f1e801f417d885c1013751c6b1a57e01c284a44be447892b99fcf700d096f2bacac87b2ca580a8a3417b8b730c4a79968355a0f1b747ae4a02940ec0a9c
Score

6^/10

evasion trojan persistence
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral15 behavioral16
- Target
  
  opc.ua.certificategenerator..4E6EDC62C0B245CF831D3C5D4806F990
- Size
  
  1.7MB
- MD5
  
  91ebb47ad06da0fbda43a0c2ff543f16
- SHA1
  
  e85a8ae8c2cf189fe85a0bef6bf0ab63a14c0cf7
- SHA256
  
  0bb2aed623392699069cbd0682280982beb25f04883b16a8a24b6591ae5202c7
- SHA512
  
  3a1c5fd82eff066f7f03be1466a8da1d1a2f3dcbe5470b72d6fc76fd82d452245b7903c8858139150db85e89c126bec9cdf092eb5ca5bb0b634f0896139c3c99
Score

1^/10
behavioral17 behavioral18
- Target
  
  opcualds.exe.4E6EDC62C0B245CF831D3C5D4806F990
- Size
  
  2.5MB
- MD5
  
  a49f2ae1f4fec15d2a1055c2b6ccdec4
- SHA1
  
  6ca1686e7bb6da30285c8f2c2ad9fb0e733c0d06
- SHA256
  
  f5da393d5ede2c80376f1fb29cb47ed3a26d69bb516e8542aef7211329a33765
- SHA512
  
  49491f60b0883837b75afb26c932e3ab4d800db86f0750cc87423850539d6b9f06350f36e0b89d15b21b6f82de8a32f6ea0c1d46ad01668783e8191c71ce74c1
Score

1^/10
behavioral19 behavioral20
- Target
  
  rsopcgatewayaddin.resources.
- Size
  
  12KB
- MD5
  
  6b01a873029cafe6db9e52461d1753a3
- SHA1
  
  1d8aceeb48726de12b6fb15f98dc62f8b61ad1c1
- SHA256
  
  92782bdee076a779a719aead7ae54241a9515217021b5619e7061d7a45b987d7
- SHA512
  
  e66de58349684b429202ec1a81a098dd71fe93a97f4cb9809f28d2468374a6583e81b3ce3175d9aef09ac5df0b10831b787cc64d01252e1b6847d8dfacfa3437
Score

1^/10
behavioral21 behavioral22
- Target
  
  rsopcgatewayaddin.resources.2
- Size
  
  12KB
- MD5
  
  cc753191457b97ae556a9bcd7fe4119e
- SHA1
  
  227128809aed8f66f25ab83db75e4084fdd429fa
- SHA256
  
  8652c7c70a398911d716a7ef4982f1f499b79036add4bbb029f26b8768d6b935
- SHA512
  
  ef0c0259cbcec4471f3afabdb1762b5b753e35ce62c130e1d8bb47bcc9ae091cd542c108b50c9ed1c511da7bcc432c6cbfe93008eed1b30bf08ca1aba2baf0bd
Score

1^/10
behavioral23 behavioral24
- Target
  
  rsopcgatewaychs.dll
- Size
  
  30KB
- MD5
  
  23da4c671c7e4dccec0edc0662198932
- SHA1
  
  167d921eb311b6ce76df464befec7af45c3c88c9
- SHA256
  
  9a400d1ec9cd3293ae149daf66a5f4e28317f86dfa69c1c8d004c5ad29d5fdd5
- SHA512
  
  3279dcf52f86fb20984a7ca8f542c501b9e870a5b2c47e8f958c00080ca7161541cc7d517a66d0b855204e90d6a82268d9d630ac64398e4bbf560c541d7c9004
Score

1^/10
behavioral25 behavioral26
- Target
  
  rsopcgatewaydcomcfg_local.xm
- Size
  
  635B
- MD5
  
  dc270bed6f5f5fc6b1b87d805a57575a
- SHA1
  
  87de5303b0791007c3af5ec936e6845b5bef55c8
- SHA256
  
  4182ba056a63f53ab6b76565cce77af908c1bb199b4259fbbe75bd63f5bb3df5
- SHA512
  
  8e7d6c70441cf28b5a7b6bde851b3cf98452ff9e0af7e566e6f05a2b8f611c9069c7bb70ca28afa16d6ceef2121e7ec5a609b2266af524aa2b42a592ed550c35
Score

1^/10
behavioral27 behavioral28
- Target
  
  rsopcgatewaydcomcfg_remote.x
- Size
  
  847B
- MD5
  
  c3b51d6fce7b957472afdb99f82c9525
- SHA1
  
  721d6cb6e13d05c45d61d9bf89494f689c983a3d
- SHA256
  
  398468f8107d5508ffc34e284826e5e6e45e6c939804b150524557cc74a0726d
- SHA512
  
  b7c74ac55fc8368c0a4949ee0ba872ec30e01676562beef6b55b76b487b42c1b5f9a614a2b4c7abd3649b0d53beef56d834e779002aa76599bd69d8a7d65ff3c
Score

1^/10
behavioral29 behavioral30
- Target
  
  rsopcgatewayfra.dll
- Size
  
  39KB
- MD5
  
  31e41cc43dae1ef9afc4044df235175b
- SHA1
  
  8342b7e7ca53306e6c243c5be6073905828ea473
- SHA256
  
  15e255b84dffaa5bf268b060b058926dcfa7c9e5602e0aa2e82007c5c385f526
- SHA512
  
  2dd7796615c4d6e8007b313b05d7a9032814a49f7c7e30277aa4b03d0dcb9b47d8123c9579e68b995c7b2c62f54d96ab2c8ec998c4a5ce90a7b56485dc99c720
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Adds Run key to start application

Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32