General

  • Target

    UniExtractRC3.zip

  • Size

    58.6MB

  • Sample

    220519-pkzegsfbb4

  • MD5

    5cba677774e761633d248507ecabfe94

  • SHA1

    095d6b70aa20dca1291585e14f56314c8497bd1b

  • SHA256

    03170680b80f2afdf824f4d700c11b8e2dac805a4d9bd3d24f53e43bd7131c3a

  • SHA512

    37edeafb978bd6604a473efe56223710e0f293d95f8d786ba187bb328218fef85760591eaf35ad0d5a0db968e358eec21bcf748392537a9fbfcbc50ec3c95f22

Score
9/10

Malware Config

Targets

    • Target

      UniExtract/UniExtract.exe

    • Size

      1.3MB

    • MD5

      0740af43cbaf778d71973a52133ad7c5

    • SHA1

      65f9161cdf3b5ac225fa5c63c1fe135623d07cea

    • SHA256

      2dc61c2a5e5f17725697c2ac1ba1395951e6eb613167fd489a64dc3bb3182715

    • SHA512

      0dd2c006e53ef9670fe0ffc828ab336ebeddb0a55369be1b7d18a6adc6c3c71146f87f5ca0e34c02c40ac75d4c30026896e333abc3a09891ed873e77ef23bf04

    Score
    1/10
    • Target

      UniExtract/UniExtractUpdater.exe

    • Size

      985KB

    • MD5

      2c091d71b93b4bacdbb1ca0a0b91682f

    • SHA1

      a69a078e4a42827d4c21421f0e8f230447c4f4b4

    • SHA256

      bd314d610720b169d74b61f17619574e9b3465875211231f6a65168fb3a64634

    • SHA512

      b0fbf7480fe499409188577814892b4d351881462b22d8c26c489df125eb544c266e0a7d470cef4b77cafecc7dafeadd36aa65f6c9f6b22c2f435bbb2bb59956

    Score
    8/10
    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      UniExtract/UniExtractUpdater_NoAdmin.exe

    • Size

      984KB

    • MD5

      4fbd18b43ea8d223c4e728dc88ee303f

    • SHA1

      fc70ecb7ee1998d751f768b2f6502b74a8b5fdd9

    • SHA256

      12d45f03acdea4eb2d99379d26562b93a2967adb13f508c539e1521d4de60453

    • SHA512

      de8f4a757d39b2cd7e4adc274e2b6367d76ce144e70d1a7c6f362659b8307c7b8f7d4fa2724952eb55721cc10e37d237c643cd7f284d18b1c9a2375649c7c1c9

    Score
    8/10
    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      UniExtract/bin/7ZSplit.exe

    • Size

      9KB

    • MD5

      5c7a019b5cb72fec6e40e952909e9c8a

    • SHA1

      0d144c6b10b8c3ba3fd45c8b2387e7f1a15028c2

    • SHA256

      4d32f7017afad3fea254a9d550c1ada112b2f32e4a627518761ce7c0593a965d

    • SHA512

      b87f1618e31a05eab41feb6bb0d42b780e72a1c3f0202bfc7482965c87cd66b6335070924afb827694b19988772fd62cbd815df1f9c9a732a1b26b63094add13

    Score
    3/10
    • Target

      UniExtract/bin/AspackDie.exe

    • Size

      13KB

    • MD5

      f673d8f61a32ff0e550f6985b194dbbf

    • SHA1

      8ef4857d0812f6f3eb5e76e0cd9cf11b9bb01d0a

    • SHA256

      465e075688109b59ce08d12499751a6eff19cc825941e9d4dec9b792ae5220d5

    • SHA512

      bfd42d69d68e57b6c1f2de69efb679bd99cb85191eb88889feee249b71bddebf6eff5e7bddb43b7f1d4196cd7753e14b1d3b624b8700b9fda3bd559eff9e21c7

    Score
    3/10
    • Target

      UniExtract/bin/Bio.cs.dll

    • Size

      13KB

    • MD5

      c2fc5e2d12d453594ba1cd4e09254902

    • SHA1

      bda1e703c9c3bd0f5f0e21abb5b2bee2138894ed

    • SHA256

      00d84cd0d109c738b56e29fe6b8407c017679274fb5ac3120ab5940415323004

    • SHA512

      7c261d529fb7a885f0ee214a0335925832a76ab2e8ff51e81c1b09436ee38e0db211b46e0d10efe2b220396cc463c51e98cdeb338d9d4aa2d1caa61645c5b57b

    Score
    1/10
    • Target

      UniExtract/bin/Champollion.exe

    • Size

      1.4MB

    • MD5

      7e5ecb58a4fa4b5834fd1026e0ce2edc

    • SHA1

      c310a60b36af69068838cfa0ece1f1081a5c38a2

    • SHA256

      b4f2cd412d039f52f283b4a342639cdd7fc756b26ae4a40017926138e933947a

    • SHA512

      0f0a6fa30954e7ac771fa55d92cfda801e6dcc711cd63974e0deb44d6fe2b3b6bac182e21bf58088e57f8ef4a64002a0983fee84e1e85fd23903c394fd4b0382

    Score
    1/10
    • Target

      UniExtract/bin/E_WISE_W.EXE

    • Size

      37KB

    • MD5

      e9ee2c1e59c498501a93d11a43c49b27

    • SHA1

      2ddb76b5d5eed89084aaab6e3ccfd5b18c514dee

    • SHA256

      f25cf0f24f9aa398fa54b0a3559d670db7c3a12f44340a2730d35584772354df

    • SHA512

      bba074e2ab946c9c96cee63303a69cf66b5db37e2e866f2430018e30e53e6a18c67856dd4325ec9a054ea16d94a82837a5dd36fe7396931141eb1b487270f68f

    Score
    1/10
    • Target

      UniExtract/bin/EnigmaVBUnpacker.exe

    • Size

      615KB

    • MD5

      6ee31f544e4ccbc8b6f4df294c529962

    • SHA1

      0909df417a2ccf6ae878f3670291e09508787cc0

    • SHA256

      173a3f1cdfe9734d93207af7b930dc38d37238a2b2070159c3a4d311f3baa41d

    • SHA512

      5d0f6e0e9001f6827def740286d165c250b492597768fffbcc8683ac4c873ac61f316006d8e20ce3709a50fe2e004433eca7f5967f105d73efc073e64ca8394f

    Score
    1/10
    • Target

      UniExtract/bin/Ext_Detector.dll

    • Size

      103KB

    • MD5

      02e88bd87f76d28a857205606b1b325f

    • SHA1

      fedbd92d21d3c4eed742db7917b1d546e817f9cc

    • SHA256

      2f9c209452eae5efec4a2d338a4fc6c710c0e90ee665d40b57379d0a62430024

    • SHA512

      e2c9dca988874b6c7d782ee8e4f529022d000e800e9fdced1a336daa0edddb77e11ccb56db3fefc310f0598f3b0136b4d2ad4f3b10182ff07b7846ae58987e9b

    Score
    3/10
    • Target

      UniExtract/bin/ForceLibrary.dll

    • Size

      12KB

    • MD5

      c6ef0a1eb063707ea93a664e8e05e485

    • SHA1

      0efc921344cccf1ca1ae87719acab576bbb6306f

    • SHA256

      a405bef4730c5317da59ac48bc44a4af24cc1911a0531d393d229233dd84f35b

    • SHA512

      efa2ec64d0ccfb6846de9643ef3b599fc8cec561ce1eea8136600f3878eda76537745cb84784d83c5c820a243d16045c5db2c0e9fbd990bab9e8e5d5999ad979

    Score
    1/10
    • Target

      UniExtract/bin/Foundation.1.0.dll

    • Size

      2.3MB

    • MD5

      71c1693f1e1399caebbe46baa6b0c4fe

    • SHA1

      43a256c736f9b16215a0f967715b05e47fb1a842

    • SHA256

      908fe0c74666577eadfc5948deff2bbf6d1da223dcb8239e84248c491ef3c38f

    • SHA512

      666fd3197ebe55dd64581560ce01edd991feb2933ea9acd0b81184a55cdef51a685aaf5a28690b4d8cc9b1d8621d0758c353807f54172a8f9453b34d45b3220d

    Score
    1/10
    • Target

      UniExtract/bin/GARbro/ArcFormats.dll

    • Size

      1.9MB

    • MD5

      e4c2120d50d2a2e788ca876f44973930

    • SHA1

      965bfcaeb1c96e3eb2b07be6f3c8983b66e7e6da

    • SHA256

      a9bd428a77a3be7714d07fc3fee00a7346dac4ae3e817d2a65d7afe9dedbfa3e

    • SHA512

      b48fbb21d5482fa2ae8ea932c9dbf4aeb8a72c7345e5c906e2c940d2c8f527860ad7a82cec45b348a47f2bd7e9a3d951090ce2156458cf4f92709df14d67583e

    Score
    1/10
    • Target

      UniExtract/bin/GARbro/GARbro.Console.exe

    • Size

      19KB

    • MD5

      1bcb91f3d718deed9fdcefea46a29949

    • SHA1

      1321412e517ed5d1e4fddc4be0052159f1ba804d

    • SHA256

      7535777860356af94c66020acfc796152607672b7c030c864f573a6af37a4795

    • SHA512

      4b4be7775d8fcebbdff0d4fe057906c6969a40108d4756cda509c75175034f5e1aa5f0421cfdfd7622598673cf3c6af6baaf108bae21770c6f834d3e0aafb26c

    Score
    1/10
    • Target

      UniExtract/bin/GARbro/GARbro.Console.exe.config

    • Size

      184B

    • MD5

      2cad372fe430b4dff8f146ae24e6dd72

    • SHA1

      b21b904bd88b50395ae70077828b3c0d4471558e

    • SHA256

      80ac57288bc8d680765237f734b918ebbfe35820044c635c6b78f65ad21e6da9

    • SHA512

      88ca4272dde6c7e6ada087f3d515520bc4a9b81a8bd1047109a2683eee1daef88bf8ed46cb076bb809e6cd528147794976ae51869ad433fa1944d8b61a835b4e

    Score
    1/10
    • Target

      UniExtract/bin/GARbro/GameRes.dll

    • Size

      102KB

    • MD5

      4a34b2ba3fbc2c552fada435bfd2040e

    • SHA1

      2ed7364ee1ea3c1b4fe12a446ae3ef3a1074ce00

    • SHA256

      0ce0e7450037632655df1295b5764a2830f2de03782424f5caa82b1e6398cbe3

    • SHA512

      b0babdfd2558f6fafdfba87468ce7110db973294178102b76a9d0b41f3474b1f53adbff70bf9c813d8f6f876e2aed82355ebb09c5c4abede58ec42f7ca1c96a9

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

6
T1082

Tasks