Overview

overview

8

Static

static

??-??.url

windows7_x64

6

??-??.url

windows10-2004_x64

6

DPInst32.exe

windows7_x64

4

DPInst32.exe

windows10-2004_x64

4

DPInst64.exe

windows7_x64

4

DPInst64.exe

windows10-2004_x64

4

Setup.exe

windows7_x64

4

Setup.exe

windows10-2004_x64

4

x32/eSm1_DS.chm

windows7_x64

1

x32/eSm1_DS.chm

windows10-2004_x64

1

x32/eSm1_DS.dll

windows7_x64

8

x32/eSm1_DS.dll

windows10-2004_x64

8

x32/eSm1_DS.dll

windows7_x64

1

x32/eSm1_DS.dll

windows10-2004_x64

1

x32/eSm1_IGFX.dll

windows7_x64

8

x32/eSm1_IGFX.dll

windows10-2004_x64

8

x32/eSm1_IIME.dll

windows7_x64

8

x32/eSm1_IIME.dll

windows10-2004_x64

8

x32/eSm1_ILANG.chm

windows7_x64

1

x32/eSm1_ILANG.chm

windows10-2004_x64

1

x32/eSm1_ILANG.dll

windows7_x64

8

x32/eSm1_ILANG.dll

windows10-2004_x64

8

x32/eSm1_ILOM.dll

windows7_x64

8

x32/eSm1_ILOM.dll

windows10-2004_x64

8

x32/eSm1_IO.dll

windows7_x64

8

x32/eSm1_IO.dll

windows10-2004_x64

8

x32/eSm1_IPPR.dll

windows7_x64

1

x32/eSm1_IPPR.dll

windows10-2004_x64

1

x32/eSm1_ISMON.exe

windows7_x64

8

x32/eSm1_ISMON.exe

windows10-2004_x64

8

x32/eSm1_IUI.dll

windows7_x64

1

x32/eSm1_IUI.dll

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a94cf160138f443e5a14fd8dc7c413a1a712b5b3c48681aa9495c53cd5db52d3

  • Size

    6.4MB

  • Sample

    220521-ehr8aacdeq

  • MD5

    388368e7b70628860cff221e3a4f0e9b

  • SHA1

    05be7eeb99025aadedcc32e5102bdca7f69dd98f

  • SHA256

    a94cf160138f443e5a14fd8dc7c413a1a712b5b3c48681aa9495c53cd5db52d3

  • SHA512

    07a93d16c223cb6c67dcc0422bded1ee5bbd1fac7fae57583e283aa99ed615ecb2b2c1cad30fc10d2bfc8349303840515963ff31462bc293fc77fe1f439aff82

Score
8/10
evasionpersistencetrojanupx

Malware Config

Targets

    • Target

      ??-??.url

    • Size

      272B

    • MD5

      8c22a53d50c570646be397335e3ece62

    • SHA1

      1f3fcd6c99028751f6347f83efdd5fb0d21a0b66

    • SHA256

      092267ce395527ae7a4355e488fb01d267b8b735d39379f2f82aeac72aa48af5

    • SHA512

      45cf3aca16ea3db2d01c09b1568413deac65e19d1b9ccf08ffc0019fe94bffdd8b131879c90e39783a224e097db0956decb8aa7db4db44d6fdb2f09e71fcdf85

    Score
    6/10
    evasiontrojanpersistence
    behavioral1behavioral2

    • Target

      DPInst32.exe

    • Size

      900KB

    • MD5

      e6213cec602f332bf8e868b7b8bf2bb1

    • SHA1

      593775390b8a474a0bdb8a49b5d26b50b6e3cace

    • SHA256

      4478f6fcfd2fc9be012668592bfbf6838a115d983f9d30171669b20cafe529b9

    • SHA512

      24f96cd7a5043547997167f46c32381ca86932fe7d3a9cf32edd72e7a0cc0fa165152246da913c56d124d1f821e00f09872aa0e3dff23b655e83d9676e14482f

    Score
    4/10
    behavioral3behavioral4

    • Target

      DPInst64.exe

    • Size

      1.0MB

    • MD5

      3f9a13461e2b356d1a97ba4d3692551f

    • SHA1

      d56871f832ea20877bc74523d040cee1adc5903a

    • SHA256

      23ea59da92eecb423b3039861fa86d83545c49a374afbadc9c229f0fea4da9aa

    • SHA512

      f1c2f072e5ab98ac91b9c4fa522a3e07bfb861bb48c54d09effe3ee8f109f63580f82cd08152949697061131dc01a1ec2f75c6eddf2fd98946bc2de4b6b2e0d8

    Score
    4/10
    behavioral5behavioral6

    • Target

      Setup.exe

    • Size

      1.9MB

    • MD5

      774855e635f052c179aef48dd6f35ba3

    • SHA1

      b6d63d7108a2c514fd413849584fd75feaa41b32

    • SHA256

      5e44a5cdc335350164f59bfdc859666ed83deeb61b0b9fbea7e2de3844cf09ec

    • SHA512

      3e51166126a2325755372550edeae87eeec269069e79515b45d4d611a1c978b9471461c6bc7b9b18a0bf55ce774da0c332e1fbefe1e97229405d223fad70ffe1

    Score
    4/10
    behavioral7behavioral8

    • Target

      x32/eSm1_DS.chm

    • Size

      13KB

    • MD5

      25ba6e1c69651b4bfe69a47851ba47ad

    • SHA1

      5d1cec8d1b5d0ccdd1e0ea05d8fb113d4e0b4eaa

    • SHA256

      28b8d178f56e652864ad6b993f868e0b05dedab8f455fadaac58be9f62710261

    • SHA512

      cf4ac2ad9d4ce2f9b0283a5f57edd6afdaa38e1d68e4fc49701431652c10f9013545d74d22da0190a793ea2b1a2ea752630951aeba3f734596f5b0f4a0a1b943

    Score
    1/10
    behavioral9behavioral10

    • Target

      x32/eSm1_DS.dll

    • Size

      323KB

    • MD5

      b634ad402135cc79d570b6cc098535c9

    • SHA1

      51c850c598d98644923db25d71828b172a41e29e

    • SHA256

      713ccedeb1b026ac10d79cecb1750dd6b9a4030dc577909fd1ca2632cb3a18ee

    • SHA512

      abd16901b50195680efa6866b3e45c90d63663530aab6dadd3ea02613d32bcc2db8c813f1f88c9e1c6e2e010822422b5e95ce2e6f786cbadca8a57a277ccd0fa

    Score
    8/10
    upx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral11behavioral12

    • Target

      x32/eSm1_DS.ds

    • Size

      373KB

    • MD5

      97996482a681564c22a2ac3b1b72155c

    • SHA1

      280c922bfe4940a8bbab8ff7ecb6339403858bc0

    • SHA256

      7d965b30499661fa9d515666d28d9e317b117ad5752c147a940b5efa4a1cd438

    • SHA512

      61dcff99879c0ec36895eb4770801b1da5c1f17437ad75eb62e2ac4cf84d85558592c6a70160836ce37fde16b0acdf75df6c634dea4f863c3d97247374530142

    Score
    1/10
    behavioral13behavioral14

    • Target

      x32/eSm1_IGFX.dll

    • Size

      266KB

    • MD5

      431c0f3c8948a8d8147aefbbf53ad221

    • SHA1

      5cf83239a22ebf8aa8161b2f7b5c06fc524ace5b

    • SHA256

      5d586bc629198fcb4ee30c9800cd0ee2f12f7f9e7033b40462191e0c5567ee6e

    • SHA512

      2d2004a90d388c543251b6535a48007924c2dc7ad74fda1d4466f5906d0271686cd36cc570a9d76e9e1062d292344450a8062c3b095e202ca778fddc4c269236

    Score
    8/10
    upx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral15behavioral16

    • Target

      x32/eSm1_IIME.dll

    • Size

      1.5MB

    • MD5

      0121abd9349c2dfaaa977323049fff74

    • SHA1

      6c0230f0d8e8219f7d9574b0109bba1ac5a50279

    • SHA256

      f71dd7cda0b4749af731a1238a7a1e12cab8aeb2a09bc9cc13f848f081cb3c86

    • SHA512

      58bab99840bd0dcdf47e3108ef8bb5353cfce470d55d193e8c9949965817c3c4b27e2556b35a0730306d25e01ce646481ec5fa520491d66124059d88270316ef

    Score
    8/10
    upx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral17behavioral18

    • Target

      x32/eSm1_ILANG.chm

    • Size

      67KB

    • MD5

      14cd8ca8b5727775bcbefd580ef88fd6

    • SHA1

      f15e314a77e7905e45560b204b7ec01e70606372

    • SHA256

      1c820885041b04ab4dc965b07fa5e7676841749e5422b303ffc860b8d7477753

    • SHA512

      7831b23257797f43986a61e84043d80d11c23036f054bd63d31e3282adac54d6a5370f0d40c48df01a448f70556395b954cc28e3db79498b48fe40ea4c97910b

    Score
    1/10
    behavioral19behavioral20

    • Target

      x32/eSm1_ILANG.dll

    • Size

      3.3MB

    • MD5

      4e54c60f803167319c5660091ac83d21

    • SHA1

      034be8467b8ef50d5600bf63ee6d249126a9cb8e

    • SHA256

      d069781aff820148df82a9f6087075f7e4d615abdeff3f88e5ab1e11664c6392

    • SHA512

      15381c3a275388c09ac2478e20f1ed9aa11322dc70f26c39f4065133006f8d2cc5daa0512c462491bcbdad92db9142dbb01662f279d64c4be0986b6868f29ae6

    Score
    8/10
    upx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral21behavioral22

    • Target

      x32/eSm1_ILOM.dll

    • Size

      185KB

    • MD5

      7fbe531362405057747ab6e05b54f621

    • SHA1

      66da50472275c3494de8f8d7755b140afb50ebdb

    • SHA256

      1defa4d2f401185808c90fd9a8eb7c38f448bd81fb7fe0661e46c0099edaaf84

    • SHA512

      0e400fa253cc19c8a29bd284649fe355bbabf10308217dcf63b43ac943e47408184e4c90b5e90533c0613fb31d871834b9e387785abdda560337dc7d8d527e4b

    Score
    8/10
    upx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral23behavioral24

    • Target

      x32/eSm1_IO.dll

    • Size

      1.1MB

    • MD5

      fcd7cda75dc741881ce9d5d20ea72944

    • SHA1

      f3880aa76f65efdc471a71681dbab6de930d09bb

    • SHA256

      682ebd5f3ba7d41151b2313ab25d97a4376e948bda6496a9bce16d7de34c30ac

    • SHA512

      16b4702012cb661dd1a3f37c74e681b0bb7f47244e027c7fa587ab532447fd2045d0dbf825033d39fe4ffe7563b0d2af00f23c9902f14a1c690f54f4534bd3d7

    Score
    8/10
    upx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral25behavioral26

    • Target

      x32/eSm1_IPPR.dll

    • Size

      181KB

    • MD5

      1db83e7fcd9f84efe128141d7571baea

    • SHA1

      5f9d171babded2b3b75f90a9fb06ae0996d32199

    • SHA256

      8da520c9c715fefbff472c40ee3c5aefdda6f1486a20b307436ff1fd352dfcda

    • SHA512

      322518366befc88ea7488a0f65321f41547dba29065ee2f6624e2fde2918ee7efeefc7af6bda6c93dd44282bd97db963d1996ec0c8ffcad0241e30be57f4acf8

    Score
    1/10
    behavioral27behavioral28

    • Target

      x32/eSm1_ISMON.exe

    • Size

      1.6MB

    • MD5

      1f27417b8d6b6d0ff87218013ad8a8fe

    • SHA1

      80e7b7990e4f7878d8fe15d08e188fa3d64d876f

    • SHA256

      09607495b5fe55ed656e677f45cca8c90faddd910d3f0595f15cb4885d887aa0

    • SHA512

      479957c6b08b513151ecb6bc8127f2fd4685bcc09a34250c426d871a79442d2a58473360a11ad113e58c6d19c8b3e258e432564eb128f896fb18512d67949460

    Score
    8/10
    upx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    behavioral29behavioral30

    • Target

      x32/eSm1_IUI.dll

    • Size

      936KB

    • MD5

      394623ad9d0002706c4244a680eeabe7

    • SHA1

      b788dbb8d2c32f23e3635f5087210049ad1e9293

    • SHA256

      ece24de3fbe9840d67cc316544c58a436f66f7009b4c814c394952341c4cf9da

    • SHA512

      2dffebe60331ac01307b21e4e6623e9c3e5d1e8de30de61e5ce7ccdca4ed865471e9773212c37bc488e319156190acdddcf1ff90be4639835ff96ff192f163cf

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v6

Tasks

static1

Score
N/A

behavioral1

evasiontrojan
Score
6/10

behavioral2

persistence
Score
6/10

behavioral3

Score
4/10

behavioral4

Score
4/10

behavioral5

Score
4/10

behavioral6

Score
4/10

behavioral7

Score
4/10

behavioral8

Score
4/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

upx
Score
8/10

behavioral12

upx
Score
8/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

upx
Score
8/10

behavioral16

upx
Score
8/10

behavioral17

upx
Score
8/10

behavioral18

upx
Score
8/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

upx
Score
8/10

behavioral22

upx
Score
8/10

behavioral23

upx
Score
8/10

behavioral24

upx
Score
8/10

behavioral25

upx
Score
8/10

behavioral26

upx
Score
8/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

upx
Score
8/10

behavioral30

upx
Score
8/10

behavioral31

Score
1/10

behavioral32

Score
1/10