83bd49bbd06a3852407eeff1c5defd7ff4a866de3b5c1cf22056eebf928fee6c

Sharing

Copy URL

Twitter E-mail

General

Target

malware pack.zip
Size

402.4MB
Sample

220903-1mwl6addfp
MD5

0c0620a01ea47cd768945be666446167
SHA1

1a63a8ce974b146a89de2e565b99c0b414fa0205
SHA256

83bd49bbd06a3852407eeff1c5defd7ff4a866de3b5c1cf22056eebf928fee6c
SHA512

927269c0bed9b3c9ea63a0461f9efe596e15c6f5a73092aa249e0635ae53f9791673d3b22c700f2f8c737190cd67179e64288439955a78c86e13843317ca37b4
SSDEEP

12582912:t5Y8l8mwFgOQVYkbSMwCQNCa/JGlWu/yUFB8zqyjU9L:t3l8NgOQV+M551a+B0U9L

Score

8^/10

Malware Config

Targets

- Target
  
  malware pack.zip
- Size
  
  402.4MB
- MD5
  
  0c0620a01ea47cd768945be666446167
- SHA1
  
  1a63a8ce974b146a89de2e565b99c0b414fa0205
- SHA256
  
  83bd49bbd06a3852407eeff1c5defd7ff4a866de3b5c1cf22056eebf928fee6c
- SHA512
  
  927269c0bed9b3c9ea63a0461f9efe596e15c6f5a73092aa249e0635ae53f9791673d3b22c700f2f8c737190cd67179e64288439955a78c86e13843317ca37b4
- SSDEEP
  
  12582912:t5Y8l8mwFgOQVYkbSMwCQNCa/JGlWu/yUFB8zqyjU9L:t3l8NgOQV+M551a+B0U9L
Score

1^/10
behavioral1 behavioral2
- Target
  
  Bonzi.zip
- Size
  
  49.8MB
- MD5
  
  65259c11e1ff8d040f9ec58524a47f02
- SHA1
  
  2d5a24f7cadd10140dd6d3dd0dc6d0f02c2d40fd
- SHA256
  
  755bd7f1fc6e93c3a69a1125dd74735895bdbac9b7cabad0506195a066bdde42
- SHA512
  
  37096eeb1ab0e11466c084a9ce78057e250f856b919cb9ef3920dad29b2bb2292daabbee15c64dc7bc2a48dd930a52a2fb9294943da2c1c3692863cec2bae03d
- SSDEEP
  
  1572864:JrXJmVPHHpgbw+ojykM3VO+4hG1peXyKRL2U:J1m5npwwRvgO3ipVAl
Score

1^/10
behavioral3 behavioral4
- Target
  
  BonziBuddy432.exe
- Size
  
  49.9MB
- MD5
  
  06d87d4c89c76cb1bcb2f5a5fc4097d1
- SHA1
  
  657248f78abfa9015b77c431f2fd8797481478fd
- SHA256
  
  f1e859d99072e35f20e172d8458e3ea1baf8ba86c8c9e311a0debcd2acd5d0fc
- SHA512
  
  12bcc681544bfc0cb5f1a3c2e5e3d475efdf5abb8bf0e18cb18f529a82d551f39e16de2d3f0664c2c2cbfab2bc4702e256b958acadca53424e6d8760b6f457f9
- SSDEEP
  
  1572864:HVGKQzdb8P3XxxOtGpBXFqRDjSghMDDqRDAtzq9:HVcdeXzOoP1OjfgDOo2
Score

8^/10

discovery persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral5 behavioral6
- Target
  
  FixWin.zip
- Size
  
  174KB
- MD5
  
  3d219daefb299daf47d96d73ab4c412d
- SHA1
  
  950e831b3ce26443cf644709bc709813ecec4868
- SHA256
  
  b352e76843532a04ec1b7ba86a075e62a1c33ef0a2c561034e05876863b547a8
- SHA512
  
  19dacb860f1e4951fa606bcd9b3b2fd25a1d27afcbc3fce00fc285a455e7f3edaee42526eb556897820fc3e7c940695b8b9ecae401b5391c9d7a2846e7e420f2
- SSDEEP
  
  3072:wTgXihXZ6dFoFqkJDer8IWHKkUDwXnlkH6ynYwojzEpST+UYtNV/28rbn6nf:SjQFE69I3z1onnN6zMp/7rWnf
Score

1^/10
behavioral7 behavioral8
- Target
  
  FixWin10.zip
- Size
  
  226KB
- MD5
  
  9700cd9770e7100952ed179e04a75de5
- SHA1
  
  74e3eeae870d5548aedfdc78938cf0e50e7904b5
- SHA256
  
  a89f6d9713ce8bffa380bad51e380b59c8e5c83ac86df9df7caed5112b51dc19
- SHA512
  
  e31e98f0e55378f7667a337b98c929034ef9b8adb9301822a25cafb1c7159923fde03080fbf44dbdb82b25a72ab1b52b932185fb1d8f4fe0ae7abce46407d90e
- SSDEEP
  
  6144:CC0Lqp9wS2Va/ajdQfj/dXr7fnVW5S6GO+xH7BIpQfj9xXrH0:CC0L8ujmb/dXr79z6x+xHqGb9xXrH0
Score

1^/10
behavioral9 behavioral10
- Target
  
  MyCleanPCInstall.exe
- Size
  
  9.0MB
- MD5
  
  b3806cf4a8ab2cad2e83780b732f773b
- SHA1
  
  7ac75b2fd54739d118e2dd7d9dc0218b81115424
- SHA256
  
  832dfa53011b38683fa21bcfea29f63309d28765d88200e8303340df72e9e78e
- SHA512
  
  33f05ba3a2f8b5370b37647322da06476ac4bfbdbb0ebd9c28c46749c3c8789d4d96f34c0e8b3c0082116d61497854987d821560263031486dd4b870af8567e5
- SSDEEP
  
  196608:q5RB2oBYx19v3eHwGqJRUiDVZx8wo1wzTOrI2Lic6Y29:q5g19pGqJRnp1nOrI2GBYa
Score

7^/10
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral11 behavioral12
- Target
  
  PAVSetup.exe
- Size
  
  81.3MB
- MD5
  
  521dad4d9da420989c8a5487c4c2691a
- SHA1
  
  4b2fb2a07d444ec8f84a8c9ab4da8d92c78eedd7
- SHA256
  
  d411d71ae66f71d6249d91e311aeccd4d211a0b63b58aab183994ce3d3274ec3
- SHA512
  
  9a837d0fa1b94079fff76d1f27941e91153154a70ac0b6ef1d2ea7d54a0bbec77b8c46071117b1919f2e03fe0db51497201eeb403d35cb0bcd72986845cf45d5
- SSDEEP
  
  1572864:RZBamWIu+Zj6Du2n0uoYCrU+4/GqEjxkVgGDQjP1YO2deXgyfEEtg/iGbxajigia:rBasTU0QGU+5jxDcQR6AXzsOGodixY
Score

1^/10
behavioral13 behavioral14
- Target
  
  PC_Cleaner.exe
- Size
  
  6.5MB
- MD5
  
  84326112ddead59fca719ef1d7d87685
- SHA1
  
  26ea6048695ce33b4ea6901f1f58937a9e50d5b3
- SHA256
  
  d073a0f9998570952bbd15f517aeb1246a0bec0b131efae97e6ac0d9604bc7b5
- SHA512
  
  5307f35b1effccc83acc7a5e91f2004582bbcd6c083d0844259a39dd9ff8b33180d73a17ed9a397ec5619f3bf81fcf164f13dd2e3b4031381be6a81d7616e8c6
- SSDEEP
  
  98304:LSii6sWKv6DfKjbNu7ZaI8RsSPgV4cswPuxXnLETiyh5LLvW+P7bQc5eKT:W6RKCjSbNY8RXgXsJLeLjN7bBF
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral15 behavioral16
- Target
  
  RegpairSetup.exe
- Size
  
  798KB
- MD5
  
  4e58be10ecffd8e18f960e2bae2ff22d
- SHA1
  
  f4c7aebd70f99f8cbbbe5faafb897c0be88e4bb3
- SHA256
  
  378eeb6198bca0c3b5a7b80cf08dc99d1688012665a123d0202afb4dcce74fce
- SHA512
  
  fcede024342976575ac8dbb22fbc33fa0e0956f7c88b837af4e50b5db18bf8d95ed33400d74cd69d787955e53bc6ad8cc95815bfbb7cd260d65244ad6ec5119a
- SSDEEP
  
  12288:Mv1Bv/ny2ysSkkY5nMzn+kX1Morl1B7GLrBijnnmmg/RCp8FTyWitgdBldLi0d03:8ny2yeZnkvXVNSLrurSRlTEW1kAmB
Score

7^/10
- Loads dropped DLL
- Drops file in System32 directory
behavioral17 behavioral18
- Target
  
  ReimageRepair.exe
- Size
  
  572KB
- MD5
  
  f5af9d859c9a031ab6bea66048fab6e1
- SHA1
  
  d0ee45d3534cc23cbd0d7c3765203ed926a7eb0a
- SHA256
  
  4efd1bc1bdc12da1bbdc597cf3f37f0c65e582f42e353cf781ac1fe422dfa68c
- SHA512
  
  c771c3e7ef88116168b9e3e0d0e4dbb2f2ad03dec0a87b9d3427faf7edb0a2510bb80dcb57b50fb6bcb9f683f23d876f35dc91a85006973bdb3fec41d51145a5
- SSDEEP
  
  12288:YEsvcQmY4ZHUDRHjYMCVdjQooYddMoAnUM22FT4i8BdK:Y30Q0HCFcXFRdyUKF
Score

8^/10

spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral19 behavioral20
- Target
  
  Restoro.exe
- Size
  
  910KB
- MD5
  
  149b7754e41e3330e87d3c303fece58c
- SHA1
  
  609f69f21af038a251698ca503ac0d1e3bf91693
- SHA256
  
  5d99408fc2f7bc85f2c4bc6dcd762008bfecd5c8dcaaacf9c9bdc2914ddd22b1
- SHA512
  
  80df1fb9d2dba8db036f1e27438fcacb72c56c28d9a354b7ed3c0d1ba21474ffe54298910531fafc17cede6676fb6b4e2bfa31f5cc15b3158954ed81ab90ad3c
- SSDEEP
  
  12288:SEiLxas2VYHhJfEj2YxSjzbzbJln4GIyFNj+GRwWxsseOxd:StxRBJMj2YxqnPn+GjiWxszOx
Score

8^/10

spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral21 behavioral22
- Target
  
  Setup_WinThruster_2021.exe
- Size
  
  5.5MB
- MD5
  
  d07ccea4f401887ff1106c08c42e8110
- SHA1
  
  79510087ee93e64cbbcb930ef6e61e620d619539
- SHA256
  
  a6936625e74d09e2118a9b0a475bf9391495f047f046f7b63cfc319adebbc25f
- SHA512
  
  96841848dafa59b9dc1f963c04550e72b2bb8a30818f90c639b2aff5978322b077c84bea0204b6027fc591f9914f9df8e5a4cac13e7059eba9795dc261b03e1a
- SSDEEP
  
  98304:DEU2EBrTRE1MVZeEEsAD6bm2DH0zjIQ1cMYo8C4EsgB:AsHRoMVENfgVMR8ztQ
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral23 behavioral24
- Target
  
  Windows_Repair_Toolbox.zip
- Size
  
  2.7MB
- MD5
  
  c262046f467d9759066721d6082e82bf
- SHA1
  
  74eeb9e373ca35a348f41e602fdafb57c8ed2c7e
- SHA256
  
  9edfe4010c49b414c2f138ed2440df57197e86b694933566e441a4c6ee0571ee
- SHA512
  
  c2a06ef64a5b2ac3fe326eb4523ad2d224bd10c0eb84fec11f1adb27e735425d93105db48bf30052e35832f85690d1b26e8c09ce6506d52b757bf3c9104d74f2
- SSDEEP
  
  49152:/HyqSqxjq42Ibz4HUA0Jhw2qcD/ITA4q6rLbXsMjySV9EHpTuZxoL:vyMW42IoHUA4hw+8E4l0MGSPEHhubw
Score

1^/10
behavioral25 behavioral26
- Target
  
  aso3setup_systweak-default.exe
- Size
  
  11.3MB
- MD5
  
  81e69de9c32bc382666b875dbd21494d
- SHA1
  
  dded9a9c15e91d498840e056aacd3d58d664b673
- SHA256
  
  86e1a1bbff3d733413310ceba0f12c63f14ea779ac8b0a5f44e611f4f29ee3bc
- SHA512
  
  01190d824907122c2b0b541545e93ae4ae864efdd3b7e66ab65a0062658d1779d320227b14ea5054ec8380b312bfc670c7f745365dbd27f74fc2b3a92698d006
- SSDEEP
  
  196608:7lENQnAeGNeqsF4h2Gnzx3t74XoXHvQdXvgg/LF0wuQpWrH1OWzO9/Lp3:YQAteqsF6v13SXoGv1/Zv/c0pD3
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral27 behavioral28
- Target
  
  christmasfireplace.zip
- Size
  
  931KB
- MD5
  
  22fee93a82653db35b8df993d746c94e
- SHA1
  
  8e0647c3f3c129ec2eccc934f94ff6c6cd8d268c
- SHA256
  
  dd9046dcc95c8b0210ef9f8ae6322e1dc36bcae6b8b3df7de911bd73d2c1595b
- SHA512
  
  1a10b1a0b86234ec6bce2d6c246ffabbb37ca803753c9d50072fabffc5bf212a94424546e2a70f68724536aedabe218835c83b3f01ad7977c54c5a7a0cc67144
- SSDEEP
  
  24576:GNlKjkKXSl3Qy3cbCMfbDg1ktztaIa/CMg:GtK+cb/Dg1ktRaIoCMg
Score

1^/10
behavioral29 behavioral30
- Target
  
  christmastaskbar.zip
- Size
  
  326KB
- MD5
  
  cd4c4de1d7a7de8284841be1c75364be
- SHA1
  
  18494c3c9d7b3d7094350de1c3c807d4be611d9c
- SHA256
  
  5610df0f6361687809b3cb43ed19f2b33cd1a1826c2b465f343f6aa571cfc03a
- SHA512
  
  2c538bf8141ff7588e263a30632a12fdd77182c0593952dd5ac7a0483da6f9b6072cf31f4e9fce50e628587185e4a7c959d34bbdb66cc136a8528af10af8c6ef
- SSDEEP
  
  6144:mXemuwjUTnzDidQDS5FGGPsPZKdUfVEMwqlG5kxpH:mT0zD72XJKZGsmMwqg+xR
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Modifies Installed Components in the registry

Checks computer location settings

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Drops file in System32 directory

Loads dropped DLL

Enumerates connected drives

Executes dropped EXE

Loads dropped DLL

Loads dropped DLL

Drops file in System32 directory

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32