Overview

overview

8

Static

static

PowerISO/423Down.url

windows7-x64

6

PowerISO/423Down.url

windows10-2004-x64

6

PowerISO/A...mu.exe

windows7-x64

PowerISO/A...mu.exe

windows10-2004-x64

PowerISO/A...64.exe

windows7-x64

PowerISO/A...64.exe

windows10-2004-x64

PowerISO/A...64.dll

windows7-x64

3

PowerISO/A...64.dll

windows10-2004-x64

3

PowerISO/A...ll.dll

windows7-x64

3

PowerISO/A...ll.dll

windows10-2004-x64

3

PowerISO/A...SH.dll

windows7-x64

8

PowerISO/A...SH.dll

windows10-2004-x64

8

PowerISO/A...64.dll

windows7-x64

8

PowerISO/A...64.dll

windows10-2004-x64

8

PowerISO/A...VM.exe

windows7-x64

1

PowerISO/A...VM.exe

windows10-2004-x64

1

PowerISO/A...SO.exe

windows7-x64

8

PowerISO/A...SO.exe

windows10-2004-x64

8

PowerISO/A...64.dll

windows7-x64

3

PowerISO/A...64.dll

windows10-2004-x64

3

PowerISO/A...on.exe

windows7-x64

1

PowerISO/A...on.exe

windows10-2004-x64

1

PowerISO/A...nc.dll

windows7-x64

3

PowerISO/A...nc.dll

windows10-2004-x64

3

PowerISO/A...AC.dll

windows7-x64

3

PowerISO/A...AC.dll

windows10-2004-x64

3

PowerISO/A...is.dll

windows7-x64

3

PowerISO/A...is.dll

windows10-2004-x64

3

PowerISO/A...so.exe

windows7-x64

1

PowerISO/A...so.exe

windows10-2004-x64

1

PowerISO/A...64.exe

windows7-x64

1

PowerISO/A...64.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0058b4f69b0e6b9fc2eaca10a9bfb41e72e6cd72a827f8740fefde876194bade

  • Size

    3.5MB

  • Sample

    220908-cyx3csafbl

  • MD5

    74b90774a0caa6fcbf64b07b49282bb5

  • SHA1

    b6dcc5cd9b2723f3e0832508c90f902fbf6dc53e

  • SHA256

    0058b4f69b0e6b9fc2eaca10a9bfb41e72e6cd72a827f8740fefde876194bade

  • SHA512

    eccefe262b4602647a4359ef1696afdfe377d932ed4f279c5dc1481a8a9622fce3fa3c797a244af1f915fc5f3eb26ed9c80fb80fdce8b163af4dfba82cf03b98

  • SSDEEP

    98304:RzSYmyLDZiCrihiaTNuIhvy06Q/0P8X7FM4jpFVO:8YmyLDe5NuIhvZ6w0P4RFjpFU

Score
8/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      PowerISO/423Down.url

    • Size

      124B

    • MD5

      ed435a9479aa94f10cf2b2b4440a6e84

    • SHA1

      ef369779657e8991f91415e75bce1139cf2d5004

    • SHA256

      340f26a0f73228cf402fdd041f964fd1d40c18d5fe421c4824462f035066c9d5

    • SHA512

      0c3124f5b640378f18128e47c6be1e4f58bd4ac18827a3fd9e2702143f9d331152a2372c5bb2fef88e02515d3252f4ff2eb32d81a8e5da9b57bf7f69e725deb4

    Score
    6/10
    evasiontrojanpersistence
    behavioral1behavioral2

    • Target

      PowerISO/App/DefaultData/settings/scdemu.sys

    • Size

      121KB

    • MD5

      4b5579223186e2e1ab4a24b608fdc949

    • SHA1

      7836a870b946c26f718de2f6e27631286e27add8

    • SHA256

      c7b58da9fd4cf2f7f83f92b2e98437a2420150fec6e58c2bd84c82edd2da9a8e

    • SHA512

      410be06b5c17d44e83fba95a07d8c92f3ee318055adffe51bfa45bd61938c54e8f8f0f819b31133d3028d64b5d3b070ed49e2e4031054e825b0d73f1cff650f7

    • SSDEEP

      1536:Q/fgW0Hm+cHFyFv6or1StlDEgFCsd2kDXaPaSPi20jE8q5swDzAWyyighSr:iycHFyF9RStlDdtXoan2g8sEpOr

    Score
    1/10
    behavioral3behavioral4

    • Target

      PowerISO/App/DefaultData/settings/scdemu64.sys

    • Size

      135KB

    • MD5

      92eae8dec1f992db12aa23d9d55f264a

    • SHA1

      add6697b8c1c71980e391619e81e0bada05e38ee

    • SHA256

      d01a58e0a222e4d301b75ae80150d8cbc17f56b3f6458352d2c7c449be302eee

    • SHA512

      443a12a1a49e388725ee347e650297ba5268d655acd08e623ea988cde07ae08ae861620b600fb223358339eeab926fee1c8377386501310c68a3eb9515649441

    • SSDEEP

      3072:hl1VSgPra4TD5Yt2JVLuPIqEjOZN7mPARacgx:hl3DtYtm+Ij2aZ

    Score
    1/10
    behavioral5behavioral6

    • Target

      PowerISO/App/PowerISO64/7z-x64.dll

    • Size

      1.7MB

    • MD5

      bbf51226a8670475f283a2d57460d46c

    • SHA1

      6388883ced0ce14ede20c7798338673ff8d6204a

    • SHA256

      73578f14d50f747efa82527a503f1ad542f9db170e2901eddb54d6bce93fc00e

    • SHA512

      f68eb9c4ba0d923082107cff2f0e7f78e80be243b9d92cfab7298f59461fcca2c5c944d4577f161f11a2011c0958a3c32896eba4f0e89cd9f8aed97ab5bc74f9

    • SSDEEP

      24576:fznngr4eig/HxkaoDFITvg9iLXYgIcjWBzb139EOapmYp:fz64gxnoRGI9MXFrjWLNEOapmYp

    Score
    3/10
    behavioral7behavioral8

    • Target

      PowerISO/App/PowerISO64/MACDll.DLL

    • Size

      162KB

    • MD5

      ebc96e6a55cb41994f8c6cfc6b012ab5

    • SHA1

      c4ac1f5bbb523d9d9a69d9f66b66ea8e73eda413

    • SHA256

      d8434c7cf6eb19ae8efd63615f46a858dc4db681beb25e30ce4c5653d1405862

    • SHA512

      d0c7298f0d51400db45b626d2a089ae7f7c6636ff28399b7ace2e6033ef6165993e41de1c93963ac3bbf4120f614c2fd99856b97c6f15022773dca8932a75a2e

    • SSDEEP

      3072:nbI6YoDnmvrwuGhxAMOAKz/VsXowHswtLLxu:nZYoDnAG7CpDS4wMU

    Score
    3/10
    behavioral9behavioral10

    • Target

      PowerISO/App/PowerISO64/PWRISOSH.dll

    • Size

      359KB

    • MD5

      f613ba22f0592fcab89f186605768cef

    • SHA1

      e83c89948afd02ec5a524bede2128d8eeaeca6fc

    • SHA256

      fcd7d068a2087dc076e9efd65dc67821536038cc23f7a011cc4d4f1e2d53d7ef

    • SHA512

      34a2562aeade654be23ceb2210703f386fb21e4ca908d7a687996d89f32a70d491fc6db25967084f504789182616b5261b9b7742a43974ac4d6dc2cbb4dcc473

    • SSDEEP

      6144:DxPY7LpyxepKCIDiX6KztLkf2V1w/Rj1i+h1hqrvnEDAuErgGBTKCaX:DBY7Lpyx+KCIuXRzZkfm1wT1KnEDAuE+

    Score
    8/10
    persistence
    behavioral11behavioral12

    • Target

      PowerISO/App/PowerISO64/PWRISOSH64.dll

    • Size

      359KB

    • MD5

      f613ba22f0592fcab89f186605768cef

    • SHA1

      e83c89948afd02ec5a524bede2128d8eeaeca6fc

    • SHA256

      fcd7d068a2087dc076e9efd65dc67821536038cc23f7a011cc4d4f1e2d53d7ef

    • SHA512

      34a2562aeade654be23ceb2210703f386fb21e4ca908d7a687996d89f32a70d491fc6db25967084f504789182616b5261b9b7742a43974ac4d6dc2cbb4dcc473

    • SSDEEP

      6144:DxPY7LpyxepKCIDiX6KztLkf2V1w/Rj1i+h1hqrvnEDAuErgGBTKCaX:DBY7Lpyx+KCIuXRzZkfm1wT1KnEDAuE+

    Score
    8/10
    persistence
    behavioral13behavioral14

    • Target

      PowerISO/App/PowerISO64/PWRISOVM.exe

    • Size

      450KB

    • MD5

      ae03e0635b05879b5d225f320a151c64

    • SHA1

      46583ec46c00eac5fa3202d7c3c318c99afbe9fd

    • SHA256

      0e6ab5c695f0cb3970b48747841139722de9c2d34c9da9e7b71ca31ed45995b3

    • SHA512

      5b8858b070d8656430c29453eeea38800866aa1059d32aa1ce2d5155b046d9a39a35abafcff7b78875b628e9cf054722f3d983ca11bf9ab3289c944b36be5663

    • SSDEEP

      6144:Bnit9sBtuk3FzyYs/OeuhaufIv0U6T9HpRTwugGSxgJvnEDAuEO1jU:Bnit9sBIk1zLs/I7aOBJtKtonEDAuEd

    Score
    1/10
    behavioral15behavioral16

    • Target

      PowerISO/App/PowerISO64/PowerISO.exe

    • Size

      5.6MB

    • MD5

      e5467c287a8069d4578e3c347651e0d6

    • SHA1

      511c851fa0a33c8962a830009039480bdfa6b4cb

    • SHA256

      08e57791b9710e03a5ff6288eb00ee56a60162893f7450c57e5f49a4a755006e

    • SHA512

      24db02bbf5134e63aa4c9254e2d7d306f7d19ee4841c5eff37ddbfb7b9068f24296abc9318827d89c46494fbe51337d049841bc68137e1524ede79a9571d6020

    • SSDEEP

      98304:pQcUZEk7c36et3o4h/lbNqh8PYlfeRI4i/hYdPqReHb5Hi9gB:pQDZR7ot3o4h9bNY8PDtdP2e7f

    Score
    8/10
    persistence

    • Registers COM server for autorun

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral17behavioral18

    • Target

      PowerISO/App/PowerISO64/UnRAR64.dll

    • Size

      327KB

    • MD5

      cbc0cb091c34f46774b38971ffaadc30

    • SHA1

      31a0e2c69233f741154c77f0449021f264d2c679

    • SHA256

      d98d274733eabc6a7e425c6549c6b28fc61e850a0ac5f3c103b2d3efdb99b019

    • SHA512

      faab994b48c42bdd4d2d3425aa6ec448520d91c43279ebf36d3e386261c7223d0ca20f77009fde12ee2a9c65e7e4e587292e9d58ce9c278b68c65a7ee92194bc

    • SSDEEP

      6144:+8LjvC0vI441XRf9++UtIwOUVg4YTle7QwDAKPBFoaIO7H:+CK0vIDl+JawyTlpCPbs2

    Score
    3/10
    behavioral19behavioral20

    • Target

      PowerISO/App/PowerISO64/devcon.exe

    • Size

      69KB

    • MD5

      9d199564b65a91a531b23844649459e9

    • SHA1

      8d84359ced1c51d14e70cb5ed36a6083c8b914cf

    • SHA256

      8dc2490d1d650e3ffbf70922b81ae9800ddd29a644e4d7d29e9616e22a7d0f42

    • SHA512

      ae522945d3ddcd7c2d99da14ba62d556928b7e6dfcb07114f13481777878a8ffa448170cebbf76da80d9ae45d0e3a509b0f2a7bd702773c1efcaca26496010d1

    • SSDEEP

      768:Ubrbmi0iAETVvlXjkQnr65WTHBAtgYSofgevxHs4gZWk:ab70GdXoQr65WDBAtgYSoflxHeW

    Score
    1/10
    behavioral21behavioral22

    • Target

      PowerISO/App/PowerISO64/lame_enc.dll

    • Size

      369KB

    • MD5

      3ddbe1ba218722dff684f83d86299807

    • SHA1

      267b1f9829e9c2a508a9dd564a9dde6d373123f0

    • SHA256

      89d12c8147b36344647d4ffd109ff8d237d9c0c88194048f842ca97a3b079c97

    • SHA512

      e415d7ebc5a00e8ee4d4a7b8294924aab8eaa3cda3d0ad46d8546494a5965e28d1dfe5710c1cb0d5c3a9f5b9c1b60243227217d71ea49187077492746632cbf3

    • SSDEEP

      6144:8cUdD9kke1LoEpkqNdnDRjX0cBPkd3zujZx7Y3eg8gAoeR1DOWtoUqoTE6LEU4Gi:8cUdD9kkKJpdnDRjX0cBPkd3zujZlY3/

    Score
    3/10
    behavioral23behavioral24

    • Target

      PowerISO/App/PowerISO64/libFLAC.DLL

    • Size

      236KB

    • MD5

      50d9d7cce1ed3422b9a2d972127ac890

    • SHA1

      226f83bfd0ee358840edcf0402ddbae540bb1652

    • SHA256

      fe71ca9e8ccfb7d63e2741ae090bfd9539830022912d1121b5e83caefc2042d9

    • SHA512

      a8fdb1efba72d16a343299a72ac5764f5240b1753f0480afbc1d1a0b235965c29d99e34ad8c43249a416efa52ce09d8126ef1d21065ee3e30b39feaf914a7b4d

    • SSDEEP

      6144:4SEfFLc0EMt9Rs9zTw3Apib2b+u97iFsOGB2gJXFwy:4SYzM9QArb+u9eta3F

    Score
    3/10
    behavioral25behavioral26

    • Target

      PowerISO/App/PowerISO64/libvorbis.DLL

    • Size

      1.7MB

    • MD5

      96a8188be8ea41b623d10fda3e2f2cdb

    • SHA1

      776b5ccf84e323e7f77182b08104780479f42cd4

    • SHA256

      841a000c104c5acbc8c5f10c2a3f72e9f8983b138e46543247d371fc821985f0

    • SHA512

      95fe1c8b8b02bb91410a9d1f9168431e0fce66dee4c3ae65b8df6cdf778db3cb8e3a47762c0f17498d89e6ecff27d876cade9540f025ec352d30a6c2968954b8

    • SSDEEP

      6144:lv0FhLxjyfx+yNFbp4RJdnrzVPdGZR032sQO:lcFhdax+yNFbSJdrRkY9T

    Score
    3/10
    behavioral27behavioral28

    • Target

      PowerISO/App/PowerISO64/piso.exe

    • Size

      19KB

    • MD5

      9360b0fd9463c76cba81354c326175c5

    • SHA1

      7027b3a3db85a25a691903fc53db326304ca6ec8

    • SHA256

      1afd8476e416214600debd419d35ac3674b2d9010daae580ed5052c4b7b0b3d4

    • SHA512

      3da6870320c7052e383fc92a5c5277e3976dcbf48f1d22abbae62fee0d9d2219b4cfa75f4808d9a4eee842d1b5da9dc8c06836e78bf240972d5b28daa77f49c2

    • SSDEEP

      384:SXhgKsW4z7VCI8JN77hh++Vql8JN77hhTW:GWK2z7V+3hA+VqC3hJW

    Score
    1/10
    behavioral29behavioral30

    • Target

      PowerISO/App/PowerISO64/setup64.exe

    • Size

      18KB

    • MD5

      4c9eb5568fd494e017b33c5fcfd6854b

    • SHA1

      093c4736562891d71d6306e60ee9ef863489ad08

    • SHA256

      9f495d21c18e48367e08c216eee792390d02c216075eaa77cc156c5c00f5e3ca

    • SHA512

      b6ae697fbf59661b7ceb800a7c95b3ab132ad90fac7463ab2497f7223055e4f3442b176bddd5fcc7da4e2ed656c7793b872208e707b1d2b37aead5b4ddf1f7db

    • SSDEEP

      384:KTwBHiBYcYV7hV5uq8JN77hhYWVz8JN77hhmcR:6oHiBYcYBhV5U3hSWVo3h4cR

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v6

Tasks

static1

Score
N/A

behavioral1

evasiontrojan
Score
6/10

behavioral2

persistence
Score
6/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

persistence
Score
8/10

behavioral12

persistence
Score
8/10

behavioral13

persistence
Score
8/10

behavioral14

persistence
Score
8/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

persistence
Score
8/10

behavioral18

persistence
Score
8/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10