Overview

overview

8

Static

static

SMBHelperClass.dll

windows7-x64

1

SMBHelperClass.dll

windows10-2004-x64

1

SmiEngine.dll

windows7-x64

1

SmiEngine.dll

windows10-2004-x64

8

SndVol.exe

windows7-x64

SndVol.exe

windows10-2004-x64

1

SndVolSSO.dll

windows7-x64

1

SndVolSSO.dll

windows10-2004-x64

1

SnippingTool.exe

windows7-x64

SnippingTool.exe

windows10-2004-x64

1

shutdownux.dll

windows7-x64

1

shutdownux.dll

windows10-2004-x64

1

shwebsvc.dll

windows7-x64

1

shwebsvc.dll

windows10-2004-x64

1

signdrv.dll

windows7-x64

1

signdrv.dll

windows10-2004-x64

1

simauth.dll

windows7-x64

1

simauth.dll

windows10-2004-x64

3

simcfg.dll

windows7-x64

1

simcfg.dll

windows10-2004-x64

3

simpdata.dll

windows7-x64

1

simpdata.dll

windows10-2004-x64

1

slc.dll

windows7-x64

1

slc.dll

windows10-2004-x64

3

smbwmiv2.dll

windows7-x64

1

smbwmiv2.dll

windows10-2004-x64

1

smphost.dll

windows7-x64

1

smphost.dll

windows10-2004-x64

1

smss.exe

windows7-x64

smss.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2088e41b0a15b59a613a35efe70ba73cf498a8e11fced9d332d9537d51743ac8

  • Size

    1.7MB

  • Sample

    220915-grc6tscaf5

  • MD5

    8985fcfb2f0a95c5fdeafd5d87f2b271

  • SHA1

    3f183e02ba0bb841d8878d035bc4f2cd2b840476

  • SHA256

    2088e41b0a15b59a613a35efe70ba73cf498a8e11fced9d332d9537d51743ac8

  • SHA512

    755f50b7d7ae07e71de9fb22a5ae2f54dd31e50ee2b37a9caf52edee3cabb866c0efe68a35c1725b3847a6244cb7600b5530a0b1723af4722cce2995791dea92

  • SSDEEP

    49152:rUaS9uGFV8nlak++PLrZqG9n0QAFioatK3/OefR/wUv:rUZ9VF5h+PLrZqG90JioVGlC

Score
8/10
persistence

Malware Config

Targets

    • Target

      SMBHelperClass.dll

    • Size

      111KB

    • MD5

      ba643404bf62d337b285f6fed4274920

    • SHA1

      69d2ece3e0cafb839a2d8a43e40e7aa8aef8521a

    • SHA256

      c9af59fd4b628090c2ea0a13dc4c1d4c9da9376f5c23d918c2f968458f45878b

    • SHA512

      3496a48eb2caf9cf1c0293f2b2ee6d89fdc5eb162d5b943fce235b69ab20294b3e82911c3dc0827199dcae26bdccf1636e22da5fbd4f3bd702e93cf5a6fb433d

    • SSDEEP

      1536:p9f3o4bHB3IiioORhOhfnq4qISOHKVdZ+xXoDB93/SgBZnKI9Of2WvXAEM:p9Po4dIiOh2nb5HKPElM3//7nZd8AR

    Score
    1/10
    behavioral1behavioral2

    • Target

      SmiEngine.dll

    • Size

      838KB

    • MD5

      69ed55c744a56399f484d9839e0d32ec

    • SHA1

      26f406046c1aa053c7e8722b393552e8fec2ad3a

    • SHA256

      a4198ebdd59f7289878db4022914b6fc6c240d416b6f72028a8b6ee7e6be224a

    • SHA512

      2f8ab7daeead979fe8abe085d92ced4d7f878c567a414e9a27fccce5d10d719dfdbe031a72831e1571a431325b69875100865caa864b849a0ec8873a3b15a810

    • SSDEEP

      24576:qRru/5pzpV1VJJgDMMTEE37a111vjkAzJ85VK:XHvJQR3m9YAzK5VK

    Score
    8/10
    persistence
    behavioral3behavioral4

    • Target

      SndVol.exe

    • Size

      256KB

    • MD5

      0d8208f039702f6d7fea2fc002836408

    • SHA1

      b3e64e264c4c0d69be7817d9b9f9e73ab67d0c93

    • SHA256

      496feebc8bece33f0d6b5f11b7d03a6a7826ea3d72ac253fbc528c5c3aee72ff

    • SHA512

      cc5718701ffb6bd48a34f86f8261af2b2a4d0ce64e9935d632430ed2019dff5a2742c5e2ea5651921bb1a7be311c9a10247365d358b2761684532a006e2c967e

    • SSDEEP

      3072:GnKtvVY2qCA4eXt+e0k95N4HfRyqPAP/PKiAcLfJ9sBjbEyB7HbIHP/:GnKYCA5XEed5N4HfRVjcrJ9fy103

    Score
    1/10
    behavioral5behavioral6

    • Target

      SndVolSSO.dll

    • Size

      804KB

    • MD5

      994f0ac771d118a9d087201d8c02c4f8

    • SHA1

      fde86ecfc9bffa8401b9622d1afd4b4a12942f12

    • SHA256

      e0d571fa2511d72542bd76c8673396ea95905ccd85b5990a6086dccecb44132a

    • SHA512

      0ba7b23474f3226f9f1f0eb108caec598013f5d75ced12583c828c4d32569748b13320d14e2b5cd3085a7e452d0e6922fbf4e8c34d6be6d47c19a5759898b4f4

    • SSDEEP

      6144:/Y1OB4ajzkqRXE1vCAQT7RfJxRxZdoDzX+SQTnI3MSwopyXU:gcBhjpRU1XQnRfJ3bdoDiKDh8k

    Score
    1/10
    behavioral7behavioral8

    • Target

      SnippingTool.exe

    • Size

      3.2MB

    • MD5

      b7b2f164769c738d5cb30a418eeae8b2

    • SHA1

      7af2e12d6d0283886f90f22d3ac7d8a9677ce0a9

    • SHA256

      9f769e52ac15ae1d0b6a3da293f612ac24303882b1d49ef7a5105ed1b24210d3

    • SHA512

      24921344e215e1bc197cfe8bd0e163a295cb000a6d5ec03c67cd261aac436a7e200cfda9b4d55e6dd95e3dc3efeebe17a3a87cc8556e8d714d7c2823631c7f8a

    • SSDEEP

      98304:MYFlxL4TsqaA2SRmXUrymuXB2rmaOOaCa2PKCZZNRwtPV3Oy:MYFvDqaA2SRmXUrymuXB2rmaOOaCa2Po

    Score
    1/10
    behavioral9behavioral10

    • Target

      shutdownux.dll

    • Size

      270KB

    • MD5

      edbec7f92f36c1ae9f9764ccdf794ba7

    • SHA1

      cb925ccb6cc247534696148b1c6a0a67a2f0d431

    • SHA256

      8796f3fb9a2b1a3c1d37753c6fcab31fdbbaedf9a568bed58cf6485543ceaf37

    • SHA512

      89aa8cb27c5a0ae3fb8ae3fcc48ac75e156688fe96213c44b5cbb73cb51262bec4e399af6915ba5f8276776e2fa7ec3e21f9e85d3e15dd144046016b7e9483e6

    • SSDEEP

      3072:S8jGapnJF25zTTBrSyc+QDk/GLbnclDIiJNYUtEP:SCGap8TBrSvWcAlDI9

    Score
    1/10
    behavioral11behavioral12

    • Target

      shwebsvc.dll

    • Size

      444KB

    • MD5

      70798015858dfc9f449ffad3b091305d

    • SHA1

      0d30cb6a94671c14d95dd85ffadeff4af1b4081a

    • SHA256

      5121a69ccb55c21a9e5c96982f7254f216a742ee701d2ffefd9eee11d4d20ac0

    • SHA512

      c095338a24f0a2f072f3a0a5f81b3eaf598cf3030ce1d790cc69a071dd7f2f790ba52aaf4de34b18c024816fb9f518c47a7c2f2931980aade5e7b869fa5f9b0d

    • SSDEEP

      12288:Il1n9oxae1vn3RqntPbcTTn7qxerx7wQ:I7e/hitPbcHn7q1

    Score
    1/10
    behavioral13behavioral14

    • Target

      signdrv.dll

    • Size

      51KB

    • MD5

      20f0cb9b5bca72044e35892f657176db

    • SHA1

      03d91730093b1104f65831c16ae2facf80dcf2db

    • SHA256

      92f77f0ec2bf759f4308bdef1a298adea7d4105c334e3518a7266b4d1d5e1ff0

    • SHA512

      2ad6b3f023836ff3c3f4ee198266a2269aa0d339ecb38866e70148f2c3e35d020f37bba87198d5cc7eda8f872487ff8a170a9cb8a999c90dbca223acaf5c2e27

    • SSDEEP

      768:4xWcDy7ISsDRKqOoeLyI2hNhcSZOjdWy:+xyMxeeI2hNhcSZOjdW

    Score
    1/10
    behavioral15behavioral16

    • Target

      simauth.dll

    • Size

      154KB

    • MD5

      563d719eecedbb698e62453e0c99d051

    • SHA1

      52c62efb9e39747dac1b790c9bc3f1a18a2efae6

    • SHA256

      8fc11564d5558c6101673aa73b2c0b76ec2612016a14f65beeb6f04b998752f6

    • SHA512

      81eb7cb7492562554910a80e2aaa839e57f9de4eef9e35ed7c39b61191ba0901243bb62b782dc2ce08b0f1e2805ff8cdb2c1928bb0c5af9c5434069f81a4d3c9

    • SSDEEP

      3072:qGf4nANWxrdUKQEvERl9+NPkw50k+JFFMboQGC4v:rf4nANWxrdbQjANDik2QZ4

    Score
    3/10
    behavioral17behavioral18

    • Target

      simcfg.dll

    • Size

      101KB

    • MD5

      3fa68aaedba62eba0deab21abbc677a6

    • SHA1

      e281856f19491100abf0a900b6f606ed0739598e

    • SHA256

      5974dc459eca68cef4e0ded981a3aeb43228a88590a0b1ccdcd9dd46a72ee9bc

    • SHA512

      13594b5d1811579cf9fa0ec22887fe6125bd192ee08fc6ec2c8fd9bbd4b89e293517ee68e7790398e1e397fc3a594b800e558ee04d761d8b5ae1cbd37cad5691

    • SSDEEP

      1536:cto/JwELRDs9xfsZd8P7RZS6QPR7Vtd+np9VbxNE:go/JwEte1I8P7RZS7RJ3+np9V9NE

    Score
    3/10
    behavioral19behavioral20

    • Target

      simpdata.tlb

    • Size

      8KB

    • MD5

      b9b27f981b4eb4e5d01e0045cb101b44

    • SHA1

      c09a506c70f7f9ac56b0c0ec10107ca38ead293e

    • SHA256

      906bfd5e4131157169cec623669e7bf372cd8577f5f06c5b28205c8ce95c4ef1

    • SHA512

      a0ede722c7291b3d5ec8402b7370d67b6088c58ab96173117f72de4da769bf5f75254377fdd02bff88c3aad555aa7ed9a10e248a953c4b54a48535fec3b7732f

    • SSDEEP

      96:4mEWMwIWw3s/QLrJAAF3YFfWu82oIDNSGgMAhpIP2uiE6tlfF+666:4bWDIWlYd1rN2oWSGZAhpIPhitlA666

    Score
    1/10
    behavioral21behavioral22

    • Target

      slc.dll

    • Size

      141KB

    • MD5

      73ecfc63d23d8a07a982dda099209605

    • SHA1

      d940f3a47b92cc85c492744d68ed073398e2fedd

    • SHA256

      6a8912751ee3e032860ac5f0726c9e8d1e10dee00e63decc5f2d0c342fbcb911

    • SHA512

      19ccc9d36aa896b2a94191bcd0bf3d42a7350f2b070fae5f3384f25eb5d60267ce90e0027b93cb77b8dc4beffe26d1d5c91a7f932d26dbff6065d5d2c3f5e81c

    • SSDEEP

      3072:INnsvhaoK98e+i0XYYWJJponVungDdxACFFZWZ8oTc:INn84ytiMxWJJpoVcWRFZWZ8oT

    Score
    3/10
    behavioral23behavioral24

    • Target

      smbwmiv2.dll

    • Size

      220KB

    • MD5

      422bacf6e9c6a752089ccd48c01da0d0

    • SHA1

      5a9f992c12503331bf27a04531e1a7ae277559bc

    • SHA256

      f1759adceae10454781f43b9606bfb8ef4b2f3cf5a5e57ae93b983c9f7fa1f0b

    • SHA512

      f4a774eb38d592f6eef47a0b1ad18f72d7b599e2a3fd003f4d7432ced9bad8ce756135e38bd370346bef394c26b3f5af2983eef6f924aba0b18628c97fa4ad0d

    • SSDEEP

      3072:ezesZoQF4otk0bXupKUjfoebffSGzVnWVR5j40WtCLnBZ:1sZoQF4Ok0bo01WtCLB

    Score
    1/10
    behavioral25behavioral26

    • Target

      smphost.dll

    • Size

      23KB

    • MD5

      03fb4a01cd3ab73164fd9ef2d80171b5

    • SHA1

      3ff1c0769cd4b4ad9c31f2d83f7fd4b9028d0af2

    • SHA256

      ac4c29c2b819b5adb6457e32022e2ce18640e7f3f3952600349539cee1e41fc6

    • SHA512

      72078f36fcd5dfdd9714676a62b879f031ebbc6a715e7288d1125172d2c6e1ddbc9165a43f7ff204abea59bde1ae3a89601d943722706987ce8b0017fc49b3ec

    • SSDEEP

      384:5pNdwCWOSTxl2utsJio8OAIsL/B4tX/v8jJtWGXW8xjiYTOWETgOReF:3WvTxl2uqJpo/B4F8jJL5xjLTL

    Score
    1/10
    behavioral27behavioral28

    • Target

      smss.exe

    • Size

      143KB

    • MD5

      03ce2ba7d96391aea2bfd935d243260f

    • SHA1

      d258d64dd6220ed4515996734e1c73ac8eae692d

    • SHA256

      7aa02ac1227e1c9817340ed06cb50caf3f93be476bc9d475a6b3a6f80b6743be

    • SHA512

      4f049c0484f32588f20c5025e39c4e5b0c5606744bcc4b045636b95fae2e1a41bdbb6744effbddea7bbad9407064a46973e5aa00e97f4e0634e9eadddb6bff91

    • SSDEEP

      1536:rd2mCysazs0MIL6F9SiIMeNrX3ammHE13y2yj+2xcmeE+jbCw24+28m2QWOVx54b:0mCvXOhnammHE13Hyjrc+gJxgHbSUwg

    Score
    1/10
    behavioral29behavioral30

MITRE ATT&CK Enterprise v6

Tasks