cd756f948ca306e93e4fb6ccc404ee268896438dd9c66cf823bb1334f6c2a909

Sharing

Copy URL

Twitter E-mail

General

Target

cd756f948ca306e93e4fb6ccc404ee268896438dd9c66cf823bb1334f6c2a909
Size

6.9MB
Sample

221124-gkw1csch25
MD5

a0d29b66b857fa8f3a11ed1840c9b989
SHA1

6f0caa422dad3be0662e927a5042f34d3fb4f5d8
SHA256

cd756f948ca306e93e4fb6ccc404ee268896438dd9c66cf823bb1334f6c2a909
SHA512

d45a4ec0c142e591c2bafa1b2f003e054ce2983248843432697aa0206e18436342e56dd040ae05c6075cc6b80caf8a1d2042ca268abb60609d73a954e7349cd5
SSDEEP

196608:bgdT0FMrvI5+VCN7XhoYuUedn8Y68Yd8Y2X:bM0FMj8NjhoYnOUt2X

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  PowerDataRecovery/EULA.RTF
- Size
  
  5KB
- MD5
  
  f3b673d6841a62173e88424d5b30fcb9
- SHA1
  
  b99f54f690d1042fe2c3480ceaa72f5cd11dfaff
- SHA256
  
  1bb571d41c2c92f700e014649898b9c87c2d8ae0ed60d6d2966fb48744498f9e
- SHA512
  
  e771fa3336e169cd088bb1558a363bf65e0c7339a4067a23c3cb50a40c7ac7ee7e935342bfd5671becfae9be96afa0962c8ea099cf9253788d8144cbd1db7d84
- SSDEEP
  
  96:oVfRNl9gCs7biBEnGaDxJWL9cY6Nco93hQIbLlvUWKHZ4Hm2pqm/LH2:KfvkCs7JHWANf5PlvfKeHm8dj2
Score

4^/10
behavioral1 behavioral2
- Target
  
  PowerDataRecovery/GdiPlus.dll
- Size
  
  1.6MB
- MD5
  
  cdf5853178ed7f8d6623de8ec329a33c
- SHA1
  
  7bdc270d994982e22bce8d5b994bd6da185b4a86
- SHA256
  
  a18d814fcf6ed4ce37bad194bef77cc5e466c08b6467e82f0f4c518f4c84e50c
- SHA512
  
  ffcf8ddc0f1653c282753f22a95c8ae8c7bde25154da48d0b3ac22ea28079e4307fd82846e22dae69c4b8819e71eb45b9a412cbb756457283df40b29b0edaf38
- SSDEEP
  
  24576:9APRWt8eE7zOQTWaKi5lBoUWAP6qyVyiHfIeCtpy9lR3/8wHz5U1bo/e:qFhrLboUgqy3IeyulAsm
Score

3^/10
behavioral3 behavioral4
- Target
  
  PowerDataRecovery/Help/English/index.html
- Size
  
  9KB
- MD5
  
  a3bc739eb4f81fe1bf3b8b3f36b3078c
- SHA1
  
  1a74e89ad0cafd3bd2dd8f0c2428afe266bbf092
- SHA256
  
  e55bb0d793be454391182ea01ee4ac70a521d2c0e2923d8f08938a4c4fa4aabc
- SHA512
  
  65ca8856281adad7f8fd03cd4defeb85f73579c737bd3c006fa5a35cabfd431cd2d3c2ec491bd39f2caa01292b31c1fee98e0bba6c7d2b58b9628c489432ecef
- SSDEEP
  
  192:V+sQn7qTe0XcQn1Lv/kv35I2XJ6QducfY5Gv3cesucQlvDIWgMtGcZpjHgG24NCD:YbFiJv/4JIqtw3gNOd
Score

1^/10
behavioral5 behavioral6
- Target
  
  PowerDataRecovery/Power Data Recovery 7.0.exe
- Size
  
  6.3MB
- MD5
  
  fe58ab0c63d815dbfd496cacf4a0fe5d
- SHA1
  
  c7fdba5b13fe2f37ae45150a387107c4deaebda8
- SHA256
  
  b3601787b0b0becb17eb053d5fa1a7b31254eac3766c4ea1c15e9c8d23103d88
- SHA512
  
  7bbc83169a2cb8b5a3019a21071b94b5dd53863cac63b3b94f99b6b30a000d4f935f346ab542cb2b5a8fd2257d440f48f1cc2a537b70f883a6577ecffa557fc2
- SSDEEP
  
  98304:MhmFEaNmOHDqI4Ue1CNNRrZDK6KxkvtmkJuwLmBBRuqEYcRQ:MhmVmQHw1CDRrBmmu2ereQ
Score

8^/10

persistence
- Modifies Installed Components in the registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral7 behavioral8
- Target
  
  PowerDataRecovery/PowerDataRecovery.dll
- Size
  
  2.4MB
- MD5
  
  3682789364e25d7c675268e46cb6b240
- SHA1
  
  79c0f3bea50a6cf79e75f019202b570a4b87326b
- SHA256
  
  fed914f77788f456a56fa36a56943718232f583db5c638d44adbc5c967f64f87
- SHA512
  
  4f62268305875f7537096ae71cceead926b88db169cac861b14773f6b812c7470ae63a9fcb0c7ca8942da92f95dd4f1b6e48e5c4aa54152ff1d154c16c947849
- SSDEEP
  
  24576:6T5bOyLVcbeyFEWYgQZqRTqjOe9t++LgUSa3vIAKQYxYJK:OdOyB0eyFE4gqReMUSagYJK
Score

3^/10
behavioral10 behavioral9
- Target
  
  PowerDataRecovery/PowerDataRecovery.exe.bak
- Size
  
  2.4MB
- MD5
  
  fe1b4ae20ccd282d662931eceec941ba
- SHA1
  
  af1e00d87ad4a340fa5d361974d29f57ee26591e
- SHA256
  
  44b1ddbaad365dcd28357e0fc88c2e360d9a3f5a6d7010cd472afaf03777c3f2
- SHA512
  
  f9fe6bb714026e13c92fde2081262530463b381136f12f84b9b5d3f67d12c79b29c37b051d49e85520bf3dcc4b3bf5228874f7127bced59ab0b576b011601921
- SSDEEP
  
  24576:6T5bOyLVcbeyFEWYgQZqRTqjOe9t++LgUSa3vIAKQYxYJK:OdOyB0eyFE4gqReMUSagYJK
Score

3^/10
behavioral11 behavioral12
- Target
  
  PowerDataRecovery/PowerDataRecovery.exe.org
- Size
  
  2.4MB
- MD5
  
  75c9167496362084bae70235ce7754d3
- SHA1
  
  0a53eb7ef46d426349fa891073d85d6ef4bfe2f8
- SHA256
  
  3c8a421f2aa3f78062dc65d36442b254032190ff5593ff27105a34236b502a0e
- SHA512
  
  a3f484e120c2709428d15b10666025d436b5060c09b712f42a0e269815d302eaf0ad893a003c3ee00fbd9c834e2b65450edfc1bc64e2deb2f4a41c02890744aa
- SSDEEP
  
  24576:6T5bOyLVcbeyFEWYgQZqRTqjOe9t++LgUSa3vIAKQYxYJK:OdOyB0eyFE4gqReMUSagYJK
Score

3^/10
behavioral13 behavioral14
- Target
  
  PowerDataRecovery/RawObjects.api.bak
- Size
  
  124KB
- MD5
  
  4720dbf8f72380738f5ca0235ef4e0e0
- SHA1
  
  bbecb8793b71218a4dab269d1afa376e44aed8d5
- SHA256
  
  59614f6d30826255e0c2de2bd37157187d0b8bbcbc507e7458e669748f2ffd2f
- SHA512
  
  0c001456874e8d90f48b819d7939913476474a0c3c898fe42f500c6b007170dce232112765a1636301eb4f0e73f38fc17fc6c0f8aaeacd6e1e1e6f3ce8579701
- SSDEEP
  
  1536:N0UO3CAPkcjOOG50k7iv7DV2FPpHLRRjxYwl0VEdpdkUkV0XqIN85M5kMrTMl0y5:+yAPrOgv7DOhDjW0085WMrQl0yOBFny
Score

1^/10
behavioral15 behavioral16
- Target
  
  PowerDataRecovery/help.chm
- Size
  
  26KB
- MD5
  
  89606b6b19331e6f82a93abaa9a3cfa1
- SHA1
  
  9e31885fcb43a214eda0e995ec351809d44b506b
- SHA256
  
  b8e435051cab490f61b4714986147c6975e5681ed6cae48cfaa6dce7773c05e9
- SHA512
  
  08c51bb99784152de0c6cb043d9cfcbb756acd63d98b0ce8705489bdc362f51ef75118ef9190c393574bb0a6dfbd8453b6c1adc7fc0175f7b3b08fa0030d63c7
- SSDEEP
  
  384:QOjDWwuACw3pYqK6+9dlO4nCF7wbYe0GGOtnmO7L/adcHoCwl3:QOjDH3lKJ9C+CFc/0GGUmJdew5
Score

1^/10
behavioral17 behavioral18
- Target
  
  PowerDataRecovery/ɫ.url
- Size
  
  137B
- MD5
  
  560ba108040127e5c45e5d4e2aa4e333
- SHA1
  
  c151eaee65c6aa68cba9501d4624fca17f7cc630
- SHA256
  
  bf2a5ff8aff9a314320bda3ff66916b87ffc04ed73ba18a62f789190bd93bfef
- SHA512
  
  189a0e228b4826a9d89f0c65cba1db6dbe6a5916ff54298a3f4b678adcfd205f396804abcc1a7fa22c3459b2e1b4bfb7bddde05f9c8b86df5c7207b2885094cd
Score

1^/10
behavioral19 behavioral20

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Modifies Installed Components in the registry

Checks BIOS information in registry

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20