71213be1116e5ace654ee4071e3f2c83e0a39fd0efe0246b1659b9520f31f2b6

Sharing

Copy URL

Twitter E-mail

General

Target

71213be1116e5ace654ee4071e3f2c83e0a39fd0efe0246b1659b9520f31f2b6
Size

3.6MB
Sample

221124-jcjq6sgh89
MD5

9a813e78f750ac22e360bca3e84c0236
SHA1

6a87b502ec26933bea4cedeb94649ac3593a474c
SHA256

71213be1116e5ace654ee4071e3f2c83e0a39fd0efe0246b1659b9520f31f2b6
SHA512

1b5a32bc5d664770c7c19acf7b04d3cf7398379542d0b14e8bfbf6ec1bab3c6c2d9ebc2680fc840506311eb83b4b84e16bc2d8fb10c9792dabc29c798d68ba47
SSDEEP

98304:5tdyI6HCKoBNx3BzseUjOdSoATWSEPqzopAJf6tfohUz:5vyIrJvx3B4x9usW+o

Score

9^/10

Malware Config

Targets

- Target
  
  hyword/hyword/ChTTS.dll
- Size
  
  222KB
- MD5
  
  19761f18f48152e5f5db2f53fa064ced
- SHA1
  
  c1e168085f0eb11e8e97d02979dc50c146b438a7
- SHA256
  
  af3d024c235a366f9822e6aa7f702dd209afad33446e9a8c43baf1cd2e968728
- SHA512
  
  a4f4acbab0c26dcfcb9ee92acda1aade1a186548385268c3c7fa21c57e3432256731f3de37514fb9eb9677b8cd831e7810c18a79cd19f23f658d81999cdab17d
- SSDEEP
  
  3072:yVnQGzJLcNiXPEW3GehfTR9DtboUVw0Ah42RPB6RM26cclnP4H80av1KWah8/I:yVnQ+xyiXmO/Z4PhFBzcOnwHAKWae/I
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  hyword/hyword/CnSpeech.msi
- Size
  
  1.6MB
- MD5
  
  bdcbbeb3efacd00588e4985f6130ca0c
- SHA1
  
  633b3f2d0c8ec31ff330782b412f5ca8afe74e07
- SHA256
  
  815b26efd13b2b384417bc2168aef628811bf67fe8da3a9e42801e70858ca707
- SHA512
  
  a03075f35e8026778715e0c912ec6993b30f92232bdac0064cfcc09dab4e10de33588f903ccfbfe83f2a52d8ec4a9fd1a964e2535fd2f29fa8b40436434bd48a
- SSDEEP
  
  49152:a5R8C1SG/DBJwvV7UOgqN8IjutqmBnXhDtVU:S8CQUcgqNvjutDO
Score

8^/10

persistence
- Registers COM server for autorun
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral3 behavioral4
- Target
  
  hyword/hyword/Unchm.dll
- Size
  
  36KB
- MD5
  
  bb8565f043c60bcaa71bd8b95ec968aa
- SHA1
  
  4facdd77ffd42eb44012d6c523d56a1a42c18836
- SHA256
  
  53669b9bf0ab1e61b55da0bbe3861fcde0d627573cb49cec0a7dae55bccf86a5
- SHA512
  
  77f8c1ad2036f0e26d07c00f726198a7a7364d7f23d19ff0e8d077e8b9a4b036d2bd3a2409a738add6c1170a5ac099ce80495c824a99f2794ee9cfd79d00d029
- SSDEEP
  
  384:kqwzSVTj+mSJYZSFTA26vFUiTaZV5QXRmljQy9ccOiNu97+cXoUgKdHnvocH:vSmm6SFTLsxTan50sTNkloUg9
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral5 behavioral6
- Target
  
  hyword/hyword/VB6CHS.DLL
- Size
  
  99KB
- MD5
  
  7c91e893f9105b184468ac06350371d5
- SHA1
  
  740e5bf871770ae410075642178e0b4119ba94d3
- SHA256
  
  6f9738fb65e5e2200654061d7f07fdf10db846a03380f7f4d4089ff6ca8c023c
- SHA512
  
  f524013994c26631644307456815aab05b8955ded8684d319f73de44841604fcc3d1401cef08a8491fdff8260ec0c2d966f1777e150fe67403250cf408b78968
- SSDEEP
  
  768:czwpM20Zf2IKP85CUdtzuJRkfYzvL3IW:czIE2BP857d5TYz
Score

1^/10
behavioral7 behavioral8
- Target
  
  hyword/hyword/appface.dll
- Size
  
  221KB
- MD5
  
  85fd621e45ae0f53f599acbc2c98e899
- SHA1
  
  8b7d4e55c4cbac286443c2b16aa4b80dc9bf27f6
- SHA256
  
  200a0ebca9281e7398ffbe111dad879b603ce9dfdd8dd6f61b05e417f1657ef4
- SHA512
  
  977b11fa6b159745c1f35c88a23488457a3947066e4531399bf7518eabf7ff674c527cdfd7fd981be239737d19ee5754a116eaf2a974a9fc426056d23a303988
- SSDEEP
  
  6144:82nPRMAdo6BDWmP3LM/I51LY/LM28crEEzRbN:8EZMAHB6mP72I5FSLz8crE+B
Score

1^/10
behavioral10 behavioral9
- Target
  
  hyword/hyword/cjcalc.exe
- Size
  
  33KB
- MD5
  
  aa4f037b16184781f93c8cca43e3a576
- SHA1
  
  8ba8a8c5ac735818a5961c1eebd3240b19777cac
- SHA256
  
  33f99fc481581bea46c25695d14f5da565776328b027f69286ab5256b0450241
- SHA512
  
  95cef5209fa053ecbd5cf04c04be324130b07b3a5a4d06568d20f0c8daf53580c5746a9252b8fc5f22f0b81ca834a9c5fdadff211fe5f3e39990372df6533126
- SSDEEP
  
  768:nBnM2Xxy1JPI6Kfwe06MD2Gksruxuha5q:n+nI6Pepy73
Score

1^/10
behavioral11 behavioral12
- Target
  
  hyword/hyword/hycalc.exe
- Size
  
  26KB
- MD5
  
  0710f2c3357a6f49f7e172f8e52d5979
- SHA1
  
  c9ff9afbc09457fa69de90340a5fd9b7aa091d74
- SHA256
  
  89c4c14ec5bc9b48db546308b1b2359eec0f45c7bf802868a1138f84d6eacc89
- SHA512
  
  a769e67bf37133d6eebfa55c900b8468936b81e918e0eea11badf81b797194fc1fb402a77ecd66725340bcc10566a62cc23da2684141f4862623ca0167ee92c2
- SSDEEP
  
  384:myFgGragH/lD4zCyamzZk7hwKNbHh8MUUAxPr6+e9Pfqbn1k5m1N:a0HND4zCyamdk1dHKMUnxeha5km
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral13 behavioral14
- Target
  
  hyword/hyword/hyinput.exe
- Size
  
  76KB
- MD5
  
  d017597920e6db7e9e31296a8f654ed2
- SHA1
  
  9250c0aa7ee5da68a72f529da2455fdbb7874b80
- SHA256
  
  05ff92e5422b5a150bd254a8e9a917e0503ec11ca3219cff7f4c4c982f8e918b
- SHA512
  
  c3ef62e1e68ba00955f1e5de9828fd00dde332e0946d598cbd8ae6a31854bd78f79cb5a6395d4653e3d50652d2171319e10b643741d27edc77fd6bda3edf644b
- SSDEEP
  
  1536:oJNVrI2W3Oh4dDgFpTS+oD6LZlglddasJEZOC8TOPO5lp0Ustkznh489AaJEGV:oG2AOh3F1po8Tyd1JRC8QGltstEy8Oat
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral15 behavioral16
- Target
  
  hyword/hyword/hytalk.chm
- Size
  
  712KB
- MD5
  
  27c1af48ea00ccefa5b6858e4c9cafae
- SHA1
  
  3b40a8a04e2b528a10ac440144ea7d399cf9e8ca
- SHA256
  
  37a7a2f318b9afa773bc058f20588a086e2762d175ab1845f74c9b0b296f9494
- SHA512
  
  f790af11b930267f365dbf667137295762bf8c429505e54bc33a8930215485ab6dd15f3f899be51b1bfe5aedabc3b95becf49e0cec2f9465889b8a560726a29a
- SSDEEP
  
  12288:DaftjZSU2ZdSojKvbamRzMQkac0XKqh9jiktrF7pBsVYm:DaTSULmKTamRgt0X1Ljp7Fm
Score

1^/10
behavioral17 behavioral18
- Target
  
  hyword/hyword/hytalk.dll
- Size
  
  47KB
- MD5
  
  491274cef5abba0fa7a9f40935255900
- SHA1
  
  2277818abb892efcbe9176c0f457d33d4e067c24
- SHA256
  
  f1d706e6b4ba053ea2cb8ba67b30703e3cc5cd94e59d8feb8472ac734898bba5
- SHA512
  
  fbc93358476a788cc8806df2bb28dbfaf1673b8a3fb4d9230e5de42b3c8f2d2734d6c1ac5b6482001ad5748f6e5d5731fb676e954dd6e504104286bc7357ff47
- SSDEEP
  
  768:DazoscEYdWVeM6ImoIzky/7X1OwEhjMz75JoPiHiJRiWoMGgsTQndYc0ixSha5:Da8scfue1TF7ehK5JsA6QWxPs0ddI
Score

1^/10
behavioral19 behavioral20
- Target
  
  hyword/hyword/hyword.exe
- Size
  
  65KB
- MD5
  
  e85f5626b4011e04cb9f7ba719565e80
- SHA1
  
  421e645bfc8f17cdbd5a662a6d809988546b7238
- SHA256
  
  aea055856d4a79732b4d865f9f3ee70b13ac526fe7a59419373f5a635d24c84e
- SHA512
  
  119d135820cf44d9505164d47b5f680656c63841be5511769542f74ceedf36346102a068365a538abd36c62f863b4613bd0b438600c930bdf681820c7aaee44c
- SSDEEP
  
  1536:8mW8aqDX1fXdFrr/7yPOgDPBJGSu0Re+Ep1tD6t4xg:8v8/tBr2PLMSu0RhEp1tD68
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral21 behavioral22
- Target
  
  hyword/hyword/lpk.dll
- Size
  
  46KB
- MD5
  
  77774d76e724ae9017bac8609947899c
- SHA1
  
  efd281c15cc901fee9c64f88fd0b74eb1fa82b57
- SHA256
  
  2017c37d13d1c5475cb1532f06a87ae60b1b5852a405a2b6c24d881efe7aba08
- SHA512
  
  68d88ff7c3e130f2ac25e73ba92398dd2b8a6dba26980395996ed6c8e7a4a404de30ce40f9819925afe55040c8f69e6461b7f8349d8de5f2ccdf19116407699f
- SSDEEP
  
  768:IUWUAohfjiT5ediDgEYe5eWomHEo2fKEFCLxu5qr7Ho73UEWkGpIfxMC:10qfWT5MbEYme9aLMBCVuEXID3x+C
Score

8^/10

upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral23 behavioral24
- Target
  
  hyword/hyword/msvbvm60.dll
- Size
  
  1.3MB
- MD5
  
  62c6c1ed346b2478f6833f0358f51026
- SHA1
  
  f0115cef6474ea41d5bc124544516854daf13de4
- SHA256
  
  46467c73fb928256fda19260d11ac3d228cb4f33d145ac7bf05505075c43a989
- SHA512
  
  dd54cc78cbc38394a74a412c3e526f5781603373e480b303256528e6c6b4aa86573a9eecdce018d3a27226f9aaa538fe0ed72299ccff5c3c93817f11fcd2eb90
- SSDEEP
  
  24576:ycOPu8lodWFF9V/zNItUSGmtcuyNiUqH/vWOO1G6fUG+VO7HDF4DB2sjhsJGJ:lwu82WFFvmt3yNiUqH/vbf6fUG+OjeDn
Score

1^/10
behavioral25 behavioral26
- Target
  
  hyword/hyword/wbfc.dll
- Size
  
  143KB
- MD5
  
  b4d20e533408b6c78320cad4c7cd1107
- SHA1
  
  8758a7ab6bde810e9b72394c6a6c217d8d090660
- SHA256
  
  4fe4f6d773352af446c629dd6aa2035624e619763fd637db1574a584cb3f5c5c
- SHA512
  
  d625f561fdb74423f03000279dcffafaa8c11ae2ee0b14e58dec4d845fe112346f7ac0023af7711b3e71d05a50077231ca0a7f6a2a766b2c5aa3c601276488ae
- SSDEEP
  
  3072:+cVfqBwXvNDw9d2rKNrOPz4eNhLH1+CQcWBY8nEqjJpEFOCrkt:+kyBalw93Nr07+IzknpEICwt
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral27 behavioral28

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

UPX packed file

Registers COM server for autorun

Enumerates connected drives

Writes to the Master Boot Record (MBR)

Checks computer location settings

Enumerates connected drives

Checks computer location settings

Checks computer location settings

Executes dropped EXE

UPX packed file

Loads dropped DLL

Enumerates connected drives

Drops file in System32 directory

UPX packed file

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28