a346595fe9232e039e99763b5fab73cb11383d9d8ec5cbafd861e84fb376e30d

Sharing

Copy URL

Twitter E-mail

General

Target

a346595fe9232e039e99763b5fab73cb11383d9d8ec5cbafd861e84fb376e30d
Size

2.4MB
Sample

221124-nrccvsed5v
MD5

d4a88ea42242f5498694538d698cefb1
SHA1

fb4f611124438a68f8c7355ed66d35fe0fb2d68f
SHA256

a346595fe9232e039e99763b5fab73cb11383d9d8ec5cbafd861e84fb376e30d
SHA512

e87dfa34ea20f7f2fe971f4e04c7e5f39f282b9c68171cc3c26809f204c1e5e9cd4c11bff43b0530598d6c720a22f4018e4ab7e8f5475c3966ca4d0f83b63781
SSDEEP

49152:0FX51/uIjz64M3GqbtEnPWTvZrWKxekEKUWlrLkb9RiSWjX:0HBuIH7qb+PoRrWKuQ8b9ISWT

Score

8^/10

upx

Malware Config

Targets

- Target
  
  AMR Player/AMRPlayer.dll
- Size
  
  70KB
- MD5
  
  ddd9a0b285e313c72e02119edc751527
- SHA1
  
  e78dd8b70616559723587ca58f468c8a7eb19480
- SHA256
  
  d11000abb3d1ad7d5250bc8d1574d91a28743e2d816abb270d8882447c2db00d
- SHA512
  
  f543a8364baf283fcefcb22dd96b75a2f0f4b951a3f5188c188e5667faac24fd7e639b28a138d3753eef720caaf29fc15e4dc509af89b35431b1aa36fbdfe29c
- SSDEEP
  
  1536:zdXWIQHNltTQvdWv5uBcmHKswE/bec9THPk7wXDOJLJ7:zdXWIQHNltTQvdWv5uBcmHKsRKciJLJ7
Score

1^/10
behavioral1 behavioral2
- Target
  
  AMR Player/AMRPlayer_99D.COM.exe
- Size
  
  810KB
- MD5
  
  05e8d5fff2f13b37f7cbac6c24f0fef2
- SHA1
  
  7fac1642d903f145600df1d9a24be7cdc7a24dab
- SHA256
  
  0cb1b1dc6abdc046c47fc94163b5264b934fd4d53915e88153e5b99de211b91a
- SHA512
  
  65b94812b719c7edc19e670fd998a4950eb7f00d8c7940ff34dfb7bf36d725111dd6e55df8e6e8991b577b5957ba941924869f10557863b2468d6c09db25cb5b
- SSDEEP
  
  24576:tF2EwsMJsFgr442XJnhb+YI4aXAZw1LVK:bMJX29ocSVK
Score

1^/10
behavioral3 behavioral4
- Target
  
  AMR Player/avcodec.dll
- Size
  
  4.6MB
- MD5
  
  91255a74916beefdb6f585431c22f567
- SHA1
  
  c4c927cc1bf5bb5e32ff6d9ecfd64a03d8ecc931
- SHA256
  
  dad725e7683625f3f14dddd66a29b4acd0e4a587bcf37fa652b872671741e279
- SHA512
  
  132082167c99c6415fe9902f76c16fe64b23731a574ec666f3646aae6a6f57ebdda101e6926c594dec3a279cab92f9cd1e58f19958b2472db34a26ca2d2a7b66
- SSDEEP
  
  98304:H9Jr1cF87vTYQ53gVDHJrGqNg0/qHUVcbLGDFKBlnjvmdHbrSjN8py3p0QH691FJ:H9Jr1487vTYQ3gVLJrGqNg/LGDFKBlno
Score

3^/10
behavioral5 behavioral6
- Target
  
  AMR Player/avformat.dll
- Size
  
  460KB
- MD5
  
  a1dafa2a780960f4790ab71264c23d0b
- SHA1
  
  44e3a3a06342e5824984fb5d708bdee00076388a
- SHA256
  
  f93dcafa81c3e101481b9f2d1c8064228fb10894ae8d900b49db3ea76f78923a
- SHA512
  
  e9588f6e3f81f85e39c0df1966829434d7f4aca582070b45ef5392eca2d0d0c7af95c74860d0606545fb9212aa65c13a2f63cc2915aab81ea9463348470632cf
- SSDEEP
  
  12288:ZWB6jJTck57q0+8BGS2Z0YQCK23X9GZZZ2ZF0J:IBGik5ZqS2Z0YQhE0J
Score

3^/10
behavioral7 behavioral8
- Target
  
  AMR Player/avutil.dll
- Size
  
  19KB
- MD5
  
  03dacf694a8cea21279bf786a4f0bfb0
- SHA1
  
  f552e0870c1e321ebc111fde8794830e5dd8306c
- SHA256
  
  61f218359353971dfe22d751db78364b6e9ef1a6f8ff31333509caaed6b0603e
- SHA512
  
  6b6bc4ad0b36dce51cdade5b27ec25b62ee82b1e6f5904ccede99292bcdb3640c12ea497a245fc9f268d487201704ec43662ee78bca0d6ccebe1d707e66f81e2
- SSDEEP
  
  384:GAoYF0XGS97LSYy9muvCtfR2TUXx5yQeAabGRGqV7B:NoY+17LSYyIsCNR2wXx5wAabAG
Score

1^/10
behavioral10 behavioral9
- Target
  
  AMR Player/bass.dll
- Size
  
  96KB
- MD5
  
  8741c1669550d89bc781dfa5ac11da8b
- SHA1
  
  d083e66010aa0f884ad80823384e7f50c3eaaf68
- SHA256
  
  91dabc42430075dd6b29a143a6cbed02e2135b3db9f76bd90ddd7621a13da54d
- SHA512
  
  e7d0a0bf6852eb9ec24bf1e9e7546276469e6445437e949507facfc22009e3dc82994d6e9ed9aaeff9fc90c89507f325e47344d22d00d04238205873ce24fb01
- SSDEEP
  
  1536:jYcrMnh/DhwDXL0vhRZ9KEsgAL6OeUko/wToQUe4E8Gf6cp5WDXLbfYEjr/9:s+Mh/dzZg5gfTgSoq4PGScpkLbh
Score

1^/10
behavioral11 behavioral12
- Target
  
  AMR Player/lpk.dll
- Size
  
  46KB
- MD5
  
  77774d76e724ae9017bac8609947899c
- SHA1
  
  efd281c15cc901fee9c64f88fd0b74eb1fa82b57
- SHA256
  
  2017c37d13d1c5475cb1532f06a87ae60b1b5852a405a2b6c24d881efe7aba08
- SHA512
  
  68d88ff7c3e130f2ac25e73ba92398dd2b8a6dba26980395996ed6c8e7a4a404de30ce40f9819925afe55040c8f69e6461b7f8349d8de5f2ccdf19116407699f
- SSDEEP
  
  768:IUWUAohfjiT5ediDgEYe5eWomHEo2fKEFCLxu5qr7Ho73UEWkGpIfxMC:10qfWT5MbEYme9aLMBCVuEXID3x+C
Score

8^/10

upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral13 behavioral14
- Target
  
  AMR Player/pthreadGC2.dll
- Size
  
  87KB
- MD5
  
  c417e0e285dd34ce5c206043611d9d73
- SHA1
  
  bf23cf8a8861708173de04e7971c58db09f04956
- SHA256
  
  f062e13f660bda174084f5ff4e4f3ea88d899acb29b8bdcc518f3a34adcca166
- SHA512
  
  ff2160b1b519f0b6ecd43de44fc5f7997c9aff2e665dfcb045b9d60624e1bef516eece9d348360fddb55e6ca460aa90efab1bcd0c6eacee7529df1f68819879f
- SSDEEP
  
  1536:DbF9eWiH3YeODNQh3JOJjNkt7+uw+qhst+uhZD:vtiH3YzY3JOJjqN+umhst+QB
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

UPX packed file

Loads dropped DLL

Enumerates connected drives

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16