ea5c9b5d0f6dd7bddd595bd6bfda7d48fe13656bf4a72f5ecfbd38cdd80cd9fb

General

Target

ea5c9b5d0f6dd7bddd595bd6bfda7d48fe13656bf4a72f5ecfbd38cdd80cd9fb
Size

2.7MB
Sample

221125-zeyk4sdf53
MD5

6b92220ecb897f64f85fb639d8feb662
SHA1

8b349fa533a48392067fdc0bf70a9829cacafc2f
SHA256

ea5c9b5d0f6dd7bddd595bd6bfda7d48fe13656bf4a72f5ecfbd38cdd80cd9fb
SHA512

7f541fe1cbbed200eeae10b867b0da1973c250da7603c4074429aaca614f05a5ef64b47bd096e53a092cda9f816cf6c8d22cea48d3d81e2313c908128661f21b
SSDEEP

49152:SveeVKc3nNWt+YLRjvMIpnlhS9fqJOM8y6lFMBPOCL5qKzpQA:4eebn2FjNlhS9CJOM62JqSN

Score

8^/10

Malware Config

Targets

- Target
  
  HOOK.DLL
- Size
  
  58KB
- MD5
  
  7e6be94c4023d1560f3678db2579b41f
- SHA1
  
  b4b5fa3fbf074a6da92afbb8d2bc632683ca74ec
- SHA256
  
  77c2ad1ebd183d1d94b68def677fd0691a4a6869f521294ff7619fcfe5fa5fbb
- SHA512
  
  3eaa31f8b25d45ac62637c93a160d90ea49b9487c65d88c94cfd29b6cafed3375ffcc22a459c173792f30639b8cad7da70a9044a4ab959c3ace56853aec35a8e
- SSDEEP
  
  768:PV1qkEM1uCxCrOMCMZWw3ZNZNYTdj8mNa2IJrmmSWmkvTSnno4KMpQQu8snP/SVJ:d1qkE+CjfNZN4dj8XxOuMbu73SVXpZZ
Score

1^/10
behavioral1 behavioral2
- Target
  
  STUDENT.exe
- Size
  
  1.5MB
- MD5
  
  2c0525fe09c3fc8f361664e9cec1cf39
- SHA1
  
  c8e060bafd2911d2faeaa7c41a40899008e5f401
- SHA256
  
  97af7e67acd9a53063171f2db69f43b56510c511c8f9486582a1f94b30addcbf
- SHA512
  
  ecf53dc361e0fd1d124b5178bb43de4174bf17c1bda8a50917bca9f1f4b584f1a60ef75e41f3a21e3d762725e96346839a49ae9bfae878f84ee68ee08c84e2bf
- SSDEEP
  
  24576:aQKgRLTkqhovL+xMSKLpqUbUUtfVD0LVAzDwQnQxxAK:PRiY/+UKfGVA4QnQxxA
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral3 behavioral4
- Target
  
  TEACHER.exe
- Size
  
  4.2MB
- MD5
  
  2e461836020fe8defb2e8c83efb2891c
- SHA1
  
  f935b340258da2ed05a53c7226ea38fbf5028999
- SHA256
  
  a844d8410fe6c329c8be5b74fadbf55bb2337660abab472e5fa067b3452ef5b3
- SHA512
  
  07450c02252e5c03a51d21847887c34e85c2d0d15331d5c38623e9e1827a078f17ad1f1daec2e8acce686328b9c4e5760f8b4a93b2cb2715133df8f02606a418
- SSDEEP
  
  49152:MaixCNNWzyGLYjvMWfHCpv0rscgKCjmZUYD5HT3zWAB4vQnQxxA0k:MQN6UjXK6wjjwmAUQQfDk
Score

8^/10

adware bootkit discovery persistence stealer
- Blocklisted process makes network request
- Drops file in Drivers directory
- Executes dropped EXE
- Sets service image path in registry
  persistence
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral5 behavioral6
- Target
  
  help.chm
- Size
  
  60KB
- MD5
  
  3ecd3de0e53fd46588ee323e76f94958
- SHA1
  
  4cab034bfae4a30000f03acd976f41eaa5558cb1
- SHA256
  
  a6bac1795813694bf3b080f2ed3c4bc3dee8f8da48147a81e89aa3851ce2235f
- SHA512
  
  f3c23a9de97f85e3b5fe392523ea06741670aae46806d8bf1ebe047c9b28a667cbda4cc77a589c2e929eb2b52453aa20a0b515d3bd14218ed042fa44a1323db0
- SSDEEP
  
  768:PLJTpQbwIuTc13SRazm0FNNBcRa6Jac5SrwKSTPHaWptd0a+sGb+Oa9yGrvM:PLJNjGSRYTwabayBS2Qtd0aBNhw
Score

1^/10
behavioral7 behavioral8