Overview

overview

8

Static

static

A850 ROOT/lpk.dll

windows7-x64

8

A850 ROOT/lpk.dll

windows10-2004-x64

8

A860E-Reco...nux.sh

windows7-x64

3

A860E-Reco...nux.sh

windows10-2004-x64

3

A860E-Reco...mac.sh

windows7-x64

3

A860E-Reco...mac.sh

windows10-2004-x64

3

A860E-Reco...ws.bat

windows7-x64

1

A860E-Reco...ws.bat

windows10-2004-x64

1

A860E-Reco...pi.dll

windows7-x64

3

A860E-Reco...pi.dll

windows10-2004-x64

3

A860E-Reco...pi.dll

windows7-x64

1

A860E-Reco...pi.dll

windows10-2004-x64

3

A860E-Reco...-linux

ubuntu-18.04-amd64

A860E-Reco...ws.exe

windows7-x64

1

A860E-Reco...ws.exe

windows10-2004-x64

1

A860E-Reco...pk.dll

windows7-x64

8

A860E-Reco...pk.dll

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    44a0a96edbd8b8f268cb65140e9356324002c23ba03c747c520724e6450ecf61

  • Size

    8.5MB

  • Sample

    221126-yajqqahg27

  • MD5

    d12560d524db59a0ef3c3bcf7ab7331b

  • SHA1

    87ff92a04cac49cae8201e733f5e583aa5b3d00e

  • SHA256

    44a0a96edbd8b8f268cb65140e9356324002c23ba03c747c520724e6450ecf61

  • SHA512

    b0091adeb5f3f6883c6c0dd6764df55e0b3769b6300b782ff58d6d7118da6a65fe90fe6ece251dc0e672f49b7ae3f0223d28bfc9010ea8767dfae435f71ffd16

  • SSDEEP

    196608:KWyWvDmvRF4REaTjZQLYrTmRVLsgEqKe/3sKCvC6MrppZn:KWylPs91XmPLZKe/DMJypjn

Score
8/10
linux

Malware Config

Targets

    • Target

      A850 ROOT/lpk.dll

    • Size

      85KB

    • MD5

      8f114be9125798a2e24ab55fafb09590

    • SHA1

      aa070d571279542fe8c06a16f06afe6945d28d6e

    • SHA256

      9a542bd4f4349030fcb8c557ce997be76a8f12c2bcf38a03dd918ff3f6c6a4e5

    • SHA512

      b8cdcca1c5f9ae7701eaef596ff629e9febd3e3929c05aba62602821f311fd4edce8924576ff07dc6ed7094a7992e60bc44bbf9f7b9289bed21c97a41587201d

    • SSDEEP

      1536:0O3H4UYT7knSEUHAC4H3Pt9tyHpO3H4UYn:RX4Uo7kSEdzXPtPyHsX4Uo

    Score
    8/10

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      A860E-Recovery/install-recovery-linux.sh

    • Size

      125B

    • MD5

      1dec641e47eeafa3153e20f845e263fe

    • SHA1

      1c77bdbfccf462a3747b811533f2eaf21e47b0f1

    • SHA256

      3c22c96fafbf5ad2e7b685281f9076ee5517e5774a29a91bfa2fae47e6c63b24

    • SHA512

      911e451de4a27346acb2b2beffc4a255d8cbdbd70cac5b85e1e643ccc259afc333b8a13e2ae5b2e675996ecc12238491f69597988d881c36959493f3fcc23a65

    Score
    3/10
    behavioral3behavioral4

    • Target

      A860E-Recovery/install-recovery-mac.sh

    • Size

      118B

    • MD5

      7200123026b6797be0e86f541595703e

    • SHA1

      fa0c286e07e672b8d80c492cf4580cd1fc9fc929

    • SHA256

      4a2de18f7cc4382dec81c63aacc759cfa725c1bba62506578f16b4522a194761

    • SHA512

      ffd6e26f41a442efdca08bf607c998777e47978d0c671f75de312b483d526a9c93a4cbcfdccd4e7cf2b868b960ca544987adbd3e9bc2e32b5d6fae8c8598766d

    Score
    3/10
    behavioral5behavioral6

    • Target

      A860E-Recovery/install-recovery-windows.bat

    • Size

      136B

    • MD5

      eaf11f8a6a38872145a62e0a8543aaca

    • SHA1

      10633c3fa71b79b5a9a534bf5eb6f6d77e9d0430

    • SHA256

      5843535229bb6d0669e134977d78c25962d77907bcb70440e6562ee541d169e0

    • SHA512

      33926d31096cd08f4f4d31845275d471a43e2fa6d217aab767167afa60da284d78172691854f251e296040340470cec541f175b49af4d53ab0d768acc8cffa8a

    Score
    1/10
    behavioral7behavioral8

    • Target

      A860E-Recovery/tools/AdbWinApi.dll

    • Size

      94KB

    • MD5

      47a6ee3f186b2c2f5057028906bac0c6

    • SHA1

      fde9c22a2cfcd5e566cec2e987d942b78a4eeae8

    • SHA256

      14a51482aa003db79a400f4b15c158397fe6d57ee6606b3d633fa431a7bfdf4b

    • SHA512

      6a2675de0c445c75f7d5664ebe8f0e2f69c3312c50156161e483927e40235140d5e28e340112ac552d6462366143890a8ce32dbf65bd37e27cb1ea290fe14584

    • SSDEEP

      1536:npCxybY0FS6MqS6WvgD9xj03TabrFvY5J6sCGt:npo0k6ZWVTaif6sCG

    Score
    3/10
    behavioral10behavioral9

    • Target

      A860E-Recovery/tools/AdbWinUsbApi.dll

    • Size

      59KB

    • MD5

      5f23f2f936bdfac90bb0a4970ad365cf

    • SHA1

      12e14244b1a5d04a261759547c3d930547f52fa3

    • SHA256

      041c6859bb4fc78d3a903dd901298cd1ecfb75b6be0646b74954cd722280a407

    • SHA512

      49a7769d5e6cb2fda9249039d90465f7a4e612805bba48b7036456a3bbd230e4d13da72e4ade5155ddc08fe460735ec8d6df3bb11b72ff28e1149221e2fc3048

    • SSDEEP

      768:HLNk0yiFYWkgALpW+QvSugX0wUepQNXTQXdF+Q+An70edrqqOkIW:+yY8wugEwOVEXdz70e4gI

    Score
    3/10
    behavioral11behavioral12

    • Target

      A860E-Recovery/tools/fastboot-linux

    • Size

      124KB

    • MD5

      9851bb6ad29cd4b60c9ba9d011ba9efd

    • SHA1

      9a51ea313f3419053d3d1cc19e51de8cb7a915c4

    • SHA256

      25b200943a8ae5bc5ce62f9de6a4b46fce3795122d6de8a15de93cb5a6ca1d94

    • SHA512

      5a7060b02fac10dcef61a69a30a593621319388c846e5556197bda4bcbdfecfffb4161d218fc3815af030247df74cd96c047dcbb0979fd124bbd77490a0b46af

    • SSDEEP

      3072:4IqbXsJEWa13HTBfOWeuLOuFBVhVdf/gmqk:4tb8yW43HTBmWBiubVhVdflqk

    Score
    1/10
    behavioral13

    • Target

      A860E-Recovery/tools/fastboot-windows.exe

    • Size

      968KB

    • MD5

      6bbf05d97585c3c515bdb172eb9e7d12

    • SHA1

      956c7805ae936441c235ae20fb6b896dc3823cf1

    • SHA256

      2142ba46552f3bd5b5e82809b03176204739873a2caf9ce96ebfd5969327c12a

    • SHA512

      c8582367c0dde5c5f1f7ccde8c589c75dbbb65988dc8af512ad68583af11959c3eda9c360a81abcd47da55dffd1ab6e874727c8dcacf9f6fa477fca209ef6add

    • SSDEEP

      12288:saLTmAZ/POJEwIEAEt4iC1sngobywagl31jysLa894:sYTZVnEt4iCkgafysLa8q

    Score
    1/10
    behavioral14behavioral15

    • Target

      A860E-Recovery/tools/lpk.dll

    • Size

      85KB

    • MD5

      8f114be9125798a2e24ab55fafb09590

    • SHA1

      aa070d571279542fe8c06a16f06afe6945d28d6e

    • SHA256

      9a542bd4f4349030fcb8c557ce997be76a8f12c2bcf38a03dd918ff3f6c6a4e5

    • SHA512

      b8cdcca1c5f9ae7701eaef596ff629e9febd3e3929c05aba62602821f311fd4edce8924576ff07dc6ed7094a7992e60bc44bbf9f7b9289bed21c97a41587201d

    • SSDEEP

      1536:0O3H4UYT7knSEUHAC4H3Pt9tyHpO3H4UYn:RX4Uo7kSEdzXPtPyHsX4Uo

    Score
    8/10

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral16behavioral17

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

4
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

6
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks