Overview
overview
8Static
static
A850 ROOT/lpk.dll
windows7-x64
8A850 ROOT/lpk.dll
windows10-2004-x64
8A860E-Reco...nux.sh
windows7-x64
3A860E-Reco...nux.sh
windows10-2004-x64
3A860E-Reco...mac.sh
windows7-x64
3A860E-Reco...mac.sh
windows10-2004-x64
3A860E-Reco...ws.bat
windows7-x64
1A860E-Reco...ws.bat
windows10-2004-x64
1A860E-Reco...pi.dll
windows7-x64
3A860E-Reco...pi.dll
windows10-2004-x64
3A860E-Reco...pi.dll
windows7-x64
1A860E-Reco...pi.dll
windows10-2004-x64
3A860E-Reco...-linux
ubuntu-18.04-amd64
A860E-Reco...ws.exe
windows7-x64
1A860E-Reco...ws.exe
windows10-2004-x64
1A860E-Reco...pk.dll
windows7-x64
8A860E-Reco...pk.dll
windows10-2004-x64
8General
-
Target
44a0a96edbd8b8f268cb65140e9356324002c23ba03c747c520724e6450ecf61
-
Size
8.5MB
-
Sample
221126-yajqqahg27
-
MD5
d12560d524db59a0ef3c3bcf7ab7331b
-
SHA1
87ff92a04cac49cae8201e733f5e583aa5b3d00e
-
SHA256
44a0a96edbd8b8f268cb65140e9356324002c23ba03c747c520724e6450ecf61
-
SHA512
b0091adeb5f3f6883c6c0dd6764df55e0b3769b6300b782ff58d6d7118da6a65fe90fe6ece251dc0e672f49b7ae3f0223d28bfc9010ea8767dfae435f71ffd16
-
SSDEEP
196608:KWyWvDmvRF4REaTjZQLYrTmRVLsgEqKe/3sKCvC6MrppZn:KWylPs91XmPLZKe/DMJypjn
Static task
static1
Behavioral task
behavioral1
Sample
A850 ROOT/lpk.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
A850 ROOT/lpk.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
A860E-Recovery/install-recovery-linux.sh
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
A860E-Recovery/install-recovery-linux.sh
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
A860E-Recovery/install-recovery-mac.sh
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
A860E-Recovery/install-recovery-mac.sh
Resource
win10v2004-20220901-en
Behavioral task
behavioral7
Sample
A860E-Recovery/install-recovery-windows.bat
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
A860E-Recovery/install-recovery-windows.bat
Resource
win10v2004-20220901-en
Behavioral task
behavioral9
Sample
A860E-Recovery/tools/AdbWinApi.dll
Resource
win7-20221111-en
Behavioral task
behavioral10
Sample
A860E-Recovery/tools/AdbWinApi.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral11
Sample
A860E-Recovery/tools/AdbWinUsbApi.dll
Resource
win7-20220812-en
Behavioral task
behavioral12
Sample
A860E-Recovery/tools/AdbWinUsbApi.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral13
Sample
A860E-Recovery/tools/fastboot-linux
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral14
Sample
A860E-Recovery/tools/fastboot-windows.exe
Resource
win7-20220812-en
Behavioral task
behavioral15
Sample
A860E-Recovery/tools/fastboot-windows.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral16
Sample
A860E-Recovery/tools/lpk.dll
Resource
win7-20220901-en
Behavioral task
behavioral17
Sample
A860E-Recovery/tools/lpk.dll
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
A850 ROOT/lpk.dll
-
Size
85KB
-
MD5
8f114be9125798a2e24ab55fafb09590
-
SHA1
aa070d571279542fe8c06a16f06afe6945d28d6e
-
SHA256
9a542bd4f4349030fcb8c557ce997be76a8f12c2bcf38a03dd918ff3f6c6a4e5
-
SHA512
b8cdcca1c5f9ae7701eaef596ff629e9febd3e3929c05aba62602821f311fd4edce8924576ff07dc6ed7094a7992e60bc44bbf9f7b9289bed21c97a41587201d
-
SSDEEP
1536:0O3H4UYT7knSEUHAC4H3Pt9tyHpO3H4UYn:RX4Uo7kSEdzXPtPyHsX4Uo
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
A860E-Recovery/install-recovery-linux.sh
-
Size
125B
-
MD5
1dec641e47eeafa3153e20f845e263fe
-
SHA1
1c77bdbfccf462a3747b811533f2eaf21e47b0f1
-
SHA256
3c22c96fafbf5ad2e7b685281f9076ee5517e5774a29a91bfa2fae47e6c63b24
-
SHA512
911e451de4a27346acb2b2beffc4a255d8cbdbd70cac5b85e1e643ccc259afc333b8a13e2ae5b2e675996ecc12238491f69597988d881c36959493f3fcc23a65
Score3/10 -
-
-
Target
A860E-Recovery/install-recovery-mac.sh
-
Size
118B
-
MD5
7200123026b6797be0e86f541595703e
-
SHA1
fa0c286e07e672b8d80c492cf4580cd1fc9fc929
-
SHA256
4a2de18f7cc4382dec81c63aacc759cfa725c1bba62506578f16b4522a194761
-
SHA512
ffd6e26f41a442efdca08bf607c998777e47978d0c671f75de312b483d526a9c93a4cbcfdccd4e7cf2b868b960ca544987adbd3e9bc2e32b5d6fae8c8598766d
Score3/10 -
-
-
Target
A860E-Recovery/install-recovery-windows.bat
-
Size
136B
-
MD5
eaf11f8a6a38872145a62e0a8543aaca
-
SHA1
10633c3fa71b79b5a9a534bf5eb6f6d77e9d0430
-
SHA256
5843535229bb6d0669e134977d78c25962d77907bcb70440e6562ee541d169e0
-
SHA512
33926d31096cd08f4f4d31845275d471a43e2fa6d217aab767167afa60da284d78172691854f251e296040340470cec541f175b49af4d53ab0d768acc8cffa8a
Score1/10 -
-
-
Target
A860E-Recovery/tools/AdbWinApi.dll
-
Size
94KB
-
MD5
47a6ee3f186b2c2f5057028906bac0c6
-
SHA1
fde9c22a2cfcd5e566cec2e987d942b78a4eeae8
-
SHA256
14a51482aa003db79a400f4b15c158397fe6d57ee6606b3d633fa431a7bfdf4b
-
SHA512
6a2675de0c445c75f7d5664ebe8f0e2f69c3312c50156161e483927e40235140d5e28e340112ac552d6462366143890a8ce32dbf65bd37e27cb1ea290fe14584
-
SSDEEP
1536:npCxybY0FS6MqS6WvgD9xj03TabrFvY5J6sCGt:npo0k6ZWVTaif6sCG
Score3/10 -
-
-
Target
A860E-Recovery/tools/AdbWinUsbApi.dll
-
Size
59KB
-
MD5
5f23f2f936bdfac90bb0a4970ad365cf
-
SHA1
12e14244b1a5d04a261759547c3d930547f52fa3
-
SHA256
041c6859bb4fc78d3a903dd901298cd1ecfb75b6be0646b74954cd722280a407
-
SHA512
49a7769d5e6cb2fda9249039d90465f7a4e612805bba48b7036456a3bbd230e4d13da72e4ade5155ddc08fe460735ec8d6df3bb11b72ff28e1149221e2fc3048
-
SSDEEP
768:HLNk0yiFYWkgALpW+QvSugX0wUepQNXTQXdF+Q+An70edrqqOkIW:+yY8wugEwOVEXdz70e4gI
Score3/10 -
-
-
Target
A860E-Recovery/tools/fastboot-linux
-
Size
124KB
-
MD5
9851bb6ad29cd4b60c9ba9d011ba9efd
-
SHA1
9a51ea313f3419053d3d1cc19e51de8cb7a915c4
-
SHA256
25b200943a8ae5bc5ce62f9de6a4b46fce3795122d6de8a15de93cb5a6ca1d94
-
SHA512
5a7060b02fac10dcef61a69a30a593621319388c846e5556197bda4bcbdfecfffb4161d218fc3815af030247df74cd96c047dcbb0979fd124bbd77490a0b46af
-
SSDEEP
3072:4IqbXsJEWa13HTBfOWeuLOuFBVhVdf/gmqk:4tb8yW43HTBmWBiubVhVdflqk
Score1/10 -
-
-
Target
A860E-Recovery/tools/fastboot-windows.exe
-
Size
968KB
-
MD5
6bbf05d97585c3c515bdb172eb9e7d12
-
SHA1
956c7805ae936441c235ae20fb6b896dc3823cf1
-
SHA256
2142ba46552f3bd5b5e82809b03176204739873a2caf9ce96ebfd5969327c12a
-
SHA512
c8582367c0dde5c5f1f7ccde8c589c75dbbb65988dc8af512ad68583af11959c3eda9c360a81abcd47da55dffd1ab6e874727c8dcacf9f6fa477fca209ef6add
-
SSDEEP
12288:saLTmAZ/POJEwIEAEt4iC1sngobywagl31jysLa894:sYTZVnEt4iCkgafysLa8q
Score1/10 -
-
-
Target
A860E-Recovery/tools/lpk.dll
-
Size
85KB
-
MD5
8f114be9125798a2e24ab55fafb09590
-
SHA1
aa070d571279542fe8c06a16f06afe6945d28d6e
-
SHA256
9a542bd4f4349030fcb8c557ce997be76a8f12c2bcf38a03dd918ff3f6c6a4e5
-
SHA512
b8cdcca1c5f9ae7701eaef596ff629e9febd3e3929c05aba62602821f311fd4edce8924576ff07dc6ed7094a7992e60bc44bbf9f7b9289bed21c97a41587201d
-
SSDEEP
1536:0O3H4UYT7knSEUHAC4H3Pt9tyHpO3H4UYn:RX4Uo7kSEdzXPtPyHsX4Uo
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-