General
-
Target
startback_aio_1.0.65.1.zip
-
Size
5.5MB
-
Sample
221222-vmwn9saa3x
-
MD5
706a88819aa066551e5dfb9e2cb7a93e
-
SHA1
58c7702b9aa66b14414b0ffbe21e62f727bf76b0
-
SHA256
5f64190eb10b2cbba325b88f6f2e1a93c872383a6e62fed6a46842ed25b4489a
-
SHA512
8c75f74a3263847569769436e6a62d0784d4be2ac00c5970cb1386dbb082401bc913bb8b8aa543f8278901d1f1adaf9ed744f4b1fc6bd62917f18dfce357e7e2
-
SSDEEP
98304:XNM4G+or1FhIrY0CNBOkWu+EMeLdcDkSUYe2+FPJTFMKEweAwWSS8kEsk7Nr+dAW:XNnG+or1FhIrRxC+EFkkzEI/5EwHwWKK
Malware Config
Targets
-
-
Target
StartBack AiO 1.0.65.1.exe
-
Size
5.5MB
-
MD5
58aa37678ae6d9de7b91eb06ece1a104
-
SHA1
755997c2705cadefd7e567a93f755537f1459d50
-
SHA256
9e423f202422338ba16f1c0cb3d3e9a081031c188720103ac5be48e3689f46d0
-
SHA512
9d47777fe73640f95139b1d7e4bbf84c96cc52005508d0e4c63572c9c9cf04bc0775a8c9f6ddbc600a0ec872c0f88754044b1c609d430b1ae84cd60a5e4e5dd0
-
SSDEEP
98304:HssI+4PzxV69AGMjPUqCU+0osRF0DkYkmyS8FjJTx0cgseqiuaOOYMakDfHAfCK8:tI+4PzxV69nTM+07GklyqL/gsPiui/Hd
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
_Silent Install.cmd
-
Size
1KB
-
MD5
b144f4c817cf6a66b2e468b1379dc669
-
SHA1
adfe8b7d329561bfbeb14dff6a281b46a7da1eb3
-
SHA256
ce86cd60690255a5a5e7375a7ba779bccbf26591f5948d3ca246d1fc599dcb41
-
SHA512
39e03d822f915ef9c4f6a9cd1ee9e593ada79060cbaae1d4f06ee48c7aef2e9c3ce5043e1966a390e777b319696a2c5bfe49882fbf0023b8053fd45b1d693fea
Score8/10-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Registers COM server for autorun
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-