50740f63124075cc0b474d6e1c665bf50f1c639e40de562160e8ddc6d3ceff9b

Sharing

Copy URL

Twitter E-mail

General

Target

Windows_Repair_Toolbox.zip
Size

3.1MB
Sample

221222-wz3tsaaa9y
MD5

e177e7d10515954a13ded8339c6cb199
SHA1

78f56d0355fe6259c6ce75551b7d18a89d959ae3
SHA256

50740f63124075cc0b474d6e1c665bf50f1c639e40de562160e8ddc6d3ceff9b
SHA512

bf47b9af84c384a2af9989dfa9ac02430b6a4d800af6e9c912e551d231a41321df07730873695f36ebf9f3d144423724543faf81e00a7861b0c07a2e53b1eccb
SSDEEP

49152:KTfRG3cTvwmevVoemRXM4q6iLbXsMuk241vohjIl+X3CxLvjMtmssrnpM:KTpGMTvmvV74I0ME4Jgj8+CxzgmsypM

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  Final Tests/EXCEL.xlsx
- Size
  
  11KB
- MD5
  
  613ae19b98e71d69bb84897e53b7044d
- SHA1
  
  54d4f2bd5103a7c7e0ae125d8699a48c7fd19ca1
- SHA256
  
  f5b9eda8aa1e5e15a38578357a2a451707a6d41af3935f6e33b0a1f38edc2dae
- SHA512
  
  8900e519ff8b524a7d99cab5c70cf04468854f14d4e227ba753ba749f80d209975a811f924a6f9644dad1079b7ed835d9ec1ac9f3e924f936635f8029fd54ebd
- SSDEEP
  
  192:LUgZ/4h9v7geaTzEQFn+o5MbMOkXGdokekN4WIsxiooMpBrnuxiFKBBcxM:YgZghl0eWzxp+o5bfke5GIepL8uG
Score

1^/10
behavioral1 behavioral2
- Target
  
  Final Tests/PDF.pdf
- Size
  
  2KB
- MD5
  
  f1e3f944814f0789ea6bea1950ef9aa8
- SHA1
  
  ffcb40d54184e93acade7840c639b92356354c34
- SHA256
  
  68e8814fb04da1cfdc02cf88e89a68ebc6c98c23894c5cacd98d5aa5e52b3145
- SHA512
  
  864e1ec57f4ef15288d1e71e69fd22b52be921d653eb698002a6585c036523514fb982850cff5251594af721b333ed5858eb74b51de60671fe1fbef857df3c33
Score

1^/10
behavioral3 behavioral4
- Target
  
  Final Tests/POWERPOINT.pptx
- Size
  
  29KB
- MD5
  
  5471979b6b903a4edd8b50c456da2e2a
- SHA1
  
  60f188f0e1566c440f538a75f315547950a1c40c
- SHA256
  
  9565b01dda7925c0b12754ec49b9b45909aa282b538dc68f20e404bf8eec3841
- SHA512
  
  84b8d2791e08400fa1ca9510e8fd7b66a80ccc4da35d990a17ef088a56d8a3a1a6d2e6dcb2898bbc3eac621906218a8a803278a07acf624e7749b8849be55633
- SSDEEP
  
  768:9TGi+8LglXPXYHAe319vQ9I3bRVqAJ98DVX1QABeln+dlPMS0bS02S0dS04S03Ss:Wugt/7I2zQAB0n+6
Score

1^/10
behavioral5 behavioral6
- Target
  
  Final Tests/WORD.docx
- Size
  
  10KB
- MD5
  
  0cbc94f1e06a2dac07bfb024cb011fd1
- SHA1
  
  212d016de43585e51110a8da04629979da867c9e
- SHA256
  
  abf366d43f5113153ec95d52ff939b0b8da51267f57fd445a434e0174a807a90
- SHA512
  
  4906f4a11a35b1c40220aae9bfcf091ee46e3b009b2b82c8ba5f44e7dd096d8ab165de05177c691d84baff25dfd85feb24ee497add34fd03c4b31cdfad21c77b
- SSDEEP
  
  192:Zo/jQm6xZDn2DQg2viMl+PpmFkxTICIo9pvb6LIoe5r22qY5Or4Vl+hS6:Zu8xR2DQuMYRmFkoSvSIr22v5BWS6
Score

4^/10
behavioral7 behavioral8
- Target
  
  Windows_Repair_Toolbox.exe
- Size
  
  1.8MB
- MD5
  
  30c98afd286f5dfacc5caf498aa16aa8
- SHA1
  
  597fcc44f6f2c08d6db479a2a55b4a65b562956c
- SHA256
  
  0414039379e9024c2ff3adde355515f72a42b025f49a37257f8c9368f6731bdc
- SHA512
  
  c1e37ac3e3a19c3eb4e4685d87d894a18bdc49e642a2de857669240eed85f2fdc9423642a1b460bd5c4297f9ad82b325eaccf9d256382e7dc73095c8d77f38b2
- SSDEEP
  
  24576:Tmmu+ebgkhWQq2cPK1wRWeOtCeGr7g2LF/L/Yfixfz/b6qk1nU3R2WAmcMUQJGgy:TdXEZYkh5BQWkyfo
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral10 behavioral9
- Target
  
  Windows_Repair_Toolbox.exe.config
- Size
  
  401B
- MD5
  
  ece9a10a6ac2e652da0cb5fa22491744
- SHA1
  
  74fb9a81fcc884ceb764cba388df50b2e9768cad
- SHA256
  
  3fa28d94834f830e0805a5b3f8ace07d215efe96d69c77f1c134ea5c9426c2ba
- SHA512
  
  54e52831e8fe3bb0f8998e6ebbb69c129782018ba1f0f5a4ce682e62306d5af3b55b86413152fbf46c0b50d721159f9e77cbac6e78144574421f972290105179
Score

1^/10
behavioral11 behavioral12
- Target
  
  files/7zG.exe
- Size
  
  421KB
- MD5
  
  712214d53808934bdf7403c5aeee6eee
- SHA1
  
  7cea31347ea373ca74c62302b95fd3ceedc55f39
- SHA256
  
  b6e34a76d87cc95fddee2fbb41b22e11eef6a4df10a7ecbba03942030eeec07e
- SHA512
  
  eb22bdb3825d63ecc1cf2b6db41cd719b85b8820019949eb921aed670adcb0f5c782c4393c9b6492bfbab6e51848b96d15d63399d4c723787ea98ce91d8eb532
- SSDEEP
  
  6144:2qZhz0SVuDygTkowcVTLEoMMKSwfcClp/Ui8WVCiCGyrLgjeliuSTWWJ:Dhz05DyELwcJLEOx85p/UiQiC1otTWW
Score

1^/10
behavioral13 behavioral14
- Target
  
  files/7za.exe
- Size
  
  796KB
- MD5
  
  90aac6489f6b226bf7dc1adabfdb1259
- SHA1
  
  c90c47b717b776922cdd09758d2b4212d9ae4911
- SHA256
  
  ba7f3627715614d113c1e1cd7dd9d47e3402a1e8a7404043e08bc14939364549
- SHA512
  
  befaa9b27dc11e226b00a651aa91cbfe1ec36127084d87d44b6cd8a5076e0a092a162059295d3fcd17abb6ea9adb3b703f3652ae558c2eef4e8932131397c12d
- SSDEEP
  
  24576:HWdp+y7/ya3yc7tfBA6rDUzfKrBxEATB:up+fa3rLA6s+/
Score

1^/10
behavioral15 behavioral16
- Target
  
  files/ATPad/ATPad.exe
- Size
  
  346KB
- MD5
  
  c57409b9d045cfed874f2066d2ad176a
- SHA1
  
  8a6d642fd64200e52acbff88a186c74abb89cc19
- SHA256
  
  532c46592ade2748803296f6db29dd323145aa6c925725d2b4bee0b25205d195
- SHA512
  
  3d4e32417cb84ff12edeeef9c16f54455222d09e7b0e25622439137f44424d1e8a30d5a20e0edbe8a72c405fb4ce8a8a3d97e962186c9b17aed847ba55cbe1ab
- SSDEEP
  
  6144:C/OAp8Px4/eruoqwKJ5zYRJyY+U5YgYph0:YO88Px4/K8wKzYmYRYzp
Score

3^/10
behavioral17 behavioral18
- Target
  
  files/CheckDisk.exe
- Size
  
  6KB
- MD5
  
  2a87e901bbdbf9102deee0c55f7e211b
- SHA1
  
  0fb469a1e07ae5019c1d9580ca1fc4d723a89ff6
- SHA256
  
  36791524319138b1c14294f723176c514569591808e5e9fc7130b53de451a709
- SHA512
  
  0b6ecd6b5ea62eb00680a24d62d372713ff929cd63bd9758144518c4dba783fcc15e30839b73486a2b8794eeff92a1ae407a13313b04ea72a660561cde89005a
- SSDEEP
  
  96:Chiegz8e2yfifdf7f+7faILRrPEMPTpET3gR5pxYzNt:rn8rIp4k5px6
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral19 behavioral20
- Target
  
  files/DISM_And_SFC.exe
- Size
  
  6KB
- MD5
  
  cd6e6b6fab95156ed748837a403ae528
- SHA1
  
  04979e0a3b10872f5de9314e5cf898465f4340ae
- SHA256
  
  f7366d5472e87e85d78c90a848ea58dc779e6e631f4057659f151f7411381011
- SHA512
  
  a88aafe5d901e06d8e8450ddd08503a23e7057bf0a12e94b480a594164add07c984397b49e626ccf1200e5d037af534ef6d038fc6f9e04824cb845c98a7605f7
- SSDEEP
  
  48:6rIZbi4ni5bTDnOGOxza5fNMJgoRi5EyMNJizRi5yytANG5ePEMPvYijTL4kCSWF:2/AzVRi5EteRi5yv3PEMPvYFscTMzNt
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral21 behavioral22
- Target
  
  files/repair_network.cmd
- Size
  
  653B
- MD5
  
  4c147e9ed9a165d2a2275f6852abea58
- SHA1
  
  48c4be83b9f5330daa2885433bc9affd78becaa8
- SHA256
  
  e28cd0a3d9f8c6c9a9225ac37f95e0e64c893c52d0dfba527251127f7460c5f5
- SHA512
  
  476e7e32d2ae51f7f1b95d272321c7bebfb6a741a1a12cfbd928b621dd2c6c22eed49612bbbf61f34bc2989fc6645d6eedf302dad0ff40699819554ef286b99d
Score

1^/10
behavioral23 behavioral24
- Target
  
  files/smartctl-nc.exe
- Size
  
  1008KB
- MD5
  
  1de717428b1f91017ad3581b374c87d9
- SHA1
  
  06637e3a5756bbcb74145daf3ac8f26c7e239da2
- SHA256
  
  3b09b6985f7c95809d8fd587b2bd57b7786888564bf164d3f11f696c3a7c2b22
- SHA512
  
  3d63a64f1320b2f89a299837ee30d006af0929438c6a7d88a7fbc1903c9a1481196b51c0e6a727d5941bf26f6d19403423551ae8fb21ec2b62f48791a2740991
- SSDEEP
  
  24576:7Aq/FRUQmQMuPVvGxS+pIjRxhv1FaCMQOw0lSAqP+xh5Ji:7v/3UQJMuPV5R5P7MQOw0lSAqP+xI
Score

1^/10
behavioral25 behavioral26
- Target
  
  updater.exe
- Size
  
  309KB
- MD5
  
  61a7125c6dbbb61bb9f5a60b185fde9f
- SHA1
  
  ba973f15bb2dbf88b609f23bb205aa2b6d9bfd76
- SHA256
  
  f18e3a8790ce99233abdde6f23e392c98a8bbdb6aa57e03e9b3fbe48313fc1c7
- SHA512
  
  74467ecab2b4ee2a0c60a26d971172fb1c1ed6c608b9c20bfd18b4f3e3afa524f9987b64c536cb77632fb7e7f3e84299e6e5e1a66b24bf0fd08a77e137b3f3f4
- SSDEEP
  
  6144:XLtG2JogERZt3FqVNopDsTUvEKpLV/XqelWBgrM:JG2Jog6CVmsUvrnLWb
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral27 behavioral28

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Adds Run key to start application

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28