0b14218c7aac95a6ea56fc89ba335d53f344b0e6d7b657651b9842833cbe3146

Analysis

max time kernel
61s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
30/01/2023, 19:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

droidkit-it-setup.exe
Size

8.3MB
MD5

fae0ce67ff605887b96a5a005ada3a53
SHA1

1830f964c74a179dbb41acfe824a93b4faf7361e
SHA256

0b14218c7aac95a6ea56fc89ba335d53f344b0e6d7b657651b9842833cbe3146
SHA512

0071ff23903a01397b870dc817aea88bcff66774e8f799dec6fd8f00c736cb22c21a48835dbb730e5f37282d51da1b1de72d280294c309911e0c842dad53d611
SSDEEP

196608:By5WWVnHs5IsBwTNcYGWeHZcxvu2NAGnhzcHXgbuYEU:By0W1UIsBwxcYw5S22NVR6a

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
2552	droidkit-it-setup.exe
2552	droidkit-it-setup.exe
2552	droidkit-it-setup.exe
2552	droidkit-it-setup.exe
2552	droidkit-it-setup.exe
2552	droidkit-it-setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\droidkit-it-setup.exe
"C:\Users\Admin\AppData\Local\Temp\droidkit-it-setup.exe"
1⤵
- Loads dropped DLL
PID:2552

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsoD1BD.tmp\GoogleTracingLib.dll

Filesize
36KB

MD5
d8fca35ff95fe00a7174177181f8bd13

SHA1
fbafea4d2790dd2c0d022dfb08ded91de7f5265e

SHA256
ad873f1e51e6d033e5507235ec735957256ebeeb0d3f22aa0b57bb4bd0846e4c

SHA512
eb530b10f137cb0cdfdcd2c11fd9f50f774e0ce44e9d2da3e755f6a6df24fe6e7525c27b109e3e68e9d3e49a889937a22f4d9d78703b1055a83b8a58808a58ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD1BD.tmp\System.dll

Filesize
11KB

MD5
ca332bb753b0775d5e806e236ddcec55

SHA1
f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

SHA256
df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

SHA512
2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD1BD.tmp\System.dll

Filesize
11KB

MD5
ca332bb753b0775d5e806e236ddcec55

SHA1
f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

SHA256
df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

SHA512
2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD1BD.tmp\msvcp100.dll

Filesize
593KB

MD5
d029339c0f59cf662094eddf8c42b2b5

SHA1
a0b6de44255ce7bfade9a5b559dd04f2972bfdc8

SHA256
934d882efd3c0f3f1efbc238ef87708f3879f5bb456d30af62f3368d58b6aa4c

SHA512
021d9af52e68cb7a3b0042d9ed6c9418552ee16df966f9ccedd458567c47d70471cb8851a69d3982d64571369664faeeae3be90e2e88a909005b9cdb73679c82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD1BD.tmp\msvcr100.dll

Filesize
809KB

MD5
366fd6f3a451351b5df2d7c4ecf4c73a

SHA1
50db750522b9630757f91b53df377fd4ed4e2d66

SHA256
ae3cb6c6afba9a4aa5c85f66023c35338ca579b30326dd02918f9d55259503d5

SHA512
2de764772b68a85204b7435c87e9409d753c2196cf5b2f46e7796c99a33943e167f62a92e8753eaa184cd81fb14361e83228eb1b474e0c3349ed387ec93e6130

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD1BD.tmp\nsDui.dll

Filesize
5.5MB

MD5
c75be1de614a43dfaf861ef8f91c76b5

SHA1
7060851e690c273a2d2b41874852765be3df80d1

SHA256
2c2513335a2794a6355934b9d5a21be09d65d4476cd89434b624b07c8b98a5ed

SHA512
7c0c29bdbcde9dafc2cd1407a0b8841750a34c20c9e7e371a569f6dfd32999092221d1f371231cdea32ddc96969bab45a7f732955bb67c3272f3b4acb7c5b356

Download Submit