Overview

overview

8

Static

static

7

Activador OFFICE.rar

windows7-x64

3

Activador OFFICE.rar

windows10-2004-x64

3

Activador ...le.chm

windows7-x64

1

Activador ...le.chm

windows10-2004-x64

1

Activador ...ls.exe

windows7-x64

8

Activador ...ls.exe

windows10-2004-x64

8

Activador ...64.exe

windows7-x64

8

Activador ...64.exe

windows10-2004-x64

8

Activador ...to.exe

windows7-x64

8

Activador ...to.exe

windows10-2004-x64

7

Activador ...ol.exe

windows7-x64

1

Activador ...ol.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Activador OFFICE.rar

  • Size

    40.6MB

  • Sample

    230225-lfansace8t

  • MD5

    6dcdeda7d808d660c35a872284c6cfaf

  • SHA1

    d9e6b6decaa0020b67b18acc53b1faf0d2c850a4

  • SHA256

    e7ec8e39fdfb299ab485a701fa6b18853e5e5fced4360abe9a65037d3457c731

  • SHA512

    e880e0d0ccc5b3c90e07e18788e2176ac1cefbc5f7d98a2efd1cf328588a290a87e3c11c818062c79e2160cee6186bfa2636bc983664832ce41375c30a52e439

  • SSDEEP

    786432:RmSZpsuIYDHRyi5ICvdGIUZwQ9+wnL3/LYdvcTwJuPRU1Mk/2OVkXcG9QMRDgG:R7gYzr+CvdGIG/W2wJcU1leOVEcG9QMH

Score
8/10
aspackv2evasionpersistenceupx

Malware Config

Targets

    • Target

      Activador OFFICE.rar

    • Size

      40.6MB

    • MD5

      6dcdeda7d808d660c35a872284c6cfaf

    • SHA1

      d9e6b6decaa0020b67b18acc53b1faf0d2c850a4

    • SHA256

      e7ec8e39fdfb299ab485a701fa6b18853e5e5fced4360abe9a65037d3457c731

    • SHA512

      e880e0d0ccc5b3c90e07e18788e2176ac1cefbc5f7d98a2efd1cf328588a290a87e3c11c818062c79e2160cee6186bfa2636bc983664832ce41375c30a52e439

    • SSDEEP

      786432:RmSZpsuIYDHRyi5ICvdGIUZwQ9+wnL3/LYdvcTwJuPRU1Mk/2OVkXcG9QMRDgG:R7gYzr+CvdGIG/W2wJcU1leOVEcG9QMH

    Score
    3/10
    behavioral1behavioral2

    • Target

      Activador Office 2019/KMS Tools Portable.chm

    • Size

      527KB

    • MD5

      10dbb8ec509ff11c97032949631bf2d3

    • SHA1

      1b1145aea0881ecec436a8e796cd12f9e4f3c5e3

    • SHA256

      2045223b4e045bff805f1dea1d090146fbefe21d59b25ae490487dbd0c6a8201

    • SHA512

      694a59f12adcaa5a430c01d66f85011556c7406843980773bc0a6d80fbc7cd7fb6f675bd13d84e4763685abf1b0a2179a0f0a4bba05a737519076b13c2d08467

    • SSDEEP

      12288:QRd6JQvDL/v7FUmoU++qH1Wst1kOVR3NI9p4peIyFOG:w5DLeK++mfiOVRY2pJywG

    Score
    1/10
    behavioral3behavioral4

    • Target

      Activador Office 2019/KMSTools.exe

    • Size

      34.5MB

    • MD5

      7dcc580b7546be2871f978db8d313905

    • SHA1

      60d9b7541c661e83664d043f2b7f99a62b10ee84

    • SHA256

      5c2819ebc600adc7fcad0002e6056e824e1af35d1e16334e16199712850a208f

    • SHA512

      dcba8d146e8c30d61828074ceac99dfcc73d52390975df7a29aca9f277fb56ddb8d2f2b02eb99ea328cca15ef24c907f5b03fb5690f5c788e29df7581849b4af

    • SSDEEP

      786432:VMh6YzBjJ7AxVM4Hh0CBS3sHPGtHilqNngktysVidq6igVVRoVl:Kh66PAxV/Hh+3sGilqlToyiU6igQ

    Score
    8/10
    evasionpersistenceupxaspackv2

    • Creates new service(s)

      persistence

    • Modifies Windows Firewall

      evasion

    • Sets file execution options in registry

      persistence

    • Sets service image path in registry

      persistence

    • Stops running service(s)

      evasion

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral5behavioral6

    • Target

      Activador Office 2019/Programs/KMSAuto Lite Portable v1.4.0/KMSAuto x64.exe

    • Size

      3.7MB

    • MD5

      f582caac417afacd7ee7d2c2c3233e18

    • SHA1

      d2b17ebc8f15fccbbcd834693e685acef4a32544

    • SHA256

      7f4f467a8a5274cf7ae5d3565149e0eea55e0e794649d2482a297b6a37f8791d

    • SHA512

      c7ec219fec9749905facfc967b2edf9a4cc0360c3360eaf8a60ca3f17e2ed9c76b95fcf548ad833485692ae9a936d31273b757843dd61b4678104161fc03dc5b

    • SSDEEP

      98304:a+yDYXLY8M+EHZ3AX4CqvUEjQQvfnyu/Z380NKrBX/rhpxNjGg+fYl4XZaKTazJ:Vy4z2AXzojQQ3nB80QZfDu5TCJ

    Score
    8/10
    evasionpersistenceupx

    • Creates new service(s)

      persistence

    • Modifies Windows Firewall

      evasion

    • Sets file execution options in registry

      persistence

    • Sets service image path in registry

      persistence

    • Stops running service(s)

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral7behavioral8

    • Target

      Activador Office 2019/Programs/KMSAuto Lite Portable v1.4.0/KMSAuto.exe

    • Size

      3.5MB

    • MD5

      848874fbb3932941804e383c3a7df4c1

    • SHA1

      9e0a0313e6b9850d5c38066193b41c6586660d4f

    • SHA256

      ef46ed3faa5ef8cd58bdde77cc7d5547dca57e3216b7cf3d32d3b77a55c92a26

    • SHA512

      299e90b574773044319a807050cbff3219d6362258129387d79da09391442b3480bd3c6a7917ad19d15ece000d32d11abcf56ac1e7d4b0b8a06cb895a440b701

    • SSDEEP

      98304:DTgfYUkkf9GdLj1gsR7eYxSJe6KyvrFQnL39W7hSHUsNKiyzoxQyqoIEU:DTCRt+PxAe6VY39WqUssi3qa

    Score
    8/10
    upxevasionpersistence

    • Creates new service(s)

      persistence

    • Modifies Windows Firewall

      evasion

    • Sets service image path in registry

      persistence

    • Stops running service(s)

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral10behavioral9

    • Target

      Activador Office 2019/Programs/signtool.exe

    • Size

      323KB

    • MD5

      05624e6d27eaef0db0673ae627bd6027

    • SHA1

      b155c76bf59992a8d75d0e3a59dc94f24aff2591

    • SHA256

      962a92821f54a1e706aa989973130fdc1072c7bd8b9e6d11ea1050b46eb9d313

    • SHA512

      233304669aefeec9ad5d19bd2dd5bb19ea35ce31da0b3aabe5ab859259608a58725fac5993637c9635e5912138d3eb477773351f0ee81cc3ce756d713163cf31

    • SSDEEP

      6144:rGBPAy1RetfND/lq7v+OFMOrEGFWw7o44unfU0AEITfpkeUe0iZXOD:rGBYy1R+fND9qxAmD/5fbOTfvZE

    Score
    1/10
    behavioral11behavioral12

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

New Service

3
T1050

Modify Existing Service

6
T1031

Registry Run Keys / Startup Folder

5
T1060

Privilege Escalation

New Service

3
T1050

Defense Evasion

Modify Registry

7
T1112

Impair Defenses

3
T1562

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

3
T1489

Tasks