3ee59459573b3cd30af648d4bc46e81d0350d6dda15dce3f45ca3a1a835ff608 | Triage

Resubmissions

07-03-2023 13:26

230307-qpnn8aab39 7

Sharing

General

Target

5706445480890_Metrel HVLink PRO 11.8_Elma.zip
Size

21.8MB
Sample

230307-qpnn8aab39
MD5

6d86ddc5899196cf1c4ce558cdd07b7a
SHA1

ed7a279a2fff328d972d0522d5483d3df9113740
SHA256

3ee59459573b3cd30af648d4bc46e81d0350d6dda15dce3f45ca3a1a835ff608
SHA512

e81164650f1f9bd3c7890d223504674b2893156f5d4e7f534dadebba94f8cfdfaf2d5b5003399ffc0aabe52d62c5f92f05d3e701d818a4df303540fb0947e0de
SSDEEP

393216:vru3We6R64qGF9O4CN0JSMc/nMBYWKImvnk9ba8YUktMvPpTWXrRkT3d9fV:vgWecN97OqSD/nCIvk9b8Rty2otH

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  HVLink PRO 11.8.exe
- Size
  
  20.2MB
- MD5
  
  384387b50491c9e3529266208dc71cae
- SHA1
  
  c26179116c0580ee4948609cb26eae9a375a1212
- SHA256
  
  4b90f2d99230bdb928785f4cc579cfc81f49a4dfaff105ef54177978568237a5
- SHA512
  
  8dfefe451ab2789ea6974c9731e15703cb17b1c6fe48a423cbcd417280ead84fab50ad81e337c94204a455a45e5447bc4e9ceb84f07b9c4037e587c51a0bed40
- SSDEEP
  
  393216:DC84hfEuGvUiqu1BEIuZCYHkiu5NGzuEgwQ1f8z9myu2KB6nE:mlEua1XjEAykz5NCW1kz9KNBN
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2
- Target
  
  ISSetupPrerequisites/FTDI VCP Driver.exe
- Size
  
  2.2MB
- MD5
  
  6393d7cb4a0e2dc6460eaca993cbaddf
- SHA1
  
  aff6653a6467417b0f6eabcc6b052788bdf110bc
- SHA256
  
  b4aa2c9fe26265c8ed02f3e6d102cc32e9cb7fa468756a47d5d1e233f50c3e09
- SHA512
  
  4e325822a50017a96c813c4ef26b0fbe31d2ac73ae6ca7796c7598240efa0829f0e6329b052082ea0cf90dc6229295c3fe879b31ce90f01c47c34229effd88a8
- SSDEEP
  
  49152:7Hmu9sF1YC1PfV+FYroTz50Tns60FAnGf5nzA5hCZmnoI:CuuFfJY2roTl0TstFz5zAjC8oI
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  ISSetupPrerequisites/PnPutil.exe
- Size
  
  18KB
- MD5
  
  dccc6a62cf3bfe34260bdf77b10b2d39
- SHA1
  
  e3ab64117700a1109b933858f196b47b76b0b2fe
- SHA256
  
  c7b9241a89749efa34e1a7692673251c49d9f255df705030e87047490db8c35a
- SHA512
  
  02f5da3a56e195106c2bb7bb25495649443fe24ab58c78d250ee6770116441314652aadc63e5285c02945f8a3fe2aa908afd9100a49468cd3f67fc5f562dff13
- SSDEEP
  
  384:YeVncsNSNcEiQT9EG4rFpqXCQIwYB6zfLyyBew5YWRTxvWa:JFzFQtfGwemF
Score

1^/10
behavioral5 behavioral6
- Target
  
  ISSetupPrerequisites/USBWin8.bat
- Size
  
  72B
- MD5
  
  306d0c087795c34e27308a787947d130
- SHA1
  
  9399a7fec392844973ef5ed3c2b7dda46c4f0578
- SHA256
  
  f661626802bc4cf3394cee22c991a272fb083dd8f856279798b7b097c2336b53
- SHA512
  
  d333ae68c2127191fb3e9a6186217360aab8afe7e2bf2b5df76db596440fabd32e50c315edf33593a4964bb6d323d56d3ed5fbf9324e172555e8e672e3a0c997
Score

5^/10
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  ISSetupPrerequisites/certutil.exe
- Size
  
  981KB
- MD5
  
  eadd825bb96f91424e4e679dfd318b3d
- SHA1
  
  ad4e6ed2db0cf771d37946593e162b8d459f6407
- SHA256
  
  881f5b30b09115f476a561bcc624be0a2db64edd113dec00d8e44a2c5bc43773
- SHA512
  
  660543649c903e5891ddbb402905bd73cc8f6ae2943b2c931b3b25bd84a48a50c86cca4a946ae99a389c0dc78552d1017f3e63067df18fe76f836f94529486b1
- SSDEEP
  
  24576:lyqTLjkPYjoY9cGow1qbGJW7FWyVr9fHUVRnc6RyYvyFZCEUxTq2aM:laMqKEpMAZCEMTqpM
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10