Overview

overview

9

Static

static

7

MONITORING/AAct.exe

windows7-x64

7

MONITORING/AAct.exe

windows10-2004-x64

7

MONITORING...rk.exe

windows7-x64

7

MONITORING...rk.exe

windows10-2004-x64

7

MONITORING...64.exe

windows7-x64

7

MONITORING...64.exe

windows10-2004-x64

7

MONITORING...64.exe

windows7-x64

7

MONITORING...64.exe

windows10-2004-x64

7

MONITORING...ct.exe

windows7-x64

7

MONITORING...ct.exe

windows10-2004-x64

7

MONITORING...64.exe

windows7-x64

7

MONITORING...64.exe

windows10-2004-x64

7

MONITORING...et.exe

windows7-x64

1

MONITORING...et.exe

windows10-2004-x64

1

MONITORING...64.exe

windows7-x64

7

MONITORING...64.exe

windows10-2004-x64

7

MONITORING...to.exe

windows7-x64

7

MONITORING...to.exe

windows10-2004-x64

7

MONITORING...ls.exe

windows7-x64

7

MONITORING...ls.exe

windows10-2004-x64

1

MONITORING...ne.exe

windows7-x64

1

MONITORING...ne.exe

windows10-2004-x64

1

MONITORING...64.exe

windows7-x64

1

MONITORING...64.exe

windows10-2004-x64

1

MONITORING...up.exe

windows7-x64

9

MONITORING...up.exe

windows10-2004-x64

9

MONITORING...ll.exe

windows7-x64

7

MONITORING...ll.exe

windows10-2004-x64

MONITORING/w7lxe.exe

windows7-x64

MONITORING/w7lxe.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MONITORING (6).rar

  • Size

    90.0MB

  • Sample

    230328-mx4tmacc2z

  • MD5

    1c2f15f6031662aa589de57983bd3f94

  • SHA1

    d692b467c5ba3e0321b2e820c2e85b543ef8b020

  • SHA256

    4c159bbb7e70d14219149da98c469ff60289ccf7f69d5efc028df1acda963294

  • SHA512

    b5f69bc885ba925d329d0e16917003ff3bfb8c50620265ee94ddc1b68489c78a8a9c8f9b47fa8ca5b40b26a4849b07731a9a468aae6a2d8aa6b19760b73490ac

  • SSDEEP

    1572864:VUdRkGtY3BUOIhRgEWcZNzrPrKgt6dTsnmBNAYP7i0zrAAvUjpRKN6io0A4ERiHf:oRW3BJ0WwprPnt6dT9OYLrAAvUlRsndv

Score
9/10
discoveryevasionpersistencetrojanupx

Malware Config

Targets

    • Target

      MONITORING/AAct.exe (MONITORING~~2826756)

    • Size

      1.4MB

    • MD5

      4b1e7ef6c4f5675b3a961b11deeb0a7d

    • SHA1

      a97c8ba7d1a82f7d8f38687837724d54605735ce

    • SHA256

      e833535c088223f196a461c6be033c3adcf06b61e3268cf153fb368d037a8c88

    • SHA512

      48aa77ca047c5c0911e0dc96d6f4afc71d08232c51349be710b2ec32b2e84f3230eedca9ce71b4a6523b03b2667e1447fef54d69c0e3ecc5c9aa16a94a5c17e2

    • SSDEEP

      24576:cJnhO6j2fnf9MMkk9M/VX3DBTAjD/mtM7aXj3Ws73Yjm8/dzYfTFaM33BKHiza48:cJnD2fyR7NHNTAfm22X/73SUfT/8CLUt

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      MONITORING/AAct_Network.exe (MONITORING~~2826756)

    • Size

      1000KB

    • MD5

      6ae88e1720adec3bafd020c7372a0b9b

    • SHA1

      ba93542d47973e6663ebb168c28eda950746bd4f

    • SHA256

      75f960c9e48475460f32396356a19319095b897176b9c0dc7b13eca7fc76131d

    • SHA512

      ada0a89b8daac179d5db1561f43ffcb476260ad8249c278877d7f6ac5bd8d42d6ce0d86be10caff9d095b20aaf08ccfb23ea310be4c652748eef46cbae4f204b

    • SSDEEP

      24576:mz7B/aditE/8r1GDWVtCD8fCrs5RHXggJagJKhF+XbnmJJ2lGoX2:6aKr1GqV4D8z8rumJJcGx

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      MONITORING/AAct_Network_x64.exe (MONITORING~~2826756)

    • Size

      1.0MB

    • MD5

      f5142685d2343a7781df709c4872e085

    • SHA1

      9bd0d88cdc53ad8b7e756a804ce7b786a933f16b

    • SHA256

      359bb524c63187053329435be492d16ba11701607ee965127d967ad559f63105

    • SHA512

      0ca36b6d6bd192f59df0dff6cddb971f78f57d403778300392403154af4e09653e8d1bdcd97c25c564012937b5fb9887ceb1caf80e84dfd0501f020cfaf2db3f

    • SSDEEP

      24576:4Iskb4J9Vu4aP5TJuGnjIdMA+yWRaDE6104M7TJi0KttGE7+vbsE/:4Iu+5TJuGEWXR2ErYttH7+vbsU

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

    • Target

      MONITORING/AAct_x64.exe (MONITORING~~2826756)

    • Size

      1.5MB

    • MD5

      077734911b1afcaeab423eb792877a92

    • SHA1

      8a71b83da14d3651151aa52b8218495096442753

    • SHA256

      93de3f95b785da406cecf79ba100c05566ea94ea02bdaafbaaba4db222191358

    • SHA512

      903d6b1fd4a9493785a328de4ffe2137c76ef92c74619f3d20cb959a454f34fe962c7ab46ba15a388fb56127a145549db4f2e021c897bfdab71b34a430278c02

    • SSDEEP

      24576:mqbgR3oSF0TA1rKBvHEX54rM+94V3e94s5I5VT+OkHt0hzk7NrvE8geI/c0xyFND:/bgadHEX5zI4Je98DyVHyJk7pvZgeocj

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral7behavioral8

    • Target

      MONITORING/ConsoleAct.exe (MONITORING~~2826756)

    • Size

      790KB

    • MD5

      805023934af47f648ebef6c2796df2ab

    • SHA1

      9472209d974cf4e5f49287c842aa20faaf7ca119

    • SHA256

      68bd2052590b0c1315c04a51a07145b5738ad4b2f325c35254da1b479d1134fe

    • SHA512

      16d276a69a5207421969aa9e6fd38e00e81559429b855a754c95777aedf08aca6c9d0417dca3ca5e5d64fdad8821f16a8c85d04fdd9bd3c82ca08e7d33a30dd8

    • SSDEEP

      12288:BnYZ7IIsilpn9zdBTeofvPsCJhvN/MyFuT781KXMBbd+3NJCrWefrBJj9cxmllJv:umIFnNbTfsCllgTMbM9JCi+lJxVllJBF

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral10behavioral9

    • Target

      MONITORING/ConsoleAct_x64.exe (MONITORING~~2826756)

    • Size

      850KB

    • MD5

      ff16fa518424449fc5ea18d28b84a313

    • SHA1

      40dd4a25e9f68abd7143fd86827a354dc1282478

    • SHA256

      ec33f403e19bc16939721dc53dff60cd1d273d19d13ad7664c70cd1aa9fc67e5

    • SHA512

      c1bf236d7da6eb3a2cf61d60b64268f0f1e7e40e4296008c66e0aee197ea1228575516947c2847212f436d7435a6877fa4c30d5dbe460afc1a4d35816c4e6897

    • SSDEEP

      12288:UYDeoRpLleMY6VHjjb/NDqIzlxHgR8b1b/JWKbesDcPYtc6dC3kSk9cROLpgb/Oj:PDg+hDq2jbl/36lQtcL3pqntgjOFD7p

    Score
    7/10
    upx

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral11behavioral12

    • Target

      MONITORING/KMSAuto Net.exe (MONITORING~~2826698)

    • Size

      7.9MB

    • MD5

      c44b78898b8d24bc78acfc47516a3287

    • SHA1

      6ff02050cbd5cf8b2bccd904f5b7f91020c2fea3

    • SHA256

      896388e05507979e3eb8c445d2475ef2b57a5519f6edb3aba8ac92c573e11a1a

    • SHA512

      d8fc6154c2214d003fffa8ca688e01f18a516ff80a3b59e97885d013d932d186594157ca8350cb6212013df16d903d27049ce0bbf4fe718b1aeec0fd196f5f25

    • SSDEEP

      196608:VsfOywCAfywOweqyw3ywsywXywZywnywZywBywEyw4ywwywmIBywyywsyw/ywiys:ebwCAqwUnwiwxwCwUwywUw8wJwVwtwiB

    Score
    1/10
    behavioral13behavioral14

    • Target

      MONITORING/KMSAuto x64.exe (MONITORING~~2826756)

    • Size

      5.0MB

    • MD5

      17cbc60522bb2a9e4dc245836a1da52b

    • SHA1

      3932e9571e250025201170ae22000c369cb2e5e0

    • SHA256

      b839e6f4a6d6facd4194c8ca856a9876d31c355c176daa2a7b3917c4b7aa9f4a

    • SHA512

      45fac02b05d3f4d66c11a10e2ef6486b22293747b51dbce9bb7e597c09aab247a93c95fd71c04c369f7f636cd1d11fb670bb0d41c87f28acfe3068ab51eb4cbe

    • SSDEEP

      98304:aojpJWpPS0r5LIbGVrVDFlP7Z8E68VA4DBfT8QKfw6aFhTUzDzvh3/RVJeNnmk0g:bar5UKV5NJ8slFUzvpZSyCt5cjED083l

    Score
    7/10
    upx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral15behavioral16

    • Target

      MONITORING/KMSAuto.exe (MONITORING~~2826698)

    • Size

      4.9MB

    • MD5

      dbfb5e6381185dd6ae408a9e9e972fb4

    • SHA1

      e4a333afe159ae73f751feb5cdc3e2957396a2d5

    • SHA256

      6fce8010511d2b513d5589a148b52f0ce33083dec68ee23463300ad15cc6dd7e

    • SHA512

      1e2e7c292415fe9b5caa7e926447f3c37a394aa648da030c2c15baf4716b467f45d3be23c016dd4685ff23ec901db9a1a575c2cf465b81a125eaa534557d1c04

    • SSDEEP

      98304:eFB6kaAoFRjuJpuJtY1Gd4a+VlOVZxQpuafa3sKkqQ9hE3xEUYVnMnSH5hXiJ/3o:xsSaf1olqCZfv8JusnZbiJEd

    Score
    7/10
    upx

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral17behavioral18

    • Target

      MONITORING/KMSTools.exe (MONITORING~~2826756)

    • Size

      49.7MB

    • MD5

      0374f0a43b137d8640ee9ea5502adbd6

    • SHA1

      4c0ebbb5a792095bd4c97ef53b678ecf2f3b2a2f

    • SHA256

      c426c9ca4d6ba301fc3b29046b5bf71ea3fa91c640694189bbc2ca18f50d4771

    • SHA512

      459b6d109275e575373af471fa135930589c63dafd3d841ca9e9543c67ecc599133d05476e845a099e5466eb57d63c80b1da747dbe5dc9149f37aec91429478c

    • SSDEEP

      786432:Yn056Yd/uqioyIHdw7LnXI6K9L3co2VTfZ8011xshNpJXjEQ0yTM9Arx+Ksm7NAd:W056yyDTXI1mYwxEBoQl5r7NAfYo

    Score
    7/10
    upx

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral19behavioral20

    • Target

      MONITORING/KMSoffline.exe (MONITORING~~2826756)

    • Size

      3.2MB

    • MD5

      6d5ce77a31a77f3429d7d67044ad3c13

    • SHA1

      1b23ab675401baa5c0e9ce5af0ef1262f367e53a

    • SHA256

      fbc2c17443e516cd723339ae68001131c39f3956143d8478bbbc210b266e6bb9

    • SHA512

      f042d5f2d3954efef11561009d92850fb0f2aaa8f83677a5f942940ee382d062f67fd59c2c4d5045823b2c3d5170878f03c9eac0c679e53cf0deda822a47e52d

    • SSDEEP

      98304:SF7gau1BksbBid/EN2v0fdZptWY1bfdTiYR:S5ga0ZbXMIdjk8d+S

    Score
    1/10
    behavioral21behavioral22

    • Target

      MONITORING/KMSoffline_x64.exe (MONITORING~~2826756)

    • Size

      3.2MB

    • MD5

      1c8049fe73aa869e8040258f41916490

    • SHA1

      0cb2769363d2f8d47352120244a3095dd586c531

    • SHA256

      ea8729fbadeb78d2eb83a4e0f230c2f82fb5e22712844f6f228f0b25806581d5

    • SHA512

      c5502e7d7d4f44a24c4a9b84bcc03a1aab953af7123a85479164f0338b63583683dd0deb241877ed681c317c296023a07ec557a25b0d9e4490a93cf4fdceda6a

    • SSDEEP

      98304:VAiAdSWYkjEayfaJnyb5Ssk+dSbhqp8HYiips/8/:VAiA/YkjuIMSHFqi4iips/Q

    Score
    1/10
    behavioral23behavioral24

    • Target

      MONITORING/MSActBackup.exe (MONITORING~~2826756)

    • Size

      606KB

    • MD5

      2246bcdf9c6f77e6f5a8ba98c16666a6

    • SHA1

      dc05882dfea474d3705dd25d0456988274ce4302

    • SHA256

      c6fb36ed2fab7cc2e1da55ac27342dc5438b358333eae15f662239a1d3a3324d

    • SHA512

      a8ccd4a51d1242658766348aeb2ae36157bebf0b5febf54caa140e1ace8da9ddcb3a9d9ea6b9a96200fb1682a13b9a9cde66d6ab562647fad2d033b7fdbf117f

    • SSDEEP

      12288:P93bWrrt23AAc5HAguaco6+JuQaZn1pTrndsyiIAIieYvxzMx6L:PdbWrB23NcNE+J4n1pTyfI7+

    Score
    9/10
    discoveryupx

    • Nirsoft

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral25behavioral26

    • Target

      MONITORING/OInstall.exe (MONITORING~~2826756)

    • Size

      9.9MB

    • MD5

      b1a87ff09fafb077c10fb14702d86ff1

    • SHA1

      96bc080f6a39a23961cbdba764177fa38b937776

    • SHA256

      c912576d8953b1f41d32957af9c1a06899412bc1dbbbcb603fb9c0ad1d854204

    • SHA512

      5b4727da2dacc683026001067f26c5ad079e9979c64d36d92909add5ba308f41b795b29477f738617800c864bd388cffe98fad9d826a8447416a592c09f16f98

    • SSDEEP

      196608:xs8IffMlrtdW6AUJSjUjsMrG35LlpiFi8oULkWZlftsc1ZMihDOnc6ACqcq2tA5M:FcMlwCACaJioGkmBD7wnc6Ad8e5M

    Score
    7/10
    upx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral27behavioral28

    • Target

      MONITORING/w7lxe.exe (MONITORING~~2826698)

    • Size

      26.8MB

    • MD5

      8f9ccbdb647d6a7ff0c693a2700727aa

    • SHA1

      5a703b7fd91ade87e63ecfe890e49761d596b1eb

    • SHA256

      9df418c9b62ae059279babe614a6649d7a714ef12c06f11f104f33155d7a2b7d

    • SHA512

      1a2311734d5bfffd951fc89a0970c05b46b8fce46e1de86e1d47fcd83e443740dd64a0d08acbc70969deb8ae5dd993c4d358c47ad0b90e3e60d32b5e23bfb10c

    • SSDEEP

      98304:9IdrOBfemFW48xf3GuhskSsY3erhsmJGg/NgLgbB4m8mcic:bemCfWuCkZC0sepB4m8W

    Score
    8/10
    evasionpersistencetrojan

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral29behavioral30

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

5
T1112

Install Root Certificate

2
T1130

Disabling Security Tools

1
T1089

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

upx
Score
7/10

behavioral1

upx
Score
7/10

behavioral2

upx
Score
7/10

behavioral3

upx
Score
7/10

behavioral4

upx
Score
7/10

behavioral5

upx
Score
7/10

behavioral6

upx
Score
7/10

behavioral7

upx
Score
7/10

behavioral8

upx
Score
7/10

behavioral9

upx
Score
7/10

behavioral10

upx
Score
7/10

behavioral11

upx
Score
7/10

behavioral12

upx
Score
7/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

upx
Score
7/10

behavioral16

upx
Score
7/10

behavioral17

upx
Score
7/10

behavioral18

upx
Score
7/10

behavioral19

upx
Score
7/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

discoveryupx
Score
9/10

behavioral26

upx
Score
9/10

behavioral27

upx
Score
7/10

behavioral28

upx
Score
7/10

behavioral29

evasionpersistencetrojan
Score
8/10

behavioral30

Score
6/10