General
-
Target
clumsy-0.2-win64.zip
-
Size
329KB
-
Sample
230403-re4hcsfb88
-
MD5
c5117edad320930d14d18c1cac2a4ccd
-
SHA1
f24fdb3a44958483040387625ff1356b5721118b
-
SHA256
19042ae5e28412a8eb2dc67f4bc3b606ef04cb6f46ef72563f25e41b2bc67609
-
SHA512
62d63f5227acad5164178b281c808248a1f42675d64960ff5b68c5068e9135b7cec90df6860fea03dd3362355571960cd8a4e9ec9dbde1e3f96ce25610c92f74
-
SSDEEP
6144:u3x4Pm2PrSSfX1RwVluGaTEDTK0i8Lsjoxc9uvCYL565ZO7mTA1cX7H6TghaIoD:AKmcQ4GaTEDFjLsjoxyYdq2KaTPIy
Static task
static1
Behavioral task
behavioral1
Sample
WinDivert.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral2
Sample
WinDivert64.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
clumsy.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral4
Sample
config.txt
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
WinDivert.dll
-
Size
15KB
-
MD5
1b1284100327d972e017f565dbecf80e
-
SHA1
5b4f0c122a80478973eb6f9cb3bbcaf186295aea
-
SHA256
9444a6e6b66f13f666f9c60d1935824f61c7256e35a8cf0440e29baa7fbe42c7
-
SHA512
4ccb9e233a3573f6eded0efa8fa54ed929818394cdf2153623d902c749d37751da6f489354aa50968e53d42d5ce339f6368dedb7858a4ff43a1927b4338954a4
-
SSDEEP
384:EHGiP0PYf9pHuGvATXlQRNq/EbUKxcneWuDlE:E9MQf90GvQXlQvAEcehD
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Modifies file permissions
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
-
-
Target
WinDivert64.sys
-
Size
37KB
-
MD5
3bd5ac2e9d96e680f5dbdd183a58c47d
-
SHA1
83b08cb5e61c7b37bd710ea01196a26fc8f38610
-
SHA256
208c092fe77f161c5a313b916d73fa7f6d10dd289bab8bb5dfb3d59aacb27f25
-
SHA512
6cccd7971f423f72f5dbd01a83a2d27bb2bde63c4d1f5e127d77cfa0df85c289a2c3cd95c110ce38b58b9ea9a49aad18ae50f352ac6b21740d0294f771fbcb78
-
SSDEEP
768:R5VorUqgJs3/KtdrbYiZdNSRUYjbMUYOUaCdHUZ9fdCrYc:vVorUn9cRUuILLd07fdCU
Score1/10 -
-
-
Target
clumsy.exe
-
Size
1.2MB
-
MD5
ab358e35e579eda05f2dc3d0fff00f6e
-
SHA1
58bc12198d359d41dd085b716f71421ef6f5258e
-
SHA256
07eac49eeb0a6d8353d9ea0900850b3fa1f9d20bf70cd422a0832dae500c3bf3
-
SHA512
2802ac635d41daa5b14522ccb2157017260baf85c494084db1ded6c316fe9cd53c7d1f58affbb1249d259d2b30b7c31823a533281d3d13c45f5355b2866f1436
-
SSDEEP
12288:5IvPeeTHzsAsdNhuoSUEvIDTCbcwCymt2AbtZLemh01UW2:CvmKHzgNUoSFgDTCWymt2AbLemh01UW2
Score6/10-
Adds Run key to start application
-
-
-
Target
config.txt
-
Size
1KB
-
MD5
7479bd50ac7f2d4da31dc9a6fe4f873d
-
SHA1
a89661fa7dd3a66f2c1d5e6eb37866c312329b09
-
SHA256
3946d477154a86781dc9adfc10e18d1c0f3a3bfd214c663cde60fa7b0e00d221
-
SHA512
3d1f4fb63ca443dacf1383f1cc489efb00e016d6ab1a7e577107be5291e7de5a8445ab9b023ef3677dbb99f22b2687199d430994d3725ed553b6f1baa0adc050
Score6/10-
Adds Run key to start application
-