51d03aad9e9f8ef2282daa338adc42d8ad0ae2ef67c09bfe384170901c869c36 | Triage

Sharing

General

Target

csr-bluetooth-4.0-driver.zip
Size

407.4MB
Sample

230512-r5n6csde34
MD5

2c6a2908295c80fb516d802d373b8f76
SHA1

e2df72e76a7e8f7b936a7c76ef4c6460e763d2ae
SHA256

51d03aad9e9f8ef2282daa338adc42d8ad0ae2ef67c09bfe384170901c869c36
SHA512

d73bb44eeca5958ddfed6768e863d4d7794735a60f11433b5efd8e485d80a5d2ad46152576654af696601e4ef3460cb630896f8ed015d8b1ef39099b5b559a4e
SSDEEP

6291456:kErJCp7M6kYGrJzF1mDR4FFSMFJYokt1rXz+Du2bOxrjlp5TGi4h3D3H1hzBeO5A:k4opw5CREKtjSWl3CiQzf4I8

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  Autorun.inf
- Size
  
  57B
- MD5
  
  73130d708da8f3af1c6ddaf642e945cd
- SHA1
  
  1d3d93aecba8dbbe218b2108c82023af0a9926bd
- SHA256
  
  c4ec195fbb0439ed338bb8d9925af50e49de1b29dcb72135df7f1800db3d195e
- SHA512
  
  2e313dc001fe4c9dfcededef92ab3e1f2168f9c002ef8a0ec956aa01271bfd62fe26ef3f61aeeb05b31f774cb888c26cb0443a6fd344c8316b9337ebb2feb661
Score

1^/10
behavioral1 behavioral2
- Target
  
  Setup.bmp
- Size
  
  777KB
- MD5
  
  368f0a916240898cc18d8291643b454a
- SHA1
  
  a7875dbf874e953e7b57e3818f924721d24bd4c9
- SHA256
  
  1d6478f6da9de299e694bc76a460bfc143b8ceadf2ae1c2eab8531b48f431c06
- SHA512
  
  6679a89a00def240c867252a6685ad57e0d05e5ea257dd311ad40e1ef51ee100f7d69836e2cfc6cf2fa69d43ed6a0f514e67298b9e0b3be3786d0130d40ef8c4
- SSDEEP
  
  3072:iABE+Glkx2zJVwXWpeXjTo4k/gIWLbj/Z2kl/pYQO2APb2syir20X0nrSt/k+31f:bS+GCeVwEeny/bWHTZYQ225ir29OsLJo
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  Setup.exe
- Size
  
  92KB
- MD5
  
  86475a2101208040be3dc425121c8ff8
- SHA1
  
  e9130507efd90353ebbdbaa89d961426b522866c
- SHA256
  
  15181942b137b8c6d5f7e7f6dd8df88ccfc12b6e059f158c43c6b4a98f548b93
- SHA512
  
  a8fc80661d3707458a88001d6d7a5b33d28dbebe07244e86728f9b37a4f86f12e01192292d5444dca129fc39552fc82828b7102c659144d58264966562846c34
- SSDEEP
  
  1536:hr3ml2LZmMp0mOZSIqixdOD0F/k/8PY9f:lmkLZwzaDu/k/8Ad
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral5 behavioral6
- Target
  
  Silent_Install.bat
- Size
  
  49B
- MD5
  
  d6baa7def6ceb42310d0acf8cd5afc25
- SHA1
  
  e2df58afc62ce98ae50ab0c7b9341e4c92b82b3a
- SHA256
  
  5d449b3d34a65240274b540601adcecfe59c0071177273fe8e72614291166166
- SHA512
  
  19d2e4cb8dd473d1bf13673c2be0104409c99ef0daa1d77690af9ade1a9496bf2bf070fe9a61db03c8d387ed738e1e369abceca21080033b29dac62fbe9f214d
Score

8^/10

persistence
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  blutooth_on.ico
- Size
  
  361KB
- MD5
  
  b7ffda6bf1092ba87bf794b2b74a9e93
- SHA1
  
  1729b8c58c755e1663cd994dd63d0d10bef8672d
- SHA256
  
  f5063ff5a72b51638fba116503dc7af314fc02fd4e4fa95d22856e236d431be3
- SHA512
  
  4ac6401876ffe64ad7cf652371de95dede570c313bd4f826bea428f7976b178ad0ace02c6653a436a79689cb2f7b79f077a2c4195758a1bd32664bc21eb6d3cc
- SSDEEP
  
  384:8FzvxNz+i8CRKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK4:tIG
Score

3^/10
behavioral10 behavioral9
- Target
  
  setup.ini
- Size
  
  302B
- MD5
  
  44528114f80723e903616cf5fae86e45
- SHA1
  
  394443a8236df40a8a4a8c5f632016d15b2af7c3
- SHA256
  
  be5da73f36fb66e6854700176768ad3f83063c137237782b04f2d1f6513a1994
- SHA512
  
  ee36b50a5ed7847aa2fbe705bc2bb9209d40319450d9c5623167f52a8d5b49014b6dad9437bb883f3b905c3362bad759c97ab4c4ff618779d3607b3e57d141c6
Score

1^/10
behavioral11 behavioral12
- Target
  
  x32/setup.exe
- Size
  
  189.8MB
- MD5
  
  da0bb7868fa68de62c1cfac34e8dd2bd
- SHA1
  
  1f1496ea9f490161a1c2ee8839fdadb4a94b3725
- SHA256
  
  539e20a7820d76833a884e46c180afe925eae26940860cf3be7706ace5419e88
- SHA512
  
  708feba022827f0e3d5c7fc821dfd244ce75c35c95b8b7f140ca0ae5e07ef9af6a8e8c6f21e8169baae3e9ede4038f2300d4b482917111481236160be6e8737d
- SSDEEP
  
  3145728:r0u49gTTDzlJOf/R1z67naI26pEftQOEUO9Qa5jlDD/lKJLomIP1xzE9I9tde7Kb:o+NJwbzgaIQO/lf/lKJLiNFEa9tcO8DS
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral13 behavioral14
- Target
  
  x64/setup.exe
- Size
  
  218.8MB
- MD5
  
  cae7653e477e1bca78905f3ec9ab91e8
- SHA1
  
  59c9180f83a6a2f7b7a0292d0392b3040b75e73f
- SHA256
  
  188ac68766be38240fa9572209885a37f10aab5868c0d6661f59feadf35a4f09
- SHA512
  
  1fc6bf604a2feaea90e6fb13f433b312bf8080065275a56afd5727ceb5e168663b080660048c8ba8c49bd6794e3c859cf3836c0a30e8cf73aad6598c5f763d55
- SSDEEP
  
  3145728:K0nR2fs6Lt+8a1w8ihpPnZztqSI8mb90OlXt92wZvJ+KGtwlW9YM6Bgm/hag+:mfs6LUd1ghpNtqSwLhTZZhPprM6vz+
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral15 behavioral16

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16