d4230cae5c3e1b11fca61a711e7f3886088f6728858108a6811670aa3616a57b

Sharing

Copy URL

Twitter E-mail

General

Target

KMSAuto-Net.zip
Size

10.7MB
Sample

230704-w6p69sgb75
MD5

386cb87e6430d914820d793db19d7d33
SHA1

160a3788d24787fbf1c7579ac2a5da2d0ae8e25b
SHA256

d4230cae5c3e1b11fca61a711e7f3886088f6728858108a6811670aa3616a57b
SHA512

e50a7610633384378d1e4d547554e791424fd19342c83ea2cc83348c1c0d7199a467bffe3880c2ea69dc2e783c61779e15c3c4490970d5def68d1df9d51a6011
SSDEEP

196608:qpAtZ+U7OeubvGx9Y9oFMmtcdV0wvnZDsuKYqCVtIlehIuoOCYgM2cXNAOQ8JWcC:qpesfvuw2FMmKwanBsuYLu8Yg/Pl8JWJ

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  KMSAuto-Net.zip
- Size
  
  10.7MB
- MD5
  
  386cb87e6430d914820d793db19d7d33
- SHA1
  
  160a3788d24787fbf1c7579ac2a5da2d0ae8e25b
- SHA256
  
  d4230cae5c3e1b11fca61a711e7f3886088f6728858108a6811670aa3616a57b
- SHA512
  
  e50a7610633384378d1e4d547554e791424fd19342c83ea2cc83348c1c0d7199a467bffe3880c2ea69dc2e783c61779e15c3c4490970d5def68d1df9d51a6011
- SSDEEP
  
  196608:qpAtZ+U7OeubvGx9Y9oFMmtcdV0wvnZDsuKYqCVtIlehIuoOCYgM2cXNAOQ8JWcC:qpesfvuw2FMmKwanBsuYLu8Yg/Pl8JWJ
Score

1^/10
behavioral1 behavioral2
- Target
  
  KMSAuto Net 2016 1.4.9 Portable + 1.5.1.zip
- Size
  
  10.7MB
- MD5
  
  146c2759347e0d52625ccb4076e97ebb
- SHA1
  
  37a5e26c83cdd143c9265ab454196a4afc6ff79e
- SHA256
  
  322e6e04db88aadba5ef0c92ca471f2a11046c1884dde3d3fa05c35f3418ef36
- SHA512
  
  153e4f15a45d08c0dca2c47f209248b9e05b4318b30a74a5a0f62af4f57afa5a0eb8d236147bfa9a6ff5de324db167930fc25f0a50ab0702435da9d95271ac27
- SSDEEP
  
  196608:dhAfd4e3KegPHGl9sDgXWEtydP0QLFjReeoSuANd+BOJMuMmeu2iOQhNO+Qu7Yy5:dhe2lnmoEXWEw+8FFeeKduuu2hztu7YM
Score

1^/10
behavioral3 behavioral4
- Target
  
  KMSAuto Net 2016 1.4.9 Portable + 1.5.1/KMSAuto Net 1.5.1.exe
- Size
  
  8.6MB
- MD5
  
  93a3a8ce440197d31168fac569082937
- SHA1
  
  fad3066803a1ba8f9cb8bb7d1969eea0398b5ea0
- SHA256
  
  22ef521964080e77d7006f9341d720683fa98409361c62a7bc4fe81ec474b1b2
- SHA512
  
  08efe7e24d8d9e484d39c1381421c3fbbf231e46a5ac33c22bf3735a06c4a3d278a752c25afeb4217cc663a6c6955a55985056a7d5d5142e57c2ac5d99e5d0c8
- SSDEEP
  
  196608:OkwywCAfywOwe+ZCcyw3ywsyw3ywZywcywZywBywEyw4ywwywmIBywyywsywcywy:3wCAqwU+ZowiwxwiwUwBwUw8wJwVwtwF
Score

1^/10
behavioral5 behavioral6
- Target
  
  KMSAuto Net 2016 1.4.9 Portable + 1.5.1/KMSAuto Net.exe
- Size
  
  8.4MB
- MD5
  
  2fb86be791b4bb4389e55df0fec04eb7
- SHA1
  
  375dc8189059602f9eb571b473d723fad3ad3d8c
- SHA256
  
  b8aec57f7e9c193fcd9796cf22997605624b8b5f9bf5f0c6190e1090d426ee31
- SHA512
  
  3230ab05eb876879aefc5e15bb726292640c1ddf476e4108f5c8eed2f373cb852964163ccb006e3d22bc1dc2f97ac2db391af9b289f21a7b099df4c4dd94ee38
- SSDEEP
  
  196608:wokKDywCAfywOweBzcyw3ywsywDywPbywgsywZywRywxywBywEyw4ywwywmIBywI:FywCAqwUBzBwiwxwGwPewgxwUwswMw84
Score

8^/10

evasion persistence
- Creates new service(s)
  persistence
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Stops running service(s)
  evasion
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8
- Target
  
  KMSAuto Net 2016 1.4.9 Portable + 1.5.1/readme/readme_bg.txt
- Size
  
  23KB
- MD5
  
  d6761e218d57b85236345f74ea44a684
- SHA1
  
  2ce086119d49b752d31c06559e3714e0c8902087
- SHA256
  
  e03107d2dec7eb59033b4d0cacf9dd320c3be1d9389295f87f069e667f138201
- SHA512
  
  ac6d3b695394019e60f51c007ec545d3f8d8e171e80be3d31d3618219af953b24a34782a65f97ac08badc2ebea42d8035fd0c18dd1a0bf59df0f7c753562649c
- SSDEEP
  
  384:hjtGVFvj2k/YhzBB8AwYtGEWZMZh5pJ3+cOZQXw/sDYXmhuVIrkCAnS7pdh1hzBl:whMjGgFwUGIrpA0f/QiVQ6
Score

1^/10
behavioral10 behavioral9
- Target
  
  KMSAuto Net 2016 1.4.9 Portable + 1.5.1/readme/readme_cn.txt
- Size
  
  10KB
- MD5
  
  67fa7b665e63269a86043aba1c462efa
- SHA1
  
  9ea5beb02590054ccd20f8692c5d90eca1916db6
- SHA256
  
  752d7ff42c648afac4d40a418512db6e49896fa24bb1949442ddf50ff64b01aa
- SHA512
  
  c0e8c659680e31f3670d7359e94aa70c23a86644e0a1b02f8912f10515f8a5322c422a4da5005080ee0068b59051e2ce2436af497f708aa14ca58dbc0438f3e6
- SSDEEP
  
  192:X1+SEqLYTMI9rFLoOIaCkIukruzwBExwlwj8xKwKrTVjsyn51KKV1+QA:XUSr5QrFkOIzkvdznxwXxKwKrxs6gd
Score

1^/10
behavioral11 behavioral12
- Target
  
  KMSAuto Net 2016 1.4.9 Portable + 1.5.1/readme/readme_en.txt
- Size
  
  19KB
- MD5
  
  2a710ab80a87f13f5aed664d04e5c6a6
- SHA1
  
  959a66d789eec2c67568afea73010e196e32eafc
- SHA256
  
  f9f41a1adf235066f7b1c477cae36a7ae9c344e7def7059a9148e74669809924
- SHA512
  
  ee7936416c53b5b8ea2123e8f76b5a8f867b99e068870632465117a2cbbcdf74afda0b470d62426cc06105717d49e332cdb66fec6907e382b0a3e5b310e8dc8d
- SSDEEP
  
  384:XvMkrRuNAr388C3I4IrkvAnS7pdW1hzBMWTpL/f3Yy:BIN08VIrcA0fEQiVQy
Score

1^/10
behavioral13 behavioral14
- Target
  
  KMSAuto Net 2016 1.4.9 Portable + 1.5.1/readme/readme_es.txt
- Size
  
  20KB
- MD5
  
  a99b01cefe99e1dbce3285f625320a43
- SHA1
  
  85e2e453f507ebe00487f63dcc5e0fca76b355b6
- SHA256
  
  8b422282263efc65c9f688f78632d8f931ac27e58fafcba49a7a9f1dce012d1d
- SHA512
  
  f0b8e84c8ee81ab30acf48ab20f9720da21cd6412e3e973ef49fde7b902e96f69d4a5df6a3b23ff4e1eb3877ba5c001fc93888a299fb98434c328bc5ab989b5f
- SSDEEP
  
  384:X6TgyLvJ7qoIeV83gX2fNBtuhtvyTzUf4c:mh75cQX4ZAvEzUfZ
Score

1^/10
behavioral15 behavioral16
- Target
  
  KMSAuto Net 2016 1.4.9 Portable + 1.5.1/readme/readme_fr.txt
- Size
  
  21KB
- MD5
  
  474fb9bcc634ea9bc1f2b77382a0d03b
- SHA1
  
  97b2c52a58346a616fe6199878139d2c2876606a
- SHA256
  
  d0b8bbe89016b3e05ff1c376c9a3cce7ca2e4070bffc11bfd9a91808b6dc060c
- SHA512
  
  34d94e3081deaaff8d34d622c37df5f5c17552d6d3a4b2dfe97c8c97706066fb4a113b60f41a3cd00872d41466d18318b97a3b412357e0d48b6df83bda5591ef
- SSDEEP
  
  384:X6oFV/C6dsWmdWNYIG7U9h6kk5DrRjvHn7q8pPh2hZgKE:tJ3CsYIiU9hkF+P6
Score

1^/10
behavioral17 behavioral18
- Target
  
  KMSAuto Net 2016 1.4.9 Portable + 1.5.1/readme/readme_kms.txt
- Size
  
  717B
- MD5
  
  352709b6aed3902d4399f6615a7a7e70
- SHA1
  
  461d08befea3f5cf351297a1e656fdf3622308d5
- SHA256
  
  d3bef0fef19603b33b86e1ca431a25cb8a6df047058e073bbf8bb931533217aa
- SHA512
  
  e4ef87ad672ca3861a26a16da8016e534a7b9262ad58e3acb26eafc034ad2bf417d743f3658b4c97be0b0f8b5ad5e660ba78df855862cd80977c428db879b845
Score

1^/10
behavioral19 behavioral20
- Target
  
  KMSAuto Net 2016 1.4.9 Portable + 1.5.1/readme/readme_ru.txt
- Size
  
  31KB
- MD5
  
  9024969540f646d708d921640a9b98a7
- SHA1
  
  bf0609e7ab09d9e99da2649246536899a8f61c12
- SHA256
  
  996076e53f85fc0c818d09c97902864eb2cbb0e58d519c795ceab09308749a91
- SHA512
  
  318b9396a6564863336d9a71d980e68a93700fe33aa9b2f4a5b5780886c430cc8542f10b7f2781c77acfd2736e7da2e829369c1a7cd38bceca1debc055549d71
- SSDEEP
  
  384:hRf9ICniQFojHvVTWdCGe345h1Nod3BMViiasTa48PfE1HiPKTEDLJeGlqakxwXV:lpe34Juadama4D1HGDIGHYq6e
Score

1^/10
behavioral21 behavioral22
- Target
  
  KMSAuto Net 2016 1.4.9 Portable + 1.5.1/readme/readme_ua.txt
- Size
  
  31KB
- MD5
  
  d2dbdcdd45db12313a758f70f3214cfb
- SHA1
  
  2a1dfe43209b50d900273985e3eb6dfaa7414e92
- SHA256
  
  4e6e727f2608abb0bdce88395952f32088c94cbbfd46ac3fe332705ca02f484a
- SHA512
  
  b63b3679052339e02139f2aa9b97432af7bd0c2942265b7b0b829b1af8267bb216ab43058b3ecc172ce37c0211b128a9b78d72bc9ac23143191a1e6289c71cd0
- SSDEEP
  
  384:Xc6B2G9HQ+QZgJC7zxBa4c/JupMzoUjJMpb7aWD48+fe1z06k2emAZetQI6N/2Z4:4BU/8nvaWD4W17zSrLfIpKh
Score

1^/10
behavioral23 behavioral24
- Target
  
  KMSAuto Net 2016 1.4.9 Portable + 1.5.1/readme/readme_vi.txt
- Size
  
  23KB
- MD5
  
  a97e744273bb537de38cdcbd6650dd93
- SHA1
  
  fccf6c70c2ca372508b115b07fa00b34230c77a5
- SHA256
  
  c7c77fdbe3fb105dced5f1b77b37748be411361e39204c28c9d878c5467fb86d
- SHA512
  
  be07153013b39848325f0eb341ad155be754ed4ed0073bff3c3eb0f1f677a9f0acd342db1948852a7f4bf5a6ca686482831a94a420342258763abf9b87c23d65
- SSDEEP
  
  384:XJGX769fN07qjj/P+upP5GjVL4CjBkIrkyMvTz5JUb7uwTYWTuG4WJfHnFz:W4VKsGupPWVLL+IrxMvJiTT2WBh
Score

1^/10
behavioral25 behavioral26

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

T1059

Persistence

Modify Existing Service

T1031

New Service

T1050

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

New Service

T1050

Defense Evasion

Impair Defenses

T1562

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Tasks

Sharing

General

Malware Config

Targets

Creates new service(s)

Modifies Windows Firewall

Sets service image path in registry

Stops running service(s)

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26