9a90556d225677efefbdbcca5def7de8ab0fa06b7573deca6e5f3e14510b9fb7

General

Target

a350cd18e1b18c350088512a4baeaeb0ce8ae7e2bfae80636c61c5ba17103b04.zip
Size

1.2MB
Sample

230911-s1tqqagf9z
MD5

f47b251ce5157bea0a5eafc7c03e6796
SHA1

3f7dfbbbb5b8c493dd75ea861a8887df4381c8da
SHA256

9a90556d225677efefbdbcca5def7de8ab0fa06b7573deca6e5f3e14510b9fb7
SHA512

1f14fb121890fb6cbe74ea554fe305419faeea9d22f68038b128d87cb36d9a984be3c10d4e166c74efc9f95fc2c346f14c6b5f9bb1d96b3c45b8c3dfd8cc985b
SSDEEP

24576:ZJ4CW2bgSxtQt1i320UOa6GMYrhWRewqY/lEdHKDf1Fs3HdUUplqf:8CW2bgSxtQt13mYrhEy6qF2i3Of

Score

10^/10

Malware Config

Targets

- Target
  
  a350cd18e1b18c350088512a4baeaeb0ce8ae7e2bfae80636c61c5ba17103b04.zip
- Size
  
  1.2MB
- MD5
  
  f47b251ce5157bea0a5eafc7c03e6796
- SHA1
  
  3f7dfbbbb5b8c493dd75ea861a8887df4381c8da
- SHA256
  
  9a90556d225677efefbdbcca5def7de8ab0fa06b7573deca6e5f3e14510b9fb7
- SHA512
  
  1f14fb121890fb6cbe74ea554fe305419faeea9d22f68038b128d87cb36d9a984be3c10d4e166c74efc9f95fc2c346f14c6b5f9bb1d96b3c45b8c3dfd8cc985b
- SSDEEP
  
  24576:ZJ4CW2bgSxtQt1i320UOa6GMYrhWRewqY/lEdHKDf1Fs3HdUUplqf:8CW2bgSxtQt13mYrhEy6qF2i3Of
Score

1^/10
behavioral1
- Target
  
  do-it-again-1.6-installer_v-hiQS1.exe
- Size
  
  1.7MB
- MD5
  
  41ae06d18ed5af6e6a0a4568b6bb7cc4
- SHA1
  
  b5d5e7e8a951e96e88215ca140c04b892e2d53de
- SHA256
  
  a350cd18e1b18c350088512a4baeaeb0ce8ae7e2bfae80636c61c5ba17103b04
- SHA512
  
  81228bac5babd3c602804bea5e1c1f9c4d97ddb7896aec6bcea14ef8cd34b83c5ddcc63a6c3a257698910663e2dfd85355a461ea5d02ceefaa2e25cead16c166
- SSDEEP
  
  24576:Y7FUDowAyrTVE3U5Fmi05np8tydyPaJPfrT90eKc4cgFLNPfs8duMpmsDGB:YBuZrEUOp8odywPH9RHgFLRdp/M
Score

10^/10

bootkit discovery evasion persistence spyware stealer trojan upx
- Suspicious use of NtCreateProcessExOtherParentProcess
- Downloads MZ/PE file
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral2