General

  • Target

    DancingParty.zip

  • Size

    2.6MB

  • Sample

    230912-wyhr8ahd64

  • MD5

    2a369e34ad211d5dd72b39b5b34aa41c

  • SHA1

    ece4ab11a8ec3ff89e25882230e6843be9fad87c

  • SHA256

    b76c29329ab1e6ad675dd8fdf34133da6d5d1da410b654fef9a7ca4c780f4e0a

  • SHA512

    8537e69b67e3fa0f97e93edf83289631116ced8779bfe0c82f0eca94a68818ccdaebade3d131806d43c001232b78051104b162d4c31e6d3d4fc0f9bc404e4ac0

  • SSDEEP

    49152:RcqtEwZjZgN989SQ5PWZMB1qEzda5D/GatWTjvE/OOKnzUjznXy:RVtEw3e989SqPdiERqpWvMOOpPi

Score
10/10

Malware Config

Targets

    • Target

      CareAbout.exe

    • Size

      103KB

    • MD5

      8d9709ff7d9c83bd376e01912c734f0a

    • SHA1

      e3c92713ce1d7eaa5e2b1fabeb06cdc0bb499294

    • SHA256

      49a568f8ac11173e3a0d76cff6bc1d4b9bdf2c35c6d8570177422f142dcfdbe3

    • SHA512

      042ad89ed2e15671f5df67766d11e1fa7ada8241d4513e7c8f0d77b983505d63ebfb39fefa590a2712b77d7024c04445390a8bf4999648f83dbab6b0f04eb2ee

    • SSDEEP

      384:qTjV5+6j6Qa86Fkv2Wr120hZIqeTSGRp2TkFimMP:qHVZl6FhWr80/heT8TkFiH

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Target

      HTCTL32.DLL

    • Size

      320KB

    • MD5

      2d3b207c8a48148296156e5725426c7f

    • SHA1

      ad464eb7cf5c19c8a443ab5b590440b32dbc618f

    • SHA256

      edfe2b923bfb5d1088de1611401f5c35ece91581e71503a5631647ac51f7d796

    • SHA512

      55c791705993b83c9b26a8dbd545d7e149c42ee358ecece638128ee271e85b4fdbfd6fbae61d13533bf39ae752144e2cc2c5edcda955f18c37a785084db0860c

    • SSDEEP

      6144:2ib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OK/Y:2ib5YbsXioEgULFpSzya9/lY5SilQCfg

    Score
    3/10
    • Target

      PCICHEK.DLL

    • Size

      18KB

    • MD5

      a0b9388c5f18e27266a31f8c5765b263

    • SHA1

      906f7e94f841d464d4da144f7c858fa2160e36db

    • SHA256

      313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a

    • SHA512

      6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd

    • SSDEEP

      192:1ANeiOT8Z2b6SoVF6RRHaPrpF3o47jtd3hfwHjvud3hfwx7bjuh:1ANt+E2exrpxTSDuTuih

    Score
    1/10
    • Target

      PCICL32.DLL

    • Size

      3.6MB

    • MD5

      00587238d16012152c2e951a087f2cc9

    • SHA1

      c4e27a43075ce993ff6bb033360af386b2fc58ff

    • SHA256

      63aa18c32af7144156e7ee2d5ba0fa4f5872a7deb56894f6f96505cbc9afe6f8

    • SHA512

      637950a1f78d3f3d02c30a49a16e91cf3dfccc59104041876789bd7fdf9224d187209547766b91404c67319e13d1606da7cec397315495962cbf3e2ccd5f1226

    • SSDEEP

      49152:cTXNZ+0ci2aYNT8wstdAukudJ1xTvIZamclSp+73mPu:cTXNo0cpKwstTJIkS43mm

    Score
    1/10
    • Target

      TCCTL32.DLL

    • Size

      387KB

    • MD5

      eab603d12705752e3d268d86dff74ed4

    • SHA1

      01873977c871d3346d795cf7e3888685de9f0b16

    • SHA256

      6795d760ce7a955df6c2f5a062e296128efdb8c908908eda4d666926980447ea

    • SHA512

      77de0d9c93ccba967db70b280a85a770b3d8bea3b707b1abb037b2826b48898fec87924e1a6cce218c43478e5209e9eb9781051b4c3b450bea3cd27dbd32c7f3

    • SSDEEP

      12288:OpwbUb48Ju0LIFZB4Qaza4yFaMHAZtJ4Yew2j/bJa+neNQ:epq7BaGIn4BbLneNQ

    Score
    1/10
    • Target

      msvcr100.dll

    • Size

      755KB

    • MD5

      0e37fbfa79d349d672456923ec5fbbe3

    • SHA1

      4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

    • SHA256

      8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

    • SHA512

      2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

    • SSDEEP

      12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z

    Score
    3/10
    • Target

      pcicapi.dll

    • Size

      32KB

    • MD5

      dcde2248d19c778a41aa165866dd52d0

    • SHA1

      7ec84be84fe23f0b0093b647538737e1f19ebb03

    • SHA256

      9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917

    • SHA512

      c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166

    • SSDEEP

      768:FFvNhAyi5hHA448qZkSn+EgT8To1iTYiu:FCyoHA448qSSzgI2GQ

    Score
    1/10
    • Target

      remcmdstub.exe

    • Size

      53KB

    • MD5

      fe8978aeac17836d0b99c3edb88de357

    • SHA1

      d7320274619baeb175855406d1027d02f845fb6c

    • SHA256

      577927563589c3c9d05c510bce5f3cd9a55ea1de155e50e87c066bbff290a6fe

    • SHA512

      68b6c647b40f071a602dcecd580232aca8434c7338837debda9d1ec37776415f680ac184ffb1497c93caa7353276d41d5df77538e004c1ffd168217df2cb5262

    • SSDEEP

      768:vehWO78043LHCTPQuw/T3cgCsMl2PLLW/bC:vAb43LuPQFTSl2PLaTC

    Score
    5/10
    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks