a33443c6603faec9d3bd8d8afd97259308fa4cf7c52332746eca9399c1b97194

Sharing

Copy URL Twitter E-mail

General

Target

a33443c6603faec9d3bd8d8afd97259308fa4cf7c52332746eca9399c1b97194
Size

14.7MB
Sample

230920-kd568sfa9v
MD5

95280d4d95594247249ad9d1cbecd6af
SHA1

a0312083beb91a3e57e77d731c281b680d05c0fc
SHA256

a33443c6603faec9d3bd8d8afd97259308fa4cf7c52332746eca9399c1b97194
SHA512

b53f9b861031e2b6c7cc0729a03e41a04f9d6fbebbea5dd3ea24e4a2e4b55e65356949d53f587265ef6c19334ce4a163780b36c81b0ce103a28c4c4a5708444e
SSDEEP

393216:rnT8Omumv5fMys+/j4ljoqgbIw1tCLAFV9E7yuX:rgB/5fMLjoqyR1dFsyuX

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  隔離區文件/._cache_DxSetup.exe
- Size
  
  400KB
- MD5
  
  024437cfccbd6394df89e961a5983cfc
- SHA1
  
  296353233ad26d37c96f3827c8401fb33f503ca2
- SHA256
  
  9e62fe84aa0e0cc32a41150f99b9bbf105c52ba40fb896b5a58a237adafc5bea
- SHA512
  
  9b553d8d5bf8220c942c9a599a2bab24ac155f5bf5201bac0850c7839070e8f3a764930ce9e5849daf9811dbbc8ced4cfe01565c99ad2e4b18dbbfd8c61e81f0
- SSDEEP
  
  6144:LiettwIG8EwyZ/ap2KcwQu2QXrK3WTs5z2iHn7/W1QdK1SoooooooooNmiett:MI7vp2KgN/WJSooooooooo
Score

1^/10
behavioral1 behavioral2
- Target
  
  隔離區文件/._cache_Setup.exe
- Size
  
  182KB
- MD5
  
  faf4192a21c5bf25baca8477c2f0d41f
- SHA1
  
  4bbe9d1c877ca0414189d74cd3ea2823a757b10e
- SHA256
  
  d7631567984116a156ffda98487cee7ff9d7719ffb76104b0e2f14bd7fe04ec8
- SHA512
  
  d539e6e0ba50c538db57d8f200b314f9c1496f0f42d3fc427a68b492e89e853a266a026daeb240e3aff6bd59f1dccd4a49756b633a88df2f7c86934d886f433e
- SSDEEP
  
  3072:3biet78UW9r/8cJqkwNYIcljpaHOIGxBHyBFgzdpJec/IMc0PSFRJvGoiXnoZbic:LiettWN/DqkwWIc5sHt4B1wYPYiett
Score

1^/10
behavioral3 behavioral4
- Target
  
  隔離區文件/AERTSrv.exe
- Size
  
  839KB
- MD5
  
  7c2b5ef6bf938f8dfb441b5318eec0bb
- SHA1
  
  f22f2a55628cf9619165dc1ca1143d98421f33fd
- SHA256
  
  2fd31a79f9d3c5b9fa24d8b2ed754721cc36d56cb08055d6babd052a06b0eb41
- SHA512
  
  1962fe844362eb0242277f07b1a7a61a6951a75d5a80bc08bcd0eb58048c88be661602a6e8dbd550ea0448b31ddf0d4efd2fe01270c0e4e9e350f66a8f58756c
- SSDEEP
  
  12288:lMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9HQkmAv:lnsJ39LyjbJkQFMhmC+6GD9kU
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral5 behavioral6
- Target
  
  隔離區文件/CreateRtkToastLnk.exe
- Size
  
  811KB
- MD5
  
  8f7b4e9cfbc13bba80121581ce7215c1
- SHA1
  
  9c883ac11ff1e060ecae950c7c147c77548487eb
- SHA256
  
  628c6266c14908a00daa78f56877104dad3d16d0ad5d32cec3c7dc6e07dff696
- SHA512
  
  4a9d20b988cddf82fbb5b962c2f1599c40f05bf826ea4503038346611a2023a0df334a3391fcab95e72f8da34b4b921e8b56863d8a248e14ce33284e6a0392fa
- SSDEEP
  
  12288:JMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9KNqj:JnsJ39LyjbJkQFMhmC+6GD9V
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral7 behavioral8
- Target
  
  隔離區文件/DxSetup.exe
- Size
  
  1.1MB
- MD5
  
  2ad4408322e458c7eaff4f795bd95d16
- SHA1
  
  fa094366dffc8bf1bab1ab37921c9ee360d90fc4
- SHA256
  
  d90014a6d91ec80987cfb9c8dc342a2e9ed2e2a33f74dd54500f2e677218a5f7
- SHA512
  
  ecc11971cd5616852597ec59d9c203d7e90e89a4a2d62a30f191327a8688ffe9395c99fa08baa231226252b90ad3631a68bc0593e1dd8c0618034d29bad989f1
- SSDEEP
  
  24576:gnsJ39LyjbJkQFMhmC+6GD9pfxjou0joooooooooP:gnsHyjtk2MYC5GDV0u
Score

8^/10

persistence
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral10 behavioral9
- Target
  
  隔離區文件/GfxUIEx.exe
- Size
  
  1.2MB
- MD5
  
  acf3fbbbc0e21729c89b90fc5231e2bb
- SHA1
  
  ce12ee35e4193f12a193482040862602b1247bf8
- SHA256
  
  e863051fa43abcd19e8f65ee06b3a2e308938ad728698c90bd7dd06af10cffa9
- SHA512
  
  db42cae88f7801f85fba709d0bc3337e9bf4f3ee3dd5a2bc0d6f012f4a650e62b18194a046d751912f7ceea04e303960a01a7cf740c92c347c0fa34360a9871c
- SSDEEP
  
  24576:jnsJ39LyjbJkQFMhmC+6GD98gFK5rKu0wpME:jnsHyjtk2MYC5GDygTHE
Score

8^/10

persistence
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral11 behavioral12
- Target
  
  隔離區文件/PROUnstl.exe
- Size
  
  1.1MB
- MD5
  
  a9fef14605fefa4dc6f6d38e1eeb2d35
- SHA1
  
  42a6da6d0a38bc440d4f1fe8059eae6961ac188f
- SHA256
  
  0c9b801af046fbcce664b9d1c1eaa064e15b93d7cb10e071e5da17cfc3184b93
- SHA512
  
  c8f46f021a1a00457915317224085c0828380de4027ea8fc791de66cfabb449172b60df8554c3020fbae9c9a271029f88764237ee6048cbb27d37f01a71afd3f
- SSDEEP
  
  24576:VnsJ39LyjbJkQFMhmC+6GD9D6x+LH1QQQQQQQQQAdddddddddF:VnsHyjtk2MYC5GDox+73
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral13 behavioral14
- Target
  
  隔離區文件/RAVCpl64.exe
- Size
  
  13.7MB
- MD5
  
  f1363f6db44920e4f668be961411a9e4
- SHA1
  
  1f4af57cae61b29276f9bef8050d38fda59f81af
- SHA256
  
  492e4d4dbc083db1177de5acf82b4542b27fcfb9bac3e79f2097ad98724f6e90
- SHA512
  
  9af91c39a03db5c58cf7fba815052120724d9307eaa2454c64ec11c003e6d73290fe910bb2d7ff2c756e042076cb3b6ef98761ea47063b1d56b5d4b162a75b18
- SSDEEP
  
  98304:7nsmtk2aBs6qoBMtXwVfbd6vVXEowWaSlVTePFSxch78o79WbjpZ61nMb7xgcsNQ:jLcXqTWeFT3Ymt2yOHTHaxRWcUdax
Score

8^/10

persistence
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral15 behavioral16
- Target
  
  隔離區文件/RtkNGUI.exe
- Size
  
  6.8MB
- MD5
  
  e579646bafd8ce87c3fbbbbd943e9044
- SHA1
  
  daea8fa3868fb814077ad4219cf3cdd76bd53940
- SHA256
  
  3409cda7d283cb2816e40260985aab07689cdac216b6761e30eb0e5a22d1182b
- SHA512
  
  8d816e4343e06b5c21e1ae48c023324186817096785d62b8c11f1aed6b0428a5c536704feb5e3f73f9ae9ad3b8afe6ca8db923bd540513ffeb616f717167bbe3
- SSDEEP
  
  49152:pnsHyjtk2MYC5GDP9lvh5Q5dhnDaSHxDQtxUzfJBEagtR+QjfAPRTr:pnsmtk2a4nh50hDaoxDdzfVgtRdCX
Score

8^/10

persistence
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral17 behavioral18
- Target
  
  隔離區文件/RtkNGUI64.exe
- Size
  
  7.6MB
- MD5
  
  03c0b46be0adcbcf985fef74217c4a05
- SHA1
  
  50bd1694fa049ca256be9fc529c772b6a2a3ebe6
- SHA256
  
  6181ed9db7cc07f058ba518bcbae3095526b914c927f297a7d6d04060aa3da1e
- SHA512
  
  df20d364e52a7137fe7501dfd465e0a2361a215ba9a691aa736cd5f5508f6734a8ffcb710ef9a2e161d5c51034441ece8161e237b23bae6ed9669ca3782b22be
- SSDEEP
  
  49152:snsHyjtk2MYC5GDmv4AZRMjRiy2CU0cLw9W2/qfzaxUtaS3xDKMsbRDjRv4iSEAr:snsmtk2a5iUfTtagxDqR5wiSH
Score

8^/10

persistence
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral19 behavioral20
- Target
  
  隔離區文件/Setup.exe
- Size
  
  1.7MB
- MD5
  
  ee0c05557bde50034b71f835573cd142
- SHA1
  
  f886a76f4ff54b5b164af1dbd2f1519c6b57bcea
- SHA256
  
  b93e70af1214172fa68867956a67df8f9a9d3fc6616eed5d1bfac9ab82964561
- SHA512
  
  013584ff0da88498b640597556d1c8720acbac356fe0e13e13791c1db13ff4ba7b3bda2b78ffa172c229c6c6108cca53479eef1932e371996af79d1d23113565
- SSDEEP
  
  24576:7nsJ39LyjbJkQFMhmC+6GD9ZNpZ2S2PcCaGsijFaPJmH9A99J/cUg:7nsHyjtk2MYC5GDN722vN2FahmHejJ1g
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Drops file in Drivers directory

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Enumerates connected drives

Drops file in Drivers directory

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Enumerates connected drives

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Drops file in Drivers directory

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Enumerates connected drives

Drops file in Drivers directory

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Enumerates connected drives

Drops file in Drivers directory

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Enumerates connected drives

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22