8ed57a0bce1c8e5dd955f5b720615899a69aa586aeea8ae9d5813a56c7d3f8b8

Sharing

Copy URL Twitter E-mail

General

Target

Office2021.zip
Size

4.0MB
Sample

231004-fgrqsshc3w
MD5

44f99f61afaa081844fe7006b2c9cb38
SHA1

e7ffba5c62d1c71d6f37f260f1d9c8d501ddc319
SHA256

8ed57a0bce1c8e5dd955f5b720615899a69aa586aeea8ae9d5813a56c7d3f8b8
SHA512

c7f19e98f9c1a7fc17ad2ce35cd144c0b824b624661889fd2ef12633a6a5e4cdb8e96bf611f8173c39db555e3138394c22ce97bc604560021f01ecdaa2a07329
SSDEEP

98304:nJ47VM3HVN0mJCZ+tv13b1hp6qFcb+Zuk4DrtSVtsVmtByLE9Or:nYVM3EUdNLh3l4DpSVtPyI4

Score

8^/10

Malware Config

Targets

- Target
  
  Activator.bat
- Size
  
  491B
- MD5
  
  d9e30b6bab33590a13ae8acdb1609cde
- SHA1
  
  24adcc1184d45c47f6896480701e151f79fb98cf
- SHA256
  
  59df9f5434b182c6f56cad461bb9194fa323769f1d18374af7b58476a2ff8497
- SHA512
  
  39edcac54f332c8beed07cb9595ab37226f0bb3f44ee6541475675090d37bbada685db96a8681c6b646af0d8b0c7ac86114342a3b11c0f978033405eb271fb5a
Score

8^/10
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  Install-x32-basic.bat
- Size
  
  86B
- MD5
  
  1c27651150db00e378b627be5acad52f
- SHA1
  
  a6f7ca666243fc2b523d78f27f87063bc4f7bb3c
- SHA256
  
  d2560f7242fbbba68646998232333b8f10b130e23b543376e62af6ea1113558f
- SHA512
  
  3d522c3012b3bc588a463c4d180a337a1a067d6d2467283154114025187dee58ae3b91f52ae4473bee60ffc931b6591729579a3f0129d773848b7b096b1d5adb
Score

8^/10

adware persistence stealer
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral3 behavioral4
- Target
  
  Install-x32.bat
- Size
  
  80B
- MD5
  
  cab26da6b2e711894d5a6d3dae492363
- SHA1
  
  e4a2d5a6cac45e1f9b54cf38539048fe40f656ab
- SHA256
  
  47c2c552a02b9fe66bd98cd92ddc40a31f6b3dc689ca02c164c84d8fc925590a
- SHA512
  
  0cfc49d21bb346d05486bb2c0803d3d753176376fa7c6183371bf3c742c1ef37d9976351937bdbc91c193ebc381297c57a2de737398a99142afa487a3dd7e3c9
Score

8^/10

adware persistence stealer
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral5 behavioral6
- Target
  
  Install-x64-basic.bat
- Size
  
  86B
- MD5
  
  6f5f33fe7ab0358de6ff8ef4747533bc
- SHA1
  
  1c3bbf27ea6f7f90a2ba7c849f6bcb603d5c6c19
- SHA256
  
  4b4ea5e4728b000f16da2e8978d09546b4bec662e0d642dca63fb9b242ad8ec9
- SHA512
  
  d407910a6f912c53591d182287b373d10791cb6f9f3a9fa2c8c4fb79df1d81305e9023d8d22cdbd6b0d9b50c1d918356905ac0e02cb68f3703076cfdac3327c2
Score

8^/10

adware persistence stealer
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  Install-x64.bat
- Size
  
  80B
- MD5
  
  dfb3c80e4bd2258e98379890a238a2d1
- SHA1
  
  abdf2c394b767e80f098f485245377a09e84bd33
- SHA256
  
  e81094e565d92096c6fb0ee6ffa648da1e75a67c78d45713a6f47927ccb0204b
- SHA512
  
  73c606ec1afcd8dc495750f5525535447622125d9c9164b1ad85e1772f2b606571f4c06c037ea71d832f7227af460d305c80dd21e9bb014b9e094d8599e17ef4
Score

8^/10

adware persistence stealer
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral10 behavioral9
- Target
  
  bin.exe
- Size
  
  7.7MB
- MD5
  
  90d78b3bbf1904e60d0d4f6379b38902
- SHA1
  
  855674e64ea03f3b882fd7f2e355af062c381471
- SHA256
  
  b4f7ace176d0eeba828e7c03f39befb30355223860d14e6ca4422fdb81778df7
- SHA512
  
  e42a9e9ec6ab0e5e1766ad18a29890058e628b79088b32d650fcd3051972f151977f1b8dc06d044eea7cd05366976e770f7fe51cd5e62b07f6bb69308d84bcfe
- SSDEEP
  
  196608:CPHnDO4fb63thNfVl9sfUcZUWIxRQaRiHeyCV:eD7utf98bIxRxiHeyI
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

Sets file execution options in registry

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

Drops desktop.ini file(s)

Enumerates connected drives

Installs/modifies Browser Helper Object

Sets file execution options in registry

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

Drops desktop.ini file(s)

Enumerates connected drives

Installs/modifies Browser Helper Object

Sets file execution options in registry

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

Drops desktop.ini file(s)

Enumerates connected drives

Installs/modifies Browser Helper Object

Checks system information in the registry

Drops file in System32 directory

Sets file execution options in registry

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

Drops desktop.ini file(s)

Enumerates connected drives

Installs/modifies Browser Helper Object

Checks system information in the registry

Drops file in System32 directory

Checks computer location settings

Checks system information in the registry

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12