54a27464c7ad7f2e32cd123b27c0f9082590cd5ba48526bf00728e8107048f48

Sharing

Copy URL

Twitter E-mail

General

Target

update-kb-5021042.zip
Size

295KB
Sample

231011-rd8exsdg68
MD5

4588d3acf87953f9470fb9c067d24e6c
SHA1

3f012e032ec81bb0473115d721071dd52931885b
SHA256

54a27464c7ad7f2e32cd123b27c0f9082590cd5ba48526bf00728e8107048f48
SHA512

9a06005db9fb6faa7cd1542e0d338baf11ded501cc800900aefff469e8b7476532ff9a820ee5ada288033a11738fdea209cff868e44efb7ebd25e8ba811c4a1d
SSDEEP

6144:lSA2dOxqhAHpUR8yYpKGv3mY8/G1wh+f9ERFN/gB9Pc66SFqi:lSbOxqhxR834rX436R7gbwSFqi

Score

7^/10

Malware Config

Targets

- Target
  
  install-kb-5021042.cmd
- Size
  
  5KB
- MD5
  
  4077032c6b6ab6375a67fee7662b0b73
- SHA1
  
  c34de5064e2861a69c2cc8ea4726b8fd883f9b56
- SHA256
  
  12d98b5c513fe9668661e3fdabb93f595a82a81554f28fbd84658de0aab2a929
- SHA512
  
  ec03076242737ddb06c4fa65480cab0da937713d0df8aa30a2b0b81a7a3d0f00c293b0efd70403b6e338e5727ca8f0384d1f169e8d27c4d9e72000c36101e8b4
- SSDEEP
  
  96:Fs1Q+SMaBVB6BxBNBYBGBXBpB0BcBBBhB0ByBTBfBIBtB1BbEBFp:lga7Yfn+8pri2PTSwN1KDvNEt
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  x86_microsoft-windows-bootmenuux_31bf3856ad364e35_10.0.17763.3646_none_e63309312ee5a0f0/f/bootmenuux.dll
- Size
  
  4KB
- MD5
  
  dca11fad634fbb617c7f2a7e3397055f
- SHA1
  
  e51c406d10293c5ee48625844368cbd51c3f6c66
- SHA256
  
  8fe38af447804c8dba10c6c0bf8249ae762d751905139bb1ad6c575ca76e674b
- SHA512
  
  a209df2965490f8419afad9f548b40ab873c9793aa07738d61618ade35d158efbe946a98d017fea24c804bb15f4aa4c858d67c642141a40b473a6bb805a3d36a
- SSDEEP
  
  96:IAv2Trn/Y+waXwRCP9etUVTXsmbcTIAtRqsHcFFhV:8/J5ki9eqamsIAqs8F3V
Score

1^/10
behavioral3 behavioral4
- Target
  
  x86_microsoft-windows-bootmenuux_31bf3856ad364e35_10.0.17763.3646_none_e63309312ee5a0f0/r/bootmenuux.dll
- Size
  
  3KB
- MD5
  
  40a5bcca467421734617d24f27e1ca70
- SHA1
  
  df57679200752ff41499333c2a9dc0aa0880262d
- SHA256
  
  5cf619d225715cf59fcd49852bf4477ef7d02c6fc6fea829d2f2bde7d3049616
- SHA512
  
  f2a7852369dae57e5f873fc424d998280c4996d2f6eff227b9d3e4f5b1e3f374dddeebb5891e3623f7688c92181b86b0c36f8a1b98c766b00a3575af01e85de5
Score

1^/10
behavioral5 behavioral6
- Target
  
  x86_microsoft-windows-sysreset_31bf3856ad364e35_10.0.17763.344_none_54cb0c264bc45964/f/reseteng.dll
- Size
  
  1KB
- MD5
  
  f39eca6fdb9c2d7cb34affb5d11160ce
- SHA1
  
  b5dcea77aad0c998b4ed860f480932b3ee0587a2
- SHA256
  
  6cb13b2a447321998cdb5b65fa877c3b75a558ca099d8fc76ec4c31026c2a84e
- SHA512
  
  6f35c814cc37d53a06602820496300ca74c5b35f2a2e45161cdbc3a095b81e26e6366b410fce279aca70ac26633da9c0780a03dabe1cad28d800ed34e1e2410d
Score

1^/10
behavioral7 behavioral8
- Target
  
  x86_microsoft-windows-sysreset_31bf3856ad364e35_10.0.17763.344_none_54cb0c264bc45964/f/resetengine.dll
- Size
  
  1KB
- MD5
  
  68953ac384e161c0a7004dd2f68dcb8f
- SHA1
  
  5498da5aebe75eedd6ade45b68df1c4dfc28a148
- SHA256
  
  14d69aa991480a34f87f6fada95f19fd157cd797ff183cf879f8eb4e117f79b2
- SHA512
  
  dce377d50b4d83270d102737bbfeb87d462849dfc98f5c59193d47185a5262655b531d6051cf4699fff78197602758a4f9adbe951fa6ba143e5f6d86fe30d92d
Score

1^/10
behavioral10 behavioral9
- Target
  
  x86_microsoft-windows-sysreset_31bf3856ad364e35_10.0.17763.344_none_54cb0c264bc45964/f/resetengine.exe
- Size
  
  130B
- MD5
  
  b16eb7d6cf43fbad319cb8da27d3ee3a
- SHA1
  
  3e824aff22356e2f2c436f872ff346eb63289cbf
- SHA256
  
  da50e316779a76451bc92ccfa2924a875f2875d4f4325e69ad2b3e51a7d9d81e
- SHA512
  
  21bf953119f86aaaba7304ec8ec6ba74fad797b2fbf495165a3992a0d2b75f2880f5c940645ce27b0ece365f74c284cd67e948baba362a2ceb0fdede3b6808fc
Score

1^/10
behavioral11 behavioral12
- Target
  
  x86_microsoft-windows-sysreset_31bf3856ad364e35_10.0.17763.344_none_54cb0c264bc45964/f/resetenginterfaces.exe
- Size
  
  128B
- MD5
  
  9c5e8e592bdf0f885c300d18b866e88f
- SHA1
  
  43926865f2e4d05ede898c4fa009fae3a848bca8
- SHA256
  
  f595fe3f1bb02b1affa8c72b1a1e1cd3258f3e149ebf19d695fb31f1d68c10ef
- SHA512
  
  a18579d32ebda3b48849bcc06fe995713ff861b663724a578c8d6dc656b8afec82dc501225a5c2a1de28e6a90a6e7f1c672900607a397a128b917725ec4b4075
Score

1^/10
behavioral13 behavioral14
- Target
  
  x86_microsoft-windows-sysreset_31bf3856ad364e35_10.0.17763.344_none_54cb0c264bc45964/f/resetengmig.dll
- Size
  
  135B
- MD5
  
  2e8433dd45319b387040f4a157ba4db8
- SHA1
  
  5c97c2fcd2a8fab419d681f2e565f85b1f745295
- SHA256
  
  b3f81377982558b61b51bba10f854f9b7cd5e26b59f51f7bf5816c7e7468e42d
- SHA512
  
  65238b6491ad4e2b717c72c2d2a5344f5bf4c7818813f12d715b39fa465996d8ae9db9c53e8290076923a6ab7e2f14b5b01ab38478fdde3d2ed7b75a25cf61d6
Score

1^/10
behavioral15 behavioral16
- Target
  
  x86_microsoft-windows-sysreset_31bf3856ad364e35_10.0.17763.344_none_54cb0c264bc45964/f/resetpluginhost.exe
- Size
  
  133B
- MD5
  
  b6eb632d6c2056024e033418a85927b0
- SHA1
  
  72c52e09c26f82c0e1d7cca3fc33e6c39b0e18c4
- SHA256
  
  f97a278043af15496c75bd184ff5727d17c8dd2e338612acde64a2d88e09b00f
- SHA512
  
  3cf2862f73988d270c3a3b3725b1e9710e62ca462d4c53e9080fdad4a1b544e865c1b495911176eb84ed7d6aec7f0198fe215407aeb8be21a344442ffab11227
Score

1^/10
behavioral17 behavioral18
- Target
  
  x86_microsoft-windows-sysreset_31bf3856ad364e35_10.0.17763.344_none_54cb0c264bc45964/f/sysreset.exe
- Size
  
  276B
- MD5
  
  0e0ea69c52b6f725d2ba274a608d0b06
- SHA1
  
  7b65ba6267dde6b95c93e562bbd2e5861179f9f6
- SHA256
  
  78716edc13d543f2cfc5f442a547b2cd5d95b80b3335292c6dc93aaf268b6dfc
- SHA512
  
  848860b17cba354eeb38428e9a76b70c5fa1ea1930f8b2ac596c0776215a97e84697c61e665fa7b140f97222cde7dedd770d0907c02831415ca3e9e3861b3274
Score

1^/10
behavioral19 behavioral20
- Target
  
  x86_microsoft-windows-sysreset_31bf3856ad364e35_10.0.17763.344_none_54cb0c264bc45964/r/reseteng.dll
- Size
  
  1KB
- MD5
  
  1e2b23b2721f78d4316d137cfa3775a1
- SHA1
  
  9c687f3cf94c7f50e25b415dc2b7b6dcb5fc007e
- SHA256
  
  071e2404313a43e42f251002d35b218a93357547e14f62a7aa33193ee75bfa1e
- SHA512
  
  ddc510055c27b7dba6cb097ed943f6ae9930e23af7d68abd32ef3baabc93369194ac4359e61732578dcec5563a467f9e76cebb669260fbe23edf426a1f0ff837
Score

1^/10
behavioral21 behavioral22
- Target
  
  x86_microsoft-windows-sysreset_31bf3856ad364e35_10.0.17763.344_none_54cb0c264bc45964/r/resetengine.dll
- Size
  
  1KB
- MD5
  
  2faf8ac8f931a5880964de0d8d52c0ad
- SHA1
  
  1664491cf382fc7ee65492329328ee12c246f4e8
- SHA256
  
  17230a9612448584d2a402a861b2ab5d7640a7f8d461c656ebe88eae8afbd495
- SHA512
  
  2aa76d5352ffb50a7f03e8db94fdcbb2c0c4604497903b3a6b15cbbd29467216d8ef9202b4fc03f0aa0862ad68ccaf2c4091ec8157f6d79553d28f8c542895e5
Score

1^/10
behavioral23 behavioral24
- Target
  
  x86_microsoft-windows-sysreset_31bf3856ad364e35_10.0.17763.344_none_54cb0c264bc45964/r/resetengine.exe
- Size
  
  130B
- MD5
  
  004769e680bf700881a99ffad9f527d0
- SHA1
  
  82475f9e0b59bde67bd3a36553576cec763e1d27
- SHA256
  
  9c4be376cf14897828c7f0309d701fef5738b53defc770f57d1db1d1e284a670
- SHA512
  
  4191b1df057a89e8a0afd013dcbf9c2afd4e6e1233a65de966efa1bb987f9936778883cb8472500c6fd98712e9274a1638a5ace06ce87fed9afcb03d43316969
Score

1^/10
behavioral25 behavioral26
- Target
  
  x86_microsoft-windows-sysreset_31bf3856ad364e35_10.0.17763.344_none_54cb0c264bc45964/r/resetenginterfaces.exe
- Size
  
  128B
- MD5
  
  2f872d578ed15b9cae17e245d3519112
- SHA1
  
  a7a43309f81ca985cffd8ffedb0a952a683ebb4d
- SHA256
  
  4ef95c1c28c71ef33e7cf80a566f280b796837d7fa24bfbae923dfa386eb9d36
- SHA512
  
  2ff2932dfc33ede8e6b1e1e56dc979226da06241e81d37709534e20714e996274465de9a7e443ba7af262532e73ff2ccaa7e0ce94fbd323c6a9d7d4acca91b54
Score

1^/10
behavioral27 behavioral28
- Target
  
  x86_microsoft-windows-sysreset_31bf3856ad364e35_10.0.17763.344_none_54cb0c264bc45964/r/resetengmig.dll
- Size
  
  135B
- MD5
  
  5119a840f940056aa6503052f1418835
- SHA1
  
  9e578eebce6b4e997b8194a1445387af11b2210e
- SHA256
  
  d3cf8c9425ad6cfdbe27a1a3b270b44adabe94a04b4d27e9c3dbde3c3953d5fb
- SHA512
  
  45b9f591c0eb174a6c2b59aed8fa7bd845ce7c3138282e3072bd1a45721815cfb9e666d8d3499069b03c1ab8d7cf3190d72c2d6eafb4b2b6ab0c08171ea8fc8c
Score

1^/10
behavioral29 behavioral30
- Target
  
  x86_microsoft-windows-sysreset_31bf3856ad364e35_10.0.17763.344_none_54cb0c264bc45964/r/resetpluginhost.exe
- Size
  
  133B
- MD5
  
  1fa41fd85b7fb790ee7aee41d4b60643
- SHA1
  
  45b72740206f09a445f8e26b6d8bd492faef3f6d
- SHA256
  
  d7b69438064c5ae77958fcb2251c9d12ad4bc3105574239edc96bb4e27e183e5
- SHA512
  
  16cdb1c2102a93762016bed85376cdb3ced5ad21c81a0609c27875bb991effd2b345c012f129ef09d785cd2d5f3deadfbc3dfaddfd48e36886101b8ff7829952
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32