f4d72516e3e60d2cd3a103c227be0dd923578e932bec9121b6d134d96b4d0984

Sharing

Copy URL

Twitter E-mail

General

Target

e64b18700fb8d0f4c7d54382a3c12168444bd3d791dc9eaa15b454751dbeb1e1.zip.zip
Size

51.0MB
Sample

231107-rhapfsaa98
MD5

2751330ca0ec0cf862fedf1838849389
SHA1

f296b426df92896350247142a36fb9a5175dd77d
SHA256

f4d72516e3e60d2cd3a103c227be0dd923578e932bec9121b6d134d96b4d0984
SHA512

7e45fa485c37eab7eab0c621c6116d3e3bf154bab4fb2539992023feceb01ce907ff7c0d08563f58a5cef6509f872acc083a078ed8832437bd4c6cac025d9ef3
SSDEEP

786432:MploA1HRhZzb7PmC5wGIZeBxRa1KglIxOANDmSLLbW0Jz8E6p+frOfN32HFlLiOz:MBHz3PmC5wGIg4ANH3pF8e6l+lWtti

Score

10^/10

link pdf upx

Malware Config

Targets

- Target
  
  COMDLG32.OCX
- Size
  
  137KB
- MD5
  
  d76f0eab36f83a31d411aeaf70da7396
- SHA1
  
  9bc145b54500fb6fbea9be61fbdd90f65fd1bc14
- SHA256
  
  46f4fdb12c30742ff4607876d2f36cf432cdc7ec3d2c99097011448fc57e997c
- SHA512
  
  9c22bc6b2e7dbcd344809085894b768cfa76e8512062c5bbf3caeaa2771c6b7ce128bd5a0b6e385a5da777d0d822a5b2191773cc0ddb05abe1fa935fa853d79d
- SSDEEP
  
  3072:VESIiWD8uq4hCqUt6mqD1gRshBgH/voqJrwo2CocrJbQN6N2TRqEydzXS0:VETz566VgRyOJ0oDxQRHf
Score

1^/10
behavioral1 behavioral2
- Target
  
  Programs/HexEdit.exe
- Size
  
  729KB
- MD5
  
  d7605603742399cdac0ceae079622e9f
- SHA1
  
  ab52cd0e32875568d9b70b9d82ed20d639b73743
- SHA256
  
  7d7fdb027eddfc02a293b7f5b629507afed29f3972f3480feb8fc7cd010dd162
- SHA512
  
  e11c2c05b13d6baa84adcd1b5ea2c8409d776cbe58fe0dab0db615009cde49c9b0f925bb53bb8a70827d17ac46da36d539441e1da6a1ab17e5fa674e31cf8a3c
- SSDEEP
  
  12288:xpzAuUlEF+wexMfO3J6ndZJl7SDEMPB3uykEfxQjy4hnkpMu8Z29i5vIFoHiFWFD:xpjUlEF+wuMWYJxSDRBeykEZwBkGuOyw
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  Programs/Imager/ADIsoDLL.dll
- Size
  
  77KB
- MD5
  
  2a35c1cc1fe308ae8f10d80f77572418
- SHA1
  
  d10de110e8818ee6179709aede09c63380226a4e
- SHA256
  
  8678244cb99c2a8ab78afe19769561c5e0e6f63a7c61e7d4f25111e6801f07d0
- SHA512
  
  7583e8cd541c70bb4e0cc94071d3f6699fdadf925c481ef355f242569a3f70ff11c385e1b534f7a12280ba49c6f00919af41ebeb5a871c1e253d89771e7c4265
- SSDEEP
  
  1536:G+dB+6vPMePWBiHfXZtiRhN+hdups2OKJTyI0:FfXZtA3p9OKJTD
Score

3^/10
behavioral5 behavioral6
- Target
  
  Programs/Imager/FTKImager.exe
- Size
  
  8.6MB
- MD5
  
  fe7c1a0aeae7bb0725221a3f8feee823
- SHA1
  
  bb12b94e2c40cbdbf9d91552bd5ccba0ab8cd760
- SHA256
  
  d64a6b078d8d68b8cca48ad36f9a1b98f3010da2c7f585a6a687086feab0662c
- SHA512
  
  4735d296722c03de03049e00eac67f76669110560d35155f2e78e74bb2ad6e76eed24f2aa35bfa7c717779d377e26a990c2a8b83214f544c3d1ab4cbd3ede334
- SSDEEP
  
  196608:s7l4VWz9hhWU0chIVNdn8crTRJdkbHb6xLLDa+2YNGUw:FVWvblhIVNdn8cPZu76xLLDY
Score

1^/10
behavioral7 behavioral8
- Target
  
  Programs/Imager/IsoBuster.dll
- Size
  
  1.7MB
- MD5
  
  93cdf7be2ecb3f4487356f9bfc364c1f
- SHA1
  
  dd239f081cadbccea07397b2ea39fd94cbee5b16
- SHA256
  
  8b9803a86c79f89dc1e831081407fa45b3ce480b3169fd19f90aa0e638323eb0
- SHA512
  
  1b5cfc72a11673557e37372e9e6861196c8596628c786503c38003d91f3df2412b3496ce5ed75abf7647fdd230efb3b3e1a38f55d0540d0f38fb22ca2328f084
- SSDEEP
  
  24576:ISZ+l75FT4yjCY89RG6WEDCK97dc0Y0DM1yUk/DYz8bavv1GPZBisOquj17vbTkz:2J5qyOlL7WN0DM1yU2szRRXqU9DpTYSk
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral10 behavioral9
- Target
  
  Programs/Imager/MD5Remote.dll
- Size
  
  92KB
- MD5
  
  9bbfb6ce8a731e2e69ce239049923576
- SHA1
  
  d6dc36eee49332310a7d5fd8d73c0994bc6a726c
- SHA256
  
  1fd658bd1e1029b2bd91b8f6f2f202a73289185b58898f03b65b96ae183434ce
- SHA512
  
  5a7b5e435c7d87965cef997641ff1bb8229ee8f4ef37b663e13831a1b4fc77599f37d6d1faec9e51d38cde0ecebe99317254a39b4c3b0beeb77abee69301e7b0
- SSDEEP
  
  1536:x8+CooM28KIltr68kLXFFOxF29D33bkWd6+d+525YHQniyDBNtSuIc:x48zmiY3du25YwnTDXI
Score

1^/10
behavioral11 behavioral12
- Target
  
  Programs/Imager/ProfUIS284ad32.dll
- Size
  
  9.6MB
- MD5
  
  e56651b0cadcc180d1bfcc23232a27a3
- SHA1
  
  7a46667052ede2ce1f8699fe6f51f7a5a398229f
- SHA256
  
  5e48c5240bf20f2669caba2d8bf893c7b7a929a7d518b139f908bdb890d8832a
- SHA512
  
  7e625b8c35b71c2586d6333ee6f7e0ac641e9b5f12b463ec9721758b54a5599997ad303ebdf5a18123f222d3f39352bb03a2560464ec53a792be959fefc35120
- SSDEEP
  
  98304:lufMnqmbKzKIAiohbLm/pNY6wPWpGplR808MnmkkC:lMmbo7abLmw6wPWpGplR80qkb
Score

3^/10
behavioral13 behavioral14
- Target
  
  Programs/Imager/adencrypt.dll
- Size
  
  338KB
- MD5
  
  66c926dc17a36fbdffb2e735f1f97f5a
- SHA1
  
  65fcedaa9584c138dfa338a1b01d48e6a8963eb1
- SHA256
  
  978bd26d3e8fbf4dd7bee11abaa93b1793565888b77b90c844468189d18bd44b
- SHA512
  
  81f7273e8f3d5d2a6d20693f4737c34166792fd41d12501640dff6c308c3807b8df43ae0263f1210d0651cf8eff061db7029e81c5530426470d6c1b333e927b2
- SSDEEP
  
  6144:l4GGeA4WeFzmvajO5kQfQkNowsYACQJlMDWJ3vkuZrOKJLsYBq:l84/FzmvajO5Lf6wbvrDWJ3vZ8
Score

1^/10
behavioral15 behavioral16
- Target
  
  Programs/Imager/boost_date_time-vc90-mt-1_39.dll
- Size
  
  44KB
- MD5
  
  87b3a5fe9791762b4b1f8494cb935096
- SHA1
  
  e621f1509842b417e1e5115ff57ed8f2282f951d
- SHA256
  
  817b4dd43fa228e42daac2e74c6295b0b2d52098c4e5383a5f0dd5900dd3c28d
- SHA512
  
  5f4ee2cca103542e83e0a88c23786eb87adc10d34d0ec82a9d91b491b139474615ecf4a307d675c3d1ca5696335cbd5a1e99dab8cfb7db2a01496360eaf9aaf9
- SSDEEP
  
  768:8hf/Sv47hGF9j1LWtbK29tnLHLwJRiaOyfOSgG:WiT1LW3jLH0JMaOyUG
Score

3^/10
behavioral17 behavioral18
- Target
  
  Programs/Imager/boost_filesystem-vc90-mt-1_39.dll
- Size
  
  66KB
- MD5
  
  57dafae254087b961bec6f9c5a16c6cc
- SHA1
  
  bf64569095ea364e21efe9b743ed3ee9af6e6286
- SHA256
  
  9ac67e8917375b6817829ea866e06607b239a49e0d5e5000d248b1a51b507349
- SHA512
  
  8b7d9d7be7908a2e582a14241888cf0d798b7fb3abfd0fa367da5210e8cb9f83ede71c4d63c5cdec55ee76f4c1059d4448dbca7dc6592a8408f61de1813c323c
- SSDEEP
  
  768:rJvdjbmb6lpyTXL0/Q32b+ZF6/18qPqyg5Y3+gH7qlLRG7NEozIt6lGOKEcHZSYv:rp7uTXLu+ZFbwH7u0NiCGOK8Y2vH
Score

3^/10
behavioral19 behavioral20
- Target
  
  Programs/Imager/boost_regex-vc90-mt-1_39.dll
- Size
  
  600KB
- MD5
  
  efd456bf004bbba33f676cb2655914de
- SHA1
  
  c1980ab11ef251dff39dd9be83caf13235445d4a
- SHA256
  
  8e911da609bee68e2b568ed10d426c855470e09361a9e44e7953e8e371859040
- SHA512
  
  7df50382c38a2c82f4102bfb54e4d1c71328fde93f708139a6b0b5bd1f0171a461246da8559c6e2081273d078fdae39671e917444bc6b7cd1ead9abd277a88f0
- SSDEEP
  
  12288:3m0gIJXCJUISycMtuVVdiT+r6FWZjMiA1jj/Wt3t39L7HQGZs:3mVUI5WxSWZgjWtd39L7HQG
Score

3^/10
behavioral21 behavioral22
- Target
  
  Programs/Imager/boost_system-vc90-mt-1_39.dll
- Size
  
  12KB
- MD5
  
  1ad8ef7baba7dd862cd5d13df6c2677b
- SHA1
  
  81ad6243177553019ebad0eed09f44a329c45cf4
- SHA256
  
  1f1fdec25884181785bc8f457f3096a107cace9bc55b3051d7ed8a2ac7647a4c
- SHA512
  
  efe5bf8e0a88d7f4d42c66f565946cb866cc40ad7135b1b26425767ecb52bdbb46f063b3a036a888364913e6a31882effaa7bb2227029f24eb1e66ad4232e944
- SSDEEP
  
  192:0VKoJ2JJ1k8PilpaOxxTrj/6LgQdNVfzEK0ZaOu3XyEqxSpevdT:0ku271P8agTrj/IB+aOyihSAVT
Score

1^/10
behavioral23 behavioral24
- Target
  
  Programs/Imager/boost_thread-vc90-mt-1_39.dll
- Size
  
  45KB
- MD5
  
  74604a4cdb0e33ac87641b93da55ea15
- SHA1
  
  5bc1f47cc9c97d7f3db9607b7984e902ab1010bf
- SHA256
  
  5f070f3687847fa532853641f66a3a94859af54cdd730c9d273ac5be2a127de0
- SHA512
  
  6d3391fddb6011a9659d92a767028a8cec43e6d294eaf847e1347d04be5758d7450811f018f98603202be26d2417e946aff34f922c99dd0cb61f790400de0e43
- SSDEEP
  
  768:dTCRrFrZdFAhbbXzI7BudcZQEBVobqOyDOpzrP/9VgMEJLOw28U:8RFr76bXs7wdcZRSqOyDOpzrP/9VgMEl
Score

3^/10
behavioral25 behavioral26
- Target
  
  Programs/Imager/cximage.dll
- Size
  
  924KB
- MD5
  
  25dcd828d6d0050e0e798c331b0d003e
- SHA1
  
  04baca6d1e87cc164abdbff3973b33ec01b3a9cc
- SHA256
  
  e0327af6496a2149299b6d02ce930ebbb0ed7906fffdef470c1c2d393eb9be14
- SHA512
  
  48efcdd93198194481691f0646c8dcd07f3ba5adce42a2beea88e904c31f61f549b70eb606c229979f86cc6acadea16e1a9d50037621ea859b8e8fcde33988c3
- SSDEEP
  
  24576:Tpr7Lu5IqzELdaA4G/60LraEUfU+XTpBp:N77/6nlfzT7p
Score

3^/10
behavioral27 behavioral28
- Target
  
  Programs/Imager/help/enu/ImagerUsersGuide.pdf
- Size
  
  497KB
- MD5
  
  2aab2678fdc4277aed6def001bd1dd9f
- SHA1
  
  e6539b55f1c1346948f44029d8941457e79c192e
- SHA256
  
  b8d9f9872828db6aca5b5957007615a5a1a6d32e957ce2d283a7f27b6a0596f1
- SHA512
  
  a19a74a212609a16286b6068a930d414774a69c89642eea1df028fd053a50bf2578f141c8440d3e32f4d7205bbbd7611aa577ccffd01d8993dd23c2416272b80
- SSDEEP
  
  6144:SOGCx/Kb41ag7yWAW4bPOPg2izBJgDuzivkB5+OpQTa6PzKPhARStAv5:1dOy0WAHPM5izBwAh5lQTR2hA0KB
Score

1^/10
behavioral29 behavioral30
- Target
  
  Programs/Imager/icudt40.dll
- Size
  
  13.3MB
- MD5
  
  60fd886981d8c70221f9dcde22c36871
- SHA1
  
  a14b9becdd189328a090899185303f650387c0a3
- SHA256
  
  29ed9a899eaeaed5920f1f42b88d127540282d755dc420d172c5558983109d51
- SHA512
  
  8a675287e3f8ae334ea2b36dd1dd3ded6ca25fb60112fd34c524e7d378338d2c6ecf8bd892811e368e06ba49920ec54f39f04c6573298dcf5e4610a5c7a14d70
- SSDEEP
  
  196608:jzfDbmL2j9lM+n42j9lY+nfRm2j9lt+n4Av39eTLIO5gzeers7dj1:jzfDbPX1XVXrAv39eTLIO5gPrsRh
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

UPX packed file

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32