98b1f7d945aa0eb697c78ae79b85216d44351ca86d1086458543dca48efa5666

Sharing

Copy URL Twitter E-mail

General

Target

23db051ea7de204ce8c7369ab4f26aedc7c663b7d46846ce7b5b6ad3c47c8bb3.zip.zip
Size

3.5MB
Sample

231107-rr4nwshd2w
MD5

a92ecd06e6d50a3037a5bda778b79796
SHA1

5c1e3b4eddfe26b05db5146d6f7fccd353583e27
SHA256

98b1f7d945aa0eb697c78ae79b85216d44351ca86d1086458543dca48efa5666
SHA512

a4328fdb8bb9522fac2f5eeee2d3e7aad52ad79173b0fe772f27bbcb16c3106f92eacb861d5f0eef4044e73c9acf709e39f097e3e27b40b79aa3b024d102fe22
SSDEEP

98304:UgDrl1/Y/Fi38DgkaevjEu/cnVNxqeB68:rDhO/M30NaGxcnzs868

Score

7^/10

Malware Config

Targets

- Target
  
  VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/DPInst.exe
- Size
  
  508KB
- MD5
  
  be3541bfda8a81c474224eb84e977004
- SHA1
  
  fa9ca357ba8b16480bf92c22628a82dedbcdd183
- SHA256
  
  5520c35127fbdc94322966486ca76f8075eb3f64655f000b1af16be635309287
- SHA512
  
  761ff8cde80ef794eb371de20fa1d95440f090dabecd2c58ecd6f8b6c62d908e3bc3bdbe8a3817f3b53d78cb9e395bce146cfc9e1b9ebd03ee1f3d341b780803
- SSDEEP
  
  6144:Mjj9LmzA8F0UQLfwXI5bqhSN5L2vRq/NYB215mP/:2B6z0OIYhmObwMP/
Score

4^/10
behavioral1 behavioral2
- Target
  
  VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/FTBUSUI.dll
- Size
  
  104KB
- MD5
  
  e3974afac60ee2c3ec118d560c7fe98c
- SHA1
  
  b6c353060d15d4aa136605cfa1721d1c21efc64d
- SHA256
  
  c8e47ba55381bd3df5484a65c4682adf84f694e72b972a0f1c312bac2c0b5dad
- SHA512
  
  d9bc13c509a7f753fac04368be146d6bc4f234dfa9a8ccb0f02c96c0f5299041095cc783fda0d9672eca10e7516874af4bd757d09bb72639616f3f3c2c7e3c8a
- SSDEEP
  
  1536:oP72a5kDD3OpwYKsFf8LiHuOCJw7IevtW/:Yn546WLijdI6tW
Score

1^/10
behavioral3 behavioral4
- Target
  
  VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/FTD2XX.dll
- Size
  
  172KB
- MD5
  
  aa8046aa6726e0a2b0cda65fb5d2cd8d
- SHA1
  
  9decf4ee4cfabe32e05af7b0e8ea2ea872e01a18
- SHA256
  
  391644ee8db7dd5fe5ceaf612ea963280a54e4f4e03af8faf2008c35039a3c06
- SHA512
  
  18e6c3f7a6dfd9f8271266df362fde7e1ee7db7ccca14913f4b785130a712b22f7bfa4fc757736c840aadcb94c05453964654ec7ce82d5013a1dfcdfb837cf50
- SSDEEP
  
  3072:xa6Uqpl6dHk1QcUAC33DFMlLi3H4ixt06qY5nutj:xacpIkCHDFJ4qh5ut
Score

1^/10
behavioral5 behavioral6
- Target
  
  VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/FTDIBUS.sys
- Size
  
  46KB
- MD5
  
  b283f1bc1ff852bd232449a4b3e3ce63
- SHA1
  
  1735a5f442a52ae782217da90596c6f62c16af45
- SHA256
  
  e9e97433b39c0c20d9602b13dc0b5db06212cdbd2ccf733b1f0ffa94bd7567aa
- SHA512
  
  0898ee85a25900b508895444b43b0c10ad17dcb24e97af56aaf1a69797932c4b554006a8f5226914c9abf93c433d486d1cba1016f7f354703c373349c75ba0a2
- SSDEEP
  
  768:0Jha1cGV+JylMazaAIkiN2Jo2EPn2r7G5A0Ee/EsJMM3UuocsulZas+/baaKv7xW:gha1cGV+Jyk5F2CJn2vG5A0Ee/Ew3UwU
Score

1^/10
behavioral7 behavioral8
- Target
  
  VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/FTDIUNIN.exe
- Size
  
  184KB
- MD5
  
  9a411917e84142c706358a74e753ab38
- SHA1
  
  5ee4d0293fc2b5e916a5cd3ebe5ffd25dfc28c09
- SHA256
  
  3b0129a0fcd4f5ca649444358afdf852c878a2f539be897bf0519d07e8561413
- SHA512
  
  e7c48120e09bf389968268d5986922439a95d8ea604ba26fb8d2fbbcbf5cb559b14ce1b267b3685b8aca494eab54d740c66a2a4b9d81035a2ef198ca1c17635f
- SSDEEP
  
  3072:VIvkMUaUUIwtmCAipwDKyZCLiBhmdsTIKXNcBtw3x:+kMUaJLAipLkVTRi0B
Score

1^/10
behavioral10 behavioral9
- Target
  
  VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/FTLang.dll
- Size
  
  100KB
- MD5
  
  cdf91fb3cf82d2a5682c42714d8cb9c2
- SHA1
  
  749ce7db573f421bc520786e17ca0efa26822d81
- SHA256
  
  3392bf2a67f3774b58332fd1e45a3bddf87ca25edc3c40ef0c266f15e962114f
- SHA512
  
  f826acad305155b489b5403f04f6348bdec1c88c9798c871681cc1e7a5f3451a8cb4275d1b6055108d71c9947861d55fb08789016f39aed99728ad3f2c268f25
- SSDEEP
  
  1536:sGfTyQH+NKv4Z8Li60BXNiWh8vgtVcIUG:syx+CLiJXNiRvgtVbUG
Score

1^/10
behavioral11 behavioral12
- Target
  
  VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/ftcserco.dll
- Size
  
  19KB
- MD5
  
  d6ca53cccc8ea7d30e36f958a3275696
- SHA1
  
  782eef63a8b2f01d05c4bbba68d69a0fb793b90f
- SHA256
  
  fef49b86ba6112d2f75db5fcadbbd3a4cf385982549f943b89f134fcee755c71
- SHA512
  
  5446a1fe4328f3a9b0915390e73e4d04fe2d4dba5d586018217b62dfb95dd2c404a45b8cb93b8063467ba4e19f7b1f58808314f3de2236f5d89685f0986cf103
- SSDEEP
  
  192:Av9Z1zMQNM2eYfcN+re4bCF2XrFKNvB/YMqZu:AvdM8X14+zF+QMqo
Score

1^/10
behavioral13 behavioral14
- Target
  
  VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/ftser2k.sys
- Size
  
  59KB
- MD5
  
  678a73f56ddf84a08c31123c386e9967
- SHA1
  
  cadfb220a6e5168af8361e3ca25d9f082f0df0c4
- SHA256
  
  cefce93abf0928fbc361cc953b49d33bcc0376c4477d0ac1840e6b94c6de2e4f
- SHA512
  
  f7fd19f249fa53965ef517235a54b279050b8033c2dd917444c76cd5737c9a06b9e4fba14957b2383d1c17f0d221badee0d4632f49d56b602c810a229d127978
- SSDEEP
  
  1536:Fr+pO+ENfokyYatEvz7RRjT6giOMPVlvXem:Fr+dvER3PMPVlWm
Score

1^/10
behavioral15 behavioral16
- Target
  
  VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/ftserui2.dll
- Size
  
  32KB
- MD5
  
  1452ce75a9ac31d29d552f3bcd62e64e
- SHA1
  
  9c55824bd4f8bd46d05388b017113201de6f5a1d
- SHA256
  
  e49ba33c49c921322c807d0ef21815cff0af3fc32c269c9f4cf32d57705b9c62
- SHA512
  
  36d64f5250d167722cbf69f6259d87d04067ff3a779f7a4d8686a8566d7373e824a51933378d3dfca65cb341e6a096d9758c64cc17ceaafed4c7a6a870c19161
- SSDEEP
  
  384:1bL6rJ9kE/hXnlsg8DiIYX8gJtckZqUS6lrdeOW9OqN9PWyWCtoxsQwM48KQYdMh:IPXegUix/plAX1W9fohXJ2/r2+
Score

1^/10
behavioral17 behavioral18
- Target
  
  VAG K+CAN/UPDATE DO VAG COMMANDER/FTChipID.dll
- Size
  
  60KB
- MD5
  
  db2e9f3c2f704cd41bdbfcfb47b81108
- SHA1
  
  49e9192aefee6080c3795a8df592425e6351f56c
- SHA256
  
  d63d9ec2f0557184aba3d4156d755767cd234fc4b108f4209abbf28c064936c6
- SHA512
  
  203df4ab2c065923f6ae3f101d8046f300506e77c74a4864eaceca47e427928ab31da37374794efd24b475e8cca4abba8baed768860715076f2a708c2c7c9493
- SSDEEP
  
  768:dz3YNDu99o//FteFa13DLkTYajaIcydcqgqOigvjOcoVmoVg6oZJxzYj:dj4pFLkTYaldcqgqjgbamqoZPY
Score

1^/10
behavioral19 behavioral20
- Target
  
  VAG K+CAN/UPDATE DO VAG COMMANDER/rom.pkg
- Size
  
  21KB
- MD5
  
  98eec8a417f2eece3cc4fcef1ec11365
- SHA1
  
  96cb2aadd36dd0000759423efd5c34541ba81e1b
- SHA256
  
  c6ed03309502eedecda8b78c1e767913814be20dc6e3bf2539d71f72e58638f8
- SHA512
  
  7b4c5b20ac4803e5ec53dcc722dfb3eafe894770c835277cc5755bd6aeef3bf9f5790800e69dd9dbff87f76533cee676520f4ac5a5cbdf2ba708fbec8f16f26c
- SSDEEP
  
  384:dhOPh7Q5DK7jWixoV5JiJBOsciJfSBaABEYs2pLj50eEs0I0OdDucsy/Gu8ooooU:dhJ5W3pxoSB7AWJ2Zurs1Oy/Gu8ooooU
Score

1^/10
behavioral21
- Target
  
  VAG K+CAN/UPDATE DO VAG COMMANDER/updater.exe
- Size
  
  932KB
- MD5
  
  61e858b2bd8c1903c15610291298d620
- SHA1
  
  40fcc8f30ce5f5c70f0a11a075ead1728ce501f7
- SHA256
  
  4fb16c2b9f2de5f445591b81b7c90902930eef71c050336875de8341b78f87b3
- SHA512
  
  f20fb544150a18972676a63b88483aef7d8748829804e2f56f1fb206e42eb45bcb55c5848fbaf3040ac8ab2c4d7fd590d7bac8c32438b2fbd93649c8a951245e
- SSDEEP
  
  24576:bFjpEm2fmvyXMgqgQCPX0lFlxOyLYYZAdY:b9pEuvgFPGpOg
Score

7^/10

evasion trojan
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral22 behavioral23
- Target
  
  VAG K+CAN/VAG K+CAN V3.6/CDM_Setup/DPInst.exe
- Size
  
  508KB
- MD5
  
  be3541bfda8a81c474224eb84e977004
- SHA1
  
  fa9ca357ba8b16480bf92c22628a82dedbcdd183
- SHA256
  
  5520c35127fbdc94322966486ca76f8075eb3f64655f000b1af16be635309287
- SHA512
  
  761ff8cde80ef794eb371de20fa1d95440f090dabecd2c58ecd6f8b6c62d908e3bc3bdbe8a3817f3b53d78cb9e395bce146cfc9e1b9ebd03ee1f3d341b780803
- SSDEEP
  
  6144:Mjj9LmzA8F0UQLfwXI5bqhSN5L2vRq/NYB215mP/:2B6z0OIYhmObwMP/
Score

4^/10
behavioral24 behavioral25
- Target
  
  VAG K+CAN/VAG K+CAN V3.6/CDM_Setup/FTBUSUI.dll
- Size
  
  104KB
- MD5
  
  e3974afac60ee2c3ec118d560c7fe98c
- SHA1
  
  b6c353060d15d4aa136605cfa1721d1c21efc64d
- SHA256
  
  c8e47ba55381bd3df5484a65c4682adf84f694e72b972a0f1c312bac2c0b5dad
- SHA512
  
  d9bc13c509a7f753fac04368be146d6bc4f234dfa9a8ccb0f02c96c0f5299041095cc783fda0d9672eca10e7516874af4bd757d09bb72639616f3f3c2c7e3c8a
- SSDEEP
  
  1536:oP72a5kDD3OpwYKsFf8LiHuOCJw7IevtW/:Yn546WLijdI6tW
Score

3^/10
behavioral26 behavioral27
- Target
  
  VAG K+CAN/VAG K+CAN V3.6/CDM_Setup/FTD2XX.dll
- Size
  
  172KB
- MD5
  
  aa8046aa6726e0a2b0cda65fb5d2cd8d
- SHA1
  
  9decf4ee4cfabe32e05af7b0e8ea2ea872e01a18
- SHA256
  
  391644ee8db7dd5fe5ceaf612ea963280a54e4f4e03af8faf2008c35039a3c06
- SHA512
  
  18e6c3f7a6dfd9f8271266df362fde7e1ee7db7ccca14913f4b785130a712b22f7bfa4fc757736c840aadcb94c05453964654ec7ce82d5013a1dfcdfb837cf50
- SSDEEP
  
  3072:xa6Uqpl6dHk1QcUAC33DFMlLi3H4ixt06qY5nutj:xacpIkCHDFJ4qh5ut
Score

1^/10
behavioral28 behavioral29
- Target
  
  VAG K+CAN/VAG K+CAN V3.6/CDM_Setup/FTDIBUS.sys
- Size
  
  46KB
- MD5
  
  b283f1bc1ff852bd232449a4b3e3ce63
- SHA1
  
  1735a5f442a52ae782217da90596c6f62c16af45
- SHA256
  
  e9e97433b39c0c20d9602b13dc0b5db06212cdbd2ccf733b1f0ffa94bd7567aa
- SHA512
  
  0898ee85a25900b508895444b43b0c10ad17dcb24e97af56aaf1a69797932c4b554006a8f5226914c9abf93c433d486d1cba1016f7f354703c373349c75ba0a2
- SSDEEP
  
  768:0Jha1cGV+JylMazaAIkiN2Jo2EPn2r7G5A0Ee/EsJMM3UuocsulZas+/baaKv7xW:gha1cGV+Jyk5F2CJn2vG5A0Ee/Ew3UwU
Score

1^/10
behavioral30 behavioral31
- Target
  
  VAG K+CAN/VAG K+CAN V3.6/CDM_Setup/FTDIUNIN.exe
- Size
  
  184KB
- MD5
  
  9a411917e84142c706358a74e753ab38
- SHA1
  
  5ee4d0293fc2b5e916a5cd3ebe5ffd25dfc28c09
- SHA256
  
  3b0129a0fcd4f5ca649444358afdf852c878a2f539be897bf0519d07e8561413
- SHA512
  
  e7c48120e09bf389968268d5986922439a95d8ea604ba26fb8d2fbbcbf5cb559b14ce1b267b3685b8aca494eab54d740c66a2a4b9d81035a2ef198ca1c17635f
- SSDEEP
  
  3072:VIvkMUaUUIwtmCAipwDKyZCLiBhmdsTIKXNcBtw3x:+kMUaJLAipLkVTRi0B
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Identifies Wine through registry keys

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32