Overview

overview

8

Static

static

3

IDM 6.xx A....1.exe

windows7-x64

8

IDM 6.xx A....1.exe

windows10-2004-x64

8

idman641build22.exe

windows7-x64

4

idman641build22.exe

windows10-2004-x64

4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b270b0e202d28eee5189ff9ffb2b1920.bin

  • Size

    11MB

  • Sample

    231121-c723nsbf77

  • MD5

    b270b0e202d28eee5189ff9ffb2b1920

  • SHA1

    df6fe29fd23ec62d89227dc2e2bb8c3db8c31259

  • SHA256

    a7f9942694517e868f9bec30d8384efebe2a870e36192703952b3dc7dc997e9c

  • SHA512

    507e8c6be9a39447e96d20924b41fcc363ab0cc5512ab5c0b7ea3577862c502e6c7acb3b51d6e9337ba822e80ab054feb708d8363d4a732cd84fbf1577dbce08

  • SSDEEP

    196608:6gg8WlKclmyVvhuZPZT/ScJH2IWxj1mijocC6KL/Nm95mvqiib3CzTMtrpTN6BZ7:hg8KH0Ecxmc501mijXmNm95mvqNb+TM2

Score
8/10
evasion

Malware Config

Targets

    • Target

      IDM 6.xx Activator or Resetter v3.1.exe

    • Size

      879KB

    • MD5

      61208ef95b922b0e93f0dbea9d4d565d

    • SHA1

      c7202857462a081b7effa7a16ed97c7c56d1a125

    • SHA256

      c0f92bb95f40c549b501e4c65b301258b20bca2e277b7bb765a0980422b9ef45

    • SHA512

      17ccb5aca471e47959c6fbf29595966cd52ec2e521901fe9579f664497bec2334f12a5b9e05a1f2ffe1d8e202a66988c9fc505f3fa369c6d435c97c96f3097db

    • SSDEEP

      24576:K2yQPRYM04jbwBJg3b8S7ybubjKj+NsRo:KpiVbwBMbzSyWmt

    Score
    8/10
    evasion

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      idman641build22.exe

    • Size

      10MB

    • MD5

      11256a44af986ddb42f78ffd5da15c6a

    • SHA1

      590186ce6a7d6bb4716dccd4d6b0bda1f7b0d686

    • SHA256

      735fb4801e024a3ebe4ec1a8b9d0d4b453e90bccc86e6f2bb3cc69982f030604

    • SHA512

      ad8be28d1757bff84578be7f49073ff81f484aeabf3cc38eec65010ec3fb3cd5cbfd566fd59e09af009660bf818be8bd97a954e09fc680ed2e3139bf0c171fa1

    • SSDEEP

      196608:165p8IYFh/hMRybDQW/N6wEGU8MEi1LrXYfRNeelZaNQed6QzD2peOJrU:KHYFh/u3U6wJ3MjXieIZuzfzKp9rU

    Score
    4/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks