Overview

overview

10

Static

static

3

iumbase.dll

windows7-x64

1

iumbase.dll

windows10-2004-x64

1

iumbasex.dll

windows10-2004-x64

1

printsuppo...rt.dll

windows7-x64

1

printsuppo...rt.dll

windows10-2004-x64

1

setup.exe

windows10-2004-x64

10

vcruntime140.dll

windows7-x64

3

vcruntime140.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0508a50eceade4d6c5e03dfa17f6565d.bin

  • Size

    40.7MB

  • Sample

    231125-bhrpzagc9x

  • MD5

    0508a50eceade4d6c5e03dfa17f6565d

  • SHA1

    09b35a52209259a3d8d092cf8b73379dc0a0bf79

  • SHA256

    9c06896e066ebb2e92a6bcd003531b4e3d940ce98b6bb2c46f614925428c6151

  • SHA512

    e9523d4c687cacf023878dd20459b1a840e14a8db892be6092701cc4faa6a681c5db515376e5195d4fec886131200848f64524297c6dcdaa8f8322c516932696

  • SSDEEP

    786432:U2zoNgiZrlgK5bDinAmd46v30WRNecLV1p4fuVQMvCDm+HicLQj3p:UQiZrlgK5bDwVdrv0WnnLVo2CYIzCcLw

Score
10/10
persistence

Malware Config

Targets

    • Target

      iumbase.dll

    • Size

      40.0MB

    • MD5

      d6d6e9474ecab5066f517fa7ba9099bf

    • SHA1

      696b233291dfbe8b361af9f900beb1c28bd03bce

    • SHA256

      c74947cb03ce946095999bd3681ed93e917971d77f5a3f491c1ed8b30c5494be

    • SHA512

      557b7cfbfbefd9866b33256a175102d550a5093f2a1c55b9ff23cafd8fd22aaf9b3e5cc81724dad06cce9e61787210e4f45098d81aa2ba54293052ed564619cc

    • SSDEEP

      786432:yqZoTuMhRR+qxLzoDmORG03DKeRlC4HBXDAX2vKKlijgSPgcVy1:yAMhRR+qxLzwhR3TKe35HB8Gim6LIcVo

    Score
    1/10
    behavioral1behavioral2

    • Target

      iumbasex.dll

    • Size

      26KB

    • MD5

      dd8099360ba97fe4a021d1250ababb6f

    • SHA1

      a57a179f6a292d20233e66ba145562bded42fdcc

    • SHA256

      4c6e0f7e147f91b12426da5f072b20aa8a4de314525c4544e9d162a693e107d2

    • SHA512

      cecf11b36f20393d0d813ee36a6f666669285c86b52783bd24f8c87210288606564cf7b23a36d0c85524dd1ee85d7dcca2de64ab9d6569f98afee8e57bc1503c

    • SSDEEP

      384:gKhYBFMgxe/l0SgIDWVLNW1NoJGVcG/WG1kJGL8Cqq764hDBRJ7ZlNcM6a1R9z/F:1hYBWg7GqOflRZXGg1P7dn6K9zlH

    Score
    1/10
    behavioral3

    • Target

      printsupport/windowsprintersupport.dll

    • Size

      50KB

    • MD5

      1184f4fb8efae468729c62787c9ed80b

    • SHA1

      a06e3f759dc4bee0b9badeb7a5a67dfeebbf141f

    • SHA256

      c075c95d5153de4005f0e6804eb4f783886d10b683712ed00ef09a6629d6917a

    • SHA512

      2ef35e76f950218f3fabb3f53244366cc7de6d61ba090f3c312eea8b7457b239daae65d05fe3a0bd2a7236afc4eb0434aec7f8042e0c5db1d118fe0e11e04f53

    • SSDEEP

      1536:Rjw/NzbbQqgujx+DUcde+Q/Zj1VyZbueH3hfa:RjH4ude+QRj1VyZbue1a

    Score
    1/10
    behavioral4behavioral5

    • Target

      setup.exe

    • Size

      728KB

    • MD5

      a6cf19d44ed3e7b17cf1568577ded266

    • SHA1

      b7029312d45f8d21f45c39978c0cdac623fe5d9b

    • SHA256

      ccc68738cc7da7516a9c8b35c23cff8b9c278e8b059c698fa2c4be31c7a5a4e4

    • SHA512

      b3111fcb8d00fbc65e68ecef9496647f166d7395de360cca86e22fb47ddd8ebbc1a6ae5dded2a7fe549c2905e6610861323c3390b77e70e701b02a397001517a

    • SSDEEP

      6144:NSpU4EgQnVu7snutn+PE8UX4a/9mzuPxcZN4INBby170h0z4AcDpvleakvRWly9b:2TQYocia/9mzuPmTZby170h0z4AepNkF

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral6

    • Target

      vcruntime140.dll

    • Size

      78KB

    • MD5

      1b171f9a428c44acf85f89989007c328

    • SHA1

      6f25a874d6cbf8158cb7c491dcedaa81ceaebbae

    • SHA256

      9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c

    • SHA512

      99a06770eea07f36abc4ae0cecb2ae13c3acb362b38b731c3baed045bf76ea6b61efe4089cd2efac27701e9443388322365bdb039cd388987b24d4a43c973bd1

    • SSDEEP

      1536:l9j/j2886xv555et/MCsjw0BuRK3jteopUecbAdz86B+JfBL+eNv:l9j/j28V55At/zqw+IqLUecbAdz8lJrv

    Score
    3/10
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks