General

  • Target

    001606609a3d467b135c61e678a95eeb307094c332512085072e5cce8c958b21

  • Size

    11.5MB

  • Sample

    231209-ee4rxaeebp

  • MD5

    1cf1c7313b7da36591d460b764047f38

  • SHA1

    4e522e8a48c001f67cbfc523eb76c6b69d146c8f

  • SHA256

    001606609a3d467b135c61e678a95eeb307094c332512085072e5cce8c958b21

  • SHA512

    cbd1ab29acd92e7ff82f0065eadc9109f9091bea7a7b50b44a98c689b63474ecdb0582e35654a44aa8e52868d069f10fff0462f5a4eeb1b2fff947adca9af18c

  • SSDEEP

    196608:v1D0na9DJkneXM8hTLYZgfEZmS48t7LsqqJpQfG1N/Letzk5Ox:tt3jMIEoS4KqofTtAk

Malware Config

Targets

    • Target

      CareUEyes Pro 2.2.11.0/App/CareUEyes/CareUEyes.exe

    • Size

      9.4MB

    • MD5

      3147a328bb87f4f6e5b88daa0feebfa6

    • SHA1

      7c8431e40e691071cfc7f06f789959b700995ea7

    • SHA256

      cdf546e4658cdd7867891bca27ff35fcf59d74869ad27bd86a809f2dde788bcd

    • SHA512

      6373e15f7191d8d64d7c478e1bd6114f6e531d90d6368210cbf273633f04ca7ec1227162dcf9febea57143adef3a7adef4c5fbc029dd02e9649ae9bf8ec86592

    • SSDEEP

      196608:4gNTxEyxvoWKDBR6t77vQ9EWZht669NUFYxUH:dTxJuWoBRCi9Zht669NUFKU

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Adds Run key to start application

    • Target

      CareUEyes Pro 2.2.11.0/App/DefaultData/settings/BlockHost.bat

    • Size

      552B

    • MD5

      9fe68d21dcf578ad8d0545916c3cfb0a

    • SHA1

      c739a489c2c649566da3fd73fb3308b95f07906f

    • SHA256

      fc7bc7154cf0b0ed369a52dc918f32981f987e57a020fe73dfd6ef756f99ed54

    • SHA512

      6c03d12679fc44d4f23a739955dd27cee9cd57e30d972ef930d335699b55fe45ebf90342f06d9b962b28b6fc9c370fdfade40aab75fa910b6d8746139abf23c6

    Score
    8/10
    • Drops file in Drivers directory

    • Target

      CareUEyes Pro 2.2.11.0/CareUEyes Pro.exe

    • Size

      154KB

    • MD5

      8da58b1c196be1bb3a40a8a108e09471

    • SHA1

      14f7536e47191ca293e2aedc3938fd3160c0d4a6

    • SHA256

      8b75702da2954f2d62baf38996779364236261d8c551ee92ac0d6a41fb34b6dc

    • SHA512

      ea98de8894454b4c855773e44c416ac7cabd3c6376c32f4dcf519809bc7df44091797ca920ca90f3b6692441e5313f29b13793b49f3a150c45b38309e7100bfa

    • SSDEEP

      3072:DThRuiU7PEEujgpD+IuN3gd2WEf7YOv38nRxOxwsKUTe:DT5Uzvhuoo5f8nRxOmWTe

    Score
    8/10
    • Drops file in Drivers directory

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

MITRE ATT&CK Enterprise v15

Tasks