bdf68e5e5c96f4ca8cac0354c4e79974a5afe47165058372f91b3c5660f0478f

Sharing

Copy URL Twitter E-mail

General

Target

1ee6ebf2b6ace82d63862e96fd000170
Size

20.8MB
Sample

231225-ptcl3sebg6
MD5

1ee6ebf2b6ace82d63862e96fd000170
SHA1

4a2bc2f01b7dac58270c2978d3bd529d60caf841
SHA256

bdf68e5e5c96f4ca8cac0354c4e79974a5afe47165058372f91b3c5660f0478f
SHA512

8fc53413c5efbc66877dbb5fd903dd11e5f0c7004b89730c61b7bbaf072ecbe8ce06f09d5fb528acc3599f8acfc1942d5f4e5d22c09cd765fb0f5f5bedfc052f
SSDEEP

393216:nNh7c+GD9ER/48R+wZOZ+rDhOA/EHn4YI/E0UEUyW/EJbpG4KqOiLceAUI0EsKiq:Nhw+6+TsWyQF/k4YI/xzUyW/Qw4d9bAn

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  LaunchManager_Dritek_7.0.4_W8x64/CDROMUTL.DLL
- Size
  
  125KB
- MD5
  
  632a6d75feeabc846ee9aec33345ef34
- SHA1
  
  9d67bfaf3be10bb3950bb34572e9bf68aa784881
- SHA256
  
  2d3afb5a90000ff8c7765532be28205bc67154e5b304fcc6b57baafc1796824e
- SHA512
  
  e1b561625e329852ea3035ec3dfb70a98cee43b88ed239e380d49fd99f15a968e19d461a8f571f199d2461f4647be1fdb3c398ed49926d2e0c909186d920150c
- SSDEEP
  
  1536:HZH5OxiAOOPOydLl/skMt32m79KV8JiKFz5Fg66KXQfqB0h4McOLu46QOYWTzq6c:H90fT2ydLakeJi05IzyMR56QOYWG
Score

1^/10
behavioral1 behavioral2
- Target
  
  LaunchManager_Dritek_7.0.4_W8x64/CdDirIo.dll
- Size
  
  59KB
- MD5
  
  213878e07adc1a4005473a421339504a
- SHA1
  
  8e6207f24f27d59f2452a23747d6f078717070bf
- SHA256
  
  792007ad1104010d7c5cf82bd03aec09921e7cea8e844e93f63a119fbbef25cc
- SHA512
  
  a1771638ddd6cd522c6a240d8cda546baab4e368170ac0a993ba679eadfd7d2f8fde91fd551da4089167984712683fcd54cfab6751d686080d2d25a4b2a4d5c1
- SSDEEP
  
  768:Jrn325Spg7XhOzHJG0b59w7Fy1IDWysfqXGFwMFw4Z80HJ28IfBQLlbCeZMmBl:Jrn7gbo7XwTWy0qT2ZJ28YexC8D/
Score

1^/10
behavioral3 behavioral4
- Target
  
  LaunchManager_Dritek_7.0.4_W8x64/CloseApp/CloseHookApp.exe
- Size
  
  46KB
- MD5
  
  2df66c2146fd19a8d99df648d2e60e92
- SHA1
  
  628a0158ec3e761589797e0aa0cf77c25785087d
- SHA256
  
  d171a34cb74349d49bff55baba316f4e3ce88ba685dd7be36d543d82e43f0491
- SHA512
  
  07f1c9962a4d7d07e188ae5a0e660078e805fbca960e5c043fa8d3eb2c8ba994d2fd5e2ecca92a6e5c799f3c8a0cc3b5ead5d62b9eb703c197106319a8d9f993
- SSDEEP
  
  768:Q/MZl1KqhW8MdvL+Le1KwPj057vlXfF2j6VBUm+qJtwPIILlbCeZMmU:hl1KXLoewLlXfvZJtwDxC8DU
Score

1^/10
behavioral5 behavioral6
- Target
  
  LaunchManager_Dritek_7.0.4_W8x64/ComFnUtl.dll
- Size
  
  79KB
- MD5
  
  6f2940486ccc4a4f934909001e8008c8
- SHA1
  
  77d1f82a2372e34d0017dea181799636c6bf838d
- SHA256
  
  331d6dcc1757959cc528ef7ed217f9e1576062eaec96811fae26a0c35f63fe45
- SHA512
  
  bcf31e908f399c74dc02edf15fa7128291dfead618ae2f107fcf4100f1bf97e925250bca50edf6ad7ede89c4c9aa8e2dd2c4d7afd6bb4b21fe49e9a3f0d965d7
- SSDEEP
  
  1536:9ROw+wGWTBDnWx9uUaiaYxm+8Ej9SlV29PpxxC8DZ:9RH+wDTBrWxOxYxm+8Ej9SlV2n/t
Score

3^/10
behavioral7 behavioral8
- Target
  
  LaunchManager_Dritek_7.0.4_W8x64/DHBKcUtl.dll
- Size
  
  86KB
- MD5
  
  373bbeb9220a40d51880dd63ec5b6a6f
- SHA1
  
  4362d422fb38ab9e57d165ca65b600ac5bbf1cbb
- SHA256
  
  2443256e769b9814a5c5c7ae58f82d3b6eac5d4756b1516c3bae0ea3a5f39241
- SHA512
  
  bbd968a09d3935cde832b6a74b1bd651a8441e3691d4daa1a89ef9705cb7768ba857e62d8b3ffbed43dd9ce78f140f05b2cb239f911b1461c2034e64d8fa7e21
- SSDEEP
  
  1536:VwsqVAwcqP1HohXF88g8mIePaKhQ9SXu8CxC8DZ:syyHohXFBm1aKhQ8RWl
Score

3^/10
behavioral10 behavioral9
- Target
  
  LaunchManager_Dritek_7.0.4_W8x64/DelPrevV.dll
- Size
  
  199KB
- MD5
  
  5a9b1f3ccf5a5152c180a496fc80bec9
- SHA1
  
  86e45d2ef5f9a435acb4541419f9785eb6440fa6
- SHA256
  
  02f4024556b89156f39486439664ed86808de532303e7a37322ac919e26ccad0
- SHA512
  
  c19c8db249eab19f525913dbac735ce1622db46373e3fd7bac11e2e226ab015b62095c0ca7be673b7bc135913022bdbe86d0bfa41fd805dc713eef83b261b1ec
- SSDEEP
  
  3072:CsEvF3FLR3utqu3DTREKLOiQwLs3ue3B52AIj+eFtzMHrsSplvZNR6:CsEvFP3wrLJQwLstB53I6eFt/E6
Score

8^/10

evasion
- Stops running service(s)
  evasion
behavioral11 behavioral12
- Target
  
  LaunchManager_Dritek_7.0.4_W8x64/DkLaunch/DkRun32.exe
- Size
  
  96KB
- MD5
  
  580c68064208cd097af38622f986122c
- SHA1
  
  93e907de9abb39735e2b99a24ef060b0a771d536
- SHA256
  
  e2c0796452b18ab63bb4243eb6a4c497c0f1b8b96e8e99d0a2f90234384b4da5
- SHA512
  
  d4eba06cd1e9c95c1820ed2fa7ca9b239a565fd232e79365e2f6bd651e98d24e6e95f0233af05666e9f48433558591d8810daeb512f8f53bae6be62c956fef23
- SSDEEP
  
  1536:zEXcLmB6+DdpFiQuw7cHJB1/zrybCBxC8D0:zscLmc+kHJB1/zriCP4
Score

1^/10
behavioral13 behavioral14
- Target
  
  LaunchManager_Dritek_7.0.4_W8x64/DkLaunch/DkUserProc.exe
- Size
  
  98KB
- MD5
  
  d58038d4aa95805e8a5c9581fdbc6f1e
- SHA1
  
  67eeeee7aa63c9e51b02574ae4871966adc7dda8
- SHA256
  
  146e7c177faa8b3e25ebba7bfb3b61d69225db31a155b26e36fe08cd46acf275
- SHA512
  
  c254ac4df71ad6f0a632761641b147825d2b9efac59e73f040b954a03f618dc876978d2b930a3a061a37126d09f915480a2577a0257b1edc59c3b458a12d7d7f
- SSDEEP
  
  768:BpDE14lTKLNC0LTjVmtcBZmv78nlVRR6FJE0vqJ6ZU9QZU95YbNWLlbCeZMmK:BVE13LU0jV9Gj8nluIJ6z2YbNWxC8DK
Score

1^/10
behavioral15 behavioral16
- Target
  
  LaunchManager_Dritek_7.0.4_W8x64/HIDRead.dll
- Size
  
  306KB
- MD5
  
  038980c1f9fc6153856cab3cfa337312
- SHA1
  
  7d2138967b20909a564479d4dc105025f8cd324b
- SHA256
  
  4f48d51d3f2fb91844102cd9498b908322a786cea79eed986364bc589220d62b
- SHA512
  
  3dad8cbc618e4d7868d394d7977bc0fc151048093525894eb61dc738eeb8365f65d0ae12376349682026e4b0c5ceca217a59ef56ff028fa73b7f9fe797515f58
- SSDEEP
  
  6144:23YUHyAhb9Q43dbMnAU4cbjCE7dUGad1S7vg6KE0s+YvKiZvlK:JUS/T9dgVEUYvdvlK
Score

1^/10
behavioral17 behavioral18
- Target
  
  LaunchManager_Dritek_7.0.4_W8x64/IdCardHelp.dll
- Size
  
  207KB
- MD5
  
  b9b3f5ccca8c9da272f7b4946edf5d94
- SHA1
  
  7399e0b89a50f22aa8a6545c6c6681aa135b049e
- SHA256
  
  ef6148cbfb0ada156b442b7cea2ee15484f89f39690ee9dd3d26a05624b83c47
- SHA512
  
  d7addbb5dd98d8ea34c23e843ce69bbfd02f8816cd2c002d025e4fbd97a03d6efd8d59aa4ca42fd7307a4eedbc6ca93cc50c6c8483bfa2b6742575c46d48afd7
- SSDEEP
  
  3072:KKcuB3ayUTDeZb4EdCNVLWSrCt3KB4wWhUZlPWf/zVGKCI:KVuB3ayLbXUNUt3EH2ZGI
Score

1^/10
behavioral19 behavioral20
- Target
  
  LaunchManager_Dritek_7.0.4_W8x64/LGKCUTL.DLL
- Size
  
  77KB
- MD5
  
  6451b6b70a973643ba747e7609f8f145
- SHA1
  
  8d2bf54183182bf1bd21758698d7d9e4961c62ea
- SHA256
  
  ee253c1868b8370e6096e9a0344a2177cc66802a9fac15401614e6ccdb2a89f6
- SHA512
  
  c20ea554a4742919c12511eba377b64788889552dde44eadabf16560e4a8ff496ebf6c14c0bc43db980f35e79f3ff9b8661c812518748f3682331802a18ac079
- SSDEEP
  
  1536:RFPC7S/FVyAdlBC9gKNNJbWPAGTT9KMv2hQJ3Mq6Kl:Rl/1LAqgNJbWn2hQJ35l
Score

1^/10
behavioral21 behavioral22
- Target
  
  LaunchManager_Dritek_7.0.4_W8x64/LMLang.dll
- Size
  
  254KB
- MD5
  
  754cdcabc1e07b9f683490e6964cac1e
- SHA1
  
  6d050626a4faca394057efd2ac282f17c7b1c25e
- SHA256
  
  b886a56695d91302fb9890e7372e86cd69c8e2d6d0d0d65cf6e0c545cf10d9d1
- SHA512
  
  9808d6cbbc08f26a5604ae2296f4446f493b604d3d3a9daf7d2ad9efd9a32b4bd8254a2b8020b3805021c3117df59afdad09ad33170262f56f846ddfab6cad22
- SSDEEP
  
  3072:PpfVDuJAQmcnI+meqY83yvGTVBaACsF9eODLNoGS/lzDZPo9rQjcjLRwWKTccDNQ:xv+mev83yvGTVBDCsveCNo/NLcAZQ
Score

3^/10
behavioral23 behavioral24
- Target
  
  LaunchManager_Dritek_7.0.4_W8x64/LManager.exe
- Size
  
  1.1MB
- MD5
  
  1b38f4c2bcdb133b757e22beb61fb3fc
- SHA1
  
  92a429564fc21e0b6497575344e2fc8479d6f89d
- SHA256
  
  9b2c8b3df2f642610b92512d945a5ffaa37d97e6d50f0330685ab44c8f0394a5
- SHA512
  
  0761679d03d2bade1ff5ad9cb67dd6ff8da563d7cf396897b1cc086e2d9ac851358a3ae96afafe63785e7cd3662bfb990615f510b12a919205f84f43d98c93f5
- SSDEEP
  
  24576:Inu29hU0sc72PEsZ2iQN8oKv9dHAV4JW/pVW:WuoTQr4pGosdgGJ0W
Score

3^/10
behavioral25 behavioral26
- Target
  
  LaunchManager_Dritek_7.0.4_W8x64/LMconfig.exe
- Size
  
  1.9MB
- MD5
  
  4d3d390caa94e6dbca890bc4209c2f99
- SHA1
  
  2bf8020edcdd9345bee6c3b2d68429bc2340574d
- SHA256
  
  f2e73304d9676b4fbbe53205a8614aa001bf03b42beee9de56943bdb5edb284c
- SHA512
  
  1c7e252462dadc9040220bdec1b7f4344f9f5072e759075d1fb7b4fd812d5a9f1996e6516b7bbb8540a5dd75143f177172637f7f5e6927c2fe21d29aa6c047f8
- SSDEEP
  
  49152:+KHfwmuaMUCR/fX1vYk7DDtKsYOkMbTme26Ys23Hlvm1tggnzsd5E:/oEMUCR/NYk7DDtKsYOkMbSb3Hxm1tgS
Score

1^/10
behavioral27 behavioral28
- Target
  
  LaunchManager_Dritek_7.0.4_W8x64/LMconfigV2.exe
- Size
  
  1.0MB
- MD5
  
  ce611336ce91e73d05cdc62b115277e4
- SHA1
  
  d54a79c93cfc25caca2a1d5f40c620adfa03b79d
- SHA256
  
  d903ecf88f40e9a0eed937b119197dc635ea6c2feca90471fcf18f4508a85725
- SHA512
  
  160a668d41e55641e119cdd7bdd40224f8baf93a0b9747d520ae4b5e062f3e8455a463b59b889aeb059c80eef3e09687561be98257436b06c70c3235cec64ac9
- SSDEEP
  
  24576:yNngnYBIw3HNbX4pesZkogXU7KMEgF/OFUYZQsJPoDoWteoF/OFUYZQsJPoDGzLA:7k9MpesZNgXVMjWFUYZQsJPNWLWFUYZy
Score

3^/10
behavioral29 behavioral30
- Target
  
  LaunchManager_Dritek_7.0.4_W8x64/LMutilps.exe
- Size
  
  462KB
- MD5
  
  aa57e0013caf1c1a18763a12e72bf1bf
- SHA1
  
  b7c3d15cbc5d77267df814d966598c52bd30d4eb
- SHA256
  
  ec7022ffa71c3059365df03e7c1d438eb907d843a9acf8edc78caeb94d070f78
- SHA512
  
  bfcdf5f703075385960863f018b359fafc9439cc4b6ad4374c36d5e07356259534013031fa460a9ee056934e340808cade5d7c2ddb243b49b73cae771ee7b40b
- SSDEEP
  
  12288:Hg5SIXggl9b93RsvNoE6YJkQGnXc1c3Dn+wsZWlW8Ozt4:Hi9b92vNo7YCRnXdzX6avOzt4
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Tasks

Sharing

General

Malware Config

Targets

Stops running service(s)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32