Overview

overview

7

Static

static

1

NovAtelApp...15.pdf

windows7-x64

1

NovAtelApp...15.pdf

windows10-2004-x64

1

NovAtelApp...-0.exe

windows7-x64

7

NovAtelApp...-0.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NovAtelApplicationSuite_1-15-0_Windows.zip

  • Size

    87.6MB

  • Sample

    240109-yvpsgaahg3

  • MD5

    9885a852e1eb327832526a5346ba3fb1

  • SHA1

    4a1a2d095ae89a9e858ed5b1947e64eeedb1370c

  • SHA256

    7b7d024753355d450280926e92e25af673152ebc9d92c8d2448872de9c3ae95a

  • SHA512

    c0408d3fc92414fbf84e0c160bdf28270b2bbc8eb6bd37b9d03e8623c01e6107a1d35e4d7d538497c7d5b0bd39ee15557b87c3be4342003e5f0ce725f998c273

  • SSDEEP

    1572864:CZ2iOybc/zz55/F0XcyrEnftKPf48GRQ1WFo1jAwknEcPfE8rRfv:CZ6yw/zNkXcy6MfeRQOf9

Score
7/10
discoveryupx

Malware Config

Targets

    • Target

      NovAtelApplicationSuite_1-15-0_Windows/NovAtelApplicationSuite_ReleaseNotes_1-15.pdf

    • Size

      171KB

    • MD5

      bde10d7e024f89b5c5d8d873deec6348

    • SHA1

      3e2574e908bbe6f87cd86b73a46647edc4ca8136

    • SHA256

      6b021978f61e0e3c7ac6632f77c665106237c88628b70de439865c138851b5de

    • SHA512

      7350ab6bffb3b566ea016ff303a2aa0981188f4064445c91d2b1841cb98ffb9e46faa39a52c86b84b5beb75c0a2142bbc16faabe4f37a6483b08901734fae089

    • SSDEEP

      3072:rQtBzUlVLQq3Q4RK/Z8fIUB4JFiD2Yawf3KOXOnJU6KUmElELZT+:rQfzUlpCkuZ8PWJFiD2Yaw/KO8U6KU3x

    Score
    1/10
    behavioral1behavioral2

    • Target

      NovAtelApplicationSuite_1-15-0_Windows/NovAtelApplicationSuite_Setup_1-15-0.exe

    • Size

      87.8MB

    • MD5

      d26ef01c6e8cb874343d9640b9a35974

    • SHA1

      af68de6f72cece32926cc06a72ef419cefe4fd02

    • SHA256

      4735f2d42f48f22bf18452ee1c5a284d2487cdc59f49a089ad11cccf818c143d

    • SHA512

      3792523911cbef7ec79609574a7b6c569e899406a950cc0defbace5b27472a724c3a0da44ffce319d77b3d54032b32d0def89fb16e4f6d383370937834537bcd

    • SSDEEP

      1572864:8qKRU+dmvwU/iTBSHM/StaqnY3Bi/zAz9eCtYz5PQtREgKAiA9wC71Yv:8qyUImvBsBSHLABNtYv84

    Score
    7/10
    upxdiscovery

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks