8e6939f8255b76875f4fa4a4b88f5ee956d28930724369d5c004dbd2cbe84d87

Sharing

Copy URL

Twitter E-mail

General

Target

544cdd869cd3da9e29e14980c43da863
Size

2.5MB
Sample

240111-xgqbeaehf7
MD5

544cdd869cd3da9e29e14980c43da863
SHA1

44ccdf42f86b21092eedd79fb651561ba19d47b2
SHA256

8e6939f8255b76875f4fa4a4b88f5ee956d28930724369d5c004dbd2cbe84d87
SHA512

2ece0fc6817b01163955217858f623f84fd438c57081f7f730f82f598ea3f30a2b078162a4e61a4bc58b0031bf370fc6de9952879fa9a4be2b01f2487b9dfebd
SSDEEP

49152:UTB/POkR73cWfAjGR/y9ik2qq9RiAYxfM2l3iZ7ViW8rGfBm:UV3HcyA0/y9ikxqxYxfMSitoWcCBm

Score

7^/10

Malware Config

Targets

- Target
  
  544cdd869cd3da9e29e14980c43da863
- Size
  
  2.5MB
- MD5
  
  544cdd869cd3da9e29e14980c43da863
- SHA1
  
  44ccdf42f86b21092eedd79fb651561ba19d47b2
- SHA256
  
  8e6939f8255b76875f4fa4a4b88f5ee956d28930724369d5c004dbd2cbe84d87
- SHA512
  
  2ece0fc6817b01163955217858f623f84fd438c57081f7f730f82f598ea3f30a2b078162a4e61a4bc58b0031bf370fc6de9952879fa9a4be2b01f2487b9dfebd
- SSDEEP
  
  49152:UTB/POkR73cWfAjGR/y9ik2qq9RiAYxfM2l3iZ7ViW8rGfBm:UV3HcyA0/y9ikxqxYxfMSitoWcCBm
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/MakeDll.dll
- Size
  
  397KB
- MD5
  
  fd68431adc61fb54cb2adf6a5b1ce3f4
- SHA1
  
  6e3ecd1c0cd6eb520620a579044a5bc7e9951e2f
- SHA256
  
  76af724291f4db89ab6fd4684852e3dd86c26e2a057156e95a5702965ec9ecfb
- SHA512
  
  45a701de50a871a175f96fa21c6dfcad03a0eb627183ba048ac25d467e605f092f9869275b3b8a272f934a866732b3af61e64fd777a46d72fde54f84af7360b4
- SSDEEP
  
  6144:67ELuk4cTX1ARqPvCudXWy3oanscbvDJQk7e2q/H8EIINRBT9fNsaKfjemm0WRl:Mk48ARqPvVaQNrqNP8ER9lsaonjc
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  33d4a515252e42901fcd3230a749e92f
- SHA1
  
  168ccf18807f372d59c954425b23e3ba07b9e32f
- SHA256
  
  83817610e28c78c766a183e66d9fa47f1831b702846cae2ec51ba5848c9dbde1
- SHA512
  
  fcd40f466403d3243d8a8d2e98aae74f46d5b5e9e254d13485281e86022305a3e8d47c6411175a9f2f90ad8d10aa40614c71329969ef895a20d60688a649adba
- SSDEEP
  
  192:HPv+wTtD0MzoU7Fs0+/gcDmduwJQXzw+KtnvH0tKO/B75D/Vp6kn2HgsDw0:HPFT90MzRF4/Bj0v0tP9gk2ZDw
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  72f18eaa88886bd0d46de64a17d9720c
- SHA1
  
  e604c84de0ded023cf4c5e215c0534faf1d18227
- SHA256
  
  05f699d932f1fea8e6f1a711c3bc8ba51463b924b78a68bfd0683295de008da1
- SHA512
  
  5a80e303f1418dde67ffe0b9b60d574b85634de0d2b557a6691229812e9b376fb34ba7e276efd0e20f35baec91f1030b738e2138d7b7ee146715fcab5cd7e018
- SSDEEP
  
  96:VgJbo7bG2VHk3C45rJixqE+6nSvMn0iGLG8wq/aAtJ1t2RhU1fU:qJk7ZHgRJRHvcwBwqP/t6wf
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  00a0194c20ee912257df53bfe258ee4a
- SHA1
  
  d7b4e319bc5119024690dc8230b9cc919b1b86b2
- SHA256
  
  dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
- SHA512
  
  3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c6284e23cd7e4d11db8298deb4541083
- SHA1
  
  e338686c7579620383ab8cc5a51bbb8d846f60cf
- SHA256
  
  79914940cbbf70a385f13a9970a9d577d7a7e07d240fe44563b45a472cd4bc3f
- SHA512
  
  72103e470d770fb402a18e975ff339526a3e4c9aeb8fac1b0977995a6eace0eca965b1915404df9b5a25b59628db1b199d2b9b10372841309c137054356a5cd7
- SSDEEP
  
  96:q0HzOxnC1hncrcpRciM8wcxMkDOW6LbUXv8X2PXv5bcndYosRn:qJxw3pmiMRxNE/8c5bcdo
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  40909a97db3a51fc83aaeff503128b3f
- SHA1
  
  9693d68a1fb11db70f61b8277e1195dd298abbab
- SHA256
  
  f2633b3604a80a7b1be67858fb43288fd7b686730bad158f347dfa38c6df59d9
- SHA512
  
  cd1425e28302dfeced644fa155a09549aae25b96f5f6a7688624135a69be7abee8e6eaac89194dc6ec89281c45e00451fae43db5953360ee9a47dc0d11d07c77
- SSDEEP
  
  96:+Vyk3+0P+gcVUzWKw1lq4xNmuUUOnyX3z9zJ5cVK23EHC:+40P+gcVUzWlyuUStJ5cVKXHC
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/nsRandom.dll
- Size
  
  21KB
- MD5
  
  ab467b8dfaa660a0f0e5b26e28af5735
- SHA1
  
  596abd2c31eaff3479edf2069db1c155b59ce74d
- SHA256
  
  db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73
- SHA512
  
  7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301
- SSDEEP
  
  384:LCHDPMs4GdtyO5roguusMxUXiO3wOw95euooP2UgKbd9BvNtf:LCHD6Gh87MKXil/5r2U3z
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/registry.dll
- Size
  
  16KB
- MD5
  
  351f89337642c165a48dd763aa210023
- SHA1
  
  a5b204cbc51a0ad84248aa680b85be7824f3354e
- SHA256
  
  b610ab13da00e05b000026c73081cfdf0d2ebd3f2fad05e1d0f277060fc3c07f
- SHA512
  
  10326b95ea81b377f74cb9e42135e891930a354b65ce50a4562246da33ca6816f5397089bb60cd1eb647bd28829d70f6425c3113440e11f9a9a4f7fecaac7f4c
- SSDEEP
  
  384:tTVUUuJHxgeh2OTU+X9pCtlohiTV0pWY7:tTqzHxgeh5X9oaiTgW
Score

3^/10
behavioral17 behavioral18
- Target
  
  $_54_/$_52_
- Size
  
  121KB
- MD5
  
  031dcad5dfb1996d7de291492ba460b1
- SHA1
  
  2cd4b15ca5e3b938ac7e2fc3f80997f410e078c4
- SHA256
  
  69ae61a1ae85d249df50970da94c7732e14d9ca2cf6a2d213f3792e10f72e2b0
- SHA512
  
  9a7d95358452b6b110022066276a38e5a12c67e1e97aa4a34e995553372221f76138bb230f08e3924a5e6f6b14f7c4f7d56b9a816f57a33da17ebe1aed7a1445
- SSDEEP
  
  1536:LXhm1dxwN0nYFOauYOjHZmGKowTvcLED4pWsOPhZCCAJibqaJhWWn9iawgjUjNbE:Ls1GOauHZmafE9CRafBn9dwg+V
Score

7^/10
- Deletes itself
behavioral19 behavioral20
- Target
  
  $_54_/Engine.dll
- Size
  
  505KB
- MD5
  
  9591c007306d16905bb4c8d7682cd3f6
- SHA1
  
  e0512c66ebe9c22f782ab26e816cdbce4b4faf68
- SHA256
  
  39827afbbbba8ff453b63e0e94727205654cd2125e84a9b6999982ed06f69893
- SHA512
  
  50c24181aaa352ee88667d5838822d3dd99a5637fc2e084282a1354c39021069e671edc96b39cd055bafc57a0d7777a177da637733ba626a42474e495231924e
- SSDEEP
  
  12288:BeptOQvOSB/tpjbdAWFqNQTJBSHniXwvQ:YjOSBtdbdRN9BhXwY
Score

3^/10
behavioral21 behavioral22
- Target
  
  $_55_/$_53_
- Size
  
  2.9MB
- MD5
  
  9f7dfac65d81c91d039d1cade9166b0c
- SHA1
  
  fa51b7deea370ce4f7360544d07694369e7c605a
- SHA256
  
  923144a1e3c27ba552a817e745fa8a08ebc24c8852338acd0d89ef82d2539b52
- SHA512
  
  05b4a24519ebb10285b7a82aab7f24c01ea376f95b843ca9fbf0cc846fc4617969f7667456b26cf91755449c913a71bd113c9d1c1a49e84621aa5c38a428b207
- SSDEEP
  
  49152:Oglsv3/37STXXntcDY9BhXISsL8M03GzoKP7ScQ2NiO2RLTD+tGlykAvC:Ev3/pY9Ba8M02zo42RJlyjv
Score

1^/10
behavioral23 behavioral24
- Target
  
  Uninstall.exe
- Size
  
  48KB
- MD5
  
  9ddcc423e7d0866222cf46c8411455c6
- SHA1
  
  8c22c24479faa1fc49223d82915f794e81328e16
- SHA256
  
  547ad07462e51c8a1b8dcdc2166f2249da8e116f5f8a39873129c06453f3d3c0
- SHA512
  
  381260474788625f37d0876ee1773c9b2a6006c89b0dc2166965937103275d4e14512cea36e312cd16feea70c0d9b852896482884c8533565c463570375705fe
- SSDEEP
  
  768:SoOjbhlc7sUoQnAz3ppOo0QJSHijv5js/wJJQPgd2iZQAm6kRRS+NoJRnOlH2E:XOPhlosUoAarDX1JJQgdLeAyNZZj
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral25 behavioral26
- Target
  
  ֮.exe
- Size
  
  1.4MB
- MD5
  
  5b09029117dedb91f4b06ef3c0e8b94f
- SHA1
  
  6cef43f5147d5fe01b66748157782626cce44c28
- SHA256
  
  4dbc3ae45a04dea291f318cfefdd091af2d6a2a747f4970a1c369752ca093558
- SHA512
  
  fdd0385a7f094774fb77bec9830c7eb62fa081936c55c91539394421d2b0b8dde8ea7bb84a48001814a1e0b496e741cc5ee5c2ebd905c9ef945e7dbb22e38c32
- SSDEEP
  
  24576:SRFS7Iid6Nx7izcFsaWrtLTOITQA6kOStpbspT63cGnD:vDd6ziVTOITQAOpT63cGnD
Score

6^/10

bootkit evasion persistence trojan
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

UPX packed file

Deletes itself

Executes dropped EXE

Loads dropped DLL

Checks whether UAC is enabled

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28