Overview

overview

7

Static

static

3

67cb42bd52...8d.exe

windows7-x64

7

67cb42bd52...8d.exe

windows10-2004-x64

7

$PLUGINSDI...se.dll

windows7-x64

3

$PLUGINSDI...se.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

$PLUGINSDIR/Math.dll

windows7-x64

3

$PLUGINSDIR/Math.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...r2.exe

windows7-x64

7

$PLUGINSDI...r2.exe

windows10-2004-x64

7

ydetect.exe

windows7-x64

7

ydetect.exe

windows10-2004-x64

7

$PLUGINSDI..._U.dll

windows7-x64

3

$PLUGINSDI..._U.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ib.dll

windows7-x64

3

$PLUGINSDI...ib.dll

windows10-2004-x64

3

$PLUGINSDI...lr.exe

windows7-x64

3

$PLUGINSDI...lr.exe

windows10-2004-x64

3

$PLUGINSDI...OU.rtf

windows7-x64

4

$PLUGINSDI...OU.rtf

windows10-2004-x64

1

$PLUGINSDI...OU.rtf

windows7-x64

4

$PLUGINSDI...OU.rtf

windows10-2004-x64

1

$PLUGINSDI..._2.rtf

windows7-x64

4

$PLUGINSDI..._2.rtf

windows10-2004-x64

1

$PLUGINSDI...it.rtf

windows7-x64

4

$PLUGINSDI...it.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    67cb42bd52a7636ce90d27849da31c8d

  • Size

    1.4MB

  • Sample

    240119-rahp4afcfl

  • MD5

    67cb42bd52a7636ce90d27849da31c8d

  • SHA1

    c5fa645ebcd914230a01bb8260ff48fe8d68ae34

  • SHA256

    30a0910cd7513bdd6351944564021794967722820a4f6ee57c4e8c7e96628928

  • SHA512

    81e08d6a1438bbe6875f0d37eba8e6971306cf41e516e8c566d144be5460a207b69d48e26f96df0f3a52f8b616fae7a445694d4695153f8ef4b593a96ef356e7

  • SSDEEP

    24576:9xHus872umRguuUmdr9uejsxIvG3Gx8HXbJd5A8OarGdXe6H2mwx8w8k:9xTYrmRguS/1jsqGWxybSRtbM8w8k

Score
7/10
discovery

Malware Config

Targets

    • Target

      67cb42bd52a7636ce90d27849da31c8d

    • Size

      1.4MB

    • MD5

      67cb42bd52a7636ce90d27849da31c8d

    • SHA1

      c5fa645ebcd914230a01bb8260ff48fe8d68ae34

    • SHA256

      30a0910cd7513bdd6351944564021794967722820a4f6ee57c4e8c7e96628928

    • SHA512

      81e08d6a1438bbe6875f0d37eba8e6971306cf41e516e8c566d144be5460a207b69d48e26f96df0f3a52f8b616fae7a445694d4695153f8ef4b593a96ef356e7

    • SSDEEP

      24576:9xHus872umRguuUmdr9uejsxIvG3Gx8HXbJd5A8OarGdXe6H2mwx8w8k:9xTYrmRguS/1jsqGWxybSRtbM8w8k

    Score
    7/10

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/CustomLicense.dll

    • Size

      4KB

    • MD5

      ca37f2747e04ae09ae9f14852574abef

    • SHA1

      e40bf34907337340520f368575c848ddb62f98c5

    • SHA256

      bbcab5c7e9f4b3f63184b23995e5b335a1c6ca5108aaa1be0eaf3fbf78afc1c4

    • SHA512

      ea781e646313bc458fba0ce66e357818725f385cb6c3383bb9c41dbb5221a6f43e3d8296aa3cbd5e8759d95d87a8eefa5f87665912fbc65c8eb4efcacabfdb60

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/GetVersion.dll

    • Size

      6KB

    • MD5

      5264f7d6d89d1dc04955cfb391798446

    • SHA1

      211d8d3e7c2b2f57f54a11cb8bc4fa536df08acc

    • SHA256

      7d76c7dd8f7cd5a87e0118dacb434db3971a049501e22a5f4b947154621ab3d4

    • SHA512

      80d27ee2f87e2822bd5c8c55cc3d1e49beebb86d8557c92b52b7cbea9f27882d80e59eefa25e414eecee268a9a6193b6b50b748de33c778b007cde24ef8bcfb7

    • SSDEEP

      96:E12Z84uiwpGTVTDSpaHYfniz0R3GhCvXY6Ix5vdR7pBi46AQ5Vu4:2STVTGwYhR3GhCvy5vH7pBi46AQ5Vu

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/Math.dll

    • Size

      66KB

    • MD5

      b140459077c7c39be4bef249c2f84535

    • SHA1

      c56498241c2ddafb01961596da16d08d1b11cd35

    • SHA256

      0598f7d83db44929b7170c1285457b52b4281185f63ced102e709bf065f10d67

    • SHA512

      fbcb19a951d96a216d73b6b3e005338bbb6e11332c6cc8c3f179ccd420b4db0e5682dc4245bd120dcb67bc70960eab368e74c68c7c165a485a12a7d0d8a00328

    • SSDEEP

      1536:0P43WZ4Ql60gam+2MwRmPeqFVHbQH0ZZ1Iet:0wU609VMH0T/t

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      7579ade7ae1747a31960a228ce02e666

    • SHA1

      8ec8571a296737e819dcf86353a43fcf8ec63351

    • SHA256

      564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

    • SHA512

      a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

    Score
    3/10
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/YahooChecker2.exe

    • Size

      110KB

    • MD5

      1393c45423cb78470dd37af0c384b675

    • SHA1

      e2d8b673aad1b05d729513ce88094fec651c4f50

    • SHA256

      b242a04a4275e0fdb122bccbf3a620a13f55eb0cfc02d476286171e60822f65e

    • SHA512

      b192512c1db7df14eb469dc5d4c60516f6b5c84c15ed3025a20bf2deb18e68a02db4d627df97f77cfc3f6ef254eec7119bb9eeaa00b753abe59454779fb791af

    • SSDEEP

      3072:+gXdZt9P6D3XJ5cu0ZJlImSRedkQ67psmHJwgeu:+e34rcBlhSUdkQ6O4Jwg

    Score
    7/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral13behavioral14

    • Target

      ydetect.exe

    • Size

      77KB

    • MD5

      48a2afeb63131a434bcc00335e656a0f

    • SHA1

      c7eca0cbed929fd30a110d61ba1b419a4be85327

    • SHA256

      1330f6cd27c84e9c2011111a9ca179c1eadd755b3a17059c9e73f08d3f4b5ddf

    • SHA512

      25a6b6081f3edef1ff46452cfaca710773fae721037fe90acc053d7108a29853b68ac80a14b265a810aa0d2cabf9a2ba909bf38721e9192b37b2db40f9781185

    • SSDEEP

      1536:VEEQJ+kVzMQ9wY68jgVoW6CIFUyUWIlLNgQ4lqELkuhEqIg/9MBJR4CaxO:SjJ+0zD7zguW6CIFUvWIlhsqELkuhSU6

    Score
    7/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral15behavioral16

    • Target

      $PLUGINSDIR/MoreInfo_U.dll

    • Size

      64KB

    • MD5

      bcbb3d47b901167a04ca309597384859

    • SHA1

      9e21d55fe18fddc4f6054c2ec6d1dd2ee79f6057

    • SHA256

      d77ef48fab0c91b6fa101786009ccaece4ae0767e1b3cd6269b845579f1310e2

    • SHA512

      370d25e82952f8bf5853ee1a5285bdc52e64995aa1b42c9f205f67c0426d526ee09a7c817b78877a1a391fbb62349f395906e0a48aac752f02094f4f901c7403

    • SSDEEP

      768:4dUibnu1u6HQiuqCX9rNYnjvtVDAOVYx/kQX0fIgkPZtbIsdRAU2UZ:5T1uyQxX90jvgmI8mwIgitEV2

    Score
    3/10
    behavioral17behavioral18

    • Target

      $PLUGINSDIR/System.dll

    • Size

      9KB

    • MD5

      ae182dc797cd9ad2c025066692fc041b

    • SHA1

      7ee5f057be9febfa77f698a1b12213a5bbdd4742

    • SHA256

      b214f6d6c4d27f749105f7e8846a7c2d475dbcc966876370b5a7dab6e4b8a471

    • SHA512

      2a9a200d067df47638a86f4f058c6d78fb59bd064c65650cae5022a62a3714e33f93f6af1dd599fda180d5af18f432835a1f909807f4fb459aa9d6c24e3fbab7

    • SSDEEP

      192:SVS+6oMnQ5TWgWsMI4R5Or5nQU39FmeknC:S56oMQ5TWlbI4RS/F8C

    Score
    3/10
    behavioral19behavioral20

    • Target

      $PLUGINSDIR/intlib.dll

    • Size

      24KB

    • MD5

      1efbbf5a54eb145a1a422046fd8dfb2c

    • SHA1

      ec4efd0a95bb72fd4cf47423647e33e5a3fddf26

    • SHA256

      983859570099b941c19d5eb9755eda19dd21f63e8ccad70f6e93f055c329d341

    • SHA512

      7fdeba8c961f3507162eb59fb8b9b934812d449cc85c924f61722a099618d771fed91cfb3944e10479280b73648a9a5cbb23482d7b7f8bfb130f23e8fd6c15fb

    • SSDEEP

      384:XErRo4TdlKCdUk6qz46qu2vPqUcnlSHmkuPJOiya4fF0Ac9khYLMkIX0+GvBgK3M:XiRoW7Kc5bBq1qNlSHmkuPJOJa4f4CD

    Score
    3/10
    behavioral21behavioral22

    • Target

      $PLUGINSDIR/knlctrlr.exe

    • Size

      78KB

    • MD5

      ab9bb925012998c5da319d7c2682e2a0

    • SHA1

      50a69c6a7ebc3d574930c0882e5f847230625c1b

    • SHA256

      486a4075fd7775e95594e165e04f67fd0705e52e80749ef91c6c38f46e48f160

    • SHA512

      96af310a1c8c9123b6237419ef30802d9301e352394cbae44c00660b76651aed95462a5b452196c80e733694ae8d370517feae6c0e7af373faf714b5b400902b

    • SSDEEP

      1536:wpgpHzb9dZVX9fHMvG0D3XJPyIGvek8s8mEkfSK/51ntfaRf2ClV6:GgXdZt9P6D3XJ6nveFs8y/5p8Ou6

    Score
    3/10
    behavioral23behavioral24

    • Target

      $PLUGINSDIR/license_7Wonders_OU.rtf

    • Size

      35KB

    • MD5

      d296a05760d22ee775a9bb52aa48f0f6

    • SHA1

      825e1b58ad4b501b7e5f2dc0003478896eeddc2f

    • SHA256

      bf7e7f0c4eef61dac94465471651324abce9541caeb044943940fa6a31197800

    • SHA512

      ba21bc00c0e97085763d78314a215003e355620c9ba1141e8ab56d0c9f1144294a8a51ee2306f2a5ac8d99583d9b276c8596fc2b76951c8e7b4e2b7e9e6dd5f7

    • SSDEEP

      384:CdtDNVb7PzybdKkuEhaLARQjIjBjAj+jrrCieRjkjRb8Yai6rGsNAYAXJqskU1:CdBEhaLARQMV8SLpmoNb8YihAZqY1

    Score
    4/10
    behavioral25behavioral26

    • Target

      $PLUGINSDIR/license_BL2_OU.rtf

    • Size

      72KB

    • MD5

      363b708f4928fd734c1196decc755349

    • SHA1

      281eae51808d7d28294f7d28dc7e9045ab10997a

    • SHA256

      ed0f7c4b0f133749bfa4fadec95aaa9a7538328f0ce4be2ce62be08971e5111a

    • SHA512

      a121295a3c9f5eb713b2e143682e112f4853d1ef95b41b98557f4bdbfb31dca469ad46a0045023313b06c2a84613ce8b5b8ccd3be39a98827dbc2d38ecfb7e4b

    • SSDEEP

      768:WXcE96gY6/T3HF6NA3cARJ3GfgnbCpMV8SLpmo3iJXQIfR8+FiJXQIfR8++iJXQH:WMSyeX9aLc12LJzhHjT

    Score
    4/10
    behavioral27behavioral28

    • Target

      $PLUGINSDIR/license_Claro_OU_2.rtf

    • Size

      32KB

    • MD5

      7b5d720492bf145241e95b563d4f3341

    • SHA1

      693b1d6a56b6b24bcedddda60c4612ac7ea1a6d1

    • SHA256

      87ddcd8980f04ba867b4c0af427ccba822412f1fad5ea8718f947e9de5950d6c

    • SHA512

      91df22c42143c47b7f53cc56efc4aed4492ff2753213a91f95e042a0e504cfea365141f1416588a65d93a92adaa92eccc0ce789d63620a54b4380e29e8d03a7f

    • SSDEEP

      384:VNXtDNVb7PzybdKkjEGGYgUQxirFyh27i6rGsNAYAXJqskGC:VNX6EGqnyhAZqCC

    Score
    4/10
    behavioral29behavioral30

    • Target

      $PLUGINSDIR/license_Conduit.rtf

    • Size

      113KB

    • MD5

      80de64eaa4989a88202ff1135d68c82f

    • SHA1

      bc518cec719d697e6f3872818618399f97c0aeea

    • SHA256

      f6c79a79fbe3d283823acca2f6c5ad27b327e9513c1a755379cb83bd8e4640b0

    • SHA512

      66199a54a63a5a2dd78f265282330eb45d8201a111c6d6c748df1228dd36450f0f4b06f7a3705a8d29190f63bcce549624ca1fde2d0d072fd97d43697494bb75

    • SSDEEP

      768:owIE3e7PDOcomh+LeRooIniyDTcvcBCNEeeJcOerjj1oxamIYKRXOYjI7csb5ftF:oFAHLFiGSGOGFx7RstDf0Yyn

    Score
    4/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
7/10

behavioral2

Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

discovery
Score
7/10

behavioral14

discovery
Score
7/10

behavioral15

discovery
Score
7/10

behavioral16

discovery
Score
7/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
4/10

behavioral26

Score
1/10

behavioral27

Score
4/10

behavioral28

Score
1/10

behavioral29

Score
4/10

behavioral30

Score
1/10

behavioral31

Score
4/10

behavioral32

Score
1/10