e315b6c1144c05f8031cc752ec6fe84864f004e995476b6354abe5a805544347

Sharing

Copy URL

Twitter E-mail

General

Target

75e887c4c7ead2f576483944922f0ec9
Size

1.6MB
Sample

240126-asc4wsadc3
MD5

75e887c4c7ead2f576483944922f0ec9
SHA1

72d423d3559d9f1b12a14665e7f092a9d47a2107
SHA256

e315b6c1144c05f8031cc752ec6fe84864f004e995476b6354abe5a805544347
SHA512

643f4a3af5c89da724fa0e71e0e64c57139698007acba78fc973b1fbfa84ec362e6279b6bb0237fc92419fa3f67a3b0e9eb2205897224c96cd7bf5dc61ea9356
SSDEEP

49152:+dncRrYQN11ZVFEftxIIQP3gStqj6KDVB:gcRcS1VV4SY6UVB

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  spvod_player.exe
- Size
  
  1.7MB
- MD5
  
  29cde3b138c0146acb08adf6e1728bae
- SHA1
  
  5b7885fc49b7dc121a89b2764da05d66a3595617
- SHA256
  
  f7ebbcb19286e0845344e9e9ba09533ce3990071040244e96f2c9623c06604c2
- SHA512
  
  eb6c2b9b1e67658caefe3635507a6926b60b90b2118a1ed89081ca13dc3789ad84410cd1683f420405ab89670c53d98232f9bfde0727709a3ef3e038304cefab
- SSDEEP
  
  49152:OIVRXtlkEQua3XaADxjKEZ3rpU84H6ZuwJhSLrnF:OIrB/a3XaWxT7p6uFornF
Score

8^/10

discovery persistence
- Sets DLL path for service in the registry
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  444e1109d960c307df0ca2b33a24731b
- SHA1
  
  55e3b57d06128911ed4af44858d199d9b1945edc
- SHA256
  
  b3ba181120cd5b57e2cd5435bbd64c3257f7525ade359f89554e93f466692125
- SHA512
  
  9efdb45ee0eae73c24d3f01ff799160090f2b1f0f28ee8da3af52992fec220bf905070ce5a6cc1b5657642440ad29c22bc6889cd3ee1f674a908a935dcf4c2a8
- SSDEEP
  
  384:fKlm7i+c3QW6ckPhyDEaLny2bbBBIXwZ:Cqi8BcyhEhLfbbTI
Score

3^/10
behavioral3 behavioral4
- Target
  
  $SYSDIR/pncrt.dll
- Size
  
  272KB
- MD5
  
  13001eb0a58b4de96126b16ab15fd8cc
- SHA1
  
  4dfe6d2d02e9fa194f4af3d054b458b5a4bafbe6
- SHA256
  
  e983aa97fe1ce6af92f06433a71e03f54d3fc78392e26691cace927094bab8d7
- SHA512
  
  1a7c052bc1e7c824a3aff5e27c5cbd0720893e341dfb93062021b82c3a6d940c4ea23cbcdfaaeb174d90f51c36f0d8c62f693766f42172f894b6b689d26f49b2
- SSDEEP
  
  6144:3m7wHLiH0k6OgfjvQ0mvlxZ/PeT8Ah8EoHiIKaGo5RpTufufVvtr+dj7GcuT1JOy:3m7KLiHl6OgfjvQ0m93/5q+iIKaGo5Rr
Score

3^/10
behavioral5 behavioral6
- Target
  
  Codecs/RealMediaSplitter.ax
- Size
  
  360KB
- MD5
  
  3c262235c90b600be5ff457bc9c8cccb
- SHA1
  
  7ebd941bd26c8f7b64c3784602ef1a49c9ced8cc
- SHA256
  
  d10e22a9198fc6d35ccd19512b03c00614300a13f7deb2e2abf383fc61075235
- SHA512
  
  cff32ad228eb672c8048486992dcd0f7a30b9b1f237a054e4d5287e49298480c780295d5f41325b86e95b368a679567ab6e2dbb5d03c04f2ef69ac65b10b4eff
- SSDEEP
  
  6144:UVsEJrHRGjDxIK1Rc2eC4F0W7EzJffReXPOw8MFkndG0yXGUweH:KNJkjDuKv2z0LzJf5efOw7udG0Ub
Score

1^/10
behavioral7 behavioral8
- Target
  
  Codecs/WMFDemux.dll
- Size
  
  104KB
- MD5
  
  5e06cd629712576a32fbcd8a0c62b4dd
- SHA1
  
  fd5cb2ce5e8d9010715b57b0c8a939e58697afc6
- SHA256
  
  58eb294d7fa3907dee24647aaf0a9ccc409f8f39aa9e03269cc8ea381c012feb
- SHA512
  
  09fc01869f59c1583d25d5aee6dbfcd4e3443fddcd751b3eade2447c6220263f7f83aafb174a026a0cebea904b67b9a256a02fa152f29d847c3993737642282a
- SSDEEP
  
  1536:4DjAdbvJ8f+XWJgPzgIO34eI86beCYbwtfH4Gxijh94l1vthK:4YtvJeTSPO4eLIKV94l1FhK
Score

1^/10
behavioral10 behavioral9
- Target
  
  Codecs/asyncflt.ax
- Size
  
  52KB
- MD5
  
  76283f65a79b37afd28b05cd7a3bf51b
- SHA1
  
  2a5ef2a6cc21229d34b32c961b27018f89a1cd67
- SHA256
  
  f5fd0b79c0f6938e287b803ad8c86663befcdaf280391e25550ec5aad32f604a
- SHA512
  
  d223aa86ddbb56a1bce91e0108c7ab0476f2879d8eba704291994d4bc0487c47b2def1f51f061c8801743d874b1f14a48a701923795eaa3ce21231d34b397749
- SSDEEP
  
  768:zmELP+O3b3uwmyhcDmHgfx5bIve45d6w:zmELWQb3T3joxdYv6w
Score

1^/10
behavioral11 behavioral12
- Target
  
  Codecs/atrc.dll
- Size
  
  76KB
- MD5
  
  143c1b061c29e8e6da3223591561837d
- SHA1
  
  e7542e2668e69ef8f159a7f2e7207d7552b4fb74
- SHA256
  
  98bc8d1425b7e2ae944074cab85f1b75ac86f4243420e088e0f1685009107a8f
- SHA512
  
  df8299935f8401368af7606a544213fd0662c67aed6819d0ee29e9266fc51349b08990fbf5a1a7a95eb09ad73173123b31d0f0bcacae852640adf5934451497e
- SSDEEP
  
  1536:yiIYskdn7pp5XIHvU/zTnw/unZ+NQvExk:DInap5XOU/vAIZpvEO
Score

1^/10
behavioral13 behavioral14
- Target
  
  Codecs/cook.dll
- Size
  
  64KB
- MD5
  
  fa220dae3898b8578c34791648321a38
- SHA1
  
  12bdd5396e996d071368980d36ef6f6c7b39f936
- SHA256
  
  f8b5898569a508e370eb25db27c1cba440c9d559529850c05589e56a93659835
- SHA512
  
  9c2ad73fd43de7ca16a1d75b2974a737dfe1478d094783861ff5e3f994e17bc9e36e31f130296b497bb8955849be31db526018c0621cf5b09496fc6e5c3d6f34
- SSDEEP
  
  768:79rczOVJc8avUhcRxV6Sz+b2G90YnGZosMwCJtVSk7K+t6tj6tVDWVp3Ghv+Xb:7uqc8/aUSz62G9LnOnMK+t6tR
Score

1^/10
behavioral15 behavioral16
- Target
  
  Codecs/drvc.dll
- Size
  
  280KB
- MD5
  
  6da31285ac7271bbbfe0f1ee76882383
- SHA1
  
  1b8b6cb6ad37dee958be9e0e2e273eb44b61dbb4
- SHA256
  
  b172d6680db022b03e8e109d41c271fc644418d0bc3add32513346364d0e8850
- SHA512
  
  5bd5c5952c9f6c5711cf3c328820a782abd59641821b1c9d9c1fd492b3350834cfe11e177affa9de27cc9457514c10aff45f41646c3df7ccedbb46247c21b402
- SSDEEP
  
  6144:ml06HFrzhnwBxHBxrFPprBxrFBxrzWoEeflc/AljEzz4:mSEFrzhnIWoy/AlYzk
Score

3^/10
behavioral17 behavioral18
- Target
  
  Codecs/msvcr71.dll
- Size
  
  340KB
- MD5
  
  86f1895ae8c5e8b17d99ece768a70732
- SHA1
  
  d5502a1d00787d68f548ddeebbde1eca5e2b38ca
- SHA256
  
  8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe
- SHA512
  
  3b7ce2b67056b6e005472b73447d2226677a8cadae70428873f7efa5ed11a3b3dbf6b1a42c5b05b1f2b1d8e06ff50dfc6532f043af8452ed87687eefbf1791da
- SSDEEP
  
  6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
Score

3^/10
behavioral19 behavioral20
- Target
  
  Codecs/raac.dll
- Size
  
  540KB
- MD5
  
  9576ca40a2adf61af685962c87bc24c1
- SHA1
  
  07681e114a23083e1deca59c5e4797cfbfdba34d
- SHA256
  
  62147521ab0b8a28859cd7ea42ee652597715487679b2b675a0ef665c41942e8
- SHA512
  
  f3deca561380731456fbf0610a3fca03134d9c920446c6b884b16f6212d3f846ceec2a9fa2854a65c0ab28c78df73c95edb83ec03874ca6ab70d003c7d49ac0b
- SSDEEP
  
  12288:Y00VpiOM/D2Z4689mx4oEmuCkDizKZSWNcKKKKYYYYYG0fJsZydmixv+g:Y0tOM/SZ4t9mxNEmuCkDeKIWNcKKKKYN
Score

1^/10
behavioral21 behavioral22
- Target
  
  GifShower.dll
- Size
  
  132KB
- MD5
  
  407ca7065f10a6397db208ad28b2990e
- SHA1
  
  574d120ff00d8204e159ef4372e7e9675330288f
- SHA256
  
  0e2b461e74409bd6d7a4f6f6cac153310d3b03aafc4d394c757aa3f26345ca14
- SHA512
  
  d4dce120d19bf0ceca38aeba4b08329ec9adac27c1b0e796709351971b923d6a88017bfa7a74fc09833f3bd15c803352f30c6a1b6692f80fb73150881cb36671
- SSDEEP
  
  3072:VCguN+rU8htnSec6la9rtTxvmcl2nO9k:VCjNv9rtNvcO9
Score

1^/10
behavioral23 behavioral24
- Target
  
  Uninstall.exe
- Size
  
  46KB
- MD5
  
  f867b2e356d36fdffb2418d144395046
- SHA1
  
  3ca1b76af547e83d44812558434c2f3be6df7d4f
- SHA256
  
  0735b0fd011a9c766b4c7545af609346b7aadf85fe398ee662387399493cf584
- SHA512
  
  308f372a00a53ac9c66c8d3a9648875c25ea424f18c978fc3c66f489aded875aca77bd79bf97f836439bd844caf1487eb7a4ed35fbaaaf9d927218cbbfd75c8c
- SSDEEP
  
  768:Cb4s6pIH65JbQRY63LVCIvFAUKWO95EnNz0D3VFS6sWkJJx+eJRn5Am6kRRJ2iZY:YjLaMv3xnCwNz0DxkJiqAELVigJw
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral25 behavioral26
- Target
  
  vjocx.dll
- Size
  
  1.5MB
- MD5
  
  da162564646da62c40238153a1cbf268
- SHA1
  
  b0314c89f0060d69f82d1bd057cc0cec84694794
- SHA256
  
  cfd9e9cd51d43f2366191ff5fefa4446b44961b37f203b943454f228d827d00c
- SHA512
  
  51c5c881395f516e9f670148e9853ef2ed3583270847cc32d66b39ae4cb72020dc8546ba845da8c8c132d24e489987987f8c0dae5b858c70dbc0e7bef5612393
- SSDEEP
  
  24576:w+giCmGVhE+TatkF+OtwxDgQuqcPSx4Da:QZFV0Rbjx4Da
Score

8^/10

persistence
- Sets DLL path for service in the registry
  persistence
behavioral27 behavioral28
- Target
  
  新云软件.url
- Size
  
  133B
- MD5
  
  4f0017b3b346bd0626f0c3b915e6e734
- SHA1
  
  823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92
- SHA256
  
  df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678
- SHA512
  
  0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6
Score

1^/10
behavioral29 behavioral30

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Sets DLL path for service in the registry

Loads dropped DLL

Checks installed software on the system

Drops file in System32 directory

Deletes itself

Executes dropped EXE

Loads dropped DLL

Sets DLL path for service in the registry

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30