93095231daca7fec33a933c629b10421bac054d90fb18f1dbc1ad1f75b0598fb

Sharing

Copy URL Twitter E-mail

General

Target

7a0140a11c03f5989dd82b7a42c57863
Size

2.6MB
Sample

240127-mlafmscahm
MD5

7a0140a11c03f5989dd82b7a42c57863
SHA1

a29d0018dd2d31c75ee8209ae3ac02e3fd87ac3f
SHA256

93095231daca7fec33a933c629b10421bac054d90fb18f1dbc1ad1f75b0598fb
SHA512

7a94478acc248775eb39ca64680143d1c45c7f77f45957cf317f210406ed33bcb04f122cfcbf851c00f9c3fba97287d9696a3b2689278efa1248c633de18a982
SSDEEP

49152:swt4fRupLu7Pt2ODRw8BuZGPIuTnVFKmnqmSw5BGkF9GBo8kCaKtYViH+B:swtRS5t6/IguTGUqmSwzV9GnaKWB

Score

7^/10

persistence upx

Malware Config

Targets

- Target
  
  7a0140a11c03f5989dd82b7a42c57863
- Size
  
  2.6MB
- MD5
  
  7a0140a11c03f5989dd82b7a42c57863
- SHA1
  
  a29d0018dd2d31c75ee8209ae3ac02e3fd87ac3f
- SHA256
  
  93095231daca7fec33a933c629b10421bac054d90fb18f1dbc1ad1f75b0598fb
- SHA512
  
  7a94478acc248775eb39ca64680143d1c45c7f77f45957cf317f210406ed33bcb04f122cfcbf851c00f9c3fba97287d9696a3b2689278efa1248c633de18a982
- SSDEEP
  
  49152:swt4fRupLu7Pt2ODRw8BuZGPIuTnVFKmnqmSw5BGkF9GBo8kCaKtYViH+B:swtRS5t6/IguTGUqmSwzV9GnaKWB
Score

7^/10

persistence upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  cb589d300ffc4e38183880a476eb5aee
- SHA1
  
  3c7828ebabbd53305ca7dead9d75858a87cfaf71
- SHA256
  
  b40bf86e3522e4504dca095721040d1b143438076a5d299210b654f38f86aabf
- SHA512
  
  c3b453c997a8a9fecb2decfe65bdc2810e79ac81b7e9dfa960c05efecd3016fe8f3f20e06b49abdc4112f8e948856ea0fbaccd2c8f5e45f03242d839ccb1cd1e
- SSDEEP
  
  192:fzF86tZDWrepiJLEqUErRtdD4fUuMZwt2h8sIGO2x9:fh8TLLweSfUuM0GOC
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/VPatch.dll
- Size
  
  7KB
- MD5
  
  3d80bc4e61215a2caf2a3be4601b6e38
- SHA1
  
  d0694f7634d65d96c2fcc3aba7084b133488bbc5
- SHA256
  
  ec236adc131f31c3d2242629f8a925fd3730e25924e1a5eea3e2c97dfbd19b34
- SHA512
  
  6b1a010b447c4c2e90fc0892205bb3e6d7b3079aba7c409eae670ee4164399b7ec1a814841a0de29d4a4eb7ccdb54c14052f97f67dd6e1a2ab77cd36005c1ccc
- SSDEEP
  
  192:nf5EgqB6un6RfJ6ewWU/5VYFLppWFlZGiQpN1SRvV:fygG9nkhFhfFLjWFlZGi0NWv
Score

3^/10
behavioral5 behavioral6
- Target
  
  cmd.exe
- Size
  
  386KB
- MD5
  
  53aeeaf4e7f12b8e91b3a474cafb4115
- SHA1
  
  b90f3887c035b47fde7280bcec91ce273fbc8f7f
- SHA256
  
  c95c0dcebfcb96020248be1dbe04752acdca6971ed81b308dba302b713882d29
- SHA512
  
  6ef041f581046dddc58608c9a8ff800eaf4355328ec5132ecc1345fdfbae97b04a88f2b4ab26989a33c4bf2e24f81cb0b9339a58d4e54f6831dd5cab78f42fc1
- SSDEEP
  
  3072:/2voeN+jaiG17Ef5KlrKnBZ59oZSmveDlcjIV8jlwIRU+MzERobOiLJ93q8DyWg:+QeNai17Y56rKnBfWhveajzxwIRUOic
Score

1^/10
behavioral7 behavioral8
- Target
  
  htmlayout.dll
- Size
  
  920KB
- MD5
  
  6ed2f0b1b13e068e0e9377298f2c550d
- SHA1
  
  8edcb7f3b6b4e578363d12a991a75164a4632521
- SHA256
  
  5a63558628f3bc939a393a46d1c201a0fb706ee36f39db5375d2cfa2c72c69b0
- SHA512
  
  4b50e8316d170722c7cd717ca8c700e2b1f790531ea750c7fd88864a5a2add4718aa658231d7ba9c8f25ea4478338474762456322c3dba944b34d791856245b4
- SSDEEP
  
  24576:h6+0bI4EotRfKHLz70IapiuKKhvTxLAlxXi8iQ:Y+0U4ESRWz70IUqrXi8
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral10 behavioral9
- Target
  
  winzipninfo
- Size
  
  675B
- MD5
  
  fbb9e177f852b0946bc10992c9f41550
- SHA1
  
  8495aa693e6d9d0eca261711351784a43b23acaf
- SHA256
  
  3c37e34f1638bec50ada14fdb62b94f86903be76e72437215f2843de795a21a5
- SHA512
  
  a496f784244312d7c0cc7bb5e3ebc5bb91e26995049c235fd82e5d7cea8542b68cf8b0d5a7a2b18e09764432a54da84d4fc47102ec0c3c6ed5af3f18327533a0
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ACProtect 1.3x - 1.4x DLL software

Checks BIOS information in registry

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

Adds Run key to start application

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12