4a08a6514a9bb199cae62c8a6ad799f064c3ed0c933c01eeafa59023b24aa56d

Resubmissions

11/08/2024, 12:15

240811-pfbgvstblg 7

Sharing

Copy URL

Twitter E-mail

General

Target

SMM_WE.7z
Size

137.8MB
Sample

240128-j7kxqaefh5
MD5

ba8caad77da3183dd7fc088c6af3be8d
SHA1

5711b71e1ab9242c68331eb5f8c3d980e1eb3d63
SHA256

4a08a6514a9bb199cae62c8a6ad799f064c3ed0c933c01eeafa59023b24aa56d
SHA512

11e92f77c43a4854e4b181f11b3ffd880f3dd34278484fa3149b569938452769da2b54417048e6f5513d4b06f8755ac2ab6cf69822ab8c236eb28da8aa428cda
SSDEEP

3145728:SpUyxHzFQ8AqPe7QhetFTUgD4JqFpWhk7Y25YNk:6UoBQ8A3tFoXqFYuU2ok

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  SMM_WE.7z
- Size
  
  137.8MB
- MD5
  
  ba8caad77da3183dd7fc088c6af3be8d
- SHA1
  
  5711b71e1ab9242c68331eb5f8c3d980e1eb3d63
- SHA256
  
  4a08a6514a9bb199cae62c8a6ad799f064c3ed0c933c01eeafa59023b24aa56d
- SHA512
  
  11e92f77c43a4854e4b181f11b3ffd880f3dd34278484fa3149b569938452769da2b54417048e6f5513d4b06f8755ac2ab6cf69822ab8c236eb28da8aa428cda
- SSDEEP
  
  3145728:SpUyxHzFQ8AqPe7QhetFTUgD4JqFpWhk7Y25YNk:6UoBQ8A3tFoXqFYuU2ok
Score

3^/10
behavioral1 behavioral2
- Target
  
  SMM_WE/bgm_sm1clear.ogg
- Size
  
  57KB
- MD5
  
  56a3806deeccbeef50fa0d8275fcf3db
- SHA1
  
  ba9310b890b61bde77111fd9df6f11aacd2d668d
- SHA256
  
  fd9629866bc2ef812e4b32506b84b3dc542ae639efcd84cee44689aba3158515
- SHA512
  
  3b7e79d370b1ab52b698d1434bbb0ce88fc209157ee84d81ce8807eae9a853422457ec14f8cbf258711869c8e5f570f70745ce95954baa27d603b54fb1f22a42
- SSDEEP
  
  1536:VR2IJwqTt3f6lDrHkx4VaGW1ErXhFyAL9V3P:+IJNZSlDlrXfDL9V
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  SMM_WE/bgm_smwclear.ogg
- Size
  
  91KB
- MD5
  
  5bef7ed5a5ab7d2069b16164ca18ff47
- SHA1
  
  e98a384121e72e0d45dd947131a9e01d74eb601e
- SHA256
  
  5e27eb04afe7163fd4c957b116d199667c1360790085e4c92a8d637aedb0d233
- SHA512
  
  3d0e5337a208b73ab1a77f4a857ffbe0f0c99ad39365cbe1cad6e6ac205c2eec976b0e0ed8301d1f8a132f17d50d3c5d6bf460a0f9aec1d3181de1be551c9fa1
- SSDEEP
  
  1536:zRA57VfUAjkJuxKKk0jVPKeoy64tSOhr+u1VZwcKl1DbZ1xiDqrtOrHwWT9faMPI:exxjkcxKkJoVKr+u1VZwXPvZviehCQWg
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6
- Target
  
  SMM_WE/bgm_smwclear_castle.ogg
- Size
  
  90KB
- MD5
  
  dcd4aa666c321cfbf6bd674e0af7079d
- SHA1
  
  f2542178d03b16ecbb834a7c40db69f0b136097a
- SHA256
  
  220449588651b37f2b5f844a6db2f538f815434ecce3b3dfdcb7e074b5ef004a
- SHA512
  
  7aae4a9ba9af4b1f4f41bc266ccc25590d196bd102fbce97f2eb12eb41e27022da3fd40bb402d6ad69a620c5a048ba23cfc029977aad43ae26545b826c54fbbb
- SSDEEP
  
  1536:GRoL86BHd69n+aMFE2B9Uat8daA1EQ+JTY4grXzuXEcjCYfl+rUEw9vqJnHno:7YMdg+aMFEwUat8db1H++z0ErYN+gEwR
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7 behavioral8
- Target
  
  SMM_WE/data.win
- Size
  
  56.2MB
- MD5
  
  a0e17999c86a2a56d9771f5ddfbfcb33
- SHA1
  
  3a068e1901e708fa48baf72c14b92b418d81df8c
- SHA256
  
  5688bd7b0b1f2d584d40e4e70a9c678d3e617ba78454f0d1df93ce8c8b13eed6
- SHA512
  
  24142bd50d14b9f6172509b6c65055ad265471cf96b55a8d5ab782b448ae9b4c8380bad2e0ad6bf3ff38781ebb2b1d4a52a5dd0c0bd26e4561919dbffc5d61d7
- SSDEEP
  
  1572864:XSqavhLr1JDjzl9+e4zHcTv28zUDkM/gKgSBhW:XSqaJrrjP+AyoMIIjW
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  SMM_WE/font_as.ttf
- Size
  
  28KB
- MD5
  
  9dc2726e2de20f8cfa403759047544f8
- SHA1
  
  0c1a0b581ca41961c98e45b5c2221913c0b247cf
- SHA256
  
  314b247fcaa412335fec4edea6c53676ce5cd12e13d6e01f212c77a4d411d038
- SHA512
  
  dad388dd5119776578ab6ffd56dc5bea4657d60878dd73f660c1cdde97933c137488ffa58386698e08323be79ebaec87fa3f58e948b50a53dcc488e894b95c01
- SSDEEP
  
  192:ekLSgDusjzKwTm6JyOKT8a65kwXoOzfjQ8AUCd/gUUU:ekL/bXKwpKC5kJ0AUCd/gq
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral11 behavioral12
- Target
  
  SMM_WE/fontcjk.ttf
- Size
  
  1.9MB
- MD5
  
  d2c4f5495d07b9e744ad0425f09242cc
- SHA1
  
  26770f2b2132f8cf1c70d6c86ff85b8f135c2701
- SHA256
  
  30c921846d8c0568065f75857773e2f16b05ec41d4fdde09993c79789415fd9b
- SHA512
  
  4cb5560bd418db8616ec6f22a0e493378276e22aa4cdda0eb5865e3d4970fa31574d3e9f0c2fe66c18ca9d413e4d66bff1de149e3b1a3538357ffd25745ad282
- SSDEEP
  
  49152:4+Wlc+RuFdLY+NufO9bsRMMM6EF8cPQPfsCQFSuSp3I9:ZWlc+RuFdLY+NufO9bsRMMM6w
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14
- Target
  
  SMM_WE/options.ini
- Size
  
  172B
- MD5
  
  06c19f2910a6a55d5d326cba5e9a73a2
- SHA1
  
  cb5f47877a4084de1d1424af5d9a9ef73a679bb2
- SHA256
  
  12956fe9cc78e872e0ff933a9e858027496eb9f0b6c96ef56cc6241f8ab052e2
- SHA512
  
  b1a2ef7c8283b5382d8a6beb129f43315de49912284a3d595d8d8565ee1062369645260e7359ff76fcb04610b8f98e6835846389c9b42242c37cf71d8ec41eaa
Score

1^/10
behavioral15 behavioral16
- Target
  
  SMM_WE/snd_1up.ogg
- Size
  
  7KB
- MD5
  
  66babf354adb6a36b6152c0020c74403
- SHA1
  
  4a2c6a19a4380dd5fff4623317916efe524bec9a
- SHA256
  
  b9fe739a81c67553694ebe097d2471136258f710c2ab65d98e3c86cc1657720c
- SHA512
  
  16857a868a420d2ebf93b618f3daf0e3bf5e3bcbec34dc585f1f8f6bedca3569a72e117142073439293872b76c14cacdee84e15f37e56663f2238578b28f313a
- SSDEEP
  
  192:/DJomrimXOct5g6kF2D6PN4S9n0yJFE1N41KtVolrNWCu21E+iey:bimzp26U140nxFEfecKZWCu9ey
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral17 behavioral18
- Target
  
  SMM_WE/snd_DSM_1.ogg
- Size
  
  116KB
- MD5
  
  020db3f9c2d8d51939fdafd902580ae4
- SHA1
  
  980e038b9bc2790192f17665a5e718b49d7b1948
- SHA256
  
  9f2ade16dbfae65da16835ce0b98fb100724ccf3417441fbe42a1638ee6c46f7
- SHA512
  
  9ef1bae6e70e149e89e7b9c7a992ad42c37c5b5696d89c7595ed8153acc1b80587669f0b962bb43d3be6dd19a5f96fc085ad28eb88db7087dca11954112bd664
- SSDEEP
  
  3072:DSxK0DIT6kVXtkJtusyMybYltuR5TF7Y8W0Iq0O:DYDIGkBr+YHKLZq0O
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral19 behavioral20
- Target
  
  SMM_WE/snd_DSM_2.ogg
- Size
  
  112KB
- MD5
  
  293336c46761be409f96d26887b32f4c
- SHA1
  
  b15b8e631b1466e7aefcd36d9c2506c3760f8f9f
- SHA256
  
  035fccbb2cd74fb1e66bf77ad0ebd3824eb309230aa7728e0a1add67dc10cdeb
- SHA512
  
  971e72af3ff7b3db66126f2fd5f488f38dd82ccd6247e0db0d493f34db0409a3a040366f31da0759feb9bd2d013c18205e4e177b65181e0452d7a0586eb0864e
- SSDEEP
  
  3072:UgE8kmwkRz7/EvrOU5Nqpeomj+O5/SUgWI9M:U/8kc7/EvCUwmy6SmI9M
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral21 behavioral22
- Target
  
  SMM_WE/snd_DSM_3.ogg
- Size
  
  116KB
- MD5
  
  4f79e9e0ab0bb8d1f33686705b28102b
- SHA1
  
  a55e6f34e3914a6d45a2c46af67df16a59cdbc33
- SHA256
  
  1147bfccf2ae5ca3ffd271655a72bb70b4eef8868dba2a431ca80bf9565e3709
- SHA512
  
  f7041715624842ff58934e539392f0d660cdad280d92c08bb09d8855ad5266e4836d5233236ea4c9718d18b620444c72ff19f91a9225a8b42636853d190dcc94
- SSDEEP
  
  3072:MsTFJjm97sC73hXhE2JTYWTqa8HhyYfCuy1mRIu/:2lrZ5qa8ByYfCuy1mRIO
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral23 behavioral24
- Target
  
  SMM_WE/snd_DSM_4.ogg
- Size
  
  105KB
- MD5
  
  396696dd59ba24405aceaee563bf48bd
- SHA1
  
  f797dc55018330408fc0fa5044584521c882fc20
- SHA256
  
  e3459474503f4685a02504848fc17c3a50f25a21c0b671f2e2da42aff02d38ae
- SHA512
  
  cd3accec3ae709d1122f03a279ce4a592611e5f530250ed7dbdce2801e592bac1d335b08d65fac0951d42b6c85fe2ad387d7d0b808e8792774d9b5812e65a4b0
- SSDEEP
  
  3072:CKFNGSWitajA1Egd+DoCaqgO+U6el2mwo+b:HCSf2lgYkzqg/U6el25b
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral25 behavioral26
- Target
  
  SMM_WE/snd_NSMBU_1up_coins.ogg
- Size
  
  11KB
- MD5
  
  510c3dd25ed67754bc8753bc57d49699
- SHA1
  
  4da3f44a8494ab0087fb79e6766b0a90631f12c6
- SHA256
  
  ec04a7426d5a445e06cbaa0ffa202c81df69f82d6f9bb89bc386a569ea34a2c5
- SHA512
  
  7317edeaa96b6c5282a3d57d22f5c4b7fa874adcb9236209aeebd514ef6bdcb812f37b0a22dbfa63b99c07db244875637de215bedf99b8f4e8bce0f66b9b2273
- SSDEEP
  
  192:NqDJopTxIXg1fnEObzcSIIMS+t32m4EajJ0Dx8mjqGeYeXFdNJnbfB2n+udFeJ1Q:NMiJKXg1/E6cBPS+8jEaV0DOYsI+J1kv
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral27 behavioral28
- Target
  
  SMM_WE/snd_NSMBU_1up_original.ogg
- Size
  
  15KB
- MD5
  
  3012234e6bafdcc27af88c392d516217
- SHA1
  
  0b599cb028199641f067b21f9e393043a7ba0459
- SHA256
  
  0d7fd425cfaad71d15d2cec6e8fda60c4231888105667422bbaca75be0e9a05c
- SHA512
  
  17c08df56b1a1e9567f3d966f4afd748e95e46c5b2b52a4b2275710d8cb17f2674eaec54710f8bccf83902139e824703429c5df37651f0c14fe95971a84f9544
- SSDEEP
  
  384:GiJKXg1/E6cFHJMgrsZ9Sq1b4toWBlfOy306il83q6jSXjC:t/E6yMKsZDqoAlfOy3glljC
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral29 behavioral30
- Target
  
  SMM_WE/snd_NSMBU_airspin.ogg
- Size
  
  8KB
- MD5
  
  2c5a00f582d70e37f83f82d21c058fa7
- SHA1
  
  0728a2ad266d12775a3138eb9428499be34a7ec8
- SHA256
  
  a050acc8bf04a2e555c07498533b155c4645cb356d154c247b27889fda00efed
- SHA512
  
  8bb8af14f4fc7b37ba884fe2d06e665deec465576fd96dce2dc784b58fe2d72d2c8db24fe7ca1964e467e0e9cfe81bd4991bd2b83953b9f3da534c37a3bfc854
- SSDEEP
  
  192:sDJopTxIXg1fnEObzcUf58p9d7rlRNc8uda0KpXaX53mdQtN:WiJKXg1/E6cc5IlkdXKpKX5lN
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32