Overview

overview

7

Static

static

3

_Redist.rar

windows11-21h2-x64

7

_Redist/QuickSFV.exe

windows11-21h2-x64

3

_Redist/QuickSFV.ini

windows11-21h2-x64

3

_Redist/do...64.exe

windows11-21h2-x64

7

_Redist/dx...up.exe

windows11-21h2-x64

7

_Redist/fitgirl.md5

windows11-21h2-x64

3

_Redist/vc...64.exe

windows11-21h2-x64

7

_Redist/vc...86.exe

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    _Redist.rar

  • Size

    66.8MB

  • Sample

    240129-xg2z7shhgp

  • MD5

    d982fae4dd39d43257d1957bff180330

  • SHA1

    79e7305a59b4ec8342ba787264a81c022c9929a0

  • SHA256

    1cb927ec838ca94fef66ba6968112eb8f02f1227208bbbe04a0876e7cb1c6d27

  • SHA512

    1663009beb70657f138b7b3dcbf8765e8fe588fda754b306e53de7540c07501ba0af6df3982ce502972fc03897d63636303d6b70e2fda1f59a43f018971fd74a

  • SSDEEP

    1572864:mAT8eNlVTs1xW0Weh+FWfTrCf6acQk4xQvxmwU:mAT8efVQ1xtWehRfnQCxmD

Score
7/10
persistence

Malware Config

Targets

    • Target

      _Redist.rar

    • Size

      66.8MB

    • MD5

      d982fae4dd39d43257d1957bff180330

    • SHA1

      79e7305a59b4ec8342ba787264a81c022c9929a0

    • SHA256

      1cb927ec838ca94fef66ba6968112eb8f02f1227208bbbe04a0876e7cb1c6d27

    • SHA512

      1663009beb70657f138b7b3dcbf8765e8fe588fda754b306e53de7540c07501ba0af6df3982ce502972fc03897d63636303d6b70e2fda1f59a43f018971fd74a

    • SSDEEP

      1572864:mAT8eNlVTs1xW0Weh+FWfTrCf6acQk4xQvxmwU:mAT8efVQ1xtWehRfnQCxmD

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1

    • Target

      _Redist/QuickSFV.EXE

    • Size

      101KB

    • MD5

      4b1d5ec11b2b5db046233a28dba73b83

    • SHA1

      3a4e464d3602957f3527727ea62876902b451511

    • SHA256

      a6371461da7439f4ef7008ed53331209747cba960b85c70a902d46451247a29c

    • SHA512

      fcd653dbab79dbedca461beb8d01c2a4d0fd061fcfba50ffa12238f338a5ea03e7f0e956a3932d785e453592ce7bb1b8a2f1d88392e336bd94fb94a971450b69

    • SSDEEP

      1536:lYfzZTBgMtgBKOX8eXDfRQpDm63htpmKvEZfn0X8u165J+S0YKxjy1:liVTBTgQOX80I59VJ165J+S0YKx+1

    Score
    3/10
    behavioral2

    • Target

      _Redist/QuickSFV.ini

    • Size

      155B

    • MD5

      c5c28798bca6e9ed5d84fa67b656065a

    • SHA1

      4b6fa3465f1b393e22e9f083b177462028a48e93

    • SHA256

      74ca5a42469197eded04f5a0bf34ca251c72f7cc06a3416ac035230cb8e81629

    • SHA512

      c06baa4b31e2866fc3f298826930f43fb1d9c2de24e0984594e41f72f022a9090712b478e84d3cb46e0cb0f45d4e81d6c6443b69c7513775340324d9eda92963

    Score
    3/10
    behavioral3

    • Target

      _Redist/dotNetFx40_Full_x86_x64.exe

    • Size

      48.1MB

    • MD5

      251743dfd3fda414570524bac9e55381

    • SHA1

      58da3d74db353aad03588cbb5cea8234166d8b99

    • SHA256

      65e064258f2e418816b304f646ff9e87af101e4c9552ab064bb74d281c38659f

    • SHA512

      241ba3f82f37818407bc00909c160b653b45a1a3d156e043b87ba18a7819294716705c952c7b46516c4afd86e6f99bad23e7235b951a371ae6728107f19e5f23

    • SSDEEP

      1572864:cAVBjIQSzQe3cf7xOCHKYrLn+XxdjrALIjOqWY99:VVBIbzQe3u7KYrCDS9299

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral4

    • Target

      _Redist/dxwebsetup.exe

    • Size

      292KB

    • MD5

      56d52c503adf02184f19eee4767ef60a

    • SHA1

      ca133f67a286f4f20282e19837b53b38a27a1caa

    • SHA256

      ed79c8f65b02ed83d5db8c355328294a73dc447f08f657312bf8f3a5b40c7494

    • SHA512

      246f35664a9af548d402878a3e6ce6d8901a0978477b145db5fd4e5857021efc4016369e9e02e709a27cf5c84f44a32e106008668ba96e2b45d4d06599090d8f

    • SSDEEP

      6144:lWK8x2ZFD7h/uMdnv0iyLI6utiI1ARjhaXcoUvedlVFdo:22ZFD77dnBhi3Us8/VFdo

    Score
    7/10
    persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral5

    • Target

      _Redist/fitgirl.md5

    • Size

      126KB

    • MD5

      d2c75112313b4024bac38c8285f334b2

    • SHA1

      618fb3f0bae5d23f531d67c9402126bdd7098521

    • SHA256

      366ec9c7df3255fe6a33bb9c3a473d4ae069e0d02bdf6160e7e3f03a0e2a3b3d

    • SHA512

      14e7815f10dc483f9154ec855c350f5ce77fb1deed0a56a387ff2c4853d6773c5bf2099e285a4e48084c34f8257ea8d32ca85cb2c57f5c658fee8a790791d44b

    • SSDEEP

      3072:apT/vQi/0RV/j54OitJkm/IfjS+KoEYFE:apT/vQi/0RV/j54OiJkm/WS+fW

    Score
    3/10
    behavioral6

    • Target

      _Redist/vcredist_x64_2010_sp1_x64.exe

    • Size

      9.8MB

    • MD5

      c9d9eebccef20d637f193490cec05e79

    • SHA1

      15d032d669078aa6f0f7fd1cbf4115a070bd034d

    • SHA256

      cc7ec044218c72a9a15fca2363baed8fc51095ee3b2a7593476771f9eba3d223

    • SHA512

      24b56b5d9b48d75baf53a98e007ace3e7d68fbd5fa55b75ae1a2c08dd466d20b13041f80e84fdb64b825f070843f9247daba681eff16baf99a4b14ea99f5cfd6

    • SSDEEP

      196608:n9A3D5MBD0vwqMKgL29M2JWMWiKV/nPlnqIaAAVINqsAsbPnpCxmz7dU8:23D5MBwZMd0b4oSQ7VSrAs1gEdU8

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral7

    • Target

      _Redist/vcredist_x86_2010_sp1_x86.exe

    • Size

      8.6MB

    • MD5

      1801436936e64598bab5b87b37dc7f87

    • SHA1

      28c54491be70c38c97849c3d8cfbfdd0d3c515cb

    • SHA256

      67313b3d1bc86e83091e8de22981f14968f1a7fb12eb7ad467754c40cd94cc3d

    • SHA512

      0b8f20b0f171f49eb49367f1aafa7101e1575ef055d7007197c21ab8fe8d75a966569444449858c31bd147357d2bf5a5bd623fe6c4dbabdc7d16999b3256ab8c

    • SSDEEP

      196608:e9A3DAnfudQZKuNK0kMp2Wxw2tr3aA5Jegn9kaK6Hj0aaNz9ZBJ7C:t3DAnGKZKuNK0SvAn9kaK6gaaNRZbC

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

11
T1082

Query Registry

7
T1012

Peripheral Device Discovery

3
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks