da51aca27777c2fd13be2e099f6657b7815633bbbfe3240b4d8ed171867786ad | Triage

Sharing

General

Target

846ac24b003c6d468a833bff58db5f5c
Size

904KB
Sample

240131-pn6mzacae3
MD5

846ac24b003c6d468a833bff58db5f5c
SHA1

6077e3513a094de50ce3ce3876c105136120e7f3
SHA256

da51aca27777c2fd13be2e099f6657b7815633bbbfe3240b4d8ed171867786ad
SHA512

5e2f59f8eb47f238079fdd49bb6c64686713b93ef0d4b4cd790d56146372bdde7edd1d11ee12b72b5fd4324a783c504fa34ce745396080b1286ff44d2a481a58
SSDEEP

24576:/dUJ2yQo0enW8B332oQE1dISPMg4Bji51rsHfiFLXa:/dU1QoTT3WyPMrBjMpZLq

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  846ac24b003c6d468a833bff58db5f5c
- Size
  
  904KB
- MD5
  
  846ac24b003c6d468a833bff58db5f5c
- SHA1
  
  6077e3513a094de50ce3ce3876c105136120e7f3
- SHA256
  
  da51aca27777c2fd13be2e099f6657b7815633bbbfe3240b4d8ed171867786ad
- SHA512
  
  5e2f59f8eb47f238079fdd49bb6c64686713b93ef0d4b4cd790d56146372bdde7edd1d11ee12b72b5fd4324a783c504fa34ce745396080b1286ff44d2a481a58
- SSDEEP
  
  24576:/dUJ2yQo0enW8B332oQE1dISPMg4Bji51rsHfiFLXa:/dU1QoTT3WyPMrBjMpZLq
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  0dc0cc7a6d9db685bf05a7e5f3ea4781
- SHA1
  
  5d8b6268eeec9d8d904bc9d988a4b588b392213f
- SHA256
  
  8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
- SHA512
  
  814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
- SSDEEP
  
  192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score

3^/10
behavioral3 behavioral4
- Target
  
  True2Scan.exe
- Size
  
  2.4MB
- MD5
  
  7682a598ae6622ce1fc3b666a9a9dafe
- SHA1
  
  cc59865ea7605126764c009cc0be2351daa62197
- SHA256
  
  4b988a9aa2f81cc6329bd057f3d8e9144ef83ce95cc7524da1e3a03749d370e1
- SHA512
  
  289bc425aaf09787a654f8bb4389198e9c7f3517907cd7889d4d8cc1f31ac0d91a108cbfacf17f724096fb31018c754fd8e2c03768741e9aaca2320a3291b8f9
- SSDEEP
  
  49152:pRG2J9c6RA2L+zox3s31Z+Yelyd+zox3s31Z+Yel5:pR79hRAuv3s3X+YCuv3s3X+YC5
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral5 behavioral6
- Target
  
  True2ScanCL.dll
- Size
  
  164KB
- MD5
  
  ac0cde9828c5f06bd4b810d2b572d341
- SHA1
  
  111ae07023c80a1d3a66ffa005effe0cd9a7de46
- SHA256
  
  5edb512e49850c5c27f73ab7f0b1e55e91708410c9b5094ff3d8e1d32ecf3938
- SHA512
  
  674ccbbf15ac14d1745c8cccf45ef3c5a438d579568535f88d1de93905446117a726550cf498bebdcc2c017f8f3750c439dac1998d925a59836d8273a8841c46
- SSDEEP
  
  3072:nnQw3S+EpfpSb9dHe7HcSZve+TovBSPlOeK0KDo:nnqnf8NO8SZWU4e
Score

3^/10
behavioral7 behavioral8
- Target
  
  True2ScanCore.dll
- Size
  
  212KB
- MD5
  
  7c360237b662d26a7b93f16116d46cee
- SHA1
  
  ba193f555358b2ad804d2a3d62542db24f408d1c
- SHA256
  
  df0c76f765f91803df2122dc9a3dec9144c53edddfa23e763e19c6b3719a8cbb
- SHA512
  
  afce501b57b83fe40390ca13a2332816f3ab549c3f0903235ac5b60befbefdd4e2fa1480311007d92e8556e0a6c6ca9519e1a8c2065af1d818bf9ef95255cb4c
- SSDEEP
  
  3072:5QWFdWhevzQsYfbA53a/swuzlbTm6XhefBBubeNYfy+se0HrBSs9uh3evESliGJ5:qWDIgsM9aWbDXtihFeqrBSQe3LGrUr
Score

3^/10
behavioral10 behavioral9
- Target
  
  True2ScanLaunch.exe
- Size
  
  152KB
- MD5
  
  d25b84b81c4ce3b2291a2a5e504fe281
- SHA1
  
  f9c7ce8d82834816166d790b927560af894437ad
- SHA256
  
  8ade016b9d830319e065dddc26a1705777b031ef1ad904d87f65a7e3365517bc
- SHA512
  
  d8b1f8184d0f5fac382480655e2e059a232fd654da3af5b532971fcf862ddb6667d76b1720e6932cf15da1973a7fd23d70533d2e27ddea4696001714d49d897d
- SSDEEP
  
  3072:+0imUcoMxNW5aold3fgfbbcvUzpM7OZ+e81DllHve1eOmD:timUcoM7WXdOgvofMFHG1eO
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral11 behavioral12
- Target
  
  True2ScanUp.exe
- Size
  
  332KB
- MD5
  
  082fa20edf7890572fc4976564a98d2d
- SHA1
  
  3caa226411e9f939525a8d416e2de443f33a409f
- SHA256
  
  8222e2328386bf8de156a6a6586796f99c4b3d26580c6341efcfcbd804aedb9b
- SHA512
  
  a9817a3221e64061eb88a0b3cac02734e1796d87c1c273fafabe0669d063314c69c084c0ac117cae6914ef9785c3f07a6e787603a906c26b1cf2208761dbe927
- SSDEEP
  
  6144:9sXCUGhXTFYN5VF/6RU8Nhsd4si4wrn1eO9X:9sRGhjqhF/6Ps0
Score

1^/10
behavioral13 behavioral14
- Target
  
  uninst.exe
- Size
  
  50KB
- MD5
  
  4e480465798d180c4aaa22c370d2afce
- SHA1
  
  24a8ea7ee3370f0cc0860aa62af521b2a0df51b6
- SHA256
  
  c2c330ca281db344bc7f2cff55563bfc7993fcb440f3489a5b4a1981f46bd758
- SHA512
  
  e17eb327f1be48cd0180c10275e795f3a1ea746598ba1d3b1c64eb6739ca474bbaef66ece0c3794497c2d029c0ea3f3baf27e3899d8bc897c9ececbbbfae7f15
- SSDEEP
  
  768:91cVhpQI2EQK0iPDh84nScF15GYbWjXO3XJD3eOzwhPHPe0l8:LQpQ5EP0ijnRTXJD3eOsNHPP8
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/KillProcDLL.dll
- Size
  
  4KB
- MD5
  
  99f345cf51b6c3c317d20a81acb11012
- SHA1
  
  b3d0355f527c536ea14a8ff51741c8739d66f727
- SHA256
  
  c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93
- SHA512
  
  937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef
Score

3^/10
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18