General

  • Target

    8b1ff33d2daf95de17436f88ce9b13ba

  • Size

    1.5MB

  • Sample

    240203-cmxmfseee4

  • MD5

    8b1ff33d2daf95de17436f88ce9b13ba

  • SHA1

    e6afa57698d56487bfee171b62a70a113d5d3c47

  • SHA256

    21a03658486b940d77d0fca56f51ffeb391332b4a44dd32cc2876c7bf5e111a7

  • SHA512

    2a1990af212ae484d5017fd8506f67b0f6947b4cb1b17fe685f59008657e208a8fb744440a7fcd79030e2e2a69897b01d6052f3e87b4015b91ccbf623cc552c2

  • SSDEEP

    49152:M1Iab1RW6034kIIiU8dsrbb+lVfzqrdxuzabT0Jy:ij/Q4kIj7doCjzqpYGMy

Malware Config

Targets

    • Target

      8b1ff33d2daf95de17436f88ce9b13ba

    • Size

      1.5MB

    • MD5

      8b1ff33d2daf95de17436f88ce9b13ba

    • SHA1

      e6afa57698d56487bfee171b62a70a113d5d3c47

    • SHA256

      21a03658486b940d77d0fca56f51ffeb391332b4a44dd32cc2876c7bf5e111a7

    • SHA512

      2a1990af212ae484d5017fd8506f67b0f6947b4cb1b17fe685f59008657e208a8fb744440a7fcd79030e2e2a69897b01d6052f3e87b4015b91ccbf623cc552c2

    • SSDEEP

      49152:M1Iab1RW6034kIIiU8dsrbb+lVfzqrdxuzabT0Jy:ij/Q4kIj7doCjzqpYGMy

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/MakeDll.dll

    • Size

      397KB

    • MD5

      8c21929b256feacd384ffa982fca6a4d

    • SHA1

      5e61a8c286ab2a9f5eb918c2df2390ce2cab7a44

    • SHA256

      41a533327a2a39a0b032027c408a962180a3a75adf5bcdafd734a50f09608790

    • SHA512

      0d619e539f7869b1cfffa3d722ab2619214b225129b0e224087596d525c57b81661cbccce04e0fcb10aba6ff7cd822dfbd4df9b1c23edf2df142d4548aca7c24

    • SSDEEP

      6144:67ELuk4cTX1ARqPvCudXWy3oanscbvDJQk7e2q/H8EIINRBT9fNsaKfjemm0WDl:Mk48ARqPvVaQNrqNP8ER9lsaonjO

    Score
    3/10
    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      72f18eaa88886bd0d46de64a17d9720c

    • SHA1

      e604c84de0ded023cf4c5e215c0534faf1d18227

    • SHA256

      05f699d932f1fea8e6f1a711c3bc8ba51463b924b78a68bfd0683295de008da1

    • SHA512

      5a80e303f1418dde67ffe0b9b60d574b85634de0d2b557a6691229812e9b376fb34ba7e276efd0e20f35baec91f1030b738e2138d7b7ee146715fcab5cd7e018

    • SSDEEP

      96:VgJbo7bG2VHk3C45rJixqE+6nSvMn0iGLG8wq/aAtJ1t2RhU1fU:qJk7ZHgRJRHvcwBwqP/t6wf

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      00a0194c20ee912257df53bfe258ee4a

    • SHA1

      d7b4e319bc5119024690dc8230b9cc919b1b86b2

    • SHA256

      dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    • SHA512

      3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      c6284e23cd7e4d11db8298deb4541083

    • SHA1

      e338686c7579620383ab8cc5a51bbb8d846f60cf

    • SHA256

      79914940cbbf70a385f13a9970a9d577d7a7e07d240fe44563b45a472cd4bc3f

    • SHA512

      72103e470d770fb402a18e975ff339526a3e4c9aeb8fac1b0977995a6eace0eca965b1915404df9b5a25b59628db1b199d2b9b10372841309c137054356a5cd7

    • SSDEEP

      96:q0HzOxnC1hncrcpRciM8wcxMkDOW6LbUXv8X2PXv5bcndYosRn:qJxw3pmiMRxNE/8c5bcdo

    Score
    3/10
    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      40909a97db3a51fc83aaeff503128b3f

    • SHA1

      9693d68a1fb11db70f61b8277e1195dd298abbab

    • SHA256

      f2633b3604a80a7b1be67858fb43288fd7b686730bad158f347dfa38c6df59d9

    • SHA512

      cd1425e28302dfeced644fa155a09549aae25b96f5f6a7688624135a69be7abee8e6eaac89194dc6ec89281c45e00451fae43db5953360ee9a47dc0d11d07c77

    • SSDEEP

      96:+Vyk3+0P+gcVUzWKw1lq4xNmuUUOnyX3z9zJ5cVK23EHC:+40P+gcVUzWlyuUStJ5cVKXHC

    Score
    3/10
    • Target

      $PLUGINSDIR/nsRandom.dll

    • Size

      21KB

    • MD5

      ab467b8dfaa660a0f0e5b26e28af5735

    • SHA1

      596abd2c31eaff3479edf2069db1c155b59ce74d

    • SHA256

      db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73

    • SHA512

      7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301

    • SSDEEP

      384:LCHDPMs4GdtyO5roguusMxUXiO3wOw95euooP2UgKbd9BvNtf:LCHD6Gh87MKXil/5r2U3z

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/registry.dll

    • Size

      16KB

    • MD5

      351f89337642c165a48dd763aa210023

    • SHA1

      a5b204cbc51a0ad84248aa680b85be7824f3354e

    • SHA256

      b610ab13da00e05b000026c73081cfdf0d2ebd3f2fad05e1d0f277060fc3c07f

    • SHA512

      10326b95ea81b377f74cb9e42135e891930a354b65ce50a4562246da33ca6816f5397089bb60cd1eb647bd28829d70f6425c3113440e11f9a9a4f7fecaac7f4c

    • SSDEEP

      384:tTVUUuJHxgeh2OTU+X9pCtlohiTV0pWY7:tTqzHxgeh5X9oaiTgW

    Score
    3/10
    • Target

      $_54_/$_52_

    • Size

      121KB

    • MD5

      031dcad5dfb1996d7de291492ba460b1

    • SHA1

      2cd4b15ca5e3b938ac7e2fc3f80997f410e078c4

    • SHA256

      69ae61a1ae85d249df50970da94c7732e14d9ca2cf6a2d213f3792e10f72e2b0

    • SHA512

      9a7d95358452b6b110022066276a38e5a12c67e1e97aa4a34e995553372221f76138bb230f08e3924a5e6f6b14f7c4f7d56b9a816f57a33da17ebe1aed7a1445

    • SSDEEP

      1536:LXhm1dxwN0nYFOauYOjHZmGKowTvcLED4pWsOPhZCCAJibqaJhWWn9iawgjUjNbE:Ls1GOauHZmafE9CRafBn9dwg+V

    Score
    7/10
    • Deletes itself

    • Target

      $_54_/Engine.dll

    • Size

      508KB

    • MD5

      e94cc39b1d3096c6610674303a7489e5

    • SHA1

      31255733093ae12359c0945069fd33ba730ca51f

    • SHA256

      10bd7721a63636d8299f9310997dc45f3b89547044a0cda46b32e86346cd6d4e

    • SHA512

      9d9041e890daf8d897100a39fbc092cb3363f7448dfe78d19c302974b17cf5eb44c72d8a44f822b9d4266935134ad2b889a33d1613eccdc076e1f77f9a9b447d

    • SSDEEP

      12288:xfVHjfuHQNW1sIL7c5WwYuNo4QTpFAHnGzO/q:DDfOQNWKIL7c5F+dF3zX

    Score
    3/10
    • Target

      $_55_/$_53_

    • Size

      2.8MB

    • MD5

      e7d251e7fa22041a1b54c32c992e9c7d

    • SHA1

      a603e83b2fff47e942df890cfec5d430125d5942

    • SHA256

      62eafe940472e73e3e0beb0912b272e2c18c8f251db46c46b092335101d320cc

    • SHA512

      d406c085069811efcabf2fed447aa440948c53995f6221f588b22deee8f1f06adebf717b43661f2db4bdab97e7256e88267ed87ddfb056ed737dc9423b6d56a2

    • SSDEEP

      49152:cI7i3rL5SMpqcgj8hegcidF3ziSsL8M03GzoKP7ScQ2NiO2RsTD+8LzC:57i3r4Un1dFC8M02zo42RC

    Score
    1/10
    • Target

      Uninstall.exe

    • Size

      47KB

    • MD5

      236216dd4d46e7c968847b31d88f6917

    • SHA1

      96e92ee9ad4fa4c178a6c1536d7ac3a2450eeb2c

    • SHA256

      0fc03839c6c7c49cf2cb8811717caf96b679848be0ff602e9371f96c8077ba44

    • SHA512

      d8c9861a6576b757f02241ddbe208f0357cacf273ee406c9bcd7c79d203d2f58f49f139f105e2afdee1ef7dfca26fb962c8cac61a3ede45da3c6a1f2b3d79252

    • SSDEEP

      768:8e3PFaDVyOQgljLDKRJyM3BmsHzSB4us/wJJavgd2iZQAm6kRRS+NoJRnODHoX:r3cpyORJLuB4P4AJJSgdLeAyNZw

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      ֮.exe

    • Size

      1.4MB

    • MD5

      5b09029117dedb91f4b06ef3c0e8b94f

    • SHA1

      6cef43f5147d5fe01b66748157782626cce44c28

    • SHA256

      4dbc3ae45a04dea291f318cfefdd091af2d6a2a747f4970a1c369752ca093558

    • SHA512

      fdd0385a7f094774fb77bec9830c7eb62fa081936c55c91539394421d2b0b8dde8ea7bb84a48001814a1e0b496e741cc5ee5c2ebd905c9ef945e7dbb22e38c32

    • SSDEEP

      24576:SRFS7Iid6Nx7izcFsaWrtLTOITQA6kOStpbspT63cGnD:vDd6ziVTOITQAOpT63cGnD

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks