General

  • Target

    8b521635b443a95b137786d8b5fd776d

  • Size

    3.3MB

  • Sample

    240203-edmf8sgdc9

  • MD5

    8b521635b443a95b137786d8b5fd776d

  • SHA1

    a0662b013e168b305f783e07593bf5a21103f8ee

  • SHA256

    f64de4aee0bc21db63da573ccb97b7d9a8d1e8dfc29bef72d8c8f26c4ec640cc

  • SHA512

    d108f8bf8082733f550a83515c4d015289e1b74c3c948c84e62648dbb638c992a8b69577917384c3367ac3f12e04ff01eab1850c25785766712cdcccfd51d79f

  • SSDEEP

    98304:mMXiZJum95qJhiuyScYwjnaDdjXgISn1v:hiZjqXiu+YwWDdcv

Malware Config

Targets

    • Target

      Setup.exe

    • Size

      3.3MB

    • MD5

      f26b01e2b0be1463ca5e344b6f2c1a97

    • SHA1

      69b2875969fe6b6307f2f8cd04e57d9adf94f05e

    • SHA256

      171ed103f3bec69d8f6b119648b3bdfa8a2db02db75fabb3b752209cb51c3ebc

    • SHA512

      2495f256278f72016725e522406713a8505e721f64cc48571faa78539142c68dd7c5d94105570c8a0c8435b33f3f290adb16ca2ef39564f6fd8a0dd8c809b530

    • SSDEEP

      98304:nP1CXQNTu7+5TT0PKqD4m6CT2aYNWpqTXY++rgiSlOq/hu:tCXQy+1giqDj2hGQY+3ROgu

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      12KB

    • MD5

      a10c9c9f5474ed8c13ff5e182655eb9f

    • SHA1

      ffa6073f6b1724183d570c368c3025430de1ee33

    • SHA256

      17055e463a04435bdb5fea5d634af12a4678ff5d680196da230879ad24622ee3

    • SHA512

      bd7222d4ee6516b9be7f498858812ebfa824f657ef5298cfc813ad91fdfb6129642232d4c47f2edc4c2b8d2619ba7530a5195d53e9017435e7e8ef742f60fdb5

    • SSDEEP

      192:ATPN9E1B0OUrW7VymsS9WmaYqkzJqa5Maamy6J0WVpzuzzPzrR2Z+:ATzEbUrW9tWmaY/zJ+aFy6CWVUzDP8

    Score
    3/10
    • Target

      $PLUGINSDIR/md5dll.dll

    • Size

      8KB

    • MD5

      a7d710e78711d5ab90e4792763241754

    • SHA1

      f31cecd926c5d497aba163a17b75975ec34beb13

    • SHA256

      9b05dd603f13c196f3f21c43f48834208fed2294f7090fcd1334931014611fb2

    • SHA512

      f0ca2d6f9a8aeac84ef8b051154a041adffc46e3e9aced142e9c7bf5f7272b047e1db421d38cb2d9182d7442bee3dd806618b019ec042a23ae0e71671d2943c0

    • SSDEEP

      96:YV2qpbvYSflug0Dvxn6GuKM9sh1gdrN9+oB7FT9WibOoBZcko5N/:Yt5lugRK8hlvbwkKV

    Score
    3/10
    • Target

      $TEMP/Setup.exe

    • Size

      3.3MB

    • MD5

      0fb2c525c1093751a0242f92ffd242fd

    • SHA1

      67e9c647e1a9a6b83dfb67f64dc88243912d1c08

    • SHA256

      03b586c9abd1ee2b3b1d12abe4b27f5e239ab4d4f0cf385e2a015a5c013a2b26

    • SHA512

      c49b5b98192e0c178a1e905eea6b82298baecf320d68de16c8b211e1ee885fac68046d97239309ca41a0a3bccef699f95c1b073188bd12c56a20e450e0a95f0d

    • SSDEEP

      98304:9P1CXQNTu7+5TT0PKqD4m6CT2aYNWpqTXY++rgiSlOq/h7:3CXQy+1giqDj2hGQY+3ROg7

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      12KB

    • MD5

      1d5c649dde35003a618b9679d5d71b92

    • SHA1

      0409bbab3ab34f8c01289cdd847b4d1a32d05b18

    • SHA256

      0f4d3cee24e3f310fa804983c931d3628613988a24f0be7854f63a9309b8e45f

    • SHA512

      b432ebcc52905662d61a3f17e08e209a3f9d836a9071b3b5e80070af7ebcf34cf66c44426dda041c2a258fda4787e5692e2b35acbcd73288fb84fe3c977bbfd9

    • SSDEEP

      384:pKlm7i+c3QW6ckPhyDEaLnA2bbBBIXwZ:8qi8BcyhEhLBbbTI

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      4eff5fafd746f5decb93a44e3a3d570c

    • SHA1

      a11aa7681b7e2df1c7f7492a127d332d1495ea8a

    • SHA256

      cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5

    • SHA512

      cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72

    • SSDEEP

      192:0OycJo/rJVCmIDNLU0dq5RD00lspbub76yL:6/QQ0d0RD0USq/6y

    Score
    3/10
    • Target

      $TEMP/bind_50157.exe

    • Size

      20KB

    • MD5

      4c6e11e57b56af44f0d81bf0246b0ba5

    • SHA1

      61cf68b472b4d9fe383206ce1ec1089c5161cbee

    • SHA256

      8133b1731a962022b4c8b7768a666566116b786924e6375269f7c96ec9844f71

    • SHA512

      ac9e2dc97893cb5ad877ec71c05785a049f5deba8bea44342cd982b0044df33e08c08627418256fe445cf50529ceef46cd46d0d14005bb962b9264449e156d74

    • SSDEEP

      192:IvO4gFznofcI3WAD4RSCZ0eq0rEkTdzOFfWsP1oymqQ9Z1:I5fSSePZOFf31o

    Score
    1/10
    • Target

      $TEMP/ditu.exe

    • Size

      76KB

    • MD5

      2b0a1ef1e4315602d529aee1e480d4d9

    • SHA1

      609a9c6fe4f11db446ba307f8ce681b95dfdbb93

    • SHA256

      d898a5e9c00c3e3ce32fb308e60458bc97941db241ced9cdd9dc94ae74134fcb

    • SHA512

      795c8c3d0afdf2b4541a2dbabd7d9ac85ad45eb718ed52f75c13e9aa92b6cfd1d32153f9ba9eb10c96683ea16c0424b45e5658ffd89749bd6b6f9455a6e73cb8

    • SSDEEP

      1536:RjLaMv3xnCwNz0DxkJVw/Z4RoncXfE8wOS6ineUjJPZzBq+2NUBl:ZeYBCwqDxkJVU43XONJ/B2u

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      12KB

    • MD5

      08c82a46416a5e2b471d457968f53816

    • SHA1

      3e3897c20b9e89b279b4764a633f67955bf8f09a

    • SHA256

      435baf3b7282c9110697a4916834ef9371dd29fae6b4cb8e19c19eb126562dc9

    • SHA512

      91e2055b91d04b2348a923cb298ac6ba3637de5038dc4f849c4d2f1665d17de9cd6eb6a97d42d0f894d65348c8fd8e79cd61b667ea5a78e8960347e8cc8db81d

    • SSDEEP

      384:PKlm7i+c3QW6ckPhyDEaLni2bbBBIXwZ:Sqi8BcyhEhLPbbTI

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      61151aff8c92ca17b3fab51ce1ca7156

    • SHA1

      68a02015863c2877a20c27da45704028dbaa7eff

    • SHA256

      af15ef6479e5ac5752d139d1c477ec02def9077df897dadc8297005b3fc4999d

    • SHA512

      4f5c943b7058910dc635bdcfadfea1d369c3d645239d1a52b030c21f43aac8e76549e52fd28e38ba5341d32aefe3c090dd8377d9e105ad77f71ab8870d8e326e

    • SSDEEP

      192:2OShJI/rmOAIPkWpUybQ9WhP4t5Rwc89XbubZaX5:n6OAOkWWycGP4XRwc2qFaX5

    Score
    3/10
    • Target

      $TEMP/dodolook143.exe

    • Size

      156KB

    • MD5

      25d0e5e42d79ef68c7afb18a4bad01a3

    • SHA1

      6c4d0cd6e550abca32e4f526ca09a23944dd1470

    • SHA256

      7a3580162e433907567f3fc671f10d176f8c1c614b8da6f845092cc1ad4ab1de

    • SHA512

      e092a52b5b375f769fbd63d3194bc8444d4c12a4e140be052d77b0ad60f8ad380e72afd5b97656b4622f9fc53dd9cfae6d6d6fbf01ff3fc608556db39562244f

    • SSDEEP

      1536:vrTD44bro1me6mEizGio8LV9lmScfQdElTPaCtaqiJT/vSJ4DFNhanR/2Notiie:TTD+mV+zGiocV9lSZvsZS52Notiie

    Score
    7/10
    • Loads dropped DLL

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $TEMP/setup1.exe

    • Size

      397KB

    • MD5

      a2d36b591513af7aa3d7da01c2ddf432

    • SHA1

      2df8641ff14ec3f4025b8f7c2034295f6908e7f9

    • SHA256

      047653b99298bdc44984d44da351f2194bc11470f376d5357f3f9227362b29e9

    • SHA512

      36daa729dd3b078c65cc6b62d3f437cf83b8c42a9d2fc81fb1071457ef66c7ef365f66ca5cff0f18b5cd2d040a082a3fc48a7c78bdbb8b4051c71fd4249e8116

    • SSDEEP

      12288:X8xon2wpGX9NHqhs2AMYXfLEPl7OTkjwhT:Xen9ghs2KXTaOB

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      uninst.exe

    • Size

      54KB

    • MD5

      a342294a98b10b59498e341cca199e3e

    • SHA1

      d3c63b2b2c8aaac560d5751e2d9a6c9e6ccc608e

    • SHA256

      8b4cea91b216c798bdc5ea0f3727ee04c722fdf426f0a2a1687b994f56cd7105

    • SHA512

      aa5cd7564ae9d559a7aea10f55d99b914f2b109cad8abcf4940b2fee01536689893bcf73576e2d96515289782d8cda8ce1107c7f00b6fbee96604496b9e1813f

    • SSDEEP

      1536:tzroWWblpNeL/FsNq1F4lPJB6cqAELVigmA:tz0WmlPw1F4lPJBoAI0m

    Score
    7/10
    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      ˫ᆱ.exe

    • Size

      2.7MB

    • MD5

      60c04d1e8bbb3a3b123eb81638d7e469

    • SHA1

      0981486d328d73cbd0f4316592f246cadd91fb86

    • SHA256

      6e1cc019494afd7bd1e7c95193cdf2efaf27bf11168a8a2c44768259b5556b05

    • SHA512

      974a2350d5cc00e565498eb07d55770de4e2366042e3eb9f706099272ce7b82349105feab64f031059affcd9462551dadd653085f8fc270e683f39f6ca9898ee

    • SSDEEP

      49152:rSpkL9s0VIVxovDUt7APeqQcm0Dq2xjiF1WKHp52oXojXMg7VgJoQ:rbsU46DiAVQWq4jIrpQoXy1an

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Target

      安装说明.url

    • Size

      260B

    • MD5

      ed83e978f409fcebba2825b084f2c140

    • SHA1

      4548b5565354024dff5f387fa825fce7d11e67fe

    • SHA256

      ac996e7c6b803289cbb4eb6cd62cc7e63dcd456aa18dd7fa88aed066b06218ac

    • SHA512

      2257a6118aac1a6368749357433e037798d1765dee71addb73fa3e98b27335bf7000786a0814d6a5b3a5f63eb25f13e49559da8e192f48dd230d1c344763a377

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks