22b2fce0f300353468c409cb80f363ccd1a9c0e5355d0cc834b9bc47dbfbb973

Sharing

Copy URL Twitter E-mail

General

Target

98cbb535d78e33fc47e1e31e7c87ea44
Size

1.0MB
Sample

240213-h294zsde83
MD5

98cbb535d78e33fc47e1e31e7c87ea44
SHA1

7ae30c3dc198496d9866b12445da162e3d52c640
SHA256

22b2fce0f300353468c409cb80f363ccd1a9c0e5355d0cc834b9bc47dbfbb973
SHA512

7bff707ae2ed51fb64ca2d66cf0bdfd7981b17a82563822707b94ed53b409b92d4b09fe30339f249d038fd5f55b99642006e6a5ca19b75aec965125ee15e589a
SSDEEP

24576:+Z5JvbWCLRlm8KAaPKQCZS5Oz4Q8qzAUlJEI:IbWSRBaPms5Oz4Q8gAUlyI

Score

10^/10

upx

Malware Config

Targets

- Target
  
  98cbb535d78e33fc47e1e31e7c87ea44
- Size
  
  1.0MB
- MD5
  
  98cbb535d78e33fc47e1e31e7c87ea44
- SHA1
  
  7ae30c3dc198496d9866b12445da162e3d52c640
- SHA256
  
  22b2fce0f300353468c409cb80f363ccd1a9c0e5355d0cc834b9bc47dbfbb973
- SHA512
  
  7bff707ae2ed51fb64ca2d66cf0bdfd7981b17a82563822707b94ed53b409b92d4b09fe30339f249d038fd5f55b99642006e6a5ca19b75aec965125ee15e589a
- SSDEEP
  
  24576:+Z5JvbWCLRlm8KAaPKQCZS5Oz4Q8qzAUlJEI:IbWSRBaPms5Oz4Q8gAUlyI
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/MakeDll.dll
- Size
  
  392KB
- MD5
  
  eb907eaaf1d86c90112783c8a189882a
- SHA1
  
  04ca0180f47096b3ef711914cf93ca6ec2b6c390
- SHA256
  
  42e21a9f51079d8a8c211b20ffbb31e86ed1e68f306cf72442a5b46c49ffff1a
- SHA512
  
  0e5327d7447ce77ab2001d1bd2bdd634da5adf1160064d77747381e3912e0b9716134edf847fdb0fd32847a5ec8efa4edd6bddbb568b7e849c99e4cbde9817ac
- SSDEEP
  
  6144:LET26hNKPuz98w6DkrSbu0ia7TOscYT0DEw0isbDfg7dNpJ7yOSc3gvlb/wl:l+NKPs6oubumRqoisw7P7yOF3yb+
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  72f18eaa88886bd0d46de64a17d9720c
- SHA1
  
  e604c84de0ded023cf4c5e215c0534faf1d18227
- SHA256
  
  05f699d932f1fea8e6f1a711c3bc8ba51463b924b78a68bfd0683295de008da1
- SHA512
  
  5a80e303f1418dde67ffe0b9b60d574b85634de0d2b557a6691229812e9b376fb34ba7e276efd0e20f35baec91f1030b738e2138d7b7ee146715fcab5cd7e018
- SSDEEP
  
  96:VgJbo7bG2VHk3C45rJixqE+6nSvMn0iGLG8wq/aAtJ1t2RhU1fU:qJk7ZHgRJRHvcwBwqP/t6wf
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  2b54369538b0fb45e1bb9f49f71ce2db
- SHA1
  
  c20df42fda5854329e23826ba8f2015f506f7b92
- SHA256
  
  761dcdf12f41d119f49dbdca9bcab3928bbdfd8edd67e314d54689811f9d3e2f
- SHA512
  
  25e4898e3c082632dfd493756c4cc017decbef43ffa0b68f36d037841a33f2a1721f30314a85597ac30c7ecc99b7257ea43f3a903744179578a9c65fcf57a8b7
- SSDEEP
  
  192:ibEOXfXZQ6i1AZ2q6grklcm/iaULQAos:ib/41AZN6uklckLUJo
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c6284e23cd7e4d11db8298deb4541083
- SHA1
  
  e338686c7579620383ab8cc5a51bbb8d846f60cf
- SHA256
  
  79914940cbbf70a385f13a9970a9d577d7a7e07d240fe44563b45a472cd4bc3f
- SHA512
  
  72103e470d770fb402a18e975ff339526a3e4c9aeb8fac1b0977995a6eace0eca965b1915404df9b5a25b59628db1b199d2b9b10372841309c137054356a5cd7
- SSDEEP
  
  96:q0HzOxnC1hncrcpRciM8wcxMkDOW6LbUXv8X2PXv5bcndYosRn:qJxw3pmiMRxNE/8c5bcdo
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  40909a97db3a51fc83aaeff503128b3f
- SHA1
  
  9693d68a1fb11db70f61b8277e1195dd298abbab
- SHA256
  
  f2633b3604a80a7b1be67858fb43288fd7b686730bad158f347dfa38c6df59d9
- SHA512
  
  cd1425e28302dfeced644fa155a09549aae25b96f5f6a7688624135a69be7abee8e6eaac89194dc6ec89281c45e00451fae43db5953360ee9a47dc0d11d07c77
- SSDEEP
  
  96:+Vyk3+0P+gcVUzWKw1lq4xNmuUUOnyX3z9zJ5cVK23EHC:+40P+gcVUzWlyuUStJ5cVKXHC
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsRandom.dll
- Size
  
  21KB
- MD5
  
  ab467b8dfaa660a0f0e5b26e28af5735
- SHA1
  
  596abd2c31eaff3479edf2069db1c155b59ce74d
- SHA256
  
  db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73
- SHA512
  
  7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301
- SSDEEP
  
  384:LCHDPMs4GdtyO5roguusMxUXiO3wOw95euooP2UgKbd9BvNtf:LCHD6Gh87MKXil/5r2U3z
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral13 behavioral14
- Target
  
  $TEMP/v.txt
- Size
  
  4KB
- MD5
  
  c7b5559f005112e251230cc0d6c12535
- SHA1
  
  059c04c348916ca9134d2da72020261731c82753
- SHA256
  
  82d6968389bd215ed99be4cbd903f938cd55803a039725fa108782128030e53c
- SHA512
  
  a9223cc3530b87a04ce034e40ebb41d9cff906d4d35209fb6e598646575f3068fec88723eb4c6e706872cdf8e2be0a5e1f02c88d0c562b44ed434da37996ea8d
- SSDEEP
  
  96:e1g0nKmkU9Bzi0oURzI5E2nBYeLR9AYBP3KnyTh303RS57wh5PO:ARnbkU9BHEjoYBP3KMh30hS5+5PO
Score

3^/10
behavioral15 behavioral16
- Target
  
  $TEMP/xcmd.exe
- Size
  
  32KB
- MD5
  
  378e0103156f2e6844c83087d80a7156
- SHA1
  
  c3e577e294ee81cd763625b4f6657795c4a8a6c4
- SHA256
  
  82fbc8842aceeb471967d2e78b7336c972e3d1379fcd23662df022af958f40c1
- SHA512
  
  0d9e162042f0894aeefb4d43a2c98161686b4451605cbaddcf12f367b17ed1a3796370e770dfbbe6b2ce7ddfba7dc42747ce564b8f80c292b331a600910103bb
- SSDEEP
  
  768:vGw9ERxPw5DAKshWRjzrjBav9+IZ5deSbA:vGQc4TsYznBA9LISbA
Score

9^/10

upx
- Nirsoft
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral17 behavioral18
- Target
  
  $_48_/$APPDATA/xcmd.exe
- Size
  
  32KB
- MD5
  
  378e0103156f2e6844c83087d80a7156
- SHA1
  
  c3e577e294ee81cd763625b4f6657795c4a8a6c4
- SHA256
  
  82fbc8842aceeb471967d2e78b7336c972e3d1379fcd23662df022af958f40c1
- SHA512
  
  0d9e162042f0894aeefb4d43a2c98161686b4451605cbaddcf12f367b17ed1a3796370e770dfbbe6b2ce7ddfba7dc42747ce564b8f80c292b331a600910103bb
- SSDEEP
  
  768:vGw9ERxPw5DAKshWRjzrjBav9+IZ5deSbA:vGQc4TsYznBA9LISbA
Score

9^/10

upx
- Nirsoft
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral19 behavioral20
- Target
  
  $_48_/1.html
- Size
  
  319B
- MD5
  
  4cdfa52dc9dd16bfd027e22705a9ee5d
- SHA1
  
  a4901ac9896648ae286f73fc15e4096b0caa14a3
- SHA256
  
  108172d2933876225f6bb5b2c2e692b0ec44aa0171ec4bded56187446a800a3e
- SHA512
  
  14aec61716dc50cdb2add30d5cc34b085a8d863a65d825edb1d7ddbd4a6d42e4e76a68f00951eb01bcbe5f60b09975fdb46db2d5885545838988e2be5bc1cc01
Score

1^/10
behavioral21 behavioral22
- Target
  
  $_48_/3.bat
- Size
  
  2KB
- MD5
  
  845233e744858be2bac0db1710f4c02b
- SHA1
  
  16acd0ea7261ffed0d4b74ad5281331ac62c4411
- SHA256
  
  f2f54e4297b8d1452b8f898f5f52af63137d2b51da9f41604cfd9ae104f7219c
- SHA512
  
  36489d6bebc73a442f4a22d6c1602f41a7be8846810c35e6ac13105de81b28b8892d0110ef788995fce03a217bce851e2b9d5eb1a6c94b14f5bb0484f15b2470
Score

1^/10
behavioral23 behavioral24
- Target
  
  $_48_/3.vbs
- Size
  
  3KB
- MD5
  
  7899e062addf0fa130391b411cb5d2ab
- SHA1
  
  47409486665bd92727de559cd84cde1f645fac0f
- SHA256
  
  9af6cfdad42e0d280da99ac890747266ddf1af0255a940ba82f16226bb9aed19
- SHA512
  
  f222df9d1166d50adb9fb7e7a03b60efc6fc0a2f0235242346d5041870db275255c82bb51030447dd0f44097f83cb98f3c2e4d7511a479b98fed20cb6b82d6ac
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral25 behavioral26
- Target
  
  $_48_/qq
- Size
  
  964B
- MD5
  
  3b4f08d8c12285b6bdda6f5153bb4264
- SHA1
  
  05a339ca850856ae22fe0673ae8aa9e765197e13
- SHA256
  
  1fa0c1a3d07f30d38c92a4ec5cf3662ebe0e43cbb6747790d0a38f31a39d21a4
- SHA512
  
  a8e66ff8c6a2807d8726880c6e47c984a3557104ada8c48fad26630a4fb373c6eb000228e8202f557ffcdc12d84e8072335e02322ad5ecfb32a83778224096f6
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral27 behavioral28
- Target
  
  $_48_/v.txt
- Size
  
  4KB
- MD5
  
  c7b5559f005112e251230cc0d6c12535
- SHA1
  
  059c04c348916ca9134d2da72020261731c82753
- SHA256
  
  82d6968389bd215ed99be4cbd903f938cd55803a039725fa108782128030e53c
- SHA512
  
  a9223cc3530b87a04ce034e40ebb41d9cff906d4d35209fb6e598646575f3068fec88723eb4c6e706872cdf8e2be0a5e1f02c88d0c562b44ed434da37996ea8d
- SSDEEP
  
  96:e1g0nKmkU9Bzi0oURzI5E2nBYeLR9AYBP3KnyTh303RS57wh5PO:ARnbkU9BHEjoYBP3KMh30hS5+5PO
Score

3^/10
behavioral29 behavioral30
- Target
  
  Uninstall.exe
- Size
  
  48KB
- MD5
  
  10403fd37f08245aae3804452300a600
- SHA1
  
  ec3ff05f03493558f73b7110c6fab9006ad62634
- SHA256
  
  2dd8a708c592d74ea2811334cb50b3b2a2a54f391f938befef64cff77952259e
- SHA512
  
  ff42532f2d99b4dab609fa44e3ed62d5abdedc29d211cb402e0bf2462e22bce0b6909a7378cc065b853217c5b0ae3ecb9953f21f58779faced2ff9df0e50c801
- SSDEEP
  
  768:SoOjbhlc7sUoQnAz3ppOo0QJSHijv5js/wJJQPgd2iZQAm6kRRS+NoJRnOID:XOPhlosUoAarDX1JJQgdLeAyNZID
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

UPX packed file

Nirsoft

UPX packed file

Nirsoft

UPX packed file

Checks computer location settings

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32