370a27a30ee57247faddeb1f99a83933247e07c8760a07ed82e451e1cb5e5cdd

Sharing

Copy URL

Twitter E-mail

General

Target

windirstat1_1_2_setup.exe
Size

630KB
Sample

240219-sxn13afb85
MD5

3abf1c149873e25d4e266225fbf37cbf
SHA1

6fa92dd2ca691c11dfbfc0a239e34369897a7fab
SHA256

370a27a30ee57247faddeb1f99a83933247e07c8760a07ed82e451e1cb5e5cdd
SHA512

b6d9672a580a02299bc370deb1fd99b5ca10ab86456385870cdae522c185ae51f8d390a7c50fcb5c7898523f52c834bb73515ffc6d0b0bcde210640e815ece9e
SSDEEP

12288:yCjeMsiGVBKvjxTNlZaLlcMj+wXZvQpd9nP2+ZMU2tYspZcMwr/GNd35:yCjeTZa7BTsxewXZUTP2HU2yawjY5

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  windirstat1_1_2_setup.exe
- Size
  
  630KB
- MD5
  
  3abf1c149873e25d4e266225fbf37cbf
- SHA1
  
  6fa92dd2ca691c11dfbfc0a239e34369897a7fab
- SHA256
  
  370a27a30ee57247faddeb1f99a83933247e07c8760a07ed82e451e1cb5e5cdd
- SHA512
  
  b6d9672a580a02299bc370deb1fd99b5ca10ab86456385870cdae522c185ae51f8d390a7c50fcb5c7898523f52c834bb73515ffc6d0b0bcde210640e815ece9e
- SSDEEP
  
  12288:yCjeMsiGVBKvjxTNlZaLlcMj+wXZvQpd9nP2+ZMU2tYspZcMwr/GNd35:yCjeTZa7BTsxewXZUTP2HU2yawjY5
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  9b2ad0546fd834c01a3bdcbfbc95da7d
- SHA1
  
  4f92f5a6b269d969ba3340f1c1978d337992a62c
- SHA256
  
  7e08cb4ff81dbb0573c672301681e31b2042682e9a2204673f811455f823dd37
- SHA512
  
  5b374fe7cc8d6ff8b93cfcc8deae23f2313f8240c998d04d3e65c196b33c7d36a33930ffd481cdd6d30aa4c73dd2a1c6fe43791e9bf10bd71b33321a8e71c6b8
- SSDEEP
  
  192:v6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTKK72dwF7dBdcQOz:v6JaVh4I5rpPbTK+BdhO
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  4125926391466fdbe8a4730f2374b033
- SHA1
  
  fdd23034ada72d2537939ac6755d7f7c0e9b3f0e
- SHA256
  
  6692bd93bcd04146831652780c1170da79aa3784c3c070d95fb1580e339de6c5
- SHA512
  
  32a1cf96842454b3c3641316ee39051ae024bdce9e88ac236eadad531f2c0a08d46b77d525f7d994c9a5af4cc9a391d30ee92b9ec782b7fb9a42c76f0f52a008
- SSDEEP
  
  192:4O6dJA/ruAFEiUdWWE6hE5RYUdJfbub1algMO:RKAFERdlxhGRYUzqZal
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/ioSpecial.ini
- Size
  
  211B
- MD5
  
  e2d5070bc28db1ac745613689ff86067
- SHA1
  
  282e080b4cf847174c5c11e4f9157b8c338ecb19
- SHA256
  
  d95aed234f932a1c48a2b1b0d98c60ca31f962310c03158e2884ab4ddd3ea1e0
- SHA512
  
  a50ca2014869629135b54e848f03cb4983ad8029cd811300d02b0fc54de0436185f418fea4d3db888eb0f3170e33a59d486aa885f024ab29e630e9bc0ae1a2de
Score

1^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/modern-wizard.bmp
- Size
  
  25KB
- MD5
  
  cbe40fd2b1ec96daedc65da172d90022
- SHA1
  
  366c216220aa4329dff6c485fd0e9b0f4f0a7944
- SHA256
  
  3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
- SHA512
  
  62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
- SSDEEP
  
  24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral10 behavioral9
- Target
  
  $_5_
- Size
  
  632KB
- MD5
  
  3f3dd4476249ae664e3365e5bb651601
- SHA1
  
  752e1687d58de3bef927d9ad24c0ed3da3754e17
- SHA256
  
  f12d0929055567eee4b5842b7e59c34585a03191447de682dc729ad19aa2314f
- SHA512
  
  c9d38fa61fac0f48e8c2bc319c87df31f1ee49e8bc383ce348042480e1f0d0c28f198fbfa8cb6dd62f5767ae51ce8e67a7f527213fe1043987add465f1ba97df
- SSDEEP
  
  12288:5nKnA/rpVTNPjAuufoRqGKRsytFTkzpjSp+Km:InA/zTN7AvfJGAsuTkzu
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral11 behavioral12
- Target
  
  Uninstall.exe
- Size
  
  46KB
- MD5
  
  a127e6118b9dd2f9d5a7cc4d697a0105
- SHA1
  
  9ac17d4dcf0884ceafacf10c42209c0942dfe7a8
- SHA256
  
  afc864cfce79b2a6add491a27ea672d958233ed7a97a2cbbce60100d2fa1e670
- SHA512
  
  0e57d2856c02c55d477d9b3cc1d4bf5ffa3650d4b20be18b0a9e614d19143aee325c4cd92ff31bbddf6e93cd3ebeb47d8727de6e25faa366341cc71117122065
- SSDEEP
  
  768:tnCHBjSfD0RDSjiN+WWrHcRtf55M4z54q+F5871mJMOUlNu0ZBA9U:MHFSfARDSW0HefHbmJZUlNu0bP
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  4125926391466fdbe8a4730f2374b033
- SHA1
  
  fdd23034ada72d2537939ac6755d7f7c0e9b3f0e
- SHA256
  
  6692bd93bcd04146831652780c1170da79aa3784c3c070d95fb1580e339de6c5
- SHA512
  
  32a1cf96842454b3c3641316ee39051ae024bdce9e88ac236eadad531f2c0a08d46b77d525f7d994c9a5af4cc9a391d30ee92b9ec782b7fb9a42c76f0f52a008
- SSDEEP
  
  192:4O6dJA/ruAFEiUdWWE6hE5RYUdJfbub1algMO:RKAFERdlxhGRYUzqZal
Score

3^/10
behavioral15 behavioral16
- Target
  
  shfolder.dll
- Size
  
  22KB
- MD5
  
  33c369a535290299ed5e5167cea37fdc
- SHA1
  
  4ea387cb55cada35de02738dfb324ab830d416f4
- SHA256
  
  e69da5febb5a2932cbe731e32a5d7f6615bb987a119ef2cedead4555d86144e8
- SHA512
  
  581f2bf315c90e200fd621477d0192c6b3b4c51575b9d9f8c85114783c4425a7de221898055aa275068e4c6c5fb0458eb13a66b4512cc7499e7cc7843aaf9e78
- SSDEEP
  
  384:kqXjRYAhfBALfdpju122HoSHigH2euwsHTGHVb+d3HmnH+aHjHqLHxmoqQG0CHuz:kWjRLhZAL7juAL4+
Score

1^/10
behavioral17 behavioral18
- Target
  
  wdsh0407.chm
- Size
  
  54KB
- MD5
  
  64aa305e920630d0f813691f4187c496
- SHA1
  
  4bbc9397c16de7cd9869252632fe038b8f8ad384
- SHA256
  
  181a23a56b7649d5e1c882786de531fedfb9e80a58c96ad92871f72a626eac14
- SHA512
  
  fde86a9a5b55756371af0d4bbb7a0b542b9765503657368540a651d153f84359fdb75522331b7672a0c242c107765e5c0ce717f60b18ff8b1bd2ef5aee44351d
- SSDEEP
  
  1536:EN2/oYDyp7DUWsbIxXXVP2sQoizOut88vS:O2wYDyuWsUxHVP2sQoizJ88q
Score

1^/10
behavioral19 behavioral20
- Target
  
  wdsh040e.chm
- Size
  
  57KB
- MD5
  
  bc90b966e06c5c20486815809606c77d
- SHA1
  
  12d7ba627d77187c1a41b552ab3c6556ba4a4823
- SHA256
  
  8e54bc2dd576d4bfe241e37305a525d80fd9839ed0de2e34abedf49c7f23f5cf
- SHA512
  
  26047532e3d6c495dc6a7b0c8d0479018227c189f1c0228ea83a209b5422ac88188c9e9cb7422ec02fc8c9dbc0ac3ce2588a62d8648fde616b9cd61b85a155b9
- SSDEEP
  
  1536:V6iw3SziWVuxJ16cuZ4GMFtoEOq6YShAvLpAE/Q:IiJ2uux/6cuZVG/6lhOqYQ
Score

1^/10
behavioral21 behavioral22
- Target
  
  wdsh0415.chm
- Size
  
  55KB
- MD5
  
  de97a75cfa6d6cbf91ba68c0c90695c1
- SHA1
  
  5932fd0fadb6ef284605e2410b5045dcc131ac93
- SHA256
  
  bab7db85927f846a6ac584d5fc3fb522e812fc1e505e333728f85efd16b50238
- SHA512
  
  7714be7430c309d2b63dfd1e90446925f417ee500b06350f595d43b9c0db121339151ea7e0440922dd6c11534e23572da3d2c9d31dc21c808a8a840ec8e0f172
- SSDEEP
  
  768:kb69pw0scpr+Mo4OiKvc7DqL1hjzZwAsGHJLg9KM9G/b0/P3eubAHOjDIhR7Iop/:kb6Xw07XXq9umATqMeWAHqvYnFHt
Score

1^/10
behavioral23 behavioral24
- Target
  
  wdsr0405.dll
- Size
  
  56KB
- MD5
  
  8eee4f1cde4b0cfd0365456040e05364
- SHA1
  
  b38200f4a3af27a59ec08fde2c6aaac4727dffbf
- SHA256
  
  7463df064c98cdb501b2310dcac878f9210a303d50d79431152e3031ae1a224a
- SHA512
  
  17da577977c6766dc56ee08726ae77f4cbbf83da1037c976d8ca36c7149bee56fd691ab735fc4a12721d86860fddc39ff99bb74aa515de96bd2da0596fbd33ab
- SSDEEP
  
  768:yOWz6n36MwlqZT5nNAPxIkRXIafTGO6kRfw/WZaKCam:yVSBNoSkRXIafqjkRf4QCam
Score

1^/10
behavioral25 behavioral26
- Target
  
  wdsr0407.dll
- Size
  
  60KB
- MD5
  
  619767bb217f6d1754e018926753e89f
- SHA1
  
  cb731df1d74ceec090cb55fb76e9dfd6e4337400
- SHA256
  
  7867b69c5deff7f949e58eb3ff1b266e66ad3fd252c52334927114e7c53ce27b
- SHA512
  
  8bb7c717206a3b86bf4c5d46d0a838373ae557708040656f9c2cb47db5f38165bb9160545d2f6d9200b9ff59160292f88044abd997bcc01e46b40a4dcf58318a
- SSDEEP
  
  768:QniT9wgpxcn37TFb0FuIa955yo7evokJrOLoZaKCam:QnbgpsLt4uIa95h7evokJr4OCam
Score

1^/10
behavioral27 behavioral28
- Target
  
  wdsr040a.dll
- Size
  
  60KB
- MD5
  
  cf69ec4f622ab3efc0d59c94c7861d3c
- SHA1
  
  8baa748295cb941e1693e4c2a298343fbfc5c048
- SHA256
  
  75ca96992380e5b8e323310a01c8a68805ad76223197d2bdaecc03817d233dea
- SHA512
  
  dcc99395fed596e6ef7a959731254093e73fa006a14b0ecbe6f780a9d8236428d9e90024e016d5f1bdbf323e1fe01ffa3727c9d09a8666ef2745dc56462ed6cf
- SSDEEP
  
  384:jH6u7Vn2KDadkOKDVdS9Ew5eNC1GF8wcgnSLIdOpAv18/pIaqSivHxACkwYcwiZY:HxKQ8wcgnSQOi16IaavWiZaKCam
Score

1^/10
behavioral29 behavioral30
- Target
  
  wdsr040b.dll
- Size
  
  56KB
- MD5
  
  4a5a97171af49b09f1c68ba7a9bdae34
- SHA1
  
  a6ed7e9ed8a4d9b462378571346fba1d40f1c75a
- SHA256
  
  d7fb9404282ca467e0f3e80734a388885c219269d3e9ee78bb66ee9201803ae4
- SHA512
  
  51a0f250cbd115f532970a291ef477de89cff786df28ee8729d35f68c8cb0f018a58e9edbaf758ff11172b68952f8fe3b74ff8ca6e8e62a482712126ddd40323
- SSDEEP
  
  768:ne1K36pwrqnfPAY5IaBNqhN+3ATwZaKCam:ne1oAQY5IaGqXCam
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Checks computer location settings

Reads user/profile data of web browsers

Enumerates connected drives

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32