5158d1e92fe476227e9bc739cd15fff4e9e847d8598613a6ae220ce085e3a6fb

Sharing

Copy URL

Twitter E-mail

General

Target

winamp5666_full_en-us_redux.exe
Size

9.9MB
Sample

240219-t6mp2agh83
MD5

13d0f04d82f98ad070f59bf55db96d53
SHA1

06fe238861ee178ded0efcd323fd0affe009c327
SHA256

5158d1e92fe476227e9bc739cd15fff4e9e847d8598613a6ae220ce085e3a6fb
SHA512

ec10b2e5051533bc72f8824f15031053ab4fcb0459dfd18c33924f4befa8473575d2238937c99fab986a97a66c268f69fd378df64fdb4e8cbb7ec0aa8ea80973
SSDEEP

196608:jHwXkU2EgG6irWd/hgu/iCgKpp4iXBfqS/yS7AAxOf5vDmGsUcD:jfgnk/f/zp4il1//1xI5bmccD

Score

8^/10

discovery evasion

Malware Config

Targets

- Target
  
  winamp5666_full_en-us_redux.exe
- Size
  
  9.9MB
- MD5
  
  13d0f04d82f98ad070f59bf55db96d53
- SHA1
  
  06fe238861ee178ded0efcd323fd0affe009c327
- SHA256
  
  5158d1e92fe476227e9bc739cd15fff4e9e847d8598613a6ae220ce085e3a6fb
- SHA512
  
  ec10b2e5051533bc72f8824f15031053ab4fcb0459dfd18c33924f4befa8473575d2238937c99fab986a97a66c268f69fd378df64fdb4e8cbb7ec0aa8ea80973
- SSDEEP
  
  196608:jHwXkU2EgG6irWd/hgu/iCgKpp4iXBfqS/yS7AAxOf5vDmGsUcD:jfgnk/f/zp4il1//1xI5bmccD
Score

8^/10

discovery evasion
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Dialer.dll
- Size
  
  3KB
- MD5
  
  61b40a89c8b94ad6355262e118c8420c
- SHA1
  
  6b8fcae8baf661e115763cec2d69db7a6b767030
- SHA256
  
  4e63d7b877a7e8889b6cd7bebc1dec767bff0f5bd41d8936d4a5b29d934ea4c5
- SHA512
  
  77f7e3cdd2f2ec3a2cf619afec6438e0966a2f0d43539d62e9cd8e2acce56322e2dfa2f747937c3d62346640fb64e1176b52a329027a5a0569e0f05ceeb7a126
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/KillProcDLL.dll
- Size
  
  4KB
- MD5
  
  1be3fc5971da6f9b86843d0763912fb6
- SHA1
  
  e921bfa5b330102630420007a63fde0c439f0cdc
- SHA256
  
  89ed50600e7046184f80b2a20b5299f35a0439fab1ad1f9f5fc55606955b6186
- SHA512
  
  99e5a4e888c6cbd2b67464162516aec5a564447fec389012acd8873aa6312020bfe5f0d68e83f54a7320355c5f828f7769f666d5cfd12f2ceed02a6d5b66dc4d
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  a1cd3f159ef78d9ace162f067b544fd9
- SHA1
  
  72671fdf4bfeeb99b392685bf01081b4a0b3ae66
- SHA256
  
  47b9e251c9c90f43e3524965aecc07bd53c8e09c5b9f9862b44c306667e2b0b6
- SHA512
  
  ccc70166c7d7746cd42cd0cec322b2adf4a478ff67c35d465f0f0f5b2b369c996a95557b678c09cb21b8311d8a91eed4196ddc218ea7d510f81464669b911362
- SSDEEP
  
  48:apTVWFeApYx2lxaKe3yfeEIWCGWNpBWLGGrx3pMt4z8mtJ7HofYZVSLa:RFG0xaKkyfjIWTW7BYrhSbmtJ7/V
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/PrimoRedist/PXSDKPLS.DLL
- Size
  
  194KB
- MD5
  
  5f44f529e880666bdf1c1425f86223b5
- SHA1
  
  709a7ffb6cf2eeeb557472ec2022195cb8a77017
- SHA256
  
  08ea26310d842c69219491bc4f4e83fdbcbbfc81b7ec19b0ddf1503cfa971259
- SHA512
  
  97f8aeb9a3a29a9783ef678e7bf79a055a24c12eca546486f9294a5889942f1495b213e0b13a73596223a6e62066660bb181f257ba58317a58b4ed7e6254a2c9
- SSDEEP
  
  3072:6Gi4tE2v58rgZVhANBUf3thKFzcOdmE1imdzkIeJo3ltEe6Hl5V:M4KgPh8BUvtUFzcBE1iCS5V
Score

1^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/PrimoRedist/PxCpyA64.exe
- Size
  
  66KB
- MD5
  
  08d51e037f487f9ca9fd0b0388f4c15a
- SHA1
  
  67188d670673a5e9185616923d1b1a8aa22ad8bc
- SHA256
  
  fbaa0fd8dae9bde80bfe497dca28c6fc9174c14b12ab93e3942fffa04e3db3cf
- SHA512
  
  a40bb551fa8a705a5ac2bdc02a17ebba1c6c70f9ffce38c668b07bc538dc4461658b0bf220e26aa1833f624009f417f05c44aa0ff81af59a5ada4f97dd99013d
- SSDEEP
  
  1536:nBueoX5ZxIfZu3B9M8oLb8tg+xoEoXJ9hDkGO0mIOT:nBueo5PBWLh+xoxXJ9hwGKT
Score

1^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/PrimoRedist/PxCpyI64.exe
- Size
  
  120KB
- MD5
  
  50a76d2d5e4be94556326c4bf748c758
- SHA1
  
  dd2188e2fde11b75fa73003bf7502515182d4c88
- SHA256
  
  1c0e698d620f3703f940baccbfecd883b5f5e46d2436f0c17cb0c6c99155a4ec
- SHA512
  
  f60decd858d2dce3d7d57f53e7a2f7f1090d2d5fffbb1abcfd37c67718ecc2c92bfd45a208a2ec93efa5e8fa9c33f29e84bc52891998195dda237d6f1ea971a0
- SSDEEP
  
  1536:e8n6dVhjfCAm1tHcA3ep2Y3Bfzr6jsi6bJKRTV81Pt+yJBiK2Mb0mIc:4O/OQY3BfzHKRQF+yJBiK2MR
Score

1^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/PrimoRedist/PxHlpa64.sys
- Size
  
  54KB
- MD5
  
  87b04878a6d59d6c79251dc960c674c1
- SHA1
  
  cc34993ed2b375bbab87058f79097eeacf381aa5
- SHA256
  
  3eb8db0624e646f0a65d0381408d35cf9fdc5abfc30df6431f4070a8eb68447c
- SHA512
  
  5c034f27ffd5d26faa2b6db9a6e97b261a0997400901e846880fc2eadda4ffc3aaf9885b90997ebeac8902b10f2e0f3e38b41e6f476b7c45f57ac5f9e59312b8
- SSDEEP
  
  1536:xRLN27cqtMyAqEE36AZVKacKjoW3ZQLDDHphguIEFnYsli/LLjkM0mI1r:bp2C1+6AsW3ODLpNImYslcbkrr
Score

1^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/PrimoRedist/PxInsA64.exe
- Size
  
  66KB
- MD5
  
  6d3630b7f27b3643fde05d1088f84f2f
- SHA1
  
  be742991eac9c6c8b0674c4be1fbddd10f7b9d37
- SHA256
  
  573d87feddc84eba6b3450bf00ad7ddf498ca99cc8809359fa9bb60c7ac76f68
- SHA512
  
  48a218a270357d3513596d92410bc865ef51c3bda6bfe5f53251e2ca3a5ff6edb31d722ee50d6b85d4e3bc7094b956180bed88575eac226236b55d81e0528ec1
- SSDEEP
  
  1536:adA8lmCJH8IeVf1jB8QgWHLhmAe6hnMJ0mIE:adAOJcnBZHLhmAe6hnMv
Score

5^/10
- Drops file in System32 directory
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/PrimoRedist/PxInsI64.exe
- Size
  
  123KB
- MD5
  
  94f95be2a44c8291132d314582f141f8
- SHA1
  
  d5bb1a7519221964497560b579bb5c1f1ab30aef
- SHA256
  
  df83d7cb34c59e1406fb5bf1edd083f8bca649db97979c6debc3d3ab0e36b980
- SHA512
  
  4a726c8431d9722f1213659e3cf150cda5a0850bb874f0f7c4c280f6805a122d14882531e06b11cbcd36d8a9a741a67f12b46dd02933d00c65ad1e255e1ca1dc
- SSDEEP
  
  1536:NdSxj9fQCZDQhkC0D0o8dzaMmwNU94mep7g8C5aqdio2yzy2ko0mIx:NafQjOCZwNwa41AYqdixyzQT
Score

1^/10
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/PrimoRedist/cdr4_2k.sys
- Size
  
  8KB
- MD5
  
  48daee926106c4427cd56da8f69aca7d
- SHA1
  
  347913608fdffbd343fe4992eb29abc6fee42362
- SHA256
  
  9657ce6f0a125b096e5a0c4bf989c23b96cbfbdc486cc839cf8d99eb3833a182
- SHA512
  
  57052c2bc573cfc517c74c6248bc146896e27033d1a194714bee23194f41cd375e2f1e00cd0d8d68e1c2d8a1c67f9ead11f58fe1bcbc50370542e471eb476b43
- SSDEEP
  
  192:yl3iyowJL/aMjGwP74MZaTR+ebMBpZgjlJMMRR6Cq:4iYJLW0aTHbmp6jrQ
Score

1^/10
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/PrimoRedist/cdr4_xp.sys
- Size
  
  8KB
- MD5
  
  c3e76b0c05ebf7261abfb08d9e75822e
- SHA1
  
  c7cadd59050c0dfbc3d17a057e5eb2b00a10aada
- SHA256
  
  82e1d31d0ea694bf869ca30b5a705afbb2051e4281cccd078288874bb83be1c9
- SHA512
  
  46d9ebfb7ebc35a4a1b36fb9222e1cd870194e11609b6bd17e37e9088897ee009e9db34e80e12488057627a4a95da36ece30a22065e50229b6cb6320fb039a2c
- SSDEEP
  
  192:Ll3iyowJL/aMjGwP74MZaTR+ebMBpZgjlJMMRimb:BiYJLW0aTHbmp6j4mb
Score

1^/10
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/PrimoRedist/cdralw2k.sys
- Size
  
  8KB
- MD5
  
  17590dfe29e02842a6e3a463e443d1b9
- SHA1
  
  2a50ca7394807e503da3919a98f27c1f8b068aa6
- SHA256
  
  c43c35eadf9c87419416abefe4270024d71355d9626937e6215101914f93048d
- SHA512
  
  a9e0716829966704be174258186d3554608f5bc7c53d11626a1ca0a7359affcf13e0c7fe896c1d3c65e9f62424d6779ed48e3515e7a93f00332f0cf0c0efa297
- SSDEEP
  
  192:oW8yowJL/aMjGwP74MZaTR+ebMBpZgjlJMK4:t8YJLW0aTHbmp6jV4
Score

1^/10
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/PrimoRedist/px.dll
- Size
  
  682KB
- MD5
  
  dbb66b386c194a58e29e49d7ebbebe65
- SHA1
  
  78dced6be8870938a2c8fefb1b5b884159e5fb21
- SHA256
  
  309a40e28271eee4e41cdb5cd1f83c0087702d42f9fc3a87d62f9f30dd53d68d
- SHA512
  
  6a49783c86f2bdb6cb522f0e53a6e653eccb89b1a2d0d800bfae499d304cad173f621d9dad7765a13848a1e8bc4da355d94fc1a4bbf2beb5c4d999ea79257764
- SSDEEP
  
  12288:YhT+GE8INwK4VhupUoh/o/mKg8+ncSFL1T5iU2DF6mHmzazrr32ceMtw/g+CB:YhSXjz8hupUotimPcSFLwjeMtw/g+CB
Score

1^/10
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/PrimoRedist/pxafs.dll
- Size
  
  130KB
- MD5
  
  e66569100ada3821d49be51109fa111c
- SHA1
  
  da0d6e0d9073b7d384e410916ae0306e16eee23a
- SHA256
  
  b7c5e5cdb6bf6fc01d1823b6aa1b0fef62f1e594886e2797a00a03809589c0f4
- SHA512
  
  981128e378ff2c286ad0aa9ca0012fc72cace283b0bbe4bb21ec7429735ef0b4438a6c6ff8dd3ac11438e25af33162f320a085223d6fcc41f5a7b060d88efb8e
- SSDEEP
  
  1536:+QfvGEOg5r766WHTPnqMtpdJn16oYvXfR8zVULjePWwxfFkEba89lb6Oe6FoHkPE:+Q2d2WzPqeaizVUcva89lbxefH4E
Score

1^/10
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/PrimoRedist/pxdrv.dll
- Size
  
  558KB
- MD5
  
  8f6f3aa814143099b431744b16845664
- SHA1
  
  67f518591a1cbb954a031cc7421faa1aeb25651a
- SHA256
  
  7c9449c2e774087305a28117e47fa48bbf33638144e9694f20d20fb15065ac9f
- SHA512
  
  5fdd908862dcabc37a794d0f7fe134e6df9f34d0e52cc69a535c37872a4f2edb44e2448654b3832a11f41fd57be36f1ad0f863603d1f268f99c6180a3a48bcb5
- SSDEEP
  
  1536:PdT7plr0Xh+r3xZMmourvvsjI9vW/dy1HW6Hfuj+aUfQe95QV88YfOr1oE0mIQ:PkQMmouQjI9v8NMi7UfQe95FOF
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Modifies Windows Firewall

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Enumerates connected drives

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32