6db9f6442d46fbde0953f8bfbc36bd714e5e31a62f927563594cafd60724d3e0

Sharing

Copy URL

Twitter E-mail

General

Target

LGS_9.04.49_x64_Logitech.exe
Size

120.0MB
Sample

240220-zs65eafd75
MD5

87a1119a7108e33da161b24b6aa763ad
SHA1

3f32007e62f174b411f0c69be9779a6321363153
SHA256

6db9f6442d46fbde0953f8bfbc36bd714e5e31a62f927563594cafd60724d3e0
SHA512

69d5d7808dae0d84fe588850b1cc0f749debdfed6646191c51bdb67ad99d683c4507a38d2c65e05571bdffb32914b656fb74a1d37d1f09b05370fed0d26cba0d
SSDEEP

3145728:NAhY0THiaUvrE7pisu8402Ujk45hAacfBQHHvh9l:NABksEj45hAacfunvh9

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  LGS_9.04.49_x64_Logitech.exe
- Size
  
  120.0MB
- MD5
  
  87a1119a7108e33da161b24b6aa763ad
- SHA1
  
  3f32007e62f174b411f0c69be9779a6321363153
- SHA256
  
  6db9f6442d46fbde0953f8bfbc36bd714e5e31a62f927563594cafd60724d3e0
- SHA512
  
  69d5d7808dae0d84fe588850b1cc0f749debdfed6646191c51bdb67ad99d683c4507a38d2c65e05571bdffb32914b656fb74a1d37d1f09b05370fed0d26cba0d
- SSDEEP
  
  3145728:NAhY0THiaUvrE7pisu8402Ujk45hAacfBQHHvh9l:NABksEj45hAacfunvh9
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  0ff2d70cfdc8095ea99ca2dabbec3cd7
- SHA1
  
  10c51496d37cecd0e8a503a5a9bb2329d9b38116
- SHA256
  
  982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b
- SHA512
  
  cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e
- SSDEEP
  
  192:eK24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlASl:u8QIl975eXqlWBrz7YLOlA
Score

3^/10
behavioral3 behavioral4
- Target
  
  $_32_/1-LGS-x64/DiFxAPI.dll
- Size
  
  513KB
- MD5
  
  f5558c67a3adb662d43d40a1cbde4160
- SHA1
  
  74ad5dd123037cf4d434c5073cbe04c0bcba4e79
- SHA256
  
  83c43d65084cd202aa9982af6d87c963a05035f1e2cdac48304fa299584e3242
- SHA512
  
  6df9f780adda4f52d7fbb3baa6af3028c0523ff514f1df0e7dfe380ce21116e09a6f1f3820c316a9af7e16043eb04cdbfe5e885ca24528661c05e32cd18b2046
- SSDEEP
  
  12288:6sxYL+kJmoPdVp6s3EJBjCvuF17+2NdJfx:6sxwSoPdVoBjCvuF17+2NdJfx
Score

1^/10
behavioral5 behavioral6
- Target
  
  $_32_/1-LGS-x64/Setup.exe
- Size
  
  118.1MB
- MD5
  
  5217f677000ea8c475eea1131163076c
- SHA1
  
  d76425f38d1869106a33c4c406ba3e5cba1c344f
- SHA256
  
  034c3d6537e802c6eaf3b40aca1f6242888a5091a51eec509f46815c75edc681
- SHA512
  
  9a620bdf8e44f51197b91c2c1822bebac2f55818b15dbf2f072514a74f46b9245fb8099ec1179ebf875d24c894247074d7630b0f6a3a0538065ae43063122efd
- SSDEEP
  
  3145728:0isR3UqWFXT54Abwop3Nfbv1FYBqQaYuvZU8PzZdzNOWeY:0isR37K4A0MVtFcBQXzr
Score

8^/10

discovery persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  $_32_/LogiKey.pub
- Size
  
  84B
- MD5
  
  859565becf5b01298f8e8a6cbd09098c
- SHA1
  
  8d393bf0a02cb8af072925180a3bfdcdcd819407
- SHA256
  
  9fd6e50b70496abefd36f00e19c4ed48f2484e7045e4094010bfc204891b8150
- SHA512
  
  e411ac9220f584cb3675a5ea9885b0bd32544acbedfef7e16d94171b877450f3030452034d6dc2ad8b0895cac024ad55c23f1795b3f8546c0d9511517a4cf368
Score

4^/10
behavioral10 behavioral9
- Target
  
  $_32_/MSetup.exe
- Size
  
  1.6MB
- MD5
  
  018b7319bc52fce2fefe2324ef2dcb15
- SHA1
  
  1816b27b9edd7aabed4930fa5b2c3740603e348e
- SHA256
  
  9f677ba5f0d63c79ab3e0b3850d651433dab0f0f087073711d954a8e40d0aac5
- SHA512
  
  baebc5ce488a2cc27d70abd9bc6a5f2545e0b807456044d4355e89cbfc277ec3aa77b05a8b06001c16d980073d3da4512bb1efb9d16bb086d1b8cb1ff27e5447
- SSDEEP
  
  24576:l2fRl1XBkghGTMYQbbEqyL353CnQjYd9HaxlSsx5EzzChoDPPFT24I3WEw:lGRl16ghGTkPgt3oBdFESsMHwoDPM4bX
Score

3^/10
behavioral11 behavioral12
- Target
  
  $_32_/Setup.exe
- Size
  
  294KB
- MD5
  
  2f08d63bd6a6b8ab242cf87c5fd310a0
- SHA1
  
  2373187db907db948705f4b78c280f1bc945ac40
- SHA256
  
  5d5ccf2a4184d5413ea4c00c64f03cfb3f0c9b8ccb9d308994088118c75497fc
- SHA512
  
  191437f8155cfebc465690f4763de5f4ade16fd9888683749eec6590fa4787a496895765e4ba1b4382c0d1169a7c67e34fccb8e8edc0a245e9042cf82f643460
- SSDEEP
  
  3072:DTgJTZbFhC3etai/5FAvIYN28LyKVHeaMe4zO4rRKkuFjc9Erm4ZhQ21t5FAvIYB:0bS65FJOv35FJOv8Pc
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14
- Target
  
  $_32_/SetupDll.dll
- Size
  
  62KB
- MD5
  
  6716f4e5ee82ffef2991b925dec0c760
- SHA1
  
  b933f9530d2ad848d212fc1e7c785b520b87eaca
- SHA256
  
  daca629f2fc1c97340f4fe77cf25677952e58a369cfa8953f9f11d599924ed6d
- SHA512
  
  6cacc14831a442508294ef363a44ea7bda6f3383ac9616fdf778af2edca582874c061bb4c4ace064f3920684cab9878742c88fdfff15bbc11f162264712174a2
- SSDEEP
  
  768:8znNSGY6bXnviQtMnTnCOIBiI80Vt+INxe7yO:ynXB3GnTCYGt+IN4D
Score

3^/10
behavioral15 behavioral16
- Target
  
  $_32_/ui/html/FinishWithTasks.html
- Size
  
  15KB
- MD5
  
  0dfb3f52914e96869923b3f5321a0444
- SHA1
  
  25f43ef75f32e94a408c72fe4f375922b459e679
- SHA256
  
  a7a31ce1356f27c8e25feb584f514d95d93b65a3d757d51bf4ce65e22ab5f7b0
- SHA512
  
  c3abde39c9d006e59e0a249a80822c5809f61d4d25e576c45cc319d88e03a707deb3e76904db03d169f267dabe55eb000093445db8938036bcac22480f877ce2
- SSDEEP
  
  384:S6XkJ0In3ipi2YeXHbiD9Hmg0bug3HsqvkqI7bO9QUIXGXgX2XeiF:AJ0Iywkutmgcb3sR5HO911
Score

1^/10
behavioral17 behavioral18
- Target
  
  $_32_/ui/html/FinishWithTasks_deu.html
- Size
  
  15KB
- MD5
  
  0d78b34a4463915850e7b3c1b03bb5d3
- SHA1
  
  a4b863df1f4e5d29071505c9192691ae1d6fe453
- SHA256
  
  2817278f716126ef3415fe1701871dba2fd6318f5deb99785d8fa72e137ac168
- SHA512
  
  f6b507caaaa22b637c66a033383039912aaeb47e00ed57cd2480927573670aff27c377e1784d76f619662b35d3f93d966902771423faddbd16d12c8adb4e4d03
- SSDEEP
  
  384:S6XkJ0In3ipi2YeXHbiDhHmg0bug3HsqvkqI7bOqOUOXsXWXQXGiF:AJ0IywkuRmgcb3sR5HOq7J
Score

1^/10
behavioral19 behavioral20
- Target
  
  $_32_/ui/html/FinishWithTasks_trk.html
- Size
  
  15KB
- MD5
  
  d6f4cc9a81b961362ff9acb0bd2e8950
- SHA1
  
  32aa1c5bda3e646f17c6397d640d709cda68368e
- SHA256
  
  0c018461d75c65328e7559a308d2304546c9bad5f80ce4f1da8fe4736f4b5ca0
- SHA512
  
  c7d6ca708f153b63bfbaf992e0e0df8c46bd1d53d567cf7c4482c2599c88bf7663ee8b19baef43d9c8018b63e36ac0774c29505280fd8f8d45e162f1c18065eb
- SSDEEP
  
  384:S6XkJ0In3ipi2YeXHbiDhHmg0bug3HsqvkqI7bOqyU+XkXeXAXTiF:AJ0IywkuRmgcb3sR5HOqH+
Score

1^/10
behavioral21 behavioral22
- Target
  
  $_32_/ui/html/Install_1.html
- Size
  
  11KB
- MD5
  
  5386604170d65e9d6a20d9967ab55be9
- SHA1
  
  9982c9382498765fbf36ef6e1ceceb570fba3205
- SHA256
  
  08ade3b2f672b6f7afb71309108e2f5509b9a221dc81a5f4b9c320df3e9fc198
- SHA512
  
  9f3ac4afb998776eedc95735eae76b74f11aae70c7cbfe675d2c0afa5307fab799f154e8fbc02a64b6587bdbf1471afbd4b75252cab01b9b5e440ed3845da563
- SSDEEP
  
  192:S6mVXgfG8ix1iuEiEzMF/Y+2i5DiwqXHTiDSlgpo606Au+3HRgcMd1MkOKU/Fto6:S6cXFitihYbihiwqXHTiDggpp0bu+3H9
Score

1^/10
behavioral23 behavioral24
- Target
  
  $_32_/ui/html/Install_Overwolf.html
- Size
  
  11KB
- MD5
  
  d5adcc16fb62612d4d903741a892563a
- SHA1
  
  d6ce93c3d27ebe263a3a76a925fa9a21098f7345
- SHA256
  
  52cee8720c1d65e37bc4a2894ac4a3e06e049bd4a70035c790c2fed47874a527
- SHA512
  
  a3b792f9e2deac79190fcd7c3ec22dad5b388362b4b40ec743bb285abba2c71be63f56ebb35630fda551dd11fdc759f531ca450bdb18cb205997d707225ed684
- SSDEEP
  
  192:bfZ/h4vG2sw1iwEiMlzMF34XHDidWifpo06Aug3H0LSTk/fJAVKUmPK2mFJA/5Fo:LqibiV4XHDiEifpo0bug3HN+qVO7oZ
Score

1^/10
behavioral25 behavioral26
- Target
  
  $_32_/ui/html/exit.html
- Size
  
  2KB
- MD5
  
  0870fca6f1e7dcc2672de1bf5c58d836
- SHA1
  
  072a171ea9d49d355d36f2b635fe3433ca588508
- SHA256
  
  109e0e1d2b4d8603f92a58a42adcf1726a5b2b48ec692ecd96bf4b53916f6bba
- SHA512
  
  0d5507065fd8b30abd61e30d3c2ebea375e4a08fc4835c694a2be31868f3ac92067a8891b76cefaf4ae5e7ebd7a4736b1559bede6ac2b254bef154a019034079
Score

1^/10
behavioral27 behavioral28
- Target
  
  $_32_/ui/html/install_progress.html
- Size
  
  7KB
- MD5
  
  47f66ba544d0fa1aae7293436531eddc
- SHA1
  
  5c4ddef24dc1489c13961b14fa0a02c4f510b5f5
- SHA256
  
  904df03a4eb6d32039235b01cc0aad42b1f42e4750232723a42ffa1e456258f0
- SHA512
  
  6386f57d1db2d8c858ac3055e35ad9d5ee7cd5fa515c2f1e01444fccf1d3abaa7940d239657cc6bfe88e03173e3b00a9c89e37726eac4de751936773815e5d2a
- SSDEEP
  
  192:S6mH4XGAiZ1i8Eik9jfRbeAyEJ0ivdJUV6bH8oUC/iDi6CRkKU/Fl1Of:S64iHicJ62iDi3RkzY
Score

1^/10
behavioral29 behavioral30
- Target
  
  $_32_/ui/js/crawler.js
- Size
  
  9KB
- MD5
  
  0fd5f6bda224e528214795cee53e9241
- SHA1
  
  899b94b06cdf1cafc3f0fea986cdbbf7cd46c307
- SHA256
  
  e7ba1f3ffac3d16ddfae1150137d6f2b250024a6907e88c54629acea075d61e2
- SHA512
  
  30a7bcf6a6cbd3b8e1026a3e88825148abbc8550af2351f915a43c5ef9acd3682935fe117274fb7688d6e4b2d4bd553615e84bddba25293bff2d7886c4e27cff
- SSDEEP
  
  192:vewDt/av7g/DJyhg5SNEHISQYijYaELhGLLlvn1Gr8UMPVRWyAyi/:M8/FyWoShRawoR1c89Az/
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Drops file in Drivers directory

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

Adds Run key to start application

Checks installed software on the system

Enumerates connected drives

Drops file in System32 directory

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32