a0cb5554307e10606f04ea9ffa42b6e382bc874fe5a42be5347f91569de9f115 | Triage

Sharing

General

Target

a0cb5554307e10606f04ea9ffa42b6e382bc874fe5a42be5347f91569de9f115
Size

4.3MB
Sample

240224-dpnyrsgc5x
MD5

32e79981baf2a0a95dbcdb973c6eb4f7
SHA1

d4e0f4f6f9ef7f3ddb5a3b1a6eecb4afdb40b9f4
SHA256

a0cb5554307e10606f04ea9ffa42b6e382bc874fe5a42be5347f91569de9f115
SHA512

a93580a472d78d1629818aa90b42ca178b5c3ceae2d393c30c3b52680d729236d732407199f188fcbfe5bde32fe408a405f54cac08aecf87afc4ec95846d1a54
SSDEEP

49152:vM7OO75f2R6Hjz40wOUNvzsaSSq7tceaMget9WD5W5VN+JCuyz9p7kuc7ioYRpum:+fAEHbwOGz5ytu/scOoYOQ0DdUvb82

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  a0cb5554307e10606f04ea9ffa42b6e382bc874fe5a42be5347f91569de9f115
- Size
  
  4.3MB
- MD5
  
  32e79981baf2a0a95dbcdb973c6eb4f7
- SHA1
  
  d4e0f4f6f9ef7f3ddb5a3b1a6eecb4afdb40b9f4
- SHA256
  
  a0cb5554307e10606f04ea9ffa42b6e382bc874fe5a42be5347f91569de9f115
- SHA512
  
  a93580a472d78d1629818aa90b42ca178b5c3ceae2d393c30c3b52680d729236d732407199f188fcbfe5bde32fe408a405f54cac08aecf87afc4ec95846d1a54
- SSDEEP
  
  49152:vM7OO75f2R6Hjz40wOUNvzsaSSq7tceaMget9WD5W5VN+JCuyz9p7kuc7ioYRpum:+fAEHbwOGz5ytu/scOoYOQ0DdUvb82
Score

7^/10

discovery persistence
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Checker.dll
- Size
  
  41KB
- MD5
  
  38c79160cbe66696a1fb49a77e9383cc
- SHA1
  
  a113f19a56e3d8a3d814687e8e42b499f1d199fd
- SHA256
  
  53323700e396135f41119d39d3080fad00da9d60e72a04a7f91b3c22464ca24f
- SHA512
  
  7aa2353d29b4984a4cd123c78dc0e0db71000fbdb2a10cf61a781235c40fff87520a850dedfac07675dd35a71bf9b7f6bd3763306fe297179ff2b95276edee33
- SSDEEP
  
  768:bNZoBQfjXtKahyIXlQWBh/GxHxn2hEDVyx1jZvs9FN:bNZwApK0XlLYd9o29L
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  30a8c8e0e35d7d036fea63ceca28b462
- SHA1
  
  e3e15d822bdd5e98c80e9b7c00a476dccbdc6eb6
- SHA256
  
  de1caa5f3a80a5cfffe6d475ca3404b8928d57c8adba49d89b13fe95ab2ee50b
- SHA512
  
  f68f6922352ed2c834bc0562681ef740c54bd430cbbd66bb6d5534fd146875b0a9937e98925727a8bd9dcad3d5e99322de13aaba231999d8c7608526a8adc181
- SSDEEP
  
  192:g46k30R+dHp4TaQm1QukrdWWmUOWDNsrwJBsLLvjCK72dwF7dBOne:Z6k30gdHp4J6Q0lXLvjC+BO
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  dd87a973e01c5d9f8e0fcc81a0af7c7a
- SHA1
  
  c9206ced48d1e5bc648b1d0f54cccc18bf643a14
- SHA256
  
  7fb0f8d452fefaac789986b933df050f3d3e4feb8a8d9944ada995f572dcdca1
- SHA512
  
  4910b39b1a99622ac8b3c42f173bbe7035ac2f8d40c946468e7db7e2868a2da81ea94da453857f06f39957dd690c7f1ba498936a7aaa0039975e472376f92e8f
- SSDEEP
  
  192:VFiQJ77pJp17C8F1A5xjGNxrgFOgb7lrT/993:97pJp48F2exrg5F/9
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/Zip.dll
- Size
  
  76KB
- MD5
  
  fd8a671b583737fc97a1aaf5e1dbb951
- SHA1
  
  2abcff5ba2895124277af330a08fc4e4357e905a
- SHA256
  
  db29086b5eb3bcbc846c5f8de503d5f0cac21f61c7855510e75e09016ebfc13a
- SHA512
  
  25104a8cd1f75a9a7200a65134cd071a70e8bbacb42b93db0f1b75324307bceaeaacc693b0d68572043cd1c1e63c47e11ac99477b709c617e789c5a9b745c8f6
- SSDEEP
  
  768:KqzEOfLo2T0pHES42P2wsSrSlAKL0RvTZTEeo9L1Po0OQuiSKcKysNU3her9dohB:KhQspHrXK5eKO5KysyxAd4CER
Score

3^/10
behavioral10 behavioral9
- Target
  
  BackupAlarms.bat
- Size
  
  70B
- MD5
  
  c8bf8f5a39c3cd41974f240de82a0e75
- SHA1
  
  f37b3319d1349ddbc34a3229ffe5f567e845c058
- SHA256
  
  cc51c20ef9133b8b13f5ddc0464679b81677413cf34a5b70785abfef857367b5
- SHA512
  
  0896ef062c1a738dfecf0c40220304c02c602169afc7f8cbb99e8943af6d46033441d8da8d1237d62abd0edbd92f400be0685b8cc09a9a26c91fd5554c78a0fb
Score

1^/10
behavioral11 behavioral12
- Target
  
  ClocX.exe
- Size
  
  2.0MB
- MD5
  
  2943a5a31664a8183e993d480b8709bc
- SHA1
  
  e7c28c1692073cf3769b61a8b298d09497d2a635
- SHA256
  
  282397f5efc6b5a517881350736901620649c3cf0a692423cf77b9093f933e8b
- SHA512
  
  f6dfa47d02dc9d1d874b5618c354961ea70e7c5223c27efeb530dbcead610aa8255dfeefe3a68325db9b00ac9df6a5519c885f91ecb82e582bbfa34364cd3518
- SSDEEP
  
  49152:g6vznGwXRuYl294VVamxwoWVXOSLsJelqJ1cya/caqYY3MSV2Uu:bpXRu594VVajoSXOSLielqJulc1YY3Ms
Score

1^/10
behavioral13 behavioral14
- Target
  
  uninst.exe
- Size
  
  52KB
- MD5
  
  3387961372fe91c2cc69b53180cbfee4
- SHA1
  
  ede6fb0d2319536efca218d461425d2addffd88e
- SHA256
  
  dad57975be6833c50d32ee77212addf11a80195d82365ade6042234e492bd845
- SHA512
  
  f6551803b90934a5555587bc81b4758b21fc8bad1653f298846e2195c797932893d761249f9cf527e95809ffc0bfd785872f0b42f56e8adc64bdb06c63f09c5c
- SSDEEP
  
  768:EGn4o4BL/akfpI1nu0LXGS8BPfeyWMZtuHvwbtOuIYdPc+92TUXr6fJkdn:D4hwgonu0fJytuPwbdNc+9aUXr6fJon
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16