3a91b62f6264e3bbd47412b8c8fa70efd52d42419f7e4387c8f1ea12f3147fab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a29865ffdcf006b14b68851ce2160a3f
Size

1.8MB
Sample

240224-yfap1acg49
MD5

a29865ffdcf006b14b68851ce2160a3f
SHA1

99a39ed317976663b45b04dc2eadfc2b0ef810f2
SHA256

3a91b62f6264e3bbd47412b8c8fa70efd52d42419f7e4387c8f1ea12f3147fab
SHA512

7af5d14daa093350b3a8d96cc2fbaf9cdc72796bbbf6c620d2291df29ee80d52cd40f3bd3b281d2ced456106281931f3e45817a21c33973a3720b69e5f6074bf
SSDEEP

49152:Dg4lYcK5+t1s2lA+1rnThxfDwp5vlbpufDJOoF:TqcKt2S+1rAp5N+lOoF

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  a29865ffdcf006b14b68851ce2160a3f
- Size
  
  1.8MB
- MD5
  
  a29865ffdcf006b14b68851ce2160a3f
- SHA1
  
  99a39ed317976663b45b04dc2eadfc2b0ef810f2
- SHA256
  
  3a91b62f6264e3bbd47412b8c8fa70efd52d42419f7e4387c8f1ea12f3147fab
- SHA512
  
  7af5d14daa093350b3a8d96cc2fbaf9cdc72796bbbf6c620d2291df29ee80d52cd40f3bd3b281d2ced456106281931f3e45817a21c33973a3720b69e5f6074bf
- SSDEEP
  
  49152:Dg4lYcK5+t1s2lA+1rnThxfDwp5vlbpufDJOoF:TqcKt2S+1rAp5N+lOoF
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  05450face243b3a7472407b999b03a72
- SHA1
  
  ffd88af2e338ae606c444390f7eaaf5f4aef2cd9
- SHA256
  
  95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89
- SHA512
  
  f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsisFirewall.dll
- Size
  
  8KB
- MD5
  
  69f2e8c6fd141e9e720b2c4c366a8154
- SHA1
  
  a6279d93a102b6d7608dced32a36ddcd3e51994c
- SHA256
  
  2e204ee4f1d12b4ca35c8205cea0cabe354f2e79a471863cfb76a7cee83cf107
- SHA512
  
  bf23a5f3ce98e6a1c04fe8ae6b6f385483ceed62470cd109017c97f37c23adbf0203bfb43d09b007c6925aeb5da9617f33bc5c478618f00cc91da83a48cacaf2
- SSDEEP
  
  96:KCQjg8aCpUcmloiwmXaYY8NVxIYn69TEdUc1ND0RrXQAcuAtoFrJxalMu2k:KCQPeip58NjMNWND0RrXYuAWkM
Score

3^/10
behavioral5 behavioral6
- Target
  
  $SYSDIR/remover.exe
- Size
  
  32KB
- MD5
  
  c5e3f373f3b7b834a67a61cd81aae8a4
- SHA1
  
  7608e2bd23615ae8839d66bfec5579cf7fb91103
- SHA256
  
  26362b7501a90ae4dea883c27c852545198555cb83478e21f4bea70895ff5d3d
- SHA512
  
  6e433c4b78c4aa6f38af9ec26c4c25ca648fae70fab7c1ef0e808f06b5b268eced875cbbd12167061e310a03c854284b6279dc6acd7a620fa632fa08e3d0c593
- SSDEEP
  
  768:w0gFJMBrbxJQJFiXDYwQ5NTdKqP5sCOfZ7jrG0D3cjfS3XJ8:wfYBrbzmFizYwUK1G0DRXJ8
Score

3^/10
behavioral7 behavioral8
- Target
  
  BKeeper.dll
- Size
  
  88KB
- MD5
  
  9c90739fda4c7295f9a1a614306197be
- SHA1
  
  c9b100bcbcd9279c200b918f96941d870801aa12
- SHA256
  
  3592fe7d62319d588a2e3dc08a7266df6eb41b3969bf74a921c8537b4eb96350
- SHA512
  
  972ab30e30a31d6f694d038184aaafc2e653eb7d5f32042577afdaa2522dd06728b3e4e4c0e1bb58f4a5bd391866722648c49d3254d5865c1ecb687e46f60492
- SSDEEP
  
  768:rSyPC/twZf5MEEUcyo8IwRArhNC+mNQKohpGc9EI1wHXWdHm7DJbNn4ZB9CwCXoG:rSyPZxqf8j8t9EuwHXWM7dRHwft+eE
Score

1^/10
behavioral10 behavioral9
- Target
  
  Searchhost.exe
- Size
  
  1.7MB
- MD5
  
  8aa79ffaa4122e51ad3d7c7e4ab43f21
- SHA1
  
  999a829c05eab13a078ff7f58580c4454101f914
- SHA256
  
  9ee8bf458ed0f90af0e2e299023784da4c9c76a31d8da8e1a39eff7b5f6ab951
- SHA512
  
  cdbe2d47317793cae79925a7882aed737592c9ee73c41fe99ba61ef3277077a3b5143db8350b456d37d325ef73bd8a8bde7b4b054dd0b4844805242140c08e7a
- SSDEEP
  
  49152:dng25o3IOnEx7yJRmXZSWIv0WXsidBYsAU5NyuVzU74uMeX7P:Rzo3hEx7QRmXZSWIv0Gs6BEU5supU1MM
Score

1^/10
behavioral11 behavioral12
- Target
  
  SearchhostUpdate.exe
- Size
  
  1.7MB
- MD5
  
  a1ed2891f6119cf42f62117a3715c729
- SHA1
  
  4fa7f357308447d922f4b0ead18006f5f608f108
- SHA256
  
  b72e2cc3baac8bde29ff9f14cad3c483ba6bf27fd74eea18719ef1b13082f410
- SHA512
  
  4187acc4b31d397b46902411839bde4195ecfc0596b392b5c8d6eea5f79ef17bd0b009025dacab59b1ed4f3c3a0698a77368cd48bc4119699254f6791e0b1b76
- SSDEEP
  
  49152:Z8Cy3H/oRBRpXiJcy/d7h+2pprNWnNPTq33w/62e49PF2:ZHGoRBfGcud7h+6pINPO386odF2
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14