ece8a18ca4213a95ef9b7d6f9bf18b81572c159cf2c7a836d70e2716cc7253da

Sharing

Copy URL

Twitter E-mail

General

Target

Danger.rar
Size

52.1MB
Sample

240302-pwl9asde86
MD5

4eee75c79e2f8d4b6ed353e5dd000d48
SHA1

09335368a0ad332b9c1c436dc59b2cfcb4ffa362
SHA256

ece8a18ca4213a95ef9b7d6f9bf18b81572c159cf2c7a836d70e2716cc7253da
SHA512

9460b8d1584ee4d587fb5b12bb30bfa7d636e472386e6cbbcccf0cce87f1fca5ebea5e6ea09d0274eadbf90900887576108d48bc7fa5c590826b7b5ee7bd4a04
SSDEEP

786432:sCw4jIIk4AN6o6JWCRCLz4NFMqt9+26UgRY5YYnDEWERCWOcKoMIcCM7lvbsZTMU:s/T4hJZRCgMkg+5HEPRCXCWKZYpzoKG

Score

7^/10

discovery upx

Malware Config

Targets

- Target
  
  Danger/Danger.exe
- Size
  
  93KB
- MD5
  
  5bbe037d7194508d83c28a01bf2dcf85
- SHA1
  
  ef36d69adb37bcb057e2b8982d0155cb147703a7
- SHA256
  
  237e4dba5a854dbc405369faa5290c2c5e238eebe9a78da1ab61e07332a44e22
- SHA512
  
  d00532b03a998d42f2f80bf9c5cf51fce4af14eb22501f25fb24061a9589ab4efcb2a7977317197fbda3f313d738b889f17c43147dbc16322f08662b153ca4e3
- SSDEEP
  
  1536:37fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfew9/gOm:r7DhdC6kzWypvaQ0FxyNTBfe+i
Score

3^/10
behavioral1 behavioral2
- Target
  
  Danger/Danger.exe.lnk
- Size
  
  754B
- MD5
  
  3aa93f1683c12eda4052f23f41dbc3f5
- SHA1
  
  b7882957f4dbe44635090b03549e4caf46904f95
- SHA256
  
  0f910c6ab06b9a7b71bafd53fae092e83fb260f91e6b2046938aa8d3028b4d6b
- SHA512
  
  8ba33c3c408780b613ec2f26823383e73d316c59f9463bfa703652b1dd86e639b96c5b1d56d9c81da61ee431546216575d520b357d0bf8af686b15606255f1ac
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  Danger/cmdbkg.exe
- Size
  
  24KB
- MD5
  
  36050e30e659b685501bbcb1e91eaa80
- SHA1
  
  c9bafdbdc725aea0342c201a00f829162c69ed64
- SHA256
  
  c616f22db40d43f720cf95fc99cfb2676fa9eccb7990e28cac96fedfed721b01
- SHA512
  
  a9f5751b9694337df9db3ce58843fb4b6cd2425115b2e8009bc372b8b154571ae3d13130c54b9a57c9c1a3585f7c4d0ba3f953fc2a727be0beb4283cff336a23
- SSDEEP
  
  384:56XVcKT09UyflHybR02faEE0zw26o73IhLcLa6S31s4t4mq97uSKl2J30:0cKTmflSRVf/E0kfZcLi1Lu30
Score

1^/10
behavioral5 behavioral6
- Target
  
  cmdbkg.exe
- Size
  
  24KB
- MD5
  
  36050e30e659b685501bbcb1e91eaa80
- SHA1
  
  c9bafdbdc725aea0342c201a00f829162c69ed64
- SHA256
  
  c616f22db40d43f720cf95fc99cfb2676fa9eccb7990e28cac96fedfed721b01
- SHA512
  
  a9f5751b9694337df9db3ce58843fb4b6cd2425115b2e8009bc372b8b154571ae3d13130c54b9a57c9c1a3585f7c4d0ba3f953fc2a727be0beb4283cff336a23
- SSDEEP
  
  384:56XVcKT09UyflHybR02faEE0zw26o73IhLcLa6S31s4t4mq97uSKl2J30:0cKTmflSRVf/E0kfZcLi1Lu30
Score

1^/10
behavioral7 behavioral8
- Target
  
  makeall.bat
- Size
  
  123B
- MD5
  
  e0a8721b23939d56b6e55b1b27a23570
- SHA1
  
  ac33cd4d2b3a9ab02a34afc212e9b7fabfe25fbb
- SHA256
  
  c02e18bcbc68984d751699ba9e740c591f6a70a6e5ff7d8ee5f5b1bf0a38b90f
- SHA512
  
  b4be3ce8db6029445e9338baa846f70df1756cb6b113f80b6ea5a27069d2cfee487e04c04ae8640eaa24ceeae6855d1348503ec9759d2470bec7d47889245d87
Score

1^/10
behavioral10 behavioral9
- Target
  
  Danger/makeall.bat
- Size
  
  123B
- MD5
  
  e0a8721b23939d56b6e55b1b27a23570
- SHA1
  
  ac33cd4d2b3a9ab02a34afc212e9b7fabfe25fbb
- SHA256
  
  c02e18bcbc68984d751699ba9e740c591f6a70a6e5ff7d8ee5f5b1bf0a38b90f
- SHA512
  
  b4be3ce8db6029445e9338baa846f70df1756cb6b113f80b6ea5a27069d2cfee487e04c04ae8640eaa24ceeae6855d1348503ec9759d2470bec7d47889245d87
Score

1^/10
behavioral11 behavioral12
- Target
  
  Danger/nmap.exe
- Size
  
  27.8MB
- MD5
  
  f9e753cccea0ffae6871dc65f67d3f89
- SHA1
  
  ab2de49f90330cc3b305457a9a0f897f296e95f4
- SHA256
  
  f1160a33fb79c764cdc4c023fa700054ae2945ed91880e37348a17c010ca716f
- SHA512
  
  0c6f6c14ecf8ef028e6a556f58e720321a7808b0a1f602e019f6b21d9cef970424185c27e7647368d2fca256d47844310d76d626209d406a961d048063410d1d
- SSDEEP
  
  786432:eCw4jIIk4AN6o6JWCRCLz4NFMqt9+26UgRY5YYnDEWW:e/T4hJZRCgMkg+5HEv
Score

4^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  22KB
- MD5
  
  17c877fec39fc8ce03b7f012ef25211f
- SHA1
  
  61adfa25cbd51375f0355aa9b895e1dc28389e19
- SHA256
  
  dbb0173bb09d64ca716b3fd9efb0222ecc7c13c11978d29f2b61cf550bcd7aba
- SHA512
  
  45c44c91bf72d058fcba93e7d96b45fcc3dc06855b86eca0f463aa4eeafc7e68493e33663c68fd3fdceed51dd0e76d3493c47da68a3efdc25af9e78c2643d29d
- SSDEEP
  
  384:ENC43tPegZ3eBaRwCPOYY7nNYXCg/YosaGqZmZsHLOtNUShHzer:EETgZ3eBTCmrnNAow1OThHzQ
Score

3^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/npcap-1.71.exe
- Size
  
  1.1MB
- MD5
  
  40cfea6d5a3ff15caf6dd4ae88a012b2
- SHA1
  
  287b229cecf54ea110a8b8422dcda20922bdf65e
- SHA256
  
  5ccb61296c48e3f8cd20db738784bd7bf0daf8fce630f89892678b6dda4e533c
- SHA512
  
  6ac4955286a4927ce43f7e85783631c9a801605c89a18ba95dde34d90eecbf4825b09e116890c8aca8defff767ad14843303dd557a67636bed1f1709b5399024
- SSDEEP
  
  24576:AsYWFL4QHgF62xcgglC74wf9M3pK/Sn0Oaz+yruSOnN:1L4QAF6CFhl1Msqn0Oaa7
Score

4^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/vc_redist.x86.exe
- Size
  
  13.1MB
- MD5
  
  dd89ae7bc09cad5648524905d0f53214
- SHA1
  
  29e23dd7c19b03eb59304f9d1f8e7209c1167348
- SHA256
  
  cf92a10c62ffab83b4a2168f5f9a05e5588023890b5c0cc7ba89ed71da527b0f
- SHA512
  
  7174a4c0c90beef6c091f3b1065fd951c2ecf16aa6170af56c2b226f4d352f90e13afdb6bd3b61f81f0b1050482f21d3c3b61c0de379277459e4c966ec9e823e
- SSDEEP
  
  196608:oRjAHGflpQcIIS/Rj7BWl+aV8t8z72BxBwBgO42kGVfeiZUKcSqKLNeW5xg3lU5V:IAH4lptVYmfr7yBG/41L8ncSq68fUZFX
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral19 behavioral20
- Target
  
  Uninstall.exe
- Size
  
  91KB
- MD5
  
  90b1b099b5fd9086719789dfe32f0b6b
- SHA1
  
  070136f25ac7c2fee9c2e6e2eecd19010896ecc9
- SHA256
  
  1254968ea65be6a3e69c7918864e1562c89cecabe2c9a379b7508464e4446815
- SHA512
  
  6e382da313492bd65170ff5a9763aaf222ee6ae7e8f4f1c7bc813597241983a02d88913a0bb72d255b23ad46656d04138edd6a5660de69ad3f298d155973f807
- SSDEEP
  
  1536:ap7wb3pTIvjzcfpcp0DVJ4uAvgdLeAyNs5TBG4Tu5:ap7Y50jwhDVJ4ueceAZS5
Score

4^/10
behavioral21 behavioral22
- Target
  
  ncat.exe
- Size
  
  319KB
- MD5
  
  c43dfd320fd77c77378f65c5090ec034
- SHA1
  
  0d2156b89eb122ec4a735610bc5c96e31debfe71
- SHA256
  
  269e59fc701c7e0b02e2f16f983619ce49a1f579080189da7f659fa19fc44be3
- SHA512
  
  93fafb8562212005eb779bcd6647d130c2ce9600b49a6924c733e782d37b53db23f60cde6a5739893630722abe000b381390fb570c5766702e405704d1586f2f
- SSDEEP
  
  6144:MjqUB8rL7lE4T4XSZc+HxZaUzw+kKNXBw6Zfpos9R5IYd08EujEfAjfTOVBO8ODi:MjqUB8jlE4T4XSZc+q3Td6ZpoQ5I18E9
Score

1^/10
behavioral23 behavioral24
- Target
  
  ndiff.exe
- Size
  
  30KB
- MD5
  
  641c20acd8719456d1480ac90122d5ee
- SHA1
  
  95ba489a1c112589ad695b8c96f6569e6665ac08
- SHA256
  
  0ba1295afc0e5205541777ff5bd565e46ab40c5b9c4f425bbfceb800d306d8cd
- SHA512
  
  7473e0ea9345dce9d93ee4074da1537c8cd39813774a3776c99e796b3c8d90ec1e9c8c26924dee588e08f7fa27e59452add51635e9e68c214df3ac8cca25c7a5
- SSDEEP
  
  384:yYn2vPeqUfmEZ+nUn0fJCfMdXWgugoL2R3dwmgo6rEqZmZsHLsL4i/8E9VF0NyX7:yxPeqYmEb0kUX1dwzrV1aeE1
Score

1^/10
behavioral25 behavioral26
- Target
  
  nmap.exe
- Size
  
  2.5MB
- MD5
  
  44a76099c27420bd3d4c34a1a97bf04e
- SHA1
  
  b10bc46441b9c26740cc1a3b58353fb138ffa789
- SHA256
  
  780556634c875b1ecd721d3747194de3a52a674988379e73586ce7e167349c4a
- SHA512
  
  979df2de47f1792d40b82deb16dbf42c09576840b0c6cf0def9925955317aede0e662f3f2b0e7bc941e1edacef9c7c99a13013f64f5da2e1a038f3869f270891
- SSDEEP
  
  49152:FpmDh9XtsBBU3QA8mpjyLo82vx40jTlz4TbSY:Dm6apjyLofvuH
Score

1^/10
behavioral27 behavioral28
- Target
  
  nping.exe
- Size
  
  341KB
- MD5
  
  65531dd63aefdd34ec234be055dd8a41
- SHA1
  
  8f47f20dd3af040cc325c89f85b2a65e21eda5df
- SHA256
  
  0c7b54a1056937bd4887dd5b7342a1b3165bbe89f6e3ac9b2746deaf704ba2fb
- SHA512
  
  f7b44d73029497be627cfab372fb825953ccdc8dc98dabdb5a5519f3188c20d395282dd8c731707d96338189c91c234847097c05a60f3ade0f3556de5a30bdf5
- SSDEEP
  
  6144:GET0vC7UU/WCu2wJpLiHLrZT8K8+t2lTlUfqjRkeKnd0:zT0vCbnaviLlT8v+uPz9
Score

1^/10
behavioral29 behavioral30
- Target
  
  nse_main.lua
- Size
  
  48KB
- MD5
  
  31c5db65292ff3684af1e3936ae9d80d
- SHA1
  
  7e77ce9c32c6abdaa45aa02b758e246abdb310f4
- SHA256
  
  98f3540719259de9f567d6b208632241df0e43dac79e40a789e87ab02168fdd9
- SHA512
  
  5bca0cb5f0a1d2947063b45f87b3e1bd22b0d3f7c5c251d8cab11986b29910d2f533bf8552e0dbd81571dc22f6bdbb9656dd416c826ebf4dd9e70b1f60f729ce
- SSDEEP
  
  1536:BSkuOe7cBRf85iPMVlccWfYeaEVoOCZ/73U2vzWyOPN:AkuOe7yRf85iU/cc4Yg+/73U2vzWXPN
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32