General
-
Target
Performance_V3.zip
-
Size
34.4MB
-
Sample
240303-x7jxbaeg7w
-
MD5
b8dd3673b6598128a240a9b6fd35d721
-
SHA1
46e6a590793a7e6831f551b088d438f6f9ce9ce3
-
SHA256
0d4b8ffecfb9257cb67f67ffdbbe31e331676bf91dd2f24d0d3ead1d4e77da5a
-
SHA512
f0e858f89ac04f4767c0b20579a1463829c28397c31bf64aa733ca960dc79aafa1bde1dd764a2461bcde1f6cbbeeafe725bd986726d71b879a84fd4338569b16
-
SSDEEP
786432:IIM7BjJUvQDDQi3eb2W51eeKMBGYjfNM0J+NjpLZRVpKx+sJE:ItNjJ34elgmNjQx+sm
Malware Config
Targets
-
-
Target
SetTimerResolution.exe
-
Size
134KB
-
MD5
b74c54b371ecc63abcb6b5ef839ba35a
-
SHA1
9cf7898b33a94b183ff7be491d5e7eaa9933174a
-
SHA256
6da88784280eda75df911a43b7e6153921af308a269d39333b6683ea0dc679da
-
SHA512
383d76746f0d1eb960a9bf95932bfe0f023f0e413ec87c4dcbec5db0d1440e541832690e5801cd1bd223ed35a4cf6da329916351c7dc36d4c9b0e0ae6bf89365
-
SSDEEP
1536:MM9WcZUWV+vTr3yQq6lqEYBwhVGD05QQW6CIGmlwCU3EYk1NOpMw/MYk11M:TZUWEjBlqEEwhVGD0Gm26N4/i1M
Score1/10 -
-
-
Target
Windows Cleanup/[1] Cleanup Windows Files.bat
-
Size
32KB
-
MD5
ab9dd2eeb9f64287bc4609338490e172
-
SHA1
da2b5f39a9559d022a23b9f154878265f2c75bd6
-
SHA256
14ca8c8b13194c854ea1c7997c72202e4c5ceca94cb90a83515fb3e03e483b9b
-
SHA512
5f2f6ec46ab615837c0aa4874b01bdb1364efeb1d2725329800d98782d00451b4861547838547b7d623933316cb978d2add138f245ade8dc50b24c31895fe9e3
-
SSDEEP
384:1Suf4Xi9m+SHBOs/Kfs5ftYfW1I2r2xLJ4Dubk:1SxOmVhOs/8sptYfW1I2r2xLJ4yI
Score9/10-
Clears Windows event logs
-
-
-
Target
Windows Cleanup/[2] Cleanmgr Setup.lnk
-
Size
1KB
-
MD5
a0fa9680514174eaeb52f9152155986f
-
SHA1
69525ba052fb510aa599eb7e5212624fcea6d976
-
SHA256
25ca11cbad9337b46f466bd2ad67b88a13f2e41045ac5943f00b7717fef8618b
-
SHA512
126e6b6f00f3cc32143cf65fc4a59c4fb864b910793a5eb9a27be7eef5d86a661d2161095b98a36331fde554d3cc37115cc24a403242871a68b2d4a7d2d3cd6e
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
Windows Cleanup/[3] cleanmgr.exe.lnk
-
Size
1KB
-
MD5
fdab81f65b646df48ca7ffe7547b65a2
-
SHA1
4d14b15722a0cca9b1c1c0770e61337a29f5edba
-
SHA256
da4a6acc267bf5557365388477c4762497e4a32b9e88d1b42c29260354280ecb
-
SHA512
4b36b5f0dec30cdddbf3e730a17a45b0eeae6ab40b1336b45f822f8a645241a961bb52231a731f44786d277eed390077359f21ccecedd4d0708a4301ecebd7e6
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
Windows Cleanup/[4] Device Cleanup.exe
-
Size
62KB
-
MD5
2ec511795d17b52a0db89b75ab9a418e
-
SHA1
5a2837230ec182847d4b1caebb8b325c1bf30f6b
-
SHA256
e025507cc9fd0e04ddc1d7af4540a55ddd5fc89695573616f2340910eedf5019
-
SHA512
557f524730af3a410a3f33bf81eef4b2b2de5d3f8cbabc8da5f02f26db7d30c6c50c190276294b8d16a88f673c7471c7b11184b5dce15a71071a31d33224bb3f
-
SSDEEP
1536:XEvb9hOqvymdjrMcTCu9hNZ8TMqnONFKFioQ+45VZ:XcAqDccTCYW4qnONF6WXZ
Score1/10 -
-
-
Target
Windows Cleanup/[5] adwcleaner.exe
-
Size
8.4MB
-
MD5
499bcaa7a529ae7611a8a3beb9a91cde
-
SHA1
281aeabb2836d8f41ef50cdc17e4dee758819aa1
-
SHA256
58e6ad768d5df89dd9deb8755a0b64d631543716a7175228b23a6bdb91fa31cb
-
SHA512
ce96d7751f51cf7ba6a6101e68ac787c069fcd4c8b6a6eebd11583df7366ea573b4701d0a0855460ce3d3bf825d376b747a1f05d20f3537203aadbc847a8aa15
-
SSDEEP
196608:L7uWiAQA24KZnAjiQzvNah5etxxM6fffmfSdHHvRW9L84ralQlhpjw:PuXAjKho1hxxXff5tRW9L84hBw
Score7/10-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
[0] Create Restore Point.lnk
-
Size
2KB
-
MD5
776c8666438d8b13c41b5bbb7e45bff3
-
SHA1
fe73c06fe8d30edc93bec1e474d68237736c751e
-
SHA256
1beb626ba6128540d3c931c1b9cc07a9394ee8fe57cb36bbf4ae59cf0f2a31f5
-
SHA512
f1dfec0c2f65704b375a7f1ae9e0fd8d735a7f9a20df9a8c26fa8d8496bcecb5b35f425169e0d6698432603ea4d8f160ff781d5795a2cec4991b65a79e8d0703
Score3/10 -
-
-
Target
[1] PW Consumption.bat
-
Size
42KB
-
MD5
564c11105ec9f0fe1b4188aa16e14669
-
SHA1
97fcce6f2d3fe77180655ea00a47b002fd87295b
-
SHA256
d08de4ef714a4721e0702a57989778730ab81e4e8f50e5babbd891e537070598
-
SHA512
29367ced739be5a1d63cb09629d25a3a6faa68ee28945a7a074859e293b140b392e189c38d10dd0e25b5b50d677653092ecee3215f02cb13936a382c6a02cbbe
-
SSDEEP
768:9zqWz7Q3GixbQ35HN/UfIS8XNPBiwmBLb1svxnF3A6uk9ppdhZKS+2/a24gdYcd2:9LX0
Score1/10 -
-
-
Target
[2] UnparkCPU.exe
-
Size
876KB
-
MD5
254fe03a202beb7d68bc322f200a480c
-
SHA1
8b7b41baa2f7fa830b52a4f70641d6f933018c7a
-
SHA256
8fce32ef6687aeb691c1a9427cfbf11fd6e9c0407bb8dcbab1f839d88077172e
-
SHA512
e69df4072539a443fef25bd4a061ff832e905b30789acd683b982f0c98636830af29ed84f2e11c0f074ea7bc7b2854adb9cb2f8d9fdd8c4496c5f952ab39ebdf
-
SSDEEP
24576:P7n9hdfIh7UlrVCReU1VijlsVCReUiaiU:P7n9hdq7Ulr4ReUfijls4ReUhi
Score1/10 -
-
-
Target
[3] Windows Stability Installer.bat
-
Size
43KB
-
MD5
9d9cadacf6e54eb9fccf7acf93f8079f
-
SHA1
77a3049753895e520db9976952a93a5d9bb223db
-
SHA256
9b2a4f9f0cccf747b0a972659ed87f81daabcd1ee0004f11b399b6884c5b697b
-
SHA512
659a71d1bc16e18eaab95201a6018b798ebff1954182c31a2696d60cf9c430c9ce061058e246af18a674292a3efaad6a9082dcd19869601b184ec3278739be7a
-
SSDEEP
192:ptH4WxCKLEvi93bbKcEqRnsg9TSwlz7HGdznPYtEoM/jT+LacjEDRBNjAjE5syYc:ptHpxEKtboksg9DHazP3BFEwEXDuOxmt
Score8/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
[4] S-Timer Setup.bat
-
Size
37KB
-
MD5
f21e87eb93952e2a86176a42ab9a8d2f
-
SHA1
081e25c2f5126a0a89abb329f5331b612059b290
-
SHA256
870790458076c212623be6ece4afb76e664527842d433a1a6722fb1ccec83eab
-
SHA512
9356d57a8f76d6435dc0287d0c588a55aaddecbff05880ee37c5b62e5b9ecf5bb7e3424796a35cc35a8bfb2e7725625dda0d706d63d9948e39cf2992fcaf07b9
-
SSDEEP
384:Z1/hRAeXQqXpjGKKKKaBkeBwnPLZL/yq3YmwULZSO1WYbmsfQk:Z1/hRtAqXpKKKKKaBke+Wcr
Score8/10-
Stops running service(s)
-
Drops startup file
-
-
-
Target
[5] Input Delay.bat
-
Size
95KB
-
MD5
bf7b1f5d7fb0ba2de507986076cf42ea
-
SHA1
5d3e992968693dd42b9346582da4a86098f1c490
-
SHA256
d4d74243d8af24bdcdd5675ed7f2c06271ba1422b63130a08a94937a7aaed5ae
-
SHA512
c1e48eb6c13291a1c9917139c7d774b4d415b0c49906cd326fb9dd7abba2bd4669260dd208f476d45579d82dcc65b385ca901743a6a29d3f8ae69d97fb3de8eb
-
SSDEEP
768:5/UqgNcx3d/t1ZvX10F1m7uqJnSAEYIkOvqFMdgyk/VNH:5UQx3z1I/m7uqJnSAEYIkUqFMdgyk7
Score1/10 -
-
-
Target
[6] DTB.bat
-
Size
128KB
-
MD5
a2f025e563de8260837ac8917f9f091c
-
SHA1
0b5b28b345b4029ffc95cec921ff701fdc69f595
-
SHA256
f83a9b47af2139a46e2a030313574f4c489d81119ce7aeaafd68d72e566a3954
-
SHA512
82ac6b16c601f942ee4f1b4e72ab9626d33c645ff2de4f7709f6a5183c29d25306cdb5d7308c8b3c7e0eca19ac955bfa20ea878c135b9cdfd0a48b5728325c57
-
SSDEEP
768:pl8Ey8Lp1H1ba2f4DUoqTsHaddjWpN1jy/CzYmOMwQ81jfiQWXtkbBZtXTxZLNdf:AEy85bIG6s5o7a
Score1/10 -
-
-
Target
[7] Wub.exe
-
Size
776KB
-
MD5
585c5000d1a851b295ff295389d7aa1a
-
SHA1
191f4e93781aba9bf81565cece0046ee599c0633
-
SHA256
15fccf8c018bbbed14664d5a5528cdf087b9032543be2169d78ab25d141d2b2c
-
SHA512
0ba2bbe8ca98e650d6f683f5700b44c11d30e3a5ef4b323a3a2aaa35f466401d808423cad4d497080c4bc9ec080e9a4f156ede3d651d3a718abe2307bc09a6b4
-
SSDEEP
12288:EaWzgMg7v3qnCiPErQohh0F4CCJ8lnyKQbv8HzqjqlG:baHMv6Cjrj+nyKQbv8TqjqG
Score10/10-
Modifies security service
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Defense Evasion
File and Directory Permissions Modification
1Impair Defenses
1Indicator Removal
1Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1