Overview
overview
8Static
static
3LoggingPlatform.dll
windows7-x64
7LoggingPlatform.dll
windows10-2004-x64
7Setup.exe
windows7-x64
7Setup.exe
windows10-2004-x64
7UpdateRing...gs.dll
windows7-x64
7UpdateRing...gs.dll
windows10-2004-x64
7de-DE.dll
windows7-x64
1de-DE.dll
windows10-2004-x64
1msvcp140.dll
windows7-x64
3msvcp140.dll
windows10-2004-x64
3vcruntime140.dll
windows7-x64
1vcruntime140.dll
windows10-2004-x64
3wtsapi32.dll
windows7-x64
7wtsapi32.dll
windows10-2004-x64
7out.iso
windows7-x64
1out.iso
windows10-2004-x64
1Screenshots.lnk
windows7-x64
4Screenshots.lnk
windows10-2004-x64
7__TEMP/Log...rm.dll
windows7-x64
7__TEMP/Log...rm.dll
windows10-2004-x64
7__TEMP/Mic...nt.exe
windows7-x64
7__TEMP/Mic...nt.exe
windows10-2004-x64
7__TEMP/msvcp140.dll
windows7-x64
1__TEMP/msvcp140.dll
windows10-2004-x64
1__TEMP/update.dll
windows7-x64
8__TEMP/update.dll
windows10-2004-x64
1__TEMP/vcr...40.dll
windows7-x64
1__TEMP/vcr...40.dll
windows10-2004-x64
1__TEMP/vcr..._1.dll
windows7-x64
1__TEMP/vcr..._1.dll
windows10-2004-x64
1__TEMP/wtsapi32.dll
windows7-x64
7__TEMP/wtsapi32.dll
windows10-2004-x64
7General
-
Target
15577348643.zip
-
Size
6.8MB
-
Sample
240304-kgy74afa44
-
MD5
c6d75a79ee2f175e3148f5c43d11bdaa
-
SHA1
964705b281eb6264297ce5964c2318050d554a6a
-
SHA256
92568303c5f9880d3c36c8f1e25516f1d51809598394fcc3b39f3cf36afd03d5
-
SHA512
00c15bab8f71d15377d7662e45ec07bbd241e9de76457ecab3d98500264a1748c35b80b58a2cda46e1bf65fdb8c03e4b8f0e279bac4140350679719297328fe0
-
SSDEEP
98304:HLc9uhMHWHf2gqDRQvljysEbsqTXJKN+Rs5SPV8HUGtemP20goIN6bSZsManyiBK:/h8W/2E9jy1JKNO98HUGnu0S2ByaYT
Static task
static1
Behavioral task
behavioral1
Sample
LoggingPlatform.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
LoggingPlatform.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Setup.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Setup.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
UpdateRingSettings.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
UpdateRingSettings.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
de-DE.dll
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
de-DE.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
msvcp140.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
msvcp140.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
vcruntime140.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
vcruntime140.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
wtsapi32.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
wtsapi32.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
out.iso
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
out.iso
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
Screenshots.lnk
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
Screenshots.lnk
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
__TEMP/LoggingPlatform.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
__TEMP/LoggingPlatform.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
__TEMP/Microsoft.SharePoint.NativeMessagingClient.exe
Resource
win7-20240215-en
Behavioral task
behavioral22
Sample
__TEMP/Microsoft.SharePoint.NativeMessagingClient.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
__TEMP/msvcp140.dll
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
__TEMP/msvcp140.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
__TEMP/update.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
__TEMP/update.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
__TEMP/vcruntime140.dll
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
__TEMP/vcruntime140.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
__TEMP/vcruntime140_1.dll
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
__TEMP/vcruntime140_1.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
__TEMP/wtsapi32.dll
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
__TEMP/wtsapi32.dll
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
LoggingPlatform.dll
-
Size
450KB
-
MD5
b54858b7357303dbd5582ea44abeeab8
-
SHA1
f3ba1d65f855d61dce13efbc42ce60ca8548a49c
-
SHA256
cc912e37802cd5c128c19949d4529e7d48266d67dd7b6dfedfd9c493d94cbe64
-
SHA512
b364ee1019e215c10030834cca4ca6436568e6ef25d2bee877b908bbf68f7c004559ff5317275b17c2f221c0daedbf50e11ec1bfe29c96cb61389cba75bb2295
-
SSDEEP
6144:q0l6+z17nzENTZ/1qZ9RQK7L342eaSmJDmPSvnjxQKhqOHTqnxm1Y3ki09t+mbTN:ayqJoZ9382tDm6vG1xDaLpJ//rpd
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
Setup.exe
-
Size
582KB
-
MD5
ce1054d542dbd999401236f2ce20f826
-
SHA1
df07ed235ee93f44f4f0e4dd73f0e8af068a7791
-
SHA256
81716b54cb34ef6d6938c042e30c847742dcffeb8ed4e67268387fed040b9315
-
SHA512
efe21b9393084e098b9e3baafcd7467e25d764b70a8f34d071de9c4f3e8f1ead3974c9fe3d98152eb16dbd17e7f6bed985939d6b305441cec4ac548284c9716b
-
SSDEEP
12288:x1ziebuYdvx24mGeamdda+W2JyaslYC1JL9PcSCfB:x1mohzmHamuCJyasaCVP6fB
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
UpdateRingSettings.dll
-
Size
377KB
-
MD5
9f950504d5ea22c6f1ee20f7c2ed3b7b
-
SHA1
5090de783322847e6395567e7449fc4200b054a5
-
SHA256
37253093d3c8ed1d56b3a50f31f8944888ff38b714097637c5372a0ad19c337b
-
SHA512
ae80c7778304140d4476d42f6ef4439c61c2ec4ff42958007b93418a53908fb516544c57e1db99b7a6d79ae501f49c46f6636d8f967b033e744feb33879e0734
-
SSDEEP
6144:NUlY4DS+edXqQE0jrJdi2Jnrly7IhPdZGVTQHtjM+jlxmFdNwtRx5Kg3jcCE++Jv:NU64s6QPrzi85tdX+ExMwtjcwOcS
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
de-DE.bin
-
Size
267KB
-
MD5
75d2c686d410ec1f880a6fd7a9800055
-
SHA1
c5fa1dc0a76bed67f1a1a9bc943b39ef6e4ed104
-
SHA256
8e2429d70989bbdd2ea8842dce7c3d790ebe148490ee519b47767557f4a4a733
-
SHA512
a05115d2eaed22ac685b0e45751650bd58f6d4f46c6fb2ba8fb564b1a959ea27ac209e1d1c53e4c966ee8d0e502af7ab9e3ccb311b66d704160141b12edac2c5
-
SSDEEP
6144:nXqP6z+NDh73TqeTM30P6gVN3WAO6XlL1v:nXqPXRh73TqKmSR1v
Score1/10 -
-
-
Target
msvcp140.dll
-
Size
438KB
-
MD5
a1b3963e1766c5266d94b171a4595cee
-
SHA1
9283a813774f2e310997ba08bca9ec96282a85d1
-
SHA256
0f5aeae55bf6d7b37e5582ec60bbdb93bf24adf648f9fa342cdba1b0a754e403
-
SHA512
ef0a3cb33902eb0dd3d80b688f5e23b4192ebafb131b30c56f27221412daf72b40c3e17670ec1ca8209775369f93bf66a3a75ae5acff45e629e732464d3972b8
-
SSDEEP
12288:vEPa9C9VbL+3Omy5CvyOvzeOKaqhUgiW6QR7t5s03Ooc8dHkC2esGgWxX:vEPa90Vbky5CvyUeOKg03Ooc8dHkC2ez
Score3/10 -
-
-
Target
vcruntime140.dll
-
Size
77KB
-
MD5
f686e2331a83d20798cfc2734729e531
-
SHA1
c7e6398f5a735039baabf22712c5a8aee5a945e1
-
SHA256
535f74f446a1b7b53da24a742d02369cbcc609003a6b4a8175491aa71c5481b4
-
SHA512
30ea339ec845dbc9aa7b323ed25e516cb04f3e17789cd28f54646c82395f0b42eb4a5d4d4aa06c4d39b9602c37590b31ca5c0bfa22a514a73ec45e39c0d8e31a
-
SSDEEP
1536:l9W/j2886xv555et/MCsjw0BuRK3jteopUecbAdz86k+P8iB:l9W/j28V55At/zqw+IqLUecbAdz8gP8e
Score3/10 -
-
-
Target
wtsapi32.dll
-
Size
121KB
-
MD5
b1d8282fddc1c1111860c4493c3347df
-
SHA1
1d946246771e30cf1edd4b0a9e23492c8bf3984c
-
SHA256
a7228c24d23b34a8c49bbf305980890b6648f5905a5b63679234e6146d7ebe02
-
SHA512
30240088a4000bc48a5e00b916d547145c86bb47351f7d04687f8f2f53390b824bcfb86a2478aecba2e086a61861b681d523dd932cbe4318836175d98937b63a
-
SSDEEP
3072:7LwqdOuKvQLH2UEXh8AdBDSKRkqKzrVXn:7LwqaKEaAGzrVXn
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
out.iso
-
Size
2.4MB
-
MD5
adef679c6aa6860aa89b775dceb6958b
-
SHA1
deb66759d359b165a37c926d916cc0d4198986a5
-
SHA256
457be9e546e54f54b26921dd57d426d2dc413ca1c7939ce00a5dc8efea257ef3
-
SHA512
5ea06ffa1ea5006389cc376963dad6d83c8c62dcb57cf2657502e153937b93541c4ef0628240a544ab85b78f85bc60efd8655c082b8bdbdc6aaeae89008d21e4
-
SSDEEP
24576:Bt9NKvC4hvHNyqE24YpZIbDuN59IW6z9OQEKZm+jWodEEYKX+97suiBBGXzMyViC:DKvzhvH8qE24KR/IW6z9OaX+DiBQj/p
Score1/10 -
-
-
Target
Screenshots.lnk
-
Size
2KB
-
MD5
98ad35d66db0a9f14cc373a13ecba8e1
-
SHA1
b365699da4a42660e980417617dd76726aabe5c6
-
SHA256
25cbfe5762a383d9f616feddcf4122f6b1676a201c2a97074d6e4b6c336629c5
-
SHA512
a63609e51c937e4c8832a061999da2a6171f4a01dbdc4ea8ba8378aed89e1435fb801c8cb17ceeb924c2694937e7dbc48131ecd2143b13cb4e78b1b1221d6fca
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
__TEMP/LoggingPlatform.dll
-
Size
603KB
-
MD5
6c080b38918928b7154f5df346cbf12e
-
SHA1
fb5d9e15d23d80d014da6a29b2460da29fdfd1bb
-
SHA256
56ac00856b19b41bc388ecf749eb4651369e7ced0529e9bf422284070de457b6
-
SHA512
766d556ef60dd1c299d021b1579bf76614f95f469799040a541a938fc5d1e144fc7dfba59fe2526650df47593808fcbffed03e53e3bdcbca8ef1a3fd0e2134a5
-
SSDEEP
12288:3t9TUeKvC4hvuweW5ZOtd1qEj4D4t2pZIbmyh:3t9NKvC4hvHNyqE24YpZIbDh
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
__TEMP/Microsoft.SharePoint.NativeMessagingClient.exe
-
Size
32KB
-
MD5
77c7af9eb3159f9d5ae6e62289451683
-
SHA1
679b02270b6afc50251444e2ee7455d4472bb3b8
-
SHA256
e984d9085ae1b1b0849199d883d05efbccc92242b1546aeca8afd4b1868c54f5
-
SHA512
ead2e8d1a0107bd797862775c0017bf6171612750df6b8b42afbe841ec68d23d362c2cd2721aba92c19c35334c4f0ce126e849cb9923f99d778972ef1ffb3191
-
SSDEEP
384:bnVVzYPO52p9X4kIEp1EKlLme0kVk0HH9X43W7u4whBWuOE8d0z5qslGsfTlj:DVVzYWqlpHlSvn0HHN4dEVsj
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
__TEMP/msvcp140.dll
-
Size
551KB
-
MD5
e0d7fbc2cbe2ed088725d4436d69e689
-
SHA1
72c4c13e710311cbd2824eab6543f0e088a84f5f
-
SHA256
dad53a78662707d182cdb230e999ef6effc0b259def31c196c51cc3e8c42a9b8
-
SHA512
dfa761e57950d0033e9404ce7d0cf002345e596a9257e319226a5296c0d39b2203167b9ca4f4ed4860c8c47f591be34e1ccbc2e9e7db2ea4577e031120ef7dec
-
SSDEEP
12288:Q/Wn7JnU0QUgqtLe1fqSKnqEXG6IOaaal7wC/QaDWxncycIW6z9y5QEKZm+jWod4:GN59IW6z9OQEKZm+jWodEEYn
Score1/10 -
-
-
Target
__TEMP/update.bin
-
Size
400KB
-
MD5
01cbaddd7a269521bf7b80f4a9a1982f
-
SHA1
cb5f9111abc6c74f507fd6a6c3c6608279105177
-
SHA256
ae99ef9475cf553e3396419f08faec8b7965cb1fdd2f08d42dd190e376c445e0
-
SHA512
bd896a2e7848b65c1e90772b1f2729df7a7290969831e09e11c99071feb009dbd35de26dccde4ce025249be1f15c1171e82f34b96c58d620ec94ece2e702aa30
-
SSDEEP
6144:HK7/NWA+n975aKg3HwL3UDB7ZXxvDIw6u/S+273GpohFr2dkiA:q7VWA+975aKc2iBBxsXzMofVi
Score8/10-
Blocklisted process makes network request
-
-
-
Target
__TEMP/vcruntime140.dll
-
Size
94KB
-
MD5
ec4109f025f2d664fec3b106ed9afae2
-
SHA1
0da547e4ba570a5adfae647ed1b5bee65751eac0
-
SHA256
22017c9b022e6f2560fee7d544a83ea9e3d85abee367f2f20b3b0448691fe2d4
-
SHA512
923b7607c33f1b88728aa5689b57b7a85fb85896794a10820aec42a4a39f9c685cbab814e256e2aae89890e0a590da301ea9deed68cfe7644b3cfeffda9bd2fa
-
SSDEEP
1536:yLHLG4SsAzAvadZw+1Hcx8uIYNUzU6Ha4aecbK/zJZtaX:yLrfZ+jPYNz6Ha4aecbK/FZm
Score1/10 -
-
-
Target
__TEMP/vcruntime140_1.dll
-
Size
35KB
-
MD5
77f839bfbb6aff750d962bfc35de15ee
-
SHA1
f826650c8da7453249013c9fa6ad5db103769021
-
SHA256
1f26e0435628959ba26d194a4f9c96d20929d3dba48277751796f863cd3d9b99
-
SHA512
6aa2bf4a3f345b8c762a88250c1c39535312cdb20d398c9dae22e447dca6c862e1b50045092bc3f901b0f5e068a6eba6f35befdd385d153c459f3e058c288673
-
SSDEEP
384:5znvMCmWEyhUcSLt5a9k6KrOE5fY/ntz5txWE6Wc+XfbRuncS74G5WreKW/8d0if:+Cm5yhUcwrHY/ntTxT6ovq7n8tdv
Score1/10 -
-
-
Target
__TEMP/wtsapi32.dll
-
Size
114KB
-
MD5
86b0aaf254435d2373190c5722b434c0
-
SHA1
8e418cd6c8c3797cbd0368e5b68c215a452fcefb
-
SHA256
27fc518c588175bc19e4379b90eda0e071b847254ea0701f02f1ccd945ca280f
-
SHA512
0381fa560389f2add8c426e61e80e297e3cfa224733257dbe3c605a78e79725b48c6ddf639294064b550145d8aad0cb0c8c13d0b909a57ad85c9a8e2cc446ec6
-
SSDEEP
1536:QOVM6xTEQhLHyIgSBTjSEpECC0j3Vm2XJD3sWvd09dlnSyGsqENz:DVMAEQFPdTjhpPDj3VBRbM1ysqENz
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-