Overview

overview

7

Static

static

3

XMT2_Win_S...28.exe

windows7-x64

7

XMT2_Win_S...28.exe

windows10-2004-x64

7

res/driver...09.dll

windows7-x64

1

res/driver...09.dll

windows10-2004-x64

1

res/driver...09.dll

windows7-x64

1

res/driver...09.dll

windows10-2004-x64

1

res/driver...r2.dll

windows7-x64

4

res/driver...r2.dll

windows10-2004-x64

3

res/driver...09.dll

windows7-x64

1

res/driver...09.dll

windows10-2004-x64

1

res/driver...09.dll

windows7-x64

1

res/driver...09.dll

windows10-2004-x64

1

res/driver...r2.dll

windows7-x64

4

res/driver...r2.dll

windows10-2004-x64

1

res/driver...09.dll

windows7-x64

1

res/driver...09.dll

windows10-2004-x64

1

res/driver...09.dll

windows7-x64

1

res/driver...09.dll

windows10-2004-x64

1

res/driver...r2.dll

windows7-x64

3

res/driver...r2.dll

windows10-2004-x64

3

res/driver...df.exe

windows7-x64

7

res/driver...df.exe

windows10-2004-x64

7

res/driver...11.exe

windows7-x64

7

res/driver...11.exe

windows10-2004-x64

7

res/driver...07.dll

windows7-x64

4

res/driver...07.dll

windows10-2004-x64

4

res/driver...07.dll

windows7-x64

1

res/driver...07.dll

windows10-2004-x64

1

res/driver...er.dll

windows7-x64

4

res/driver...er.dll

windows10-2004-x64

4

res/driver...07.dll

windows7-x64

4

res/driver...07.dll

windows10-2004-x64

4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XMT2_Win_Setup_20.7.28.exe

  • Size

    91.3MB

  • Sample

    240308-qt7mwshb2x

  • MD5

    9a65af3199c6a9fc3820e7ec7c738e53

  • SHA1

    89368559de13cef61ebaea881b7385eaf9107932

  • SHA256

    fc16a73ee55b2a601b923eabf03c28180a7345f2d4e1da7dcdc9716a03ed5aa6

  • SHA512

    196015c9852f9e65da18bb6119971e637b8e1490661102f6616e6352f63409c9ef36f3035d8128813ba5eace88cf8c6d2f2f1c33a9c5a6e6022d7b6fcb6a3b40

  • SSDEEP

    1572864:xdEEo7QJ1cOW0IBV5CUX5Njm2gjvY2hhI+/1qE/wedzDZ6:xeH7QJ1wjI65BRqYQ+u7/wedzDZ6

Score
7/10

Malware Config

Targets

    • Target

      XMT2_Win_Setup_20.7.28.exe

    • Size

      91.3MB

    • MD5

      9a65af3199c6a9fc3820e7ec7c738e53

    • SHA1

      89368559de13cef61ebaea881b7385eaf9107932

    • SHA256

      fc16a73ee55b2a601b923eabf03c28180a7345f2d4e1da7dcdc9716a03ed5aa6

    • SHA512

      196015c9852f9e65da18bb6119971e637b8e1490661102f6616e6352f63409c9ef36f3035d8128813ba5eace88cf8c6d2f2f1c33a9c5a6e6022d7b6fcb6a3b40

    • SSDEEP

      1572864:xdEEo7QJ1cOW0IBV5CUX5Njm2gjvY2hhI+/1qE/wedzDZ6:xeH7QJ1wjI65BRqYQ+u7/wedzDZ6

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      res/driver/google/win10/i386/WUDFUpdate_01009.dll

    • Size

      1.8MB

    • MD5

      bdefa06b2ca73b4506e9b8814c64d054

    • SHA1

      6d6639b23e42558c551e23bbadd2805b5d11cc5c

    • SHA256

      b6fdcb4dfbea5fb0271e6d9bf85b5f5d3ea0a0a33df8c016681b17ca18ec2c1e

    • SHA512

      51628f179d76802e6f926dfc5023a48facb3dca9a63994c289bb69da21516c5464c13ebe3e3c79607f7a0f346fdebef39338a67a02f883d71e5411c04648823d

    • SSDEEP

      49152:8HAPbyCYhUJodNcmvwwoaehBUfrQHtmr8UQmB:EWyCYhUJ0cYoa0+TQHYr6mB

    Score
    1/10
    behavioral3behavioral4

    • Target

      res/driver/google/win10/i386/WdfCoInstaller01009.dll

    • Size

      1.4MB

    • MD5

      941118a852afc3c8f9544caa9d7798af

    • SHA1

      01005ac13cc159bb4f45dc8d78f19c7a455b639d

    • SHA256

      b15f62ffb36c5f8d86ddcc92e24ca7b3d3ca05f38815a371fedbeacc32358c47

    • SHA512

      f8d34d9bd727216ea577bc971999545f9051bb6b94ad690ce1bccf8b6acfc55c5f185d527db436aab5e1811d47450becec192fcfa8dcdeb97d099b9b8ebb4f10

    • SSDEEP

      24576:ejG90oN2lj11mk/22yYzGrarZRm4X5Uh6rVh5LdfBwOyCSQM1fFhSWRA7zq:aGtN2h1120R7m4XShYVxfBwrC21fXS4

    Score
    1/10
    behavioral5behavioral6

    • Target

      res/driver/google/win10/i386/winusbcoinstaller2.dll

    • Size

      849KB

    • MD5

      3952093fdada8dffc636ef08230f887d

    • SHA1

      d017b9560fd27728bf928bd5fa2b71ac0c01acba

    • SHA256

      9e587f7878b56a0e1038de64e314700bbc4c5489f4deae7be9b13003139de828

    • SHA512

      463dfa63fc73f8fa0f8e585eb8b3def2a5f459b60be53a93c7d99b4e25082c7da4f3c46a4d448045d5311673475b27d167a452df736d0a7b1ab053f43ed17a80

    • SSDEEP

      12288:wZq3DFVAZjj5h7OqGDqY66s32+0SLqfhA50yWI7yBoM1oGloLwtxJYnPXrmQlVM:wZwoP7MYG+pX501zBoC+wtxuPXrmQlVM

    Score
    4/10
    behavioral7behavioral8

    • Target

      res/driver/google/win8/amd64/WUDFUpdate_01009.dll

    • Size

      2.1MB

    • MD5

      ebf9ee8a7671f3b260ed9b08fcee0cc5

    • SHA1

      d9688d1849a86dd209732529375c6ada272ff8fd

    • SHA256

      015f26bbcd619a0b67b5eaa985b69582bac27d5cbca99ce747a76532fcde4aff

    • SHA512

      ea869026b73b4c3d0249beb1fe81efc8b2686d66c5ddf916d314c21989e68a12191efc2a32ef13caf2676327159e95fc4e69100fc09df5a7bbf5c019ea383dd8

    • SSDEEP

      49152:nFSDIHkg+yf6+ZsYx6h8hL8RWVtma96U1wrfjKClR4:FvHkWpsYxQgttBJ1wLXli

    Score
    1/10
    behavioral10behavioral9

    • Target

      res/driver/google/win8/amd64/WdfCoInstaller01009.dll

    • Size

      1.6MB

    • MD5

      4da5da193e0e4f86f6f8fd43ef25329a

    • SHA1

      68a44d37ff535a2c454f2440e1429833a1c6d810

    • SHA256

      18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

    • SHA512

      b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

    • SSDEEP

      24576:oU4MsColC6Je/ZgY7OOfcEpiRLH87SyVXGe38uKUj+NFVov1PJLfVKZ8F5mEeZWF:BFCsfZRZA6Xn388avVovfLd+Mo4iEF

    Score
    1/10
    behavioral11behavioral12

    • Target

      res/driver/google/win8/amd64/winusbcoinstaller2.dll

    • Size

      979KB

    • MD5

      246900ce6474718730ecd4f873234cf5

    • SHA1

      0c84b56c82e4624824154d27926ded1c45f4b331

    • SHA256

      981a17effddbc20377512ddaec9f22c2b7067e17a3e2a8ccf82bb7bb7b2420b6

    • SHA512

      6a9e305bfbfb57d8f8fd16edabef9291a8a97e4b9c2ae90622f6c056e518a0a731fbb3e33a2591d87c8e4293d0f983ec515e6a241792962257b82401a8811d5c

    • SSDEEP

      24576:aAEBXzGJ7fW6hHv62VYeL7WCE3wixdLZWQzMjp:uBXQz/hPzxRwPdcO

    Score
    4/10
    behavioral13behavioral14

    • Target

      res/driver/google/win8/i386/WUDFUpdate_01009.dll

    • Size

      1.8MB

    • MD5

      e1bbe9e3568cf54598e9a8d23697b67e

    • SHA1

      92e15dcab8dda0d4bf9cc9ae98e273567d3ecd57

    • SHA256

      a902bb3bff785faaeb6432be76f798627a80b2cc45441e16440e46e6d7340f2c

    • SHA512

      01a04dda0ee36196054d2cc45c9aea7c9467d9f46ee9cf354d8f93260519bd1968b340dc2be3e4ce966bbb6e332f5aa72f29edc1bfb8e8d19decba7c2df3106e

    • SSDEEP

      49152:qHAPbyCYhUJodNcmvwwoaehBUfrQHtmr8UQm3:OWyCYhUJ0cYoa0+TQHYr6m3

    Score
    1/10
    behavioral15behavioral16

    • Target

      res/driver/google/win8/i386/WdfCoInstaller01009.dll

    • Size

      1.4MB

    • MD5

      a9970042be512c7981b36e689c5f3f9f

    • SHA1

      b0ba0de22ade0ee5324eaa82e179f41d2c67b63e

    • SHA256

      7a6bf1f950684381205c717a51af2d9c81b203cb1f3db0006a4602e2df675c77

    • SHA512

      8377049f0aaef7ffcb86d40e22ce8aa16e24cad78da1fb9b24edfbc7561e3d4fd220d19414fa06964692c54e5cbc47ec87b1f3e2e63440c6986cb985a65ce27d

    • SSDEEP

      24576:GjG90oN2lj11mk/22yYzGrarZRm4X5Uh6rVh5LdfBwOyCSQM1fFhSWRA2+:iGtN2h1120R7m4XShYVxfBwrC21fXSz

    Score
    1/10
    behavioral17behavioral18

    • Target

      res/driver/google/win8/i386/winusbcoinstaller2.dll

    • Size

      831KB

    • MD5

      8e7b9f81e8823fee2d82f7de3a44300b

    • SHA1

      1633b3715014c90d1c552cd757ef5de33c161dee

    • SHA256

      ebe3b7708dd974ee87efed3113028d266af87ca8dbae77c47c6f7612824d3d6c

    • SHA512

      9ae37b2747589a0eb312473d895ef87404f4a395a27e15855826a75b4711ea934ca9a2b289df0abe0a8825dec2d5654a0b1603cf0b039fe25662359b730ce1a9

    • SSDEEP

      12288:cZq3DFVAZjj5h7OqGDqY66s32+0SLqfhA50yWI7yBoM1oGloLwtxJYnPXrmQlT:cZwoP7MYG+pX501zBoC+wtxuPXrmQlT

    Score
    3/10
    behavioral19behavioral20

    • Target

      res/driver/microsoft/umdf.exe

    • Size

      745KB

    • MD5

      9be4cbcfb03ac2695facd92654758e02

    • SHA1

      019087567ca72942877198f8da61ff48848d4545

    • SHA256

      f38ffdb1aa908e382d943b8bece1e2fbc2ca5f5a81f2a7d997f0aa95e487b300

    • SHA512

      dfb74d483d770c049788712591d44543835a6c9ad043e81e1cd76fb8cf1d118a32fa8e58aaa06885ac59aafc31bb7357e5b6b488f499f5ed052aa0082b3c0434

    • SSDEEP

      12288:8TsZ9XUdSQv06wUO8/txLx3i4tFG1UoFL9ZwfxKeYm18ed3PFeuAz4yE:8QZudRM1UO8/PL5iHjFDCZ39euz1

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral21behavioral22

    • Target

      res/driver/microsoft/wmfdist11.exe

    • Size

      9.4MB

    • MD5

      a28d243e3de27c0e5516ccf3958c1442

    • SHA1

      6a33348a8b91ad74c4156fc302944e7234408895

    • SHA256

      27d325fce7d68f3af952e16fe67a09fe3f063925318bdc284d3258bd426d37f3

    • SHA512

      07b6b899987d01727c088ee9c5de3a6a9e5990a2dc8803ca53ff7afdf1b7ea6ba9f16cbdc50dc70af641e703679b96979549d43f178d21bd6d3194dc63e99214

    • SSDEEP

      196608:Dtjtc8mAishNIHbePfM+9n+3HGFNetfykuwt0LlJ5Rb94/fHkGqE/:Dtjtc8mAiYPfMa+qAtfBuw+56kGH

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral23behavioral24

    • Target

      res/driver/nvidia/amd64/WUDFUpdate_01007.dll

    • Size

      1.5MB

    • MD5

      6132f1e4315b435ece3c79394123a155

    • SHA1

      acdfb6ff29c249936c0c698221b4cfa046eee1f7

    • SHA256

      1def09ddf41a8c834f3d459889d2e48690a33b40e3bd5d403c5eb94ec84a8cee

    • SHA512

      2cfadb1f08710a19087d4ef433c4754c0d9c25d94d62662b9fd4eaf2f672b76d285e52de7569aad9557e1e1a5018e4ec544437be6cf8bd787271c437b187dc7a

    • SSDEEP

      24576:CUHw0+DSANpEIoIfJ/zwYuiYilpg7Au6tejBygfce7eaeb57DsK:z+GAzEX2sYuiYQTuQejBL3T457p

    Score
    4/10
    behavioral25behavioral26

    • Target

      res/driver/nvidia/amd64/WdfCoInstaller01007.dll

    • Size

      1.4MB

    • MD5

      0e9ad2d3784a0996a5131512939c09c0

    • SHA1

      f9de6ec1455b88f4e85c34c168e13a737da7aecb

    • SHA256

      749cc009f1cae5c633083897e906b381aa685829fee2d7cd5e07bae543848ff7

    • SHA512

      e3b7e70289f24943bafc3eb503c73e6e10926b2231238feb813664d5f7d748815094294134bca9452c9c589695c0bd1f9a247b6cef4ff67bc1a8762482b28af0

    • SSDEEP

      24576:riSKT6VCRCracQNL2NwlBS34HtEnJJkIUTARiXCtW5XmSf/hBOpb+5LBIG:riSpqaOGwV4JJkIoA0XLm0POMD

    Score
    1/10
    behavioral27behavioral28

    • Target

      res/driver/nvidia/amd64/WinUSBCoInstaller.dll

    • Size

      691KB

    • MD5

      4d96beff088ba6ab48fd3775f87c3438

    • SHA1

      e70a93f2f4045e650643e9691e61f38c4ce910fa

    • SHA256

      e48a4651f9f691d1f0c115f50f8e2e2baf18107cc766a0cf0a1c17ef8f6e82db

    • SHA512

      7cbd4a89769e2608fc3a4d59e5afb0e55b636087736340eacefefb11513e0692ef6a2f49ca405f4a6bc5f67abf0f3a6a437662e6c76a64f79f749b4adad87cf9

    • SSDEEP

      12288:4UTTsjKKkybPzVKtskjbxeV50hCSXDWkEupXMMhogeb0ORUtp2Z5UpHK74r:xTQ2KkybLVanjFhCSX3EUX9hPy0IUtkK

    Score
    4/10
    behavioral29behavioral30

    • Target

      res/driver/nvidia/i386/WUDFUpdate_01007.dll

    • Size

      1.2MB

    • MD5

      0c51b0dfd0260c3d543e42ad4ecbe680

    • SHA1

      4c7380d7e618aa62dcc61871c151e8fb8c4af010

    • SHA256

      5c4b244c0ed7d11cb64de766d5aa02f7fede95ca00b680bd03c241b61b302fc8

    • SHA512

      f5b0a451739e8d25f5bd839f2d7066bcae15cf027b98b17bf7b7ee99ec62ae263b9b4eaabf54065fb60c9223241f78650acc526c944d9a872153d72c0151ed14

    • SSDEEP

      24576:nTh6UGedDNvnQOcbrrEdm1zutqI0/TGpJ76UfDGeZgKksizZYyrav6GT:nTh64vQrgA0r6U7GFVPZHray6

    Score
    4/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks