66e9f4d03e67dbcbd9d3a13bfc45b2c11e712b677e990e8ea1b405b60a3a40b2

Sharing

Copy URL

Twitter E-mail

General

Target

hetman_partition_recovery (1).exe
Size

14.4MB
Sample

240309-ljr28sfe3y
MD5

2e38acafdd1217158022eb20bfb375dc
SHA1

9409779c5c5b1c435621fe092f1cdedd6cf0444e
SHA256

66e9f4d03e67dbcbd9d3a13bfc45b2c11e712b677e990e8ea1b405b60a3a40b2
SHA512

e6f8b3021fee20d4dfdda272f63ec4a23d61809b4b83b7fcfb8bcd8e7d3e554f7f103e14f748d060c2839fe537c04cf8a0f6dfa8244fcb570d8e6ba7e465201e
SSDEEP

393216:BI4dmkHNSQu2lFIEoLKjEGUln1jQdDSrzYlBEHZ:BJHNS7rEoLCP6BCfY

Score

7^/10

Malware Config

Targets

- Target
  
  hetman_partition_recovery (1).exe
- Size
  
  14.4MB
- MD5
  
  2e38acafdd1217158022eb20bfb375dc
- SHA1
  
  9409779c5c5b1c435621fe092f1cdedd6cf0444e
- SHA256
  
  66e9f4d03e67dbcbd9d3a13bfc45b2c11e712b677e990e8ea1b405b60a3a40b2
- SHA512
  
  e6f8b3021fee20d4dfdda272f63ec4a23d61809b4b83b7fcfb8bcd8e7d3e554f7f103e14f748d060c2839fe537c04cf8a0f6dfa8244fcb570d8e6ba7e465201e
- SSDEEP
  
  393216:BI4dmkHNSQu2lFIEoLKjEGUln1jQdDSrzYlBEHZ:BJHNS7rEoLCP6BCfY
Score

7^/10

bootkit discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  89351a0a6a89519c86c5531e20dab9ea
- SHA1
  
  9e801aaaae9e70d8f7fc52f6f12cedc55e4c8a00
- SHA256
  
  f530069ef87a1c163c4fd63a3d5b053420ce3d7a98739c70211b4a99f90d6277
- SHA512
  
  13168fa828b581383e5f64d3b54be357e98d2eb9362b45685e7426ffc2f0696ab432cc8a3f374ce8abd03c096f1662d954877afa886fc4aa74709e6044b75c08
- SSDEEP
  
  384:/MnT0MKT/Xwr2izZQ86mpAT8F9lN8Ov0J:EQMKzwTFnVX8i0
Score

3^/10
behavioral2
- Target
  
  Hetman Partition Recovery.chm
- Size
  
  1.6MB
- MD5
  
  aab1287a7082d0b809ee2ba6cc55bf5d
- SHA1
  
  380c0962aae1eaf5597c7e9bc8e2fa0cf3e96d20
- SHA256
  
  77e9e9376ccc2effdae8ae977e92f44e62b69b11e117d7788984f943de1b1718
- SHA512
  
  e1d5a8817315f3b540d1da262a6c2c3a432f2b72f01f1e31a21844a5708682754ceeb5597e7bf721189b516bc6037df7b743d3bfa6ad4c9715e452414c56108e
- SSDEEP
  
  49152:CDjjpuJFL+gEf+e/9NSHkven9adkgJU5Y:CzpSTkvWF9Wq5Y
Score

1^/10
behavioral3
- Target
  
  Hetman Partition Recovery.exe
- Size
  
  15.7MB
- MD5
  
  1c88d4194868605036a1c63ef87cdad3
- SHA1
  
  71a723093d81fcd23ded28e31ee47dad9e284441
- SHA256
  
  d86133a7e9808b59de7329d4c67f4038dadbad23720ec23356f0461b29eab974
- SHA512
  
  ec6c8a380d2f39a1f647801d5dc3bb892d5f0230e3455768cdc40c010da7db1eedc944f1564e35d6d5a922ad44d146d5738ae456bd01a23dc7369620ba9aae9e
- SSDEEP
  
  393216:W9IWamrUKKGjKP0QJKPnflVR3BZExnS3/3c:LWGdGWRKvfHR3BZExnUM
Score

6^/10

bootkit persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral4
- Target
  
  Resources/DSKImageMenu.dll
- Size
  
  440KB
- MD5
  
  6e7ca785db2b43c45558ac7666a3413e
- SHA1
  
  c488648729538d312eb0f6114876e90336d3867b
- SHA256
  
  3a7f8b923eaf6ab54299ffcb03b0d33b09e52a5f2297b029b0f931c9896a7ca6
- SHA512
  
  1633e10d886d23604d8152a3299e6ed41658f5fff30ea581e2aee22695f010cda2059836c34135d67404026a30526a83f065b45cadf089180e623de253fcc2d8
- SSDEEP
  
  6144:WkkZ95yn2Yi1SkEXje4zqYrt1G3uS0JyWn7J16zPM7G6EB6:WR5yn2X1SkEzzrt1G3x0Z7Jh7G646
Score

1^/10
behavioral5
- Target
  
  Resources/DiskMenu.dll
- Size
  
  438KB
- MD5
  
  bc8bd63d84cb79f3f5197f93ad66ebbd
- SHA1
  
  aeebf9e0195a431c313c73800db40ae923d7ddd4
- SHA256
  
  c732134c5d48d66c1dd2e5cf96e14f5effff4d75c2fc57d68822120d61fb663c
- SHA512
  
  7212e410d9b38df3aa0a65ac6f3cb049acae67f7321f180c00eb85e74e422528b752fbffc237be6cf8a0bc2116bb35fe40be49b0b8e67df0870da9e3c747d210
- SSDEEP
  
  6144:wkkZ95ynk6VMzgtB6/lMWEsaE0PrHlPZ1xoSkUQ6TU+6NvM:wR5ynkMMzMyWWEK0PrRG2UfE
Score

1^/10
behavioral6
- Target
  
  Resources/FileExt.dll
- Size
  
  395KB
- MD5
  
  3db5b47fb70b114d6e5248d34a096ab3
- SHA1
  
  93271b2b594f85c0e2c196a87c9d77131b1389ab
- SHA256
  
  5b96abac3cdf98a3b9c22faf5a8880517027a3be948eea518ed2cc23bea53df6
- SHA512
  
  b02a58e8e1c74e8c0e0f9113a8a7a35017acfc9b566c73a970d287529b9e64c41e2adccbc1adf550f7c5acd2bf822c96682e9402a996027101a75292be1a600d
- SSDEEP
  
  6144:iQndDaFksddTkiHoKmM7Jt9y+c8WgLkUtAqz1RQy7y4fArT:iQdlYpWgAcfvy4C
Score

1^/10
behavioral7
- Target
  
  Resources/LoadRAW.dll
- Size
  
  282KB
- MD5
  
  181b60fbe5056011193406ed2b6547c4
- SHA1
  
  2ffa3cf54287c5b5648470458b0fd0d10a16a46a
- SHA256
  
  4271e84125afd5c4d2e29a5b196526aa6937080efc6678127523f8b28eb3cf36
- SHA512
  
  18229713ade42aca9b600bd9ddd3bd13ae9b46d8d5c0ee9e02ae4a86037fbd0033182cb4a5f92c0fd48bc48f210edf69166c0f80b2550eb9c6d796f7accf6d8d
- SSDEEP
  
  6144:cyzfnLgzZra8HkJ3JVYSsjZSkHW7ZX1TtTP44bqHpR:vfMzZrW4SEH0XBtTP4gqH3
Score

3^/10
behavioral8
- Target
  
  Resources/MagicPDF.dll
- Size
  
  2.7MB
- MD5
  
  d6483fac44e989285975f2f93e384ee4
- SHA1
  
  3ab591cc4b40c21926ce2e8d925082428cbdea3b
- SHA256
  
  c13ecf30f5f377813465ffd1585802f7126a21b7246a2f84629a4b0d0d9f210a
- SHA512
  
  861b95c9c21ac73848033111eeaee7079702fe00ddbb6c885fdd0b3403df88c5f063a2bdff482409c2bd5c308a88c098e357fa4001e9bbdc7621b3ca66efbab5
- SSDEEP
  
  49152:K9xuToSZMx5ypSBr4ZEkqIb3XM5dM4yThGTe7he:KgSBr4ZEkqIbHM5d50E
Score

3^/10
behavioral9
- Target
  
  Resources/StarBurn.dll
- Size
  
  754KB
- MD5
  
  ce92db83bd93f52dfd41aed7db8c7ee3
- SHA1
  
  ee975849efc8caff9996d31466c1860d0128e3d2
- SHA256
  
  4e47378461d096d99c2fa59c93a95822341990655141f67b2e298dc0028a81e3
- SHA512
  
  4a55255bf65f143e19da42b43b801690f512789b189a57392764e5f83a965f89ed7b77072b8f4ebff2152f52baa6b7c080240665efccfbfb26bf9633f9263c0f
- SSDEEP
  
  6144:lPBb32c+U/y/giMzI+IOyLwjiwj2ybu++f+++FAOIlt0vQgKjqu5wbHmWE9qUgJZ:W/gzbnJbutf+/yOIj0v4v5Ijm7kFR
Score

3^/10
behavioral10
- Target
  
  Resources/magic_cmp.dll
- Size
  
  806KB
- MD5
  
  deb5ced372164855fc94b74d0ca30988
- SHA1
  
  ecdefb239481acc977079d87a4763b14d3997aa4
- SHA256
  
  bc55dd40ce4a28c38312e7edcf9439581a93bc6b9450151d1b367ef803ae5c08
- SHA512
  
  6dc31231f0fa3e295622594a90a48bd26db6b240ae2a31663dc43e1efb76145c676bab9ee660ae0f2bd5a5cad00e96ffda82aecebdfc3c30bfaeed9fe01a308f
- SSDEEP
  
  24576:aW+wsDaQw6DDz3qRyPnmGfrnvVUKueY8Rm7eWtJN:aasY6DwOBfrnvV7oeWtT
Score

1^/10
behavioral11
- Target
  
  Resources/magic_jbig.exe
- Size
  
  111KB
- MD5
  
  d25299383f7a403e4d5facbf2c24980f
- SHA1
  
  3aee28dfedf783e21ced37995d5f3e8fde5179c8
- SHA256
  
  fd5cf22b3c7d1229d77b59abedfd9d08cfd8f3c0cc9b5a1c4da474d974518a74
- SHA512
  
  baf9c08b86cecc9f3772cf1ff8f479689913b1d675719dafd7f270f9d5ec88723751907b4a114768b719b39a0f1786f60716ef37997513bb1e349dff683a5d87
- SSDEEP
  
  1536:vjRqb7CCq7wq1EnbaPOodfUYA40/OINeDRPtsGqh1TsENKRxoUPLMC+ZQhIDCriZ:r6oVvH6eVPpqhdGoUPLMaEP
Score

1^/10
behavioral12
- Target
  
  Resources/msvcr100d.dll
- Size
  
  1.4MB
- MD5
  
  2f32b95aeeb4b080230a85b89df84576
- SHA1
  
  90649e1daec5eec6f58a4473d6cd573720247b0e
- SHA256
  
  ef4c12e4582aa3dc5c5674ac0aa2dcb4829a404edb5d1ca31f258ad7791fc260
- SHA512
  
  d43aca77b93999856678efd1bcf016ad8eb47482273740d7b077fea3f48dff8523b2524a8db8a92bc4c2519c446362ffe32783b18850f9984a6900e3269acab5
- SSDEEP
  
  24576:Cm/wTbJniLOB8QyruNelIQrTLGA1IZxvW6q9yNxsjcLO++yR6lPUoLpmLy4fx:C18QyruNwrXGAujvn84qcOv4
Score

3^/10
behavioral13
- Target
  
  Resources/wp_type1ttf.dll
- Size
  
  735KB
- MD5
  
  ab15f2fa750b56a6acb12081975325ac
- SHA1
  
  0781fdc03e1d0831b0f8d6a6365a0a6d8c26ca5d
- SHA256
  
  ac93fb3b7c4fd2a8f0cc8a1760e55cc50019e6dbf04c7d78caa2e017ba62f555
- SHA512
  
  d2c3a8616f4ebff17e6449170186a2e04ac50677ad7b27ab3f2bd2a67ec91dda94ffeadcd86b8553d747dee4854928ad854e9ed6043b123a541ddbbe62870b30
- SSDEEP
  
  12288:avQoE1FDvl2eyb2lSwrnbqp6ChvaCd8I1Scf1VX5/yvNMTqCfuM12LgAN4/fdXBn:+YvJlSwfW9aWAcft/MNMTf2Mwcj/1h
Score

1^/10
behavioral14
- Target
  
  media_dll/SDL-2.dll
- Size
  
  303KB
- MD5
  
  a9c909c101071276d901c20f315ae4bd
- SHA1
  
  477279e395a61587508d1937dbd20c6d82694a7e
- SHA256
  
  d723ec3c7f7d6bc7dc9ec3bb5713e1d915eeea4615da659e37f7fb1c25f125b8
- SHA512
  
  6ed0236ef9fede5934c6da1259e0518c2f024780cfa3d318af4e8827456ba7daf5e2a173f78c03223c81462e5236ae9d46a6d635fcd2bb257f16a969fa909707
- SSDEEP
  
  6144:LwGtZXn6NpaY+JOtOUm9ARogXSy5ZBYQcj8eKmzAlSQc:jzXn6paY+JOtOzGNiy5854Lc
Score

1^/10
behavioral15
- Target
  
  media_dll/SDL.dll
- Size
  
  303KB
- MD5
  
  a0ca62c323eefea70e2ebe7abb61a233
- SHA1
  
  db17f036c6ff8ff2fb7b73a9f5c15cfce4aaf0b3
- SHA256
  
  392d3ad31c71e91e86e31747d695737e21f81d5e26c2e6d6782ac21f906c70c1
- SHA512
  
  e9d217b7248161c935833aae7c5fbd12256fe0835e891b829d11b111f5f72b4b81783a467e01cfcf2ca8ccf191cb4d41ce8233e96b785cbfb71896b6c5f70641
- SSDEEP
  
  6144:zwGtZXn6NpaY+JOtOUm9ARogXSy5ZBYQcj8eKmzAlSQq:rzXn6paY+JOtOzGNiy5854Lq
Score

1^/10
behavioral16
- Target
  
  media_dll/avcodec-54.dll
- Size
  
  12.2MB
- MD5
  
  e963ace19f4e9e868fe66d0e96acdc22
- SHA1
  
  60fd015a55bba81f2896b743653a066bee38141d
- SHA256
  
  d90642b385253746463ae057efaa15cde2b48c417d41b328b818967e0c136aaf
- SHA512
  
  a6feae0f48daccbdbfdcefe2b3608dbf5e981c90e149a1721225721de97efd73fe53e70f7e7200e1d817cd892f088f5a1a733e576355db2975aced1d34ea4c22
- SSDEEP
  
  196608:z2xjq006ToWrVMSE2Yv+nkCtagj+GslOTOFfyshz1x8HsX3YX45G49/PQCpPe/j4:RqCvHCcQCpWSB
Score

3^/10
behavioral17
- Target
  
  media_dll/avdevice-54.dll
- Size
  
  118KB
- MD5
  
  cc7e391e60fce815f5bc2723d9c54d70
- SHA1
  
  ad1850e57fd3e8f751bf800faddd5bd98b465115
- SHA256
  
  ee64ca09649863e70f6d7dac266e866e01060278fc8914339b154d1d15bc81d0
- SHA512
  
  abfbc591e4f2c902ab00d89f6d8cf1ef5d905679154141e363d0a3787aca859783e0ec72450a3f901653bb14650e7160b74801d243af977a9d666c9d2509b038
- SSDEEP
  
  1536:N5aTJlMvf9TawKEfY0fF2j+3yixDYiTRr2TUMDWedkD5eEbBTjcq7B8OcsL60trh:fEJlMv1TN/g6q+3y+DqHqdTj/7JtC6
Score

1^/10
behavioral18
- Target
  
  media_dll/avfilter-3.dll
- Size
  
  640KB
- MD5
  
  d24222e609059f4e9b8205c03c346868
- SHA1
  
  2ebf792e612e6e01211fd4df2fc0abfbc015b610
- SHA256
  
  553861e15190ace332e5312ae5f2a6d92b0548f106c159f22947b16e0199b3eb
- SHA512
  
  935f2c5c4407e4915417704199ec9d0ea47a4557ccdcd60f4c76fb4a963caecd7ed058f425afbc5f1c755105935911b15b11fd70b434a10ae9089807efb8d081
- SSDEEP
  
  12288:U0DQE5WhnV2DXojE7+cvG6B4Q2OMfSTGavlvcd2LsLEn:U0DQE5WJjE7+UG6iQyMGavlhLsgn
Score

1^/10
behavioral19
- Target
  
  media_dll/avformat-54.dll
- Size
  
  2.9MB
- MD5
  
  e126e1992b3ddd762e94072c44cbeb19
- SHA1
  
  685de62959c08f5f6883dfef09356eebec7a641f
- SHA256
  
  ad255c3a737af798227530b19831790f7e0f1d31c027aa41c2ccb2bcdeb2c41e
- SHA512
  
  a11c4fba9ffc3b1776069949b45ccc3748a8472e3ade76ce3fdc950a6d86915609431c989ba18676a0f8fb6f1fd591b9fc1a154e85a561c66179d5a3f744c51b
- SSDEEP
  
  49152:UMfTQja0z9T1wL10bmEpfmcqyfOb0ofMHU8AZFAPnro2FOa9aJyey9DWu8p9rgnA:UMrQja0z9T1jpupyfOTfMHU8AZF6nrot
Score

3^/10
behavioral20
- Target
  
  media_dll/avutil-52.dll
- Size
  
  223KB
- MD5
  
  35eb18a689bc3fa1ce372059a0031009
- SHA1
  
  9629e03d00d4adbd232af30abb9d4134870ed478
- SHA256
  
  14bcc908cd8bf179d4bff617ccfadab62fa4e6430981c054455c451324b0b429
- SHA512
  
  13e8985a24990ef24619dadb01f35fdaa7fd22c15c1a8bfaa385b04a78e88ab881c6e913c703167f288f925aa963dbfb82f0828d4bea64cf59a2f60f5e01bc82
- SSDEEP
  
  6144:hp3rxgQpPCLIIO45VgUAPdPVuHB5Il0k1DPg:ULTtV1W0k1DPg
Score

1^/10
behavioral21
- Target
  
  media_dll/swresample-0.dll
- Size
  
  116KB
- MD5
  
  e515dd5c5bba7522e248201c90619abb
- SHA1
  
  37641d1db8a0bb4463a5a144557062fbec7271b7
- SHA256
  
  2e9f4ed96d61072994dde8ccd14fe71217d161ad83a097d724d8d7410d4d8da2
- SHA512
  
  0878cfadf92c73951cf1f3e38684bdeb49abf58c4ec62252570290af7f2e20425b63c8c7c0832d7c30798a035234154110f9da2882c8b5557530e2814c12d3a7
- SSDEEP
  
  3072:bV5RGv3C5dDlBg0QoHg2L+LWGioaDuxd7kyIR:xjGv3mouwWGioaDuH7k3
Score

3^/10
behavioral22
- Target
  
  media_dll/swscale-2.dll
- Size
  
  341KB
- MD5
  
  7fa03cb3afa27f54fa590565a3d44d89
- SHA1
  
  09c2e39cd03e5aba2ceb35dee8e6be3d9e2d7be1
- SHA256
  
  6df044cddd4ea93286c2cae52843df0d93f6019c589fc68b9fe358a1c0b37cd4
- SHA512
  
  bf207207af21d74eea6be2f9eeee29082418010aae8f4dab3f3f4ab252ee717b3f76dbecedbf9d0216b5d9073e30589fd5b2b4efb0471b4963f04d55f4c46b75
- SSDEEP
  
  6144:p6UJUxtKVPoPwT6tQfrRupxA8NFd8KrW4Qb4LwwaorjILW8hXwt3umDfkXvPvzuo:BVQOKrW4QbzorjILWESZHA+jE
Score

3^/10
behavioral23

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Enumerates connected drives

Writes to the Master Boot Record (MBR)

Enumerates connected drives

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23