Overview

overview

4

Static

static

3

Pida Softw...64.dll

windows10-1703-x64

1

Pida Softw...64.exe

windows10-1703-x64

1

Pida Softw...86.exe

windows10-1703-x64

1

Pida Softw...86.dll

windows10-1703-x64

1

Pida Softw...te.cmd

windows10-1703-x64

4

Pida Softw...te.cmd

windows10-1703-x64

4

Pida Softw...up.cmd

windows10-1703-x64

4

Pida Softw...bs.cmd

windows10-1703-x64

1

Pida Softw...ic.cmd

windows10-1703-x64

4

Pida Softw...e.html

windows10-1703-x64

4

Pida Softw...64.dll

windows10-1703-x64

1

Pida Softw...64.exe

windows10-1703-x64

1

Pida Softw...86.exe

windows10-1703-x64

1

Pida Softw...86.dll

windows10-1703-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    Pida Software Microsoft Original.rar

  • Size

    147KB

  • Sample

    240309-taepjscc4t

  • MD5

    fa863efde58c29d418a9fcaee4ec8474

  • SHA1

    60cccb1d06f7af9588d07fff1da6c2cbbf11609b

  • SHA256

    00a99203103cd7e8bbe31a00141b2d487d7834492f62a26f0242d0f153e167d5

  • SHA512

    edca16e8a499edbb34d6aaea8ae8342a8f45c02333bb15336df341d0609833216c0dae03c9e832be7f469cd59b8c9e4b0f864b986bf8c8960542505e708a249b

  • SSDEEP

    3072:OtNkToX7MPRzX18Ixe0twWQX7ScP7Dfym/eo6+pVKv6bJTFhvyyzN:OvQu7MPRRlsewWc7bff6o6CJbJTLvy2

Score
4/10

Malware Config

Targets

    • Target

      Pida Software Microsoft Original/ActivadorWindows/KMS_VL_ALL-44/$OEM$/$$/Setup/Scripts/bin/A64.dll

    • Size

      20KB

    • MD5

      698d2d01011110b0ba4aab62f92b9909

    • SHA1

      1139ae6243934ca621e6d4ed2e2f34cc130ef88a

    • SHA256

      3fb8dc2fa316ca1e7244eb34e95f591aa39a6e4b6eb0416692691aeb3d0c429b

    • SHA512

      5f65842cb7522f22e63f2aa0612509299a28335230e24fcb1a145f47f4a9e03b40919780b81904fc1a4b4364f2d1284f5f765a6072a12e18e244c750b56db5da

    • SSDEEP

      384:cWnqVKDqa6kEDO/dhek9ufgcZw6CfEYRWnn:9qaZRdhek+MfLR

    Score
    1/10
    behavioral1

    • Target

      Pida Software Microsoft Original/ActivadorWindows/KMS_VL_ALL-44/$OEM$/$$/Setup/Scripts/bin/cleanosppx64.exe

    • Size

      19KB

    • MD5

      162ab955cb2f002a73c1530aa796477f

    • SHA1

      d30a0e4e5911d3ca705617d17225372731c770e2

    • SHA256

      5ce462e5f34065fc878362ba58617fab28c22d631b9d836dddcf43fb1ad4de6e

    • SHA512

      e0288dcf78092449d9cbaef4488041131925387c1aedc9e9512da0f66efe2fb68350ca3937f6715834e62e7c931c5dad0fc8bc3c6c0c3daedeff356d6feaac2e

    • SSDEEP

      384:gQAInWKpEFFzpjq37oIOU6GHq33QPiu431VP:gxWTpOFagUb2qiu43P

    Score
    1/10
    behavioral2

    • Target

      Pida Software Microsoft Original/ActivadorWindows/KMS_VL_ALL-44/$OEM$/$$/Setup/Scripts/bin/cleanosppx86.exe

    • Size

      17KB

    • MD5

      5fd363d52d04ac200cd24f3bcc903200

    • SHA1

      39ed8659e7ca16aaccb86def94ce6cec4c847dd6

    • SHA256

      3fdefe2ad092a9a7fe0edf0ac4dc2de7e5b9ce6a0804f6511c06564194966cf9

    • SHA512

      f8ea73b0cb0a90fac6032a54028c60119022173334e68db3fbd63fe173032dd3fc3b438678064edb8c63d4eceaa72990ce039819df3d547d7d7627ad2eee36b3

    • SSDEEP

      192:Xdaz2FKIaphXuVX3uKny+gASTGWyQG0eJIL+uVl9tUDY5Kajjtl9w++zOzrPwaur:NbFuUOvAiG0gIVDKDYgmh02HPwzi3An

    Score
    1/10
    behavioral3

    • Target

      Pida Software Microsoft Original/ActivadorWindows/KMS_VL_ALL-44/$OEM$/$$/Setup/Scripts/bin/x86.dll

    • Size

      15KB

    • MD5

      2a2bbc30d8e715c3c29e728989498469

    • SHA1

      da8f931c7f3bc6643e20063e075cd8fa044b53ae

    • SHA256

      81f8fc4aef686dbc4e2b1f6b08fbac33bf877610c268564e9ecfbae1425d5e5c

    • SHA512

      3ac38dc0c5425bdb4b8017052da8b76a6279074cd42dd01cb634b6de3b323795f2a96e2fd443ee858247b86cacf12a8ed95f39b65bab605a7a2d8784287a357f

    • SSDEEP

      192:Vu8nbINVKVJiFoc/XCoYUDFK01+fYCrFWYDAfsyaxWSd4jzbYrddDAln:VxnqVKAvXCsl+YiFlEEya8Sd4XmdE

    Score
    1/10
    behavioral4

    • Target

      Pida Software Microsoft Original/ActivadorWindows/KMS_VL_ALL-44/$OEM$/$$/Setup/Scripts/setupcomplete.cmd

    • Size

      94KB

    • MD5

      65bc53900c0b960220a5af59b3ab9eb6

    • SHA1

      b280f1a9018d9694f1cbc4c6e5c374ef29579132

    • SHA256

      3b5a7c0317ea3b79988a6a554574da43f6ffe0cca6bc9da16140cdd6f8a6c296

    • SHA512

      f042469b2551809d2fbdb2d325948f9d8d69ccacbda8750d4b3e1589587be75d0d24827a7af2a449222f40e46664b57993e8efc23b535ce2996ea30b0e635e71

    • SSDEEP

      1536:lrfOE2+3uuxPNQxFuLFLcQxFuSFnrDYQBQJsSambizfkp6e/+RvLDx7qdzi0:xWEhuADrcQBQJsSambizfkAnRvL0dv

    Score
    4/10
    behavioral5

    • Target

      Pida Software Microsoft Original/ActivadorWindows/KMS_VL_ALL-44/Activate.cmd

    • Size

      112KB

    • MD5

      27dbbeda34fa7260a3dc9f6fd1398fdd

    • SHA1

      5a7ad865b94d9d98099316fa2f78a1636e8cd8d4

    • SHA256

      79731e75607973ed0cf7fb89174785691711dcb8032527b3cc70c72d3a61118d

    • SHA512

      b56d8a1ee30b0893d4789f8dcd631b965cf2f22539fb00fe9da1c294b009d80823379cb648f5b9f4820e477bcf2592b41b7f7055db0cd055e3dc465a35962d5d

    • SSDEEP

      1536:17u32nr4++uXxPjQxFchFyDZQxF5BFprbPrDY0ySbqbfYpM6/+RvLDx7qdzik:N9rKuVmwprbjc0ySbqbfYCTRvL0df

    Score
    4/10
    behavioral6

    • Target

      Pida Software Microsoft Original/ActivadorWindows/KMS_VL_ALL-44/AutoRenewal-Setup.cmd

    • Size

      17KB

    • MD5

      b9590b32f11fa467938518bad08b66f0

    • SHA1

      6a3c0317ea5507277e9d647356f035d666bece37

    • SHA256

      4b7e16ba61987144e3d7b70d26a0d11a8238182b57ef894b57da974a2e8f3b32

    • SHA512

      1f844c68c629366a1846354ace946f980822d603fc95ca99842d9c15991fd0e6d7462f1c42bc0383fdd5e01e13096c4540c379e9c2179ddaf4ada26fe699a063

    • SSDEEP

      192:DLQ2a8/OdklwOoPG8JEjMoRqrEVR+tqPHzH39G1n95g8GzUrb2IWtVOJsSCBsSUS:DXO7Jl079G1n9ZGQXEVOJsSEsSUr2

    Score
    4/10
    behavioral7

    • Target

      Pida Software Microsoft Original/ActivadorWindows/KMS_VL_ALL-44/Check-Activation-Status-vbs.cmd

    • Size

      6KB

    • MD5

      48af8f351df5b7a7a341a4c1e0f0270a

    • SHA1

      818b60cdcf7e7fc4cd81d2ada834fcbec5991347

    • SHA256

      88615b73386261e04f17a565d0a90755e01cb5102aea5da82990d3cf67874066

    • SHA512

      a32614c57049e976799f00604e827434d8953286992ea82160e272614c6e7f7d50b751bdf5f2b75d4bf8d1a76633def08870abf5030875e47c78064d1802eb2b

    • SSDEEP

      192:taKECDMg+Gi+mL+GnB+68+gy+7/+XN+0sH+TG+oTG+7Fzxbfizd7miMn:taVCDMxr+mKM+61g/72XI0sHMVCV7FzH

    Score
    1/10
    behavioral8

    • Target

      Pida Software Microsoft Original/ActivadorWindows/KMS_VL_ALL-44/Check-Activation-Status-wmic.cmd

    • Size

      15KB

    • MD5

      d2e352bab312e0adf78b32678ba5d3d0

    • SHA1

      cd056bc78a776cc28f20f6e10cded7b6b2acda28

    • SHA256

      4b0a0ff29ad5b30d8a74e8ebb84e0f47670dd33a3d50d5dcd7cf08fe5d47a227

    • SHA512

      962e2483d2de54d55cbf8aa191f36d7aa522d641f49ab8dd9b7f16dbca355b31ffe781e0bc1a58d4557299a07b597ce88d013a5fa3fbbbc665d37e6973c5d894

    • SSDEEP

      384:tC7y0z50lgYW6aYigBtYXvjFI5aeZvb+TcimPBP3d9tu9tn:tC7oRaGbqci+BF9Y9p

    Score
    4/10
    behavioral9

    • Target

      Pida Software Microsoft Original/ActivadorWindows/KMS_VL_ALL-44/ReadMe.html

    • Size

      37KB

    • MD5

      56b89b9bdca3b00ffc5886477ce6f0dc

    • SHA1

      35fef6c8d72e679bb375a4b03fd8ee256047c598

    • SHA256

      a512e9a009bdfc5ac2904549504a329b8399ccd6b99d04aa26cab1a86268feaa

    • SHA512

      116e9f73fa62d01c859fb4791c469023231404de61987d098539d470b11469dd3344e1d8add34b009c915a9b4af714316c1c7a8a60f597f192663180da5e0365

    • SSDEEP

      768:/b0o+05I71cX6dH7mF0EezFzif29omGCrIURq:/Zs7CXqXBoeHtq

    Score
    4/10
    behavioral10

    • Target

      Pida Software Microsoft Original/ActivadorWindows/KMS_VL_ALL-44/bin/A64.dll

    • Size

      20KB

    • MD5

      698d2d01011110b0ba4aab62f92b9909

    • SHA1

      1139ae6243934ca621e6d4ed2e2f34cc130ef88a

    • SHA256

      3fb8dc2fa316ca1e7244eb34e95f591aa39a6e4b6eb0416692691aeb3d0c429b

    • SHA512

      5f65842cb7522f22e63f2aa0612509299a28335230e24fcb1a145f47f4a9e03b40919780b81904fc1a4b4364f2d1284f5f765a6072a12e18e244c750b56db5da

    • SSDEEP

      384:cWnqVKDqa6kEDO/dhek9ufgcZw6CfEYRWnn:9qaZRdhek+MfLR

    Score
    1/10
    behavioral11

    • Target

      Pida Software Microsoft Original/ActivadorWindows/KMS_VL_ALL-44/bin/cleanosppx64.exe

    • Size

      19KB

    • MD5

      162ab955cb2f002a73c1530aa796477f

    • SHA1

      d30a0e4e5911d3ca705617d17225372731c770e2

    • SHA256

      5ce462e5f34065fc878362ba58617fab28c22d631b9d836dddcf43fb1ad4de6e

    • SHA512

      e0288dcf78092449d9cbaef4488041131925387c1aedc9e9512da0f66efe2fb68350ca3937f6715834e62e7c931c5dad0fc8bc3c6c0c3daedeff356d6feaac2e

    • SSDEEP

      384:gQAInWKpEFFzpjq37oIOU6GHq33QPiu431VP:gxWTpOFagUb2qiu43P

    Score
    1/10
    behavioral12

    • Target

      Pida Software Microsoft Original/ActivadorWindows/KMS_VL_ALL-44/bin/cleanosppx86.exe

    • Size

      17KB

    • MD5

      5fd363d52d04ac200cd24f3bcc903200

    • SHA1

      39ed8659e7ca16aaccb86def94ce6cec4c847dd6

    • SHA256

      3fdefe2ad092a9a7fe0edf0ac4dc2de7e5b9ce6a0804f6511c06564194966cf9

    • SHA512

      f8ea73b0cb0a90fac6032a54028c60119022173334e68db3fbd63fe173032dd3fc3b438678064edb8c63d4eceaa72990ce039819df3d547d7d7627ad2eee36b3

    • SSDEEP

      192:Xdaz2FKIaphXuVX3uKny+gASTGWyQG0eJIL+uVl9tUDY5Kajjtl9w++zOzrPwaur:NbFuUOvAiG0gIVDKDYgmh02HPwzi3An

    Score
    1/10
    behavioral13

    • Target

      Pida Software Microsoft Original/ActivadorWindows/KMS_VL_ALL-44/bin/x86.dll

    • Size

      15KB

    • MD5

      2a2bbc30d8e715c3c29e728989498469

    • SHA1

      da8f931c7f3bc6643e20063e075cd8fa044b53ae

    • SHA256

      81f8fc4aef686dbc4e2b1f6b08fbac33bf877610c268564e9ecfbae1425d5e5c

    • SHA512

      3ac38dc0c5425bdb4b8017052da8b76a6279074cd42dd01cb634b6de3b323795f2a96e2fd443ee858247b86cacf12a8ed95f39b65bab605a7a2d8784287a357f

    • SSDEEP

      192:Vu8nbINVKVJiFoc/XCoYUDFK01+fYCrFWYDAfsyaxWSd4jzbYrddDAln:VxnqVKAvXCsl+YiFlEEya8Sd4XmdE

    Score
    1/10
    behavioral14

MITRE ATT&CK Enterprise v15

Tasks