eb71dad7e3c7fc10f128a9f4c1aebdb527eb4192e3525010322559ca9b63d610

Sharing

Copy URL

Twitter E-mail

General

Target

EasyMC_Setup_v1.6.14_x64.exe
Size

61.3MB
Sample

240312-3mwy2aed4v
MD5

3d34ef77549c696aa25ad60924afb265
SHA1

6989a37c8691475c60293251ef6ed743ac54637b
SHA256

eb71dad7e3c7fc10f128a9f4c1aebdb527eb4192e3525010322559ca9b63d610
SHA512

91e115ff7023982e0c00436fbffd2f84a5ccb86244f67bf92758e1577ddc006b7e7d0a1cd33e434f19158f6fc696d40cceb050a9cd2bf39188ad226727ee99a5
SSDEEP

1572864:eV1g0aTp2uRPflkYr+p5N/2QWSuUPTZYfD2:eV1haTp20CYI/HWfUbZSC

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  EasyMC_Setup_v1.6.14_x64.exe
- Size
  
  61.3MB
- MD5
  
  3d34ef77549c696aa25ad60924afb265
- SHA1
  
  6989a37c8691475c60293251ef6ed743ac54637b
- SHA256
  
  eb71dad7e3c7fc10f128a9f4c1aebdb527eb4192e3525010322559ca9b63d610
- SHA512
  
  91e115ff7023982e0c00436fbffd2f84a5ccb86244f67bf92758e1577ddc006b7e7d0a1cd33e434f19158f6fc696d40cceb050a9cd2bf39188ad226727ee99a5
- SSDEEP
  
  1572864:eV1g0aTp2uRPflkYr+p5N/2QWSuUPTZYfD2:eV1haTp20CYI/HWfUbZSC
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  60.8MB
- MD5
  
  b81529f26ba2cff07b22b078a0974394
- SHA1
  
  e82747ed04642800f1af697630e470f100a3e968
- SHA256
  
  8bdab554fba60b2bfb40a209819d4054a7050a706eaea7d397cc544db9ef0cc7
- SHA512
  
  64c21e77a652ba9426145ba04caf776dba9d69e961dbcba384639dd85a6ebf044d3931cd74c57af42f6e4e26f437c8c331efd1d5b02fc105fbb8dcad11da4820
- SSDEEP
  
  1572864:H1g0aTp2uRPflkYr+p5N/2QWSuUPTZYfDT:H1haTp20CYI/HWfUbZSv
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral11 behavioral12
- Target
  
  LICENSE.electron.txt
- Size
  
  1KB
- MD5
  
  4d42118d35941e0f664dddbd83f633c5
- SHA1
  
  2b21ec5f20fe961d15f2b58efb1368e66d202e5c
- SHA256
  
  5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
- SHA512
  
  3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63
Score

1^/10
behavioral13 behavioral14
- Target
  
  chrome_100_percent.pak
- Size
  
  138KB
- MD5
  
  4f7cf265db503b21845d2df4dc903022
- SHA1
  
  970b35882db6670c81bd745bdeed11f011c609da
- SHA256
  
  c48e6d360aee16159d4be43f9144f77d3275a87b3f77eae548e357601c55fc16
- SHA512
  
  5645d2c226697c7ac69ce73e9124630696516fc18286a5579823588f93a936da71084a3850f1f9a7b34c624f4c502957107f5957ffba5e6c1e4da6d8da7d3348
- SSDEEP
  
  3072:nKzw9bp66mdgZeMj6g2Z8Gb0+VRLf0ld0GY3cQ3F2DExm/KLQ2I:nKzw986mdgZezgm8Gb0OV8ld0GecQ3m3
Score

3^/10
behavioral15 behavioral16
- Target
  
  chrome_200_percent.pak
- Size
  
  202KB
- MD5
  
  6a7a9dee6b4d47317b4478dba3b2076c
- SHA1
  
  e9167673a3d25ad37e2d83e04af92bfda48f0c86
- SHA256
  
  b820d19a7a8ce9d12a26837f967f983e45b07550b49e7b9a25e57b417c5f6fd9
- SHA512
  
  67466e21a13ca449b014b511fb49bfc51df841eb5776f93b4bda2e0023da96d368ac5c65de051ed9de1899275b9f33839af2c387be903688cdb48bf08993791e
- SSDEEP
  
  6144:XDQYaF+9b16mdgZezVk5GMRejnbdZnVE6Yopym74:8fs1FdgEj6edhVELo374
Score

3^/10
behavioral17 behavioral18
- Target
  
  icudtl.dat
- Size
  
  9.7MB
- MD5
  
  2e7d2f6c3eed51f5eca878a466a1ab4e
- SHA1
  
  759bd98d218d7e392819107fab2a8fd1cfc63ddf
- SHA256
  
  b62b7240837172959299dc3be44fffa83dc374353154eca1612e1bde330aa8fa
- SHA512
  
  0f1465e8efe32b0eaba628a30bbb21254a05d80f4407a1434120a55fb928cf575b3879e1b7cf754cd19b23c262ae715fa84a8049073563cb38f1855be7db1124
- SSDEEP
  
  196608:GEGwSv9AAQTgyTliXUxR0rHa93WhlU6tgLQH:G4KlQTlliXUxR0rHa93WhlU6tgL4
Score

3^/10
behavioral19 behavioral20
- Target
  
  locales/am.pak
- Size
  
  179KB
- MD5
  
  ebe0e7e0c78fac281a3f0196da22cee9
- SHA1
  
  689864d898905d43b8a70bdf37c5b339daaf48eb
- SHA256
  
  08d86a45ff0a4b21e74b06509c376ab0f907cae72a3e0cbf5c17fc275d10ac5d
- SHA512
  
  89b6603e5db8ad53ee5623c2c0f7e81194278dbdf5ed49c7480049006b20744fd4642743c2b4a264cafa87e7f787d6d6cbf26f12ff2b851333b3ba7541ebd933
- SSDEEP
  
  3072:yxS4fygnOj0/92t7Rh4rgEkDvuhE8oeLt/ki7xVGMqyZJjhE+2WACT5x0kek97GG:yxFfygB51ueQRUix30jH8+X
Score

3^/10
behavioral21 behavioral22
- Target
  
  locales/ar.pak
- Size
  
  184KB
- MD5
  
  3a8a7a08fedb148ebee6d3300356e37a
- SHA1
  
  2e9ac1ea8b6396b909f823486538d5640ddcaa1a
- SHA256
  
  43636fc76a2da6ab562c4c3bcc1a5d548a169dc0e884484fb7e4341814c44c78
- SHA512
  
  7951829cc7aa385bb5f8078a7af7d4f0b49fa8c05eecb2808eac3fb0e8700c63f92db888ad64f526d992a14d54948a6807bf06f9fb688aecea40311eaacea181
- SSDEEP
  
  3072:QeqH2KNRpqhXUJXFxnw+7zF+hFBM2S2xHMuZtE9P6N9/fpK1P/X21MgSENKKSI1R:QeeNR8+7IpLMgSENuiTI1Zi
Score

3^/10
behavioral23 behavioral24
- Target
  
  locales/bg.pak
- Size
  
  200KB
- MD5
  
  5ed6adc6158f554e71bdac7dc9731b16
- SHA1
  
  394c8396c566d2b92cef881c332624be812115fa
- SHA256
  
  0a3e79a6d270d212037ccb5a8730b7abfc45c6e9175dd7e17d997daed0985726
- SHA512
  
  796f107698e82dfad9ec8d2ac1fc3f79b1f3a339a06eccd783dcd262ddb7399f8e3c093799f16640cf7a4488f1d2eb04ba6b7cb14ac9e9fcf87488cb8305b35d
- SSDEEP
  
  6144:8+Q7NaTBDnvbFnyZzrmLy8A/dWx6y2HR2vyPsUVwo:8FaTBDnv5nPLy8A/dWx6y2HR2vy2o
Score

3^/10
behavioral25 behavioral26
- Target
  
  locales/bn.pak
- Size
  
  257KB
- MD5
  
  ee25e9cf28fdd35846d8a9b3c4220eed
- SHA1
  
  702342cc207ced1bb585195abcf263cbc4ea0069
- SHA256
  
  9994b9832bce803bee8c48a8176653099df7768074e3c54d09a18593376466b9
- SHA512
  
  2b703cd07bacc9f70e36844f148c980cb112a806b4ca11f692b9bbe6995fd5636eb9bdc84c5cfaf79790dbbb1ecf7cf2b61a7d6ff89311eb4907c586e20b7dbd
- SSDEEP
  
  1536:mJvNRPap2KJjyr98JMgqxpDwuDkQv+h2mWHc:uNhK9meL
Score

3^/10
behavioral27 behavioral28
- Target
  
  locales/ca.pak
- Size
  
  125KB
- MD5
  
  53e3fb38f84f60b98d23b337e4f03f92
- SHA1
  
  42e435837dd36872d2a413518a299cd293ff8536
- SHA256
  
  b00bd41c1222b3ea078df5b92cec1946e41430be241d0d57dc9baa4c70c91f3a
- SHA512
  
  98d0328e7370b1fec9e15ad0cff9e1353686fc581e3df9a8896e3c2e62ced044c4c51ea63f35ec8b7eb3e7df5c83ef5157468979b7f20e85480597042c1ac192
- SSDEEP
  
  3072:Kqei1DaccguH65rqx0hmSBL8l/oT6nm1VhNO54f1fXiUUpYEHGPXf410ozRhqPY/:Awbcgco73O56XiUUpY/PXfc0yaYnwAk0
Score

3^/10
behavioral29 behavioral30
- Target
  
  locales/cs.pak
- Size
  
  128KB
- MD5
  
  f125738776a9fb8dbf25311fa3dadbcf
- SHA1
  
  3448b58d4810e69f5c1eca4e1484308c3ceff502
- SHA256
  
  5d5089718677f9a4e677dec72058c376a5829921cd523ecb919d0da7766d3cd4
- SHA512
  
  ca5300e5fb73ed4ee8c108e875c66ce7f105693f3ba78cb00f33218febfdb3ea27fe26f118dff3fb2e4af66f722f8348760cb576aba48887be25fdfae4991776
- SSDEEP
  
  3072:eKpMNl5jzoGFJ+17jN6lD+g+5XZ/Vuvm8Q+ndbx:eK2TRiN6lDu/VD8QYdbx
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32