General

  • Target

    TotalAV.exe

  • Size

    68.6MB

  • Sample

    240313-ald3lsfb51

  • MD5

    babd18e63d14531ea9b8c44002f0878c

  • SHA1

    423679eda1ecec3260ace03393446ca8fec86e26

  • SHA256

    a096845d6c5f7ca8a131768cbe86b57fb70c39612110ad819617117e9b08a1ae

  • SHA512

    14c973f692d874189b93b1bc71cf5984ca5fa8d09307a0555d83d620b60f0e25011f78af89288d9d89c78ef908db1b0d67a8492829b3ae254860951e359fa956

  • SSDEEP

    1572864:qEXxJQAdAfYNBAn9TFgmcrBg4gvQalX3F81z69QLUYrL76:qEB/CUBAn9TFnc1gTvQIuzFUYra

Malware Config

Targets

    • Target

      TotalAV.exe

    • Size

      68.6MB

    • MD5

      babd18e63d14531ea9b8c44002f0878c

    • SHA1

      423679eda1ecec3260ace03393446ca8fec86e26

    • SHA256

      a096845d6c5f7ca8a131768cbe86b57fb70c39612110ad819617117e9b08a1ae

    • SHA512

      14c973f692d874189b93b1bc71cf5984ca5fa8d09307a0555d83d620b60f0e25011f78af89288d9d89c78ef908db1b0d67a8492829b3ae254860951e359fa956

    • SSDEEP

      1572864:qEXxJQAdAfYNBAn9TFgmcrBg4gvQalX3F81z69QLUYrL76:qEB/CUBAn9TFnc1gTvQIuzFUYra

    Score
    8/10
    • Creates new service(s)

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      System.Collections.NonGeneric.dll

    • Size

      94KB

    • MD5

      d9af7be6e5ede98e59580a6e3995ff04

    • SHA1

      14042b8741d5ccf540a6425d9847c20f0cd79bfe

    • SHA256

      55347653b204516ba3feb26f9e38348982d141bc2654470c74cd6672f2f5fe47

    • SHA512

      fa9d407f39d8a095d59d4de20a0057c732232dab03c0b91d6396b0902c467370a5ba0ca12dd422e2d334628e31082cf464f169b60d7d26352f6836f32d6b4e9b

    • SSDEEP

      1536:XhrldoYSDLdsNnQ0VxQs7uzZqie8DK9BTYhYi49zm:Xh/oZHGNQYezZqZkKkhKy

    Score
    1/10
    • Target

      System.Collections.Specialized.dll

    • Size

      94KB

    • MD5

      e5b8fb1667440057ec69b7c4dfb14d50

    • SHA1

      706e2ca37573dae86f29bc63fd85d18f59b0abe7

    • SHA256

      bd0c8b5ab4ba787b78afe9519a195e686449b7016d9ec7524b9292d6dcc045fb

    • SHA512

      56fe916d24ffbffcf96ff23a2469e7dfb98abd108e1607e546e207066e00d47436718885345c01bbc0084c4a657c9020882767ca3aac129d108957c5002412d2

    • SSDEEP

      1536:Xg/qY3neX5D09UwBRj3sAR4tTX5qZfbrm5ghUxtwkmAPgi0+zl:Xg/qge29Uw13sAR4JXwZG5ghUHwkmAPD

    Score
    1/10
    • Target

      System.Collections.dll

    • Size

      242KB

    • MD5

      6efaaf2006d7f73efacf572c6dc49e4a

    • SHA1

      6dbb8ada7a1460e96126e00ed7cceb42ac0367b0

    • SHA256

      b84e5b657629fa7af7fef55f2eb4cad1031e77b14eaa971744d567eddf01cfde

    • SHA512

      1573f0a2c9785773f517724236c45abb9cc848e7298bbc6b4c2a04ae6b6901b61ebd423f25dd71d6454f19fc41300f6b04e7809357a79f772040df2c43ef2601

    • SSDEEP

      3072:NSEfcbmJrpQON/GBvhMAwucZoTcP2fQZQG3pV/up8oYbchYz0H4V2F7tsKgo41OC:LcaJaG2veAVTPcxRoYbc40HtjNn4d

    Score
    1/10
    • Target

      System.ComponentModel.Annotations.dll

    • Size

      178KB

    • MD5

      8cb920ac00ceec5f94100cee6daa4cff

    • SHA1

      c3cd821941a0503c1ee4e1d927f2dec15c3e8b8f

    • SHA256

      edbc43facc304e5ef0942ab36edaff9983ebb17356c3e1fb8ab0309c3900f6f8

    • SHA512

      b0b8cc6903b4327ddd1d4a4f25fd36982ec8e59cb248457e5516a104979927ee86f3b8f51cfbf28a76e028cbcb0bcd3486b9ad04c80650d1e76ae3e940ad987f

    • SSDEEP

      3072:Mm7cH9oS7SLQnnd4Gb6mRhx5D5/vbF6IF1yEDMUPxRL7GmMV:/4oSgQnd4GWUhx5t1y8MUPxRX4

    Score
    1/10
    • Target

      System.ComponentModel.DataAnnotations.dll

    • Size

      17KB

    • MD5

      14d3ff53f3de1382e5acf61f159d2594

    • SHA1

      87d81931987d7dd3ef406465e9c2a43db25eb260

    • SHA256

      69aa2c14362ca7abf64ef2f1090a3b02058042f377c16fcbbd324e1d5101dabb

    • SHA512

      dcb72b674cdef2286f2d2a90a21acdecd1841f2f9bbe6c3174746ae27723160eb54cb2f9700d4df38a4dea67c3476d58de07bf8dbfa1582fbb30d3bec4f35176

    • SSDEEP

      384:amgfJeteGXxQceYopWudXWgTb2HRN7hL+Hj+R9zFUuev:tAlH/i0Hji9z+uev

    Score
    1/10
    • Target

      System.ComponentModel.EventBasedAsync.dll

    • Size

      46KB

    • MD5

      30a2477d9a175edf1145192983ae0e08

    • SHA1

      59717a5b25cc470246289a8a1923990a08e9f9f9

    • SHA256

      17c773dc03603dcf4491d6189a2be7e00b117ebc164d45fa459b23fc51a12ff2

    • SHA512

      6db03f01163f0dbbbb4429257d2435be0b0aef1b19ccbfd5614657e0a55f17896863a734c0cfec17a16927d69ae18f6f5d784959aa245c0e28587b5a0309b650

    • SSDEEP

      768:qxlOy5A7AqgfWOxrb8gt7iI/dpF/ixMnNMHji9z/aw:qxlOr7ARDxbr7lViQ4+zCw

    Score
    1/10
    • Target

      System.ComponentModel.Primitives.dll

    • Size

      74KB

    • MD5

      c62050b023a65b14db3adffb1593e732

    • SHA1

      97a03772321ef4ace3645221a26974c3ec0f0cb9

    • SHA256

      8e80a728bef6ae7a72166ece5b989baff0a6011423f5fb707460518365a0ee0d

    • SHA512

      340062eb9d90bafcd20e9d7d6f504b7b56a5507e6a87322c5f783e6ca5983490b4c5b64687453b8b48681b30b1009f6c1488ae83be72e1ec1b592e5b907896cf

    • SSDEEP

      1536:Ydu/dSa4Y4Y4Y4Y4Y4Y4Y4Y4Y5K63nQvOul/XxBuHg501M9F2okQPRKeV3iAVz6:Ydu/dSfqwF2oJP7VJe

    Score
    1/10
    • Target

      System.ComponentModel.TypeConverter.dll

    • Size

      678KB

    • MD5

      dbcfec0b3492f984ceadfca8e4da5783

    • SHA1

      168dea2ffc790af48ddeee04ac70e4eef77df4bc

    • SHA256

      1a99fcafca0e578570214af2fdc0f4770c3fcd556a371084d86243714b52e7fe

    • SHA512

      d5fcb4644e0cf626b537b246c131556d6f292b1d7765765a2e48470ced26192296e003339f7ff6bdf23c9e4d538a4cb125dd1c3f638d7851a9fe16439b7ce35e

    • SSDEEP

      12288:wEYO+ueO+ueO+ueOrBg3uNAHjiQAQBsB4lLbXE6djnytrXlnmlsvgdjUnBXkLulv:wJO+ueO+ueO+ueOHXQBfF9djnytrVnmq

    Score
    1/10
    • Target

      System.ComponentModel.dll

    • Size

      30KB

    • MD5

      6972a286b196cea3b21c77a37c0cd329

    • SHA1

      bf3e9081156f9518ac46b692f55edd5e70147b6f

    • SHA256

      0d2cd39b276ecb4072873ff5227e6e510ef130b1113acb0eb1bf46b275c0b513

    • SHA512

      81abb2c0cbdbd06ab21adfff126d8356221db892d04dcd7d09c5052cf1199bee9e652625c7e91700b0f918cd57031476a35de8d78b1332aceb6c0fa2416d8944

    • SSDEEP

      384:pW4X1WCnTySJXgb+MH8AAB5kHRN7LR9z3BTsT2:FYLRd9z3Bm2

    Score
    1/10
    • Target

      System.Configuration.ConfigurationManager.dll

    • Size

      954KB

    • MD5

      bd9add7401699079892c3f44b3201407

    • SHA1

      6da7f395ef9874121c259ad6aff92590d792cf81

    • SHA256

      10c1d8841d602b4bced587c399437e934161ab944625e93125297bc054d0c7e2

    • SHA512

      77553d0271d82ce29806dcdaabc0fc365c30d5d610efe3bbe4950ede4382bef221696d9170f38355262287fccbf8e86cb709e3853ff8828ee773e13c4a550bfa

    • SSDEEP

      12288:PlRNpU+elBfOsdV0Z8oApKK1sPTdokGH5OTNWLOdN24rtylGAAA5SbwAhZNwPuKs:Pb/YUrdAJSbwAhmXh17K6PnCFi0

    Score
    1/10
    • Target

      System.Configuration.dll

    • Size

      19KB

    • MD5

      798ea9943e6ac8c55c70b67035d2b48e

    • SHA1

      2867b8c72dd5f691e8881ce8ce489249538b7da6

    • SHA256

      fb3cd1dd4b1d5c913a974a171f40337b293f3832b221371b29a3f1b5e12483aa

    • SHA512

      e4a7a4cb42165ce7cba163b183913859e9ba3d9e0aa4715a941a207d6243abfe4f1a1f88f3d81cba51e96aa2cb8215eeb8e1351b1ea01938ddf3ce1f534d559a

    • SSDEEP

      384:QvjEWcuXTSv/fJNRvGZYdf3zyP/weD/YnYuAWvfNWg+Tb2HRN7iMOsWAR9zg2MT:QvjEfiDez+/ilL9z2

    Score
    1/10
    • Target

      System.Console.dll

    • Size

      162KB

    • MD5

      4dfdf7bfd889a6e2f167a2185f83fe18

    • SHA1

      55b880a7317ed78e10876fbdd1f22edc14230668

    • SHA256

      22089908983d33c7a893ccbe897ccb24e51f14c9e2fb98eb9d584ea249354c01

    • SHA512

      bccd31bbfa75aa5675fe68c8a0501d1b62dd8ada4cb87ca0fbfa90e280ee975d6e5898381d2643e6f6a46ccb85da3b493ecee820317959ab01ce3226fde9d75d

    • SSDEEP

      3072:SgCEfXcSzfK05n32LqVbn4NYtV/7eLfua/1URUxQr7+1uGXQTY7ucp9wwD:lXZSq/VRVg1ATisGucj/

    Score
    1/10
    • Target

      System.Core.dll

    • Size

      23KB

    • MD5

      7196e21711595b3c9d36196988ab6e49

    • SHA1

      f1274b22e284e598d9d83ee781490f0dbf90de4c

    • SHA256

      0355da32f025abea5a93591a455c41377d839365b65b497515b0213d307d0125

    • SHA512

      81c19bae8ab11f86198dc6c7c6563ac6b8ac3951bb70ad58eb60511d2052fb2b637b9786957bd4596e6477354ecedf9a7863392982f0e248723350fb58660e3d

    • SSDEEP

      384:ZOXNOW8q/XTBdIfVLeESnlMUBAojTpP9KdxkSW1FU1MXtz0fJmh7WXi2WrTb2HRZ:ZOXNOW8q/XTBdIfVLeESnlMUBAojTpP4

    Score
    1/10
    • Target

      System.Data.Common.dll

    • Size

      2.7MB

    • MD5

      a5e6418794faf04ae4c9b7eb37e2fa52

    • SHA1

      da08753e9e3de4ede668902a98b43a04345664c3

    • SHA256

      9064122f6ab10928fadc2e244287d0d9ca068e0b1b9a5ed65e2fb9f71ec5c47a

    • SHA512

      1c23dea2ff770a597043658177fb3413733e244fe38bcfbe1b673fe9aa9a47c6b082fd3b82ddc52329b5b08e3f54435d37ff6c00516b32226d25ea36de702af9

    • SSDEEP

      49152:iJbrz83SifrRXbuoYTw6Xr4Kdd/ebiBoHtk069gN4srA1:2rzn7sHg93sg

    Score
    1/10
    • Target

      System.Data.DataSetExtensions.dll

    • Size

      15KB

    • MD5

      2efc9b5e1e777576504af85ed6580f91

    • SHA1

      29dafe5c28bdb7b7041bde6f1b70cb93e796d047

    • SHA256

      ff88e0904ddee8dd1c1df50727fd8acc05fd3b6cee508f02e06afac1495e074b

    • SHA512

      04c7837ac2e238a3e5be781895e6b99506934c8ab79303a979484d7a880caae10df107b460993d55db7f1b8150782f70ede3b089415511d374bb57c9414b0719

    • SSDEEP

      192:WVCm3A/LKtpWaJ7WmjD3WT56Os1HnhWgN7agWfVQEl+X01k9z3ACiDFch:WVCmVtpWaJ7WmjC5kHRN7CQY+R9zv6FA

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upxblackguard
Score
10/10

behavioral1

Score
7/10

behavioral2

persistenceupx
Score
8/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10