469c034a1b0db632b355417177df3872abd056bd300ac457fae4ed4d9cb2ce8b

Sharing

Copy URL

Twitter E-mail

General

Target

e2117b441bb00e4bd08f23ec09ecfe03
Size

1.6MB
Sample

240327-tj267sff42
MD5

e2117b441bb00e4bd08f23ec09ecfe03
SHA1

af1eb8b5e2c453981579b06346d4762697aa5035
SHA256

469c034a1b0db632b355417177df3872abd056bd300ac457fae4ed4d9cb2ce8b
SHA512

975e802de0d951e154998d3ed487d8e5364674ae8de5be90bef3c554af3af0d9ff62cc6cd06a4367227baf7405e5f23f2f7a64eb566bfc160e2f706500616351
SSDEEP

49152:dPUci59mkTB8cRczJBhE8/iIviTwpIHDY:hUT5Qkec0JjE8K6iToIj

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  e2117b441bb00e4bd08f23ec09ecfe03
- Size
  
  1.6MB
- MD5
  
  e2117b441bb00e4bd08f23ec09ecfe03
- SHA1
  
  af1eb8b5e2c453981579b06346d4762697aa5035
- SHA256
  
  469c034a1b0db632b355417177df3872abd056bd300ac457fae4ed4d9cb2ce8b
- SHA512
  
  975e802de0d951e154998d3ed487d8e5364674ae8de5be90bef3c554af3af0d9ff62cc6cd06a4367227baf7405e5f23f2f7a64eb566bfc160e2f706500616351
- SSDEEP
  
  49152:dPUci59mkTB8cRczJBhE8/iIviTwpIHDY:hUT5Qkec0JjE8K6iToIj
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/DLLWebCount.dll
- Size
  
  28KB
- MD5
  
  0bdd7c6f1046ea4b42839f991ae53fb2
- SHA1
  
  cb9baefb10159b4a684fa1ee4372e7715865052d
- SHA256
  
  0a0019b2603dbc4505453c2501255ab0cc0b3c317ece4a6ce0cfb6a02a30907b
- SHA512
  
  96f41497f25d7bc81f51ab167f74243b4b767089c89c26f9752ef518fa60dedd2722c66ae87dad2334bcce1622bc12f7b9b892ae654ca58cecd9f35c9f1dc163
- SSDEEP
  
  192:OQoR7CK9FX/dVPWtJ/tXP88bSNwWW8+YdbDT:OQcWeJ/XPWtJxPFYi8nb
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/ExLicenseIDBoanPage.dll
- Size
  
  44KB
- MD5
  
  96869afd6fae4c8ccb0c56996b8fae8d
- SHA1
  
  e9f4d80f61521b03d0c07d9abe3a00ff461de40b
- SHA256
  
  94bc2f57d978a4027c32595a1a3c5ed20f83d689646f254a4b2a5b815cee59d1
- SHA512
  
  12dacdab1e73e827f9507eaa963a012fa66a63b5a531e09f0bd84c4d81787e1777b347e325b6b4ae9fa11555ee390312173bc292860f6e234ecf3835a6a37b11
- SSDEEP
  
  384:Sum13eB6kWUnHOII9p8+6P95H282nv2JKiXn5IODyOx:Zkm6kxHOIIT8LWqHWO
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/SelfDelete.dll
- Size
  
  24KB
- MD5
  
  7bf1bd7661385621c7908e36958f582e
- SHA1
  
  43242d7731c097e95fb96753c8262609ff929410
- SHA256
  
  c0ad2c13d48c9fe62f898da822a5f08be3bf6c4e2c1c7ffdf7634f2ca4a8859e
- SHA512
  
  8317af5cc3ac802eb095f3fa8cc71daa1265ca58fead031c07872f3d4bb07663a7002ae734fad392a7617f0923fe0caf1f54ed55afdf8516a6a08e202d86fa7f
- SSDEEP
  
  96:1dIrJYYrzPpqAAZ9sNIaI2y9WulXEGNRrG:nuYATpq/viyYuEYRr
Score

1^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral11 behavioral12
- Target
  
  $TEMP/nsisos.dll
- Size
  
  5KB
- MD5
  
  69806691d649ef1c8703fd9e29231d44
- SHA1
  
  e2193fcf5b4863605eec2a5eb17bf84c7ac00166
- SHA256
  
  ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6
- SHA512
  
  5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb
- SSDEEP
  
  48:6EyuygeHCfxwU5x+6kx/k1gONv27oBc2OkIrHHl:VeHCf2762kKsu7oGjkIrn
Score

1^/10
behavioral13 behavioral14
- Target
  
  IDBoan.exe
- Size
  
  4.6MB
- MD5
  
  5826ff472ed14d14df0a306a171ac452
- SHA1
  
  49fd18bb02f8dd5272fa7fa03ae02fba032370f7
- SHA256
  
  4d9be43a1afc60e525c23ca54b0bcc2f80d15094652b1b791336175b5108635c
- SHA512
  
  01443b02882d99ab2888609530bb4b30621d79bdb8a5a9d3d773cc8547af9f293a99b1837dfe39de2e36ecd95ebbd22fa20f95923c92126e23076e8dd155dd6d
- SSDEEP
  
  12288:d7+zjJUmM0uQ0ghsSk92pTwQ9snqMDs42D+pEmUnbDPNEjivqCTuic:d7+zjyVpQD42KpEmUn3Pujivqmlc
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral15 behavioral16
- Target
  
  IDBoanMon.exe
- Size
  
  703KB
- MD5
  
  0ccf16a3c9d76eada96efd81e341fc5b
- SHA1
  
  1dd0a95554d0500c0784a0570cff30acf996ef48
- SHA256
  
  3bc95b546a70fdf885feda183288dcf4535719a4d7411479bd17de75197dbcc6
- SHA512
  
  40b6100f03e4d14d7871dc471322dee43da5ce554ca029e693eb0211dcb5c4ec9f692cb2cf12765ff902b2c32e9be504cb461b313dcd3ad8a246ba86e61496c1
- SSDEEP
  
  6144:/sUak+OtMzb5S+91osQ5HAsOIQE6f3BLL9+nMQxfgNLfzYWE:/sUak+oMzbUAsz6f3BLx+nMQxYNLfn
Score

3^/10
behavioral17 behavioral18
- Target
  
  IDBoanUpdate.exe
- Size
  
  1.8MB
- MD5
  
  5c26d3ae5bf2eafe78bb906d81047b48
- SHA1
  
  5badbfe50bca04ca88f4d1f336d1f925ef4da7f0
- SHA256
  
  7784f1f422aa413a4d556ad0b732b059564527c5d7ac2da5adbb2c9e89f39c5c
- SHA512
  
  ca7747cd4f4f125dff732bf36fcd2e89a02c01a500f117be650c46d3726cb6b032c5a4148f3618e4fc7b2746be3ee4e6d64b8bfc2edc280ebe4b918b10a6e25f
- SSDEEP
  
  49152:+t3dLZuK4AsiPdpnT2KkOd5GUEX4k0uBoxK+9:+t7z4As4t2KkOd5IX30yoo+9
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Deletes itself

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Checks computer location settings

Adds Run key to start application

Checks computer location settings

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20