44328d4960cf71ca7959c19d2d550803d3ea359f51ad729259c37e0597899439

Sharing

Copy URL Twitter E-mail

General

Target

b8d467b5c37e97f35258efde96509fdb.bin
Size

6.9MB
Sample

240405-b4rbbshe27
MD5

f85cd674648a7929713bddb14f3562c3
SHA1

83a7f17b8a9ea7aedfdf87b4c938553dceeb5ac4
SHA256

44328d4960cf71ca7959c19d2d550803d3ea359f51ad729259c37e0597899439
SHA512

73604f91a52be660656dd6facc0616ded0cf3b8c3d99210f7d1042cbadad6160bf41dbde96c69ca82a9f80958b6aada4f04a67d14cfce594f9032f4163d8f7f4
SSDEEP

196608:cNvPltPnjA0CnoARHMiQ59cbgbku+MCKy3BE+2:Kl5A0CoAyiNbgbk0yKX

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  bd65e13a564006f5379779eb0f93ee5c5cf6c594f0548ed893c141caf7d27f97.exe
- Size
  
  7.5MB
- MD5
  
  b8d467b5c37e97f35258efde96509fdb
- SHA1
  
  78f4a20e452c3594db24f484cd82e990ce525bdf
- SHA256
  
  bd65e13a564006f5379779eb0f93ee5c5cf6c594f0548ed893c141caf7d27f97
- SHA512
  
  a4d4edbf203a5e62804e883d440a795bbe06b4a1789c2e4e02533296c5e31ce84fcb7793f2e907483da2ede8f4ae8d38225b4d2f03afaabb16388d3dd3ead119
- SSDEEP
  
  196608:d1CvELcvKDeMf7NtTFHsMCVFPSBuW//YJiVgKu:dTLcvo7NJFHVCPPSBzoJMg7
Score

8^/10

persistence
- Sets DLL path for service in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  Silverlight.Configuration.exe
- Size
  
  231KB
- MD5
  
  17e40315660830aa625483bbf608730c
- SHA1
  
  c8f5825499315eaf4b5046ff79ac9553e71ad1c0
- SHA256
  
  f11009988b813821857c8d2db0f88e1d45b20762f62a3cf432339f352b12cefe
- SHA512
  
  0a3468dcff23ccb2458a8241388b7092d0711a4ebb491d5d8141cc352db8008fc6afc9af1e668104ac657fb4b3651ebcfdf1575557ff918d0f0905cd88c59e85
- SSDEEP
  
  3072:SjLkDn5/8z/slvgqGn+jALebLNyZAQ6Yvk5j2vo0C5wX4HkJ:SkDn98zkeWALevNyQxlT0fX4H0
Score

8^/10

persistence
- Sets DLL path for service in the registry
  persistence
- Deletes itself
- Adds Run key to start application
  persistence
behavioral3 behavioral4
- Target
  
  WDFHost.exe
- Size
  
  19.8MB
- MD5
  
  31c0bafc3f6e6c7322a7a32ac1bd87da
- SHA1
  
  42fd1a41e1eef5998de674ec068c702f1ee3b4f3
- SHA256
  
  f2a5023cd559597a1b70a7e02345fb9c80b740377fcf7341d5df2d462efafda5
- SHA512
  
  ab8dcda75a2e9c4d7dfcc23e76b3ca76b4ec5f1fbf24007bf0e9707de17461c5016ec9005dae3f62e34f586452aa145871d371536572365b35bf33b43a8d24ab
- SSDEEP
  
  196608:QEY5GwRkSKyuh6XVocAbyeEA183ZaOp6lAFywgK1HD3hHi9J:QEY5GwqMrWEAG6lA0lK1HD3JI
Score

8^/10

persistence
- Sets DLL path for service in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral5 behavioral6
- Target
  
  libeay32.dll
- Size
  
  1.3MB
- MD5
  
  d9871a6ba02aacf3d51e6c168d9c6066
- SHA1
  
  42012a0116a9e8aed16c7298bd43cb1206a0f0cd
- SHA256
  
  7975ac81130ae8fe09caf6bef313c44fe064b67ed9205f0bd11ac165386e2f95
- SHA512
  
  ae9118dac893097cd0e388ce45ff76c26b99b1cc9aea59547cc1dedf00bfbaf575f3d05317fac2f3f8b5c97896f6080bea9a90425333dbf02013eb01a002e43f
- SSDEEP
  
  24576:SNaU+KpPikndiNfzN4jH3PlMQzMjYpOtJqTp/kqg1j:ilUfzN4jH3PlyjYpOLqd/kP1j
Score

1^/10
behavioral7 behavioral8
- Target
  
  msimg32.dll
- Size
  
  120KB
- MD5
  
  1d5cb4c71dc4b8f8028b05310b89c1f5
- SHA1
  
  01f60d295633398d3cf3a80df894cc5238fc3086
- SHA256
  
  26cae03cc82d7c7ce4a9ee0dc5759aa79dddd2d596f577aa339bf2c242ece74b
- SHA512
  
  2d44bbd8200ab3a047fd5ffc8d9a333d8caf38d1af00127da80a3bf79821991b6272e855870e3c7e5884496f35293b82932cff57f3b5100f41dee274b4b4a3fb
- SSDEEP
  
  1536:jtfgRmDhOWCUdGVSzq8nxzSZfG9oiZiEpifruafC9xEhOd3DGPBeVNrL/dv:jtfzDhOXvcdnx6niZDiDuW3IyPINrzp
Score

1^/10
behavioral10 behavioral9
- Target
  
  ssleay32.dll
- Size
  
  337KB
- MD5
  
  fe6d8feaeae983513e0a9a223604041b
- SHA1
  
  efa54892735d331a24b707068040e5a697455cee
- SHA256
  
  af029ac96a935594de92f771ef86c3e92fe22d08cb78ebf815cbfd4ef0cb94b0
- SHA512
  
  a78b1643c9ea02004aabefc9c72d418ee3292edb63a90002608ac02ad4e1a92d86b0fc95e66d6d4b49404c1fc75845d0e6262821b6052ab037b4542fcaf2047d
- SSDEEP
  
  6144:16MNzVTEz1LgXCpfoaDRQHojjYkARhcPL0U2pHGS5VdQ/TOEzrqArrpA1riT1Piw:16MNzVgz1LgXCpfoaDqHojjYkARqPL06
Score

1^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  436KB
- MD5
  
  d7778720208a94e2049972fb7a1e0637
- SHA1
  
  080d607b10f93c839ec3f07faec3548bb78ac4dc
- SHA256
  
  98f425f30e42e85f57e039356e30d929e878fdb551e67abfb9f71c31eeb5d44e
- SHA512
  
  98493ea271738ed6ba3a02de774deef267bfa3c16f3736f1a1a3856b9fecc07f0ea8670827e7eb4ed05c907e96425a0c762e7010cb55a09302ca3cfb3fe44b2b
- SSDEEP
  
  6144:VQ+kwWa/1NfQWLv6rGnrpJJ7OELbg8reLy2dbJUa4xk+N9/2itUirbeaY:VvW0tLBp1cIeOwJL4xT/F5bY
Score

3^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Sets DLL path for service in the registry

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Sets DLL path for service in the registry

Deletes itself

Adds Run key to start application

Sets DLL path for service in the registry

Checks computer location settings

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14