fc6b5c15217f99ea3b7339f26b43729fe323195644427fcc554c6dd430f2e455

Sharing

Copy URL

Twitter E-mail

General

Target

safedogIISV4.0.exe
Size

33.9MB
Sample

240405-p46ynscf6x
MD5

f50ea38e3d77f926e4ebb58f3a30a50c
SHA1

4e94cc01a7b9197da99b9bd057314604ff73105f
SHA256

fc6b5c15217f99ea3b7339f26b43729fe323195644427fcc554c6dd430f2e455
SHA512

b30720dc6a3410afa6eb3b3cb5b2a02603c8fd6a73ca281857a53373e6e33a197ceaa4c6f0ed78d4c4f2da906f2010bbabf8a1947699668e3608dc8fefce3281
SSDEEP

786432:Uizp0brLyLog2BN9h1dQ4abP6CmfS6mRxrzuJ5nGido9dWYoaImfizk:U+p0OLKbZePUfS6mgGidQVLImf+k

Score

7^/10

Malware Config

Targets

- Target
  
  safedogIISV4.0.exe
- Size
  
  33.9MB
- MD5
  
  f50ea38e3d77f926e4ebb58f3a30a50c
- SHA1
  
  4e94cc01a7b9197da99b9bd057314604ff73105f
- SHA256
  
  fc6b5c15217f99ea3b7339f26b43729fe323195644427fcc554c6dd430f2e455
- SHA512
  
  b30720dc6a3410afa6eb3b3cb5b2a02603c8fd6a73ca281857a53373e6e33a197ceaa4c6f0ed78d4c4f2da906f2010bbabf8a1947699668e3608dc8fefce3281
- SSDEEP
  
  786432:Uizp0brLyLog2BN9h1dQ4abP6CmfS6mRxrzuJ5nGido9dWYoaImfizk:U+p0OLKbZePUfS6mgGidQVLImf+k
Score

4^/10
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/ExecCmd.dll
- Size
  
  4KB
- MD5
  
  b9380b0bea8854fd9f93cc1fda0dfeac
- SHA1
  
  edb8d58074e098f7b5f0d158abedc7fc53638618
- SHA256
  
  1f4bd9c9376fe1b6913baeca7fb6df6467126f27c9c2fe038206567232a0e244
- SHA512
  
  45c3ab0f2bce53b75e72e43bac747dc0618342a3f498be8e2eb62a6db0b137fcdb1735da83051b14824996b5287109aa831e5859d6f21f0ed21b76b3d335418c
- SSDEEP
  
  48:ifXNtGNjFizsU35iej7luiwa28mDJmDKUOMQH0glay/Aa4r/:5Fef5iej5txKJKenlV4r/
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/ExecEx.dll
- Size
  
  3KB
- MD5
  
  4bde69a4d54c24e178cda64d231b5fd3
- SHA1
  
  6c6a98b18727c66cbbf0f790992fa50535da527b
- SHA256
  
  da4d9243d4d523cabb635ba540b4d63fb69baf25f0f598b929694d21d63f5bfb
- SHA512
  
  150045e8319c280abfb0531f81ae09907a1bb987d2e3985fc3f4d223d62ec20265ebb5c7177a3620a833b7a71ab97bbd90715750ba60b684e04d405cfd8fdcbc
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/Inetc.dll
- Size
  
  20KB
- MD5
  
  50fdadda3e993688401f6f1108fabdb4
- SHA1
  
  04a9ae55d0fb726be49809582cea41d75bf22a9a
- SHA256
  
  6d6ddc0d2b7d59eb91be44939457858ced5eb23cf4aa93ef33bb600eb28de6f6
- SHA512
  
  e9628870feea8c3aaefe22a2af41cf34b1c1778c4a0e81d069f50553ce1a23f68a0ba74b296420b2be92425d4995a43e51c018c2e8197ec2ec39305e87c56be8
- SSDEEP
  
  384:jQB2ZUVHUxgoJX0eBA6PcH85db+ya9cC0Ac9khYLMkIX0+G5xgZmT+m//a:j/UFeJ5S6PHLNa9cFam/
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/KillProcDLL.dll
- Size
  
  4KB
- MD5
  
  99f345cf51b6c3c317d20a81acb11012
- SHA1
  
  b3d0355f527c536ea14a8ff51741c8739d66f727
- SHA256
  
  c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93
- SHA512
  
  937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/NSISLog.dll
- Size
  
  42KB
- MD5
  
  e47100b70748fc790ffe6299cdf7ef2d
- SHA1
  
  ad2a9cd5f7c39121926b7c131816e7ba85aeead2
- SHA256
  
  271d539fe130276189e0a32b8a0bc9f08f2d92f7e17f85d88726735f14ea6144
- SHA512
  
  88452a9aeff453e7979df9240ab396cbc0c5d00efecda97df1e46f2ba1e9b5bfd990921e85d503beb4b35a1de7681390ba124eeeaf896f250717892ced133e93
- SSDEEP
  
  768:wCpqFQLwm2VQRIsW6z66P9dmnKyAPKoaQtt34Zt4DtV4U0Kx8xkS:XpqFQiVUfDzXmmb6mJVN0KWxN
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/Registry.dll
- Size
  
  14KB
- MD5
  
  16f2b751c62af967187fe918eb47c9bd
- SHA1
  
  5e8afabd45484e38c9be59c98e28dcc3b74d886a
- SHA256
  
  bc3a27276397a43c966ec85dfbd194a00caea7665b1e5ba220cec27618ea7625
- SHA512
  
  62ce1b39a5a20abdbdeda11c3eea72c41f5f3dadd9c25901d78c65dffb7098bc50885b0f557619f34c25eb816621abed241172ec76dd4098f23829f7871ca7a5
- SSDEEP
  
  192:jlZfDG6DWaPLeLrfdpQueMI8RjoN9tPTpzgFW2R1OiBRenXQ5ZZqTvImYrg:jHfUaPLoP+wRcN9tPTcOckng5GTwm6g
Score

1^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/SkinBtn.dll
- Size
  
  4KB
- MD5
  
  e4ec95271ff1bcebab49bdfed6817a22
- SHA1
  
  2c03e97f4773aea80ecdb98a1482e5896fe4677b
- SHA256
  
  ee1c06692a757473737b0ebdef16f77b63afac864d0890022d905e4873737dd6
- SHA512
  
  771a527133806307a1b17b7e956d6a3c16e9bc675bf084b43204ae784a057dac2726dbf90645692876043a4e7365ba8825c167621fde4760c79cd84679e2aa3d
- SSDEEP
  
  48:iIf3aEDfeWm8JHFQbUrUPJJDFoetaxn/pFW3GNivz187eqzI/kMr8oX0Zbj:lv9Dfw8DQbhD2iaxn/PHmiNI/dQFZH
Score

3^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/SkinProgress.dll
- Size
  
  4KB
- MD5
  
  cc037c4703d3ec257efeef2ce0a1a20e
- SHA1
  
  b3d6cc8f687a31fb2c1a5921a38de9429af20502
- SHA256
  
  888b32ecbc37ce67d4edc28d894cba0a4f4e2488cfc2212d1af011bd0bfe97ff
- SHA512
  
  120bfa0a68775bef04c1863023b0e73a41982284fb36da7f497fbb7d5ed8631ad02fa09951424d339f6fefaa90a17c12f949dd68bb33bad64b1b7cace489d2a7
Score

3^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  00a0194c20ee912257df53bfe258ee4a
- SHA1
  
  d7b4e319bc5119024690dc8230b9cc919b1b86b2
- SHA256
  
  dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
- SHA512
  
  3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/WndProc.dll
- Size
  
  3KB
- MD5
  
  f0cb331dd4bd92a6ebce45e7cd1cf5ef
- SHA1
  
  b66ea0c10b08750295f2dc7c170b370402393214
- SHA256
  
  e7b3115fa2ce4a8fa09beeefa4fb634a474197f38a2854ce9be60d0a26016458
- SHA512
  
  7c33418f39b91ae0d4cc8b560f516bac293593eef539832815028878c2058bf1691c2d767a039cf312989839071f2f6f0b6d9d59835acdfff6b448bf1ffea271
Score

3^/10
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  ab73c0c2a23f913eabdc4cb24b75cbad
- SHA1
  
  6569d2863d54c88dcf57c843fc310f6d9571a41e
- SHA256
  
  3d0060c5c9400a487dbefe4ac132dd96b07d3a4ba3badab46a7410a667c93457
- SHA512
  
  99d287b5152944f64edc7ce8f3ebcd294699e54a5b42ac7a88e27dff8a68278a5429f4d299802ee7ddbe290f1e3b6a372a5f3bb4ecb1a3c32e384bca3ccdb2b8
- SSDEEP
  
  96:EBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4MndY7ndS27gA:E6n+0SAfRE+/8ZYxldqn420
Score

3^/10
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/nsisSlideshow.dll
- Size
  
  7KB
- MD5
  
  92148c2fcdc2c588aebc6acaef11ad4d
- SHA1
  
  5df90a446d80ad69816c2375e01287ba1c3fef96
- SHA256
  
  3beaaf45b95d7554e646812291025b873b1265ef63723aefe6ffeeac40469231
- SHA512
  
  a10951980148ff999a7a279cdb041c5a158be9f5a8abee22b51fae4cd8eeb84707724f7d4383eed0e90267bf299a9f041bb659aae624a9cf7cb97a58bf996924
- SSDEEP
  
  96:jxDCYdyPLISNJikdpdlCE5tJeCZiPodd:t8kkdD0OCLPodd
Score

3^/10
behavioral25 behavioral26
- Target
  
  $TEMP/SafeDogSiteIIS/AuditorIISInstall.dll
- Size
  
  371KB
- MD5
  
  a3434d2359179727a685fe8c0cdff893
- SHA1
  
  902f327a070f8e04b5d557f0bd556073e9324e74
- SHA256
  
  4f53827a61587ee10912708e72c8b99899efd7b8717135ad0192518007cd0c7c
- SHA512
  
  b41002da276833b152c70b1246752ffbedd58151e0b4788265b8f8c022c63893974212be623589ab6b5b494305c9ddc37aa0dbbac1ca6fa2be3db97b0add9f5b
- SSDEEP
  
  6144:ulCAR6ht5c0uPu9YmnPol+RRs4lptZU6opTblPjfHT7H6:KCVT5cuecolB4lptZU6opRv6
Score

1^/10
behavioral27 behavioral28
- Target
  
  $TEMP/SafeDogSiteIIS/CheckAuthorization.dll
- Size
  
  660KB
- MD5
  
  1d096d4713c83f8116f0ecaffc21e339
- SHA1
  
  e0cea779d990d92bcb87952c4dcf999fa21aa013
- SHA256
  
  350883e198aee64ccd6d37a5e8bcdaca9264673e3038a2122a5ba251f529ffca
- SHA512
  
  ef8bcd7883bce18d71ef3c47c71d7e97d803d9f3b8e76f8c648fb464b11c7f20c5175362ba8d499ee276ac661b2aeec810fd74c7cd28c6f272237840be464584
- SSDEEP
  
  12288:rRStHsyGaGdncU7xjJmHnAxzoJqveR/0axPQ3qnuHD4:rRStHCuoowvo/0aO3+uE
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral29 behavioral30
- Target
  
  $TEMP/SafeDogSiteIIS/CheckAuthorizationUI.dll
- Size
  
  401KB
- MD5
  
  2e42e499744b758c6d7639783bc92a99
- SHA1
  
  fe95ad6cdd8c4c6976ebea3e35f3e6e3ee0039ab
- SHA256
  
  b4a4e0305f97b549ceb6055e258da4da732f698e4d410d75c9d75d773617af88
- SHA512
  
  62b0d216af61c8f787595556ad289d71bd85d6f78bfe96bdcd298a84642599156271083fceb1c98f903ed74814a8e78c7c818e14ec14c6f856b728cf79909e91
- SSDEEP
  
  12288:6IwdEnGvJ2k0DZxv3jWkA6drreQ1ISvxqP855h:6WnGQOkA6dram4P8Hh
Score

7^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Writes to the Master Boot Record (MBR)

VMProtect packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32