3555b6148f8bf9415c1b0db8b03c649b530670c7775631d6f26fda5eee547f24 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

memreduct-3.3.5-setup.exe
Size

357KB
Sample

240405-q4sxgseb75
MD5

25db35058f16b6fe4b1425b0986ba716
SHA1

17b4f5bca2480079e68ea41a52651f34c3cd6a37
SHA256

3555b6148f8bf9415c1b0db8b03c649b530670c7775631d6f26fda5eee547f24
SHA512

735b58bcafb9382c5d9846756ffa079bc4aac0fd4ff039883382cc0251fdf77bb660e51b9b133dc2fcdc2bfa93c75b6148e0c2cc71ea949c8694407a29fac679
SSDEEP

6144:ip+ggftEQYLwl/QsHpkMxfXkGIDO5K1kaf+DUtuOEL6nDp5hqKBUj:e29ZKA4OckafLuOa6lGCU

Score

8^/10

discovery

Malware Config

Targets

- Target
  
  memreduct-3.3.5-setup.exe
- Size
  
  357KB
- MD5
  
  25db35058f16b6fe4b1425b0986ba716
- SHA1
  
  17b4f5bca2480079e68ea41a52651f34c3cd6a37
- SHA256
  
  3555b6148f8bf9415c1b0db8b03c649b530670c7775631d6f26fda5eee547f24
- SHA512
  
  735b58bcafb9382c5d9846756ffa079bc4aac0fd4ff039883382cc0251fdf77bb660e51b9b133dc2fcdc2bfa93c75b6148e0c2cc71ea949c8694407a29fac679
- SSDEEP
  
  6144:ip+ggftEQYLwl/QsHpkMxfXkGIDO5K1kaf+DUtuOEL6nDp5hqKBUj:e29ZKA4OckafLuOa6lGCU
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  75ed96254fbf894e42058062b4b4f0d1
- SHA1
  
  996503f1383b49021eb3427bc28d13b5bbd11977
- SHA256
  
  a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7
- SHA512
  
  58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4
- SSDEEP
  
  192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV
Score

3^/10
behavioral2
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  ca95c9da8cef7062813b989ab9486201
- SHA1
  
  c555af25df3de51aa18d487d47408d5245dba2d1
- SHA256
  
  feb6364375d0ab081e9cdf11271c40cb966af295c600903383b0730f0821c0be
- SHA512
  
  a30d94910204d1419c803dc12d90a9d22f63117e4709b1a131d8c4d5ead7e4121150e2c8b004a546b33c40c294df0a74567013001f55f37147d86bb847d7bbc9
- SSDEEP
  
  192:oF8cSzvTyl4tgi8pPjQM0PuAg0YNy8IFtSP:EBSzm+t18pZ0WAg0R8IFg
Score

3^/10
behavioral3
- Target
  
  memreduct.exe
- Size
  
  302KB
- MD5
  
  fe8eb129610e454ad17b9d6ccbf1df8b
- SHA1
  
  28cfddbc7faf2e66aee0eec673c7eb7beab25510
- SHA256
  
  8cea4adf5febfa9528d01259bf9b70afdb814ce8b41605b8c619a9738a9c9414
- SHA512
  
  4aa488a5844eb65fe0f72d1ab325ba07a40fa0cae658bba38f59260c1467d5c902ae8bcd6d8e2f15a5c81139147155948f99a0e303ecca001f24a58d5c5de399
- SSDEEP
  
  6144:62uLW2PbSyXuF4a4gLZRE65J3EvgxxEvM:6hBTavRh5J8qxEvM
Score

8^/10
- Downloads MZ/PE file
- Legitimate hosting services abused for malware hosting/C2
behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4