be2c1e8b419d8f8e85fb7a4a4e6a6c908244ee9520f9657da932c23cf7ed4ddb

Sharing

Copy URL

Twitter E-mail

General

Target

PowerISO8-x64.exe
Size

4.9MB
Sample

240405-s2hpvagc85
MD5

d884550a8b075167353db3bc9118dd18
SHA1

5975cbc800d452546a0ec7456d19fccc15ed085a
SHA256

be2c1e8b419d8f8e85fb7a4a4e6a6c908244ee9520f9657da932c23cf7ed4ddb
SHA512

0ec1d112ddb81485c87c68d47e46607e66f7ba60860eea6bb647560ae766af4f41fda002c329de7981fc1a15b5ceffc18fc57c86f42f70bbde427db65027f9bf
SSDEEP

98304:Mu69FGH5tiGVX3FFi1m3fNwyZCe35LC7phV3+0pE34HVdL+8:l69sH54G5uINdZCeJwphQoVdK8

Score

8^/10

Malware Config

Targets

- Target
  
  PowerISO8-x64.exe
- Size
  
  4.9MB
- MD5
  
  d884550a8b075167353db3bc9118dd18
- SHA1
  
  5975cbc800d452546a0ec7456d19fccc15ed085a
- SHA256
  
  be2c1e8b419d8f8e85fb7a4a4e6a6c908244ee9520f9657da932c23cf7ed4ddb
- SHA512
  
  0ec1d112ddb81485c87c68d47e46607e66f7ba60860eea6bb647560ae766af4f41fda002c329de7981fc1a15b5ceffc18fc57c86f42f70bbde427db65027f9bf
- SSDEEP
  
  98304:Mu69FGH5tiGVX3FFi1m3fNwyZCe35LC7phV3+0pE34HVdL+8:l69sH54G5uINdZCeJwphQoVdK8
Score

8^/10

bootkit discovery persistence upx
- Downloads MZ/PE file
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  8cf2ac271d7679b1d68eefc1ae0c5618
- SHA1
  
  7cc1caaa747ee16dc894a600a4256f64fa65a9b8
- SHA256
  
  6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba
- SHA512
  
  ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3
- SSDEEP
  
  192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL
Score

3^/10
behavioral2
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  ec9640b70e07141febbe2cd4cc42510f
- SHA1
  
  64a5e4b90e5fe62aa40e7ac9e16342ed066f0306
- SHA256
  
  c5ba017732597a82f695b084d1aa7fe3b356168cc66105b9392a9c5b06be5188
- SHA512
  
  47605b217313c7fe6ce3e9a65da156a2fba8d91e4ed23731d3c5e432dd048ff5c8f9ae8bb85a6a39e1eac4e1b6a22862aa72d3b1b1c8255858997cdd4db5d1fe
- SSDEEP
  
  192:oRsHeylO012En8pqHtcE0PuAgkOyPIFc:sATI0d8pUP0WAgkBPIFc
Score

3^/10
behavioral3
- Target
  
  $R0
- Size
  
  69KB
- MD5
  
  9d199564b65a91a531b23844649459e9
- SHA1
  
  8d84359ced1c51d14e70cb5ed36a6083c8b914cf
- SHA256
  
  8dc2490d1d650e3ffbf70922b81ae9800ddd29a644e4d7d29e9616e22a7d0f42
- SHA512
  
  ae522945d3ddcd7c2d99da14ba62d556928b7e6dfcb07114f13481777878a8ffa448170cebbf76da80d9ae45d0e3a509b0f2a7bd702773c1efcaca26496010d1
- SSDEEP
  
  768:Ubrbmi0iAETVvlXjkQnr65WTHBAtgYSofgevxHs4gZWk:ab70GdXoQr65WDBAtgYSoflxHeW
Score

1^/10
behavioral4
- Target
  
  $TEMP/$0
- Size
  
  29KB
- MD5
  
  c3b224d15a9036805575b2ff0bcefeda
- SHA1
  
  74779ae82a97e97d770435d097821810f16c97c5
- SHA256
  
  23d8aeff49ffbac9f9490e9739e059cd7064516dbcd693fe2de77830b127ff8a
- SHA512
  
  5a5d98cc9a4aca076049340a4645879a8e4a1d2e24a672015627446d7e3729acf0b64bc8a0f702b8da735d22607fe13ba3ef6a497a57891804576899b06bb461
- SSDEEP
  
  384:XE+iXOWKqv0WEXSvQiJb7Mejv14ESgQaMOaA9qqKYu8iFz/pvow3PrCDaU2:XxspKA0ZiVfWEVUfYuhFzVowOD
Score

1^/10
behavioral5
- Target
  
  devcon.exe
- Size
  
  69KB
- MD5
  
  9d199564b65a91a531b23844649459e9
- SHA1
  
  8d84359ced1c51d14e70cb5ed36a6083c8b914cf
- SHA256
  
  8dc2490d1d650e3ffbf70922b81ae9800ddd29a644e4d7d29e9616e22a7d0f42
- SHA512
  
  ae522945d3ddcd7c2d99da14ba62d556928b7e6dfcb07114f13481777878a8ffa448170cebbf76da80d9ae45d0e3a509b0f2a7bd702773c1efcaca26496010d1
- SSDEEP
  
  768:Ubrbmi0iAETVvlXjkQnr65WTHBAtgYSofgevxHs4gZWk:ab70GdXoQr65WDBAtgYSoflxHeW
Score

1^/10
behavioral6
- Target
  
  piso.exe
- Size
  
  21KB
- MD5
  
  99c1672e8ed7c85474917ebbc6903f3a
- SHA1
  
  5b7a4c43a169d2ee4ebc65a716cce846e26e8e1a
- SHA256
  
  1f6ee5802f6cc16c5ce12661155201350b7c53587ddbf61c429d05abebb69a2a
- SHA512
  
  8bac273ea6a811f8f7afdb2ba36aa5df1797aaa2c1e8a2569b810179fef81583d33bd626f9a3572ff3dd2e9b8be67d412a435cfc5b0fc244069f0922061f1ca6
- SSDEEP
  
  384:FXhgKsW4zL6KZjthU53XnCm/Zn6KZjthUBopnCm/2Q:NWK2zGmjtu5nCKAmjtuBsCKD
Score

1^/10
behavioral7
- Target
  
  setup64.exe
- Size
  
  20KB
- MD5
  
  fdaf68ac10888345fc0dfedd070dbd07
- SHA1
  
  160e72adf208e42511274e7dd786975cfce4d4d2
- SHA256
  
  e69945c414a228f6299a30946401bbbb900d0b8a814e2ce8c5c44c12f130eb75
- SHA512
  
  943ae7c986ec48d24ebf9c83a3821ecfb36aa7bca0c010c7b53030c0ee30980c848177b5ec33fb2317f71dececa3bee5adf53393fb6f30f8f9b7d475965038a5
- SSDEEP
  
  384:yTwBHiBYcYV796KZjthUFYnCm/x86KZjthUDnCm/Gu:CoHiBYcYB0mjtu+CKFmjtubCKv
Score

1^/10
behavioral8