Overview

overview

7

Static

static

3

Drehmal.In....1.exe

windows7-x64

7

Drehmal.In....1.exe

windows10-2004-x64

7

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Drehmal Installer.exe

windows7-x64

1

Drehmal Installer.exe

windows10-2004-x64

7

LICENSES.c...m.html

windows7-x64

1

LICENSES.c...m.html

windows10-2004-x64

1

d3dcompiler_47.dll

windows10-2004-x64

1

dxcompiler.dll

windows7-x64

1

dxcompiler.dll

windows10-2004-x64

1

dxil.dll

windows10-2004-x64

1

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows7-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

1

libGLESv2.dll

windows10-2004-x64

1

resources/elevate.exe

windows7-x64

1

resources/elevate.exe

windows10-2004-x64

1

vk_swiftshader.dll

windows7-x64

1

vk_swiftshader.dll

windows10-2004-x64

1

vulkan-1.dll

windows7-x64

1

vulkan-1.dll

windows10-2004-x64

1

$PLUGINSDI...7z.dll

windows7-x64

3

$PLUGINSDI...7z.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Drehmal.Installer.1.0.1.exe

  • Size

    74.1MB

  • Sample

    240406-rqhd9scc5x

  • MD5

    7bf9840c0a8ff7fed37795d08d57850a

  • SHA1

    f5816dd76fb8e9294621fda04306e8ef068a3da5

  • SHA256

    952c89e629280ad52d9eba9383941522304e36c0054a523bfb0bb97db2d8c546

  • SHA512

    00305210be0970e5633f4151ad441785f0f896731fa1b12514efd4136c0eb9c894f39a2acbdc33c2d4ad25f4e36da1a3a99f3d11637df40e5d777f633fe8042d

  • SSDEEP

    1572864:YejOg3daa5AfY+bQoyJg0UyRTDAwGZEazzhZZG+YEZhFp7:YAEa5AJsoyJJ9TUwGuyouDFp7

Score
7/10

Malware Config

Targets

    • Target

      Drehmal.Installer.1.0.1.exe

    • Size

      74.1MB

    • MD5

      7bf9840c0a8ff7fed37795d08d57850a

    • SHA1

      f5816dd76fb8e9294621fda04306e8ef068a3da5

    • SHA256

      952c89e629280ad52d9eba9383941522304e36c0054a523bfb0bb97db2d8c546

    • SHA512

      00305210be0970e5633f4151ad441785f0f896731fa1b12514efd4136c0eb9c894f39a2acbdc33c2d4ad25f4e36da1a3a99f3d11637df40e5d777f633fe8042d

    • SSDEEP

      1572864:YejOg3daa5AfY+bQoyJg0UyRTDAwGZEazzhZZG+YEZhFp7:YAEa5AJsoyJJ9TUwGuyouDFp7

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    behavioral5behavioral6

    • Target

      Drehmal Installer.exe

    • Size

      168.5MB

    • MD5

      5274cbfb208ee9610d3193e4c61c35f7

    • SHA1

      954257060465a7038dd94952cb3964e5a0699735

    • SHA256

      869e7c9698da35ba3b45d8a456814db6926534ea5e6d80302f0aaf69283230cb

    • SHA512

      f28dc65c609683b375d61f55d5f940a41c691d7c5e64335886121675faf7b23a98cac04ec7e187e28cc92eb8915d8c65dfeda1cc0d7505820358683698c8733a

    • SSDEEP

      1572864:IWx5TrBkvBGddEgdqUVQAa/6MdFvokPLkKrIA5wsMj+zBujIqMIqw6ep80FQK7y3:AwmBiWD+eCIxB

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral7behavioral8

    • Target

      LICENSES.chromium.html

    • Size

      8.7MB

    • MD5

      1ca87d8ee3ce9e9682547c4d9c9cb581

    • SHA1

      d25b5b82c0b225719cc4ee318f776169b7f9af7a

    • SHA256

      000ae5775ffa701d57afe7ac3831b76799e8250a2d0c328d1785cba935aab38d

    • SHA512

      ec07b958b4122f0776a6bded741df43f87ba0503b6a3b9cc9cbe6188756dcde740122314e0578175123aaa61381809b382e7e676815c20c3e671a098f0f39810

    • SSDEEP

      24576:ZQQa6Ne6P5d2WSmwRFXe1vmfpV6k626D6b62vSuSpZ:ZMfTVQ

    Score
    1/10
    behavioral10behavioral9

    • Target

      d3dcompiler_47.dll

    • Size

      4.7MB

    • MD5

      2191e768cc2e19009dad20dc999135a3

    • SHA1

      f49a46ba0e954e657aaed1c9019a53d194272b6a

    • SHA256

      7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

    • SHA512

      5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

    • SSDEEP

      49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l

    Score
    1/10
    behavioral11

    • Target

      dxcompiler.dll

    • Size

      20.8MB

    • MD5

      7f1a300d385b1d012107d07da18ee1cc

    • SHA1

      ff3d22f6f9d15ead257654205b26962fc9a34b53

    • SHA256

      e5fa623aa51c0072ea40b6ebdd897ff22ae3a6c82e7d59fc6320c1d46a265640

    • SHA512

      f0ae60e48175b9f1acd32f7bf6d22a991425eb655e81ef57df94df17f0ffdf7848b858cdf779683b1304fdc50535b88a69f4d2b48c007d8e585153be9dc25827

    • SSDEEP

      393216:oFMwP3WgSiT84jbMMV+myjPUaM2NEYGM0ADiWMF:oFb2mucMEYGnAGWMF

    Score
    1/10
    behavioral12behavioral13

    • Target

      dxil.dll

    • Size

      1.4MB

    • MD5

      cb72bef6ce55aa7c9e3a09bd105dca33

    • SHA1

      d48336e1c8215ccf71a758f2ff7e5913342ea229

    • SHA256

      47ffdbd85438891b7963408ea26151ba26ae1b303bbdab3a55f0f11056085893

    • SHA512

      c89eebcf43196f8660eee19ca41cc60c2a00d93f4b3bf118fe7a0deccb3f831cac0db04b2f0c5590fa8d388eb1877a3706ba0d58c7a4e38507c6e64cfd6a50a0

    • SSDEEP

      24576:LCfhbh3v3mtZDiAQeWj26k41ob2nrZ1rqpegQDJqoZtp22GkmgA9u808jQPEdkr1:LCfhbh3v3mtEAQrW41obCraeRhy9ou6r

    Score
    1/10
    behavioral14

    • Target

      ffmpeg.dll

    • Size

      2.7MB

    • MD5

      069b10d20cf5bb899faa87c1653150e4

    • SHA1

      e385efa15b17ef9b520d7e2c9998b0d54cb314a1

    • SHA256

      e970ed275374aaf0f6f60b21388e55f42447b9b1e09c78dcdb7d858aa05dfb53

    • SHA512

      b3907fd6d4f88604eff82f3a493e426f252e568c86cca4392865301e13d096780e8d6dffb63c4d0fbf787d8e5deab536e331bfb531e76997cc4635beaa9ffb83

    • SSDEEP

      49152:rPDtyvMYqXiOaeQ3NZ+GEMDbG7m8x7n6mfu/oBLpweNsgMzqvUzn7xN:7SOONYbQG7m8bdazlzn7r

    Score
    1/10
    behavioral15behavioral16

    • Target

      libEGL.dll

    • Size

      467KB

    • MD5

      a373e2ec6ed245e4562a3d5a8e0742b2

    • SHA1

      e0b360fa0314be8e4a83c0cd2aea99e2e86ab588

    • SHA256

      d9c8541eaf0293c67ece10e97d00a8b689d5e043a8356d43224aac1af3a21a5f

    • SHA512

      f7d3d20bf7f8deca892e233d41cf4bc250906c49295f8de313e57c9068b176cf6a86cfc090ff9fa602dff6cba231bd6938fbea0c1fc315f57b6ff5515d885d91

    • SSDEEP

      6144:DuF2Dw0NiKxN6YTfDVTCanVJhPadWQo+wehJp/Ej4:a0iKbbTfDVJ2dWQo+wenp/EU

    Score
    1/10
    behavioral17behavioral18

    • Target

      libGLESv2.dll

    • Size

      7.4MB

    • MD5

      65fd6bae92477dbc96d15ce28f5a3ebf

    • SHA1

      2111b196e265f9463b5447ea0c831826145b4498

    • SHA256

      a1275f57b47575db9aa3a577e5eacba1d7f1d5578ef6a8072468d788c93c85ff

    • SHA512

      8f9e94839664399a745b8b6f242ebe8d6d0c7490a704a2e7082d7b70384538ea3708937b254cfac5cd2d776b89a0ac34ee09c5744284a9887fedfc3b3e75c49c

    • SSDEEP

      98304:xgBPe7R/ujOL9I6A26IOQRFZ0SEJwwKv77Mo1JaWXm3WtPa:xg1On66A+x0gwU4eCoS

    Score
    1/10
    behavioral19behavioral20

    • Target

      resources/elevate.exe

    • Size

      105KB

    • MD5

      792b92c8ad13c46f27c7ced0810694df

    • SHA1

      d8d449b92de20a57df722df46435ba4553ecc802

    • SHA256

      9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

    • SHA512

      6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

    • SSDEEP

      3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l

    Score
    1/10
    behavioral21behavioral22

    • Target

      vk_swiftshader.dll

    • Size

      5.0MB

    • MD5

      b4838d1ea6ae3978aaf9798f4592ac6d

    • SHA1

      4493a9028fc256009a7d6adda54c1124b2ed5dd0

    • SHA256

      418213ab16d045339604b24fba5f11733d4ae03f992e324395082e179260e8a4

    • SHA512

      53ee6fc322f31e93323995aa52c23f3e90b8fdd57f4f137d6676002996a7b04fd27f1e081d60e40b3b029cdb7044bebd6d269a22c2db68d3220e71c1ef938686

    • SSDEEP

      49152:wO6ftECL3Zdon2+a/EgBqB1y91lxfAV7xWV9MzaNZ8m8Lg1d7RXmVEZvMUn0HjyC:wLftMUSogaEm5hZdIOlEbRaB3YIa

    Score
    1/10
    behavioral23behavioral24

    • Target

      vulkan-1.dll

    • Size

      925KB

    • MD5

      f9e89d0e3d04f5abb24894c7dbdfcc6e

    • SHA1

      08e51818549aa182130ae8e5369faa3654eb2d1b

    • SHA256

      1a2c79b0f5ccef2ed359e5ecf25c71800321cc4f244d64e2efe0c7e75b453915

    • SHA512

      e10ebcd0d63b2f653cccd888688b1f126d59d18b4a496e85d54b6ac00401274c8fdfa528f13f60d68350c95c4fbb9236c02f4e3733ba99046e4353bb91a8a422

    • SSDEEP

      24576:Ny+lCO+5ia/1DW6pb9MLtX6Z5WdDYsH26g3P0zAk7o3X:NymVqXpbId6Z5WdDYsH26g3P0zAk7on

    Score
    1/10
    behavioral25behavioral26

    • Target

      $PLUGINSDIR/nsis7z.dll

    • Size

      424KB

    • MD5

      80e44ce4895304c6a3a831310fbf8cd0

    • SHA1

      36bd49ae21c460be5753a904b4501f1abca53508

    • SHA256

      b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

    • SHA512

      c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

    • SSDEEP

      6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck

    Score
    3/10
    behavioral27behavioral28

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.