952c89e629280ad52d9eba9383941522304e36c0054a523bfb0bb97db2d8c546

Sharing

Copy URL

Twitter E-mail

General

Target

Drehmal.Installer.1.0.1.exe
Size

74.1MB
Sample

240406-rqhd9scc5x
MD5

7bf9840c0a8ff7fed37795d08d57850a
SHA1

f5816dd76fb8e9294621fda04306e8ef068a3da5
SHA256

952c89e629280ad52d9eba9383941522304e36c0054a523bfb0bb97db2d8c546
SHA512

00305210be0970e5633f4151ad441785f0f896731fa1b12514efd4136c0eb9c894f39a2acbdc33c2d4ad25f4e36da1a3a99f3d11637df40e5d777f633fe8042d
SSDEEP

1572864:YejOg3daa5AfY+bQoyJg0UyRTDAwGZEazzhZZG+YEZhFp7:YAEa5AJsoyJJ9TUwGuyouDFp7

Score

7^/10

Malware Config

Targets

- Target
  
  Drehmal.Installer.1.0.1.exe
- Size
  
  74.1MB
- MD5
  
  7bf9840c0a8ff7fed37795d08d57850a
- SHA1
  
  f5816dd76fb8e9294621fda04306e8ef068a3da5
- SHA256
  
  952c89e629280ad52d9eba9383941522304e36c0054a523bfb0bb97db2d8c546
- SHA512
  
  00305210be0970e5633f4151ad441785f0f896731fa1b12514efd4136c0eb9c894f39a2acbdc33c2d4ad25f4e36da1a3a99f3d11637df40e5d777f633fe8042d
- SSDEEP
  
  1572864:YejOg3daa5AfY+bQoyJg0UyRTDAwGZEazzhZZG+YEZhFp7:YAEa5AJsoyJJ9TUwGuyouDFp7
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral5 behavioral6
- Target
  
  Drehmal Installer.exe
- Size
  
  168.5MB
- MD5
  
  5274cbfb208ee9610d3193e4c61c35f7
- SHA1
  
  954257060465a7038dd94952cb3964e5a0699735
- SHA256
  
  869e7c9698da35ba3b45d8a456814db6926534ea5e6d80302f0aaf69283230cb
- SHA512
  
  f28dc65c609683b375d61f55d5f940a41c691d7c5e64335886121675faf7b23a98cac04ec7e187e28cc92eb8915d8c65dfeda1cc0d7505820358683698c8733a
- SSDEEP
  
  1572864:IWx5TrBkvBGddEgdqUVQAa/6MdFvokPLkKrIA5wsMj+zBujIqMIqw6ep80FQK7y3:AwmBiWD+eCIxB
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  LICENSES.chromium.html
- Size
  
  8.7MB
- MD5
  
  1ca87d8ee3ce9e9682547c4d9c9cb581
- SHA1
  
  d25b5b82c0b225719cc4ee318f776169b7f9af7a
- SHA256
  
  000ae5775ffa701d57afe7ac3831b76799e8250a2d0c328d1785cba935aab38d
- SHA512
  
  ec07b958b4122f0776a6bded741df43f87ba0503b6a3b9cc9cbe6188756dcde740122314e0578175123aaa61381809b382e7e676815c20c3e671a098f0f39810
- SSDEEP
  
  24576:ZQQa6Ne6P5d2WSmwRFXe1vmfpV6k626D6b62vSuSpZ:ZMfTVQ
Score

1^/10
behavioral10 behavioral9
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  2191e768cc2e19009dad20dc999135a3
- SHA1
  
  f49a46ba0e954e657aaed1c9019a53d194272b6a
- SHA256
  
  7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d
- SHA512
  
  5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970
- SSDEEP
  
  49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
Score

1^/10
behavioral11
- Target
  
  dxcompiler.dll
- Size
  
  20.8MB
- MD5
  
  7f1a300d385b1d012107d07da18ee1cc
- SHA1
  
  ff3d22f6f9d15ead257654205b26962fc9a34b53
- SHA256
  
  e5fa623aa51c0072ea40b6ebdd897ff22ae3a6c82e7d59fc6320c1d46a265640
- SHA512
  
  f0ae60e48175b9f1acd32f7bf6d22a991425eb655e81ef57df94df17f0ffdf7848b858cdf779683b1304fdc50535b88a69f4d2b48c007d8e585153be9dc25827
- SSDEEP
  
  393216:oFMwP3WgSiT84jbMMV+myjPUaM2NEYGM0ADiWMF:oFb2mucMEYGnAGWMF
Score

1^/10
behavioral12 behavioral13
- Target
  
  dxil.dll
- Size
  
  1.4MB
- MD5
  
  cb72bef6ce55aa7c9e3a09bd105dca33
- SHA1
  
  d48336e1c8215ccf71a758f2ff7e5913342ea229
- SHA256
  
  47ffdbd85438891b7963408ea26151ba26ae1b303bbdab3a55f0f11056085893
- SHA512
  
  c89eebcf43196f8660eee19ca41cc60c2a00d93f4b3bf118fe7a0deccb3f831cac0db04b2f0c5590fa8d388eb1877a3706ba0d58c7a4e38507c6e64cfd6a50a0
- SSDEEP
  
  24576:LCfhbh3v3mtZDiAQeWj26k41ob2nrZ1rqpegQDJqoZtp22GkmgA9u808jQPEdkr1:LCfhbh3v3mtEAQrW41obCraeRhy9ou6r
Score

1^/10
behavioral14
- Target
  
  ffmpeg.dll
- Size
  
  2.7MB
- MD5
  
  069b10d20cf5bb899faa87c1653150e4
- SHA1
  
  e385efa15b17ef9b520d7e2c9998b0d54cb314a1
- SHA256
  
  e970ed275374aaf0f6f60b21388e55f42447b9b1e09c78dcdb7d858aa05dfb53
- SHA512
  
  b3907fd6d4f88604eff82f3a493e426f252e568c86cca4392865301e13d096780e8d6dffb63c4d0fbf787d8e5deab536e331bfb531e76997cc4635beaa9ffb83
- SSDEEP
  
  49152:rPDtyvMYqXiOaeQ3NZ+GEMDbG7m8x7n6mfu/oBLpweNsgMzqvUzn7xN:7SOONYbQG7m8bdazlzn7r
Score

1^/10
behavioral15 behavioral16
- Target
  
  libEGL.dll
- Size
  
  467KB
- MD5
  
  a373e2ec6ed245e4562a3d5a8e0742b2
- SHA1
  
  e0b360fa0314be8e4a83c0cd2aea99e2e86ab588
- SHA256
  
  d9c8541eaf0293c67ece10e97d00a8b689d5e043a8356d43224aac1af3a21a5f
- SHA512
  
  f7d3d20bf7f8deca892e233d41cf4bc250906c49295f8de313e57c9068b176cf6a86cfc090ff9fa602dff6cba231bd6938fbea0c1fc315f57b6ff5515d885d91
- SSDEEP
  
  6144:DuF2Dw0NiKxN6YTfDVTCanVJhPadWQo+wehJp/Ej4:a0iKbbTfDVJ2dWQo+wenp/EU
Score

1^/10
behavioral17 behavioral18
- Target
  
  libGLESv2.dll
- Size
  
  7.4MB
- MD5
  
  65fd6bae92477dbc96d15ce28f5a3ebf
- SHA1
  
  2111b196e265f9463b5447ea0c831826145b4498
- SHA256
  
  a1275f57b47575db9aa3a577e5eacba1d7f1d5578ef6a8072468d788c93c85ff
- SHA512
  
  8f9e94839664399a745b8b6f242ebe8d6d0c7490a704a2e7082d7b70384538ea3708937b254cfac5cd2d776b89a0ac34ee09c5744284a9887fedfc3b3e75c49c
- SSDEEP
  
  98304:xgBPe7R/ujOL9I6A26IOQRFZ0SEJwwKv77Mo1JaWXm3WtPa:xg1On66A+x0gwU4eCoS
Score

1^/10
behavioral19 behavioral20
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

1^/10
behavioral21 behavioral22
- Target
  
  vk_swiftshader.dll
- Size
  
  5.0MB
- MD5
  
  b4838d1ea6ae3978aaf9798f4592ac6d
- SHA1
  
  4493a9028fc256009a7d6adda54c1124b2ed5dd0
- SHA256
  
  418213ab16d045339604b24fba5f11733d4ae03f992e324395082e179260e8a4
- SHA512
  
  53ee6fc322f31e93323995aa52c23f3e90b8fdd57f4f137d6676002996a7b04fd27f1e081d60e40b3b029cdb7044bebd6d269a22c2db68d3220e71c1ef938686
- SSDEEP
  
  49152:wO6ftECL3Zdon2+a/EgBqB1y91lxfAV7xWV9MzaNZ8m8Lg1d7RXmVEZvMUn0HjyC:wLftMUSogaEm5hZdIOlEbRaB3YIa
Score

1^/10
behavioral23 behavioral24
- Target
  
  vulkan-1.dll
- Size
  
  925KB
- MD5
  
  f9e89d0e3d04f5abb24894c7dbdfcc6e
- SHA1
  
  08e51818549aa182130ae8e5369faa3654eb2d1b
- SHA256
  
  1a2c79b0f5ccef2ed359e5ecf25c71800321cc4f244d64e2efe0c7e75b453915
- SHA512
  
  e10ebcd0d63b2f653cccd888688b1f126d59d18b4a496e85d54b6ac00401274c8fdfa528f13f60d68350c95c4fbb9236c02f4e3733ba99046e4353bb91a8a422
- SSDEEP
  
  24576:Ny+lCO+5ia/1DW6pb9MLtX6Z5WdDYsH26g3P0zAk7o3X:NymVqXpbId6Z5WdDYsH26g3P0zAk7on
Score

1^/10
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Checks computer location settings

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28