a64b58872e0a0e0db306c170b1e9a00fcaad67caf18d5e0b52ad13989d1e7186

Sharing

Copy URL Twitter E-mail

General

Target

Fortect.exe
Size

733KB
Sample

240418-k6ws9sgg87
MD5

c4b5181e08b0d4ca9ce34046da72b92a
SHA1

d4d0578448905e8f041b0aa72827b6cd214a3f4b
SHA256

a64b58872e0a0e0db306c170b1e9a00fcaad67caf18d5e0b52ad13989d1e7186
SHA512

464d86897ce0c2df3df6329463c34ab4f8a32f69e7e802f9e92519e0fa2c345105809466b0a84e06f24d97da6b5bf7acc6268ff6b58fc503b0345d634b96d16e
SSDEEP

12288:XYgqZHbOVxWKUWiXvre7OC0ddgUoZbHtOLqWYfM:XYgqZHye9y7+ddDoVxWYk

Score

7^/10

Malware Config

Targets

- Target
  
  Fortect.exe
- Size
  
  733KB
- MD5
  
  c4b5181e08b0d4ca9ce34046da72b92a
- SHA1
  
  d4d0578448905e8f041b0aa72827b6cd214a3f4b
- SHA256
  
  a64b58872e0a0e0db306c170b1e9a00fcaad67caf18d5e0b52ad13989d1e7186
- SHA512
  
  464d86897ce0c2df3df6329463c34ab4f8a32f69e7e802f9e92519e0fa2c345105809466b0a84e06f24d97da6b5bf7acc6268ff6b58fc503b0345d634b96d16e
- SSDEEP
  
  12288:XYgqZHbOVxWKUWiXvre7OC0ddgUoZbHtOLqWYfM:XYgqZHye9y7+ddDoVxWYk
Score

7^/10

bootkit discovery persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Downloads MZ/PE file
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1
- Target
  
  $PLUGINSDIR/Banner.dll
- Size
  
  24KB
- MD5
  
  f26199dd8e7cc2b8746f686b8546acde
- SHA1
  
  aebc8d0265774fea38d6f3d8467e1a80ac19b28f
- SHA256
  
  140a563d234e73ffee1ee3c2c76ae03d4966f57b7e4363622c002709eb8495ce
- SHA512
  
  59fdf0173c8b58364b6edc18fa9844044101169382eb7dd981d5f5f4753d45cd164ee9a09eb72eb1511de46c6d4e6ff9317e0ba951cbecb18e31472419e71b9f
- SSDEEP
  
  384:OCDlNyb8E9VF6IYiTPxgGnAeHzPR0TT69mTIYiMGnAeHzPyyPxh8E9VF0NyJtSXL:TdEpYiTPxxA/iYidAmPxWEXO
Score

1^/10
behavioral2
- Target
  
  $PLUGINSDIR/Crypto.dll
- Size
  
  24KB
- MD5
  
  5f8dddd0537cf9d33230c5f690c0eca0
- SHA1
  
  44cbe527b498656fd0af1c19576ec33066b8467c
- SHA256
  
  09140b70aa226ccd3c4eb0ea5db056e4774004a96b4a32eeb1e51ecd799fdaea
- SHA512
  
  0d5a4bfe5c90326b85d34aeb19a2d0ad9c5aec5892c7721177bf207fcf5c3b57ce420cbef827f18e6110ddcea72854957ddef8804fa3da772116cf74ff1b7e3a
- SSDEEP
  
  384:1dwKj4itsgyNyb8E9VF6IYiTPxgGnAeHzPY3d3VIYiMGnAeHzPwK7Pxh8E9VF0Nv:1dxbtwEpYiTPxxAgYidAo7PxWENy
Score

3^/10
behavioral3
- Target
  
  $PLUGINSDIR/EnVar.dll
- Size
  
  30KB
- MD5
  
  7de1ce9a127c326b8292cec4e0062c18
- SHA1
  
  ba85807962ce45aa1a521b2d7a4dc251c78fc7d4
- SHA256
  
  2d9d4f9362e4066ee7d216a70b4c37dfd600c20e2b8c863ff80427dd90814783
- SHA512
  
  6b7f31ee1a8a9c045e4f4d32c59d48a0708644456138df073ea8e3e04838faeb241d98452c238ab9b446e05a95a724e32cb50854d5651a029a284c69c8beeb0d
- SSDEEP
  
  768:89BoeSzNC6oEpYiTPxxA/kYidAaPxWEisM:89BnSzNr7TPxuc7yaPxW
Score

3^/10
behavioral4
- Target
  
  $PLUGINSDIR/ExecDos.dll
- Size
  
  27KB
- MD5
  
  f920b104c2fe5ca6fedd2b5825544ee6
- SHA1
  
  23116ab1316a135c6507a532839dd63509039046
- SHA256
  
  4cbc00b2ba0ce3052427a541d72501d45cbd93442a9a85ea249c2894df529000
- SHA512
  
  5aa8142ad29b630278377fc05a02437c640670e011d20f1d3c18f06144a0eaee92775a55a6489b0372f59143df88aa15638cc4b3a47ed309e8bf25e87f920739
- SSDEEP
  
  384:cCqAUtwYjH1cEXh2Nyb8E9VF6IYiTPxgGnAeHzPO9onIYiMGnAeHzPrMjgPxh8Ei:cFcIFheEpYiTPxxA5YidA70PxWEbW
Score

3^/10
behavioral5
- Target
  
  $PLUGINSDIR/INetC.dll
- Size
  
  45KB
- MD5
  
  9f3c809a6f525a8ef0c981c84113560e
- SHA1
  
  61770595387f4f6bceb8b7b4542730a865dffdbd
- SHA256
  
  4d7a2d9151e02b971f38d10ffe8937f34227ad5a2ce11e7879df094482deca72
- SHA512
  
  7ec73df64dcf2f4a394499601551b8d658ec11886709a4125c12a6116bd8864be2274d2b2cb54b3cd731ff75f7f969661c223832138c3243faea028cd71aba84
- SSDEEP
  
  768:SAvE90GuY2tO93oLrJRM7Z4EyEpYiTPxxAFKRYidAfPxWElb:5E+GjnmbM7T7TPxuC7yfPxL
Score

3^/10
behavioral6
- Target
  
  $PLUGINSDIR/LogEx.dll
- Size
  
  64KB
- MD5
  
  065130bd4bc3b4d769ffb0050a5464d0
- SHA1
  
  5997b2834e691d92cb109c808d9054e3fb43d7a7
- SHA256
  
  568871b5048cf3e9a9c200c6527938fc616139353e084c43d283f96ba16b4ebb
- SHA512
  
  9324c626714191fd6d621bded56137316ca23f8e14fa0923f7652465417523cfaca29b49ddc3d67989edaa8b88227a7ef499fdce2b2bf86d67b91158ae528b91
- SSDEEP
  
  768:WoaF+ATCQye/I3KWmxj00Jyb8EnovnEpYiTPxxA8QYidAG2VPxWENz4:uF+ATCNmVjj8poI7TPxu8Q7yGAPxL4
Score

3^/10
behavioral7
- Target
  
  $PLUGINSDIR/ShellExecAsUser.dll
- Size
  
  63KB
- MD5
  
  d0605d66200b4d77ad9ed0933ea753d3
- SHA1
  
  91b783ff0f56313f6849c04ddf3bdbe5c4b427d2
- SHA256
  
  6005e7584b52f11a5dda8ae95993dea8747b49321fd2e7632fed8a365a6e6b8e
- SHA512
  
  fd6f7e97460b306f7555ed6ee78752feb04774306a9beeb903d56857cddc8d09ed73af35acd8e552b4b7343ae403e64344ce5f999caa76eb695a93d8d38a8cc6
- SSDEEP
  
  1536:nA4CJ9OFpXf0AfNiTkIMrhdkQ7TPxQnZ7ddPx2:AhCFptfN6MrhGQfxsZRxx2
Score

3^/10
behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  32KB
- MD5
  
  f64b9dfc805639380a2336bf2e803523
- SHA1
  
  9c0f3c905e819d4a212b225c5a23e07a5733a3cf
- SHA256
  
  69cae8b431d364968bb4d77352718f7d862563ef3efd1d3d18da10b0c2813b2b
- SHA512
  
  8cecb2915e747f0f803f4e8a153f67267a1760b6c1821dbb6d89c3e7af47888e6bf0efe9021c45a2aaec2f7afd5fd4b7d6619f4594409c88f047569cd73cb60a
- SSDEEP
  
  768:WiqmijmpcnEpYiTPxxAsYidAwVDPxWEZ0:TqZm2A7TPxus7ywVDPxU
Score

3^/10
behavioral9
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  24KB
- MD5
  
  921ae5351f80d55cce56054622f5add9
- SHA1
  
  081641958f39ae91fb692a6874f66a47a929ae9c
- SHA256
  
  eaeb1c53743c3540dbaaceeab03a57a0f16d43be593d87e16a5695298205ad04
- SHA512
  
  f6b4bb59703169672c5de62252f69bdb8702f4f13193df9cd632bb4d8d45aef63a25594e340b898ade3f372f47a18b995133bfbadedaf6bb9d316af7b57d89b2
- SSDEEP
  
  384:OWH+BNyb8E9VF6IYiTPxgGnAeHzPRmnkatIYiMGnAeHzPdZvPxh8E9VF0Ny8+Mk:OhFEpYiTPxxATaYidAMPxWEqtk
Score

3^/10
behavioral10
- Target
  
  $PLUGINSDIR/fortect-side.bmp
- Size
  
  152KB
- MD5
  
  3b4ee5451899c2b00555c573a389aeb8
- SHA1
  
  38a2a819a2b3b36e40fd2895a625f672141fa7d2
- SHA256
  
  8fbd59ee64af8a702f7a57657ab1766030885e28090e63e966e31b0358ae11f3
- SHA512
  
  b6b3e6607a29c99f230689d6398d0571a6ca3f95580c5402f092b4b65319043583135b26d04d3619e57100d7dca212683ad0d96e1a3f7e792951b137d1877303
- SSDEEP
  
  1536:pUIlKQVyHnY1uydqm2H24Wz2IWc2mmfGQ0xdye+8W:pUIlKQVdye+8W
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral11
- Target
  
  $PLUGINSDIR/modern-header.bmp
- Size
  
  83KB
- MD5
  
  1e608f54c109218745c0d7a06bcd5235
- SHA1
  
  3b96c4db479eb53d75eabc04a07f428c48ad4af4
- SHA256
  
  843bb7e3a52e3eeb58a0ef385f21d80383c8e5e65daf12bc297d570bc6722f22
- SHA512
  
  d544e06af36c0c39a871031a9cca13adeaced9cf36c6ec24f234240779bf30a24a12c23021cf8b8d8983aa95e1ca96a1dc0e0e630752bd601db81c151c1fb428
- SSDEEP
  
  384:WRr0VhlJKaNxSNIDEGnQnElrD2FaSwH4Cbf:Kr0flJKwsuEGnuEpD2JK4mf
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral12
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  30KB
- MD5
  
  793c48821589c9fbf03cfa62a919df2d
- SHA1
  
  b21b4ada7f689199e28984d57e5a10bf7d3f18be
- SHA256
  
  11832e3c0dc402ef83c17b2ebf94c58e0299b95459aa8657abeac71c47d09b3b
- SHA512
  
  9208c78e513ef4d60ea21e7254f8de9cf7677e3d38f9eb8bdfb9aa8573c36c32d0190b1b3bcde918e86741469312ef56f374153fec0cc2db0571ec94abc2c81d
- SSDEEP
  
  768:ARapMv/Agk0gEpYiTPxxA1WxYidA6wF0PxWERH:AR2Mv/Agk0p7TPxu1Wx7y6wCPxT
Score

3^/10
behavioral13
- Target
  
  $PLUGINSDIR/nsJSON.dll
- Size
  
  44KB
- MD5
  
  1a8bcfcdd4acb364f9e78d7e5f6e24d2
- SHA1
  
  b760838504044ff68516c21bb0f750a930884719
- SHA256
  
  29ece51c5d05c280d080dbd0ddb36abbc5b98567bf11e9d94f7c1ab619015eca
- SHA512
  
  2abcadb060097b91deb245b2dfa46e792f1e27d1d773c16f2af6e0234c9f03029e3ce2ebc042344c82a9f365f8ae2327e485a64010f6a69cf9c354c8ad5a0191
- SSDEEP
  
  768:aoZ1ZnhrTfldqk7Yyy94RxOcVQJrTwEpYiTPxxA4WYidAEPxWEML8:7pi52vOcqlTZ7TPxuP7yEPxU8
Score

3^/10
behavioral14
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  25KB
- MD5
  
  92e43d9e657a2366b412475683ad7b07
- SHA1
  
  9de0cd039d79bf90a407a09b283ecff5b511bd98
- SHA256
  
  1093622ea8e01f5614f343603d8c622193eafa5b35773e5bd2c2dc0911f22a48
- SHA512
  
  591d4bb819d5b8622dcc2be75ee78c25ac84da843a5cb6270046ad427f38e97e619dc5726a3aef2d3c202990d5ddc0bf1af1e7e7436ca3b18377871616e49181
- SSDEEP
  
  384:BZheNyb8E9VF6IYiTPxgGnAeHzPEZRbjUfIYiMGnAeHzPqXHQssPxh8E9VF0Nyp3:B3mEpYiTPxxATbXYidAXHGPxWE33
Score

3^/10
behavioral15
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  468KB
- MD5
  
  34074827fdd516e076679ad19eca3c4a
- SHA1
  
  87603ebb41d232c18f7d515707369e92432cc883
- SHA256
  
  19a6210afde4965e6609f479e557c4979f80c319c273608b7b946ed96df7d150
- SHA512
  
  3584b4a39ace2876e30a08bb726d2743f639d8ca8aaeeed585b332dc95c9ddf16fa11a8d5002f84b37a894b5ba39a3829ff482e11fd577e89505ff38edcacc48
- SSDEEP
  
  12288:0NZu4odeOo0QsjC4Fz74p87MZj/Ce/0jQX:O/KeN0Jbh74S7ObCesjQX
Score

3^/10
behavioral16