4de22f65551da53a761b1e9049abfcfdeddb4f36dfd50503f4ac45a0e4f972a4

Sharing

Copy URL

Twitter E-mail

General

Target

ReimagePackage.exe
Size

12.3MB
Sample

240418-qbhaaaea73
MD5

0cf8715cbdee01676d24f4f78c7b431f
SHA1

74989063fd05ffb28d0d705c583c2c6b1e9aef99
SHA256

4de22f65551da53a761b1e9049abfcfdeddb4f36dfd50503f4ac45a0e4f972a4
SHA512

248e107e97b2c1c1172abcadffee1497fbf8f75a0b343d983cf13410c2c74c6a7bd23f5d5ece32e76b2521b0a1543f4f6b62a4e8e407ba27ce722e2290976327
SSDEEP

196608:pSjaAQ7Z8aVC/xE4hVS930UqN2FItiZESkM8ZCLfsFrrdTM4nGgAU1Q+osH:oOAQaBvWq0QiZH18ZaIr2qG/sH

Score

8^/10

Malware Config

Targets

- Target
  
  ReimagePackage.exe
- Size
  
  12.3MB
- MD5
  
  0cf8715cbdee01676d24f4f78c7b431f
- SHA1
  
  74989063fd05ffb28d0d705c583c2c6b1e9aef99
- SHA256
  
  4de22f65551da53a761b1e9049abfcfdeddb4f36dfd50503f4ac45a0e4f972a4
- SHA512
  
  248e107e97b2c1c1172abcadffee1497fbf8f75a0b343d983cf13410c2c74c6a7bd23f5d5ece32e76b2521b0a1543f4f6b62a4e8e407ba27ce722e2290976327
- SSDEEP
  
  196608:pSjaAQ7Z8aVC/xE4hVS930UqN2FItiZESkM8ZCLfsFrrdTM4nGgAU1Q+osH:oOAQaBvWq0QiZH18ZaIr2qG/sH
Score

8^/10

discovery persistence spyware stealer upx
- Uses Session Manager for persistence
  Creates Session Manager registry key to run executable early in system boot.
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Modifies WinLogon
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/AccessControl.dll
- Size
  
  8KB
- MD5
  
  65d017ba65785b43720de6c9979a2e8c
- SHA1
  
  0aed2846e1b338077bae5a7f756c345a5c90d8a9
- SHA256
  
  ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac
- SHA512
  
  31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95
- SSDEEP
  
  96:18YNfTAJj9KMMVSyPg8uxZAQ/zdVJF/mSsQwV6i8zRRxqBt/FZTIVe7/cIH8ykeO:1XwKMMfPuxJ/zb+b6fR+bZEwywQ9
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/DcryptDll.dll
- Size
  
  156KB
- MD5
  
  4c373143ee342a75b469e0748049cd24
- SHA1
  
  d4e0e5155e78b99ec9459136acece2364bc2e935
- SHA256
  
  b4b5772a893e56aa5382aa3f0fef7837fa471e3b3e46db70b8bc702f2037e589
- SHA512
  
  569f92c3ff9a6e105cf9b3806d8b696442a5679dfa5d7c9362b0649a67cbea2478ca28a5da6c3bd0edacdb634509d8584c6959a4cc13c38d596458f372832f61
- SSDEEP
  
  3072:etvFO3r5Unb7FQwdkb6ckt+bBwmhqKUuWxvt+9/dh:etvAtUn3ewWc+
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/ExecDos.dll
- Size
  
  5KB
- MD5
  
  0deb397ca1e716bb7b15e1754e52b2ac
- SHA1
  
  fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5
- SHA256
  
  720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f
- SHA512
  
  507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7
- SSDEEP
  
  96:J++xDiP4p7t7dNOt3stxtRFFXxGD6qxlnKE6ttdH3r3:Rx9pJ7jQs5toD6Cln/6tt1
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/IpConfig.dll
- Size
  
  118KB
- MD5
  
  a75e3775daac9958610ce1308e0bca3b
- SHA1
  
  d83ce354cde527c2e20fb425415f6d4795dd4cd4
- SHA256
  
  fe2093ff4bfa1d7259c922aca1e7bb219c4d234e469942446d9e2f8086b7d720
- SHA512
  
  48168a91ec90df262b1e158f32b4bc2a6d6ce10022eb96d4a6f3c755b977e5c104558626adaa214bda29d7f1d246f19e2df59b9a338982aa1c623e1bdd5714c6
- SSDEEP
  
  3072:oa/4Ftm9rSlia00FW96LOsWNQmtQ9WVx95+tTIJ:t/4S9raiae8DSDtQ9W3utEJ
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/LogEx.dll
- Size
  
  44KB
- MD5
  
  0f96d9eb959ad4e8fd205e6d58cf01b8
- SHA1
  
  7c45512cbdb24216afd23a9e8cdce0cfeaa7660f
- SHA256
  
  57ede354532937e38c4ae9da3710ee295705ea9770c402dfb3a5c56a32fd4314
- SHA512
  
  9f3afb61d75ac7b7dc84abcbf1b04f759b7055992d46140dc5dcc269aed22268d044ee8030f5ea260bbb912774e5bbb751560c16e54efa99c700b9fc7d48832c
- SSDEEP
  
  384:w4NSXFjXCATBAQR4F1Y5u6I3wa4W7KNP66BjLjyXB0JyuDchv8EnohgSil2X:woaF+ATCQye/I3KWmxj00Jyb8Enov
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/ProtectorUpdater.exe
- Size
  
  371KB
- MD5
  
  7aa7e8423194f3edf6d1d82ade82acb3
- SHA1
  
  a4ca6d67fc43dd742e87b4c82237cdc8b1bb22d9
- SHA256
  
  1ba53128ef67d7e355b2e44c90c4bfe3dddff4546ad4e9c75e249d4850250361
- SHA512
  
  e5fc8a1b515f41f60810ec12f5e36263c889c60b06c6b94450eec910a32ba91fba74bd757d54966d657d37a5ca3c5e9bb23f58f3de4255c276e046b6f1be28bb
- SSDEEP
  
  6144:W50gUCBmByEhoO3RMMJOq2hQ8E9QcwtzH+gTBxnlimMb8GVNVOaj7g0EgVZ+p8VI:I0g9mg67h7JO9E9YzewxnlelOq8s+p86
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/AccessControl.dll
- Size
  
  8KB
- MD5
  
  65d017ba65785b43720de6c9979a2e8c
- SHA1
  
  0aed2846e1b338077bae5a7f756c345a5c90d8a9
- SHA256
  
  ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac
- SHA512
  
  31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95
- SSDEEP
  
  96:18YNfTAJj9KMMVSyPg8uxZAQ/zdVJF/mSsQwV6i8zRRxqBt/FZTIVe7/cIH8ykeO:1XwKMMfPuxJ/zb+b6fR+bZEwywQ9
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/ExecDos.dll
- Size
  
  5KB
- MD5
  
  0deb397ca1e716bb7b15e1754e52b2ac
- SHA1
  
  fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5
- SHA256
  
  720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f
- SHA512
  
  507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7
- SSDEEP
  
  96:J++xDiP4p7t7dNOt3stxtRFFXxGD6qxlnKE6ttdH3r3:Rx9pJ7jQs5toD6Cln/6tt1
Score

3^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/IpConfig.dll
- Size
  
  118KB
- MD5
  
  a75e3775daac9958610ce1308e0bca3b
- SHA1
  
  d83ce354cde527c2e20fb425415f6d4795dd4cd4
- SHA256
  
  fe2093ff4bfa1d7259c922aca1e7bb219c4d234e469942446d9e2f8086b7d720
- SHA512
  
  48168a91ec90df262b1e158f32b4bc2a6d6ce10022eb96d4a6f3c755b977e5c104558626adaa214bda29d7f1d246f19e2df59b9a338982aa1c623e1bdd5714c6
- SSDEEP
  
  3072:oa/4Ftm9rSlia00FW96LOsWNQmtQ9WVx95+tTIJ:t/4S9raiae8DSDtQ9W3utEJ
Score

3^/10
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/LogEx.dll
- Size
  
  44KB
- MD5
  
  0f96d9eb959ad4e8fd205e6d58cf01b8
- SHA1
  
  7c45512cbdb24216afd23a9e8cdce0cfeaa7660f
- SHA256
  
  57ede354532937e38c4ae9da3710ee295705ea9770c402dfb3a5c56a32fd4314
- SHA512
  
  9f3afb61d75ac7b7dc84abcbf1b04f759b7055992d46140dc5dcc269aed22268d044ee8030f5ea260bbb912774e5bbb751560c16e54efa99c700b9fc7d48832c
- SSDEEP
  
  384:w4NSXFjXCATBAQR4F1Y5u6I3wa4W7KNP66BjLjyXB0JyuDchv8EnohgSil2X:woaF+ATCQye/I3KWmxj00Jyb8Enov
Score

3^/10
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  bf712f32249029466fa86756f5546950
- SHA1
  
  75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
- SHA256
  
  7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
- SHA512
  
  13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
- SSDEEP
  
  192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/
Score

3^/10
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  c7ce0e47c83525983fd2c4c9566b4aad
- SHA1
  
  38b7ad7bb32ffae35540fce373b8a671878dc54e
- SHA256
  
  6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae
- SHA512
  
  ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e
Score

3^/10
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/WmiInspector.dll
- Size
  
  78KB
- MD5
  
  b757cd400e19c6722e721e27a6db1cfd
- SHA1
  
  2e07f3a7b036c3c263049af483721f88ecdb2c53
- SHA256
  
  26c8981d7e3cd8093c40bb7da0c045e89f6dfc1a0888efaac9e22a555d763142
- SHA512
  
  9e4675f380d7b79ac0c2f59c8b38663710798f8ee19233aabbd9f5ba81b74901c4f7c0e3d982ccca640ca240b631f889daad27160d3456ed7bb66ffe68e29e72
- SSDEEP
  
  1536:0o0RUqYnecKBiygONayX2PYnyBN1yksAPvTbhKJB:0/LZiCwyCVPnhM
Score

3^/10
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  31KB
- MD5
  
  5da9df435ff20853a2c45026e7681cef
- SHA1
  
  39b1d70a7a03e7c791cb21a53d82fd949706a4b4
- SHA256
  
  9c52c74b8e115db0bde90f56382ebcc12aff05eb2232f80a4701e957e09635e2
- SHA512
  
  4ab3b1572485a8a11863adada2c6ec01e809a4b09f99d80903c79a95b91f299b8f2cd6cceaa915567e155a46291a33fb8ccb95141d76d4e7b0e040890d51d09f
- SSDEEP
  
  768:FRci+9MscTJMR2+d8heiwhSruaFajMGbJDVVG08:Fg9sTJv+AVwhl25ci
Score

3^/10
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/md5dll.dll
- Size
  
  6KB
- MD5
  
  7059f133ea2316b9e7e39094a52a8c34
- SHA1
  
  ee9f1487c8152d8c42fecf2efb8ed1db68395802
- SHA256
  
  32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f
- SHA512
  
  9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51
- SSDEEP
  
  96:5mArJv6F3TqDmgK4ghEin1US36eHQZDUDgGogZcko5Nt4AMP:5XJ63LhR6inZ6dsgZkKQT
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral31 behavioral32