Overview
overview
8Static
static
7ReimagePackage.exe
windows7-x64
8ReimagePackage.exe
windows10-2004-x64
7$PLUGINSDI...ol.dll
windows7-x64
7$PLUGINSDI...ol.dll
windows10-2004-x64
7$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
3$PLUGINSDI...ig.dll
windows7-x64
3$PLUGINSDI...ig.dll
windows10-2004-x64
3$PLUGINSDIR/LogEx.dll
windows7-x64
3$PLUGINSDIR/LogEx.dll
windows10-2004-x64
3$PLUGINSDI...er.exe
windows7-x64
3$PLUGINSDI...er.exe
windows10-2004-x64
3$PLUGINSDI...ol.dll
windows7-x64
7$PLUGINSDI...ol.dll
windows10-2004-x64
7$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
3$PLUGINSDI...ig.dll
windows7-x64
3$PLUGINSDI...ig.dll
windows10-2004-x64
3$PLUGINSDIR/LogEx.dll
windows7-x64
3$PLUGINSDIR/LogEx.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...or.dll
windows7-x64
3$PLUGINSDI...or.dll
windows10-2004-x64
3$PLUGINSDIR/inetc.dll
windows7-x64
3$PLUGINSDIR/inetc.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
7$PLUGINSDI...ll.dll
windows10-2004-x64
7General
-
Target
ReimagePackage.exe
-
Size
12.3MB
-
Sample
240418-qbhaaaea73
-
MD5
0cf8715cbdee01676d24f4f78c7b431f
-
SHA1
74989063fd05ffb28d0d705c583c2c6b1e9aef99
-
SHA256
4de22f65551da53a761b1e9049abfcfdeddb4f36dfd50503f4ac45a0e4f972a4
-
SHA512
248e107e97b2c1c1172abcadffee1497fbf8f75a0b343d983cf13410c2c74c6a7bd23f5d5ece32e76b2521b0a1543f4f6b62a4e8e407ba27ce722e2290976327
-
SSDEEP
196608:pSjaAQ7Z8aVC/xE4hVS930UqN2FItiZESkM8ZCLfsFrrdTM4nGgAU1Q+osH:oOAQaBvWq0QiZH18ZaIr2qG/sH
Behavioral task
behavioral1
Sample
ReimagePackage.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ReimagePackage.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/AccessControl.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/AccessControl.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/DcryptDll.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/DcryptDll.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/ExecDos.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/ExecDos.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/IpConfig.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/IpConfig.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/LogEx.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/LogEx.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/ProtectorUpdater.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/ProtectorUpdater.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/AccessControl.dll
Resource
win7-20240220-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/AccessControl.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/ExecDos.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/ExecDos.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/IpConfig.dll
Resource
win7-20240319-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/IpConfig.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/LogEx.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/LogEx.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/WmiInspector.dll
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/WmiInspector.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/inetc.dll
Resource
win7-20240215-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/inetc.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/md5dll.dll
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/md5dll.dll
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
ReimagePackage.exe
-
Size
12.3MB
-
MD5
0cf8715cbdee01676d24f4f78c7b431f
-
SHA1
74989063fd05ffb28d0d705c583c2c6b1e9aef99
-
SHA256
4de22f65551da53a761b1e9049abfcfdeddb4f36dfd50503f4ac45a0e4f972a4
-
SHA512
248e107e97b2c1c1172abcadffee1497fbf8f75a0b343d983cf13410c2c74c6a7bd23f5d5ece32e76b2521b0a1543f4f6b62a4e8e407ba27ce722e2290976327
-
SSDEEP
196608:pSjaAQ7Z8aVC/xE4hVS930UqN2FItiZESkM8ZCLfsFrrdTM4nGgAU1Q+osH:oOAQaBvWq0QiZH18ZaIr2qG/sH
Score8/10-
Uses Session Manager for persistence
Creates Session Manager registry key to run executable early in system boot.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Adds Run key to start application
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Modifies WinLogon
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/AccessControl.dll
-
Size
8KB
-
MD5
65d017ba65785b43720de6c9979a2e8c
-
SHA1
0aed2846e1b338077bae5a7f756c345a5c90d8a9
-
SHA256
ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac
-
SHA512
31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95
-
SSDEEP
96:18YNfTAJj9KMMVSyPg8uxZAQ/zdVJF/mSsQwV6i8zRRxqBt/FZTIVe7/cIH8ykeO:1XwKMMfPuxJ/zb+b6fR+bZEwywQ9
Score7/10 -
-
-
Target
$PLUGINSDIR/DcryptDll.dll
-
Size
156KB
-
MD5
4c373143ee342a75b469e0748049cd24
-
SHA1
d4e0e5155e78b99ec9459136acece2364bc2e935
-
SHA256
b4b5772a893e56aa5382aa3f0fef7837fa471e3b3e46db70b8bc702f2037e589
-
SHA512
569f92c3ff9a6e105cf9b3806d8b696442a5679dfa5d7c9362b0649a67cbea2478ca28a5da6c3bd0edacdb634509d8584c6959a4cc13c38d596458f372832f61
-
SSDEEP
3072:etvFO3r5Unb7FQwdkb6ckt+bBwmhqKUuWxvt+9/dh:etvAtUn3ewWc+
Score3/10 -
-
-
Target
$PLUGINSDIR/ExecDos.dll
-
Size
5KB
-
MD5
0deb397ca1e716bb7b15e1754e52b2ac
-
SHA1
fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5
-
SHA256
720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f
-
SHA512
507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7
-
SSDEEP
96:J++xDiP4p7t7dNOt3stxtRFFXxGD6qxlnKE6ttdH3r3:Rx9pJ7jQs5toD6Cln/6tt1
Score3/10 -
-
-
Target
$PLUGINSDIR/IpConfig.dll
-
Size
118KB
-
MD5
a75e3775daac9958610ce1308e0bca3b
-
SHA1
d83ce354cde527c2e20fb425415f6d4795dd4cd4
-
SHA256
fe2093ff4bfa1d7259c922aca1e7bb219c4d234e469942446d9e2f8086b7d720
-
SHA512
48168a91ec90df262b1e158f32b4bc2a6d6ce10022eb96d4a6f3c755b977e5c104558626adaa214bda29d7f1d246f19e2df59b9a338982aa1c623e1bdd5714c6
-
SSDEEP
3072:oa/4Ftm9rSlia00FW96LOsWNQmtQ9WVx95+tTIJ:t/4S9raiae8DSDtQ9W3utEJ
Score3/10 -
-
-
Target
$PLUGINSDIR/LogEx.dll
-
Size
44KB
-
MD5
0f96d9eb959ad4e8fd205e6d58cf01b8
-
SHA1
7c45512cbdb24216afd23a9e8cdce0cfeaa7660f
-
SHA256
57ede354532937e38c4ae9da3710ee295705ea9770c402dfb3a5c56a32fd4314
-
SHA512
9f3afb61d75ac7b7dc84abcbf1b04f759b7055992d46140dc5dcc269aed22268d044ee8030f5ea260bbb912774e5bbb751560c16e54efa99c700b9fc7d48832c
-
SSDEEP
384:w4NSXFjXCATBAQR4F1Y5u6I3wa4W7KNP66BjLjyXB0JyuDchv8EnohgSil2X:woaF+ATCQye/I3KWmxj00Jyb8Enov
Score3/10 -
-
-
Target
$PLUGINSDIR/ProtectorUpdater.exe
-
Size
371KB
-
MD5
7aa7e8423194f3edf6d1d82ade82acb3
-
SHA1
a4ca6d67fc43dd742e87b4c82237cdc8b1bb22d9
-
SHA256
1ba53128ef67d7e355b2e44c90c4bfe3dddff4546ad4e9c75e249d4850250361
-
SHA512
e5fc8a1b515f41f60810ec12f5e36263c889c60b06c6b94450eec910a32ba91fba74bd757d54966d657d37a5ca3c5e9bb23f58f3de4255c276e046b6f1be28bb
-
SSDEEP
6144:W50gUCBmByEhoO3RMMJOq2hQ8E9QcwtzH+gTBxnlimMb8GVNVOaj7g0EgVZ+p8VI:I0g9mg67h7JO9E9YzewxnlelOq8s+p86
Score3/10 -
-
-
Target
$PLUGINSDIR/AccessControl.dll
-
Size
8KB
-
MD5
65d017ba65785b43720de6c9979a2e8c
-
SHA1
0aed2846e1b338077bae5a7f756c345a5c90d8a9
-
SHA256
ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac
-
SHA512
31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95
-
SSDEEP
96:18YNfTAJj9KMMVSyPg8uxZAQ/zdVJF/mSsQwV6i8zRRxqBt/FZTIVe7/cIH8ykeO:1XwKMMfPuxJ/zb+b6fR+bZEwywQ9
Score7/10 -
-
-
Target
$PLUGINSDIR/ExecDos.dll
-
Size
5KB
-
MD5
0deb397ca1e716bb7b15e1754e52b2ac
-
SHA1
fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5
-
SHA256
720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f
-
SHA512
507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7
-
SSDEEP
96:J++xDiP4p7t7dNOt3stxtRFFXxGD6qxlnKE6ttdH3r3:Rx9pJ7jQs5toD6Cln/6tt1
Score3/10 -
-
-
Target
$PLUGINSDIR/IpConfig.dll
-
Size
118KB
-
MD5
a75e3775daac9958610ce1308e0bca3b
-
SHA1
d83ce354cde527c2e20fb425415f6d4795dd4cd4
-
SHA256
fe2093ff4bfa1d7259c922aca1e7bb219c4d234e469942446d9e2f8086b7d720
-
SHA512
48168a91ec90df262b1e158f32b4bc2a6d6ce10022eb96d4a6f3c755b977e5c104558626adaa214bda29d7f1d246f19e2df59b9a338982aa1c623e1bdd5714c6
-
SSDEEP
3072:oa/4Ftm9rSlia00FW96LOsWNQmtQ9WVx95+tTIJ:t/4S9raiae8DSDtQ9W3utEJ
Score3/10 -
-
-
Target
$PLUGINSDIR/LogEx.dll
-
Size
44KB
-
MD5
0f96d9eb959ad4e8fd205e6d58cf01b8
-
SHA1
7c45512cbdb24216afd23a9e8cdce0cfeaa7660f
-
SHA256
57ede354532937e38c4ae9da3710ee295705ea9770c402dfb3a5c56a32fd4314
-
SHA512
9f3afb61d75ac7b7dc84abcbf1b04f759b7055992d46140dc5dcc269aed22268d044ee8030f5ea260bbb912774e5bbb751560c16e54efa99c700b9fc7d48832c
-
SSDEEP
384:w4NSXFjXCATBAQR4F1Y5u6I3wa4W7KNP66BjLjyXB0JyuDchv8EnohgSil2X:woaF+ATCQye/I3KWmxj00Jyb8Enov
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
bf712f32249029466fa86756f5546950
-
SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
-
SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
-
SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
-
SSDEEP
192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/
Score3/10 -
-
-
Target
$PLUGINSDIR/UserInfo.dll
-
Size
4KB
-
MD5
c7ce0e47c83525983fd2c4c9566b4aad
-
SHA1
38b7ad7bb32ffae35540fce373b8a671878dc54e
-
SHA256
6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae
-
SHA512
ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e
Score3/10 -
-
-
Target
$PLUGINSDIR/WmiInspector.dll
-
Size
78KB
-
MD5
b757cd400e19c6722e721e27a6db1cfd
-
SHA1
2e07f3a7b036c3c263049af483721f88ecdb2c53
-
SHA256
26c8981d7e3cd8093c40bb7da0c045e89f6dfc1a0888efaac9e22a555d763142
-
SHA512
9e4675f380d7b79ac0c2f59c8b38663710798f8ee19233aabbd9f5ba81b74901c4f7c0e3d982ccca640ca240b631f889daad27160d3456ed7bb66ffe68e29e72
-
SSDEEP
1536:0o0RUqYnecKBiygONayX2PYnyBN1yksAPvTbhKJB:0/LZiCwyCVPnhM
Score3/10 -
-
-
Target
$PLUGINSDIR/inetc.dll
-
Size
31KB
-
MD5
5da9df435ff20853a2c45026e7681cef
-
SHA1
39b1d70a7a03e7c791cb21a53d82fd949706a4b4
-
SHA256
9c52c74b8e115db0bde90f56382ebcc12aff05eb2232f80a4701e957e09635e2
-
SHA512
4ab3b1572485a8a11863adada2c6ec01e809a4b09f99d80903c79a95b91f299b8f2cd6cceaa915567e155a46291a33fb8ccb95141d76d4e7b0e040890d51d09f
-
SSDEEP
768:FRci+9MscTJMR2+d8heiwhSruaFajMGbJDVVG08:Fg9sTJv+AVwhl25ci
Score3/10 -
-
-
Target
$PLUGINSDIR/md5dll.dll
-
Size
6KB
-
MD5
7059f133ea2316b9e7e39094a52a8c34
-
SHA1
ee9f1487c8152d8c42fecf2efb8ed1db68395802
-
SHA256
32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f
-
SHA512
9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51
-
SSDEEP
96:5mArJv6F3TqDmgK4ghEin1US36eHQZDUDgGogZcko5Nt4AMP:5XJ63LhR6inZ6dsgZkKQT
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
3Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
3Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Defense Evasion
Modify Registry
6Subvert Trust Controls
1Install Root Certificate
1