9b587f0574d013ada38f6973195e0ebcb1889952370dd3396e9f89e3622ff81a

Sharing

Copy URL

Twitter E-mail

General

Target

9b587f0574d013ada38f6973195e0ebcb1889952370dd3396e9f89e3622ff81a.exe
Size

39.8MB
Sample

240422-b5kj6seb3w
MD5

8d5ed34215ddaf7c09b15a3c137677b8
SHA1

f9c8dc1eb47dcce7c9fa8c5c2c41bec58b88dd18
SHA256

9b587f0574d013ada38f6973195e0ebcb1889952370dd3396e9f89e3622ff81a
SHA512

6d7a1a480bf1b02cce154493e02ebed0c6e60a58830096e811262a0f8000537e579acb16bd150a060de1a6a1ad346df3d590706d1e592dc04521fec334ba149e
SSDEEP

786432:AkwEspy2XycvakaqBGlWOP0MG85oXglyO4+xI4EJtL5J1EPeMy3+QszDSS:AzEspXycWqBS8H8LlyO4+xI48tUY+Q+

Score

10^/10

Malware Config

Targets

- Target
  
  9b587f0574d013ada38f6973195e0ebcb1889952370dd3396e9f89e3622ff81a.exe
- Size
  
  39.8MB
- MD5
  
  8d5ed34215ddaf7c09b15a3c137677b8
- SHA1
  
  f9c8dc1eb47dcce7c9fa8c5c2c41bec58b88dd18
- SHA256
  
  9b587f0574d013ada38f6973195e0ebcb1889952370dd3396e9f89e3622ff81a
- SHA512
  
  6d7a1a480bf1b02cce154493e02ebed0c6e60a58830096e811262a0f8000537e579acb16bd150a060de1a6a1ad346df3d590706d1e592dc04521fec334ba149e
- SSDEEP
  
  786432:AkwEspy2XycvakaqBGlWOP0MG85oXglyO4+xI4EJtL5J1EPeMy3+QszDSS:AzEspXycWqBS8H8LlyO4+xI48tUY+Q+
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  2a03c4a7ac5ee5e0e0a683949f70971b
- SHA1
  
  3bd9877caaea4804c0400420494ad1143179dcec
- SHA256
  
  d4f0042d8e7622b7e14395e926dd02edab3cdc77e82d88108b67a4d2cee9229b
- SHA512
  
  1942cdb522859f8dba46824786e361794a62e6201279201e1e0e2e07499fb6252933c5661782fccd77291c3650cafb2a7a08eee5431c8238f0da44840ee4c476
- SSDEEP
  
  192:y4n3T5aK+dHCMR1aQR9RuZl3WWmU7WYZsw1JpVGnrjdK72dwF7dBOne:Tn3T5KdHCMRD/R1cOnrjd+BO
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  ebd0da54db9f12ffd15206cc24355793
- SHA1
  
  910be3bebdde55eb1ce05915a79f01ebdc622786
- SHA256
  
  4066a0cbd9f6bb13c0f6fb064d4647ef7bc68a1be3d0caa4460b5ffd9ed1e0e6
- SHA512
  
  cee09db96267b1a30477ff074988606bdf35f9a5aa798a9a10029b11c0c347ab42a124320d777acde458828954cc8cf1a489b1673b31d589cdc4f50d4b86659d
- SSDEEP
  
  48:im1wsjq8W2MPUptuMMFvx/om/ycNSCwVGfOY0vB6/JvR0J9of5d2D:F18Bl91Z7/ycNSCwV8TLZR0ed2
Score

3^/10
behavioral5 behavioral6
- Target
  
  7z/7z.dll
- Size
  
  709KB
- MD5
  
  ca41d56630191e61565a343c59695ca1
- SHA1
  
  774584ff54b38da5d3b3ee02e30908dacab175c5
- SHA256
  
  6c80e3f49fcf561e6a0b52f9b4c81d1d07b22085f7864ee4cfd30dd10f6b3b12
- SHA512
  
  7f2eb8f773951c5b682b208807235bf4d7d937ece3d9d5c30d17abeb8f74e0be016140e74c64f9d38440269784308ed53c9c76dce6850afa1c7f9cb701229fe1
- SSDEEP
  
  12288:ICR0sfbz8QwSOh+PBFayDTAZju0sBdZ7ATm8zI:I9GX8JSOM5FayDTAZa0GdZ7G9E
Score

1^/10
behavioral7 behavioral8
- Target
  
  7z/7z.exe
- Size
  
  939KB
- MD5
  
  cf1e7d1eb1f66473d69bcfcac5bdf6b6
- SHA1
  
  354d97a5e50695788b299f261559f60d21a6a3ba
- SHA256
  
  59f9e2081dcadf6a476c4297fcf696a547812583bf9b18c2aaf374f74b4e24e9
- SHA512
  
  1fc751fd42b954df9099cd3f46d1d4f7703c74c27619c2cc84f9ef3074a09c2eed23efc6a990f311494b3cabcf286d296d1433336570130121d458fbff328c62
- SSDEEP
  
  12288:m8ar2RIEnTNZfZ9IT5ouKVJLdgs5tFYUPhQoTZGFJLjkTzn:fa6TjfoZK7LbvFGo8
Score

1^/10
behavioral10 behavioral9
- Target
  
  CalcHashAB.dll
- Size
  
  1.2MB
- MD5
  
  36d95e64daf220f2800c72f066965b5f
- SHA1
  
  43a4133cfdcc8ca7fd26ffe3ea7cc671aa785e41
- SHA256
  
  09e96ac3583d6cd5655469fa55ae67fde7b09ca53385df678e3c80338ecf1f0d
- SHA512
  
  6706d2216bad44dc2785091ad044dedd2b0ab2f3bc47196da4bde85c833626900f0c8dbf45c87bdc53c99e3fa97bb7b6e93a7b7a8bb72e51aec540f8fd071605
- SSDEEP
  
  24576:6Ro7AfCUuKsOMmSxpeH6FzhjnQf9XPCRm:DAaULKxoH6FzhjnQ4Rm
Score

3^/10
behavioral11 behavioral12
- Target
  
  Extxml2.dll
- Size
  
  969KB
- MD5
  
  cbede0a49363568f52fbce7161ab9467
- SHA1
  
  f9fc6f3a94e7a696ae44d30c12999a21a53e88da
- SHA256
  
  4e14fbd32f6a3825afec68d60e834e02fa6adb10ced3f777edad26710a51f463
- SHA512
  
  75375601e9755a7828e5771ad79d3c74612ef4379fd9b7f7b47cb6b2f0ccddb43fc2ccb97b9b14920b3af245947bf15b1a32eef3c3722e95cb357c5a37bd0ae4
- SSDEEP
  
  24576:2LcKcC0rO2s6c0k0/BMeJywAqiyOJUMEX:CMncDZQizSX
Score

3^/10
behavioral13 behavioral14
- Target
  
  FatOperate.dll
- Size
  
  129KB
- MD5
  
  66df78ec2a9cd51adcd2771d59086645
- SHA1
  
  fc71cfb7701c4f85081f1f016de2749165ad4e6c
- SHA256
  
  cf2af9307b8042283e7f69a6126dffed6138957c5e3a237ceaf9cdd63fb94c84
- SHA512
  
  dfecd8cb84d6ab6ed25b2f88b7daea53e9a8515568836f9fb8fe28f8468d17fbf81757399b5a362c94de79f706b00c05052b3cb93d8c72c1defafa0ae05b8d5c
- SSDEEP
  
  1536:STg8mPw8d4SLbmRPt4Ntxn4tBTjzHS9rck5QyuIoaGsS5yBO:SU82gkbjLprzuIoaGsSoBO
Score

3^/10
behavioral15 behavioral16
- Target
  
  FileHash.dll
- Size
  
  531KB
- MD5
  
  2480394be8834caedf2040b240d225ea
- SHA1
  
  a5d4c485acf74a591a5e1d41e8f18e4b693f8db1
- SHA256
  
  ad0b9e5bf3feb17f41828323061472510ff726e4989ec7d547e4e91a7cf3fa4b
- SHA512
  
  00182d306fe8feeaacbc7c2dcbcce81dac3e518c2be77c4cef780bea31c133877fde6544124a2bb993c9865115b6034c2ba9ad037e57e46c47b22d310443dc8a
- SSDEEP
  
  6144:Or0P4W0zK8sKD2GbjEQ3ypNmUcTyMQ1biaA1+vlXhzYvbQRUncK4aPVLxS4PYbY:CvmhobjEQ4NmIV1uP1izQZfBCY
Score

3^/10
behavioral17 behavioral18
- Target
  
  Initialize.dll
- Size
  
  146KB
- MD5
  
  53c0ecfc683dca385a9b2b45030a22c4
- SHA1
  
  71412c5aabfb6301eb24189268ad75865807711e
- SHA256
  
  c0fdcec60052f0b7007c6b02c98e55ac8cb338d015620b11c4f11a8b682f2080
- SHA512
  
  500e32a9651516f6004d39774b58476db87ebeaba7574e6ed725b492aa0836c22c4f66dcc6a53a580b06159c88779902a9edf19f9d383706dcf29a86c393e8b7
- SSDEEP
  
  3072:X1pLEMzM8zaEa0ao5C2BSK/dzmZLPWVSIrIOl4kyoVe2uBpZqNBd:RBa10H5C2BS6daZqrIO3veNc1
Score

6^/10

bootkit persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral19 behavioral20
- Target
  
  LibSearchFileName.dll
- Size
  
  53KB
- MD5
  
  38bc4e2efb6e6391ca2d2e6d4af09592
- SHA1
  
  ebea8ddf0c85224880ad3e286c1856f09358e151
- SHA256
  
  10baf02d6695479b5975578e87d205ab676e9108d1d138ff0b6edd50a55cacc1
- SHA512
  
  bfeaa3daf949fbc9a528643aea1748e7fcadbc5efb140f0169da69203d65b3645a672ae6a515f04d0f0c54f09e0c386ccca6991fdc9553c0b18574b8016e80e1
- SSDEEP
  
  768:AttOSW6gvM3QYvPCyyWoXyDw3mF4Y2yEFQhx0S+3/A8PZc:ALOJwPSyBK2F4pOx+3/RBc
Score

1^/10
behavioral21 behavioral22
- Target
  
  NamePipe.dll
- Size
  
  126KB
- MD5
  
  23de9e0a3d808a4aaba0cc45aa948d67
- SHA1
  
  3f43b3fa775beec533a7b8f672952848912e0ef3
- SHA256
  
  50346f93cfcc3e43697d18fa589d851cd0336c2a8cc014727fc8b180b8e817b0
- SHA512
  
  76469d29aea9e803d5c7e345d59ab3549dcc7f3dc0720bf8eaaf66a2caf805ce33d75609908ee90f2fb493a021d83942c49263a6880e93ae7c2910b61ead3e32
- SSDEEP
  
  3072:mc6acIfAGCPsvU5mj1Ef8jUZlVmgwfkBC:mHIfAGIjnf8yagwfl
Score

3^/10
behavioral23 behavioral24
- Target
  
  NtfsOperate.dll
- Size
  
  142KB
- MD5
  
  e6d5742291a6352b9bbbaeae21a78837
- SHA1
  
  b8e6485ae24bcfa700bd463bcc05c3ecdd044b6b
- SHA256
  
  6c0d6233d8c0074a5084e8d12148e90c72cbb8c0bbef917067e9f2547fc9c83d
- SHA512
  
  999a6192cfe940c568202594eed64e636190c15c86e38ca97f541907c790492516beb8b33ec9851d62802cfc71d1c06ed04f7fb8dbc7876e3d828afeb04f1157
- SSDEEP
  
  3072:mtQul439NZiYd88+HS7SPlSUmoB7pInBGhBi:mtQul+NZiY97SPlT1iGG
Score

1^/10
behavioral25 behavioral26
- Target
  
  RecoveryPhoto.dll
- Size
  
  499KB
- MD5
  
  b0fffb87a1bd99e577a641b8fff9bfa3
- SHA1
  
  1617564505eeffca9bbcc65e957bef8b17211f11
- SHA256
  
  6da7333d333a1b9ce3edc3856ccca77909319eb90ce6e69f36a2a62d409e2dd6
- SHA512
  
  463f773a1cf380c5c37b2ade2912ae20483cb26f974d7bfb6b54938117356c83f3fba717e05117a31f2ec19d7b4ea872d9f9ac82809aa2354e479f78ac7d4e76
- SSDEEP
  
  12288:L6Kv0ihp+FDgzWxr8UfbHBLEOrKiEhv7evvpJII/Zq:phhp4DgCOH0vvpJQ
Score

3^/10
behavioral27 behavioral28
- Target
  
  SaveOperate.dll
- Size
  
  89KB
- MD5
  
  7f7b0c785097a0587e2986c032148cd7
- SHA1
  
  bf5d768072ed0ab5e874e0115b4e1701e5ed9871
- SHA256
  
  c14060e1cc122a426007589dd7acb6dd447403132b6995efaa2acb0dba18e5c1
- SHA512
  
  e857ba68ae4e6dad1ce1be880ed38de51ed481c0882423a9c6b5c5f00f4ce89a7deb733398b01cc3b22a559e831414baf951f38c3594c7e170b5c8aa2bd01124
- SSDEEP
  
  768:kXc8P4o00m+CusjIlenL3iVay4lJLIhTozIo37PNW1zuageMU4p2FIvSR6uE6RMe:Uci4N+COK2Vah+ToqqFL6RWovnFkKBt
Score

1^/10
behavioral29 behavioral30
- Target
  
  SoftwareLog.dll
- Size
  
  525KB
- MD5
  
  23fb08bcdaea9e5086ec25cdc43d8b65
- SHA1
  
  968916355d268a8e1c21a68f297ac163a0213741
- SHA256
  
  946fb969e3bc4eb46c2602c0a7ab16ea11f480a34f89a09ad16984379ed4bb13
- SHA512
  
  bfd692f1fffb71b27c907b881dfad0bdd4a1222cb8fbf45be73d085176b925c712947584ccfd7d72e4d40d09ebf11dc92bc6e19d9f26186ff50b2aeb7fdfce6d
- SSDEEP
  
  6144:ySyOKYyPDaiLRvrww2KQaDKgqhk1sGYs/05QGbaLq0FEHoAld0hqV:ZKrbNvcw2uDK5k1sJs0QI5TIe
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Enumerates connected drives

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32