4823257b6e91618705a5f1459308365cd3392d2a5e9164e0318a5eee7173d717

Sharing

Copy URL

Twitter E-mail

General

Target

4823257b6e91618705a5f1459308365cd3392d2a5e9164e0318a5eee7173d717.exe
Size

12.2MB
Sample

240422-bng3qade43
MD5

e426d3a221efae78fe3d82ce2175962d
SHA1

a808e727601fae49f6646461c9409e9236f9f6bd
SHA256

4823257b6e91618705a5f1459308365cd3392d2a5e9164e0318a5eee7173d717
SHA512

38af105b6d21957c79011abb6753ac180cc69cfcb9b336e917e8247493d251c567a98c5ede05102981b9935deef4de89ac363027bf70145b3eb3a8abe477cd15
SSDEEP

196608:OwZ6k5h5gRIz8KHZTuxIBTANp6GuYEFQT3Xhp+fLC/GffQtli1rOL5oFk2:bth5gmNVuWAp6GwFQTBp+VItA1rlFl

Score

10^/10

Malware Config

Targets

- Target
  
  4823257b6e91618705a5f1459308365cd3392d2a5e9164e0318a5eee7173d717.exe
- Size
  
  12.2MB
- MD5
  
  e426d3a221efae78fe3d82ce2175962d
- SHA1
  
  a808e727601fae49f6646461c9409e9236f9f6bd
- SHA256
  
  4823257b6e91618705a5f1459308365cd3392d2a5e9164e0318a5eee7173d717
- SHA512
  
  38af105b6d21957c79011abb6753ac180cc69cfcb9b336e917e8247493d251c567a98c5ede05102981b9935deef4de89ac363027bf70145b3eb3a8abe477cd15
- SSDEEP
  
  196608:OwZ6k5h5gRIz8KHZTuxIBTANp6GuYEFQT3Xhp+fLC/GffQtli1rOL5oFk2:bth5gmNVuWAp6GwFQTBp+VItA1rlFl
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  2a03c4a7ac5ee5e0e0a683949f70971b
- SHA1
  
  3bd9877caaea4804c0400420494ad1143179dcec
- SHA256
  
  d4f0042d8e7622b7e14395e926dd02edab3cdc77e82d88108b67a4d2cee9229b
- SHA512
  
  1942cdb522859f8dba46824786e361794a62e6201279201e1e0e2e07499fb6252933c5661782fccd77291c3650cafb2a7a08eee5431c8238f0da44840ee4c476
- SSDEEP
  
  192:y4n3T5aK+dHCMR1aQR9RuZl3WWmU7WYZsw1JpVGnrjdK72dwF7dBOne:Tn3T5KdHCMRD/R1cOnrjd+BO
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  ebd0da54db9f12ffd15206cc24355793
- SHA1
  
  910be3bebdde55eb1ce05915a79f01ebdc622786
- SHA256
  
  4066a0cbd9f6bb13c0f6fb064d4647ef7bc68a1be3d0caa4460b5ffd9ed1e0e6
- SHA512
  
  cee09db96267b1a30477ff074988606bdf35f9a5aa798a9a10029b11c0c347ab42a124320d777acde458828954cc8cf1a489b1673b31d589cdc4f50d4b86659d
- SSDEEP
  
  48:im1wsjq8W2MPUptuMMFvx/om/ycNSCwVGfOY0vB6/JvR0J9of5d2D:F18Bl91Z7/ycNSCwV8TLZR0ed2
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/SoftwareLog.dll
- Size
  
  528KB
- MD5
  
  c193c03622ba6c79e648e7fc148b7f1c
- SHA1
  
  393af664a45dbc998de7c66bb9920153c25812ec
- SHA256
  
  76c797752154767e5e53337ff34197dfdbd47b94b063df2577009c999a459171
- SHA512
  
  1e6a56294b593ffa60d693461ed9dd0259cb689af0c41a5c577fd88542f63b6b2dfd3647555c035eb1edf69ab8ea13665cc96aafc5de7508dab18592fd3d6673
- SSDEEP
  
  6144:ygIdu8Z+ll7VsmuHMWzWr9Vz4Ob6kIRkhTS1WKrYd4cVHUez3qJowZVhb:i6RbIE9Rr6/UTS1WKrYqE/exb
Score

1^/10
behavioral7 behavioral8
- Target
  
  7z/7z.dll
- Size
  
  709KB
- MD5
  
  ca41d56630191e61565a343c59695ca1
- SHA1
  
  774584ff54b38da5d3b3ee02e30908dacab175c5
- SHA256
  
  6c80e3f49fcf561e6a0b52f9b4c81d1d07b22085f7864ee4cfd30dd10f6b3b12
- SHA512
  
  7f2eb8f773951c5b682b208807235bf4d7d937ece3d9d5c30d17abeb8f74e0be016140e74c64f9d38440269784308ed53c9c76dce6850afa1c7f9cb701229fe1
- SSDEEP
  
  12288:ICR0sfbz8QwSOh+PBFayDTAZju0sBdZ7ATm8zI:I9GX8JSOM5FayDTAZa0GdZ7G9E
Score

1^/10
behavioral10 behavioral9
- Target
  
  7z/7z.exe
- Size
  
  939KB
- MD5
  
  cf1e7d1eb1f66473d69bcfcac5bdf6b6
- SHA1
  
  354d97a5e50695788b299f261559f60d21a6a3ba
- SHA256
  
  59f9e2081dcadf6a476c4297fcf696a547812583bf9b18c2aaf374f74b4e24e9
- SHA512
  
  1fc751fd42b954df9099cd3f46d1d4f7703c74c27619c2cc84f9ef3074a09c2eed23efc6a990f311494b3cabcf286d296d1433336570130121d458fbff328c62
- SSDEEP
  
  12288:m8ar2RIEnTNZfZ9IT5ouKVJLdgs5tFYUPhQoTZGFJLjkTzn:fa6TjfoZK7LbvFGo8
Score

1^/10
behavioral11 behavioral12
- Target
  
  CalcHashAB.dll
- Size
  
  1.2MB
- MD5
  
  4a94dc352cb914d12ac656ab6c3dcdc9
- SHA1
  
  4118f895b5b4c35ccae013a7d019533b1d1633eb
- SHA256
  
  a9fe821e9e56a8c7bca32b629ba936e38793a56efb118081db26565c9972344b
- SHA512
  
  06b86958acc821b42d45655b86d7a3e022be3f88f013e9aa10a9c667dd27563c871724a3df3e6cda1703e68589def53b783ddcfd4d3b24350dfe6dc0ddf26a5b
- SSDEEP
  
  24576:RRo7AfCUuKsOMmSxpeH6FzhjnQf9XPCRn:wAaULKxoH6FzhjnQ4Rn
Score

3^/10
behavioral13 behavioral14
- Target
  
  Extxml2.dll
- Size
  
  969KB
- MD5
  
  5bfa0727d3c083becbe694b3c1647b58
- SHA1
  
  5f124f2e0a0bce181fe702a0ce7bfe4adfa717e8
- SHA256
  
  b3bb069c21097f07f2fb8a264eafac366b746fe2b932d0c86b54d331fa83fc08
- SHA512
  
  ae692fdde18814d36cbdf38e4833859db13159388df98997acdb71aaaa1ccc1a4fa76045bf029da0f543acb53befe7a8483f7d23955736953b10956dd3be13a8
- SSDEEP
  
  24576:JLcKcC0rO2s6c0k0/BMeJywAqiyOJUME9:ZMncDZQizS9
Score

3^/10
behavioral15 behavioral16
- Target
  
  FatOperate.dll
- Size
  
  129KB
- MD5
  
  c7dc8bee542b93069bce54626d351b61
- SHA1
  
  e9eadc23f849b0d1d05da61bd98cf4b7a9117ebd
- SHA256
  
  63eabf367d010fc615104870b88c1d2b9e9d9664f70d22584c7aa807292dcc40
- SHA512
  
  7d95796018008a46385917f24cc60a9f1338cc977c6552b14025879caca74f5963dc5ce12fa703db7f69e1b5cdfa818c1b4c5318a70934b658456e7bc7c8bd1a
- SSDEEP
  
  1536:tTg8mPw8d4SLbmRPt4Ntxn4tBTjzHS9rck5QyuIoaGsS5yBL:tU82gkbjLprzuIoaGsSoBL
Score

3^/10
behavioral17 behavioral18
- Target
  
  FileHash.dll
- Size
  
  534KB
- MD5
  
  20fdf47b66ed0d6763df0eca36b0cf70
- SHA1
  
  53a3109c2baea26c9a6e02a8baf48f3f70b9edae
- SHA256
  
  fd7019bee1948aafbbec530f8eb9b9ac1dff66acc71f1396a39855c8443c02e8
- SHA512
  
  6e6f6dbfe45682fd692fda070b5c993dc5ac5475edce5bc8391906466be1f83c0fc1e9b1d70697960ca341471a26c60c7e349dd7482bd2bbd6bebc7ce21adb19
- SSDEEP
  
  6144:A4R6UEBp1J2ha3tCvW/DCqkO7VBeDofjATQIzGISauEe+19yOmduJJj:A4RsBiadAkCqD7VBezdGISaRe+19yJde
Score

3^/10
behavioral19 behavioral20
- Target
  
  FreeImage.dll
- Size
  
  5.4MB
- MD5
  
  501721a8c2cb8be0eedc4cc87ecd8835
- SHA1
  
  a1624df25c24dca14a0ba7e713c64746aab2da25
- SHA256
  
  28fa4db7728991f45da18b39aaa88ca984ace38cccc943fae71c15daaf387030
- SHA512
  
  5c4d3cefd77dd3791cb5e3d81287076a5d3813c729f1b42b9f3987d77f2d0d9adf49d9ad14db3b47e9944e9be5678644638e1a5c029c2d1343ecd6ed3775128a
- SSDEEP
  
  49152:Zhd0HhgBfznpmSWmQ0c28aE08eRbxocctahCEHqTTavB/cVrHM4GRlKsUu:ZhdegB7nS0PXCIq6yslK+
Score

3^/10
behavioral21 behavioral22
- Target
  
  InfoReport.dll
- Size
  
  672KB
- MD5
  
  f5fdddf848860801dea677502dc16284
- SHA1
  
  4549461550bc5d525614190053e6f813e1ff0baa
- SHA256
  
  92c2d308fc263b07c6eb569a746a1124c2a661511e61247603662b261fa1ceae
- SHA512
  
  45293ed02792780e247020967d153b3db8bde533eb5fd6d7381c9fbffe015388fbfedbb3a3e750e82b503a8dd414a424e35f5a56dffd4a6467ca49e1027bd812
- SSDEEP
  
  12288:KSIKJBPe8CTYQNRpomG8ZUfac1HdfBdohOxLlCQ2tlr3d+6y:KSDBPe8AxPpVG8W9f44xJ2z3d4
Score

3^/10
behavioral23 behavioral24
- Target
  
  Initialize.dll
- Size
  
  146KB
- MD5
  
  10cb1b6427829e32b05e87485218acf7
- SHA1
  
  a6a450edf2e1e00a3a1e74d9c496ac69927eb5bf
- SHA256
  
  2556c880c38f86f0b8addbb2edfb2a86e4a9cf1c78a5b9dc9783dada68a964dc
- SHA512
  
  6251356da8a3a07c4cbe644b459be386267c8c3abbdb215839fb204d770807634ea6d980cc9d2fb92cedd0a9bbb4202936feb553f833a6aa7d47d05f02085314
- SSDEEP
  
  3072:D1pLEMzM8zaEa0ao5C2BSK/dzmZLPWVSIrIOl4kyoVe2uBpZqNB+:dBa10H5C2BS6daZqrIO3veNcG
Score

6^/10

bootkit persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral25 behavioral26
- Target
  
  LibSearchFileName.dll
- Size
  
  53KB
- MD5
  
  4e11d94605103f95502272ff8bb23585
- SHA1
  
  c499f946356dab50be7c8b4cdb82556a0fdf517b
- SHA256
  
  297c983876494833139ad2c400f5d69ad8a2238a4356e726f6e143d4e04f435e
- SHA512
  
  aedffac32606b8fb221b31d457c240495c5c1344aeb09a8e9699d48510586144efa5283e10305a520e78593431ca40247786695d54baa63d11fc4dc8d83b1d74
- SSDEEP
  
  768:rttOSW6gvM3QYvPCyyWoXyDw3mF4Y2yEFQhx0S+3/A8PZZN:rLOJwPSyBK2F4pOx+3/RBn
Score

1^/10
behavioral27 behavioral28
- Target
  
  NamePipe.dll
- Size
  
  126KB
- MD5
  
  6c5969b1508f64a1444756e871772315
- SHA1
  
  d7e3f62b223d7029c68dc0b0dc1891dd2c29ba25
- SHA256
  
  1368dcdde12778913b3920a84ab3b420fb332ef1678cba5767c79b4c5f217572
- SHA512
  
  eeac35633185bd334ad607f28db2c1f1ea9c795077d7f723469bdab13b7b9bfd052b9ab8567c8cb12a8e2f3b6d7ef58c96a487ba1fb13d289be2f44773f17f88
- SSDEEP
  
  3072:Jc6acIfAGCPsvU5mj1Ef8jUZlVmgwfkBh:JHIfAGIjnf8yagwfO
Score

3^/10
behavioral29 behavioral30
- Target
  
  NtfsOperate.dll
- Size
  
  142KB
- MD5
  
  4015f3ec3c9fa53eef85f6dbc25c4269
- SHA1
  
  5e1a0815eb3c2d2f1d0626e2efa635a4f5e331b5
- SHA256
  
  8b810489c92e468e3cafb1adbef96c6916ff9725ccbaa0f5996c41030b6d665d
- SHA512
  
  55b47553225da3ac910fac1b5baee268504d9e3215b390a43596d64286b68a404f2f04abd989aa789cd84261778f7b3f31f0cf4929453f051e310d1f96c29c1b
- SSDEEP
  
  3072:7tQul439NZiYd88+HS7SPlSUmoB7pInBGhBO:7tQul+NZiY97SPlT1iGy
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Enumerates connected drives

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32