fcadf0a0a2c90421f3b2b67f4649eabec2d0c8d4dda9127c7621de4ae052f09d

Sharing

Copy URL

Twitter E-mail

General

Target

fcadf0a0a2c90421f3b2b67f4649eabec2d0c8d4dda9127c7621de4ae052f09d.exe
Size

39.5MB
Sample

240422-cjvcxsee2w
MD5

01e82baef85b5e28a5f153f13fd320b2
SHA1

3e143d4c368aa53c1cf7d30ce36401463ce8b1db
SHA256

fcadf0a0a2c90421f3b2b67f4649eabec2d0c8d4dda9127c7621de4ae052f09d
SHA512

8cf08a9cd8abbf47980dd2125835c2ed2b9363b57fc847bc826f33200bb59f50246ea3ade7dc4c2a875e6eb03638be59c2ac5d78e7236ea958b1b853ae3ec573
SSDEEP

786432:oCU1Esp3xH+2cvakaqBGlWOP0MG85oXglyO4+xI4EJtL5X1OrbciRT1coX44j:oB1EsT+2cWqBS8H8LlyO4+xI48tooiR/

Score

10^/10

Malware Config

Targets

- Target
  
  fcadf0a0a2c90421f3b2b67f4649eabec2d0c8d4dda9127c7621de4ae052f09d.exe
- Size
  
  39.5MB
- MD5
  
  01e82baef85b5e28a5f153f13fd320b2
- SHA1
  
  3e143d4c368aa53c1cf7d30ce36401463ce8b1db
- SHA256
  
  fcadf0a0a2c90421f3b2b67f4649eabec2d0c8d4dda9127c7621de4ae052f09d
- SHA512
  
  8cf08a9cd8abbf47980dd2125835c2ed2b9363b57fc847bc826f33200bb59f50246ea3ade7dc4c2a875e6eb03638be59c2ac5d78e7236ea958b1b853ae3ec573
- SSDEEP
  
  786432:oCU1Esp3xH+2cvakaqBGlWOP0MG85oXglyO4+xI4EJtL5X1OrbciRT1coX44j:oB1EsT+2cWqBS8H8LlyO4+xI48tooiR/
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  2a03c4a7ac5ee5e0e0a683949f70971b
- SHA1
  
  3bd9877caaea4804c0400420494ad1143179dcec
- SHA256
  
  d4f0042d8e7622b7e14395e926dd02edab3cdc77e82d88108b67a4d2cee9229b
- SHA512
  
  1942cdb522859f8dba46824786e361794a62e6201279201e1e0e2e07499fb6252933c5661782fccd77291c3650cafb2a7a08eee5431c8238f0da44840ee4c476
- SSDEEP
  
  192:y4n3T5aK+dHCMR1aQR9RuZl3WWmU7WYZsw1JpVGnrjdK72dwF7dBOne:Tn3T5KdHCMRD/R1cOnrjd+BO
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  ebd0da54db9f12ffd15206cc24355793
- SHA1
  
  910be3bebdde55eb1ce05915a79f01ebdc622786
- SHA256
  
  4066a0cbd9f6bb13c0f6fb064d4647ef7bc68a1be3d0caa4460b5ffd9ed1e0e6
- SHA512
  
  cee09db96267b1a30477ff074988606bdf35f9a5aa798a9a10029b11c0c347ab42a124320d777acde458828954cc8cf1a489b1673b31d589cdc4f50d4b86659d
- SSDEEP
  
  48:im1wsjq8W2MPUptuMMFvx/om/ycNSCwVGfOY0vB6/JvR0J9of5d2D:F18Bl91Z7/ycNSCwV8TLZR0ed2
Score

3^/10
behavioral5 behavioral6
- Target
  
  7z/7z.dll
- Size
  
  709KB
- MD5
  
  ca41d56630191e61565a343c59695ca1
- SHA1
  
  774584ff54b38da5d3b3ee02e30908dacab175c5
- SHA256
  
  6c80e3f49fcf561e6a0b52f9b4c81d1d07b22085f7864ee4cfd30dd10f6b3b12
- SHA512
  
  7f2eb8f773951c5b682b208807235bf4d7d937ece3d9d5c30d17abeb8f74e0be016140e74c64f9d38440269784308ed53c9c76dce6850afa1c7f9cb701229fe1
- SSDEEP
  
  12288:ICR0sfbz8QwSOh+PBFayDTAZju0sBdZ7ATm8zI:I9GX8JSOM5FayDTAZa0GdZ7G9E
Score

1^/10
behavioral7 behavioral8
- Target
  
  7z/7z.exe
- Size
  
  939KB
- MD5
  
  cf1e7d1eb1f66473d69bcfcac5bdf6b6
- SHA1
  
  354d97a5e50695788b299f261559f60d21a6a3ba
- SHA256
  
  59f9e2081dcadf6a476c4297fcf696a547812583bf9b18c2aaf374f74b4e24e9
- SHA512
  
  1fc751fd42b954df9099cd3f46d1d4f7703c74c27619c2cc84f9ef3074a09c2eed23efc6a990f311494b3cabcf286d296d1433336570130121d458fbff328c62
- SSDEEP
  
  12288:m8ar2RIEnTNZfZ9IT5ouKVJLdgs5tFYUPhQoTZGFJLjkTzn:fa6TjfoZK7LbvFGo8
Score

1^/10
behavioral10 behavioral9
- Target
  
  CalcHashAB.dll
- Size
  
  1.2MB
- MD5
  
  e60455d108e19abbee36db52153579b9
- SHA1
  
  59c19ffc863e0ae8281dd6c0fee4baabdac00ca2
- SHA256
  
  24f5e57efa13bbab5a76a7d3867d0160d8da93023f84df83e99aeae07bc4161d
- SHA512
  
  db5da07750b39ce54410c432d9d5f384135e9380ddb01eca000667f7908e042b15ccae4a0678c08a94fa53160d82eb49f27852d665413785c32bcd24fb0a8a16
- SSDEEP
  
  24576:bRo7AfCUuKsOMmSxpeH6FzhjnQf9XPCRJ:WAaULKxoH6FzhjnQ4RJ
Score

3^/10
behavioral11 behavioral12
- Target
  
  Extxml2.dll
- Size
  
  969KB
- MD5
  
  fc28759198238c583c62c548b9d7d8f8
- SHA1
  
  a8e038088c7f1b689dcc7075316b9aaaeb429a65
- SHA256
  
  bc0c134f28fc2573b91f161fb31f819d19970a947f9c1b79acfd2a65d9a6d248
- SHA512
  
  6c80315332263f8d59846a16c18cc18a9fbc63b507018a18257e9612c4003dca53a61c7ce978dcf8b42dc1f68b4eec57393b4d01b2c475d315329efcb9957cc9
- SSDEEP
  
  24576:lLcKcC0rO2s6c0k0/BMeJywAqiyOJUMEm:FMncDZQizSm
Score

3^/10
behavioral13 behavioral14
- Target
  
  FatOperate.dll
- Size
  
  129KB
- MD5
  
  a04f4e944d2e981a206d6a8efacb2698
- SHA1
  
  32e63644ddd6f7beec3f68b103a0b2e7e3498f7b
- SHA256
  
  c0640853c3ddbc569a6a334608614fb4613706afd6bbe1b32a18fabbf616336b
- SHA512
  
  8826b6d8139c320cc41c90cc8f781f652efa87334e85ad6077a1fff67f65d43ee6353e8d2f8ddc45c32798d57ab52bd1e8cd496d106e22070becd26429724365
- SSDEEP
  
  1536:oTg8mPw8d4SLbmRPt4Ntxn4tBTjzHS9rck5QyuIoaGsS5yBDn:oU82gkbjLprzuIoaGsSoBz
Score

3^/10
behavioral15 behavioral16
- Target
  
  FileHash.dll
- Size
  
  531KB
- MD5
  
  f8bb08dd9a5824051813e2d492d5d355
- SHA1
  
  d2668a9c70c8c3ceac5e97cd14130f16b2d18eb3
- SHA256
  
  5e63df46e2fe6b86cc8f8e4b36f34d297c7332b41300d01b8e1eb3bc1424cdf4
- SHA512
  
  a34c05e66bce52a4263a5f95a93bec24d0e9363817e3c1c2e75f104e7d59953c9cb6ff6a915d433194020a7eebf9742cd3f13ca49fe1b623bf2c1bd2f5ccfda0
- SSDEEP
  
  6144:Yr0P4W0zK8sKD2GbjEQ3ypNmUcTyMQ1biaA1+vlXhzYvbQRUncK4aPVLxS4PYU:IvmhobjEQ4NmIV1uP1izQZfBn
Score

3^/10
behavioral17 behavioral18
- Target
  
  Initialize.dll
- Size
  
  146KB
- MD5
  
  f00b2f763b676ba3b7b39c92f769f018
- SHA1
  
  65c14e0ea372c3105187fedcd7204fd05d9e9a13
- SHA256
  
  6611dd0e8cded3aa1f029c0168355f12e51cccf4ec54d3408ca2891e2247818e
- SHA512
  
  b03daa1b075ad1877fd2ca10a818749d1a9308ef131c7e8583757a135e2e41c77d5c39fda13ac60fbed12287dd780f87dbb3a3d377c9877eba556ef67a5ee65e
- SSDEEP
  
  3072:n1pLEMzM8zaEa0ao5C2BSK/dzmZLPWVSIrIOl4kyoVe2uBpZqNBN:BBa10H5C2BS6daZqrIO3veNcV
Score

6^/10

bootkit persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral19 behavioral20
- Target
  
  LibSearchFileName.dll
- Size
  
  53KB
- MD5
  
  85cb6acdd85dd3c1a7e592dafc1d65d1
- SHA1
  
  3d29561130b1ca725dd3c15083c5a7f0acabac58
- SHA256
  
  f9ce687058d57c6c9062b3d6eaed46e49a17af75883dd876cdf09ae79f5785dd
- SHA512
  
  7a81b93e1d607b49fffc9f77a8d1dda430263af20c32c1fd0ca5f501471fc1695fdf75bbcdacaddfb28c15b070b4a0473e2840722531302d6851fa6253198bc8
- SSDEEP
  
  768:jttOSW6gvM3QYvPCyyWoXyDw3mF4Y2yEFQhx0S+3/A8PZ2:jLOJwPSyBK2F4pOx+3/RB2
Score

1^/10
behavioral21 behavioral22
- Target
  
  NamePipe.dll
- Size
  
  126KB
- MD5
  
  2411a891e147376d89d55f40fe023019
- SHA1
  
  74fa0111a27cd423024bb5f3cf115d6265684d5d
- SHA256
  
  3bce5253d9ff0fb57fb69a5fe1772de783b313f337dbbe6277715833c2094a55
- SHA512
  
  29b6b2f05615266ef109442cb953df2e768405d1a9fe652ae8e261951d94bd12bfd0c2d6ced376101e8ac60b2f578bb0361d2b5cf9799deca0ebd1342aef26de
- SSDEEP
  
  3072:fc6acIfAGCPsvU5mj1Ef8jUZlVmgwfkBg:fHIfAGIjnf8yagwff
Score

3^/10
behavioral23 behavioral24
- Target
  
  NtfsOperate.dll
- Size
  
  142KB
- MD5
  
  9a2c38fb4c5708dbaf993381ef55f62f
- SHA1
  
  7884d9af471c20300368eb7ff4d9857fbe820555
- SHA256
  
  a0d04edda568eb6b9b1979270c6b8efcb0e18049a53b1cabd9e1e96644cf8d4d
- SHA512
  
  1dcbfaef1bda69047e16c3518c7ad4cfefe1ccd3f71e2c87fa30c786f86a2f26b572a19ead670c42457d2712b801a6cdfe5c3ce8019674b24997f642f9912790
- SSDEEP
  
  3072:gtQul439NZiYd88+HS7SPlSUmoB7pInBGhBu:gtQul+NZiY97SPlT1iGS
Score

1^/10
behavioral25 behavioral26
- Target
  
  RecoveryPhoto.dll
- Size
  
  499KB
- MD5
  
  950ea2275b63d8bcf2eea6d593e02c87
- SHA1
  
  e4a08dcba390b0e9231adbd4624e23bb8fbaf98c
- SHA256
  
  2e9c125f510d27f09513ed8c809cff8deb5efb618379bc458ef97982aa133b52
- SHA512
  
  c66ef0e5ac444996e7f49c1ef638b7a8153c8dca4a6dd527fdbd93437164f6172cd651101e625a9dcaa4bb66bd37c31f854a872ea05bce59782d4dadea395a19
- SSDEEP
  
  12288:W6Kv0ihp+FDgzWxr8UfbHBLEOrKiEhv7evvpJII/ZE:ghhp4DgCOH0vvpJe
Score

3^/10
behavioral27 behavioral28
- Target
  
  SaveOperate.dll
- Size
  
  89KB
- MD5
  
  9d7cca6ddfaf6e5353200b07365a474e
- SHA1
  
  dba1e692f8d30abb9ef2e41a0a330701a3610555
- SHA256
  
  ee37569f18268ad3189867f076fd2b3f9dcf016cdca92ad6a80f7798ac3e3f5d
- SHA512
  
  456dcca23d3515c4f7517357086e7ee3ef5b0f9aadc399824c5a12de27c292c7e1739d49f43a24cfca3aa1f5b4bfc456d898aa9068f4550698e009fdbad7934a
- SSDEEP
  
  768:uXc8P4o00m+CusjIlenL3iVay4lJLIhTozIo37PNW1zuageMU4p2FIvSR6uE6RMh:qci4N+COK2Vah+ToqqFL6RWovnFkKBi
Score

1^/10
behavioral29 behavioral30
- Target
  
  SoftwareLog.dll
- Size
  
  525KB
- MD5
  
  1ba27e4cb5ef7cbd6e7030d594d55c3e
- SHA1
  
  f12f86cd47e56ef8e11ca4cc09f1f359afc2df1f
- SHA256
  
  72e815797d5f7ddb56066cee4feb04115ea210baa196575a7d3284fc83055078
- SHA512
  
  35e0e6f693b6cb46ed143673c1d4a0b7bf11787f546c023130b7abb92de47c53de6f0bcb05eb5d8f232d0abe3a559926d5d25475bd029d59227087aff849ad94
- SSDEEP
  
  6144:QSyOKYyPDaiLRvrww2KQaDKgqhk1sGYs/05QGbaLq0FEHoAld0hqZ:HKrbNvcw2uDK5k1sJs0QI5TIe
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Enumerates connected drives

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32