Overview

overview

8

Static

static

3

EcosiaInstaller.exe

windows10-2004-x64

8

$PLUGINSDI...le.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Resubmissions

26-04-2024 08:52

240426-ks7zdada7x 7

24-04-2024 15:31

240424-sx28pace5y 8

23-04-2024 05:33

240423-f814jsdf8z 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    EcosiaInstaller.exe

  • Size

    1.0MB

  • Sample

    240423-f814jsdf8z

  • MD5

    ead03cdd9d3398c50ffd82d1f1021d53

  • SHA1

    24b37f404d510f4eb7807dd89de20e936fc18190

  • SHA256

    4bf7c84949d8e672e7244e1d36d93575eabeb825bf60b209885e317bbbd431e2

  • SHA512

    ff381bd5ce7aef733c9ce9fcac0bcf3c9da106b09223c2904714bf4f7df334280ebf4792c279bea32cdafd896d5d95f28cbd6fc18a7d56c4fe77b63438fd6c70

  • SSDEEP

    24576:WgZNRxRm9PQBwV418TeWyavVb5AudHRhItGsePtjDZeMizZBx7j:WgHRW9P0wCWy2auFRhIP6pkd7j

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      EcosiaInstaller.exe

    • Size

      1.0MB

    • MD5

      ead03cdd9d3398c50ffd82d1f1021d53

    • SHA1

      24b37f404d510f4eb7807dd89de20e936fc18190

    • SHA256

      4bf7c84949d8e672e7244e1d36d93575eabeb825bf60b209885e317bbbd431e2

    • SHA512

      ff381bd5ce7aef733c9ce9fcac0bcf3c9da106b09223c2904714bf4f7df334280ebf4792c279bea32cdafd896d5d95f28cbd6fc18a7d56c4fe77b63438fd6c70

    • SSDEEP

      24576:WgZNRxRm9PQBwV418TeWyavVb5AudHRhItGsePtjDZeMizZBx7j:WgHRW9P0wCWy2auFRhIP6pkd7j

    Score
    8/10
    discoverypersistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

    • Target

      $PLUGINSDIR/MainModule.dll

    • Size

      3.6MB

    • MD5

      c5f78d7f3df8b816ef881d342f6e9520

    • SHA1

      251a4bc26a697e4641483ce7a3ac694874d7be52

    • SHA256

      b0c4e04590f521358d7e3cf5201ffc551b6cbd7182a6e8229e94f47105c71822

    • SHA512

      c9af575cde74c1520ebd49df15116d4165e9c5314cc4c402463388552ee35768ddc31d8a3f38ab2488357e7fc112666e02c1c6ac6c9f4b6eeba787afcafaa2cd

    • SSDEEP

      49152:7xndKahU90qfaCD8zhcO6QyJzWrkEURLLoPgglWNeCyTh6d:7vHy2qf3D8zhcrbqrkbLLooglWN/yT8

    Score
    3/10
    behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      564bb0373067e1785cba7e4c24aab4bf

    • SHA1

      7c9416a01d821b10b2eef97b80899d24014d6fc1

    • SHA256

      7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5

    • SHA512

      22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472

    • SSDEEP

      192:nenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBDIwL:n8+Qlt70Fj/lQRY/9VjjfL

    Score
    3/10
    behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks