General
-
Target
SSDRM_for_mySingle (1).exe
-
Size
4.4MB
-
Sample
240424-rcp7ysbb69
-
MD5
4164d80ade12fd8aa36fbaa4cc9c9740
-
SHA1
5f85d1550d3d654ac16a9262555a586ccf167a0f
-
SHA256
88977075356dc9e4c81ff59e5ffc004ab3d62070c1062ce7b690a941d5328090
-
SHA512
69feeb77b4b79f957a6984d4f3ad549e27282aea48f032a06caf6b59dfbb62ef4f49c1e8814f827e8570f30cf930c9d752811ce5d2906de94dacfe85c018fc82
-
SSDEEP
98304:v0kfXXnyek4Q7OWfjdZMX3PfKSu6vIxR1QtT29daNj1lk/va:ccW4c5fjdunPy/xLQtT29IDlkXa
Malware Config
Targets
-
-
Target
SSDRM_for_mySingle (1).exe
-
Size
4.4MB
-
MD5
4164d80ade12fd8aa36fbaa4cc9c9740
-
SHA1
5f85d1550d3d654ac16a9262555a586ccf167a0f
-
SHA256
88977075356dc9e4c81ff59e5ffc004ab3d62070c1062ce7b690a941d5328090
-
SHA512
69feeb77b4b79f957a6984d4f3ad549e27282aea48f032a06caf6b59dfbb62ef4f49c1e8814f827e8570f30cf930c9d752811ce5d2906de94dacfe85c018fc82
-
SSDEEP
98304:v0kfXXnyek4Q7OWfjdZMX3PfKSu6vIxR1QtT29daNj1lk/va:ccW4c5fjdunPy/xLQtT29IDlkXa
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/ExecCmd.dll
-
Size
4KB
-
MD5
b9380b0bea8854fd9f93cc1fda0dfeac
-
SHA1
edb8d58074e098f7b5f0d158abedc7fc53638618
-
SHA256
1f4bd9c9376fe1b6913baeca7fb6df6467126f27c9c2fe038206567232a0e244
-
SHA512
45c3ab0f2bce53b75e72e43bac747dc0618342a3f498be8e2eb62a6db0b137fcdb1735da83051b14824996b5287109aa831e5859d6f21f0ed21b76b3d335418c
-
SSDEEP
48:ifXNtGNjFizsU35iej7luiwa28mDJmDKUOMQH0glay/Aa4r/:5Fef5iej5txKJKenlV4r/
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
PCWProtectorSetup_Voice_Service.exe
-
Size
4.4MB
-
MD5
f14cc766cc424af695d5a22cf4603b00
-
SHA1
c305a43566ccc3427207c47f15ea348fb042ca60
-
SHA256
1e679e36e89a01b3c78d9e29600350d92469bded84088b4d00df2b70d50386f7
-
SHA512
bd7a7dbbb0e21c8893e968a5caa0390951e00281a7670f5d226cb8417b515e581d4726e61e36a39a83cdff4942204c96c57bdd7e5c11d50c178831ac63113739
-
SSDEEP
98304:gXr7+/ec6Mz2O1dXd8QDCoqF4AbrvQdw+bUiCMNjkTntdIhR3:gb769z2+dXdJ93q+bUi9ekT
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
325b008aec81e5aaa57096f05d4212b5
-
SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3
-
SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
-
SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
-
SSDEEP
192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score3/10 -
-
-
Target
$PLUGINSDIR/PCWPlugin.dll
-
Size
262KB
-
MD5
8240bee02c3ad64fe256a67479de886c
-
SHA1
afb6f7fede3ef1509b1be979dd3ca1ce5ea03db6
-
SHA256
d0a7db3315f28a3b1016b21a78d30b71d961b5979d50635c716df5c11fd1351e
-
SHA512
34170981f78f77814c6869f3833631726c869ddab28827260d3a9ab9fd9b899414f53a7c94517cf25afebb883e2638190c1b396259fead3cb3dc1f123b94ad33
-
SSDEEP
6144:NeQ5iCP1bcPhOYNKtZdTTitGM4GCbmwjl3Cf5d4EL:uUYNK1NM4Gfwjl3Cf5KE
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/UserInfo.dll
-
Size
4KB
-
MD5
7579ade7ae1747a31960a228ce02e666
-
SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351
-
SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5
-
SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b
Score3/10 -
-
-
Target
GDISpy.sys
-
Size
39KB
-
MD5
4681f0c9b9a4d4b330c0fdd5c59a8d1f
-
SHA1
478346d485e80a8fca2b20549af9fa4b99f695ce
-
SHA256
aaaa0b393f566017abfc0f2f48a5e7c639004e17ba1aa4962ba5331e02b83bca
-
SHA512
ea2cf059e058bca0aa9295ce6d6f1a7b3aa551dd634b9e67097e267a56b2a97f63148d8e0c3545124a2add78964b5bccf42f7dda3a04f9d27f4843daa3279b6a
-
SSDEEP
384:UyEW+eQb89MP+TPTUYPYrRtJayaGBYA7e8Fst3MN4ZvQ094hKulmBqBKT:UyEWlQb6MP+TPTUxRtJayD/78JI/oI0
Score1/10 -
-
-
Target
GDISpyB.sys
-
Size
39KB
-
MD5
5cf9e58c41f6b23cfd51cfd2bb843f99
-
SHA1
f7e2a97188c3e343e4210cf4f8618a16dc2c30f8
-
SHA256
02113d24b82ec4fd61371f5ceef5fbcf6250d540137c34ba31566f1a6c089c7f
-
SHA512
f16101f8bc6179de21af2ec6b29dfd1b70c618c5b4a4260a5c23c362d849232b14a9d3d99bc039ae78ef843423297af166434d8b582c487a5ec91c8ecfd3f223
-
SSDEEP
384:Us+eQb89MP+TPTUYKCwrRt3ayaGBYA7e8Fst3MN4ZvQ094hKulmBqB3j:UslQb6MP+TPTU/5Rt3ayD/78JI/oIz
Score1/10 -
-
-
Target
PCW.ocx
-
Size
399KB
-
MD5
074b45a78113cf096d43187a5d38bbb6
-
SHA1
d31653a23df8e96c1f3f0f46a6178e8c3b05dcb5
-
SHA256
0b26f0cdc7dedcda0668ba6628aa9d3774ed5c97c7801c18b582cf4f43367f7c
-
SHA512
725755591e127e809be2aa7b3262178328257ff49f7666cb1005cdecb56b37936ca9b5cf83c3c343851f8c0063664def10efd9b183d94e78fcbbf46945e66c89
-
SSDEEP
6144:Awfej2TDeTp0QIGSvCNLxCOeDlsLKF79k2+VbcYpANKyklyT8BEd+n:Awf8NSvVcKF79QVbcYWQyZ8
Score1/10 -
-
-
Target
PCW64.ocx
-
Size
524KB
-
MD5
61b0ff9ac09a1da24fc7c08d22f5a33d
-
SHA1
9a3411af07a241d6a5fd482d3ade8d7872944d60
-
SHA256
68ab12650aaefa3933928ac44ab01451c8923dfdf10b309c5723affe2c946550
-
SHA512
2d954b764c9e793f203a07a20df6fb7fe0044652ffe61053d55872c2763708039514ee2cc13fa67bf9070d2ab93b54227681e86f663a9f4df5f711d89f4045ef
-
SSDEEP
6144:1nyHZrCMWFHf+NWdEhuAingCCHjqYsKxsUTHixF5CJJCg6sWLfQD8spf9wFWV:1y9CXFHf+NWdEvRCqzsEebCXWofcm
Score7/10-
Registers COM server for autorun
-
-
-
Target
PCWProtectorB.exe
-
Size
567KB
-
MD5
6ce74b64aee3c89d3939bb15ecfe7888
-
SHA1
58ec5c6b43b90aaa6fa7919c1dbf46812378efae
-
SHA256
ccb0bd5f3e296c35b38348cf4f231f93ce9bb57af42c328b0aba9e29103ee391
-
SHA512
f39486655c3d58a62d5c310ce181da0f7dee61e2d3179571b6c1e25ceba3b20c9061565708b8e7c5c5232ca3210348ed82305a105b3b678fadef7b62a2be8c64
-
SSDEEP
12288:D2mLG5GELDDx5HXt/NoUSppY+ATabo9pGHNu4B2Uehy:0rtNoUSj/AeI4reA
Score1/10 -
-
-
Target
PCWProtectorDummy.exe
-
Size
408KB
-
MD5
f0d735ccdea791ac2f224eb12c58c906
-
SHA1
889c921de73abba29dc6e159321ccd73f60250cd
-
SHA256
22cb915e9a47092276c118b18b9ea6248c5b4822056ee9ae22df47d1bcc2cc45
-
SHA512
f744755ed2bc94990c3159601dd893293c4fe69138ea4c3dbbf5546c4e2f7e41ed4db55e3d28ba34101c2ef422054110263f183f48490257275dafbbd979ea08
-
SSDEEP
12288:9gI45pFA+X5GQ90mh/mlVN3cK9pGHNu4B2U7:2I45s+8Q900mlVoI4r7
Score1/10 -
-
-
Target
PCWProtectorDummy64.exe
-
Size
501KB
-
MD5
4e4009a8838142a76a1d3b7e9a72b0a2
-
SHA1
fce0ef120d20a322afbc0a0e8c942c69f2218e85
-
SHA256
3668f959946e719f5a72cc7c5311adf9e8dc5a13d94ca6e0b994d3a520adf881
-
SHA512
186de07c13518bbffc8eae9857228a4b51080fe409cd7499d9a9c1575a9cd2229c1d20418f121380e7b730ea9404595070b1b4f7ad55354472a9de49ac5a2d17
-
SSDEEP
12288:kvzgBGfHGKKZ/W25AbMomlOpMVDt9pGHNu4B2UH:UtKZHAbMoUOSQI4rH
Score1/10 -
-
-
Target
PCWProtectorService64B.exe
-
Size
287KB
-
MD5
eb2aa21de1026a8a831af0797aac9a78
-
SHA1
0e5e03f209a50a46ac14246ae46ef19ee14d7233
-
SHA256
82c4c819c4d543f6131cbc462206e9cdaf4931abe6f73c21b6df4968897572a2
-
SHA512
89758110eef34b9c08b09cfb10569b0ce4b16788dc68029c12fda84859240d514d2a41827a61e99b9e2a8f1be1ce251a2fd8aeba990dfbb176158f6096ad11e2
-
SSDEEP
6144:sV7FOaQwYB3EOkbu/s6vsHgf4t7hGijknN+kh/h4:sxQwYB3E1u/n87hAnz9h4
Score5/10-
Drops file in System32 directory
-