88977075356dc9e4c81ff59e5ffc004ab3d62070c1062ce7b690a941d5328090

Sharing

Copy URL

Twitter E-mail

General

Target

SSDRM_for_mySingle.exe
Size

4.4MB
Sample

240424-rey8msbc32
MD5

4164d80ade12fd8aa36fbaa4cc9c9740
SHA1

5f85d1550d3d654ac16a9262555a586ccf167a0f
SHA256

88977075356dc9e4c81ff59e5ffc004ab3d62070c1062ce7b690a941d5328090
SHA512

69feeb77b4b79f957a6984d4f3ad549e27282aea48f032a06caf6b59dfbb62ef4f49c1e8814f827e8570f30cf930c9d752811ce5d2906de94dacfe85c018fc82
SSDEEP

98304:v0kfXXnyek4Q7OWfjdZMX3PfKSu6vIxR1QtT29daNj1lk/va:ccW4c5fjdunPy/xLQtT29IDlkXa

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  SSDRM_for_mySingle.exe
- Size
  
  4.4MB
- MD5
  
  4164d80ade12fd8aa36fbaa4cc9c9740
- SHA1
  
  5f85d1550d3d654ac16a9262555a586ccf167a0f
- SHA256
  
  88977075356dc9e4c81ff59e5ffc004ab3d62070c1062ce7b690a941d5328090
- SHA512
  
  69feeb77b4b79f957a6984d4f3ad549e27282aea48f032a06caf6b59dfbb62ef4f49c1e8814f827e8570f30cf930c9d752811ce5d2906de94dacfe85c018fc82
- SSDEEP
  
  98304:v0kfXXnyek4Q7OWfjdZMX3PfKSu6vIxR1QtT29daNj1lk/va:ccW4c5fjdunPy/xLQtT29IDlkXa
Score

3^/10
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/ExecCmd.dll
- Size
  
  4KB
- MD5
  
  b9380b0bea8854fd9f93cc1fda0dfeac
- SHA1
  
  edb8d58074e098f7b5f0d158abedc7fc53638618
- SHA256
  
  1f4bd9c9376fe1b6913baeca7fb6df6467126f27c9c2fe038206567232a0e244
- SHA512
  
  45c3ab0f2bce53b75e72e43bac747dc0618342a3f498be8e2eb62a6db0b137fcdb1735da83051b14824996b5287109aa831e5859d6f21f0ed21b76b3d335418c
- SSDEEP
  
  48:ifXNtGNjFizsU35iej7luiwa28mDJmDKUOMQH0glay/Aa4r/:5Fef5iej5txKJKenlV4r/
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral5 behavioral6
- Target
  
  PCWProtectorSetup_Voice_Service.exe
- Size
  
  4.4MB
- MD5
  
  f14cc766cc424af695d5a22cf4603b00
- SHA1
  
  c305a43566ccc3427207c47f15ea348fb042ca60
- SHA256
  
  1e679e36e89a01b3c78d9e29600350d92469bded84088b4d00df2b70d50386f7
- SHA512
  
  bd7a7dbbb0e21c8893e968a5caa0390951e00281a7670f5d226cb8417b515e581d4726e61e36a39a83cdff4942204c96c57bdd7e5c11d50c178831ac63113739
- SSDEEP
  
  98304:gXr7+/ec6Mz2O1dXd8QDCoqF4AbrvQdw+bUiCMNjkTntdIhR3:gb769z2+dXdJ93q+bUi9ekT
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  GDISpyB.sys
- Size
  
  39KB
- MD5
  
  5cf9e58c41f6b23cfd51cfd2bb843f99
- SHA1
  
  f7e2a97188c3e343e4210cf4f8618a16dc2c30f8
- SHA256
  
  02113d24b82ec4fd61371f5ceef5fbcf6250d540137c34ba31566f1a6c089c7f
- SHA512
  
  f16101f8bc6179de21af2ec6b29dfd1b70c618c5b4a4260a5c23c362d849232b14a9d3d99bc039ae78ef843423297af166434d8b582c487a5ec91c8ecfd3f223
- SSDEEP
  
  384:Us+eQb89MP+TPTUYKCwrRt3ayaGBYA7e8Fst3MN4ZvQ094hKulmBqB3j:UslQb6MP+TPTU/5Rt3ayD/78JI/oIz
Score

1^/10
behavioral10 behavioral9
- Target
  
  PCW.ocx
- Size
  
  399KB
- MD5
  
  074b45a78113cf096d43187a5d38bbb6
- SHA1
  
  d31653a23df8e96c1f3f0f46a6178e8c3b05dcb5
- SHA256
  
  0b26f0cdc7dedcda0668ba6628aa9d3774ed5c97c7801c18b582cf4f43367f7c
- SHA512
  
  725755591e127e809be2aa7b3262178328257ff49f7666cb1005cdecb56b37936ca9b5cf83c3c343851f8c0063664def10efd9b183d94e78fcbbf46945e66c89
- SSDEEP
  
  6144:Awfej2TDeTp0QIGSvCNLxCOeDlsLKF79k2+VbcYpANKyklyT8BEd+n:Awf8NSvVcKF79QVbcYWQyZ8
Score

1^/10
behavioral11 behavioral12
- Target
  
  PCW64.ocx
- Size
  
  524KB
- MD5
  
  61b0ff9ac09a1da24fc7c08d22f5a33d
- SHA1
  
  9a3411af07a241d6a5fd482d3ade8d7872944d60
- SHA256
  
  68ab12650aaefa3933928ac44ab01451c8923dfdf10b309c5723affe2c946550
- SHA512
  
  2d954b764c9e793f203a07a20df6fb7fe0044652ffe61053d55872c2763708039514ee2cc13fa67bf9070d2ab93b54227681e86f663a9f4df5f711d89f4045ef
- SSDEEP
  
  6144:1nyHZrCMWFHf+NWdEhuAingCCHjqYsKxsUTHixF5CJJCg6sWLfQD8spf9wFWV:1y9CXFHf+NWdEvRCqzsEebCXWofcm
Score

7^/10

persistence
- Registers COM server for autorun
  persistence
behavioral13 behavioral14
- Target
  
  PCWProtectorB.exe
- Size
  
  567KB
- MD5
  
  6ce74b64aee3c89d3939bb15ecfe7888
- SHA1
  
  58ec5c6b43b90aaa6fa7919c1dbf46812378efae
- SHA256
  
  ccb0bd5f3e296c35b38348cf4f231f93ce9bb57af42c328b0aba9e29103ee391
- SHA512
  
  f39486655c3d58a62d5c310ce181da0f7dee61e2d3179571b6c1e25ceba3b20c9061565708b8e7c5c5232ca3210348ed82305a105b3b678fadef7b62a2be8c64
- SSDEEP
  
  12288:D2mLG5GELDDx5HXt/NoUSppY+ATabo9pGHNu4B2Uehy:0rtNoUSj/AeI4reA
Score

1^/10
behavioral15 behavioral16
- Target
  
  PCWProtectorDummy.exe
- Size
  
  408KB
- MD5
  
  f0d735ccdea791ac2f224eb12c58c906
- SHA1
  
  889c921de73abba29dc6e159321ccd73f60250cd
- SHA256
  
  22cb915e9a47092276c118b18b9ea6248c5b4822056ee9ae22df47d1bcc2cc45
- SHA512
  
  f744755ed2bc94990c3159601dd893293c4fe69138ea4c3dbbf5546c4e2f7e41ed4db55e3d28ba34101c2ef422054110263f183f48490257275dafbbd979ea08
- SSDEEP
  
  12288:9gI45pFA+X5GQ90mh/mlVN3cK9pGHNu4B2U7:2I45s+8Q900mlVoI4r7
Score

1^/10
behavioral17 behavioral18
- Target
  
  PCWProtectorDummy64.exe
- Size
  
  501KB
- MD5
  
  4e4009a8838142a76a1d3b7e9a72b0a2
- SHA1
  
  fce0ef120d20a322afbc0a0e8c942c69f2218e85
- SHA256
  
  3668f959946e719f5a72cc7c5311adf9e8dc5a13d94ca6e0b994d3a520adf881
- SHA512
  
  186de07c13518bbffc8eae9857228a4b51080fe409cd7499d9a9c1575a9cd2229c1d20418f121380e7b730ea9404595070b1b4f7ad55354472a9de49ac5a2d17
- SSDEEP
  
  12288:kvzgBGfHGKKZ/W25AbMomlOpMVDt9pGHNu4B2UH:UtKZHAbMoUOSQI4rH
Score

1^/10
behavioral19 behavioral20
- Target
  
  PCWProtectorService64B.exe
- Size
  
  287KB
- MD5
  
  eb2aa21de1026a8a831af0797aac9a78
- SHA1
  
  0e5e03f209a50a46ac14246ae46ef19ee14d7233
- SHA256
  
  82c4c819c4d543f6131cbc462206e9cdaf4931abe6f73c21b6df4968897572a2
- SHA512
  
  89758110eef34b9c08b09cfb10569b0ce4b16788dc68029c12fda84859240d514d2a41827a61e99b9e2a8f1be1ce251a2fd8aeba990dfbb176158f6096ad11e2
- SSDEEP
  
  6144:sV7FOaQwYB3EOkbu/s6vsHgf4t7hGijknN+kh/h4:sxQwYB3E1u/n87hAnz9h4
Score

5^/10
- Drops file in System32 directory
behavioral21 behavioral22
- Target
  
  PCWProtectorServiceB.exe
- Size
  
  242KB
- MD5
  
  f637513089742ab2d236a35941bf7140
- SHA1
  
  736335cb4963ffb93f282fd3ac6c8cba9acf8bd5
- SHA256
  
  31658ce6d0128abcebf3b135991a8e742b57de66f4d557d10106c0341b1413e7
- SHA512
  
  117cfa2fa1b6fb192be5679bfee1a8f55afbd920a8af50b636379c4a519f626745645d8ff94a2446a007b1c7dfd66070a3e22f9218b3f25dcb2fb8863b4c7d4a
- SSDEEP
  
  3072:npFAq9VOrR2QctCalW9cq/ekmob21tmoSUu32jHq0oJFtfSy5lxVa1VmU5TbH:7AmOAQ+CaA9cq/TmoKmvJ+q0o8GqzTb
Score

1^/10
behavioral23 behavioral24
- Target
  
  PCWUpdater.exe
- Size
  
  423KB
- MD5
  
  f3b1b338ce6cbb2b2b2de1b5e6b7c49d
- SHA1
  
  6d9c9564a0c5784017f32bc2881d955c73c6155b
- SHA256
  
  481fe01d12228ecd30410f09e0390f1876ff3baec7ebde5ccb1d2165a01582b8
- SHA512
  
  f524fa1804cbcb31e008cc0ae6d1854ed21e40cd2f192dd300354a01203d112ef7711de30973a06e0b691e9b3236f1aab17ec247d63bff79a43df817c4489313
- SSDEEP
  
  12288:50QOmCU/iH9CImgdH1C89qH0y9pGHNu4B2UipYB:T389CIm7826I4reYB
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral25 behavioral26
- Target
  
  PCWUpdater64.exe
- Size
  
  520KB
- MD5
  
  506ce3ed7e4ee4d42c05482ebd9e230f
- SHA1
  
  4eb0d15002fad41803818600aa24002581b40bfa
- SHA256
  
  29ecf971c9d8b5301171b6f786164a1cea29fbf27e20949635e4b95307b2880b
- SHA512
  
  1997a7406afee2c460200addd76aca44478df66a5f5e16d153d4ff6e4e9e2b83fca12f338b4c6a55dfad843dfae243d005d7ef1f3870b376cfe8b21ff83dd74c
- SSDEEP
  
  12288:rXx5pL4AQ2OihxroFHt3iXt99bnGPVbL9pGHNu4B2UB:rXxPfet3iXZbnIbGI4rB
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral27 behavioral28
- Target
  
  PscMng.exe
- Size
  
  231KB
- MD5
  
  a7f5b19e18c37d940988a7af1f79140b
- SHA1
  
  c8b764a422a2d2b2069bb06822f764bc659e4629
- SHA256
  
  417645b171e67f17cb839ecd0d7ae5bbc017fba0d9c642a3bbac94f37aa156b1
- SHA512
  
  2699b356e1499663631d0f157cba61682d55e47072702c0b9c6e28312ccbde1ed55fa72b6b6a176b8a12dd526108e4dd58dbf5cc4a40f85863974f86e8e17416
- SSDEEP
  
  3072:7mtoS+daC87NfTE6MCYNafSy8PArpn7EY8/0jAAaN8JI7vSrjc:6iaC+NAN2Sm8/mAxAr
Score

1^/10
behavioral29 behavioral30
- Target
  
  RDUtil.dll
- Size
  
  274KB
- MD5
  
  47c45dc36bbf3c5e6130dcfe37c89347
- SHA1
  
  5098af2483b5e2edf205bca47d43b086ddfd8d9d
- SHA256
  
  6f149b8ff0e97d0d2dcae5a952e6bdbc6222116eb2f865c7129f32f3fd3c5fa2
- SHA512
  
  f99724202d538a554c1bc591f7d50fe3362f42b66d243b8875a4f5d9cece8b817b6d8db35c35a2016b3268be1d0f92fff12127d1ef91be784b563a88e9902c41
- SSDEEP
  
  6144:hmbRSSG3Yv3lqRJMdgUFLUv4EVJWCUqpP:RhpRJOLQSCz
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

Drops file in System32 directory

Registers COM server for autorun

Drops file in System32 directory

Executes dropped EXE

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32