ec4a958ab73fa233b4bb5cbaf68ea3486384997d53740bfa9c3307ce150a59dd

Sharing

Copy URL

Twitter E-mail

General

Target

ec4a958ab73fa233b4bb5cbaf68ea3486384997d53740bfa9c3307ce150a59dd.exe
Size

16.0MB
Sample

240428-mw68csdh99
MD5

655c33920fd920dc86fe9c572f1bbaba
SHA1

766af67dd9d609c1cbf56578f25b0a3bacc580e2
SHA256

ec4a958ab73fa233b4bb5cbaf68ea3486384997d53740bfa9c3307ce150a59dd
SHA512

e8e29eb2e9d26122d59b806a3bb7047b61f36942f34c0c883394337dc86896f71bf0cea4951525387c1eb9511624453022a0aa7e852882bbba7271c1dc2448fe
SSDEEP

393216:fuIjTX0c+rk9t2+arEhxiLFbHO1mmailtTZ0h6xZ:fuIjYcgPdHcmmaGtTZ0hC

Score

8^/10

Malware Config

Targets

- Target
  
  ec4a958ab73fa233b4bb5cbaf68ea3486384997d53740bfa9c3307ce150a59dd.exe
- Size
  
  16.0MB
- MD5
  
  655c33920fd920dc86fe9c572f1bbaba
- SHA1
  
  766af67dd9d609c1cbf56578f25b0a3bacc580e2
- SHA256
  
  ec4a958ab73fa233b4bb5cbaf68ea3486384997d53740bfa9c3307ce150a59dd
- SHA512
  
  e8e29eb2e9d26122d59b806a3bb7047b61f36942f34c0c883394337dc86896f71bf0cea4951525387c1eb9511624453022a0aa7e852882bbba7271c1dc2448fe
- SSDEEP
  
  393216:fuIjTX0c+rk9t2+arEhxiLFbHO1mmailtTZ0h6xZ:fuIjYcgPdHcmmaGtTZ0hC
Score

8^/10

discovery evasion persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1
- Target
  
  rptcache64.dll
- Size
  
  450KB
- MD5
  
  add484bd0992999805a6f1bbf8926d2f
- SHA1
  
  3c24dc616392b2df69ba15ce7e195b67683bf07c
- SHA256
  
  22037d98bf738e12816c7dce5a193d80882f21be4d3c60a7b2440b9d6505e495
- SHA512
  
  d2e8594ab75178ec0cac9400902ff71ec22d552648e87bf6c8f885cfd2fee6eecd06dc5136a16bf5ecbf8beee2664fb4d9e31271e6c9fd838ec0c2faf2504e69
- SSDEEP
  
  6144:7URjx0OOxSeTSnkcNZMWaHLqtDQAmedGsl4aXWbarKvfUfcwxRho9m5GLGe0:7kQRSxZMLL1+GONRhoO
Score

1^/10
behavioral2
- Target
  
  rtfile32.dll
- Size
  
  364KB
- MD5
  
  ef739694ae9f9015533d572715671737
- SHA1
  
  eae74c5dd0f444a9d5ec5e2d228d9a0328707b8e
- SHA256
  
  e3adf162f87185b77b4a9b9283fb7aaedbb475f797b3cc6227c3120acd5a3645
- SHA512
  
  ae2ce09a4054ab25e4bfd1f71c4d49690b2890f81ce08407474fe47f50cf81532e184ffa894a56ca70fa657bd9b542ac57009b34083e686accbaa3c8e9954248
- SSDEEP
  
  6144:EwCrMTlrw5qHNsq/eNEzkmhl3AxHs8G4NLukxzWrvDQZm8AZgj122l5Tvu8Q9lJC:EwCr7SNsq/YEzkqAds8G4NLJxCrkZEZs
Score

1^/10
behavioral3
- Target
  
  rtfile64.dll
- Size
  
  534KB
- MD5
  
  cae2c22ba92bd370ea5b0bbf626ff2c1
- SHA1
  
  f32b6245ead3dd8ca1596d4a57852872c7ae9f3f
- SHA256
  
  c5f594dfe782d83d69a77400569e3012e468a28807808698e737b022d1eb04ad
- SHA512
  
  4bc619f8b51bf4e3675f2540d805f6a7a114fd14842455ad340947e4027fe445411589dbc64980caf47a0f85ab8328027d6d562db565cea16b275352c91771c1
- SSDEEP
  
  12288:8D/YimSHo0HtCaswPjCRmASXvpkyS+jvzlyD2:8cimSHjtVpjCRJ0vpkyRjv8K
Score

1^/10
behavioral4
- Target
  
  rtinfo32.dll
- Size
  
  492KB
- MD5
  
  2e7becfa5a8431cdc7b0de522c5a96a4
- SHA1
  
  ae949e3082a95c8a92a21c6935a486f61701952e
- SHA256
  
  52f6aefb309ab0429538525c9137aa1973589f770dc7f8b358e49c1fcd385514
- SHA512
  
  c707148c37a9dbd2793a3a82e7625dc86c03ef64ef463de363cebdd7a95c72929af56ef69de6a7e20983c1917dc486705e01442da9b192ec961992ca6bf617bb
- SSDEEP
  
  12288:O3He1ceSlj0NSczfwFpBwtCtm1ChZHl7MQxlEcB:3wFzZHlFxlt
Score

4^/10
behavioral5
- Target
  
  rtinfo64.dll
- Size
  
  754KB
- MD5
  
  0bd00c379f49c4af51d7e4b051f066fa
- SHA1
  
  0e909506787fd1c4e7d61fd3e1a27c7e05dd40c5
- SHA256
  
  4041cfa37c29145ea32342f50745699ffda0996fa8755a3c9faff01968b3043a
- SHA512
  
  9c50c44983746ed66499047e18dcdfda601729fb02cd873f235d05f0e2d7dabdf077336b11b049a8faee8d100b6b503baa63aad54517bfcca76158522f1abb11
- SSDEEP
  
  12288:B4B/cDRe+YGjgJUQ1VwS4rGmpg7MqZ+GgD2i:Q/cRYGE71VH4rqhZ+GS5
Score

4^/10
behavioral6
- Target
  
  screenhooks32.dll
- Size
  
  78KB
- MD5
  
  f164c24fc798a4cc39a85fb07a293e5c
- SHA1
  
  a1a51a6a692781108f54da5478008b8b519df9c1
- SHA256
  
  1842aa25c8b4d356d0d52ba08f527364f125e451255dc9799f2304fb99096286
- SHA512
  
  617b08a6fe0fda48a22281e2d9a4a3667ba796215f674f7c40e831761e7cc3f9a1ff39e719e07b7ae156befb24177847a70708de1d02285fc9d0c87bb389a3c5
- SSDEEP
  
  1536:ijQ9fdeFzsDCwWEhRRhr5/9hRUl9X3hV:ijQBcFzsDoEhRRhr5jq
Score

1^/10
behavioral7
- Target
  
  scrnrcd32.dll
- Size
  
  341KB
- MD5
  
  aae12afb8b1efea2acf54585e98e642f
- SHA1
  
  4f90f8776c7eef0a1e8081bb83b0686cd512bcca
- SHA256
  
  2658fd793c96fa63d5d61308327c738fdcf62297df97d0128f8976067b22bf48
- SHA512
  
  2bf359acef95b6937793046e21c3fc1a4f2996c83869224a2fd3b92e5e5fe184918eb105af539dfce9d701119c16b97e391afd8a40d3f6ee58d73e4819ce9a09
- SSDEEP
  
  6144:folBD9sMAuabXHpo66P37Dv/rYBMXdD1bBQJ2+U55e2PTPGbLnYmGSGm4:foDxsM7arHp+LLDYBMXvbBQ/UXvTOE
Score

1^/10
behavioral8
- Target
  
  scrnrcd64.dll
- Size
  
  477KB
- MD5
  
  e373efdf3df40cb822c2d1558495ef5d
- SHA1
  
  2ae6301875919f7114c2fe3d9cfcdb76ebd09c35
- SHA256
  
  88db2c325641c739b8cf3c7d2b8c5119c9788dfd281f387ec53570724ca2c4a2
- SHA512
  
  e754cd45e6def207bd5122a4f739b5929f28438ce1da48cd8756008f48889f363541053ce5f6ae443eaed0daa5c653be13f08a3ae14c10e1b901fca3fa0fb221
- SSDEEP
  
  6144:FKPtYR5bxSOlE5I7ImkR663CdNEy/Z6sBK74u61pNtB0zkWZPpa4i/L6rV/sCTG4:ct83C/xUMC7Twt4qvPFAW/F
Score

1^/10
behavioral9
- Target
  
  sensinfo32.dll
- Size
  
  289KB
- MD5
  
  ae211a27e7c82ceb1f8c52dcbc462048
- SHA1
  
  7abc4fe7cbf05b926ebfc53a0a18fc3fcfd76fd9
- SHA256
  
  913572643f1e0795a8851b03f8e04934f637debb1e42d806b3d720ad53d9313e
- SHA512
  
  9383e010923f5edcaf9f46113fd7c956be20707a0eebe2d59dc73f177ce722967fcf1430f40a596594fb157bf3ed0d74ed566208b52a51e94bbc86625651b532
- SSDEEP
  
  6144:qIzmwz3AsIo5Eipd8klvE/c5Ljj7ESZ2asZo2hDGhax3xGJGjq:qInztIoypOgcF4SZhsZHFi
Score

1^/10
behavioral10
- Target
  
  sensinfo64.dll
- Size
  
  381KB
- MD5
  
  6db234826bcac225a4e62b425500f1d2
- SHA1
  
  6795005be206166b29b277b4a32b611632925026
- SHA256
  
  9b38cf577294ca46b0838ab4ee4a0d09e44377b450ffc68d124b36db651f3cbc
- SHA512
  
  6456f7b3055fb97d8e4446928e31079a84fbc46b9633c9588b803cfec536d31a85477cac98dabb977e38ebae0c4954c41946e9338f03a2c479734590e115b277
- SSDEEP
  
  6144:qadnpDcL3WPQ/cqAxegN+/ysXhxeJZXPQWLqPWeK6R4xbGAGcB:qadnKMCAxegNwyfPgun3
Score

1^/10
behavioral11
- Target
  
  setuphlpr.dll
- Size
  
  264KB
- MD5
  
  5b8659339fb6f998f25f3d7055b90a8c
- SHA1
  
  f28ec774744fbd6e2fc9f594bd4d31ef2adb8276
- SHA256
  
  c9bfcea372292fbd29f5a5f6cb51f97143d80e036133830fcb74f0994de51050
- SHA512
  
  37515fee58d2b2df3f3e9d270ec9d4f83f49333411a41c5a7d0514a5745c747ea5d79de2bffc543a2d54124ac49476805d99c18dc9ec0550be538eb9ecac3d99
- SSDEEP
  
  6144:yHLpnU4NBjqLzHNDJzB+cjoLq+OAMGsGSU:yHLpU4q9+cjo2+FL
Score

1^/10
behavioral12
- Target
  
  shlext32.dll
- Size
  
  522KB
- MD5
  
  162e9fef5dc86a75ff84dac041a1bb74
- SHA1
  
  9b7d649c21531e17e627423b9f1c2954f0649350
- SHA256
  
  10110faeea48c8dcf6ced83e0b7c0e4700bc33dd5ebb0d8bdb9492a274c091b5
- SHA512
  
  997b7efaf31222d8a9e80060cddeb70304ebe3d92e969808f111a37bd1d43b39646b4c74456520896f896a7b43f78e2f2b7a4bb070de4511a4bcf5c7effd5af8
- SSDEEP
  
  12288:NsHGkBa8NYE2JqRF56FcGbMr/KjylwHLPBzj0SqKyUJKbdQKH0uRftI3:NsHnl2JvbMrWylwHp05bdQKHf7I3
Score

1^/10
behavioral13
- Target
  
  shlext64.dll
- Size
  
  735KB
- MD5
  
  ac59cf438ab7be02489e915ef1023028
- SHA1
  
  18ad6c56ee779932fb4df0840a9676679b16c9ef
- SHA256
  
  23391cc2ce3a2af2ae52c89815de459e1834c5c53ec588380cb4692ac11f97ca
- SHA512
  
  97c240f540b3535da78449ba48352f47fcc0351531322b796b320fd6523b424a9ce65d6d303bc53ddd81df3d586eb6d54723f984296111a61469400500eaf48c
- SSDEEP
  
  12288:v33FdHRVKYqZt2Kqm7SwbHkv+nb/HzwpENd7vxtJU7QRi9BjqwT:vfHRkZt2+7SwbHkv+nb/Hz+ENdT/Jy9b
Score

7^/10

persistence
- Registers COM server for autorun
  persistence
behavioral14
- Target
  
  siriuv32.dll
- Size
  
  597KB
- MD5
  
  b9c844eb7588b02bdc6878d3cb4215bb
- SHA1
  
  bb5230d41f6c0ff0dd9aa6dab82b2bd90f89fe39
- SHA256
  
  475979b58fa6a18a148ffa978690a464e68950579453531f329d0bb7b9b6c14b
- SHA512
  
  4a96603db7f4b85f8906dccd7c4e64588e40ff1a985c157dae0420a8fbcacaba807b12f2f26b191f1edb9cb8c52a5189fbc2d39b87489394c54e8b09cc8b31ab
- SSDEEP
  
  12288:AflslllfmKLdl62ogziaItnEbzS52ivCw6Q3XKEddoFA3aznpBk:AuhfLd8XvChkKEddIKazpBk
Score

1^/10
behavioral15
- Target
  
  siriuv64.dll
- Size
  
  769KB
- MD5
  
  2ac2fe9d5ffe1704d1acaee1c5440451
- SHA1
  
  efac96f924885f662717c4b8888caef9572e2abd
- SHA256
  
  2bfca8b20388d73bcc06b168caa12cfadd86ce32a9df03bc8d57b663f709e8e2
- SHA512
  
  21b901ec88a6ecce43a0af37c4f300391b79597448d6424f110a90002bf8caef5da1759b2b6c17fc31c204ca887288e378e36868fb353742a39fc0a77b9d8c9d
- SSDEEP
  
  12288:+OSOEO/RdQwwJfwE112siQjJDEc9GHTmjsoYMemvx1E8g:+OSuU/mEX2q9pGHT3Qem5e8g
Score

1^/10
behavioral16
- Target
  
  sqlcipher32.dll
- Size
  
  531KB
- MD5
  
  d29fb377305d23499a4ec41afd57dcdd
- SHA1
  
  adc221f02c7b8668119d20fd0fefc53b62d9b710
- SHA256
  
  e91c75224702835bf124efd0850ac1db3eb14f4fd2b5ee89d15838f9fe16f9ea
- SHA512
  
  f31f92459f8db48b901176a91d8039c37bb3c2cce50f9217e53f2aa91605b63a2077ef7f0ea6115480f11b387adbef0060413cc92b37edc4b6229a7b2fa90e3b
- SSDEEP
  
  12288:UwObJjxx52AyV7VjwSKij35F2wXA3NG8WtV9VeZg/n8x:UwObJjxx52tVESKijJFBA3NqtDV10x
Score

3^/10
behavioral17
- Target
  
  sqlcipher64.dll
- Size
  
  681KB
- MD5
  
  20c42c467fda982977e0e94299215c67
- SHA1
  
  0268661c4e8f05e014a34d2b1eaa932449dd5bcf
- SHA256
  
  45538da9e3c060ff4fc42b0ccb8db01389822bc9c63a4b170bf13ba67bd9ca1a
- SHA512
  
  5b7539e6c9dd68bc6078704feb5c3a5c9a5df8b37ae139a6f8d52ad65dc6637c02608a0069a82fec0bd54f860caf2c0b77d4e615c33b6fe181c8507d2570f0c0
- SSDEEP
  
  12288:4Gb1gNdqbwnFNYHScpOZwhjStHTGdTa0ee8JvduN2GH5kRII5W:4Gb+NdZnF+SIvaHTGdTbee8JvYN/gs
Score

1^/10
behavioral18
- Target
  
  sscanner32.dll
- Size
  
  352KB
- MD5
  
  215f2a2bc94d9e6815a6082630546cc2
- SHA1
  
  a7049f4565f13eab2a5f8ea499e10defcbde6007
- SHA256
  
  d22ae9a4f7143afe271865e6c81c1f76dd64905ffa9c42d0d7c2d3c187a47faf
- SHA512
  
  e5fbde622ba02414bfdead61b93e6080f766a19c91dc1b4803c9d042efcbb468c7f5bd3ec1e363e6e0b9135df66ed55fbf1a5e62321208411541c599f6b29644
- SSDEEP
  
  6144:FerwhTQNs5gTAVmz0g/3EgE18UmgOyirvYy3a2KNp9CKzGjGRR:FerwhTQNs5uAV20KfE8TyirwqCP//
Score

1^/10
behavioral19
- Target
  
  sscanner64.dll
- Size
  
  512KB
- MD5
  
  e8fb6311b02ecc6812909abeb9b5b793
- SHA1
  
  10e65581345face4cb93cc24d0853e2d731fc6d5
- SHA256
  
  11fbccf8a826717d83bc83fcbf45dd2caa2ac24cbff6393d23957d3ab40c9d73
- SHA512
  
  ebcbeaa4bda06352b973677c44e70172d0e5658a688b2ea06e6a054a97e73709def84ee8102a174b30a2bafc20b5145868a721966b74160524dba07229512b1a
- SSDEEP
  
  6144:VtjrO/eQUqlO6gizIHTSx1a7RFayo6S4L98k5ljAX0W0EaKx55sgq5gvxXc9GUGi:VprORg6g1G1krz8uqLsJ5Dd
Score

1^/10
behavioral20
- Target
  
  ssleay32.dll
- Size
  
  344KB
- MD5
  
  355152cca9e9493de9fde0fde7c5d21f
- SHA1
  
  a1687ce7793a38e82db3eeeafacb439c44aa78a5
- SHA256
  
  a076c5707b4ae82d3a62f7300023a2a933dbf3cc3f83b4bb8edc6867105be013
- SHA512
  
  89db321f17fef11a7c3eac39de1bd58e550114cdb77e48e4016f059537e81acc0de7f378b923597d2f534f597e708b9db82de05b35d074d42eb86cbc08da2076
- SSDEEP
  
  6144:DsJ+TKsWjwovdOP44Ekqc4sLzmZDQDT13pf8TH3bKck/xD/tk4NREx4Q2sChEp6n:DsJ+OsWjwovdOP44EHc4sLzmZDuT13d1
Score

1^/10
behavioral21
- Target
  
  ssleay64.dll
- Size
  
  430KB
- MD5
  
  d1cfbeb0e72ef69e3394e5c8be867053
- SHA1
  
  9aee512d080c67137855a12fda60c24efa1d0a4e
- SHA256
  
  fe1b87754b602c27d6c06f31e3c3c955b7ea627b061025ca0de5839832cc4669
- SHA512
  
  a3c938a19f67b88b1d127c69e5c97843e80574060150da6014a2039eeadf3e82a74688ac5acdc1109c7b490fdd1a6cd6ffa54ed483eaf293ee1ff0fbff93eaac
- SSDEEP
  
  12288:cIh498qK/lBeqoF/r6Yp+ZNxQL7zOllCm9/VwiIDUKBYkljZHvCUc5fnG63DcSfC:7U1pJ3vSBpRY
Score

1^/10
behavioral22
- Target
  
  swvv32.sys
- Size
  
  228KB
- MD5
  
  4d585658996c61440d162f3233b98ab2
- SHA1
  
  aba292a0b076169c4a11d9212f89d5ea72440af5
- SHA256
  
  d2aacc5a18631ec1a273c0662b2940306f5b39a425868858998ad74048ba165f
- SHA512
  
  da3b00d77a6841ac3fc31f005aebefd44437913f4f0542445dee2c1e19e0ba55358525ef6fe32b499e97dd4999c992334f3399a91633c49739fbad7dbf58ad5b
- SSDEEP
  
  6144:5K3XyK80ocvvvvvvvvvvvvtU0GOm9Hxl0qqDL6Rh1Gb:5K3XyKXFvvvvvvvvvvvvtglqn6U
Score

1^/10
behavioral23
- Target
  
  swvv64.sys
- Size
  
  228KB
- MD5
  
  38d4705971aa8797bbf154856df90f69
- SHA1
  
  05fa1fa1b51e7d29b2819470b4dc6fea6f17292b
- SHA256
  
  de0feedf477d4dfc63563bbc974045d63758459abad87b5fed52e670932ff3f5
- SHA512
  
  20d2726b7f3eac7ba8390c215d46d392444e32ba4b66333b7f92e87a5b4b7de6a3d26a41808737c076d2a0ec0c07f365f0d9ec76e6fc7f7828fd22ac799dd9ff
- SSDEEP
  
  6144:sdI5HdbDwdeYTJhreVIqqDL6Mxlom9fivKXape:4IkMahreVNqn6afiCXB
Score

1^/10
behavioral24
- Target
  
  swvv64_win7.sys
- Size
  
  228KB
- MD5
  
  a43f30c7031cbf8253e4930117dc6441
- SHA1
  
  a64b6fde9b49a3a1f3e31cf4ce4dd4bbbfba7a53
- SHA256
  
  a0538c365e260caa4a5d1c91bcdf93d216c92317b7f57876fe1b8c02814cf56b
- SHA512
  
  fd8704644e652b98adbd091cdaa9534cc012a0db172cf7817b486389eb7b1b85a80648d0f9d6fe09ce90051f5df23bca12ac3c82209d53ed53d35de1276c0b1b
- SSDEEP
  
  6144:IdI5HdbDwdeYTJhreVIqqDL6Mxlom9fivKXaAeUe2s:EIkMahreVNqn6afiCXzs
Score

1^/10
behavioral25
- Target
  
  unrar32.dll
- Size
  
  285KB
- MD5
  
  e224eda7b8897e87dd0bccd29161e59e
- SHA1
  
  f6af69c41baf5c022b6df0b1585e035e5c308637
- SHA256
  
  bfee9f77aa121df848961c8c07ffcca2bb2847f7dca72129bafee8b385a64992
- SHA512
  
  f9b5c12a386c4ecba50601190f06670a3bdcb7bfa9f339dfe1ff2309921c881386e0d35caf0a5d69ee734850713e96ee0d07e2f66aec44f501493b348aaaa64e
- SSDEEP
  
  6144:+v18GVkTvTOhHdmPGETB4r1z6/hVMy4veuH4RO1+:I1VkXO3Qg1qzX4E
Score

3^/10
behavioral26
- Target
  
  unrar64.dll
- Size
  
  338KB
- MD5
  
  ffb7e5fd3b73b4bacaf1bc798e86ac53
- SHA1
  
  996489fdf6cfc1a7d3df30303fb629149eb3df58
- SHA256
  
  8cd72d68f7b120fbdbffac055cc08620b8b5bd265f1c5bd6d2aa4116804ed42a
- SHA512
  
  e98ab9fa5a7c5d4b36849c600ec90109e59543c23b3c754e2c54663097e4dcf8189e352c3af992f7ed9638f7ceb60731f4f7ae0be139752d3b981e402bfb1e8e
- SSDEEP
  
  6144:10vN3+9n+/V9fVVauM9a6cnDmr3kqw13laOacjlpr0Jj0D0:10vNuZYVZVV6cnDmr3kqW3s/oW
Score

1^/10
behavioral27
- Target
  
  usbmgr32.dll
- Size
  
  459KB
- MD5
  
  571ce6270dc6e1e0ba02f61c3d879aaf
- SHA1
  
  45d4a12239240dda33e55a2e7b14dbb25202f5b8
- SHA256
  
  197eececd6173fc1c2f1356ce283b5aff2cc2493fa1addc6b1ec20a58d8346c1
- SHA512
  
  5b4eb7f38f78983aaf367c8ecc7460e15555d42b672ff6dba4020ffa40d19235dcc43891d2fd0b8f22cc5b47ed18f26eb849f744ab34f987301f89d83c92a6f9
- SSDEEP
  
  12288:r9eDe8vqgxASbg9g2BbhIfSLosQgjpM41j:0SygOFsQopR1
Score

1^/10
behavioral28
- Target
  
  usbmgr64.dll
- Size
  
  634KB
- MD5
  
  d86c75c55fc11fab2cf7fd0496a34688
- SHA1
  
  9b643812c5fd9aa125ad1f0f619caea91f5895ca
- SHA256
  
  59d76855055c0942145ff37ea1c42dd897ea3a521a2ccbb69d2004b801d85a75
- SHA512
  
  3e1212bfcd26763cce6409c157f9889454f7ae2dfb0f8c07c69a1b040b8e482a44362c4e5b0f1e61f0231fd39864ac3bb58055c8811c479f966095be031e4c1d
- SSDEEP
  
  6144:w3cnDYUcUMTl6NKye4iNPS5cKNIf6fm5nkocQM7SkVdUvibUiWIEWfVhBLujzvu+:lDYUsROaCKf6e5HFib/ryHkZtHjMl
Score

1^/10
behavioral29
- Target
  
  winpcap_inst.exe
- Size
  
  893KB
- MD5
  
  a11a2f0cfe6d0b4c50945989db6360cd
- SHA1
  
  e2516fcd1573e70334c8f50bee5241cdfdf48a00
- SHA256
  
  fc4623b113a1f603c0d9ad5f83130bd6de1c62b973be9892305132389c8588de
- SHA512
  
  2652d84eb91ca7957b4fb3ff77313e5dae978960492669242df4f246296f1bedaa48c0d33ffb286b2859a1b86ef5460060b551edca597b4ec60ee08676877c70
- SSDEEP
  
  24576:UBOldyR6ORWsaM2QROxa6jsqUENfJjNK/CG6niqiL:2KzqWsayROxa6QDENuaG+ifL
Score

8^/10

discovery
- Drops file in Drivers directory
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral30
- Target
  
  workflow32.dll
- Size
  
  278KB
- MD5
  
  2a04eb59490a922e64ccb1329d845d76
- SHA1
  
  cadb4dff808defa4032e14bf5aa20626dc62ce34
- SHA256
  
  80658acd27f140389d597dec4b83232126b8a87fe59902d04c4708361c2f2d3c
- SHA512
  
  503053cae9a93658206d20502dc5ec255839b077bf27c2331bd2d2646c208d7ba83797a11114d69a448bada049618b05151586f7a58f012e4947fd2d505abee2
- SSDEEP
  
  6144:Fa8jU7RJqMPYLvv1MVP0L15xEe+2gsfTBRGqG1U:Fa8jU7Xmvv1MVP0rxEeR7F
Score

1^/10
behavioral31
- Target
  
  workflow64.dll
- Size
  
  374KB
- MD5
  
  b83a4dee058cc2a6fd465a81f5f0b9c8
- SHA1
  
  16370f4d10190146f203a94b52d3a0e8be915b47
- SHA256
  
  c1aacb7e9ee6278db68cf804adc8785284a0e13d9f3cf7d543941fb742a1c182
- SHA512
  
  61a6736f2c4e57eef8f1cf27455d4567e748dd52ca726e08824ab81237f801bcf56c53d52ab7338f98a0d89e323418eb39e6661b05c11fc2aceb29beb4bc2a62
- SSDEEP
  
  6144:Fr2YHdxSTeAKA9bOj9tU5akMx/UH+Wy+wwYkv1Y21GAG+Gsn:FCR7z9b+tKManYGZn
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Disables RegEdit via registry modification

Disables Task Manager via registry modification

Drops file in Drivers directory

Enumerates connected drives

Registers COM server for autorun

Drops file in Drivers directory

Loads dropped DLL

Checks installed software on the system

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32