9132b32106eafa81b9e9b615e480945262fc8d320fc9ba25c3df0d4363b2ce3a

General

Target

na_am_ca_en_NADefaulteCommercetrial2010_trial.exe
Size

65.9MB
Sample

240501-zs65eaaf79
MD5

2d6ccde8d31e8240b82e55660f78a39a
SHA1

091b649d783fc206d5d6aa8cbc503fefd3111ffd
SHA256

9132b32106eafa81b9e9b615e480945262fc8d320fc9ba25c3df0d4363b2ce3a
SHA512

b4e55661e4725d9d6d6a203e207758edb0df042da3f673eae6847639c523671a6fa51929d9a33719fefbdd6acd5b63fd4a67fabda3ab0f9e4cc46cc1c2fd29f2
SSDEEP

1572864:sVzjXGIwbffvF3GQPhL0JfEloeI1TZJMSne:sVunbfV3Z8E9IhZJMSn

Score

8^/10

Malware Config

Targets

- Target
  
  na_am_ca_en_NADefaulteCommercetrial2010_trial.exe
- Size
  
  65.9MB
- MD5
  
  2d6ccde8d31e8240b82e55660f78a39a
- SHA1
  
  091b649d783fc206d5d6aa8cbc503fefd3111ffd
- SHA256
  
  9132b32106eafa81b9e9b615e480945262fc8d320fc9ba25c3df0d4363b2ce3a
- SHA512
  
  b4e55661e4725d9d6d6a203e207758edb0df042da3f673eae6847639c523671a6fa51929d9a33719fefbdd6acd5b63fd4a67fabda3ab0f9e4cc46cc1c2fd29f2
- SSDEEP
  
  1572864:sVzjXGIwbffvF3GQPhL0JfEloeI1TZJMSne:sVunbfV3Z8E9IhZJMSn
Score

8^/10

discovery evasion persistence
- Drops file in Drivers directory
- Looks for VMWare services registry key.
  evasion
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c6f5b9596db45ce43f14b64e0fbcf552
- SHA1
  
  665a2207a643726602dc3e845e39435868dddabc
- SHA256
  
  4b6da3f2bdb6c452fb493b98f6b7aa1171787dbd3fa2df2b3b22ccaeac88ffa0
- SHA512
  
  8faa0204f9ed2721acede285be843b5a2d7f9986841bcf3816ebc8900910afb590816c64aebd2dd845686daf825bbf9970cb4a08b20a785c7e54542eddc5b09a
- SSDEEP
  
  192:qADKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQbVUSF:qAViJrtFRdbmXK8+WVUw
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/modern-header.bmp
- Size
  
  25KB
- MD5
  
  1986669b3dce951ac6a9ef82ac35b825
- SHA1
  
  2af88b8d059158f6bf34623e4e4872b31cee0f8b
- SHA256
  
  f054326128bb4b40d33867e4baf13b991747041d13160c34e3132689125ab366
- SHA512
  
  35603ef5b7610ffa1f7e22c34284665ba2f77b537e1fcf7dc15867a34d147b75ce2bc3aef305eec6dc654e1793a14d933902c7a7b32a66136060c0de2b6b952d
- SSDEEP
  
  48:ewcUDx4Qjj0pzojjjjjjjB6XjjjjjjjjjjjjsjjjjjjfWjjjjjjjjjjjjjjjcjjh:ewcUPRazi/vqZdyG4q//////Ww9NMLiI
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6