Overview
overview
6Static
static
1filedata (4).exe
windows7-x64
6filedata (4).exe
windows10-2004-x64
4$TEMP/down...er.exe
windows7-x64
1$TEMP/down...er.exe
windows10-2004-x64
1$TEMP/down...ap.dll
windows7-x64
3$TEMP/down...ap.dll
windows10-2004-x64
3$TEMP/down...xe.exe
windows7-x64
1$TEMP/down...xe.exe
windows10-2004-x64
1$TEMP/down...up.exe
windows7-x64
1$TEMP/down...up.exe
windows10-2004-x64
1General
-
Target
filedata (4)
-
Size
2.5MB
-
Sample
240507-wry6mabf28
-
MD5
6e3bc255dc7b79e452c66610c741eb95
-
SHA1
972d9adbec19dd1277b4329fa13641847ca18c87
-
SHA256
bdb74a31956e7c2ce7a3c6344ac7265d84b735c1038a390168f01d6d9fa43b3a
-
SHA512
8f79aff54a92394ee1098c92b7bb0880369cdacf0aa482475edb47857838687eb06ec2f33075eb2343c54284d8cf8ccf6e50cbe4a96ed36f63321796eb1f8562
-
SSDEEP
49152:e/jU67vjsddEhjFGNS9LXQOjOQKK6bxM1vehddPa46JFUxkVxq6ZBcMucAtL:2U67vYUhjjV5OdbOUhDPWTUq9cMPOL
Static task
static1
Behavioral task
behavioral1
Sample
filedata (4).exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
filedata (4).exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$TEMP/downloader_easeus/2.0.0/2free/EDownloader.exe
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
$TEMP/downloader_easeus/2.0.0/2free/EDownloader.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
$TEMP/downloader_easeus/2.0.0/2free/aliyun/AliyunWrap.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
$TEMP/downloader_easeus/2.0.0/2free/aliyun/AliyunWrap.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral7
Sample
$TEMP/downloader_easeus/2.0.0/2free/aliyun/AliyunWrapExe.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$TEMP/downloader_easeus/2.0.0/2free/aliyun/AliyunWrapExe.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral9
Sample
$TEMP/downloader_easeus/2.0.0/2free/aliyun/InfoForSetup.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$TEMP/downloader_easeus/2.0.0/2free/aliyun/InfoForSetup.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
filedata (4)
-
Size
2.5MB
-
MD5
6e3bc255dc7b79e452c66610c741eb95
-
SHA1
972d9adbec19dd1277b4329fa13641847ca18c87
-
SHA256
bdb74a31956e7c2ce7a3c6344ac7265d84b735c1038a390168f01d6d9fa43b3a
-
SHA512
8f79aff54a92394ee1098c92b7bb0880369cdacf0aa482475edb47857838687eb06ec2f33075eb2343c54284d8cf8ccf6e50cbe4a96ed36f63321796eb1f8562
-
SSDEEP
49152:e/jU67vjsddEhjFGNS9LXQOjOQKK6bxM1vehddPa46JFUxkVxq6ZBcMucAtL:2U67vYUhjjV5OdbOUhDPWTUq9cMPOL
Score6/10-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Modifies Windows Firewall
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
-
-
Target
$TEMP/downloader_easeus/2.0.0/2free/EDownloader.exe
-
Size
1.2MB
-
MD5
8a250a75859fe52116e706a640e6d77c
-
SHA1
473c36d9d80173636faeeb0ae4ae9e047e4e9d8b
-
SHA256
823ab6955052ef34218559b53d4f15224b5a850b532672fa33a7634dc74981dc
-
SHA512
4b519b1de8f6647a5cbbda11084d096e8bbfe8f694f4fda0e0f244b477f3f15c143254b044b046302ac79b136377894027d9baa2d4ba67ed38f5a55f480a44b4
-
SSDEEP
24576:JisJdAcuXY/WQjkLxNEl5DYjwuoJ039NzO0lQHoR8lOuLkdNoQv:PjYzhQHou8qkboQv
Score1/10 -
-
-
Target
$TEMP/downloader_easeus/2.0.0/2free/aliyun/AliyunWrap.dll
-
Size
482KB
-
MD5
58968e221f2522d98dbfe7574d0c44aa
-
SHA1
424b55216f2c832202c01363e013546380f5312a
-
SHA256
265170e701ec453b13249e7a4e4f401b87fae79442cce77060213ebcd03828c0
-
SHA512
9bba6ffbec9b6d3de7b530b056098465a54b66494db7e7ca82e8c98802fb5a1cb500f5d505387f2a33fb9a42a533d5838b1125ef14afad11285410652c6f07b5
-
SSDEEP
12288:YaK0OuDBlYPIj/q9DQsEfExtrlp87pMaIPuboWMlyF0Ps:W9DeuBc/IPu8WMAF0Ps
Score3/10 -
-
-
Target
$TEMP/downloader_easeus/2.0.0/2free/aliyun/AliyunWrapExe.exe
-
Size
107KB
-
MD5
f3b9a2d94682fee26fc079ba1e0fb040
-
SHA1
ff9e89fbcb6939095ecfa34438d9e6ebf9ad6fb4
-
SHA256
cdc9ee419589b8e378b030a5180b12cf4e1fc2fa132dbaf0e961adbe3c782e55
-
SHA512
40baa3d59eb931eeab583ecbd4526031bc8d455192d69c3f87b9220ebaab194a2922e4a3e9e36db3a587f56961c0686b81bcec8382ac02f968f31b566581bbbd
-
SSDEEP
1536:A554a+kMgHZ73LkUluTbDJgX+oLENoN2CraI9WkF1X8OEdlg5BaAUH7jfrxZM:TswTbD6LLraInhEdlg5BJUHXf8
Score1/10 -
-
-
Target
$TEMP/downloader_easeus/2.0.0/2free/aliyun/InfoForSetup.exe
-
Size
66KB
-
MD5
99891aaa0e15b2a514a4ff5c9ec03f4d
-
SHA1
faf215763908a9a6b8413c7e40293fe4be9bfe7b
-
SHA256
505ab42f0f376a4d8576bbec9cfdce43deabe168356dee760000319a73e72611
-
SHA512
36f6d66987506a938faa7503e0fa3a6cf76aa9ca6a30ea7cb7e80d058cf203eae152ef97b2329ba83bb18fc70430a2e00e9aa1f408e94b132813b4bf741697de
-
SSDEEP
768:CVyp8XwXEXrjOgRXvLH4IE3jDnIoiiBbIADgykhUMId50BLbCYiHDLlGAMxkEy/:CECwXShvLYIE3nnInie2khc50k7jex2/
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1