General

  • Target

    windirstat1_1_2_setup.exe

  • Size

    630KB

  • Sample

    240510-hf5x5sbh77

  • MD5

    3abf1c149873e25d4e266225fbf37cbf

  • SHA1

    6fa92dd2ca691c11dfbfc0a239e34369897a7fab

  • SHA256

    370a27a30ee57247faddeb1f99a83933247e07c8760a07ed82e451e1cb5e5cdd

  • SHA512

    b6d9672a580a02299bc370deb1fd99b5ca10ab86456385870cdae522c185ae51f8d390a7c50fcb5c7898523f52c834bb73515ffc6d0b0bcde210640e815ece9e

  • SSDEEP

    12288:yCjeMsiGVBKvjxTNlZaLlcMj+wXZvQpd9nP2+ZMU2tYspZcMwr/GNd35:yCjeTZa7BTsxewXZUTP2HU2yawjY5

Score
7/10

Malware Config

Targets

    • Target

      windirstat1_1_2_setup.exe

    • Size

      630KB

    • MD5

      3abf1c149873e25d4e266225fbf37cbf

    • SHA1

      6fa92dd2ca691c11dfbfc0a239e34369897a7fab

    • SHA256

      370a27a30ee57247faddeb1f99a83933247e07c8760a07ed82e451e1cb5e5cdd

    • SHA512

      b6d9672a580a02299bc370deb1fd99b5ca10ab86456385870cdae522c185ae51f8d390a7c50fcb5c7898523f52c834bb73515ffc6d0b0bcde210640e815ece9e

    • SSDEEP

      12288:yCjeMsiGVBKvjxTNlZaLlcMj+wXZvQpd9nP2+ZMU2tYspZcMwr/GNd35:yCjeTZa7BTsxewXZUTP2HU2yawjY5

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      9b2ad0546fd834c01a3bdcbfbc95da7d

    • SHA1

      4f92f5a6b269d969ba3340f1c1978d337992a62c

    • SHA256

      7e08cb4ff81dbb0573c672301681e31b2042682e9a2204673f811455f823dd37

    • SHA512

      5b374fe7cc8d6ff8b93cfcc8deae23f2313f8240c998d04d3e65c196b33c7d36a33930ffd481cdd6d30aa4c73dd2a1c6fe43791e9bf10bd71b33321a8e71c6b8

    • SSDEEP

      192:v6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTKK72dwF7dBdcQOz:v6JaVh4I5rpPbTK+BdhO

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      4125926391466fdbe8a4730f2374b033

    • SHA1

      fdd23034ada72d2537939ac6755d7f7c0e9b3f0e

    • SHA256

      6692bd93bcd04146831652780c1170da79aa3784c3c070d95fb1580e339de6c5

    • SHA512

      32a1cf96842454b3c3641316ee39051ae024bdce9e88ac236eadad531f2c0a08d46b77d525f7d994c9a5af4cc9a391d30ee92b9ec782b7fb9a42c76f0f52a008

    • SSDEEP

      192:4O6dJA/ruAFEiUdWWE6hE5RYUdJfbub1algMO:RKAFERdlxhGRYUzqZal

    Score
    3/10
    • Target

      $PLUGINSDIR/ioSpecial.ini

    • Size

      211B

    • MD5

      e2d5070bc28db1ac745613689ff86067

    • SHA1

      282e080b4cf847174c5c11e4f9157b8c338ecb19

    • SHA256

      d95aed234f932a1c48a2b1b0d98c60ca31f962310c03158e2884ab4ddd3ea1e0

    • SHA512

      a50ca2014869629135b54e848f03cb4983ad8029cd811300d02b0fc54de0436185f418fea4d3db888eb0f3170e33a59d486aa885f024ab29e630e9bc0ae1a2de

    Score
    1/10
    • Target

      $PLUGINSDIR/modern-wizard.bmp

    • Size

      25KB

    • MD5

      cbe40fd2b1ec96daedc65da172d90022

    • SHA1

      366c216220aa4329dff6c485fd0e9b0f4f0a7944

    • SHA256

      3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

    • SHA512

      62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

    • SSDEEP

      24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      $_5_

    • Size

      632KB

    • MD5

      3f3dd4476249ae664e3365e5bb651601

    • SHA1

      752e1687d58de3bef927d9ad24c0ed3da3754e17

    • SHA256

      f12d0929055567eee4b5842b7e59c34585a03191447de682dc729ad19aa2314f

    • SHA512

      c9d38fa61fac0f48e8c2bc319c87df31f1ee49e8bc383ce348042480e1f0d0c28f198fbfa8cb6dd62f5767ae51ce8e67a7f527213fe1043987add465f1ba97df

    • SSDEEP

      12288:5nKnA/rpVTNPjAuufoRqGKRsytFTkzpjSp+Km:InA/zTN7AvfJGAsuTkzu

    Score
    7/10
    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Target

      Uninstall.exe

    • Size

      46KB

    • MD5

      a127e6118b9dd2f9d5a7cc4d697a0105

    • SHA1

      9ac17d4dcf0884ceafacf10c42209c0942dfe7a8

    • SHA256

      afc864cfce79b2a6add491a27ea672d958233ed7a97a2cbbce60100d2fa1e670

    • SHA512

      0e57d2856c02c55d477d9b3cc1d4bf5ffa3650d4b20be18b0a9e614d19143aee325c4cd92ff31bbddf6e93cd3ebeb47d8727de6e25faa366341cc71117122065

    • SSDEEP

      768:tnCHBjSfD0RDSjiN+WWrHcRtf55M4z54q+F5871mJMOUlNu0ZBA9U:MHFSfARDSW0HefHbmJZUlNu0bP

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      4125926391466fdbe8a4730f2374b033

    • SHA1

      fdd23034ada72d2537939ac6755d7f7c0e9b3f0e

    • SHA256

      6692bd93bcd04146831652780c1170da79aa3784c3c070d95fb1580e339de6c5

    • SHA512

      32a1cf96842454b3c3641316ee39051ae024bdce9e88ac236eadad531f2c0a08d46b77d525f7d994c9a5af4cc9a391d30ee92b9ec782b7fb9a42c76f0f52a008

    • SSDEEP

      192:4O6dJA/ruAFEiUdWWE6hE5RYUdJfbub1algMO:RKAFERdlxhGRYUzqZal

    Score
    3/10
    • Target

      shfolder.dll

    • Size

      22KB

    • MD5

      33c369a535290299ed5e5167cea37fdc

    • SHA1

      4ea387cb55cada35de02738dfb324ab830d416f4

    • SHA256

      e69da5febb5a2932cbe731e32a5d7f6615bb987a119ef2cedead4555d86144e8

    • SHA512

      581f2bf315c90e200fd621477d0192c6b3b4c51575b9d9f8c85114783c4425a7de221898055aa275068e4c6c5fb0458eb13a66b4512cc7499e7cc7843aaf9e78

    • SSDEEP

      384:kqXjRYAhfBALfdpju122HoSHigH2euwsHTGHVb+d3HmnH+aHjHqLHxmoqQG0CHuz:kWjRLhZAL7juAL4+

    Score
    1/10
    • Target

      wdsh0407.chm

    • Size

      54KB

    • MD5

      64aa305e920630d0f813691f4187c496

    • SHA1

      4bbc9397c16de7cd9869252632fe038b8f8ad384

    • SHA256

      181a23a56b7649d5e1c882786de531fedfb9e80a58c96ad92871f72a626eac14

    • SHA512

      fde86a9a5b55756371af0d4bbb7a0b542b9765503657368540a651d153f84359fdb75522331b7672a0c242c107765e5c0ce717f60b18ff8b1bd2ef5aee44351d

    • SSDEEP

      1536:EN2/oYDyp7DUWsbIxXXVP2sQoizOut88vS:O2wYDyuWsUxHVP2sQoizJ88q

    Score
    1/10
    • Target

      wdsh040e.chm

    • Size

      57KB

    • MD5

      bc90b966e06c5c20486815809606c77d

    • SHA1

      12d7ba627d77187c1a41b552ab3c6556ba4a4823

    • SHA256

      8e54bc2dd576d4bfe241e37305a525d80fd9839ed0de2e34abedf49c7f23f5cf

    • SHA512

      26047532e3d6c495dc6a7b0c8d0479018227c189f1c0228ea83a209b5422ac88188c9e9cb7422ec02fc8c9dbc0ac3ce2588a62d8648fde616b9cd61b85a155b9

    • SSDEEP

      1536:V6iw3SziWVuxJ16cuZ4GMFtoEOq6YShAvLpAE/Q:IiJ2uux/6cuZVG/6lhOqYQ

    Score
    1/10
    • Target

      wdsh0415.chm

    • Size

      55KB

    • MD5

      de97a75cfa6d6cbf91ba68c0c90695c1

    • SHA1

      5932fd0fadb6ef284605e2410b5045dcc131ac93

    • SHA256

      bab7db85927f846a6ac584d5fc3fb522e812fc1e505e333728f85efd16b50238

    • SHA512

      7714be7430c309d2b63dfd1e90446925f417ee500b06350f595d43b9c0db121339151ea7e0440922dd6c11534e23572da3d2c9d31dc21c808a8a840ec8e0f172

    • SSDEEP

      768:kb69pw0scpr+Mo4OiKvc7DqL1hjzZwAsGHJLg9KM9G/b0/P3eubAHOjDIhR7Iop/:kb6Xw07XXq9umATqMeWAHqvYnFHt

    Score
    1/10
    • Target

      wdsr0405.dll

    • Size

      56KB

    • MD5

      8eee4f1cde4b0cfd0365456040e05364

    • SHA1

      b38200f4a3af27a59ec08fde2c6aaac4727dffbf

    • SHA256

      7463df064c98cdb501b2310dcac878f9210a303d50d79431152e3031ae1a224a

    • SHA512

      17da577977c6766dc56ee08726ae77f4cbbf83da1037c976d8ca36c7149bee56fd691ab735fc4a12721d86860fddc39ff99bb74aa515de96bd2da0596fbd33ab

    • SSDEEP

      768:yOWz6n36MwlqZT5nNAPxIkRXIafTGO6kRfw/WZaKCam:yVSBNoSkRXIafqjkRf4QCam

    Score
    1/10
    • Target

      wdsr0407.dll

    • Size

      60KB

    • MD5

      619767bb217f6d1754e018926753e89f

    • SHA1

      cb731df1d74ceec090cb55fb76e9dfd6e4337400

    • SHA256

      7867b69c5deff7f949e58eb3ff1b266e66ad3fd252c52334927114e7c53ce27b

    • SHA512

      8bb7c717206a3b86bf4c5d46d0a838373ae557708040656f9c2cb47db5f38165bb9160545d2f6d9200b9ff59160292f88044abd997bcc01e46b40a4dcf58318a

    • SSDEEP

      768:QniT9wgpxcn37TFb0FuIa955yo7evokJrOLoZaKCam:QnbgpsLt4uIa95h7evokJr4OCam

    Score
    1/10
    • Target

      wdsr040a.dll

    • Size

      60KB

    • MD5

      cf69ec4f622ab3efc0d59c94c7861d3c

    • SHA1

      8baa748295cb941e1693e4c2a298343fbfc5c048

    • SHA256

      75ca96992380e5b8e323310a01c8a68805ad76223197d2bdaecc03817d233dea

    • SHA512

      dcc99395fed596e6ef7a959731254093e73fa006a14b0ecbe6f780a9d8236428d9e90024e016d5f1bdbf323e1fe01ffa3727c9d09a8666ef2745dc56462ed6cf

    • SSDEEP

      384:jH6u7Vn2KDadkOKDVdS9Ew5eNC1GF8wcgnSLIdOpAv18/pIaqSivHxACkwYcwiZY:HxKQ8wcgnSQOi16IaavWiZaKCam

    Score
    1/10
    • Target

      wdsr040b.dll

    • Size

      56KB

    • MD5

      4a5a97171af49b09f1c68ba7a9bdae34

    • SHA1

      a6ed7e9ed8a4d9b462378571346fba1d40f1c75a

    • SHA256

      d7fb9404282ca467e0f3e80734a388885c219269d3e9ee78bb66ee9201803ae4

    • SHA512

      51a0f250cbd115f532970a291ef477de89cff786df28ee8729d35f68c8cb0f018a58e9edbaf758ff11172b68952f8fe3b74ff8ca6e8e62a482712126ddd40323

    • SSDEEP

      768:ne1K36pwrqnfPAY5IaBNqhN+3ATwZaKCam:ne1oAQY5IaGqXCam

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
7/10

behavioral2

Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
3/10

behavioral10

Score
7/10

behavioral11

spywarestealer
Score
7/10

behavioral12

spywarestealer
Score
7/10

behavioral13

Score
7/10

behavioral14

Score
7/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10