a09b29748ae4797b934cd854ce01eefc4debe385e7e642e26e035dea7569ff90

Sharing

Copy URL

Twitter E-mail

General

Target

KernelOS-Modules.zip
Size

199.7MB
Sample

240516-aa84lsba7x
MD5

789dcd2aff73364375ec55011c8517e4
SHA1

14f1e45a03cbeb53978175c6140b50febbefcd02
SHA256

a09b29748ae4797b934cd854ce01eefc4debe385e7e642e26e035dea7569ff90
SHA512

4baeec16888a2df6cf58bff19b0d41272bac1db3d812d4aff4f0adaeb7b6cd6bfcd236c2713a651d7905a64bca9f10fcfd995d9836591e41fe98438397bb6bb8
SSDEEP

6291456:t+kd518xpex2BIGZCRvSy71icN702+5rMFV/wSC36D9hp2y6+2:n8xpYGa6Xm/w4FpwSe6D9D2y6+2

Score

9^/10

Malware Config

Targets

- Target
  
  KernelOS-Modules.zip
- Size
  
  199.7MB
- MD5
  
  789dcd2aff73364375ec55011c8517e4
- SHA1
  
  14f1e45a03cbeb53978175c6140b50febbefcd02
- SHA256
  
  a09b29748ae4797b934cd854ce01eefc4debe385e7e642e26e035dea7569ff90
- SHA512
  
  4baeec16888a2df6cf58bff19b0d41272bac1db3d812d4aff4f0adaeb7b6cd6bfcd236c2713a651d7905a64bca9f10fcfd995d9836591e41fe98438397bb6bb8
- SSDEEP
  
  6291456:t+kd518xpex2BIGZCRvSy71icN702+5rMFV/wSC36D9hp2y6+2:n8xpYGa6Xm/w4FpwSe6D9D2y6+2
Score

1^/10
behavioral1
- Target
  
  KernelOS-Modules/DirectX/APR2007_XACT_x64.cab
- Size
  
  191KB
- MD5
  
  8acbb49a7c2a97c12f63c16bdd8f7512
- SHA1
  
  7ba1dbd540142423df7ddd5b165da9550c397716
- SHA256
  
  0e1042d91b755a36e7dfca480bb3f868cb23f5438dd1415fd3fcfb13b27d761e
- SHA512
  
  e78f71ab8b055ac65a35500682fcc0e17d34bcd68b61e22b51a5bb96596cd737dc8e76f6362ccc5d90f7cc075240868a913a11eef9c7567c330a738c6f1bd8ea
- SSDEEP
  
  3072:zUQ+EPJ/0asIhqjUy7jRqMJG0HRzMG7xiND3Jo7EcTQt/1emc4lO9NUeKZTPzndO:Yr+0amjUgjJG0HRzMUxWDJkUMP9KeK1M
Score

1^/10
behavioral2
- Target
  
  KernelOS-Modules/DirectX/APR2007_XACT_x86.cab
- Size
  
  147KB
- MD5
  
  96f1ec4650282a0fd2dbd1eea7f5cfd6
- SHA1
  
  02043cd1b6f0e7e06932d210422d34eadfdca437
- SHA256
  
  9dee9f2b720b0fc90b8ebdac22d20f2008e58f16f354b9a967526c439bf0b9a3
- SHA512
  
  35f326dfeb3a1b610e0d83e2bba25ebdc162270d8e14f1d7a25bb5abcb6b2402fc295146df77b95853660849900e8dd7cc64cbde4d3e6519e3d72ba6792710be
- SSDEEP
  
  3072:NcJ4S2kOBrMASnHr7M58QmpeFT7582Skd1ksaIwbhQDp9kkIFxYJQZW9G9ow:NQ4S2kOi/MKbSV82xKnDVQ/EqQZa+9
Score

1^/10
behavioral3
- Target
  
  KernelOS-Modules/DirectX/APR2007_d3dx10_33_x64.cab
- Size
  
  682KB
- MD5
  
  3fba5d677f19c48f210ca5f6372d55ad
- SHA1
  
  52ef8d34285fb4cb1d8cab84a1654abc2d0dd77f
- SHA256
  
  1bed02f304d495c2769debff315ae3f017c7e9907d85138996554e8e61a61e91
- SHA512
  
  7a425b01a48d50da924c172a6c9eaec6045e45f744af93fcd7b7433816b8453ac3e17116563c38bbc0ef3ee3e68cdabd86ffd531947151b0e799ddd479b6f7af
- SSDEEP
  
  12288:VK6/uIaEOb2fc+HdQn/lDTK79RrFEYnj3LUFWQJcR1WrADy2IYxUSsEtiqUo7B:VUlb2fc+9Qn/u9RrFEO3LUjU95I/Etii
Score

1^/10
behavioral4
- Target
  
  KernelOS-Modules/DirectX/APR2007_d3dx10_33_x86.cab
- Size
  
  679KB
- MD5
  
  83033f2988efe706886e5aba492974d7
- SHA1
  
  3749dce941e880fe11f451ce11ce4b0753574506
- SHA256
  
  6aca96d6aa400d8ad07d2fb1c4aa94c62d261b9370cbf01d2acce24e489038ba
- SHA512
  
  44ff9b7606cfef86641b7f535f2321e96abd25fb064ba5b57a9668aca98a6f2e9691e8d7eab534a14730adcaa1aaf345074ab4c514e9dd68c0c9d992a600ab2a
- SSDEEP
  
  12288:mHwziN1v34WzSc6IA6ajvY8ov8ZdReUTQ8Mr47JYCophIa9sNDn1QcILtwGh:501wWzCI3ajjls4NpAsNDnMwGh
Score

1^/10
behavioral5
- Target
  
  KernelOS-Modules/DirectX/APR2007_d3dx9_33_x64.cab
- Size
  
  1.5MB
- MD5
  
  71c6a3c5c04093254e752e0d15af1869
- SHA1
  
  eb3bbd9de097558664b036e5b90145c5348f33db
- SHA256
  
  387c63928479e0ad138fa154f9f291821275f6fdf122aac8ace87f0d2033e77c
- SHA512
  
  555f832c37afc9743cc23d7983054b063a95cbc7861878932b6cc5cc0ea8f4a273e6272f9b4219692d3a3d702703a68e0d5a5d9d254b4bf3149f652c99754112
- SSDEEP
  
  24576:BjzSeifTXjfzuO/m35sCqSrSBEZqyi2bjbBfQbIKpP5FfiB0Qjq/X1ZXp8MF:BvSeSTXj7u0OUM9UStQbNd/Gjq/Ft
Score

1^/10
behavioral6
- Target
  
  KernelOS-Modules/DirectX/APR2007_d3dx9_33_x86.cab
- Size
  
  1.5MB
- MD5
  
  8e3e46de4d520b4836b8776a2c771eaa
- SHA1
  
  48db572e4e14e3cfa56fcda43bc4529d8b58aecf
- SHA256
  
  9a7e65d97910b2038bb01a640a86c2ebf62ab7b36a50f349e71ec901b206f0ee
- SHA512
  
  93f8af6f204c0d9a59dc45200fe31ac6587a6a20d851fe5f84141d8cc665be899caccf8f1fb55565b52083bfe4b67ffa31ebc9db015a2c17f34af04919eb3bbc
- SSDEEP
  
  24576:UcQY0tIpwa5ydxGuruluTsRWo1Iq9e5m98yiN9/0rjVH60mPxr/1Mag:UcIIi+G9rul8uooec98yi//0rjoDZrCv
Score

1^/10
behavioral7
- Target
  
  KernelOS-Modules/DirectX/APR2007_xinput_x64.cab
- Size
  
  94KB
- MD5
  
  743b333c2db3d4cf190fb39c29f3c346
- SHA1
  
  26b3616d7321978bd45656391a75ee231196a4a2
- SHA256
  
  e7a09f8235cc587cc63f583e39fbc75008d9677c8bb4dcc11cb8d0178a5153ac
- SHA512
  
  77fbdb86c79d7228bca2982a3285a417a365af980488a5ac2d470b532fa59fcc15e0e8dbee6eb1a3a5256fc29e0e3391529cd2ac13e0f72987ee0da136000957
- SSDEEP
  
  1536:CEDWhtT9OVcSEbv2sSXSf2rGrqZj64W/msrR2rKg+Yy9bMP+rGb2HtDZzmwG9rHR:It5OSvuXSf2rbZu4Kmsr4eLRwPC5B9G3
Score

1^/10
behavioral8
- Target
  
  KernelOS-Modules/DirectX/APR2007_xinput_x86.cab
- Size
  
  52KB
- MD5
  
  c234df417c9b12e2d31c7fd1e17e4786
- SHA1
  
  92f32e74944e5166db72d3bfe8e6401d9f7521dd
- SHA256
  
  2acea6c8b9f6f7f89ec51365a1e49fbd0d8c42c53418bd0783dbf3f74a744e6d
- SHA512
  
  6cbae19794533ad9401f92b10bd9549638ba20ce38375de4f9d0e20af20d78819e46856151cc6818325af9ac774b8128e18fbebd2da5da4efbd417fc2af51dab
- SSDEEP
  
  1536:9cnwcwzHEdb27WH2SfZDNu75ddnVR+ZFaNk0ZT9rHUh:0wb+2eZonQwN9oh
Score

1^/10
behavioral9
- Target
  
  KernelOS-Modules/DirectX/AUG2006_XACT_x64.cab
- Size
  
  178KB
- MD5
  
  9cafd440798ed33ec6561b09549ab263
- SHA1
  
  631f1d92633c6655afa445f9f2a218820ea7a1f6
- SHA256
  
  beaac99fd17bc9fa85a2a220a13d8c13bd90f66eee595cbd27ab9aaadc234b03
- SHA512
  
  d6c73fd47bcaaaed27a38b686c3ac4f7b7e94bf0abc823d6a5c0bfe9877184187530c6e83524b3f736a792ae5bc53bd71b772f6a961fcfdec73b92a20738fa0e
- SSDEEP
  
  3072:GglGrmTM3Ne3LnSYZr66OltMlRz/EFa6xoXJMOL7CmAvyl81g5K7VQLWRrZz95g:1ESKSRr66OltMlWFa6xoMOL7vmGGCAra
Score

1^/10
behavioral10
- Target
  
  KernelOS-Modules/DirectX/AUG2006_XACT_x86.cab
- Size
  
  134KB
- MD5
  
  155b66797691647bbb935f0c0872c64d
- SHA1
  
  91ddf1ac4f5b4bb7b7d2bdc5268622e17c55a5db
- SHA256
  
  cd2e1256efa1723eb77c77440f7b72f0eed8c0df17677cd4cc5a95a65a0f4849
- SHA512
  
  744bee6c4ae98b0748e2dc2e00fc5c587438c442f6b8ec2be7ba53069deaf95c427024ad0c71ee5eb35ac513ab73c55dd00206ad657e4bd531c99023553a51f1
- SSDEEP
  
  3072:lLkEev6VCdOQKPuF/p+emNC4J962LGMlPj6MoCW37gwND0S9olt:lLkEeKCdsPufE59tLGMpxobsG0qq
Score

1^/10
behavioral11
- Target
  
  KernelOS-Modules/DirectX/AUG2006_xinput_x64.cab
- Size
  
  85KB
- MD5
  
  866da8edbc4e6ecbc4b04e2a77613aad
- SHA1
  
  0a6e2b8b170271c8e2fba304cf31e74f67130cd1
- SHA256
  
  a54c7820f37b5e70068b801263c7efcc26b6404555a968094227e8bbaf5c22c5
- SHA512
  
  4f4e6e5eceb5ffda29dd850246078b23fdbadb8d75b7d85e4ddaed3a335923ed286b5949191bffa28db4b97e3eac30a286afbcf564b06f60763faa6d94df4b55
- SSDEEP
  
  1536:9lQFOMW9t2gGQtmxC4LbB8GXjgvW/j44krD+W2MLdk6v5yO1Ha6DB/4RPjz6ITdO:fIOMWm+tmnbXjVkWW1lgO166cjz6X9oo
Score

1^/10
behavioral12
- Target
  
  KernelOS-Modules/DirectX/AUG2006_xinput_x86.cab
- Size
  
  44KB
- MD5
  
  75b3d7d008dad88064ec3d768fc60fca
- SHA1
  
  69b2ec8c1007dda8da339d40ba1f2bea041859bc
- SHA256
  
  ad2b521d1a7abca6314eaeacb23690b63b2a17adbb2a47d3d69cc4660c7d2152
- SHA512
  
  f416c165855d2a472394502a577520f2f874f77b21d032046c7a175b48c91461cd74246ceabeb95a07c2e213c5b9d7fb85e9c996c39d18110ad698a935d667a9
- SSDEEP
  
  768:yuG396sAA1wXXvVFc2755DkphtVmUkt/lnkvH0odpl/q1AMi2jXHU0s:bwQsAhFcSmpJ3kt/xcd7o9rHU0s
Score

1^/10
behavioral13
- Target
  
  KernelOS-Modules/DirectX/AUG2007_XACT_x64.cab
- Size
  
  193KB
- MD5
  
  0e9ab7f465516fc690c79e230185caae
- SHA1
  
  19f229335832671e827f03ea47a4b550b4789a83
- SHA256
  
  35f09b0727ee1ab9116166c512c08886623a67939b2e0d841efdee689b6e0f84
- SHA512
  
  af1b6ea9c75298168e35dc910a489de34f4cf1d25506b6e6c33002502273668b09512bb13cd5db41f268b23b61e38ca610b95294ebd294f388c6fff476c8b641
- SSDEEP
  
  6144:r/ro1oeTmBD4NyYbzQpFXCB3HcIe8XpK8UDLIdex1:rTSRmBD4NnQpFXCBXcIhrUDLI01
Score

1^/10
behavioral14
- Target
  
  KernelOS-Modules/DirectX/AUG2007_XACT_x86.cab
- Size
  
  149KB
- MD5
  
  2bdd2481e5982de14ec680aa8b38347f
- SHA1
  
  a96d18ab55129420f90e07b1407cd10806e4686a
- SHA256
  
  b39c1b8483111be11cd4c10ef2d18ec8f0b23ff13b628482507076ede9fa9bd1
- SHA512
  
  b677331ea4a45e8f5379d513b4a61c71cf6a8ac6878dbdcc91a9bf31efb3e1e649f67da033806fc30faf9be000fa2b58a7f3b0af75d6388397ad05466556fe62
- SSDEEP
  
  3072:B1fyoa65g+jY8gS1uVqdpIZiUrwX7WsXMEnAB4QsTGW9o7A:B1FpljYe1dpLWwqrEnA1sTFGA
Score

1^/10
behavioral15
- Target
  
  KernelOS-Modules/DirectX/DSETUP.dll
- Size
  
  93KB
- MD5
  
  eb701def7d0809e8da765a752ab42be5
- SHA1
  
  7897418f0fae737a3ebe4f7954118d71c6c8b426
- SHA256
  
  2a61679eeedabf7d0d0ac14e5447486575622d6b7cfa56f136c1576ff96da21f
- SHA512
  
  6ff8433c0dadc0e87d18f04289ab6f48624c908acbda506708f5e0f3c9522e9316e587e71f568938067ba9f37f96640b793fdfaa580caedc3bf9873dc221271f
- SSDEEP
  
  1536:Bc8tBKv1HCyODN2wjIqlLmqxY3AMVI4I9okOEvc0/c/sZRYltL26VVE2S+JJqsHy:BftQv1iyODswNLmqxY3AMV71Ev54EAxM
Score

4^/10
behavioral16
- Target
  
  KernelOS-Modules/KernelOS22H2.bat
- Size
  
  63KB
- MD5
  
  32d7f72b68d881ed12300ca88b68cd54
- SHA1
  
  4e95abacf4a54720785e31a7c408609d3e3478be
- SHA256
  
  2b841784fbb8345e3bf40ab4950b60c7aee4633973ffea33f5325a0cb25da973
- SHA512
  
  a805b7373d823ea8c5cd33f69b71f759d9edf5dc0c38c53ac2dd0e1b9048bbfd243494e30e72fd5e399afaa6c389f6d3f5d7ac10501c1db8d4cc6ad665bc5047
- SSDEEP
  
  768:lTIyf6W5oGNbfrdAUY5eC9vOcbXmB9ofdfv3h8mox+QRv2WYV5FEvUr:hJi
Score

3^/10

execution
behavioral17
- Target
  
  KernelOS-Modules/VisualAIO/vcredist2005_x64.exe
- Size
  
  3.0MB
- MD5
  
  56eaf4e1237c974f6984edc93972c123
- SHA1
  
  ee916012783024dac67fc606457377932c826f05
- SHA256
  
  0551a61c85b718e1fa015b0c3e3f4c4eea0637055536c00e7969286b4fa663e0
- SHA512
  
  f8e15363e34db5b5445c41eea4dd80b2f682642cb8f1046f30ea4fb5f4f51b0b604f7bcb3000a35a7d3ba1d1bcc07df9b25e4533170c65640b2d137c19916736
- SSDEEP
  
  49152:+r67+stI6RWGTAdyvlADUrpTmcOgohwJpEM5grO3oc1OXZViFeRyDErkLUMHzkRN:AM9l8pUr9m30L5grOQXZKAsErkbQRN
Score

1^/10
behavioral18
- Target
  
  KernelOS-Modules/VisualAIO/vcredist2005_x86.exe
- Size
  
  2.6MB
- MD5
  
  ce2922f83fb4b170affce0ea448b107b
- SHA1
  
  b8fab0bb7f62a24ddfe77b19cd9a1451abd7b847
- SHA256
  
  4ee4da0fe62d5fa1b5e80c6e6d88a4a2f8b3b140c35da51053d0d7b72a381d29
- SHA512
  
  e94b077e054bd8992374d359f3adc4d1d78d42118d878556715d77182f7d03635850b2b2f06c012ccb7c410e2b3c124cf6508473efe150d3c51a51857ce1c6b0
- SSDEEP
  
  49152:rqGRIgg2SirwkF9xdtb43lyGKCafpKkiwnaDahmPzpY4FPyaza:rxxLFfY/KCCpKk9aWMzZyau
Score

7^/10

persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral19
- Target
  
  KernelOS-Modules/VisualAIO/vcredist2008_x64.exe
- Size
  
  5.0MB
- MD5
  
  e2ada570911edaaae7d1b3c979345fce
- SHA1
  
  a7c83077b8a28d409e36316d2d7321fa0ccdb7e8
- SHA256
  
  b811f2c047a3e828517c234bd4aa4883e1ec591d88fad21289ae68a6915a6665
- SHA512
  
  b890d83d36f3681a690828d8926139b4f13f8d2fcd258581542cf2fb7dce5d7e7e477731c9545a54a476ed5c2aaac44ce12d2c3d9b99c2c1c04a5ab4ee20c4b8
- SSDEEP
  
  98304:98I8/pCVmdbx2rU/xFnTBU8UeNeagEXtIgvjyGFDdo85qyKYr5NM62dNKViClWPg:9Avx2rw5Th8XeNyGtW0DJr5uDdQdWPet
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral20
- Target
  
  KernelOS-Modules/VisualAIO/vcredist2008_x86.exe
- Size
  
  4.3MB
- MD5
  
  35da2bf2befd998980a495b6f4f55e60
- SHA1
  
  470640aa4bb7db8e69196b5edb0010933569e98d
- SHA256
  
  6b3e4c51c6c0e5f68c8a72b497445af3dbf976394cbb62aa23569065c28deeb6
- SHA512
  
  bf630667c87b8f10ef85b61f2f379d7ce24124618b999babfec8e2df424eb494b8f1bf0977580810dff5124d4dbdec9539ff53e0dc14625c076fa34dfe44e3f2
- SSDEEP
  
  98304:vT4tlQ0aeY51XNURYxaA6qjEb9tRuPmBmWBDLTMTtbslyzRt9cuISY6Qa:vKlhE9U6476itR+mLPw6lyZY61
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral21
- Target
  
  KernelOS-Modules/VisualAIO/vcredist2010_x64.exe
- Size
  
  9.8MB
- MD5
  
  c9d9eebccef20d637f193490cec05e79
- SHA1
  
  15d032d669078aa6f0f7fd1cbf4115a070bd034d
- SHA256
  
  cc7ec044218c72a9a15fca2363baed8fc51095ee3b2a7593476771f9eba3d223
- SHA512
  
  24b56b5d9b48d75baf53a98e007ace3e7d68fbd5fa55b75ae1a2c08dd466d20b13041f80e84fdb64b825f070843f9247daba681eff16baf99a4b14ea99f5cfd6
- SSDEEP
  
  196608:n9A3D5MBD0vwqMKgL29M2JWMWiKV/nPlnqIaAAVINqsAsbPnpCxmz7dU8:23D5MBwZMd0b4oSQ7VSrAs1gEdU8
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral22
- Target
  
  KernelOS-Modules/VisualAIO/vcredist2010_x86.exe
- Size
  
  8.6MB
- MD5
  
  1801436936e64598bab5b87b37dc7f87
- SHA1
  
  28c54491be70c38c97849c3d8cfbfdd0d3c515cb
- SHA256
  
  67313b3d1bc86e83091e8de22981f14968f1a7fb12eb7ad467754c40cd94cc3d
- SHA512
  
  0b8f20b0f171f49eb49367f1aafa7101e1575ef055d7007197c21ab8fe8d75a966569444449858c31bd147357d2bf5a5bd623fe6c4dbabdc7d16999b3256ab8c
- SSDEEP
  
  196608:e9A3DAnfudQZKuNK0kMp2Wxw2tr3aA5Jegn9kaK6Hj0aaNz9ZBJ7C:t3DAnGKZKuNK0SvAn9kaK6gaaNRZbC
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral23
- Target
  
  KernelOS-Modules/VisualAIO/vcredist2012_x64.exe
- Size
  
  6.9MB
- MD5
  
  3c03562b5af9ed347614053d459d7778
- SHA1
  
  1a5d93dddbc431ab27b1da711cd3370891542797
- SHA256
  
  681be3e5ba9fd3da02c09d7e565adfa078640ed66a0d58583efad2c1e3cc4064
- SHA512
  
  6c2f4eeb38705c2dafc4d75d8de0036a0aed197f83e9cb261d255fe26e4391f24b0b156e9019c739dd99057041c2bb80f9ab80f56869bc1e01f0469a76f24f75
- SSDEEP
  
  98304:vRWKtOl5CCGomEBkHUBmExJrIUg32t9RRyvo7VnOcyP24Vc35re94tb0eYbY1poo:v3tO3CCT/hBxtVtyUVnmSprzVIY7QKAk
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral24
- Target
  
  KernelOS-Modules/VisualAIO/vcredist2012_x86.exe
- Size
  
  6.3MB
- MD5
  
  7f52a19ecaf7db3c163dd164be3e592e
- SHA1
  
  96b377a27ac5445328cbaae210fc4f0aaa750d3f
- SHA256
  
  b924ad8062eaf4e70437c8be50fa612162795ff0839479546ce907ffa8d6e386
- SHA512
  
  60220a7c9de72796bd0d6d44e2b82dbdd9c850cc611e505b7dc0213f745ff1f160b2d826eaf62fd6e07c1a31786a71d83dc6e94389690fd59b895e85aba7444b
- SSDEEP
  
  196608:OwKjLs+UIkzHlAv4X6zQRgiwHLD2LQIX/:9KjaxFFP1iLD2LnP
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral25
- Target
  
  KernelOS-Modules/VisualAIO/vcredist2013_x64.exe
- Size
  
  6.9MB
- MD5
  
  49b1164f8e95ec6409ea83cdb352d8da
- SHA1
  
  1194e6bf4153fa88f20b2a70ac15bc359ada4ee2
- SHA256
  
  a4bba7701e355ae29c403431f871a537897c363e215cafe706615e270984f17c
- SHA512
  
  29b65e45ce5233f5ad480673752529026f59a760466a1026bb92fc78d1ccc82396ecb8f07b0e49c9b2315dbef976cb417273c77f4209475036775fe687dd2d60
- SSDEEP
  
  196608:bPwMcp4zKAKpCPhD5nsF5GBAiSG5VtJFeHi:0McAWKJsF5vib5VtTeC
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral26
- Target
  
  KernelOS-Modules/VisualAIO/vcredist2013_x86.exe
- Size
  
  6.2MB
- MD5
  
  38a1b890ce847167d16567cf7b7a5642
- SHA1
  
  0f5d66bcaf120f2d3f340e448a268fe4bbf7709d
- SHA256
  
  53b605d1100ab0a88b867447bbf9274b5938125024ba01f5105a9e178a3dcdbd
- SHA512
  
  907a9aac75f4f241a85ecb94690f74f5818eea0b2241d9ef6d4bf171f17da0f4bc702e2bb90c04f194592fcc61df5c250508d16b886ed837a74b9f45da9627cd
- SSDEEP
  
  196608:hPMlUtWUVbuVAwgg1wGiU6QCs9FbEwEhMJ:oUUUNHg1wGd6QxbEwv
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral27
- Target
  
  KernelOS-Modules/VisualAIO/vcredist2015_2017_2019_2022_x64.exe
- Size
  
  24.1MB
- MD5
  
  cdce5d5ee259d8071fa82f522c5c7d6e
- SHA1
  
  d4f9181e70e3f1aa6c8edffcc15b3c3d4babe36b
- SHA256
  
  ce6593a1520591e7dea2b93fd03116e3fc3b3821a0525322b0a430faa6b3c0b4
- SHA512
  
  8f86693bf9fb4ee0ba021b826663028158d580a0424417a30d8f95ef8853fcd224b5a213beba5d99b48be0607a0a6870158bf1899fe1445da9ca19a208608527
- SSDEEP
  
  393216:JBCFpXQn0ZIoLTNOqMJgrBrIIvsHCwmMziQUv4qXvscamEZF/N4fsdx/78YHVkEv:JWpXDWoLTNOqMJcdyDz81Xv//MYkl
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral28
- Target
  
  KernelOS-Modules/VisualAIO/vcredist2015_2017_2019_2022_x86.exe
- Size
  
  13.1MB
- MD5
  
  dd89ae7bc09cad5648524905d0f53214
- SHA1
  
  29e23dd7c19b03eb59304f9d1f8e7209c1167348
- SHA256
  
  cf92a10c62ffab83b4a2168f5f9a05e5588023890b5c0cc7ba89ed71da527b0f
- SHA512
  
  7174a4c0c90beef6c091f3b1065fd951c2ecf16aa6170af56c2b226f4d352f90e13afdb6bd3b61f81f0b1050482f21d3c3b61c0de379277459e4c966ec9e823e
- SSDEEP
  
  196608:oRjAHGflpQcIIS/Rj7BWl+aV8t8z72BxBwBgO42kGVfeiZUKcSqKLNeW5xg3lU5V:IAH4lptVYmfr7yBG/41L8ncSq68fUZFX
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral29
- Target
  
  KernelOS-Modules/drvset.bat
- Size
  
  23KB
- MD5
  
  758f3df3c374bb10f86731226d86b9c4
- SHA1
  
  62fa52e0cf62b7c1f8610e2967bb0ac4c893a6e6
- SHA256
  
  df2db344e54351a1dfe7bdc365fe60f1b2de24ce2eae0307cf7d1d4e5d9239a7
- SHA512
  
  f49352450df38726a175769c7f7de0f9c64b2c632ee0f8131b9b8a91b6a0280aa5af73016460196488bce85c97ea9c783719ab4685ca4dffb6539f541f3d35ec
- SSDEEP
  
  96:jlMkcbcP/cycocFcncfiCwdsIcktVYaXEJvvHkePcxhPEXYy0YyDYyZYlYXWPlQL:imKhYtaaXKvvEgdI6R/yhzww1NPizK
Score

9^/10

evasion execution ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
behavioral30
- Target
  
  KernelOS-Modules/oss.exe
- Size
  
  7.2MB
- MD5
  
  1d3eda57e6a1edcb406b6902319ecf78
- SHA1
  
  40f3299e3eddd98b5bc4d30e551d0989214725f8
- SHA256
  
  2f637b8a5666f4537fbb4e1502becde2469e4888008a79060549b26ade5068dd
- SHA512
  
  2690e4302ea960c7f0877d0fac987d5f633093e62b2379e7e371cd30334f22fc411077e8cde377676a1b1966871b5e3eccbb5d8ccfa477479f3d95ee3e0a90c0
- SSDEEP
  
  196608:mKkuxBFGMfSrS4qRRM8wrQJFwOXlt3Ket9ubsdZCYFwD/:m0NfSrkrwMUe/ubsdI
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral31
- Target
  
  KernelOS-Modules/pssuspend.exe
- Size
  
  282KB
- MD5
  
  df3d77d41ef28027b3069d39f9ee9c79
- SHA1
  
  0dfcf31ad455abd48d35b0250b5b03265052fba6
- SHA256
  
  02ec8c37dd946a2cd74673993c2108f12fff3e82019a1590231c4205ccb2f0d4
- SHA512
  
  ff9168421ea2e0b56ece4df777b1fa3605cbb4ac81d1c81cf2491a5c197baf67c47ba4d1d767c5c272a8f3cfa46b169234d19b98671ff6ad8f7a092f51e9378d
- SSDEEP
  
  3072:K/kvkbvka2pVtwouW9+DZUFIPcpGwDmXsBvpRyAHa0MiZUFw/oPACa337yGTkSEh:K/CkboR5INUR94GhnO6g1Co/
Score

1^/10
behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

T1490

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Adds Run key to start application

Enumerates connected drives

Executes dropped EXE

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Loads dropped DLL

Checks installed software on the system

Loads dropped DLL

Checks installed software on the system

Loads dropped DLL

Checks installed software on the system

Loads dropped DLL

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Modifies boot configuration data using bcdedit

Enumerates connected drives

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32