af32810c32961e7f26b58434465072d63acf5a084a5bf776b81b4ba445348905

Sharing

Copy URL

Twitter E-mail

General

Target

pololu-cp2102-windows-220616.zip
Size

3.5MB
Sample

240520-ke339sbg56
MD5

88667b0342de3a3eea3a59f55aeb84f2
SHA1

402d767286d4b4ba0df231222f5d7d76f9b1859b
SHA256

af32810c32961e7f26b58434465072d63acf5a084a5bf776b81b4ba445348905
SHA512

8d6dd9f73765fc733bb16fb94cdfa6bca27598631bd81eb221cd0dcc1fbaee83bb26aedcad57ce21cf5d316f95bbdf793a8f2370cc37f41d7d3240be38d62c44
SSDEEP

98304:7ehYLXYLL/Az0u+zAbTUuP3lNE81+lAZBokY9a:7eWMv/Az0Z4TvP3YWMkaa

Score

8^/10

discovery

Malware Config

Targets

- Target
  
  pololu-cp2102-windows/pololu-cp2102-setup-x64.exe
- Size
  
  663KB
- MD5
  
  07ceb55be97b338ac0f77739e3e9e12e
- SHA1
  
  992b25ba247c8fc306706f6140b12b30e457d466
- SHA256
  
  3c2b9f5054ddb179348a139a6da467754797f4c121c4a6140b2f1cdc640dcd51
- SHA512
  
  61b44e2956ead00abe2372aae9fa3ecd13fe52db5457414aede438a58816a728699b80959cd16a9a2c983990138c9a4cdf4f112ab11d331e3d6c1ec9fc611244
- SSDEEP
  
  6144:+sW7OzpPId26dQcEaUrPvwgwkRVagRoOQTiHaQsVIhVLpHf2mmPH:2IId79EaUTvwieMowXzZ2tPH
Score

8^/10

discovery
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  pololu-cp2102-windows/pololu-cp2102-setup-x86.exe
- Size
  
  540KB
- MD5
  
  b413976486f152aec1e8f104201059c3
- SHA1
  
  508bb6cb5e65d286d3c9b29559ed668c2e4dae1c
- SHA256
  
  a84bb6c86cc7f3962b93f90b60f11ef1232bcc6dc0eff1b36433484f65af082b
- SHA512
  
  3ab0d10ed4c3aaaac66c7bbd5a0db783b2d9059dcb1a9d51b30e8edbfd388a2abe02a64ef9ad962541fe4d8e589d8808510d23c200efd6b3eeda8017001b19f9
- SSDEEP
  
  6144:WZQaKSpwmx5ATm/LC3fwf3OoU9xkYSr/mdBTRhKWIUmPkr+LyIQjO:WZqSpwmxvL/f3vCNkPkrAyIQjO
Score

4^/10
behavioral3 behavioral4
- Target
  
  pololu-cp2102-windows/x64/WdfCoInstaller01009.dll
- Size
  
  1.6MB
- MD5
  
  4da5da193e0e4f86f6f8fd43ef25329a
- SHA1
  
  68a44d37ff535a2c454f2440e1429833a1c6d810
- SHA256
  
  18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e
- SHA512
  
  b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853
- SSDEEP
  
  24576:oU4MsColC6Je/ZgY7OOfcEpiRLH87SyVXGe38uKUj+NFVov1PJLfVKZ8F5mEeZWF:BFCsfZRZA6Xn388avVovfLd+Mo4iEF
Score

1^/10
behavioral5 behavioral6
- Target
  
  pololu-cp2102-windows/x64/silabenm.sys
- Size
  
  26KB
- MD5
  
  7799106fee728b907a86d9c9751e02d5
- SHA1
  
  f35320e535159d43b598c7c11684db05be4196a6
- SHA256
  
  ee85e8d3cf3819db28221bfc103de8df0e14e1878cecf54e8cd8c161b0e0af3c
- SHA512
  
  f91af958adf1b808fc6c30aa7fe9c6cf8c5c2a041327693403d9a12a06e7c5084d203433ba2d0917a3fc1a064626bce89526c5fb4b951f0a4aa07e84d237a99c
- SSDEEP
  
  384:n6oIhnyUR2OZRy0m1KOd/V3nL7fVRQlQeddvuVyxxTWBU/TJ1mTbCemE:fIZygU31Kw/V3L7f4esv2+/TbobCM
Score

1^/10
behavioral7 behavioral8
- Target
  
  pololu-cp2102-windows/x64/silabser.sys
- Size
  
  71KB
- MD5
  
  db394fdaa383d05538c02a7299eb0ff9
- SHA1
  
  6ab2463b2c7c8e1995eea48454210c48de935304
- SHA256
  
  1865671d27dc18bf17431c3259ea29b18431b8b78c8b15adb6c63d3da3c7d1ef
- SHA512
  
  fe6eda3a2913fd06809db400ab05d707400bd6ca005f0ce50b91d68a2bcda87cde9b7b8ae15c92097091fe55d5d93b25233aca64996d4b5cd6792cfb2364c57e
- SSDEEP
  
  1536:0lsh0F7ck+PX1p2v9lLxAoO4lx/CGxMP4TNYyTPfBTrIF1RqJViwAaZ:Th0Vck8DaQGx/CGxMP4TNYyTPfBT0gJj
Score

1^/10
behavioral10 behavioral9
- Target
  
  pololu-cp2102-windows/x86/WdfCoInstaller01009.dll
- Size
  
  1.4MB
- MD5
  
  a9970042be512c7981b36e689c5f3f9f
- SHA1
  
  b0ba0de22ade0ee5324eaa82e179f41d2c67b63e
- SHA256
  
  7a6bf1f950684381205c717a51af2d9c81b203cb1f3db0006a4602e2df675c77
- SHA512
  
  8377049f0aaef7ffcb86d40e22ce8aa16e24cad78da1fb9b24edfbc7561e3d4fd220d19414fa06964692c54e5cbc47ec87b1f3e2e63440c6986cb985a65ce27d
- SSDEEP
  
  24576:GjG90oN2lj11mk/22yYzGrarZRm4X5Uh6rVh5LdfBwOyCSQM1fFhSWRA2+:iGtN2h1120R7m4XShYVxfBwrC21fXSz
Score

1^/10
behavioral11 behavioral12
- Target
  
  pololu-cp2102-windows/x86/silabenm.sys
- Size
  
  46KB
- MD5
  
  3ead8e1668ce42a0afe41d56e7157bcf
- SHA1
  
  c164ee1014a9d64befcdb46ab4b1c67c1f23e47b
- SHA256
  
  90a1aa6372356046b28c079954458f42849779ffc48c93af0549a7673b276eb3
- SHA512
  
  5e4e844d809e0d344ec3aae456f9c0c0dfc89f7ba1d328afc42fe474fdd57a8f156cce8b269a125d113e3eea660a693406bdd15eb1b0c00e3abb20a192fa73f0
- SSDEEP
  
  768:43jIG9nfU9USVPRaQT78wiYwMSxidYBb3obCv:YjIonWVPAvYzQx3cCv
Score

1^/10
behavioral13 behavioral14
- Target
  
  pololu-cp2102-windows/x86/silabser.sys
- Size
  
  61KB
- MD5
  
  afa84c5e40795b5480cd78b1aab50fba
- SHA1
  
  0395cc8fd00ef915f3caabf06ce6faa6d726a3f4
- SHA256
  
  37c72cd570603a37c308763ec6114e677c8dd0e5cb97481e40b818ab3896c724
- SHA512
  
  3fb101e07028e8ae8828f01141311bfa39941d129bf9565aa51576bf3dddd32338b07f463230d8af1b5222daff04779f8cc94b9a038e6316ef442874f14475d6
- SSDEEP
  
  1536:WCVK1U5/4vcfL+MexwdFzTRIkwbzNQfqahBFO6E5uzAZezad+:WCIu5ffLfFzTRIkwbzNQfqahBFO6E5O9
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Manipulates Digital Signatures

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16