94a47191fb3a307fdaa84a1f8f31d8e1b4b79b34048814725c373e54f3d4e37a

Sharing

Copy URL

Twitter E-mail

General

Target

pvz.exe
Size

73.6MB
Sample

240522-mc3qtsbg3s
MD5

1e70ff1df951f6dc11f55554d15f2c37
SHA1

714a0c595764c5d6c45cf5254fcad67a9cc8f10a
SHA256

94a47191fb3a307fdaa84a1f8f31d8e1b4b79b34048814725c373e54f3d4e37a
SHA512

9b9b44f42a5050e50550b8c266bdc9411598576ebcb10db896c991d792fc54c43429f63d8d7833257e06e916d73fc0f729357858aa046f202eab762c96259ddd
SSDEEP

1572864:lmMjfJ+8Xk4dNaZJyxA2fYlGsazJWE5jqerWb:lBzJ+aaKilGsazkEQerWb

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  pvz.exe
- Size
  
  73.6MB
- MD5
  
  1e70ff1df951f6dc11f55554d15f2c37
- SHA1
  
  714a0c595764c5d6c45cf5254fcad67a9cc8f10a
- SHA256
  
  94a47191fb3a307fdaa84a1f8f31d8e1b4b79b34048814725c373e54f3d4e37a
- SHA512
  
  9b9b44f42a5050e50550b8c266bdc9411598576ebcb10db896c991d792fc54c43429f63d8d7833257e06e916d73fc0f729357858aa046f202eab762c96259ddd
- SSDEEP
  
  1572864:lmMjfJ+8Xk4dNaZJyxA2fYlGsazJWE5jqerWb:lBzJ+aaKilGsazkEQerWb
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/BgWorker.dll
- Size
  
  2KB
- MD5
  
  33ec04738007e665059cf40bc0f0c22b
- SHA1
  
  4196759a922e333d9b17bda5369f14c33cd5e3bc
- SHA256
  
  50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be
- SHA512
  
  2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/ExecDos.dll
- Size
  
  6KB
- MD5
  
  774e3b33d151413dc826bf2421cd51e8
- SHA1
  
  ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa
- SHA256
  
  91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454
- SHA512
  
  3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365
- SSDEEP
  
  96:38IgHUv7jr2GJ+dfuitjFVsDtwC6OcgHl7cFi1cyMV7WhWuaW:dCajridfjR6tw1OjHl7cE1KyhWua
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  bf712f32249029466fa86756f5546950
- SHA1
  
  75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
- SHA256
  
  7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
- SHA512
  
  13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
- SSDEEP
  
  192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/license.rtf
- Size
  
  45KB
- MD5
  
  68ccbb8270c98f94d370eb924589e7a9
- SHA1
  
  bb9368843e0d0a78f540b6df69eb98256b4c042f
- SHA256
  
  0c47640694d32f91febb8c837081b77bc97aeb274152dba04c4e5448845d9520
- SHA512
  
  f4b0629d0ce11839ca384e5b041ec192b0727f80b559886029deaaf4c75b8126b1f55364f3ef4465c7aab31f953a31b635991d98e585c512ecf6ed80c24ef0eb
- SSDEEP
  
  384:YJggqaxikc+LAFzFdozPEFJDxGtH3/tirLmi6rGsuWTzc9TLvzh4nMNLoJ0o:YJggqagFVkH3/ti3HWTz2TLFNLoJ0o
Score

4^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsNiuniuSkin.dll
- Size
  
  891KB
- MD5
  
  cb9ccb0f6923b5e38221a2c9603eb669
- SHA1
  
  7214cae53f36cab79841e9d49b07cffd7ce5e1c5
- SHA256
  
  6a38b8084e7493ff57ea3eda7101fbfd6113d8470531b479ce05cefb4e34bc79
- SHA512
  
  5d510870559737ba9f10447716a654e3aa609b64a1b753e2d3722b7b92e1768980d2ff070e639add57a13a7941c1d680ffa6e13abd47c44b1d18a230590ebb6c
- SSDEEP
  
  24576:1pIQCUFPxa+iDkpxMJIpgT62mQh8lZIn:yUFPxarJICm25oZE
Score

1^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  88d3e48d1c1a051c702d47046ade7b4c
- SHA1
  
  8fc805a8b7900b6ba895d1b809a9f3ad4c730d23
- SHA256
  
  51da07da18a5486b11e0d51ebff77a3f2fcbb4d66b5665d212cc6bda480c4257
- SHA512
  
  83299dd948b40b4e2c226256d018716dbacfa739d8e882131c7f4c028c0913bc4ed9d770deb252931f3d4890f8f385bd43dcf2a5bfe5b922ec35f4b3144247a7
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/nsis7zU.dll
- Size
  
  313KB
- MD5
  
  06a47571ac922f82c098622b2f5f6f63
- SHA1
  
  8a581c33b7f2029c41edaad55d024fc0d2d7c427
- SHA256
  
  e4ab3064f2e094910ae80104ef9d371ccb74ebbeeed592582cf099acd83f5fe9
- SHA512
  
  04b3d18042f1faa536e1393179f412a5644d2cf691fbc14970f79df5c0594eeedb0826b495807a3243f27aaa0380423c1f975fe857f32e057309bb3f2a529a83
- SSDEEP
  
  6144:rA9ssOlBrbYr5UP4m3mC/FvBbhQ1JzI+yQKiJGxdNtsm0:r2S165UP4mL/FvBtC8zQdSDmm0
Score

3^/10
behavioral15 behavioral16
- Target
  
  PlantsVsZombies.exe
- Size
  
  11.1MB
- MD5
  
  5eb4b93a103edc16ec6655485ad85982
- SHA1
  
  e2b56a04c40247175085e5c32c6367db323c105e
- SHA256
  
  acfcb9eae3409391218e69ff3fe5c9424a4486d7ec752e889a59bf6bc784d961
- SHA512
  
  fe4a81562037f4fa4c005dc27b180311eb855bcb40c8fab981ba88567ef0b90528dd780e6239b810a5cb221c32b50eb29bbf524897ed3bda57b78d42e0f0d47b
- SSDEEP
  
  49152:XIaZv0mROsx3R+ijGgz4FKE6Gz9SmaeeDRoh2xO/pDyYJNo/KUAMCphx96S7kufd:Xn0Sf6ijFUPYeeDihXYeMCPfIW
Score

6^/10
- Drops desktop.ini file(s)
behavioral17 behavioral18
- Target
  
  bass.dll
- Size
  
  90KB
- MD5
  
  6731f160e001bb85ba930574b8d42776
- SHA1
  
  aa2b48c55d9350be1ccf1dce921c33100e627378
- SHA256
  
  3627adef7e04dd7aa9b8e116d0afc11dcee40d0e09d573210a4f86bdc81a80b6
- SHA512
  
  07ae0cb85464b015b35e6157228775a6ac66e5e62a1b47f9395307b61176b6df835e00a1518846507718acffc271263008cc8a9b2c1e8a0192c5438774e12437
- SSDEEP
  
  1536:lyKkZPP882+8hMJ8Y8bRVYvVqGWWkaloy4bFcx/Rus5Ay6X0T3VzkxH9J:NmNN8bRVYNqGzCy8RQwXQ3pKdJ
Score

1^/10
behavioral19 behavioral20
- Target
  
  gdi42.dll
- Size
  
  2.4MB
- MD5
  
  925373c5522569c053ae3ff9a8879a40
- SHA1
  
  8e18a8dea1add62d9fb56414dfe42fc1c04b2505
- SHA256
  
  57d7f0a0290fbf80d2b3399ba102df384fbc27edaee77fec86a5c106f4bf8429
- SHA512
  
  2e239ba0fbab72d7bfef07746e287ac359341b5f96d14b754e8a16165da542ddb5431feb044ebb6b7084a06a33e65ff964b1cc2da9a6f2be0eb4a9a38b39278b
- SSDEEP
  
  49152:a32ZyJzUX/MFfg9VjDbEopttbynqFB4taEnC7aHQkd53u0wTSPiRD8qw:XZyOX/F9VvbEstQqFfmC7aHQkdI0wTSa
Score

1^/10
behavioral21 behavioral22
- Target
  
  pvzHE-Launcher-winXP.exe
- Size
  
  1.8MB
- MD5
  
  7afa30fe7cce68c1c29258713096f3ce
- SHA1
  
  e548cf3fdc2cd66bf0a6bee9a5e634264ee4858d
- SHA256
  
  08c7b97cf56b13c0739b734bc9440aaa6f473b1a06fbf8e92b4745eb08b64297
- SHA512
  
  c28338c5cebb4e50ee8e117a03a8ad21bec34e4ef5b756531d92ffef4c4f933ddb5c54aab22f170dcf0b4688a6084ad6a35f1efb71e933c3fd0f6e76e4e8200f
- SSDEEP
  
  24576:MQw/SHLZfZuVm7b/TwLWZWg18iteuXfob84Xm1JKauBgJZJqeGARYZe5GX5dJXgL:9aVTg88wb8NRnJqeDRcgL
Score

6^/10
- Drops desktop.ini file(s)
behavioral23 behavioral24
- Target
  
  pvzHE-Launcher.exe
- Size
  
  1.7MB
- MD5
  
  477c0edf4d9a20eb949582457996b2e2
- SHA1
  
  09030647039b6c76128759133bafc3e3ddee7f2e
- SHA256
  
  394360c438692fd46d2576e51a87ef09a6643b491e5cc6ee405ea5575905bca5
- SHA512
  
  72f19fe6e2e60ffcbcd3e9645ff52cdaf3d1722df3a5a74d6ff1c06250e6629e3936149597a07344902bda1f02b435237965b53ec38e90a51a190bb0187712cc
- SSDEEP
  
  24576:q2uTu15U8PHEWUS+kBkWrzaqH6qQb2gCMgHLsDnzD+MOvdaWsQs3YNe5ZX5cFpeU:dbXPkWzqqbXHLpdaWV4epj
Score

6^/10
- Drops desktop.ini file(s)
behavioral25 behavioral26
- Target
  
  pvzHE-Save-Relocate.exe
- Size
  
  1.7MB
- MD5
  
  c7afc46bb41f5d7f97e60b76329a2398
- SHA1
  
  d18fd7153023ebca9cdc7df6d25a4142aae8e79c
- SHA256
  
  269c238bbfd9f30c4490235cb403e2dfea3fbdc3db7c8dc367db0403ea908295
- SHA512
  
  5766213d579891763220a6c7ae1fea317721b091e3b02fad2141cf75a5e44afa99a9320f0a74faa6dd1a590ba24668a1a90d6d368ecf8b0614689764253ab9bc
- SSDEEP
  
  24576:Smv0snC10P8NbLM6MUWeBBmb/Le8EZj2RTDhX3wLaWA/xgkcQrYNe5tKX5c54Klx:89NPw1LfXhXFgkcQrv
Score

1^/10
behavioral27 behavioral28
- Target
  
  uninst.exe
- Size
  
  3.1MB
- MD5
  
  dd830000e3cadbd45d2d08b0c77c8cd3
- SHA1
  
  130295b33d11e62db959499de8d6365c222b05ab
- SHA256
  
  e262c2b744613496e27a8cd3e9c260da1723218852c071a4532ae5aace3cc642
- SHA512
  
  1c2dcccf9d6db98a6865730497ab137737c49dd01ba28aa291e743cbc3aa399238c2cf4f87f5ef69d00e3526bfda424f95796519998f54f6642e16868cd5d345
- SSDEEP
  
  98304:zuxNBVhR63NHbnG7Cstb0WnqP2oJkslcLSg7MINUWT:zafs3Fy7iDPUvMzWT
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/BgWorker.dll
- Size
  
  2KB
- MD5
  
  33ec04738007e665059cf40bc0f0c22b
- SHA1
  
  4196759a922e333d9b17bda5369f14c33cd5e3bc
- SHA256
  
  50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be
- SHA512
  
  2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Modifies file permissions

Checks installed software on the system

Drops desktop.ini file(s)

Drops desktop.ini file(s)

Drops desktop.ini file(s)

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32