d99ac2a9df6c9e6d560270ca6561190cf4fd098096a5b61ac599d930811bd2c6

Sharing

Copy URL

Twitter E-mail

General

Target

RSI-Setup-2.0.0.exe
Size

174.1MB
Sample

240524-dvxg4abc65
MD5

7d1d48d83f79a78ad7602c10c12efd92
SHA1

df19057887fa070163d833438242cd7c21e69110
SHA256

d99ac2a9df6c9e6d560270ca6561190cf4fd098096a5b61ac599d930811bd2c6
SHA512

d5c1d522f8297094c2b3c0ac83d59b600f0c06c18abd550c45541e0891b5df60f1b182d658256bd136ae794aa400453b23d61499c1485ffc901943ecf6b0594f
SSDEEP

3145728:8JaJk5/CuC96GBFs/WEp56t8bR75QUUrdi0GY7JYrPE8IfJsZuxlGK:E6k0jBFfEH6t8VulRi0GYkE8IfJxbl

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  RSI-Setup-2.0.0.exe
- Size
  
  174.1MB
- MD5
  
  7d1d48d83f79a78ad7602c10c12efd92
- SHA1
  
  df19057887fa070163d833438242cd7c21e69110
- SHA256
  
  d99ac2a9df6c9e6d560270ca6561190cf4fd098096a5b61ac599d930811bd2c6
- SHA512
  
  d5c1d522f8297094c2b3c0ac83d59b600f0c06c18abd550c45541e0891b5df60f1b182d658256bd136ae794aa400453b23d61499c1485ffc901943ecf6b0594f
- SSDEEP
  
  3145728:8JaJk5/CuC96GBFs/WEp56t8bR75QUUrdi0GY7JYrPE8IfJsZuxlGK:E6k0jBFfEH6t8VulRi0GYkE8IfJxbl
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral3
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10
behavioral4
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10
behavioral5
- Target
  
  LICENSES.chromium.html
- Size
  
  8.4MB
- MD5
  
  e400cd908b8fb7c13985e2f5cc7a7044
- SHA1
  
  bbafebdf5b067a7d7da130025851eaa52ec3c9d7
- SHA256
  
  ee3b1ab8794c749673ce9bd2dd302f12d69f0a1a4adfe40a64247746cc311829
- SHA512
  
  e7ca440f0e042d7fcfa99367426bf19899a2b227c6d7b6e2c25d4f1a40113250f21ebeaaf91067d8569dfbad1415d4fe3e5626d7254722f2778497fcb22e5d6e
- SSDEEP
  
  24576:/UrV6CI675knWSgRBPyQlrUmf1C6C6y6Z6/678HqBMUpuQ:MsWKA
Score

1^/10
behavioral6
- Target
  
  RSI Launcher.exe
- Size
  
  158.5MB
- MD5
  
  fb745b1faa76fb33d0c7f665835a2613
- SHA1
  
  5a3ede67f1025e4528b60e557b5df67820ee0efc
- SHA256
  
  8a0a9690e03d03cf36b78142319c92408fad4c7c01a3d85083ce94f03c545905
- SHA512
  
  970dbc1b91345096d8abfcfaf5bf7c4d09b8a6ea5a0035338d8fac36b679521d5fa9d7efe977f5bb462a91f3f826bff7d8808c3e7f36ae3924e01e985075c9e0
- SSDEEP
  
  1572864:Sqlkf5pFz1X7SBT4Oj3tdOS69YvkSpjwy8Oz/jf2xzQf+f5KvAKNtnJHUOWm5v:IcUkHaov
Score

5^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  2191e768cc2e19009dad20dc999135a3
- SHA1
  
  f49a46ba0e954e657aaed1c9019a53d194272b6a
- SHA256
  
  7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d
- SHA512
  
  5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970
- SSDEEP
  
  49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
Score

1^/10
behavioral8
- Target
  
  ffmpeg.dll
- Size
  
  2.7MB
- MD5
  
  bdbc15823f08ccc62a32536236022cc4
- SHA1
  
  779661b3892aa1aab6e160cdaf93f853037160a0
- SHA256
  
  f428f576a374257c40887f008640e4260bac588b654fe146420c84a3986fff7e
- SHA512
  
  d00cf2e9c51724548fd924182726c97a6b80246e354ed9b76a61eeecb50f579ad2338bd956854eae4fc2ecd2849b24cf7445fb908a5ce4432272ce2306740120
- SSDEEP
  
  49152:Q8h7ilnY895zc09Myl6QL3n6F+hTf6yfPvJr8PNStFwLluJMWykOF7:Sn1H9MDCn6OFMWyB7
Score

1^/10
behavioral9
- Target
  
  libEGL.dll
- Size
  
  469KB
- MD5
  
  19b23876f97d05fdb0d59dacca84c7e8
- SHA1
  
  baa4873375c3eaa9d49cfbe6771cc3be764f586c
- SHA256
  
  352bdc558b331dad5ea47077210471caa61a7d5301934b9228856d318ae8991a
- SHA512
  
  ea88e22256385ccc5a4a623df81fabed4320425c5964d1307c7905182e617760290283e32125a0007f64fd52a5af66e16e4ea2b0030af4a8107d8806b67babce
- SSDEEP
  
  6144:7I9l960ewE3X883ZrzMkBmi12EvUGsADfIgHc:7ClY0WM8JrzMIKODf
Score

1^/10
behavioral10
- Target
  
  libGLESv2.dll
- Size
  
  7.1MB
- MD5
  
  0fad48e60639a89286778fde87eccc4d
- SHA1
  
  7bcba15b69bec594fe8f0b7e5e2953b5248773c8
- SHA256
  
  b9e881b521aefa18015dea4a5233ad1d2c204e2cdc808104853cad1ab366d2f0
- SHA512
  
  4f1c42eda7f092c54f5f6f5c59e15b825491bcbfab889ff48bdd68647add9cfa252d933e4e6b2ce4c60782e66e2a6e3ece0b4215f275d70bae819f00c08b8516
- SSDEEP
  
  98304:WAgpTkR1+f1SlkWW6yAKwCD2x9Stm5H5wXVlJ:J9nSYxCdcKl
Score

1^/10
behavioral11
- Target
  
  resources/VC_redist.x64.exe
- Size
  
  24.0MB
- MD5
  
  291e0c486cbe22cb000c5e541c9e8317
- SHA1
  
  64e813bb9024a8e8d5aa64ee20e0d13de97ec7fd
- SHA256
  
  9b9dd72c27ab1db081de56bb7b73bee9a00f60d14ed8e6fde45dab3e619b5f04
- SHA512
  
  666da980e006648c8ea5eb09ed1d8bafb59bb8c8e798d18bd1c9b1f523237bb7c0d5937813a34ab37f6e0daefe8f2baf9373b73c0c9262fe3a1d88c0f4eae611
- SSDEEP
  
  786432:cRpXDWoLTNOqMh+953TE0r6UYNn0vk01cH:ApXDhLTNJMYfEq6UW0sTH
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral12
- Target
  
  resources/elevate.exe
- Size
  
  125KB
- MD5
  
  8e8b377e679df17e681d41a6a4c47387
- SHA1
  
  5ed64822bef831ff019d7e98e53bc75b98e232c3
- SHA256
  
  cb31e0fe75fa750aa5d094154ee3ee9a0a7b64adfee814520d618c29854795c3
- SHA512
  
  0a88456d7d9e2744be9328f37733861c184f84d7f2296c539c5b2d1995923bc296d79a67b1b321dfa341269e165830c378e2fb138ac01fadd657215eea73c404
- SSDEEP
  
  3072:9FbLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWlnVHhZm:/PrwRhte1XsE1lVzm
Score

1^/10
behavioral13
- Target
  
  resources/installer-support.exe
- Size
  
  226KB
- MD5
  
  643fd093f7adfdfd83efa3dafb266689
- SHA1
  
  ccd31ba7e0466e85f79f3959ea354228c5dcd6a1
- SHA256
  
  11775e9f4c729e8a5992c4b2442d0ac3c1937a0542b17281fb8bbb83c0fcadd2
- SHA512
  
  453243c4af53589669139512c3a1adf5c1eef294fdda421735abb7940edab8bfb721fff80c40efc7cebdccd760f2806aeea758014eabb4ce2dfc8b1363bc37c1
- SSDEEP
  
  3072:hANHXSiSVjRF7fV/mSRw1kG/64S0/PdMEAoz9YkHyKbiNHa/b:hANHtSVj3dud1kGO6ZAoRvqHa/b
Score

1^/10
behavioral14
- Target
  
  vk_swiftshader.dll
- Size
  
  4.9MB
- MD5
  
  3a41ff197dc736ea9d9624b24a009605
- SHA1
  
  6e8701f563d63689a356fcf8ed74b1314463b376
- SHA256
  
  abb361645e609c60934f61d45dd336cf5c397dbf10ddf78f8f9401d65acbc55f
- SHA512
  
  2f28e17c178ac62073f3efa4fa09d6c65516428f5ffc0b3bc164df2e35b5b7b1af157866ac32c6468817874f7990742fb67fe3415ead17cd5f7072c4b53a41ac
- SSDEEP
  
  49152:v6PkZFjKeDTIEvAvlo6coVQxa8sVr0yN1J+MuXy557nDOPNt7wpr30sN+05uQKYJ:vNZFjAgpOz2VeCCAkEvkCvGZj9z
Score

1^/10
behavioral15
- Target
  
  vulkan-1.dll
- Size
  
  917KB
- MD5
  
  82179ff0283187092feba69ec997feb5
- SHA1
  
  78f27f6e9b93866b99b7ab380b5583c25755404f
- SHA256
  
  2b97666d3ead3c9dd6336d52c664a64b1d9d6a31f197701a80263b86b1aae348
- SHA512
  
  2960adb42bf3eee41c52823cc5db9e32807f25544bd9c2b878626aea47f25ea548f9e16712ad561fd4d91d8da823a7cf23ddf9b108be4b737bc8f65f0f76bf5a
- SSDEEP
  
  24576:0V9nIy2kwpHHPDnCo3A1XpQ66Z5WoDYsHs6g3P0zAk7yG3:At2zNLnxA1+66Z5WoDYsHs6g3P0zAk79
Score

1^/10
behavioral16
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  466179e1c8ee8a1ff5e4427dbb6c4a01
- SHA1
  
  eb607467009074278e4bd50c7eab400e95ae48f7
- SHA256
  
  1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172
- SHA512
  
  7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817
- SSDEEP
  
  192:olsHeylO012En8pqHtcE0PuAgkOyvIFc:oATI0d8pUP0WAgkBvIFc
Score

3^/10
behavioral17
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  ec0504e6b8a11d5aad43b296beeb84b2
- SHA1
  
  91b5ce085130c8c7194d66b2439ec9e1c206497c
- SHA256
  
  5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
- SHA512
  
  3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
- SSDEEP
  
  96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Score

3^/10
behavioral18
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  f0438a894f3a7e01a4aae8d1b5dd0289
- SHA1
  
  b058e3fcfb7b550041da16bf10d8837024c38bf6
- SHA256
  
  30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
- SHA512
  
  f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
- SSDEEP
  
  48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score

3^/10
behavioral19
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10
behavioral20
- Target
  
  $R0/Uninstall RSI Launcher.exe
- Size
  
  478KB
- MD5
  
  9c0dc09ddb656b8ca35575ccf4f99591
- SHA1
  
  3f4d96ffc694182eedcb31cd52ec705699d4eeb6
- SHA256
  
  7fa393c36212fc5d451f109dba09066589aad9823edc62a8d00ce22c662eea18
- SHA512
  
  8a82fc22f3731dd47e903329192da6964ddfe7d64947e6d8b8ac9518b303dd7ad60c166c146055a16a445909432b6df0afe75246478c492113fd81e40e238167
- SSDEEP
  
  6144:5740IJfWjqmeJ0dFZH82uS3KQIMBUafPHmOf2t0EyL+2iaJL:xBkiXHrfBV/mOPRK2ZJL
Score

4^/10
behavioral21
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral22
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral23
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10
behavioral24
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10
behavioral25
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  466179e1c8ee8a1ff5e4427dbb6c4a01
- SHA1
  
  eb607467009074278e4bd50c7eab400e95ae48f7
- SHA256
  
  1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172
- SHA512
  
  7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817
- SSDEEP
  
  192:olsHeylO012En8pqHtcE0PuAgkOyvIFc:oATI0d8pUP0WAgkBvIFc
Score

3^/10
behavioral26
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  ec0504e6b8a11d5aad43b296beeb84b2
- SHA1
  
  91b5ce085130c8c7194d66b2439ec9e1c206497c
- SHA256
  
  5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
- SHA512
  
  3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
- SSDEEP
  
  96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Score

3^/10
behavioral27
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  f0438a894f3a7e01a4aae8d1b5dd0289
- SHA1
  
  b058e3fcfb7b550041da16bf10d8837024c38bf6
- SHA256
  
  30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
- SHA512
  
  f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
- SSDEEP
  
  48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score

3^/10
behavioral28
- Target
  
  $TEMP/VC_redist.x64.exe
- Size
  
  24.0MB
- MD5
  
  291e0c486cbe22cb000c5e541c9e8317
- SHA1
  
  64e813bb9024a8e8d5aa64ee20e0d13de97ec7fd
- SHA256
  
  9b9dd72c27ab1db081de56bb7b73bee9a00f60d14ed8e6fde45dab3e619b5f04
- SHA512
  
  666da980e006648c8ea5eb09ed1d8bafb59bb8c8e798d18bd1c9b1f523237bb7c0d5937813a34ab37f6e0daefe8f2baf9373b73c0c9262fe3a1d88c0f4eae611
- SSDEEP
  
  786432:cRpXDWoLTNOqMh+953TE0r6UYNn0vk01cH:ApXDhLTNJMYfEq6UW0sTH
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral29
- Target
  
  $TEMP/dotNetFx45_Full_setup.exe
- Size
  
  982KB
- MD5
  
  9e8253f0a993e53b4809dbd74b335227
- SHA1
  
  f6ba6f03c65c3996a258f58324a917463b2d6ff4
- SHA256
  
  e434828818f81e6e1f5955e84caec08662bd154a80b24a71a2eda530d8b2f66a
- SHA512
  
  404d67d59fcd767e65d86395b38d1a531465cee5bb3c5cf3d1205975ff76d27d477fe8cc3842b8134f17b61292d8e2ffba71134fe50a36afd60b189b027f5af0
- SSDEEP
  
  24576:3idS2cRQNb9dUcyezFSja7zEwA2BH6SEUVGDKX68zuQm6wwr5mAPepC:SQ2cRQh9GexmCxBxVV56CmWQax
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral30
- Target
  
  $TEMP/dxwebsetup.exe
- Size
  
  285KB
- MD5
  
  bcbb7c0cd9696068988953990ec5bd11
- SHA1
  
  3c8243734cf43dd7bb2332ba05b58ccacfa4377c
- SHA256
  
  34f64699d4830145cae69bd40115b1f326e70fc6a98456cb3df996d947dddca4
- SHA512
  
  551a2e3aa5fc7c0e79c3bd7c5333df5f1920ea83fe35b99adbbe865ea926fa772d72709bde2ea8f2685f4914cd96ff7b5b6f894f9b99f1120c2abe89c390a786
- SSDEEP
  
  6144:3WK8fc2liXmrLxcdRDLiH1vVRGVOhMp421/7YQ43:mcvgLARDI1KIOzOR3
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral31

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Adds Run key to start application

Drops desktop.ini file(s)

Enumerates connected drives

Drops file in System32 directory

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31