a77210dc3ae1df36cab033e2b52ca8c656bd5cbc5257a79220526f32f4bf5949

Sharing

Copy URL

Twitter E-mail

General

Target

Onn Setup20240320V1.0.0.8.08.exe
Size

96.9MB
Sample

240525-17jhbsda36
MD5

4f47875bb1979dd2dfe3cfabe209eaf3
SHA1

0f09e3255e060357b9e7915e97d7aaa1984ee7b2
SHA256

a77210dc3ae1df36cab033e2b52ca8c656bd5cbc5257a79220526f32f4bf5949
SHA512

eee8797487a3336b24374f4614930e5f630b20678068a5baceac6773ac67fb5cfae18591e3ed1c9daaaa987f6b61314a5aea00418fe1fb6f84d52e2f9a2927ee
SSDEEP

3145728:7C9ImWoYIycnyVxo0CRy3bD+Wco2B9XaR3:PoYIznychMnLcD3XaR3

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  Onn Setup20240320V1.0.0.8.08.exe
- Size
  
  96.9MB
- MD5
  
  4f47875bb1979dd2dfe3cfabe209eaf3
- SHA1
  
  0f09e3255e060357b9e7915e97d7aaa1984ee7b2
- SHA256
  
  a77210dc3ae1df36cab033e2b52ca8c656bd5cbc5257a79220526f32f4bf5949
- SHA512
  
  eee8797487a3336b24374f4614930e5f630b20678068a5baceac6773ac67fb5cfae18591e3ed1c9daaaa987f6b61314a5aea00418fe1fb6f84d52e2f9a2927ee
- SSDEEP
  
  3145728:7C9ImWoYIycnyVxo0CRy3bD+Wco2B9XaR3:PoYIznychMnLcD3XaR3
Score

8^/10

discovery persistence
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1
- Target
  
  $PLUGINSDIR/BgWorker.dll
- Size
  
  2KB
- MD5
  
  33ec04738007e665059cf40bc0f0c22b
- SHA1
  
  4196759a922e333d9b17bda5369f14c33cd5e3bc
- SHA256
  
  50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be
- SHA512
  
  2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef
Score

3^/10
behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  bf712f32249029466fa86756f5546950
- SHA1
  
  75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
- SHA256
  
  7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
- SHA512
  
  13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
- SSDEEP
  
  192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/
Score

3^/10
behavioral3
- Target
  
  $PLUGINSDIR/nsNiuniuSkin.dll
- Size
  
  896KB
- MD5
  
  1834fd72e6a7387749d014a30b53d6ac
- SHA1
  
  e6c51f9f578e86e376501fc08f6d80cfe11bdb52
- SHA256
  
  148cb136ff5ae9711ddb869b5f22065ee89e13eaf5081ce39c07dbe89ccd97b7
- SHA512
  
  c8247a7916c718311a0f458cbb2133d77e3950609bb2c4b9470a9a7725a1d4d595422fb8c3c42f34629fd045675c72b221fee26a5188b9df4a0f3099857ec204
- SSDEEP
  
  24576:/pIQCUFPxa+iDkpxMJIpgT62mQh8lZIn:oUFPxarJICm25oZE
Score

1^/10
behavioral4
- Target
  
  $PLUGINSDIR/nsis7zU.dll
- Size
  
  313KB
- MD5
  
  06a47571ac922f82c098622b2f5f6f63
- SHA1
  
  8a581c33b7f2029c41edaad55d024fc0d2d7c427
- SHA256
  
  e4ab3064f2e094910ae80104ef9d371ccb74ebbeeed592582cf099acd83f5fe9
- SHA512
  
  04b3d18042f1faa536e1393179f412a5644d2cf691fbc14970f79df5c0594eeedb0826b495807a3243f27aaa0380423c1f975fe857f32e057309bb3f2a529a83
- SSDEEP
  
  6144:rA9ssOlBrbYr5UP4m3mC/FvBbhQ1JzI+yQKiJGxdNtsm0:r2S165UP4mL/FvBtC8zQdSDmm0
Score

3^/10
behavioral5
- Target
  
  CommFunc.dll
- Size
  
  48KB
- MD5
  
  5b7f1d585c7cfd7920f028e6dded4ef4
- SHA1
  
  c8046b57026342b66e33c4a2b27ba55df6d6b8d0
- SHA256
  
  c12617b0bec1131e16b5ff4159dd62cbfe0cd86a2cb5f2fe8873dc3d00f60c9b
- SHA512
  
  2d74f5201f4a30807216433f2302cd5e709db8f00f5f0ea13d937f278df69bbc163b3b2f1a319a249b781860f5458d185293e8590f9a19e56fafa391bc52edc2
- SSDEEP
  
  768:4FVGiCx/ho1QIeDhNdWQvJQbJu3M4p6cshkPkZr63mnjEDQxKak9LSG:4FVGiM/i67bJQ1M/ULkPAmQJRG
Score

1^/10
behavioral6
- Target
  
  DLL3S_UsbAudio16xx_Debug_x32.dll
- Size
  
  1.4MB
- MD5
  
  edc38aadd31adefb67649ff33d87e255
- SHA1
  
  682d27a567fe110c255d514a174f1d7118097690
- SHA256
  
  c88e83a8f5bcf4d0966b5dfd494cc3e09993f38893c69ef208f6de8c97575c8d
- SHA512
  
  748466475e0ba5b6515ed42937101706662ac70a87be1ae970ca2033205b1e31d9beb6f77954bddb8acf63bfc2cf736911e6bce25ea691acd5b459920282a64d
- SSDEEP
  
  24576:Q/WpkZFHRPd8+A4S77oouIfMbw5TciINZhvI7azv:Q/WT+RYPpTciINZhcazv
Score

3^/10
behavioral7
- Target
  
  DLL3S_UsbAudio16xx_Debug_x64.dll
- Size
  
  1.7MB
- MD5
  
  47a4d0551d750539302f0ff131a80728
- SHA1
  
  55872ef0b12aae7e9ad6006ac40f83964c024879
- SHA256
  
  2ba5411e4ee1b189e9bc882444d401fbef5d18877100460f7df1802c72257f58
- SHA512
  
  7572d7c1061037f595d2b72f434b3fe1856b6d635541e693fce0029ab1c83d8f7e7345941b062ff223d020178ad941f310121be3907c482bd5cf4c4bba3b7a0e
- SSDEEP
  
  24576:4MCKtEPqMXNwXl+IstCCEjXVaeaAA/Hg6i/2ngNHiN/0I49RW00S2fs51BeiwfD0:sI6wXl+IstCCklaeaP90VSU25B8
Score

1^/10
behavioral8
- Target
  
  DLL3S_UsbAudio16xx_x32.dll
- Size
  
  282KB
- MD5
  
  52d6ac33d168c87bda07386281f57765
- SHA1
  
  a59c17cb015b082098aa43e4a0b6f57aa4540545
- SHA256
  
  a185cea2fb4716a691d21bcb8b26f7455964ccdbfe3fa61c5ae6e3db4f4372b8
- SHA512
  
  6b241c18b6ee9616fd54cee711e90570f12c54ba695c48c3e485a04094422bb709f123061031a7cd2856fc1e5bcbcb1595d1e21eef2119e7b86c8be9d0228ace
- SSDEEP
  
  3072:iNrzDedvCTv4afzprqjzi+sFHlODZZP0OLpML6mirTf58Gjrs:o3kaEAgi9YDZZPbfqGjrs
Score

3^/10
behavioral9
- Target
  
  DLL3S_UsbAudio16xx_x64.dll
- Size
  
  349KB
- MD5
  
  4410b33c68750d71a4bc74f9a057f471
- SHA1
  
  eef2e8e104dc1c4fe57bb46340547ecd50e9911c
- SHA256
  
  920daf71448badb3571b75d6bd3370af2ee81351d635d15500af48fdb4c21bdc
- SHA512
  
  5c3c17db0677e8fbfc9de432e7a971214978b11c327bdacea8d9f45bd6783645165216aef0de0cd9df9b3dba78544ed93b6b405f6bb721a938d38d0b2f712312
- SSDEEP
  
  6144:yIICtQOnvXJLHFTWfMwoJp+E0w5C3kXDQ82:yI3QovXJLsER5q
Score

1^/10
behavioral10
- Target
  
  Driver/CommFunc.dll
- Size
  
  48KB
- MD5
  
  5b7f1d585c7cfd7920f028e6dded4ef4
- SHA1
  
  c8046b57026342b66e33c4a2b27ba55df6d6b8d0
- SHA256
  
  c12617b0bec1131e16b5ff4159dd62cbfe0cd86a2cb5f2fe8873dc3d00f60c9b
- SHA512
  
  2d74f5201f4a30807216433f2302cd5e709db8f00f5f0ea13d937f278df69bbc163b3b2f1a319a249b781860f5458d185293e8590f9a19e56fafa391bc52edc2
- SSDEEP
  
  768:4FVGiCx/ho1QIeDhNdWQvJQbJu3M4p6cshkPkZr63mnjEDQxKak9LSG:4FVGiM/i67bJQ1M/ULkPAmQJRG
Score

1^/10
behavioral11
- Target
  
  Driver/DIFxAPI.dll
- Size
  
  312KB
- MD5
  
  a23d67c0248290bc25f715d82d454a2a
- SHA1
  
  0d62e933e0a9ffda22996fe261d8fa8bdfdc3930
- SHA256
  
  5071649d8a44b6b7035b63433ca566305a985da59f82db4d9a1c2566578fe6e7
- SHA512
  
  f31de2116853c6de5a98b506b79a233e62a8d4d2461058c2dd92cfa9958b786a6f94f746bf021ce5839f10de05176671b27492fcbbbdab0834140e44684216d5
- SSDEEP
  
  6144:njvrIFn6FqaWJbuDvodq8FDG3Ii+F55dPGJfKWX:njvkFODq1UYi+F1PifzX
Score

1^/10
behavioral12
- Target
  
  Driver/DIFxCmd.exe
- Size
  
  17KB
- MD5
  
  59836d001edc7b6a9e228208c6e51208
- SHA1
  
  5df4d13fd22dced28fb6014041d37e570c0252f7
- SHA256
  
  58ec96f5a3eb3d5dee69d282af16b61d9197cec89fb1cba6aaee6f16925265c2
- SHA512
  
  51e9bd83c99cc9b1d50957e06bf2e3bfa51b21a478328df7eddc7d56d382c8a3073c7a439d5689fd882ce5ff8612518cf45e8bb4dd7c3e59f2f497468cce23fb
- SSDEEP
  
  384:4T9gZN/zSbTKZW9t3P5A7BTrnYPLWDsxVl:4T3TKQL3xwBTrtsT
Score

1^/10
behavioral13
- Target
  
  Driver/HHTHidMouFiltr.sys
- Size
  
  21KB
- MD5
  
  7d9258dea99aa8948e9edb01fe92d340
- SHA1
  
  2aae681e0e78be2f31b047a1b996a016b03f0f53
- SHA256
  
  c85522159ddf94d8e9d831a831ad36877102fb652195238246526eea04602f6d
- SHA512
  
  3953387b84a02b234a57876e5d741a666d061eaaddc6eed580ec6dbfb699c8d37b9dda3ce4ca82590f8af7be4138182915924fb1fa2ae660eca8ee0e5f177ab0
- SSDEEP
  
  384:mtnpL4MHnYPL6iUHeMqUoiWPFRFHk9flxC0HQ:mtxrHhI9Hq0
Score

1^/10
behavioral14
- Target
  
  Driver/MouFiltr_Evi.sys
- Size
  
  27KB
- MD5
  
  4bc29755c4b08cc1c7581b4d54adba29
- SHA1
  
  f71a702d44113a9fc24d55225c00eb51fd2c8139
- SHA256
  
  6465955d85c47a0f7ef367698cbe601cf528a14cfae9d2b06b6c9aaf7f1d11d4
- SHA512
  
  d27a51ce6026686e036dda637168cec60296438e0c8f60b86e214950e6ae7279012b7afaab19795d91ed491ef2d725d3212ca0b7d2c828ae348b00b37d2de583
- SSDEEP
  
  384:blTJ5MCBb2rnZArMyPz3YnYPL6iUHeMneiWPFRxM7Tplx5jj:bz5MCt2rnZAgyPzIh5eHxs3
Score

1^/10
behavioral15
- Target
  
  Driver/devcon.exe
- Size
  
  62KB
- MD5
  
  9b164409f52e2062d4c2e548dda5cf53
- SHA1
  
  6da7ceca6393b46bd5cce7dadbb1c2d4b3abb54b
- SHA256
  
  81f073371eb9f650b853ddf4109d1ad7baa04515318e80ad597f52b4d58e6fbf
- SHA512
  
  9f617e0f8b5aa6bc9d3344ff5564839dd118615203a1bdc661fbde412ce0894cf18b0da2ca0e40a1bb0889387c8233b785273d6b909e13e8da500ee6a4872c73
- SSDEEP
  
  768:UgEuhGUsQ9Z7lVQpjagwpKsQt2I6/evxHs4gZWkiB4tT:p1/9ZisQtSmxHeWHBCT
Score

1^/10
behavioral16
- Target
  
  Driver/x64/DIFxAPI.dll
- Size
  
  513KB
- MD5
  
  b3bee50089fc8af48faa125d9788de23
- SHA1
  
  775c988986c0653311d78bf110c5a32ca900cb6a
- SHA256
  
  4dd37da6d1dac60b989be6ab4b1f20407d2536a48faabefdbb40be86b7393f2f
- SHA512
  
  a84d55562531004ef09de40c6e8bae72a86efe79c28ef270dc87a6e0f525a11a4fef5e672bfa0cd1b1e3765d6db66ffd7bc4b7bb25f16f4031a88a89dfcbeecf
- SSDEEP
  
  12288:VsxYL+kJmoPdVp6s3EJBjCvuF17+2NdJf:VsxwSoPdVoBjCvuF17+2NdJf
Score

1^/10
behavioral17
- Target
  
  Driver/x64/DIFxCmd.exe
- Size
  
  18KB
- MD5
  
  7a762753d5d09619fc3d33dd17482788
- SHA1
  
  134482932cec0c44639043588b2006810d6683cc
- SHA256
  
  499576c8cde4bdb9615465fd15010bb675d44103774fa4d251842b1c4a2b1a05
- SHA512
  
  5f2d4eebe0a241592eb79e4ecfb42722121107da28fe800ba8a923c85fe16848cbaf0b1705f78575c3328dc5cfeca2658d072ab3dd928a00575afea8dd86f913
- SSDEEP
  
  384:f/LSSz/NZpQ0vnUT7bnXCn8JnYPLWDQ9goQ:f/NQ0vUTnXCnkt2s
Score

1^/10
behavioral18
- Target
  
  Driver/x64/Driver_Remove.bat
- Size
  
  332B
- MD5
  
  1e6abbfce3da92689e4074ee6e6f916e
- SHA1
  
  a3a645d2c8b5413c27510bbd96f361e3a59991d5
- SHA256
  
  62d5bde41160fcf92f8267b013bedda86b9fe8dcb7f9e419948c6ad2dfd9ae0e
- SHA512
  
  d1b3eabd9f9f5207563162e1c19f8ddc1d314562f6bce65d9342cabd12e5ee99cf78bf39e1ad08eb39edf44cc3932a784222cd8f17a1e4d7b8c3b224b3f1a64c
Score

1^/10
behavioral19
- Target
  
  Driver/x64/Driver_Setup.bat
- Size
  
  98B
- MD5
  
  4726fc771e4a61c8ce6faba6cdbc2f5c
- SHA1
  
  72bb59cdbbd161809292a72b32664562b71fd2eb
- SHA256
  
  0c14524dacbdb3818a3a4af3829a51d5d3472f2376e2be7d5532e858a727c5f2
- SHA512
  
  981ba283345b67ed6adb7d2b77ae0de9fb1d8855934c0dac0b680109b8dfb619622127276244356468c1539077be5abf872c7e28e52f38fce0c3afbc775e3bf5
Score

5^/10
- Drops file in System32 directory
behavioral20
- Target
  
  Driver/x64/HHTHid.sys
- Size
  
  24KB
- MD5
  
  175f4a95e9472aa9853e3f4f15ebecd0
- SHA1
  
  69ae4a618d12c69a61fc815e2a916be88382ab6b
- SHA256
  
  8d6691a44c33ab197794a179e9692be11b77927e6fad4b4fcd50379ee819d337
- SHA512
  
  288213e726be769a6422443061052ea06fdfa75a5965e781f3d40f4002dd5edd8e99eeb82a4901a75074be5a8bf255b0e90d1fdd53b7294fbcf3c57cd569c2a6
- SSDEEP
  
  384:kzGf58EXyJ9a80rl3oYcm+pTQdunYPL6iUHeM8PiWPFRN1uQlxst:AGfCEXyJ9ZGlc2duhyHru1
Score

1^/10
behavioral21
- Target
  
  Driver/x64/HHTHidMouFiltr.sys
- Size
  
  23KB
- MD5
  
  fbcbbba0fbc8e1d9eb42f22a92e0c96b
- SHA1
  
  f256cce7c0bc30963a2649f2f0ddd06d1c80a3bb
- SHA256
  
  96a8a9229837a2a25d568d0493b4bf18949c1332113c9c8ffaaebaa849de201a
- SHA512
  
  822c7fb3a5771fc0d30b652426345c15c668b3375b209e4fb73d78b6ec301bb413ad2921dc3284592176e9333886b081c86c2a4be51d354dbd7f65fe1f09d0b6
- SSDEEP
  
  384:5lU0r67cSLnYPL6iUHeM3TiWPFRgwp9fl9TFY:/UG6/LhJHTM
Score

1^/10
behavioral22
- Target
  
  Driver/x64/HidFiltr_Evi.sys
- Size
  
  29KB
- MD5
  
  111d4505d71a92ddc2997ef6fbf6269f
- SHA1
  
  bdf2f64d0e66c89913e986fbf978cf372b1104af
- SHA256
  
  5d7627ffde70ba97437fd413b3c0be8fe5e46eab944c376245be0664ef4e83e8
- SHA512
  
  5e3b9db65d12db1635edc9dbf019606379e3ca870b68a0155a0d3a0a80e56115079a3f1252aa2d53536071ec20e868d7cdb88d0033aa064b7b0ebf2f1f4887d2
- SSDEEP
  
  384:EOAIj9ZzBoJLoPf0rl9c3jlPaknYPL6iUHeMZHoiWPFRWw2Ktkl9xhve:E9ABE+Gl9c3xPakhkHW18
Score

1^/10
behavioral23
- Target
  
  Driver/x64/InstallDriver_HHTHid.exe
- Size
  
  172KB
- MD5
  
  915c8e1c85b53df5983374f36a727d75
- SHA1
  
  0bb6e31952300557e785b0cbc559a5f38605e2dd
- SHA256
  
  fbf9fa038763bb13852247581d4c66660fab4a9557a1bb157d4643c052032db7
- SHA512
  
  68189135cf15eb5b37571e8aa9ee85278646aef4acc2fe9be17ea647f96ede556a1608294285322911059cc90cdab74c963cd1db0f2cd9fffe450e63bbe05fab
- SSDEEP
  
  3072:d/qyGcm48j1/j7jAcfhtolbWmJBW/EqVccMraZ+5X4EFEOZbKYC:d/qfJ9bHAcf8lF/W8qCaZv5Qby
Score

8^/10
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral24
- Target
  
  Driver/x64/KbFiltr_Evi.sys
- Size
  
  29KB
- MD5
  
  6c1fdd35b9f18313b67bf192353d914f
- SHA1
  
  3fe8995fca334473c867bb597eac5d6151ef1bdd
- SHA256
  
  f47d72ee968dae3ca2783fc2980f78bde3594cd4b95e1d6790668e40560d251c
- SHA512
  
  5c27c597783d84faaf77c7e44e41891df8039fb27e0a42be36c62d5d8f5190d9e289151a8304b5d739e9c0dd7d66358495c38a4787249f8b385b791c822865ec
- SSDEEP
  
  384:u6eHG14T96kkanuL+Zuozyh0rl3rwnYPL6iUHeMyoZDiWPFRUt7lNeHip8:uPGix6kkansdGl3rwh4oZDH9
Score

1^/10
behavioral25
- Target
  
  Driver/x64/MouFiltr_Evi.sys
- Size
  
  29KB
- MD5
  
  f9d3df95649ae65bda9b22fcc73cca5e
- SHA1
  
  ea46d5e138568080fa7c80b7471a7984e7033096
- SHA256
  
  9859bbe498b969a0602b64d2eeee300f645713fc3dc5c1ca75954ed6b315a61d
- SHA512
  
  7a2b48ca7a51a34eee66f6c35dd2b80004c65ca92d80c4fb436ca330aa23a0e95f7fdd4b8b2b2f358326ed4c53b1d8c34ae19425b89b9599275f14e5226b2b91
- SSDEEP
  
  384:JFDu0H0LIWV2fKehIcOUh20rlms4YQz3UnYPL6iUHeMHeoziWPFRTp9fl9TJh:ri0UsecKehIHGlb4PzEhB1zH17h
Score

1^/10
behavioral26
- Target
  
  Driver/x64/devcon.exe
- Size
  
  87KB
- MD5
  
  4e86763d7ec534917c22b2c124ebda03
- SHA1
  
  8eeb4e87459b09033bc5b445f98c8a1d8003c5b8
- SHA256
  
  28e6d2f856266e5ece8bbb919b9dbeab63cb5a3f759a6189c60d7aa648086278
- SHA512
  
  9f28144b41b5e469ff8bc31330d38003c3db38d7bb546fe8ea9976d3f38592480ce7d620211f7417be62e0e5421d0d9658361917397d86a3707f7bd55e42cd5c
- SSDEEP
  
  1536:Oge/CfbcTODD1nXiN3Rxr3laPF4O7WudC:OgTyODhXs3RxrsNRWudC
Score

1^/10
behavioral27
- Target
  
  DrvInDll.dll
- Size
  
  116KB
- MD5
  
  c27eeb5cd4adff5669b633619d34ee45
- SHA1
  
  9edb24785af657663e51606ef02e25c40c5b0e56
- SHA256
  
  94987e1bc6b8d45f77b56d0a74f2e41191ea5361df810aef395f1cf4e2af0465
- SHA512
  
  1f582f81d595af78e74493fe4ca53ec885a85453fe60bdd50cdb8718bc4078f6caf2927a6b0872d81e06a9a34ce2a87fc30a114b83299a0439fcbd3212a443f1
- SSDEEP
  
  3072:LWb9Tw53DoSOnXzCRTlxzYxNAg0Fub8tKWL:uM53D1OjCTlqrAOJs
Score

1^/10
behavioral28
- Target
  
  DuiLib.dll
- Size
  
  1.4MB
- MD5
  
  048bdc44c0ce76e594129e100f87610c
- SHA1
  
  4dad9c3f49b21ea52d7a07314c45cb7e92831cd6
- SHA256
  
  3681b1ecf7642b5d048e3de219c171badb4f949395d4d84211aeb28bc03d6b3a
- SHA512
  
  8224158be6e389e4d0baef3874644faef18d27a1bcd47e22026b32dcb6dd317aaefc2334f1932ff613acbfbdc73bb2f1a6fea9fa64586b0459163bf19a582c9c
- SSDEEP
  
  24576:E1hw5odutyh77lEcXZGsTN+6IC/jQKx93ivGDD7FDJ:WwrQJlzrTNtICNrDtDJ
Score

3^/10
behavioral29
- Target
  
  HidServ.dll
- Size
  
  42KB
- MD5
  
  19cfb1ba0fe750d30daefa7ee5a58a9f
- SHA1
  
  423330915d96d3530c0cf3fa4cdb62d0117d5242
- SHA256
  
  7f511e25c92f465c81fb3629eecab79ac7ea506413ff32003b370a4787b724d9
- SHA512
  
  373306858c0547ddcaafef332c0cf8b018469cd3f4a8b480c4051f4da1d6b3439b2f1be52bbf8a2b38e515767d2b38ab1f6db2ff4e84ff1f8e2598dc96fb5c57
- SSDEEP
  
  768:X1avQg88rk/mJzNwAy5/c9WZXx5xutrhNb1ut:X1hgPQAy5/c8ZBv2rjb1M
Score

1^/10
behavioral30
- Target
  
  HookDLL.dll
- Size
  
  44KB
- MD5
  
  1fd575a0b0ff4e5648f6552eaa6dd10b
- SHA1
  
  38c63be2d74fdf8fbe002ea513e2f4d42a40f908
- SHA256
  
  9ab5e1ccff616db6e9a7d571b1d932953abadf85a489194827aee8326e436b12
- SHA512
  
  c6586e43fa3d0c9be6b7fa7a5c69032af8789f861d4ee6b3de7e019ee54e7f9a392dfcd70c52e7cf30608093c60e8aa6fab46b481b4204323febef6102f5656e
- SSDEEP
  
  768:A0MxliBRt2uw294n0Guc7TVrDh9VGgXZ8n+19Yl5C5pYtd4F5i5klWantEDodvyk:ALu92Z7TVB9Vd2
Score

1^/10
behavioral31
- Target
  
  KbDaemon.exe
- Size
  
  3.1MB
- MD5
  
  b4423053e64aed215a2f77e39d972f4e
- SHA1
  
  6af6bc5ab896044334801b177746e2f0c2f2556f
- SHA256
  
  4dc0740495ae7e8e24059083682f75ee7ab02aa3a50cbff016928cd3648f7e30
- SHA512
  
  250dff2b45b03714a9aad9fe025bafdf0012819d041d3dfe9fe886fe5f47cf1d8a9673f26812671386c3205ac1868745b17faae76988980d0c9ffde85c4d80b4
- SSDEEP
  
  98304:SxhRDlx2BhHuYPSBpW6mjyp/R31jawxyx1OxXx0cY:iDT2nO9BpWrks1OxXx0X
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Drops file in Drivers directory

Adds Run key to start application

Checks computer location settings

Drops file in System32 directory

Drops file in System32 directory

Drops file in Drivers directory

Checks computer location settings

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32