General
-
Target
ExtraSoft v.2.2.rar
-
Size
1.5MB
-
Sample
240525-rh4brsfd3t
-
MD5
a32da6fae5e6a133911ad915267e6331
-
SHA1
239ce2e4b9544193663328bc301b0ed2f0c3ecd4
-
SHA256
aefc68a09627909d0bd3b761065f52ab15d7f4eb93c94894761fd274b68ce796
-
SHA512
3a3a9804b2febe1ef9787234139dbca8a346242759a9f959d9afde7d5aba8ddd7cf805acfb27d6e178f04b6fa8b39537f43f016cb97a769b4212e6c08a9d589b
-
SSDEEP
24576:EP6XxvVto9jazYLKNhc49lbO0wDPRv8Q71K4:EP6XJc49k7Rv8E1H
Static task
static1
Behavioral task
behavioral1
Sample
ExtraSoft v.2.2/ExtraSoft.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
ExtraSoft v.2.2/UniteFxUpdate.dll
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
ExtraSoft v.2.2/api64.dll
Resource
win10-20240404-en
Malware Config
Extracted
lumma
https://museumtespaceorsp.shop/api
https://buttockdecarderwiso.shop/api
https://averageaattractiionsl.shop/api
https://femininiespywageg.shop/api
https://employhabragaomlsp.shop/api
https://stalfbaclcalorieeis.shop/api
https://civilianurinedtsraov.shop/api
https://roomabolishsnifftwk.shop/api
Targets
-
-
Target
ExtraSoft v.2.2/ExtraSoft.exe
-
Size
517KB
-
MD5
6d3484be978ce7734185614a50fa2ef9
-
SHA1
e665f2a7772514a04963f730258bfdbf66f63ad9
-
SHA256
a324292e0860ef6b1722391ae046dc12820dc08eaadcbf6b83e873d36d421d46
-
SHA512
d97298ac5e04a9212b05095ebc5077ee0a0115cd6e766fadc3d3591b9131d2d3899a66aed42a2bb53f005c8b4282c494f87994b127dcfddc015e7462e95ff4f3
-
SSDEEP
12288:RLs3SmdMrtCsuc08EGss3ml5HBtv5cwvIq8:0SisucB2XjBcwJ
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-
-
-
Target
ExtraSoft v.2.2/UniteFxUpdate.dll
-
Size
255KB
-
MD5
574558b3b586720a1b38e643970cc140
-
SHA1
0fb77375348c8586f8578ef8861949ac191fdedf
-
SHA256
c9966396c67f1782bad854724770b832799387eb2445bd48bbbd56f829e8e55f
-
SHA512
64906b0b62f43660caa89c3bb9a50ba8acf0c2fec30a43e59e624dfc13cfb7f851fe761ae948b87ba3d60cdab17605411b214e76198ed19686580c333ff6ab7e
-
SSDEEP
6:0vFXDOeeeeeeeeeXNGcJcJcJeCPePePePePePePePePePXKC++jk9:0vFz44eMQQQQQQQQQ639
Score1/10 -
-
-
Target
ExtraSoft v.2.2/api64.dll
-
Size
282KB
-
MD5
acfa9d5557efabcce4c0f879426f2cd9
-
SHA1
63b9f97f18c93a43ecd2994251c732b81ad3a412
-
SHA256
494384126a9b22000cfa4bb208060c7c485ef3286d539791d09df0897f841bd6
-
SHA512
75d1607c8feb7fdf9ee6293f58f24a2bc8fa4b905ff850f6b28b5eb61e1ed111abad0102044617dfcbb79b368fc668fc07e7d0dfd0c1c0d2d95c040edd184372
-
SSDEEP
6:xFXDOeeeeeeeeeXNGcJcJcJeCPePePePePePePePePePXKC++jk9:xFz44eMQQQQQQQQQ639
Score1/10 -