aef0a3047c1d28f5ea9c64a530e1183c507f62e8878b51d8b0ac043fafb87df1

Resubmissions

25/05/2024, 17:51

240525-wfdqjscd71 8

25/05/2024, 17:46

240525-wcqwpscc7t 8

Sharing

Copy URL

Twitter E-mail

General

Target

Delphi ( Autocom) 2019.0 Cars.exe
Size

10.8MB
Sample

240525-wcqwpscc7t
MD5

16866b9762000c4e57787911a2aada98
SHA1

f3d873cbaa765e215fd6a70127ac8afaee198088
SHA256

aef0a3047c1d28f5ea9c64a530e1183c507f62e8878b51d8b0ac043fafb87df1
SHA512

39180033859304b006a11b6aa65e5e3a35772056ca6c47b77ad4ba34c02e02791b4d590e6bba35cdac173fe6db7c59d0790b9dc0b46446b59d4d76391b545dea
SSDEEP

196608:ueU4ys2IbPyZ3VhHX5sbNjE5GqpUvQEleKQGIPeU8sPdHkpr+BDRJTImW:ueUBtIbPyZFhHXmbNh0UvnQ7xHkQBDRO

Score

8^/10

execution

Malware Config

Targets

- Target
  
  Delphi ( Autocom) 2019.0 Cars.exe
- Size
  
  10.8MB
- MD5
  
  16866b9762000c4e57787911a2aada98
- SHA1
  
  f3d873cbaa765e215fd6a70127ac8afaee198088
- SHA256
  
  aef0a3047c1d28f5ea9c64a530e1183c507f62e8878b51d8b0ac043fafb87df1
- SHA512
  
  39180033859304b006a11b6aa65e5e3a35772056ca6c47b77ad4ba34c02e02791b4d590e6bba35cdac173fe6db7c59d0790b9dc0b46446b59d4d76391b545dea
- SSDEEP
  
  196608:ueU4ys2IbPyZ3VhHX5sbNjE5GqpUvQEleKQGIPeU8sPdHkpr+BDRJTImW:ueUBtIbPyZFhHXmbNh0UvnQ7xHkQBDRO
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Unknown use of msiexec with remote resource
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/INetC.dll
- Size
  
  25KB
- MD5
  
  40d7eca32b2f4d29db98715dd45bfac5
- SHA1
  
  124df3f617f562e46095776454e1c0c7bb791cc7
- SHA256
  
  85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
- SHA512
  
  5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d
- SSDEEP
  
  384:pjj9e9dE95XD+iTx58Y5oMM3O9MEoLr1VcQZ/ZwcSyekMRlZ4L4:dAvE90GuY2tO93oLrJRM7Z4E
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  4add245d4ba34b04f213409bfe504c07
- SHA1
  
  ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
- SHA256
  
  9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
- SHA512
  
  1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
- SSDEEP
  
  192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  1d8f01a83ddd259bc339902c1d33c8f1
- SHA1
  
  9f7806af462c94c39e2ec6cc9c7ad05c44eba04e
- SHA256
  
  4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed
- SHA512
  
  28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567
- SSDEEP
  
  96:o4Ev02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YsNqkzfFc:o4EvCu5e81785qHFcU0PuAw0uyGIFc
Score

3^/10
behavioral7 behavioral8