ddc6b415d04d15b96d75c06205c1d347548e0958ef4a7803366ef84af7a2fa09

Sharing

Copy URL

Twitter E-mail

General

Target

Minitool powerdata recovery.rar
Size

102.7MB
Sample

240525-y9fs4shc71
MD5

cfe3eaa52be5b3a4aabe53f42ad52f93
SHA1

eaa6680e0da1d5cb57a6a086bb8a6efc1142f12d
SHA256

ddc6b415d04d15b96d75c06205c1d347548e0958ef4a7803366ef84af7a2fa09
SHA512

08e3be0739907eac8d9181438f2663e132befae1e2c1319235151d28cf29889de45e07b5afe1cfc7fb92ef5e307cd570c4d2e0768328c1d3c6de81253d739735
SSDEEP

3145728:lwe+al83CiIhycVWDOQdaH5T/yaL/tKxl9S9:l383CiFcVy8xyaL/tCK

Score

7^/10

Malware Config

Targets

- Target
  
  Minitool powerdata recovery.rar
- Size
  
  102.7MB
- MD5
  
  cfe3eaa52be5b3a4aabe53f42ad52f93
- SHA1
  
  eaa6680e0da1d5cb57a6a086bb8a6efc1142f12d
- SHA256
  
  ddc6b415d04d15b96d75c06205c1d347548e0958ef4a7803366ef84af7a2fa09
- SHA512
  
  08e3be0739907eac8d9181438f2663e132befae1e2c1319235151d28cf29889de45e07b5afe1cfc7fb92ef5e307cd570c4d2e0768328c1d3c6de81253d739735
- SSDEEP
  
  3145728:lwe+al83CiIhycVWDOQdaH5T/yaL/tKxl9S9:l383CiFcVy8xyaL/tCK
Score

7^/10

bootkit discovery persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  Minitool powerdata recovery/X64/Business Deluxe/PowerDataRecovery.exe
- Size
  
  2.4MB
- MD5
  
  73056d4de5e3047ed815c6f4a70ae06d
- SHA1
  
  d30729686d1082edef5736a0b0ef378de1f29af1
- SHA256
  
  a5a1227dddf4b6198280f6020ce88215aa32bcd5e3b55690d3aed76bffd3724f
- SHA512
  
  77140178cd52ef643f81aec5517c4a8e830150d9fa99ae0a77524f05708577bc331bd7715e1820de9e86a53270db0bb0c4b8364dbd1fb48c5e1efcb4c40d5e02
- SSDEEP
  
  49152:Qh/7MxcZNUvjeWcKcnfowTPtZm3SM5y8JSu4zUXlmGXgjwgv1/e:Qh/7MKYrR/kPTM5yuhXlmGQm
Score

1^/10
behavioral3 behavioral4
- Target
  
  Minitool powerdata recovery/X64/Business Deluxe/PowerDataRecovery.exe.mfh
- Size
  
  52B
- MD5
  
  caf189790d0262fec15a361ce7cfb6a9
- SHA1
  
  ec15d22598b3b24152a2842d9b2b9cac522a5433
- SHA256
  
  7f85511fdf70660e7f8d8e0fbd21cb0c7dec661a17fd9464d2ce59c1cf7c1425
- SHA512
  
  f24aab4a1486b385cf5bac1dd77125cf18ee9993e627197558b55b4b5b9302b96210bb486fb1c8ec2644235aa81845f4f8b1c88467f95e53329d8e0210b645d2
Score

3^/10
behavioral5 behavioral6
- Target
  
  Minitool powerdata recovery/X64/Business Enterprise/PowerDataRecovery.exe
- Size
  
  2.4MB
- MD5
  
  450b662ae8f0a5ca2d6b5f3a2bf76b74
- SHA1
  
  b6d96f8781975ec07c5396235c922d7c0a67b38a
- SHA256
  
  fe5337f38c3cbc8f6f7f76bb4c4e2543c499b4622e743beeff87d0e5dfdaa615
- SHA512
  
  21fe355677d875b34e0b6ac9c6baa69b917281d91251d44024bce9ef066e398bbd501a72110da13020c9a624c2cb8bd44c17e0d9d59b43cf8873bb551274bb15
- SSDEEP
  
  49152:ch/7LhwwAxtdG2ZSZAV3sIHXTfrGgtei1LsFWRMWUK/z0BrZ194/e:ch/7LaBG2YAV8eXfGkx2KbwrZ19L
Score

1^/10
behavioral7 behavioral8
- Target
  
  Minitool powerdata recovery/X64/Business Enterprise/PowerDataRecovery.exe.mfh
- Size
  
  52B
- MD5
  
  caf189790d0262fec15a361ce7cfb6a9
- SHA1
  
  ec15d22598b3b24152a2842d9b2b9cac522a5433
- SHA256
  
  7f85511fdf70660e7f8d8e0fbd21cb0c7dec661a17fd9464d2ce59c1cf7c1425
- SHA512
  
  f24aab4a1486b385cf5bac1dd77125cf18ee9993e627197558b55b4b5b9302b96210bb486fb1c8ec2644235aa81845f4f8b1c88467f95e53329d8e0210b645d2
Score

3^/10
behavioral10 behavioral9
- Target
  
  Minitool powerdata recovery/X64/Business Standard/PowerDataRecovery.exe
- Size
  
  2.4MB
- MD5
  
  7489b80eacad75309defffdee69375e6
- SHA1
  
  8570ee71160a7af58aebed5c89ef3642387a7d23
- SHA256
  
  109f570709921686e80c062969e49330183bc115de2250faea4365993bae8427
- SHA512
  
  071a45f6dbc90bcbb5396d4bd975d2332fb23c83cf5dc6c3b7d59e7c1caaaa3a6a9c0c3758a1c5f586504e947b1b8cf86d0eb7f231a6ff0fecc65a593f0bdf96
- SSDEEP
  
  49152:+h/7s/q2QGZZ/tfGGmvP9poRgWsjFD98iL3jXkIodz3Xyg/e:+h/7s/LQ6nUdpoRghjIiLT+z3q
Score

1^/10
behavioral11 behavioral12
- Target
  
  Minitool powerdata recovery/X64/Business Standard/PowerDataRecovery.exe.mfh
- Size
  
  52B
- MD5
  
  caf189790d0262fec15a361ce7cfb6a9
- SHA1
  
  ec15d22598b3b24152a2842d9b2b9cac522a5433
- SHA256
  
  7f85511fdf70660e7f8d8e0fbd21cb0c7dec661a17fd9464d2ce59c1cf7c1425
- SHA512
  
  f24aab4a1486b385cf5bac1dd77125cf18ee9993e627197558b55b4b5b9302b96210bb486fb1c8ec2644235aa81845f4f8b1c88467f95e53329d8e0210b645d2
Score

3^/10
behavioral13 behavioral14
- Target
  
  Minitool powerdata recovery/X64/Business Technician/PowerDataRecovery.exe
- Size
  
  2.4MB
- MD5
  
  808db5d61d2e3b5e43b714e3bd2bab0b
- SHA1
  
  5552281a64c160762558e900c4a681e702922814
- SHA256
  
  89c4a6dba078aa5a219f8f2348265786178f115844f87ca9b0705e3c73246b69
- SHA512
  
  d10ccc9474f77da1d0ed40667570b64a7aebd0de4c3072a376301672dde167eefc115b83518c5713a16ec5b4c6a70f3df9b73ee55583e72287f7f38d3c6d65a2
- SSDEEP
  
  49152:Lh/7yMXUoxJkT/LSqA5K0+nxlrbbFvvxjhxqgu7wLg4BB+JEka+r1bmhxy/e:Lh/7yMNx2TZNDl/lvVhw3ToB+J/w7
Score

1^/10
behavioral15 behavioral16
- Target
  
  Minitool powerdata recovery/X64/Business Technician/PowerDataRecovery.exe.mfh
- Size
  
  52B
- MD5
  
  caf189790d0262fec15a361ce7cfb6a9
- SHA1
  
  ec15d22598b3b24152a2842d9b2b9cac522a5433
- SHA256
  
  7f85511fdf70660e7f8d8e0fbd21cb0c7dec661a17fd9464d2ce59c1cf7c1425
- SHA512
  
  f24aab4a1486b385cf5bac1dd77125cf18ee9993e627197558b55b4b5b9302b96210bb486fb1c8ec2644235aa81845f4f8b1c88467f95e53329d8e0210b645d2
Score

3^/10
behavioral17 behavioral18
- Target
  
  Minitool powerdata recovery/X86/Business Deluxe/PowerDataRecovery.exe
- Size
  
  2.3MB
- MD5
  
  973ef32c93cc43d3129147112771a0dc
- SHA1
  
  3cbd58184df80bef69c15c7833fc04306d0b5190
- SHA256
  
  3ddaa6f156009b450fae80cca6c6a648ea9d17fa74da9dfe341a383865f90fe7
- SHA512
  
  807bb0d502faa6db71fafbc1b52dd63777fc4e75a77a053a886f8e9867bf8b92911dff408a8fb3b554be2af7c82991c6367de1e6400d11ee84018f2b17839609
- SSDEEP
  
  49152:3sJJsRZMDW47D7hTt6ALRT149GSGKzsI9uoLaQyR3rFQ8hLg:3mJsRZMz7hTt6AlTkhoTC8y
Score

1^/10
behavioral19 behavioral20
- Target
  
  Minitool powerdata recovery/X86/Business Deluxe/PowerDataRecovery.exe.mfh
- Size
  
  52B
- MD5
  
  caf189790d0262fec15a361ce7cfb6a9
- SHA1
  
  ec15d22598b3b24152a2842d9b2b9cac522a5433
- SHA256
  
  7f85511fdf70660e7f8d8e0fbd21cb0c7dec661a17fd9464d2ce59c1cf7c1425
- SHA512
  
  f24aab4a1486b385cf5bac1dd77125cf18ee9993e627197558b55b4b5b9302b96210bb486fb1c8ec2644235aa81845f4f8b1c88467f95e53329d8e0210b645d2
Score

3^/10
behavioral21 behavioral22
- Target
  
  Minitool powerdata recovery/X86/Business Enterprise/PowerDataRecovery.exe
- Size
  
  2.3MB
- MD5
  
  d648fe1384fcc3e142980badcccec25c
- SHA1
  
  77528f5f82312b251c575af4e8d286cc87bc70e9
- SHA256
  
  e4db7b62560afae625f67171af4e9f169648ac087279bf10e7c7eb8918bcf1aa
- SHA512
  
  2fd4015ecd0554eb72c2b188bd93bc7e0086addf136dfefbfa5bcc0cde74b1a2d813a4ab923515df13404b7f41d99faeb83655afc12bddd3737e2c0856d51f6c
- SSDEEP
  
  49152:psJvgf/D8ed8bl85zX8BgGk/BS+sq4ZTZh33Lg:p3/weqbS5z8oTT4NL3M
Score

1^/10
behavioral23 behavioral24
- Target
  
  Minitool powerdata recovery/X86/Business Enterprise/PowerDataRecovery.exe.mfh
- Size
  
  52B
- MD5
  
  caf189790d0262fec15a361ce7cfb6a9
- SHA1
  
  ec15d22598b3b24152a2842d9b2b9cac522a5433
- SHA256
  
  7f85511fdf70660e7f8d8e0fbd21cb0c7dec661a17fd9464d2ce59c1cf7c1425
- SHA512
  
  f24aab4a1486b385cf5bac1dd77125cf18ee9993e627197558b55b4b5b9302b96210bb486fb1c8ec2644235aa81845f4f8b1c88467f95e53329d8e0210b645d2
Score

3^/10
behavioral25 behavioral26
- Target
  
  Minitool powerdata recovery/X86/Business Standard/PowerDataRecovery.exe
- Size
  
  2.3MB
- MD5
  
  5342856374e4227fa3f7bf19c885c110
- SHA1
  
  2bf49299ec3c0cd5f8b648ca32e1494c7995f1cc
- SHA256
  
  efb67263c025dfec4c8d3215c49616073715b9540e1ebf28dec1c052209f96bf
- SHA512
  
  c185bcce89dd01aec668a8a0c52f8acc41152497020276ae3cee7e679ce1b39435bacff196d900524a2c430bede69a4cfad48301ac495e63c61fd57624bb4f90
- SSDEEP
  
  49152:4sLjfbr2NEdxBIqtm53BqqKYsHT5wuzsBrCXlyZojZab9VELg:4sjfbS2P9s5MqKY89CrCVy6Y
Score

1^/10
behavioral27 behavioral28
- Target
  
  Minitool powerdata recovery/X86/Business Standard/PowerDataRecovery.exe.mfh
- Size
  
  52B
- MD5
  
  caf189790d0262fec15a361ce7cfb6a9
- SHA1
  
  ec15d22598b3b24152a2842d9b2b9cac522a5433
- SHA256
  
  7f85511fdf70660e7f8d8e0fbd21cb0c7dec661a17fd9464d2ce59c1cf7c1425
- SHA512
  
  f24aab4a1486b385cf5bac1dd77125cf18ee9993e627197558b55b4b5b9302b96210bb486fb1c8ec2644235aa81845f4f8b1c88467f95e53329d8e0210b645d2
Score

3^/10
behavioral29 behavioral30
- Target
  
  Minitool powerdata recovery/X86/Business Technician/PowerDataRecovery.exe
- Size
  
  2.3MB
- MD5
  
  4d8122464e2f88de5b0d085122f38735
- SHA1
  
  59493c32ab7d96403f7002da2290897e55d13582
- SHA256
  
  c44564cce6c19caa23e54ff61a90d4290d9714eb9b0893ff88865ebe6f00daae
- SHA512
  
  5d63372792bbafcadaa22ca07164b588783ce9ef33f117bed7dc358417694f2e8e1e2b1a1499222ba63ea2df09e02ff815b030d59fa4de881ea2a436e40409ba
- SSDEEP
  
  49152:tsXu48nezc66RLkM2NCklBgC5onk/CDA4KnFxjmI6Lg:tmUezcbRLkoklrGk/SAqIT
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Checks BIOS information in registry

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Enumerates connected drives

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32