General

  • Target

    net472.rar

  • Size

    1.6MB

  • Sample

    240526-f4fbaahc59

  • MD5

    613e549fa981750abbbb84a0c299078e

  • SHA1

    b0a11fd998ac5c3e49d32b15ed0702e5bc5c3e31

  • SHA256

    0ed88a49d408c35804b71f9c3c9cc67c75b4b55d2572a615a52c8330308f4cc5

  • SHA512

    9d9ff6ddd99e73d889ce53038f31caa1d2c97f809fa424a379212cbf38bfc3deb70c7e229155a4a073653cc0d3e380b1e953821aa8af1758b9d92c68cb75c409

  • SSDEEP

    24576:/jrOhySNvijeu8uKL92zkgnLWIenJFWNOrwOr/3Yo3R+A2fbgcg3T5xnLE/nLCuE:vOhyS6jq992NMspKsfbzeT5xSnpNRA

Score
6/10

Malware Config

Targets

    • Target

      net472/Aga.Controls.dll

    • Size

      143KB

    • MD5

      b4a0f6a8034e7b0c0f939c0c2220c4fe

    • SHA1

      98984b7822a88663196fdd332f4144d942ca2b06

    • SHA256

      1eacd53f19c33740e2332c7e88823c7042214825711cb8a14dfcd98ddde6e3d6

    • SHA512

      8518b3ae360147f206519f148755bc976177e79a451efe30ba82fb95802b1601ad5e7b42226b6335b039dbab5866b1524d7ec3ce9076d69b8fcb3ec52b565e52

    • SSDEEP

      1536:THSrVD29C2yaOTdr8fynq7EVM8UVIyzVj5w/h/9CPys+Jd/E+1JSqLdKjydRRKHn:TMVDmC22JSqBKjZC7dmyoV1Xy//O

    Score
    1/10
    • Target

      net472/HidSharp.dll

    • Size

      236KB

    • MD5

      8d3eb299f8447b633334d1c426a2f0f7

    • SHA1

      8497ae75f2dd9271d9158a27250288905e8cca28

    • SHA256

      8c58e5fba22acc751032dfe97ce633e4f8a4c96089749bf316d55283b36649c2

    • SHA512

      e1b65393bc4c338a23e31ddee7071129aa70597b651c51c07b90e6d93d5d67e45f7715e0fe034c3508df4f2196f37360b2e07969036370b0a6170b0d8627cdfa

    • SSDEEP

      3072:ct5N7ozr/ES/jKLCPuamzT/n3yJ/TLSIIeTnImstJr39ipdDnVnc0CK9MaCr6HGo:60zzZ/eLrJ/nkrIR3EpdnFp1MEGdZY

    Score
    1/10
    • Target

      net472/LibreHardwareMonitor.exe

    • Size

      1.1MB

    • MD5

      7b72abf2e5f5d3a93e75d8a054db8f16

    • SHA1

      8d823ff97d92d775f87cd7434dd09f73511c5a66

    • SHA256

      14988f6b3e47424d3b762c38ec6978770ca5474eafab335422e761e6f0061116

    • SHA512

      a12ca954c5a28ae9fa0fb554fb048e9a9306ed867d0df3f03b6763f63b31b673c1c3f259e296bbaa5ef08a9540953694311c8747fd7b1cc9bd531ae42f3913ff

    • SSDEEP

      24576:44eVrLZclMP52YdWvi5P0KfpM6oy6ac7MELkm+FvCBa/RMz:eVxcKBfdWvi5P0KfpM6oy6ac7MELkm+X

    Score
    6/10
    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

    • Target

      net472/LibreHardwareMonitorLib.dll

    • Size

      671KB

    • MD5

      a23c14b293e5408a23751875a88acdd1

    • SHA1

      538ded5f294f91d93a3cc3b1457ed02b07c3e7d7

    • SHA256

      c081aebdbf9dbac03dedff76c5f50172eeb05ac5a79112c8d75a79ece0354a08

    • SHA512

      739dfaea0e65090c0ff593d026b48bcb57aa6f9d8c1dbe2784e1d33c9a059d9397c58f820639566a7e37c72dfe1cbfbd06381f032000584f32e5fc3981769243

    • SSDEEP

      12288:tu3RZJJyJhfNXhJ75psrbKIo/qUc3hy0x9hfVXM/Gbh:tu3TJJwNXhJ75psrbKIo/KhN9lVc/

    Score
    1/10
    • Target

      net472/Microsoft.Win32.Registry.dll

    • Size

      25KB

    • MD5

      59c48aacb1c413c108161afe13fdbed9

    • SHA1

      31ace4b26d8a069c84aad6001e06c2a5483806f3

    • SHA256

      e9a9d281c1a708aaae366f82fd6a1742f65da2918cc4fa5eaaaada0be24277d9

    • SHA512

      8252abe64c67863d9e4c70e820f0c69c517b8678a4b4c13a436118bc276e5f21e84522b93566c0bc009effcb251ed67bdbc60e4907abea2f33b6be3764e28d1d

    • SSDEEP

      384:j4nLpSumfSQrlHViaCZYvLPQmlJLfjnWn6GWfdHRN76+fVlGsa9h:j4QVrxViR9mlxd96lv

    Score
    1/10
    • Target

      net472/Microsoft.Win32.TaskScheduler.dll

    • Size

      325KB

    • MD5

      0616ea42b68a8f5f2f01bcd985bdcbc7

    • SHA1

      88d6aae1f17b00f4391e0e7b17e98c494be73ba1

    • SHA256

      ea27c65491119eee5c8e87ce3d470783580db8fc5bd141c496768d7d0cce779a

    • SHA512

      ce4657908615c4837084c75d806c083b8f7e63965a2e7866b8c96de7c0278a0857235b74cd9443769968165db250eba042a5b05927febff5bb70bebb7dcbd814

    • SSDEEP

      3072:QJA5RylsHmDFin8nhWvGzOJ1mYAFeYXxCJIrkp9TD6qaXn69aKCax8weCycJ5Dfa:ZHmDxnhWvGSJYRFeYXEee9TWqa369An

    Score
    1/10
    • Target

      net472/Mono.Posix.NETStandard.dll

    • Size

      13KB

    • MD5

      8ce5f9308a09b4b1e4e83197f75c1038

    • SHA1

      efc9f5bd3b4856360fb779cfeb601979a8fb842a

    • SHA256

      e67e359a40feb8665adbbd8f781e9e512866d103f2870ba57aab4aa59de83fee

    • SHA512

      b8b09317c7444ff1581342b06b8f175e14930a5d835a5fb7cf6f35c4dd8cd2439352d2418a543bcbb06b5caff74af4d905da5070f2080957fe52889e2c7f3c63

    • SSDEEP

      384:fOrMakxDuYItvNrEG21WM8jfWIEZiysoS6ysnfWDGapBjtLLIC:f1S6rneDGQ3z

    Score
    1/10
    • Target

      net472/Newtonsoft.Json.dll

    • Size

      695KB

    • MD5

      195ffb7167db3219b217c4fd439eedd6

    • SHA1

      1e76e6099570ede620b76ed47cf8d03a936d49f8

    • SHA256

      e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

    • SHA512

      56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

    • SSDEEP

      12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/

    Score
    1/10
    • Target

      net472/OxyPlot.WindowsForms.dll

    • Size

      31KB

    • MD5

      42db63f47ff2b3eb71ca4e1b24c9c7e4

    • SHA1

      3ab70d83886ca7959110c4243f886bd8b8b61355

    • SHA256

      57bb97dd3053d9849490721b2e1f671e28062c5b416d45e8d447f8180dca19ed

    • SHA512

      bb6bf4295a35293e7fb902fd55c38acfd2354751996d0652224ac4d8738797481ece69e2626e35c863790cc295b0a79e3cf0421e9830c8ed01cddd7c29e09781

    • SSDEEP

      768:nXIX0HO3+phEI+91+vq6gABT1vocUKjmuJe+Rhbw/x:4X0Hm+291eq6gABT1gcUAma6/x

    Score
    1/10
    • Target

      net472/OxyPlot.dll

    • Size

      661KB

    • MD5

      e3ae54d182070b2622688f8797407a5d

    • SHA1

      66be216bb8d856a88503226b7c2e35755fa33453

    • SHA256

      7628a1595d0caabe0a2a042079ea53e15608af49096c175a1d5e7f93fc0ea8f8

    • SHA512

      afe25cb2b73de582f6e683c1fd7abfccf45b59ebcff64a2018e99478c31052cb5b19c26ca1624f65e3a2eb9c4787bba5feb93a9b6c5058b31cf759ceca743c3c

    • SSDEEP

      12288:PI0llxtl9XSGbaGNV982nXWgfR95ZUNEhsJZYZkRx:PIoX7XPfR5UNisJZYZ0

    Score
    1/10
    • Target

      net472/System.CodeDom.dll

    • Size

      30KB

    • MD5

      59c830ac0d99f8c906292de85f804b84

    • SHA1

      68b6740e6ce97de8b1398f3a6e320940a0e16458

    • SHA256

      e8c88b0448083663910587efeacb6a1977749fe3ffe83b263fc01f7b63d7dfd2

    • SHA512

      4028fa6b68eb3a48bb9625e6755c8e3022283694bb603905af3db54c31bc2f7291aec11f7c42a033703f84c3ff265a19416eb8798058cc42ee3c14c633e9588f

    • SSDEEP

      384:FuE8ujCiLMTPji3h8241EEqYC0iIcwBxehzsCtZ7U6r1fDMqyt5/WduWTTb2HRNq:FDBCi4TWaveEqYChzZpgRoj/iP9zgBV

    Score
    1/10
    • Target

      net472/System.IO.FileSystem.AccessControl.dll

    • Size

      27KB

    • MD5

      3409c581f0c5083f0c2a93a7a5ac9790

    • SHA1

      18ea7bd41d31247148abf184527c9368a26f39e7

    • SHA256

      e6026501ad4056ff2f1655b0afdfe8923bc6e8fbad67e1e9ef56e3002f49fbb9

    • SHA512

      ae877c6fddad0e4133274e6372d783eaa4dd6bdcbbf40ab66302fb89bd2f76b215130001186b5c9a135abd16336c5bfd4d414177704d7d359539da91918e82ed

    • SSDEEP

      384:nmjoB5y+MLi9VYp/OiRc715ZkSAcE1l2Yd5zqNz8TWgVbWqdHRN7NfVlGsa9x:yCN9VYp/OiRcnZIfk8PpET

    Score
    1/10
    • Target

      net472/System.IO.Ports.dll

    • Size

      33KB

    • MD5

      9f8f668a21905e03ead718851a14ee41

    • SHA1

      8497a890fb1b99a0824ad5d0d9061756fec26d21

    • SHA256

      83b941ad7b18fc02ab2b11fd976ee15c94ad5c4829964a32a716d10c92c1b953

    • SHA512

      33691273afc757e6d609c6e31a31820aa5c84df460ae2634253113fdf1f28985ff8cbcf66e2fd73a60d40837afdf1f19767cbeb00b39bd3ec7f9844b841be3ce

    • SSDEEP

      768:GWqENghJ0QYVqXz/jABzYHK7Cgn19fgD2+/ici9zEL:GWqXzIkz/EBzaKrn1aqeic+zEL

    Score
    1/10
    • Target

      net472/System.Security.AccessControl.dll

    • Size

      32KB

    • MD5

      996aab294e1d369b148d732e5ec0dfdc

    • SHA1

      28465fd34680a082506f160107f350b46140a1aa

    • SHA256

      1fda491eebdb19ea0a83cf6c16ab5dd004a1bfdfc845ede017ebe0945beb927f

    • SHA512

      5e6b172d2de5928915b38ec80c7b76f42430aac959f04aa3521c63495b6f3c4f82df139c275e9fc5024b1a0a4f307daade6130b6028779f98f456282ae8b61cd

    • SSDEEP

      384:jFGa3siuaS/bRSqtesyvaMAdB+w3G5h9MCZYsMfpcrqmf9wEJqIxVRvFNgfBkyNp:jAa3FuQwetxWBkyNE0MXwVP

    Score
    1/10
    • Target

      net472/System.Security.Principal.Windows.dll

    • Size

      17KB

    • MD5

      be2962225b441cc23575456f32a9cf6a

    • SHA1

      9a5be1fcf410fe5934d720329d36a2377e83747e

    • SHA256

      b4d8e15adc235d0e858e39b5133e5d00a4baa8c94f4f39e3b5e791b0f9c0c806

    • SHA512

      3f7692e94419bffe3465d54c0e25c207330cd1368fcdfad71dbeed1ee842474b5abcb03dba5bc124bd10033263f22dc9f462f12c20f866aebc5c91eb151af2e6

    • SSDEEP

      384:cEwo6eTs14YY4cWpOW6dHRN7FYpJAlGspU:VwDdT463

    Score
    1/10
    • Target

      net472/de/Microsoft.Win32.TaskScheduler.resources.dll

    • Size

      9KB

    • MD5

      c9b4eaed07ef72e5ed0f9ecb3e9ffb66

    • SHA1

      154bf2e5eec4c08e8954b229439e03a1fb5cd0e8

    • SHA256

      b2996e6b102fe829b5683936dd7197f26f375ea16499cc4e6af88e78538b9ff1

    • SHA512

      0482b7328c0c5e82e82aba033ba6dd5f1800ba0fcef1522a4cedf3c212156796738c8c4ab580375b77d90c7cebc4723d35518f990b836aa64f5ce173d1195fe5

    • SSDEEP

      192:OiWWNv/jzSENtqcadVl8PandjJUf7ZJSqSi/ufXg1v5rxX0XWr:11Nvb5adVl8P2djJMZJSGu/a5rxX0XWr

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks