fb0e1a5a8ce0287140caa53c632cde2d111014e14b7f42b8fae5b287aaa3736b

Sharing

Copy URL

Twitter E-mail

General

Target

Контекстное меню.zip
Size

1.1MB
Sample

240529-t2nfrscc77
MD5

e8c6d44edd23d9b49dae89442230baf7
SHA1

0e8c69e88c1ea07d4125cbae41f7c65242508210
SHA256

fb0e1a5a8ce0287140caa53c632cde2d111014e14b7f42b8fae5b287aaa3736b
SHA512

694c48bd7054cd7e0270867061a5add9e29f8bac8126deabfd29c6097a7c139d5ba33ef58b6ee2551eff1a602b57fa5fec43861d31aa0257e0fbfd06089debb9
SSDEEP

24576:SXtaYy5rbOkuFG2vRNzAmFbSDm+eMGPxpzRII8Z4EyFg7Ix:XYy5rJkvRNzAmUSqU+IaMg7u

Score

10^/10

persistence upx

Malware Config

Targets

- Target
  
  MENU.bat
- Size
  
  183KB
- MD5
  
  7d5957e6a5bb4c3ca187deea5ae7ccb6
- SHA1
  
  8ab3d729aa3a4b8b65bc7c55c20584f7f051c08d
- SHA256
  
  5fc67423b7525b9daf0c2cbd454206e2db1ca167c8fd6b8e390caae8797a6352
- SHA512
  
  782a687c23c5ff9c1472ba88a8e4f2bc9f2e6b268c4286eb7581e95cd42f00cf9761b025027773edef849fad542fdbb986c96b46489811c9441106e308310730
- SSDEEP
  
  3072:mA/9obuPb1dhnWpGy+9l1NRldjayM4m1EPBPbuE1m7:LFobuPb1yR+9l1NRldjbM4m1EZPbuE1G
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  Work/RegToScript.exe
- Size
  
  941KB
- MD5
  
  86ff97b1873b136a0ca5e6409f4760bc
- SHA1
  
  72e3c177e8f6de279bbac981eb4229fced7baf2b
- SHA256
  
  ff14c17e3e380f4557b413f8a77fa40c8404a40a94d4719c0b33af2f58bd0a95
- SHA512
  
  736473b2953394ae9de6f031c3c08438d2dff48c83e0c1892d086151968a7ef17af1069c2e115f7cd9d6272825c1ee84bc6aaeaa469507863debabb44108e06b
- SSDEEP
  
  24576:yfTkD0E003ubc2MRgCmP/ZwIDzq+Iha5a0HhI:GG00SSgCmP/ZwYj48a0B
Score

1^/10
behavioral3 behavioral4
- Target
  
  Work/RestExplorer.exe
- Size
  
  806KB
- MD5
  
  ac75bde2b70097ca86e16987bf387857
- SHA1
  
  06e72123132e1ef58f7b7ea3c8e65cb75062e6d6
- SHA256
  
  ec890a669da3c53b73ca83ec0c267fa0dcf1ad428feb829a3422ebc36bc1841f
- SHA512
  
  f4994e8e5a807caa254e73e9796d61bcea204f0aa80cc391bccddbf28478f738c1d4f095518196a9b152654596beb184b36507ffcf434407d78ad1c3e43b96a0
- SSDEEP
  
  12288:v69zDWz/xwNqdsbrIX3JALF1QbCagrEGgtNryyCJuDT/PNa04YQtHyw4AR6SPWc:v2DW/xbmX2YIb+Qsu3/PNLDQtHyZiP3
Score

8^/10

persistence
- Modifies Installed Components in the registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral5 behavioral6
- Target
  
  Work/SoundChanger.exe
- Size
  
  226KB
- MD5
  
  85c6cb4b878b49c4f73abd6316b58230
- SHA1
  
  2a3e616b036819035bbfe4e0a2dc49c82449a314
- SHA256
  
  7987fd74868b355632df577b9d18d449f696b2a96ea7633cae35cd07c600a588
- SHA512
  
  fc269c2f16b0adcdbcf5d5b2ac55ba079d46b6801508d5db82a7adf5085b9e11024dfe745d416c7fc5e09b05d057cdae8589891965b6534bcd07f8ecc8dfc606
- SSDEEP
  
  6144:nt5hBPi0BW69hd1MMdxPe9N9uA069TBnFuCndEJA:ntzww69T9FTWq
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8
- Target
  
  Work/TrInstaller.exe
- Size
  
  89KB
- MD5
  
  28060f18f05f730ded91d9bde00ae438
- SHA1
  
  d334a9f148b332df47e467f8a09e3ad97c3eb616
- SHA256
  
  f7331de17aac3cfcb855d72571368c3d563556f68f9e138956fc8179ce3bc19b
- SHA512
  
  c7e3d5620681b4f13e99205f3c2243cf3db7f133fa2b638e2002b090cf2abd024a0a742d4f3f5489026c98cd27261cdeb255fdcd62662c4a8aa48db81c506e31
- SSDEEP
  
  1536:GqqBNbySepJy3PNRi7iYgnD3OtQDUNUd/+9d:VzvA3P3i7Pw+ts98d
Score

1^/10
behavioral10 behavioral9
- Target
  
  Work/cecho.exe
- Size
  
  25KB
- MD5
  
  e783bc59d0ed6cfbd8891f94ae23d1b3
- SHA1
  
  47fe9045da4b1be2a52d80c0b3cf790e04d29108
- SHA256
  
  5c1211559dda10592cfedd57681f18f4a702410816d36eda95aee6c74e3c6a47
- SHA512
  
  d09fc6574359a5df8885b035a8d05c4743d58f56fee3ffc2cc4fd7c3beec93c8994cd1f296b99a2f0f17b13ec7b03415912f49e13f5d1541839878f6bc498020
- SSDEEP
  
  384:KwoPn3OgrkyDyjNKA7DY+kRKzRq92/A2Yo8SKwRS0JSqRdmMOOI1Kz+ge+u0GgfT:tofFhw9NkRKFqIA4Q0ndmMI15glZBf
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral11 behavioral12
- Target
  
  Work/explorer.exe.mui
- Size
  
  14KB
- MD5
  
  3938fd28a440a591963d139b29ac4a64
- SHA1
  
  cfbbae54795d6899a71d99c8c468fbc01bd2956b
- SHA256
  
  f6913d22dbb63439374a3bc7938f3b0349da2056b81f82f6f058aae515537c86
- SHA512
  
  8a4dadbcefd3b6d6ada18e150eb6204ae72ab1955f7478cd06341dd7b231b791fee9b9fd2cc4db3d055577ad1b58eee4481c28479103900ad22e3fe1b595774d
- SSDEEP
  
  96:i8RL6t6v0BP5c45wCwCNZH6FTHk+vxji0nFGCSoltGpisiDp/VApzvmfe8zlfORG:AtZJN2FTHJ34KO2fWB4N
Score

1^/10
behavioral13
- Target
  
  Work/nircmd.exe
- Size
  
  116KB
- MD5
  
  5ed4728caa339c2a7479102f0c04c087
- SHA1
  
  20cd453fcac9d9960b0076715d985a55784a6b53
- SHA256
  
  7160db2b7a6680480e64f0845512d203a575f807831faf9a652aaef0988f876c
- SHA512
  
  a521eac0d54fbfb9726fad3fafcd7779d455ca46e065a3eafc1a7883961b061550bab8e93ce576904b6c6b2d25cf129ff3d2437ed26a6033ac7c0b4c628dc865
- SSDEEP
  
  3072:WG0YiclG1aM2F3W07EBxp+wrppp8pKZOijA81fBRHwHlAqzPWKwv:hiclGwI07580l5WJv
Score

1^/10
behavioral14 behavioral15

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

UPX packed file

Modifies Installed Components in the registry

Enumerates connected drives

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15