d87f723d17e0397593ea7560d6a0938e25cddcbc77b9128b90f8a1c871665ef8

Sharing

Copy URL Twitter E-mail

General

Target

cibfts (1).rar
Size

912KB
Sample

240602-rq5jssef2v
MD5

ee6ddecf17318eb513fdee1c0b831e43
SHA1

cab714cbcbb90657c36cbc38523c91694fea2bd7
SHA256

d87f723d17e0397593ea7560d6a0938e25cddcbc77b9128b90f8a1c871665ef8
SHA512

5bdf541ea74dcb8a2d60be015ee67aa134f6be5f41ebf76c6d768aa3914e61938396371b5ffaa6e54086381e0f1937fa9299da36404e79baa15d68c275f72ab3
SSDEEP

24576:+5R5BbqQPYE9vKVHLMGkBvwDgcPUu9eF3NRuLj:+5P4cYE9vKVHgGkBUdsxZNRun

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  equil/Equil.exe
- Size
  
  315KB
- MD5
  
  1072ebb6213cc03ac9e95ba8d9e64e0d
- SHA1
  
  9f55afff7552396fb06ef40b20a0758a1696e24a
- SHA256
  
  9bb70607d34ec9888aeda348c1dfa7984d5365586115e0fa6bd0fbf221f6d48b
- SHA512
  
  6cdc9c53ae2d5195a94338e470ad670dbbc0f65254bc4ab16c21bf4d15ff94c6760de807341ade5c651f1c87a429fea80aab57f72afa5d3ab285102385b72001
- SSDEEP
  
  3072:WUmTM6EWxDNq4h1SsiupSnq02qRwffb+BqFoDmE70G00QRy1mZ6MXHsFC6fzBjDb:MEYtjSsiupKwfohDRsXNVK
Score

8^/10

persistence
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2
- Target
  
  equil/msvcp140.dll
- Size
  
  558KB
- MD5
  
  bf78c15068d6671693dfcdfa5770d705
- SHA1
  
  4418c03c3161706a4349dfe3f97278e7a5d8962a
- SHA256
  
  a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb
- SHA512
  
  5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372
- SSDEEP
  
  12288:CZ+jZpQfIwKnkdmZJUbi7I0QfxK+pdd+cOj6LbndDrUw2K1fQEKZm+jWodEEVJaP:CEtmrdcK1fQEKZm+jWodEEb
Score

1^/10
behavioral3 behavioral4
- Target
  
  equil/msvcp140d.dll
- Size
  
  899KB
- MD5
  
  65b580c9a8174fc67e1b1af0a2a715d3
- SHA1
  
  8cd8ea9c8da94c6dc559c7f63606fbf0fc4ea47a
- SHA256
  
  c722452e02d2ff3362c8fc948566ba9cafd7f069688ede9a47f5307b19f09d59
- SHA512
  
  e3eba5caf4c1d86b7b270d1b10ac52c68d53c8c688cb226b9b27afaf4f3685f50396a6524b9d842657e479d88af2d6f65ceb5b42eeceeffbb353a4cf840f5a75
- SSDEEP
  
  12288:D8fvbORSHQ3BIzzp3hXAdmvQEKZm+jWodEEV1S11F1+:D8XbO5BIzzp3pAd0QEKZm+jWodEEr0A
Score

1^/10
behavioral5 behavioral6
- Target
  
  equil/stupidthing200.exe
- Size
  
  305KB
- MD5
  
  d0428771b2ed046406580f84959c43a5
- SHA1
  
  99c42e765225bace02653b8bf9a75e21cf66e0b3
- SHA256
  
  ed0c7e37f3992c80fb00180ad9bf9250e014d1f00ba090a2a41847aaa716dba0
- SHA512
  
  9d72c884e66bdadb939dd594b730c88ef97e5785c11e0db4f3ca5331145a8c653940cb1f9b4562313fb3f3597e0efd560cb828845273bbe6620d583c87433a3a
- SSDEEP
  
  3072:AWiXA+zRfgKNJyXKJkXQDu2xw+Gw/Mwie4F2BiCcBhUjVEIy:AWipR9yXKJGQDuhDwOCcBhgVA
Score

1^/10
behavioral7 behavioral8
- Target
  
  equil/ucrtbased.dll
- Size
  
  1.8MB
- MD5
  
  7873612dddd9152d70d892427bc45ef0
- SHA1
  
  ab9079a43a784471ca31c4f0a34b698d99334dfa
- SHA256
  
  203d10b0deaea87d5687d362ba925289a13e52b5df55b9de58ba534290af27bf
- SHA512
  
  d988e9ff11017465b019cf3b599ef7597d2c44fc37cbee9e846dee51990ca5dc45942cc183d9d25c1dfd84f33f922c2ceead6efc1ead19e8eecb509dfb78a083
- SSDEEP
  
  24576:p0j0QJnTXZLW3r6wq6m1kPDk2S+jU4MtOvpzlnEjD4xtT/T4mivSZXXyYR2kwQwt:mj0QJhoqlkgCjplEjD4DVM
Score

1^/10
behavioral9
- Target
  
  equil/vcruntime140_1d.dll
- Size
  
  52KB
- MD5
  
  af2ff5d5a619fe0ad4f08641ca500b03
- SHA1
  
  37717918f9c76b7a4df16923c14a57f66a244ed6
- SHA256
  
  ad5303adfe2db81f00bbfafe76205522005976e11148c8e91cab7d6cebc84942
- SHA512
  
  0c12d0dea9c60712e5a1f866b04c5c877ac7866b7a7a5793ea18784aa84985c5c506c95fe8e2cf57d2801a926433fa0c6e3466cd77d6bb0ee69496bfc9710cf6
- SSDEEP
  
  768:xgLq1pDi843Csb7PjWGPB8SAsMyGrfAQQP9zux:62IvWy8NFzrYFzux
Score

1^/10
behavioral10 behavioral11
- Target
  
  equil/vcruntime140d.dll
- Size
  
  162KB
- MD5
  
  54132dd5c5c2bb30c5118164b495529c
- SHA1
  
  b491106d246200463f58a3f2211fb51a34cb1b0e
- SHA256
  
  b7580fd2d2a607463a1f833f64c3dd599165172c921bf1e5b17927269b3e1b16
- SHA512
  
  aa701faf468b282f834fd6a0a06f5310075aabc891c3165f740a4a9ed047aa6cb3dd5c32ccd9504f52b45b06670685ec5cbd7271c46b149e18229141cf75837f
- SSDEEP
  
  3072:YttPtZllUjzJeiy24mdiPeIPweecbTRs/:Y4jFZy24fmqweecbT
Score

1^/10
behavioral12 behavioral13

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Modifies Installed Components in the registry

Checks computer location settings

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13