Overview
overview
8Static
static
3EPP_update.exe
windows7-x64
3EPP_update.exe
windows10-2004-x64
7$0/Archive...64.dll
windows7-x64
1$0/Archive...64.dll
windows10-2004-x64
1$0/Microso...er.dll
windows7-x64
1$0/Microso...er.dll
windows10-2004-x64
1$0/RAVEndP...er.exe
windows7-x64
8$0/RAVEndP...er.exe
windows10-2004-x64
1$0/System....te.dll
windows7-x64
1$0/System....te.dll
windows10-2004-x64
1$0/System....le.dll
windows7-x64
1$0/System....le.dll
windows10-2004-x64
1$0/cs-CZ/R...es.dll
windows7-x64
1$0/cs-CZ/R...es.dll
windows10-2004-x64
1$0/da-DK/R...es.dll
windows7-x64
1$0/da-DK/R...es.dll
windows10-2004-x64
1$0/de-DE/R...es.dll
windows7-x64
1$0/de-DE/R...es.dll
windows10-2004-x64
1$0/de/Micr...es.dll
windows7-x64
1$0/de/Micr...es.dll
windows10-2004-x64
1$0/el-GR/R...es.dll
windows7-x64
1$0/el-GR/R...es.dll
windows10-2004-x64
1$0/es-ES/R...es.dll
windows7-x64
1$0/es-ES/R...es.dll
windows10-2004-x64
1$0/es/Micr...es.dll
windows7-x64
1$0/es/Micr...es.dll
windows10-2004-x64
1$0/fi-FI/R...es.dll
windows7-x64
1$0/fi-FI/R...es.dll
windows10-2004-x64
1$0/fil-PH/...es.dll
windows7-x64
1$0/fil-PH/...es.dll
windows10-2004-x64
1$0/fr-FR/R...es.dll
windows7-x64
1$0/fr-FR/R...es.dll
windows10-2004-x64
1General
-
Target
EPP_update.exe
-
Size
1.9MB
-
Sample
240604-avjz8aff43
-
MD5
cfc1ec9ad30c484e30fe8379978294bd
-
SHA1
5e13a615c294b6c988f0fb0d90bf10d525b33fed
-
SHA256
e4f87265a2313a019b26b50103bc6619df73b3813fd1f43ef40b38899a66211e
-
SHA512
7a70511bc4b38de219edec57f1f1cfa0b780ffe387ea37893d173769e78a8cef166ae96aca2ca673f99f5ce59dcab1988a50cee96e662c32063bcb9cd60cf69d
-
SSDEEP
49152:ndlczrfrH0aJTylWcs5IP63tFOzfitt2Yiu9:ndlcvTWlZ6IP63tifi7Lb
Static task
static1
Behavioral task
behavioral1
Sample
EPP_update.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
EPP_update.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$0/ArchiveUtilityx64.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$0/ArchiveUtilityx64.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
$0/Microsoft.Win32.TaskScheduler.dll
Resource
win7-20240419-en
Behavioral task
behavioral6
Sample
$0/Microsoft.Win32.TaskScheduler.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$0/RAVEndPointProtection-installer.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$0/RAVEndPointProtection-installer.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$0/System.Data.SQLite.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$0/System.Data.SQLite.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$0/System.ValueTuple.dll
Resource
win7-20240215-en
Behavioral task
behavioral12
Sample
$0/System.ValueTuple.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$0/cs-CZ/RavStub.resources.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$0/cs-CZ/RavStub.resources.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
$0/da-DK/RavStub.resources.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
$0/da-DK/RavStub.resources.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
$0/de-DE/RavStub.resources.dll
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
$0/de-DE/RavStub.resources.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
$0/de/Microsoft.Win32.TaskScheduler.resources.dll
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
$0/de/Microsoft.Win32.TaskScheduler.resources.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
$0/el-GR/RavStub.resources.dll
Resource
win7-20240215-en
Behavioral task
behavioral22
Sample
$0/el-GR/RavStub.resources.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral23
Sample
$0/es-ES/RavStub.resources.dll
Resource
win7-20240220-en
Behavioral task
behavioral24
Sample
$0/es-ES/RavStub.resources.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
$0/es/Microsoft.Win32.TaskScheduler.resources.dll
Resource
win7-20240508-en
Behavioral task
behavioral26
Sample
$0/es/Microsoft.Win32.TaskScheduler.resources.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
$0/fi-FI/RavStub.resources.dll
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
$0/fi-FI/RavStub.resources.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
$0/fil-PH/RavStub.resources.dll
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
$0/fil-PH/RavStub.resources.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral31
Sample
$0/fr-FR/RavStub.resources.dll
Resource
win7-20231129-en
Behavioral task
behavioral32
Sample
$0/fr-FR/RavStub.resources.dll
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
EPP_update.exe
-
Size
1.9MB
-
MD5
cfc1ec9ad30c484e30fe8379978294bd
-
SHA1
5e13a615c294b6c988f0fb0d90bf10d525b33fed
-
SHA256
e4f87265a2313a019b26b50103bc6619df73b3813fd1f43ef40b38899a66211e
-
SHA512
7a70511bc4b38de219edec57f1f1cfa0b780ffe387ea37893d173769e78a8cef166ae96aca2ca673f99f5ce59dcab1988a50cee96e662c32063bcb9cd60cf69d
-
SSDEEP
49152:ndlczrfrH0aJTylWcs5IP63tFOzfitt2Yiu9:ndlcvTWlZ6IP63tifi7Lb
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$0/ArchiveUtilityx64.dll
-
Size
150KB
-
MD5
3351152f6ee87e97682a0a7c459ef614
-
SHA1
5312f9da67fcfd573dc5e45f6a7cc35fa463af89
-
SHA256
6e2673687ba029074657f0d1c4410691ee013eff2223d0c7695dfe4f70c62f1c
-
SHA512
2b7ecb22746bf907ae4da891e170226da4f180ade27e41a16e1ef9e11f39e5e35b9eac3fcfff520dbb8a8888a1dbd1ca2459ab58ce8dc44a424c5de7b8132de6
-
SSDEEP
3072:DAZpz3eQkXBlJ6pM91zgrn4oul5ntwcfsOct7BjWSP8B:DAvzD6l0+1grn4otBWSUB
Score1/10 -
-
-
Target
$0/Microsoft.Win32.TaskScheduler.dll
-
Size
341KB
-
MD5
a09decc59b2c2f715563bb035ee4241e
-
SHA1
c84f5e2e0f71feef437cf173afeb13fe525a0fea
-
SHA256
6b8f51508240af3b07a8d0b2dc873cedc3d5d9cb25e57ea1d55626742d1f9149
-
SHA512
1992c8e1f7e37a58bbf486f76d1320da8e1757d6296c8a7631f35ba2e376de215c65000612364c91508aa3ddf72841f6b823fa60a2b29415a07c74c2e830212b
-
SSDEEP
3072:81sSJApTSnQU/x0ImhuDzHfs4zbYOjujDRfygDgKQINXLLHIaKlay8weCycJ5Dfk:81sSmRIt/xhtsOju1DH5NXnIKAc4NU
Score1/10 -
-
-
Target
$0/RAVEndPointProtection-installer.exe
-
Size
539KB
-
MD5
41a3c2a1777527a41ddd747072ee3efd
-
SHA1
44b70207d0883ec1848c3c65c57d8c14fd70e2c3
-
SHA256
8592bae7b6806e5b30a80892004a7b79f645a16c0f1b85b4b8df809bdb6cf365
-
SHA512
14df28cc7769cf78b24ab331bd63da896131a2f0fbb29b10199016aef935d376493e937874eb94faf52b06a98e1678a5cf2c2d0d442c31297a9c0996205ed869
-
SSDEEP
12288:vZtZVgIQtZM1A0+Nwhq3drt0ZAPKYZzrOZW4mlKhl:vZf661A0ue8lCZAPHZzrOZW4mlol
Score8/10-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$0/System.Data.SQLite.dll
-
Size
362KB
-
MD5
42e6e9081edd7a49c4103292725b68e2
-
SHA1
62f73c44ee1aba1f7684b684108fe3b0332e6e66
-
SHA256
788450452b0459c83e13da4dd32f6217bfb53a83bd5f04b539000b61d24fd049
-
SHA512
99eab89bf6297fda549c0b882c097cd4b59fd0595ff2d0c40d1767f66fa45172ca5b9693dbf650d7103353f1e1fb8e5259bbcde3dfa286dee098533a4a776e8b
-
SSDEEP
6144:7ruNWxFaLx73+nRo2GGmZ2CRGpAM3JUGuT5up6zOPLyU0SJFNFaFeFOFwcGF6cmb:GNWx6xz+nRo2GGWHQZMaLyJSJFNFaFeQ
Score1/10 -
-
-
Target
$0/System.ValueTuple.dll
-
Size
73KB
-
MD5
29e6ae1a1af7fc943752a097ec59c59c
-
SHA1
6d5c910c0b9a3e0876e2e2bbbce9b663f9edc436
-
SHA256
cc9bf1feeab1d76221508d6cc98e8bdc1603d5c600c5ed09c108e31b8bd3a6a2
-
SHA512
cc6d55e5fd23c89d73ecbddfa92c102f47f8fb93f2f6a41d2e79708e6a8d7c13c1961dcd07810db3135d2f8ddcbf3535fb3ea3d1fc31c617ca9b10f6b867f9a5
-
SSDEEP
1536:f784YWau8lqubx6WxXLA+o2SLFyEdux136ytgHo0AuresehSAU9bP8F9x/:f7NV8v36tI0XCKAmbP8x
Score1/10 -
-
-
Target
$0/cs-CZ/RavStub.resources.dll
-
Size
12KB
-
MD5
ee2e523bbfb65e138b64eafd223de12e
-
SHA1
7f3fb82a3f6643963c0f4f2903f35389ee3ab775
-
SHA256
2b2be36b51272b6f0117a40320ac48cd0e415afe2ef4fba3af06a7ec166a949d
-
SHA512
2daaa1bb06ddfaac09328d06e239a9c518b7d3f462ba4c075d7df71a23bbd7255c75c2a5b28b8238919fbf587c704e35580bb3533ce5730bc21a561ac8441490
-
SSDEEP
192:lIY1pQ8vGO4xToxMi5eX2zUA8rYgLIgPrEyz23tMuuVWJkYUECd1Vl7Iru+M3YVO:l3pQ8vQToxMi5emzUA8rYgLIOrnz8uuI
Score1/10 -
-
-
Target
$0/da-DK/RavStub.resources.dll
-
Size
12KB
-
MD5
f2317fef5cdce4a19e6e7216daa0624c
-
SHA1
bdb39ea1300b158fcd76204add8f9f1f7ea0f2e9
-
SHA256
da0e42edf577c58cb729c8925860afec61e95cc355b40efd8fa61993766733af
-
SHA512
b7a16f4bb5e20d2fb1ff76991bc3c917e65baa60507676845e1bbfc68d800cc061af97d325b67dc1a2aeec02fdb289bb8bb716270a7c2044b3993b326556985d
-
SSDEEP
192:hIYRN3EsGGj3fvKEx8rUrb+M0lIVixNPqDGomU3WUeQoXjAUwMXrAfeMA7AWmBHl:hXN3EsVfvVx8rUrb+M0lIVixNqiomyJx
Score1/10 -
-
-
Target
$0/de-DE/RavStub.resources.dll
-
Size
12KB
-
MD5
9804dd2dccdec91872fbad3eda445c64
-
SHA1
5689b6214c5bf0205ab7cbf437e4e2abebdeeeef
-
SHA256
4f45ef000dbec7c4e8fc8ad12f32538515711b78f593f5bc650026c43b6f9a66
-
SHA512
74c30df986733898481a1abe11c492476a524ecd06ba3b6020333f2c7d1b9961563abe92e2b1413af9dbf5c05fdb17b1b16763fc0419d2f95c8717d1f3eac6e1
-
SSDEEP
384:s5rayxOPAxMtzTxCmf6hC/s2TvOFk6AOPh3+yFdmyndZ3s8i:hPAKtnHOdvPhO2dmyndZ3s8i
Score1/10 -
-
-
Target
$0/de/Microsoft.Win32.TaskScheduler.resources.dll
-
Size
9KB
-
MD5
f83d720b236576c7d1f9f55d3bb988f9
-
SHA1
105a4993e92646b5dbb50518187abe07ca473276
-
SHA256
6909a1c134d0285fba2422a40ea0e65c1f0ca3c3ef2b94a1166015af2a87780f
-
SHA512
fd8a464f2bc9d5b6c2efa80348c3a9362f7473d4d632b2addad8c272e8874e7e67c15b99b67e6515906b86d01d57cd42f9f0f1e9251c0af93a9391ccc30e3202
-
SSDEEP
192:0MiWWNv/jzSENtqcadVl8PandjJUf7ZJSqSi/ufP/1S5rxg0XWr:0D1Nvb5adVl8P2djJMZJSGu3A5rxg0Xq
Score1/10 -
-
-
Target
$0/el-GR/RavStub.resources.dll
-
Size
15KB
-
MD5
85b95be9a2fbae4a187277a3fbb337ad
-
SHA1
9508c5fb5554e3792813d1710d9d244072a87a7d
-
SHA256
da24d2e2396eef6fbb6e775a16ee87f1e4ca4afec25563ad43d4026f5a091e25
-
SHA512
a9380494fa34ec315cc46d7eb5d5edb7a9f6f483bfd8d8935e915dda98215236147e81ffd36464625b2ea4513a094dd51c512b5487fd8790e148f0d455c1348b
-
SSDEEP
384:+npUcW/WJsxvxwKW9iu6Wxtp701zA27r+PMvozTX3s8o:8Js5xEGzfOPMvMb3s8o
Score1/10 -
-
-
Target
$0/es-ES/RavStub.resources.dll
-
Size
12KB
-
MD5
8e236ad6a968f834ec829b984b362304
-
SHA1
719425a2cd4d6ae97a42034a095d1eba25e6c2f2
-
SHA256
27ef93d50bfa2053af7c6a765204ee3e22c2d18123fa07ed453f3c8a45949c5e
-
SHA512
fb54ef07d6c0c565685ee8c628219d6e7f0a4ab0bbd4ae1738addd1fd459f90be1a015c9beed5937266dec6e0ffeb3e6a728bfb38030d3e96a84863f0ea1b0cb
-
SSDEEP
192:KIYVmGe/VGuDqni6wxCjfp3DocEs5dMvGPcDonP33TewxlhiYwEHU4dIyrokBD7l:KuGe/V0ni6wxCjfpzocEs5dMvkcDqPDz
Score1/10 -
-
-
Target
$0/es/Microsoft.Win32.TaskScheduler.resources.dll
-
Size
10KB
-
MD5
15db634b70d6d9d6cd41baae3f02eb14
-
SHA1
1456ffe09df896271a746f9cb40a230f188ad397
-
SHA256
e893c6907da8d68c03b1a10e68b554ad5a8c0533f15912106f32e925f2beabf0
-
SHA512
1230e5368d4dab9776d57056993669327e95fe72e262efa541ed5d43abc1bcd3618db13b6bd6b3a27da053c103e3fb647eae759ccaeb443f7d9ffd1ecaa1122b
-
SSDEEP
192:r0WWNv/jzSEStoC1vxx6hUltfxx+BE00cUnAP9115rxg0XWr:r01NvbGVxx6hUltfxgE00cLF5rxg0XWr
Score1/10 -
-
-
Target
$0/fi-FI/RavStub.resources.dll
-
Size
12KB
-
MD5
314ff54c08f9c461d7d5f01849e98a26
-
SHA1
2344d2e9596a2a49f2950ed71e58c4413ccdf3cb
-
SHA256
1f0c64e62d5583ab132eeef816cbb119c5ea436656cec96ccdc2bef4dccc46ac
-
SHA512
433ef0d73a7cfd70244afdab2ae401c36a1dd247472bd51280a03e428702a1af37cbfdf54af554d12eab068f88f568067bcada5c6dcf20a9afec6852f75a3ad3
-
SSDEEP
192:IxIYXkNcDGwgTsxJoRxAM2+9Ul/laxRe+PE8v+GA3kr29zrJzfPWCiqxskBbHUiH:IxRkNcDtxJMxAM2+9Ul/laxRe8ZGGWgC
Score1/10 -
-
-
Target
$0/fil-PH/RavStub.resources.dll
-
Size
10KB
-
MD5
4f631aaeb5ae030730dea6914e2d1f7d
-
SHA1
b7067aaadf75f56ee975e7aca675d1b8c08dc8d8
-
SHA256
a924b53a87704120ce886f05cd94569def1b6aabf201ec22c8d4cda547988619
-
SHA512
4ca227913b238db98cb866a4738f38195dc06adbe7452d79aa077a817479e657dbf1d10e9a300bdd35d0dc6dcf72c013df5a3d8e5c1118c09f586260c35f1003
-
SSDEEP
192:O0Zne9hwoGBjeCipxwU6LOl+DDUbqN4PPjjDr8d30LfmJyXOhZCa2m5sml+T9lmH:O0Y9hwoEipxwU6LOl+DDUbqN4Xjz8V4q
Score1/10 -
-
-
Target
$0/fr-FR/RavStub.resources.dll
-
Size
12KB
-
MD5
3b5352ca4cb06dad6c6ce7f15b757810
-
SHA1
7ecb52ec5909fc6e9df2bf591d1a12cc33f8e842
-
SHA256
e59969a07f3aecc9303a8add6d1f36c058472342a98b1db274a1fd8e0ef6ca74
-
SHA512
d808f61552f1f59080e4a027075f4bc66afecdd78dd970fbf8dd25cfac65bc5c619d964dd14e41a5f6209154d1ea7a5d4943fe35c12f4e0892fe1267e47dcf12
-
SSDEEP
384:cY0al1sBIxgyFzjXZfu14MpXrOUDlK8yXahGY7uXJ3s8D:CBImyDM5DtyXwGY7uXJ3s8D
Score1/10 -