General

  • Target

    EPP_update.exe

  • Size

    1.9MB

  • Sample

    240604-avjz8aff43

  • MD5

    cfc1ec9ad30c484e30fe8379978294bd

  • SHA1

    5e13a615c294b6c988f0fb0d90bf10d525b33fed

  • SHA256

    e4f87265a2313a019b26b50103bc6619df73b3813fd1f43ef40b38899a66211e

  • SHA512

    7a70511bc4b38de219edec57f1f1cfa0b780ffe387ea37893d173769e78a8cef166ae96aca2ca673f99f5ce59dcab1988a50cee96e662c32063bcb9cd60cf69d

  • SSDEEP

    49152:ndlczrfrH0aJTylWcs5IP63tFOzfitt2Yiu9:ndlcvTWlZ6IP63tifi7Lb

Malware Config

Targets

    • Target

      EPP_update.exe

    • Size

      1.9MB

    • MD5

      cfc1ec9ad30c484e30fe8379978294bd

    • SHA1

      5e13a615c294b6c988f0fb0d90bf10d525b33fed

    • SHA256

      e4f87265a2313a019b26b50103bc6619df73b3813fd1f43ef40b38899a66211e

    • SHA512

      7a70511bc4b38de219edec57f1f1cfa0b780ffe387ea37893d173769e78a8cef166ae96aca2ca673f99f5ce59dcab1988a50cee96e662c32063bcb9cd60cf69d

    • SSDEEP

      49152:ndlczrfrH0aJTylWcs5IP63tFOzfitt2Yiu9:ndlcvTWlZ6IP63tifi7Lb

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $0/ArchiveUtilityx64.dll

    • Size

      150KB

    • MD5

      3351152f6ee87e97682a0a7c459ef614

    • SHA1

      5312f9da67fcfd573dc5e45f6a7cc35fa463af89

    • SHA256

      6e2673687ba029074657f0d1c4410691ee013eff2223d0c7695dfe4f70c62f1c

    • SHA512

      2b7ecb22746bf907ae4da891e170226da4f180ade27e41a16e1ef9e11f39e5e35b9eac3fcfff520dbb8a8888a1dbd1ca2459ab58ce8dc44a424c5de7b8132de6

    • SSDEEP

      3072:DAZpz3eQkXBlJ6pM91zgrn4oul5ntwcfsOct7BjWSP8B:DAvzD6l0+1grn4otBWSUB

    Score
    1/10
    • Target

      $0/Microsoft.Win32.TaskScheduler.dll

    • Size

      341KB

    • MD5

      a09decc59b2c2f715563bb035ee4241e

    • SHA1

      c84f5e2e0f71feef437cf173afeb13fe525a0fea

    • SHA256

      6b8f51508240af3b07a8d0b2dc873cedc3d5d9cb25e57ea1d55626742d1f9149

    • SHA512

      1992c8e1f7e37a58bbf486f76d1320da8e1757d6296c8a7631f35ba2e376de215c65000612364c91508aa3ddf72841f6b823fa60a2b29415a07c74c2e830212b

    • SSDEEP

      3072:81sSJApTSnQU/x0ImhuDzHfs4zbYOjujDRfygDgKQINXLLHIaKlay8weCycJ5Dfk:81sSmRIt/xhtsOju1DH5NXnIKAc4NU

    Score
    1/10
    • Target

      $0/RAVEndPointProtection-installer.exe

    • Size

      539KB

    • MD5

      41a3c2a1777527a41ddd747072ee3efd

    • SHA1

      44b70207d0883ec1848c3c65c57d8c14fd70e2c3

    • SHA256

      8592bae7b6806e5b30a80892004a7b79f645a16c0f1b85b4b8df809bdb6cf365

    • SHA512

      14df28cc7769cf78b24ab331bd63da896131a2f0fbb29b10199016aef935d376493e937874eb94faf52b06a98e1678a5cf2c2d0d442c31297a9c0996205ed869

    • SSDEEP

      12288:vZtZVgIQtZM1A0+Nwhq3drt0ZAPKYZzrOZW4mlKhl:vZf661A0ue8lCZAPHZzrOZW4mlol

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      $0/System.Data.SQLite.dll

    • Size

      362KB

    • MD5

      42e6e9081edd7a49c4103292725b68e2

    • SHA1

      62f73c44ee1aba1f7684b684108fe3b0332e6e66

    • SHA256

      788450452b0459c83e13da4dd32f6217bfb53a83bd5f04b539000b61d24fd049

    • SHA512

      99eab89bf6297fda549c0b882c097cd4b59fd0595ff2d0c40d1767f66fa45172ca5b9693dbf650d7103353f1e1fb8e5259bbcde3dfa286dee098533a4a776e8b

    • SSDEEP

      6144:7ruNWxFaLx73+nRo2GGmZ2CRGpAM3JUGuT5up6zOPLyU0SJFNFaFeFOFwcGF6cmb:GNWx6xz+nRo2GGWHQZMaLyJSJFNFaFeQ

    Score
    1/10
    • Target

      $0/System.ValueTuple.dll

    • Size

      73KB

    • MD5

      29e6ae1a1af7fc943752a097ec59c59c

    • SHA1

      6d5c910c0b9a3e0876e2e2bbbce9b663f9edc436

    • SHA256

      cc9bf1feeab1d76221508d6cc98e8bdc1603d5c600c5ed09c108e31b8bd3a6a2

    • SHA512

      cc6d55e5fd23c89d73ecbddfa92c102f47f8fb93f2f6a41d2e79708e6a8d7c13c1961dcd07810db3135d2f8ddcbf3535fb3ea3d1fc31c617ca9b10f6b867f9a5

    • SSDEEP

      1536:f784YWau8lqubx6WxXLA+o2SLFyEdux136ytgHo0AuresehSAU9bP8F9x/:f7NV8v36tI0XCKAmbP8x

    Score
    1/10
    • Target

      $0/cs-CZ/RavStub.resources.dll

    • Size

      12KB

    • MD5

      ee2e523bbfb65e138b64eafd223de12e

    • SHA1

      7f3fb82a3f6643963c0f4f2903f35389ee3ab775

    • SHA256

      2b2be36b51272b6f0117a40320ac48cd0e415afe2ef4fba3af06a7ec166a949d

    • SHA512

      2daaa1bb06ddfaac09328d06e239a9c518b7d3f462ba4c075d7df71a23bbd7255c75c2a5b28b8238919fbf587c704e35580bb3533ce5730bc21a561ac8441490

    • SSDEEP

      192:lIY1pQ8vGO4xToxMi5eX2zUA8rYgLIgPrEyz23tMuuVWJkYUECd1Vl7Iru+M3YVO:l3pQ8vQToxMi5emzUA8rYgLIOrnz8uuI

    Score
    1/10
    • Target

      $0/da-DK/RavStub.resources.dll

    • Size

      12KB

    • MD5

      f2317fef5cdce4a19e6e7216daa0624c

    • SHA1

      bdb39ea1300b158fcd76204add8f9f1f7ea0f2e9

    • SHA256

      da0e42edf577c58cb729c8925860afec61e95cc355b40efd8fa61993766733af

    • SHA512

      b7a16f4bb5e20d2fb1ff76991bc3c917e65baa60507676845e1bbfc68d800cc061af97d325b67dc1a2aeec02fdb289bb8bb716270a7c2044b3993b326556985d

    • SSDEEP

      192:hIYRN3EsGGj3fvKEx8rUrb+M0lIVixNPqDGomU3WUeQoXjAUwMXrAfeMA7AWmBHl:hXN3EsVfvVx8rUrb+M0lIVixNqiomyJx

    Score
    1/10
    • Target

      $0/de-DE/RavStub.resources.dll

    • Size

      12KB

    • MD5

      9804dd2dccdec91872fbad3eda445c64

    • SHA1

      5689b6214c5bf0205ab7cbf437e4e2abebdeeeef

    • SHA256

      4f45ef000dbec7c4e8fc8ad12f32538515711b78f593f5bc650026c43b6f9a66

    • SHA512

      74c30df986733898481a1abe11c492476a524ecd06ba3b6020333f2c7d1b9961563abe92e2b1413af9dbf5c05fdb17b1b16763fc0419d2f95c8717d1f3eac6e1

    • SSDEEP

      384:s5rayxOPAxMtzTxCmf6hC/s2TvOFk6AOPh3+yFdmyndZ3s8i:hPAKtnHOdvPhO2dmyndZ3s8i

    Score
    1/10
    • Target

      $0/de/Microsoft.Win32.TaskScheduler.resources.dll

    • Size

      9KB

    • MD5

      f83d720b236576c7d1f9f55d3bb988f9

    • SHA1

      105a4993e92646b5dbb50518187abe07ca473276

    • SHA256

      6909a1c134d0285fba2422a40ea0e65c1f0ca3c3ef2b94a1166015af2a87780f

    • SHA512

      fd8a464f2bc9d5b6c2efa80348c3a9362f7473d4d632b2addad8c272e8874e7e67c15b99b67e6515906b86d01d57cd42f9f0f1e9251c0af93a9391ccc30e3202

    • SSDEEP

      192:0MiWWNv/jzSENtqcadVl8PandjJUf7ZJSqSi/ufP/1S5rxg0XWr:0D1Nvb5adVl8P2djJMZJSGu3A5rxg0Xq

    Score
    1/10
    • Target

      $0/el-GR/RavStub.resources.dll

    • Size

      15KB

    • MD5

      85b95be9a2fbae4a187277a3fbb337ad

    • SHA1

      9508c5fb5554e3792813d1710d9d244072a87a7d

    • SHA256

      da24d2e2396eef6fbb6e775a16ee87f1e4ca4afec25563ad43d4026f5a091e25

    • SHA512

      a9380494fa34ec315cc46d7eb5d5edb7a9f6f483bfd8d8935e915dda98215236147e81ffd36464625b2ea4513a094dd51c512b5487fd8790e148f0d455c1348b

    • SSDEEP

      384:+npUcW/WJsxvxwKW9iu6Wxtp701zA27r+PMvozTX3s8o:8Js5xEGzfOPMvMb3s8o

    Score
    1/10
    • Target

      $0/es-ES/RavStub.resources.dll

    • Size

      12KB

    • MD5

      8e236ad6a968f834ec829b984b362304

    • SHA1

      719425a2cd4d6ae97a42034a095d1eba25e6c2f2

    • SHA256

      27ef93d50bfa2053af7c6a765204ee3e22c2d18123fa07ed453f3c8a45949c5e

    • SHA512

      fb54ef07d6c0c565685ee8c628219d6e7f0a4ab0bbd4ae1738addd1fd459f90be1a015c9beed5937266dec6e0ffeb3e6a728bfb38030d3e96a84863f0ea1b0cb

    • SSDEEP

      192:KIYVmGe/VGuDqni6wxCjfp3DocEs5dMvGPcDonP33TewxlhiYwEHU4dIyrokBD7l:KuGe/V0ni6wxCjfpzocEs5dMvkcDqPDz

    Score
    1/10
    • Target

      $0/es/Microsoft.Win32.TaskScheduler.resources.dll

    • Size

      10KB

    • MD5

      15db634b70d6d9d6cd41baae3f02eb14

    • SHA1

      1456ffe09df896271a746f9cb40a230f188ad397

    • SHA256

      e893c6907da8d68c03b1a10e68b554ad5a8c0533f15912106f32e925f2beabf0

    • SHA512

      1230e5368d4dab9776d57056993669327e95fe72e262efa541ed5d43abc1bcd3618db13b6bd6b3a27da053c103e3fb647eae759ccaeb443f7d9ffd1ecaa1122b

    • SSDEEP

      192:r0WWNv/jzSEStoC1vxx6hUltfxx+BE00cUnAP9115rxg0XWr:r01NvbGVxx6hUltfxgE00cLF5rxg0XWr

    Score
    1/10
    • Target

      $0/fi-FI/RavStub.resources.dll

    • Size

      12KB

    • MD5

      314ff54c08f9c461d7d5f01849e98a26

    • SHA1

      2344d2e9596a2a49f2950ed71e58c4413ccdf3cb

    • SHA256

      1f0c64e62d5583ab132eeef816cbb119c5ea436656cec96ccdc2bef4dccc46ac

    • SHA512

      433ef0d73a7cfd70244afdab2ae401c36a1dd247472bd51280a03e428702a1af37cbfdf54af554d12eab068f88f568067bcada5c6dcf20a9afec6852f75a3ad3

    • SSDEEP

      192:IxIYXkNcDGwgTsxJoRxAM2+9Ul/laxRe+PE8v+GA3kr29zrJzfPWCiqxskBbHUiH:IxRkNcDtxJMxAM2+9Ul/laxRe8ZGGWgC

    Score
    1/10
    • Target

      $0/fil-PH/RavStub.resources.dll

    • Size

      10KB

    • MD5

      4f631aaeb5ae030730dea6914e2d1f7d

    • SHA1

      b7067aaadf75f56ee975e7aca675d1b8c08dc8d8

    • SHA256

      a924b53a87704120ce886f05cd94569def1b6aabf201ec22c8d4cda547988619

    • SHA512

      4ca227913b238db98cb866a4738f38195dc06adbe7452d79aa077a817479e657dbf1d10e9a300bdd35d0dc6dcf72c013df5a3d8e5c1118c09f586260c35f1003

    • SSDEEP

      192:O0Zne9hwoGBjeCipxwU6LOl+DDUbqN4PPjjDr8d30LfmJyXOhZCa2m5sml+T9lmH:O0Y9hwoEipxwU6LOl+DDUbqN4Xjz8V4q

    Score
    1/10
    • Target

      $0/fr-FR/RavStub.resources.dll

    • Size

      12KB

    • MD5

      3b5352ca4cb06dad6c6ce7f15b757810

    • SHA1

      7ecb52ec5909fc6e9df2bf591d1a12cc33f8e842

    • SHA256

      e59969a07f3aecc9303a8add6d1f36c058472342a98b1db274a1fd8e0ef6ca74

    • SHA512

      d808f61552f1f59080e4a027075f4bc66afecdd78dd970fbf8dd25cfac65bc5c619d964dd14e41a5f6209154d1ea7a5d4943fe35c12f4e0892fe1267e47dcf12

    • SSDEEP

      384:cY0al1sBIxgyFzjXZfu14MpXrOUDlK8yXahGY7uXJ3s8D:CBImyDM5DtyXwGY7uXJ3s8D

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
3/10

behavioral2

Score
7/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

discoverypersistencespywarestealer
Score
8/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10