ca9fa20f5cecf6a9988527835dc9cae2f03efa22b0e3a19f844161d709acfc63

Sharing

Copy URL

Twitter E-mail

General

Target

Install_Xfer_Serum_130b9.exe
Size

163.1MB
Sample

240605-qgz3aahb77
MD5

0439beec0cc7c002c40deb110d68ac86
SHA1

6841ab3237cd06e2e5ce8e561cede8c3bb197888
SHA256

ca9fa20f5cecf6a9988527835dc9cae2f03efa22b0e3a19f844161d709acfc63
SHA512

7ed3f500c401db788cef8a3912b29f774342fb0469bf46f859167f7803a6e0a2afe8d3f99663ff967d2026594bdcd498dff93be6fadc96f6132292b5d5db54d6
SSDEEP

3145728:jgAjN8KwGOZeuA2jvP2E2pJTCT+qBWAYO+WbaI4T3UEcbWFS:jN8+VuACPh2pJTwfc3U1yS

Score

7^/10

Malware Config

Targets

- Target
  
  Install_Xfer_Serum_130b9.exe
- Size
  
  163.1MB
- MD5
  
  0439beec0cc7c002c40deb110d68ac86
- SHA1
  
  6841ab3237cd06e2e5ce8e561cede8c3bb197888
- SHA256
  
  ca9fa20f5cecf6a9988527835dc9cae2f03efa22b0e3a19f844161d709acfc63
- SHA512
  
  7ed3f500c401db788cef8a3912b29f774342fb0469bf46f859167f7803a6e0a2afe8d3f99663ff967d2026594bdcd498dff93be6fadc96f6132292b5d5db54d6
- SSDEEP
  
  3145728:jgAjN8KwGOZeuA2jvP2E2pJTCT+qBWAYO+WbaI4T3UEcbWFS:jN8+VuACPh2pJTwfc3U1yS
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $DOCUMENTS/Xfer/Serum Presets/Noises/Analog/SH1 Noise.wav
- Size
  
  172KB
- MD5
  
  b7a5497d00ac747d0a77ef2ce5d6b7cd
- SHA1
  
  c3981be1a791d3f8925c1b6cb6468211534bdaeb
- SHA256
  
  c5e14f2f716769bba3efa8a8956b43cf7d436876afb3f0a238813b3a4b6e8f55
- SHA512
  
  519962341caf3f7c203c294b0fb678fa7d432999d70ea6b48af09a256d4d038f656b5e2b7acb8038496a0b560fa36d704e54de10590d4fdd3379d58773fd0be9
- SSDEEP
  
  3072:w/mWOgcQBhHM5RBpCOzUl9ynZWu/Nj4HqMXB74076UCXicsGKHcEhr:w/mHgThHMbCOwfYZWENEKMXB007+ts5V
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  $DOCUMENTS/Xfer/Serum Presets/Serum_Manual.pdf
- Size
  
  806KB
- MD5
  
  e3dc4c84a7d3643721e1479a83b0a630
- SHA1
  
  30bf1a2bcf05ecde3adf7cc590252569351efc09
- SHA256
  
  1c31cc753606a1e16c11089831b21a01acb804eac008be6b8c6cffe64a3a0ccc
- SHA512
  
  a431839d10f92ea8cd5fba8502426aab71176c2b131a8d1a8403710fc297ab1d37cc78e95156bf02e6cfe17981ff65c94537e76fdfeeae4564396160844ebb9b
- SSDEEP
  
  24576:Sy8ZS/86opK8x9fEhk10ZJb6xmVeQLh4zEwm11eU43OSl/6eQYHbs5cx:Sy8ZS0DLx9shPXexmVeuh4zEwm11eU4H
Score

1^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  b0c77267f13b2f87c084fd86ef51ccfc
- SHA1
  
  f7543f9e9b4f04386dfbf33c38cbed1bf205afb3
- SHA256
  
  a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77
- SHA512
  
  f2b57a2eea00f52a3c7080f4b5f2bb85a7a9b9f16d12da8f8ff673824556c62a0f742b72be0fd82a2612a4b6dbd7e0fdc27065212da703c2f7e28d199696f66e
- SSDEEP
  
  192:4PtkiQJr7jHYT87RfwXQ6YSYtOuVDi7IsFW14Ll8CO:H78TQIgGCDp14LGC
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/advsplash.dll
- Size
  
  5KB
- MD5
  
  74fcb6435b746349a712dd9213975ffd
- SHA1
  
  0cd54fcd81488ba6d39ee0d832117c4f3dfa80dc
- SHA256
  
  12a4ea944895e42a8119e7fca3b9e73e881faf774e39b9c9d4d9efb4a19ffb00
- SHA512
  
  2ab77aef5e758a7b3018d5c45e60b6154faca92384609902bb2445234a9e8bc526f8a70961a1d8c2acebd68a9bf8b8b6fe7d4a4542a9cf0e53930aa9b30ade80
- SSDEEP
  
  96:mqNXqwK188CgAtXvZBkjDf0yf9ysrtWpwwol:mAqrg1XvZB6kYtWpw
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  eac1c3707970fe7c71b2d760c34763fa
- SHA1
  
  f275e659ad7798994361f6ccb1481050aba30ff8
- SHA256
  
  062c75ad650548750564ffd7aef8cd553773b5c26cae7f25a5749b13165194e3
- SHA512
  
  3415bd555cf47407c0ae62be0dbcba7173d2b33a371bf083ce908fc901811adb888b7787d11eb9d99a1a739cbd9d1c66e565db6cd678bdadaf753fbda14ffd09
- SSDEEP
  
  96:oXHqZ4zC5RH3cXX1LlYlRowycxM2DjDf3GEst+Nt+jvDYx4AqndYHnxss:oXHq+CP3uKrpyREs06YxcdGn
Score

3^/10
behavioral11 behavioral12
- Target
  
  $_12_/Serum_x64.dll
- Size
  
  9.6MB
- MD5
  
  6e9081c86cba766645054f4e7acadf52
- SHA1
  
  b1b1d02d3e78eca8890af03501c9fa3d3b7a2f31
- SHA256
  
  bd5dc7a2e811bc08d5d4e166bd6986fb9a7684bf375032772f030739ade31373
- SHA512
  
  9cc40527da21624a47aa9f2506ac35283c46448b6b846dd3063562f991cee6b4238e15b42b808b29616881344054d55115671622ce3e55007682f2fbdaad17ee
- SSDEEP
  
  196608:jwrPMLiwDRPU7dGcv9n5r6ET10GWK3GG3:jcMLiwDRPU7dGcv9n5r6ET10vk
Score

1^/10
behavioral13 behavioral14
- Target
  
  C:/Program Files (x86)/Common Files/Avid/Audio/Plug-Ins/-Serum.aaxplugin/Contents/Win32/Serum.aaxplugin
- Size
  
  4.2MB
- MD5
  
  f5a14d8cdf2bf4f70c83db87b64e6fdd
- SHA1
  
  8b312fa3d71756c34e270be40c7e8e4ab66f531e
- SHA256
  
  4fb16e8a2d30a89aee1f80c73ae207e9d101986249baddec5b5e81451d3d55bc
- SHA512
  
  4d663dd8f853bd6ab6e5764ee8f65dc33f7d15ed7b99256e49709a5e00517f99c0c85d1b37ffee7ce11005aeb13f9fc7e9a48a0dc8c3aff7ac747af7385ceaf3
- SSDEEP
  
  98304:qD1yzwb/aCtdnld7/RJTqQp7ouEv23khOoStZPDVG:qD13F/HJTqIlEv23khOoStZRG
Score

3^/10
behavioral15 behavioral16
- Target
  
  C:/Program Files (x86)/Common Files/Avid/Audio/Plug-Ins/-Serum.aaxplugin/Contents/x64/Serum.aaxplugin
- Size
  
  4.9MB
- MD5
  
  6083ac86fdb61480af516ce3f7fccabb
- SHA1
  
  9c3a82c51e212a8dcbf8b92e82b0c11d8f2dbb86
- SHA256
  
  bcdcf56426136e55a65cd1dd04d4a9c95fce096f5209d8cb4d80cfa5a6599d4c
- SHA512
  
  441087c4ead5aea35df9e6993b86c1cae8b3855352f22172ad8366cbee7c02a8f659fdf6cc4b43b3853d8f3897fb223e26559ca7a50716bf0e12c3282c5fe846
- SSDEEP
  
  98304:lvbE1jcw9r9g+gGRKDFeUOy4cw8j9Gs8PK9kSn:Bgjcw9r9g+gGRKDFeUOd349GA
Score

3^/10
behavioral17 behavioral18
- Target
  
  C:/Program Files (x86)/Common Files/Avid/Audio/Plug-Ins/Serum.aaxplugin/Contents/Win32/Serum.aaxplugin
- Size
  
  4.2MB
- MD5
  
  94d1f67c5dcbd5d8069934908f410a6b
- SHA1
  
  e1f06989f1635f527b3f4ff1f2ee3b38f237aeee
- SHA256
  
  0ffe6dd9a17dd5c26dace950f809537eb392590491a9782fc9c9f53568616b6f
- SHA512
  
  75dc65ffa211e2cecc02ca90d4f72a217f4ae360ac50b706e0c5558c4d7e9c783401bf72a9523f4edbbfa65fd1839a1afcba76cdd93d61fee40292f8c3c16eaa
- SSDEEP
  
  98304:qOB2NjskrEjIzWRZ9sWALoTE9zsX5IULKbo9JOv:qOZ2EoWRZ9szoE9zsX5IULKVv
Score

3^/10
behavioral19 behavioral20
- Target
  
  C:/Program Files (x86)/Common Files/Avid/Audio/Plug-Ins/Serum.aaxplugin/Contents/x64/Serum.aaxplugin
- Size
  
  4.9MB
- MD5
  
  b643cee3d0e3d65325fe56e1b55c79e5
- SHA1
  
  235d8d359e4cdad24c118f27c9d947b69274c3e7
- SHA256
  
  e529c6fdb80d689f931189855c5cd1a099c5d5cd42473fe2fbfc9fdfa5f077c1
- SHA512
  
  43f9437e654f9805dffb57a277b9f2c6ec93b4d9f03da957adbd2e86103823c39f37dbc1a3d8c55b946530cde47d08b3b78b91b8aeb57d74dafee1640883e5af
- SSDEEP
  
  98304:GklwfWBijJc1IIkeddKJqh3S7ts7ftUmz1EtfJ2:/wfWBijJc1IIkeddKJqhCZIftEc
Score

3^/10
behavioral21 behavioral22
- Target
  
  C:/Program Files/Common Files/Avid/Audio/Plug-Ins/-Serum.aaxplugin/Contents/Win32/Serum.aaxplugin
- Size
  
  4.2MB
- MD5
  
  f5a14d8cdf2bf4f70c83db87b64e6fdd
- SHA1
  
  8b312fa3d71756c34e270be40c7e8e4ab66f531e
- SHA256
  
  4fb16e8a2d30a89aee1f80c73ae207e9d101986249baddec5b5e81451d3d55bc
- SHA512
  
  4d663dd8f853bd6ab6e5764ee8f65dc33f7d15ed7b99256e49709a5e00517f99c0c85d1b37ffee7ce11005aeb13f9fc7e9a48a0dc8c3aff7ac747af7385ceaf3
- SSDEEP
  
  98304:qD1yzwb/aCtdnld7/RJTqQp7ouEv23khOoStZPDVG:qD13F/HJTqIlEv23khOoStZRG
Score

3^/10
behavioral23 behavioral24
- Target
  
  C:/Program Files/Common Files/Avid/Audio/Plug-Ins/-Serum.aaxplugin/Contents/x64/Serum.aaxplugin
- Size
  
  4.9MB
- MD5
  
  6083ac86fdb61480af516ce3f7fccabb
- SHA1
  
  9c3a82c51e212a8dcbf8b92e82b0c11d8f2dbb86
- SHA256
  
  bcdcf56426136e55a65cd1dd04d4a9c95fce096f5209d8cb4d80cfa5a6599d4c
- SHA512
  
  441087c4ead5aea35df9e6993b86c1cae8b3855352f22172ad8366cbee7c02a8f659fdf6cc4b43b3853d8f3897fb223e26559ca7a50716bf0e12c3282c5fe846
- SSDEEP
  
  98304:lvbE1jcw9r9g+gGRKDFeUOy4cw8j9Gs8PK9kSn:Bgjcw9r9g+gGRKDFeUOd349GA
Score

3^/10
behavioral25 behavioral26
- Target
  
  C:/Program Files/Common Files/Avid/Audio/Plug-Ins/Serum.aaxplugin/Contents/Win32/Serum.aaxplugin
- Size
  
  4.2MB
- MD5
  
  94d1f67c5dcbd5d8069934908f410a6b
- SHA1
  
  e1f06989f1635f527b3f4ff1f2ee3b38f237aeee
- SHA256
  
  0ffe6dd9a17dd5c26dace950f809537eb392590491a9782fc9c9f53568616b6f
- SHA512
  
  75dc65ffa211e2cecc02ca90d4f72a217f4ae360ac50b706e0c5558c4d7e9c783401bf72a9523f4edbbfa65fd1839a1afcba76cdd93d61fee40292f8c3c16eaa
- SSDEEP
  
  98304:qOB2NjskrEjIzWRZ9sWALoTE9zsX5IULKbo9JOv:qOZ2EoWRZ9szoE9zsX5IULKVv
Score

3^/10
behavioral27 behavioral28
- Target
  
  C:/Program Files/Common Files/Avid/Audio/Plug-Ins/Serum.aaxplugin/Contents/x64/Serum.aaxplugin
- Size
  
  4.9MB
- MD5
  
  b643cee3d0e3d65325fe56e1b55c79e5
- SHA1
  
  235d8d359e4cdad24c118f27c9d947b69274c3e7
- SHA256
  
  e529c6fdb80d689f931189855c5cd1a099c5d5cd42473fe2fbfc9fdfa5f077c1
- SHA512
  
  43f9437e654f9805dffb57a277b9f2c6ec93b4d9f03da957adbd2e86103823c39f37dbc1a3d8c55b946530cde47d08b3b78b91b8aeb57d74dafee1640883e5af
- SSDEEP
  
  98304:GklwfWBijJc1IIkeddKJqh3S7ts7ftUmz1EtfJ2:/wfWBijJc1IIkeddKJqhCZIftEc
Score

3^/10
behavioral29 behavioral30
- Target
  
  Serum.dll
- Size
  
  8.0MB
- MD5
  
  9dfe5678103ab4ce53a00c1ca941478e
- SHA1
  
  7aa2067d04798fa5397c9e317198656c1cb59867
- SHA256
  
  38d3bfb09ae8b088d7938a6e535ce6d41d4f4bcb7db7c1c4ca56c4aa311dc3ee
- SHA512
  
  1262f03f73940c83ca9495fd0cf7a3aaba7ceaab01478deaa40bb4126d44cb0c84f8a8cee693291a4c83ea3da30a2f73e50ec32bf28d58ec14c5de2528db3136
- SSDEEP
  
  98304:regGcryh/f+Ejjc2W+YD+d2tH/GHlYbKbB3tODDc4iK897A:K/f9jDW+YD+dWaY+bB3tODDvCU
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32