b622013c43ce8d926d5adad74ba9364c37d31b8343510e36dc5d43962b6e92dd

Sharing

Copy URL

Twitter E-mail

General

Target

b622013c43ce8d926d5adad74ba9364c37d31b8343510e36dc5d43962b6e92dd
Size

4.8MB
Sample

240609-h8exesfe4z
MD5

a35512a9f32638b946315b98fbb2bae8
SHA1

5e63dcf72a6a6ef62b6cc6a154019b4ce8931724
SHA256

b622013c43ce8d926d5adad74ba9364c37d31b8343510e36dc5d43962b6e92dd
SHA512

a3ebf1626de001c8bedc514ee9278484008ed43329be7087707b8ad525f2019ab4143cc5eaf35ab636cc5a573f26059206a48cd5565220b7a098f803c64b7cd7
SSDEEP

98304:HbGOC/hCLjrg5bDuobo/ozBmz9+77Ez6d/dWH25TR+YEinJ5rJUgZX8Q97:HCO2hCLj4fo/oVk+szaVv+YEqJ5rJD8k

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  b622013c43ce8d926d5adad74ba9364c37d31b8343510e36dc5d43962b6e92dd
- Size
  
  4.8MB
- MD5
  
  a35512a9f32638b946315b98fbb2bae8
- SHA1
  
  5e63dcf72a6a6ef62b6cc6a154019b4ce8931724
- SHA256
  
  b622013c43ce8d926d5adad74ba9364c37d31b8343510e36dc5d43962b6e92dd
- SHA512
  
  a3ebf1626de001c8bedc514ee9278484008ed43329be7087707b8ad525f2019ab4143cc5eaf35ab636cc5a573f26059206a48cd5565220b7a098f803c64b7cd7
- SSDEEP
  
  98304:HbGOC/hCLjrg5bDuobo/ozBmz9+77Ez6d/dWH25TR+YEinJ5rJUgZX8Q97:HCO2hCLj4fo/oVk+szaVv+YEqJ5rJD8k
Score

7^/10

bootkit persistence
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallHelper.dll
- Size
  
  312KB
- MD5
  
  e13a38e0bf5ec7e8a95b3d2debd170d6
- SHA1
  
  6ee4305ccd42970acad7f00bb9aafd0b4be246be
- SHA256
  
  00afe265d9bc6af1eee8853d64234ac8e2aa42ad1169a4e8bd39e9a1b75c1cfa
- SHA512
  
  bf0a638617a5aaf31cc790adf6c0dad37156d450b92c3a3480bcbb7e682633f7e8de30c4ca5732a6fd023112cdfa106ec920127a50e335473ad4d80a2de8947c
- SSDEEP
  
  6144:G7L2Ic0SvVQblZ3KwDK2Zze1paoZKQdtx9tfIpBuFQIn56eae:G7L2Ic0SvVQbjKwD3ze1paoZKQdtx9tk
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  22KB
- MD5
  
  7941f7efe8a32740e1ce93ad0a444418
- SHA1
  
  5c5e03c343cbfd1df2a7dd250c42b3bd39b83c0b
- SHA256
  
  128643d68393e9dd1e5752d55930a9342a432496912206bbc68850f72be9a4da
- SHA512
  
  9db88a0bb6e44ab5605298e9216767918efcf7405f60922d52cd4ccc36f3a0aad3a07d6ef07b9409bcf02a7ef6cc3e117005adda0d404d036ce5daeac00203e2
- SSDEEP
  
  384:/sUHd9GN2d2iwl0impATIPdAj8Ov6HnYPLQjyIANweMvS:fHdw2Z20tNVimd
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/ProcDll.dll
- Size
  
  1.4MB
- MD5
  
  782946212ed94c1e891f31592c65fffc
- SHA1
  
  c05d47da2f576da8c9d4b2d08e6eb7eb59567c02
- SHA256
  
  6320db35a424767ed778e27339d8bbeaea839beeb3612142a281111e431d004f
- SHA512
  
  b7006fbb4de0a98c616db0c999a0dc8bbc2749bc00fa4aa8b4790fa0c7de405c9efae4adfd887c4001bf14673d4b9b8ae04962ec97bc6c0190c48e89a6746553
- SSDEEP
  
  24576:XtRHNjBYOMk19RS1FOfIqrFV+m4jibH0ZpoxRSa0U8yxSg3IJ/rD:fNjrSbOxFEm5zSDySg4J/rD
Score

1^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/Statistics.exe
- Size
  
  308KB
- MD5
  
  6b9d2f2e83954add7ec0afc8cb47e00f
- SHA1
  
  b78ccebb951984ec748ebbf79cba773f7b961e51
- SHA256
  
  bfcadb38828816781102a5b5096c9c3c06449e740af994a8c02da18b0c581eeb
- SHA512
  
  82c95e2e744d6445b060a4be93192bcf42138eae755ee754204300fbbad93632ddc4672ad1fd290eec3a623792280270d07f32704d06040260bc827decab8ea5
- SSDEEP
  
  3072:HnImDls6hJ1QMjTBCT5LiR1oBYsLnEbVu/hqMivTqB2tE:bK6fXGPOihf9L
Score

1^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  18KB
- MD5
  
  92fc9e50e8511609257cb59f633f13d6
- SHA1
  
  f95f0df12deb5dc4b281732d983bb2c103c17b56
- SHA256
  
  953ba87a30cbe067408e75bba9fe750c0e60270607aba1ec953bd730c337fe3b
- SHA512
  
  fe4a4d3e6ba6ae0bb2194f7667443dd5be591ef2e9b1f792d80d7ed3ad1685858dbb856548f01d5a73e80cd9cdb144f24f4d517f8f91b2eb376606c325041093
- SSDEEP
  
  384:hC42HgN4GbeWmbI4Eybogia7yO+nYPLQjyIANweMxK:hC42ACu54HogL+a
Score

3^/10
behavioral11 behavioral12
- Target
  
  ADManage.dll
- Size
  
  56KB
- MD5
  
  79256ce10b38a45391862e99bc0ec484
- SHA1
  
  ca2a44c876a434fbd2fd1cfa7754b8052905cd08
- SHA256
  
  a3a61f0aabdd2412471764607eb01e16969de905299108996bf1b16da4a49230
- SHA512
  
  0a8fb40b76eb55837a4ccc499c0c07bc900d6d2c05eb789badc7c1ef3aac19df9cd4053f8673249160aeda18e4fc1182fb71979528bd77076c22253bfe891165
- SSDEEP
  
  768:DarJ7DkkSUvipOAp+QBH9P/CfMhCRL0ciRuuh+u+CttYNXM+PCFT1rcB5ZiuKdpS:DarJ3xWpB10LCvYNLPGRrcB5ZzKdtDu
Score

8^/10
- Blocklisted process makes network request
behavioral13 behavioral14
- Target
  
  BugReporter.exe
- Size
  
  111KB
- MD5
  
  8c843617921f16ae49c1029d9ee545eb
- SHA1
  
  2bd5bd31c32acf3101ca46a822d6cf2ab754ed90
- SHA256
  
  b792c23b29dfbd71cdd296c50fba63fda8e8f503284c06b7e61b176bfac64af9
- SHA512
  
  94ce7db6a3ad8100b1f308b50589f4bd45d3e8c035c248ad493c3b734408d49b253fa93e09df2527def0794807afd6d5b7b505649a23359be9579c0395f4013e
- SSDEEP
  
  1536:Q05CASfL3cEO3fgP9j8rvL6+Xzmj8/hgj8rvL6+XzmjldxAvxWIq0O8c3q4a:pecEq2oeTA5WIq0O8gq4a
Score

1^/10
behavioral15 behavioral16
- Target
  
  InstAsm.exe
- Size
  
  111KB
- MD5
  
  1e8a8f4b712c412258f156a40e2a8405
- SHA1
  
  5bb14cb58528f51a127c53a24d9556a3ef5fe24f
- SHA256
  
  ca110f902611e676085fc4c82e14b5a12bc10f69da0bdc805d87b6d04cb94fad
- SHA512
  
  8674497678d0cecf76517fb647b2c3d6b112d9ab3e22ad4bfa82aedeeb13cdc9a35ef0b320ff91b6c6d6818da1b8d3bf05005ee5512bab2af039b44d4df6a204
- SSDEEP
  
  1536:aHAyDK02nIJOTSmbT9H6vY+rYLbsxtU7NMFkgk2ga6jVAtjKE:kAMt2utITAobLr2gagVAtjKE
Score

1^/10
behavioral17 behavioral18
- Target
  
  LiveInstHlp.dll
- Size
  
  927KB
- MD5
  
  92488cfd96247a4c25b67bae07c2034a
- SHA1
  
  87f097278f0c49c9f033451a06e86c4356e5e8e4
- SHA256
  
  a9211f2ae6acbe1170a0233d2fd0d2cff09594bff811192ba33aa23839393523
- SHA512
  
  4fe7214d1275de3b96b8a8b8203fec2562e2eb3bd975fd6f2e91a84fa309453ae5a81ff69096007122fadc9bf3a04fadf7bf217cb3e5b40110cc3553f75ef83d
- SSDEEP
  
  24576:1YOcnipQx46vFxc0rKVkzVLQPHkx1CK5x:1aLRrKOzBQPkrx5x
Score

3^/10
behavioral19 behavioral20
- Target
  
  OcxHelper.exe
- Size
  
  103KB
- MD5
  
  afd29de14111d3fcd88295502b8f3159
- SHA1
  
  5f3e42b2374ed6ec3ebe279b3f992f61f0199381
- SHA256
  
  6c33cc79603d4f866473f3f4a872d7675a9a9dc9442701bf917ba02bf54d2ae8
- SHA512
  
  482244a306c7b6c636ad6100ed1392b3e9709cd5d63dc759d52be7b4e1463b9fdd8a3ce85744493bf0cfa5d3975b768a24f2be4ff9adecce0bfcaa032b451381
- SSDEEP
  
  1536:OZf6yl9NB4+0bFiBqiAWRlQY/G239zJS51HpthkgLG:kldcb0RlU239FSjHpthkgLG
Score

1^/10
behavioral21 behavioral22
- Target
  
  PinItem.vbs
- Size
  
  1KB
- MD5
  
  4abe329eb77d2e25da6a74c4a51fd80e
- SHA1
  
  a68393b2ac14ec87f57e34961cf28e7c2f5f1552
- SHA256
  
  7141769c0f277af9a752c8250887265b207967696235c39b90430d4f392d2ca0
- SHA512
  
  7f794b4ee75ec9511d397ba357850cc7022b6112c3c43c34e66b137cc34e436e4746a25ce5c412b4eed78420f26461e5159bdd579887ef5e2466574c7ab40bc8
Score

1^/10
behavioral23 behavioral24
- Target
  
  QQLive.exe
- Size
  
  123KB
- MD5
  
  8a35125a9d1105ba6596cbfdc8bf3b37
- SHA1
  
  5687e368bdb58aa06abe32e568120d8def76ae43
- SHA256
  
  ba5de51d3ecc290918036ce1b94a906a043f8dbfa90fac624071d4abe4f8539d
- SHA512
  
  630039b2247cc61e5e81795df3feb7e6fa366a02b189abb35b4cb6ac20a25800bf49176423215ccfbe7df7009d91a781467b6666d148573538d3cf2ba3fdb661
- SSDEEP
  
  3072:9++/qLRmkOKjWSpU+EXXVTfQcBXtZRXcH0:T/qttOKjWHlXWUdZRMU
Score

1^/10
behavioral25 behavioral26
- Target
  
  QQLiveBrowser.exe
- Size
  
  75KB
- MD5
  
  012b2cf69f39080ae29d2749150edffc
- SHA1
  
  03ac83b1f4131da0bd32bdd824cdda844d7a555c
- SHA256
  
  1028ea40b7f4d8315634f26c9c1e866ef08e32048e1e2d68a72867289f16a48d
- SHA512
  
  0816cdd0c47af8ec6108825ab1829acc75120917a15c94862a89094a51307de6727cbf97ba833c600c296e25fe244cb8a3b04665dccd64c07269005ac01a1047
- SSDEEP
  
  768:2sVecKZvvc4Dz2hSW+3bhtEu/j40MZfG/6WzrN43bINQRyflk7OodIuzb:LV+tDCYXe040dRW3b1EfiOo7X
Score

1^/10
behavioral27 behavioral28
- Target
  
  QQLiveExternal.dll
- Size
  
  267KB
- MD5
  
  22a0816d80f5070699c4345f44349465
- SHA1
  
  54f088faacac234b2f3d9658c27c8dc76c95c2a6
- SHA256
  
  783f335519b60ddff50ef7e4c99105cb12389415a92746d8d8d0d816cd92d324
- SHA512
  
  eda0f28862067b61d2121e7bb43ff2100653643e9ce8ef3ddb5c3b04c91c1ada3c3d06b1ee393d3c84e938abe96d39576e9f85b79cd49feb77d40e48c7239b06
- SSDEEP
  
  6144:WAmSFx6t5/Q0pyl5D2SiWmVcPlmvaXbsm8qIJOPGY16AAz:Kuwta0pwBipEbTm4Az
Score

1^/10
behavioral29 behavioral30
- Target
  
  QQLiveService.exe
- Size
  
  63KB
- MD5
  
  b0a0c45ded8a120db053d1f44a4f4d15
- SHA1
  
  690bb104c2222252703297a145736dfd37c9da1a
- SHA256
  
  64273ede2284f9b20f418bb562615b247f2431af7f53abdf39014e231cea4312
- SHA512
  
  4710dbf5dbe5875a2224c7e54f53ba7c6c64ed4f4dcc2eabc76d38ae1b9ef7d7ad8d4b1fe0cb0b386ea1ad8b014c2fa7b760a404116520296f5e22b704dfd4d6
- SSDEEP
  
  768:oiSuL5EdIAqO2T1pmhX3/EKecBaisAXyrn1BkRaKifwNb0k/OjKdd9uDwGbS:nL5EdIAx2TzmhsjcBaif5aGOj6dEA
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Writes to the Master Boot Record (MBR)

Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32