Overview

overview

9

Static

static

9

b6138bd31f...73.exe

windows7-x64

7

b6138bd31f...73.exe

windows10-2004-x64

7

$PLUGINSDIR/LogEx.dll

windows7-x64

3

$PLUGINSDIR/LogEx.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

CrashReport.exe

windows7-x64

1

CrashReport.exe

windows10-2004-x64

1

InstallSys...ce.bat

windows7-x64

8

InstallSys...ce.bat

windows10-2004-x64

8

SystemClockHook.dll

windows7-x64

1

SystemClockHook.dll

windows10-2004-x64

1

SystemCloc...st.exe

windows7-x64

1

SystemCloc...st.exe

windows10-2004-x64

1

SystemCloc...64.exe

windows7-x64

6

SystemCloc...64.exe

windows10-2004-x64

7

SystemCloc...64.dll

windows7-x64

1

SystemCloc...64.dll

windows10-2004-x64

1

SystemTime...ce.exe

windows7-x64

1

SystemTime...ce.exe

windows10-2004-x64

1

UninstallS...ce.bat

windows7-x64

8

UninstallS...ce.bat

windows10-2004-x64

8

YXCalendar.exe

windows7-x64

6

YXCalendar.exe

windows10-2004-x64

6

YXCapture.dll

windows7-x64

1

YXCapture.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    b6138bd31f0930d6f489ac8ef0dad8333b30bcebc51c0940b19ab4cb3ffbab73

  • Size

    7.1MB

  • Sample

    240612-e6wkls1cnp

  • MD5

    be9a87d9ac301266af08218734ff4224

  • SHA1

    c46026f4015bed9ecf183be84c60c230b291a0db

  • SHA256

    b6138bd31f0930d6f489ac8ef0dad8333b30bcebc51c0940b19ab4cb3ffbab73

  • SHA512

    7c8a31d0c92ec948f4788160b4233316746ae32adb0341f80f050c2abce4a23b6987f4123b6da5d5d51afb182bce662d694f434dee711732d9c780a0504035d4

  • SSDEEP

    196608:Qbf0n7QqLlUTuyTfcD4RmT5HdIFbyTu25SmF/5:QbG7Qq+h0YM9Mby/5Sm3

Score
9/10
evasionexecutionoss_akpersistence

Malware Config

Targets

    • Target

      b6138bd31f0930d6f489ac8ef0dad8333b30bcebc51c0940b19ab4cb3ffbab73

    • Size

      7.1MB

    • MD5

      be9a87d9ac301266af08218734ff4224

    • SHA1

      c46026f4015bed9ecf183be84c60c230b291a0db

    • SHA256

      b6138bd31f0930d6f489ac8ef0dad8333b30bcebc51c0940b19ab4cb3ffbab73

    • SHA512

      7c8a31d0c92ec948f4788160b4233316746ae32adb0341f80f050c2abce4a23b6987f4123b6da5d5d51afb182bce662d694f434dee711732d9c780a0504035d4

    • SSDEEP

      196608:Qbf0n7QqLlUTuyTfcD4RmT5HdIFbyTu25SmF/5:QbG7Qq+h0YM9Mby/5Sm3

    Score
    7/10

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/LogEx.dll

    • Size

      44KB

    • MD5

      0f96d9eb959ad4e8fd205e6d58cf01b8

    • SHA1

      7c45512cbdb24216afd23a9e8cdce0cfeaa7660f

    • SHA256

      57ede354532937e38c4ae9da3710ee295705ea9770c402dfb3a5c56a32fd4314

    • SHA512

      9f3afb61d75ac7b7dc84abcbf1b04f759b7055992d46140dc5dcc269aed22268d044ee8030f5ea260bbb912774e5bbb751560c16e54efa99c700b9fc7d48832c

    • SSDEEP

      384:w4NSXFjXCATBAQR4F1Y5u6I3wa4W7KNP66BjLjyXB0JyuDchv8EnohgSil2X:woaF+ATCQye/I3KWmxj00Jyb8Enov

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/inetc.dll

    • Size

      434KB

    • MD5

      210f551d877a262fa2b32fa23289ffda

    • SHA1

      a527a7b94711146843e1dd78b61b1ba78dce2a26

    • SHA256

      2fd047e73350f864d85b2bc128ec19cc30b7d47db656aad08aa7923155ab4f97

    • SHA512

      ba9486f02b602e0208cca4f1ca64d3f2f601cbd239ebc8b11e5b80d55dc7eab0d0bfcb20444e505a2e3b4fd3ac5a0c9cb5e1b3753e4aa302c70770453ea798a6

    • SSDEEP

      6144:Olat1rg5hb6fAEHWAxpEFrFQhi4oOkM4lpfO8BgKL8OxwFCLGZXj:o4g5hbg1WAxpEJFXFlF1gqxwFCL

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      6c3f8c94d0727894d706940a8a980543

    • SHA1

      0d1bcad901be377f38d579aafc0c41c0ef8dcefd

    • SHA256

      56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

    • SHA512

      2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

    • SSDEEP

      96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc

    Score
    3/10
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      4KB

    • MD5

      f0438a894f3a7e01a4aae8d1b5dd0289

    • SHA1

      b058e3fcfb7b550041da16bf10d8837024c38bf6

    • SHA256

      30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

    • SHA512

      f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

    • SSDEEP

      48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj

    Score
    3/10
    behavioral11behavioral12

    • Target

      CrashReport.exe

    • Size

      1.1MB

    • MD5

      9983f02133e3a9b7c374f49ebef1bb22

    • SHA1

      e58815eb8b034c1cd3d24efd8fabb96dc9fbb2b9

    • SHA256

      3124871115df9aa1b5883810ef517f3c6b628314cc027f7d9242299677adde13

    • SHA512

      167db0c962d4bea4c98743844a94cba6826b6e79a895903736db33955fe7f4a5fa01fad292681c8298de97f39eed7c9bc4c2e89546f99921711843fbc565fbae

    • SSDEEP

      24576:VHtxJLzqmtRRYzFS5jyedubyjiIf9uNftb7AIAewvYj9tLd1abOVnt59RoKcZ86l:RHBWoRyzqjyedubyWIf9uNfV7AIAewvN

    Score
    1/10
    behavioral13behavioral14

    • Target

      InstallSystemTimeSyncService.bat

    • Size

      179B

    • MD5

      a7064c6865c7e3c53d34c6eaf693aa03

    • SHA1

      f000692f607e2cf6a88c8f68ea6d9313619d5356

    • SHA256

      55c6a33051fdcd000084593d093ad02863fe97068609f27e8de16901935baf52

    • SHA512

      837ce7186ce58ab18a25c45af571eba78048473745b309cbe54bac435a56dc77dc9d65f3f07645b8dde501a99c6157cd9caebbda27cfb3085f90e466c7fd9a90

    Score
    8/10
    executionpersistence
    behavioral15behavioral16

    • Target

      SystemClockHook.dll

    • Size

      221KB

    • MD5

      a7d86ed5997983ec1f994ac6db0f9528

    • SHA1

      698b6a99c3d6fab20213b70be2f865fcf04cbd1d

    • SHA256

      6c8bcc59b466e3562f067c9818d41a3cfb3c3a16a0087f1c3b01d0dcccf7cbf2

    • SHA512

      852f69b3c0c28c733e9c05e20ece0837a07ee96b07f042b84a8c6d410e55e8e83d49918c08ed237fa06440cd370bcd460dbcf8a2fe6141a709dc681469452e0b

    • SSDEEP

      3072:c0EoPvvwCwQC2mCGxVBuQa3v90q68JSrfgIwt30yq8LJ3UCMucUYmPhmdV/mYtdY:HEovwCWG3VZFSzgJUGK2rOPJ9

    Score
    1/10
    behavioral17behavioral18

    • Target

      SystemClockHookHost.exe

    • Size

      112KB

    • MD5

      5d445a73c7cfdd4f03c4ad93e6475c57

    • SHA1

      58cde8ed44a766451ee7c47858a3542d103f4284

    • SHA256

      8abc0ec4f912026b300b2a564904577bf4048b435d4b43e26ecf22405d3efd4b

    • SHA512

      9917fe7c15746860360f1db148a3cabea4349a0e66a30b4572b64e3cd4c60d39101be262f57586242cdad42d3f966702d9ab45fe2e7f7ee001c03050da8ce24a

    • SSDEEP

      3072:ECTmgqnd0isEuKVVeOeqsH6/oCJWnBYY7BByncxG:HTxq0isyZ2Bcf

    Score
    1/10
    behavioral19behavioral20

    • Target

      SystemClockHookHost_x64.exe

    • Size

      125KB

    • MD5

      22cb902359ab5b2e14d36c3e47320d44

    • SHA1

      4b62dbc7be7f33c10bf9bdcc4ca0c373dd5b4214

    • SHA256

      94ea02eed6c7cf4e349773e00be51d791c35399b341b1174b12815c50dcb5564

    • SHA512

      e6948e9f993724a508930309ca595f8c4066bcab3f4eef1ccc67da87d536bd2f5ebac13161d413efa47c0e60a3ed4476617010a35fdf4d3fc916fcd210c4adfd

    • SSDEEP

      3072:z9oM7hY27gAzivYQnsQtG7vQZKCUtWVY+9NnnbxwQ:ZFYrOivHnDGy0Y7NaQ

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral21behavioral22

    • Target

      SystemClockHook_x64.dll

    • Size

      257KB

    • MD5

      2b74042ee8dbd812f9be1458b5eb83b5

    • SHA1

      c493e439b61cbb4f552291b078fa08e61bae43c9

    • SHA256

      51c326343e505706ec3c72ba8c9e1fb114b6b2726dd19ab1e41e2bce8c179d23

    • SHA512

      6c9c0fd770c357a440a0f3b0c235ab02184ab3dc060482ed3fb2caf970560c4dd6361096021457cf4981a1d6c75d425754cddb434027a0fb057051fbe00caf61

    • SSDEEP

      6144:94leAGyEHTfGJdgvPVES0/4AFonQBG/82Pdn:jAbEHTuJaX4/4AFyQk/82Pdn

    Score
    1/10
    behavioral23behavioral24

    • Target

      SystemTimeSyncService.exe

    • Size

      337KB

    • MD5

      77d3503b66525f8004abbeddd6edcdcf

    • SHA1

      5b77d1f87981b4e9cbabb89b5e354453895e60ae

    • SHA256

      ade4c7136d191729bf74d271358035b8ee80f533236e221c39b805400718f4d7

    • SHA512

      56f571cd4747b80930279f6d6385aa2c6e0026c49b8264990e2be4dcd56ffee939c5e61870d87468ee36014003f915cf698ed374337f772dd4d5ba22ef360491

    • SSDEEP

      6144:DsVsVdyJQI0QOAKmTkayBnDpFgW50w92J4+D5rqGfnEAOAd6GN1FOh+V:DsugIQOZEdyBDpSWFOtvfEqdtXFOh+V

    Score
    1/10
    behavioral25behavioral26

    • Target

      UninstallSystemTimeSyncService.bat

    • Size

      72B

    • MD5

      266baae5a3f6cf8a9838dce0aa04fa87

    • SHA1

      862c70a5d15778a8ec77dee6098ed169cb931cdc

    • SHA256

      ee7fa177b3262fd07801cb129b122cd42bc66e61f6b7f3b9b10a837c563d645a

    • SHA512

      676affd8f44d6c26be5315bbaf016e70dd6ee5df6722684015e6c8fa83a62edf8c47d73d3f119666c19377f1ba33d0449662ed9001a564bc26f9d721bf035dee

    Score
    8/10
    evasionexecution
    behavioral27behavioral28

    • Target

      YXCalendar.exe

    • Size

      8.7MB

    • MD5

      18418c7f12becb03f65121f37f50c284

    • SHA1

      fbb2bd6f4494dc9e8798c0e2209de2967af69f80

    • SHA256

      7b59ce0108b3474df9c3282afee1cfc41e0e572d5cf7b2cb72c3cc64ce77bd7b

    • SHA512

      d546d4df4055c163aa2592423b92b82275e2a144cd713d1be513e02893cf223b216da6ef9a473acaaff3a2f01ff4f75780b484ae25403b9cc5fc51f4895a12b1

    • SSDEEP

      196608:jIwzaWxdeNctICkmDcoPTDZ/tTpIhFeXawoE0D+JMvd:jIwHxd9tDcoHZ1wKS

    Score
    6/10
    persistence
    behavioral29behavioral30

    • Target

      YXCapture.dll

    • Size

      607KB

    • MD5

      5c67357fca4bbebb215b8dbf1d617300

    • SHA1

      4e56bef46f87ede792cb8015eff59eb430896627

    • SHA256

      96290694a953e721c87d1b30c02190598f93a77e9f58fe0c0e584d5214a3a27e

    • SHA512

      e24bd58be87bca99f5e68096fef7a3ea067d26146142dd1e53279bbb60207783562f2d9732bb257e68b3f75a1ab46129def472e3c76f1500f92a5f0c56df98a2

    • SSDEEP

      12288:Bl6rwCkTDoxkYbAQpJUnFDQnCWK9tmyDHdmNs:Bl6r9AKI2nCTKit

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

oss_ak
Score
9/10

behavioral1

Score
7/10

behavioral2

Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

executionpersistence
Score
8/10

behavioral16

executionpersistence
Score
8/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

persistence
Score
6/10

behavioral22

persistence
Score
7/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

evasionexecution
Score
8/10

behavioral28

evasionexecution
Score
8/10

behavioral29

persistence
Score
6/10

behavioral30

persistence
Score
6/10

behavioral31

Score
1/10

behavioral32

Score
1/10