eb8afbda006962da47bf99f5ecc2d73ae2d51f293965ae4ad637acbf55108645

Sharing

Copy URL Twitter E-mail

General

Target

Motrix-Setup-1.8.19.exe
Size

121.8MB
Sample

240613-mwpy3szbnm
MD5

c53b2a5f07f9770c386924b16fe1c9ee
SHA1

e48a9b679bb6e12fcafab478f7e43e71469bf81d
SHA256

eb8afbda006962da47bf99f5ecc2d73ae2d51f293965ae4ad637acbf55108645
SHA512

b8af895ba86f77ed5837b8a65580ec828b45fab647998bc1c82dc82426b857340a4306fc5222a6fb64c0f1c338bb221b90d8f563c7c7aa87d46664722ad56ab9
SSDEEP

3145728:Ow2shPuu5vzMLrU6LNspoWZ2shPuZYGC04/Yl3i:b2sEu5gfY2sEZsX

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  Motrix-Setup-1.8.19.exe
- Size
  
  121.8MB
- MD5
  
  c53b2a5f07f9770c386924b16fe1c9ee
- SHA1
  
  e48a9b679bb6e12fcafab478f7e43e71469bf81d
- SHA256
  
  eb8afbda006962da47bf99f5ecc2d73ae2d51f293965ae4ad637acbf55108645
- SHA512
  
  b8af895ba86f77ed5837b8a65580ec828b45fab647998bc1c82dc82426b857340a4306fc5222a6fb64c0f1c338bb221b90d8f563c7c7aa87d46664722ad56ab9
- SSDEEP
  
  3145728:Ow2shPuu5vzMLrU6LNspoWZ2shPuZYGC04/Yl3i:b2sEu5gfY2sEZsX
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/app-32.7z
- Size
  
  58.9MB
- MD5
  
  721954e061107f6536d40b7871efd239
- SHA1
  
  fbd70cd00112a2f200bb4ad4b6b826027df65765
- SHA256
  
  4b2bbdd4dd8a7cb44b885263c518dd96065a362def7680553164d1b7cc016e05
- SHA512
  
  40a5fc71bfa3a41a5696deea2897eb99ab8cbc28487e486046e34a0ef309079e0b030c49612208348b358e21386d6c286a9a062b23fe0d80bfae1128ca80c913
- SSDEEP
  
  1572864:n2shceP6lrFYXNfYx1nhAZFo4rL2n97X3F:n2shPuZYGC04/Yl3F
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  62.3MB
- MD5
  
  17d3837d36286bc6124d90de8f1f5e30
- SHA1
  
  56d0a158923aca8ee26bdeed332e3564ea4c9f14
- SHA256
  
  b507f09caa62856e4f1ddd1b849953e33c4fe1369135659430b1022a84d4377d
- SHA512
  
  e813bddbb816389255dcb8e08ff761af282fa7f4f2aea586cf3c42bb0f93dc4f298c38a68a78f039c2fa0b5dc5ac332e6ad061923686126acb8347a7b5d878ae
- SSDEEP
  
  786432:B2SRCglcePNElu1psFKRjvP7FaQmd2SruPRBUWqBMkX0OHqSskid3yGG2NpWEqdm:B2shceP6ltMRjvP7MLrU6NZNsp7UJoII
Score

3^/10
behavioral13 behavioral14
- Target
  
  locales/ta.pak
- Size
  
  936KB
- MD5
  
  f100566697a96ce1f0a0c7e0bbfbe36d
- SHA1
  
  4c80a4930ba7d174c4203c199492463242bddf62
- SHA256
  
  7e818deedd50a533851bbf08e056bf2ad8d45f442a1a61d9b48e66804ea848db
- SHA512
  
  dfa6132a5b7e819e8d326bf5ee539d9ecb2dcd7fea429c75afec2291df9eeead6fa347b01f9feaf2235bce627fd39116176195f7a3d7d74de28951f939db1645
- SSDEEP
  
  3072:A/8IEMgtILv22ElYNWwRY/q5pG7zctR1cA2F:A/8ggtSgmZRY/q5uzctR1cA2F
Score

3^/10
behavioral15 behavioral16
- Target
  
  locales/te.pak
- Size
  
  869KB
- MD5
  
  b1b6a9e3a04be79080ebbfacc1a0eb2d
- SHA1
  
  a5c8eb6a930062f6021d073d5f74ae146dc7fbc8
- SHA256
  
  d839531c4ff4a2885c993e0d358f78667215b0950c77a06ef01a6acff9221c5b
- SHA512
  
  bf0b163c8fc3988bfeb3cbb4b981596ce5afdf7e40149622fc3b60994e7d8efa5bb24c830036d168a6638feca48b8755aefa8640faae37055cae8fffb6a85568
- SSDEEP
  
  12288:WalFrABW3p1F9YKiTlwJAg5NFOodr/8f4JOQvmEC28+5HX0DTq9OyUpzAkm9dGMI:WalF0cs53MlU
Score

3^/10
behavioral17 behavioral18
- Target
  
  locales/th.pak
- Size
  
  731KB
- MD5
  
  a970b7e9d3aec2cd1b8ab798b3179f07
- SHA1
  
  bf17a7e80e01ac1704a1efdf27baf271b4c21e36
- SHA256
  
  cd80bf232f2f128a3d411f52c8039987559dbc1055f746eed6e0e8478b116dc1
- SHA512
  
  880555a2ac2f278aecb8794d8cc51f0833052e9f4ca187ed91fa35bb475e68ae3255cfe1dc074eac960c73c203e62c6b38077b266f5fab66ccc3ca73e94d4d60
- SSDEEP
  
  12288:EwLc31Mkgs3s5UvfcLRfl1mj83v6DoTGjyeuLAD57Kle9dwn7j9Fv3o09XAyFH1p:EExSK5h5N
Score

3^/10
behavioral19 behavioral20
- Target
  
  locales/tr.pak
- Size
  
  371KB
- MD5
  
  46f9b2a35efdf1120a8a946e4f1d0115
- SHA1
  
  af7bec1fba32d912b50288a7d988440627e4ee85
- SHA256
  
  b22fc7b75c52cc142f201d5cf107d17c1b173a494a6add022127f559fb46bcb0
- SHA512
  
  cd67f9c328408a8295f224aec190c7c411a868755fc5c9e90b4985b3c41a05d6d34dd30d4a3866f6c24e1d640f4c324bfba8c7ab806a6b216151cf0a504a03d7
- SSDEEP
  
  6144:1Pk7AA4K9G2Px9DOjKW8IuTu7AT7W5geL5J/D+6Mi1/BvEBVwiBcJmt:eMdKQ259CB1s7q5J/y
Score

3^/10
behavioral21 behavioral22
- Target
  
  locales/uk.pak
- Size
  
  634KB
- MD5
  
  3b2a976a25dca963e91df3695c502d8c
- SHA1
  
  ce7ae51211f512c3723bb43ea0de9e6debb70597
- SHA256
  
  28ea88f19b2c34699d535ca0c691449b7e4001c12e8aed8d04b2078916e88a37
- SHA512
  
  ba41ee074239afdf8f194b4ccb33060fa9655e3ccdac6a16090959d3214f8db15396b3e038d7de26c478fdd003472f680d2b6ac9a92acaf6ebf8aa258747ecc6
- SSDEEP
  
  12288:9ho+Aqwniyv1mNLtN1nBxs5fB3IjltE07kLNiXEFqS/V2:9ho+kiC52Ei
Score

3^/10
behavioral23 behavioral24
- Target
  
  locales/ur.pak
- Size
  
  552KB
- MD5
  
  ba86f1f13fdc37a2c48c1da34c84f4c4
- SHA1
  
  2f1578d0eee76e60effb63967712b15c0d56829e
- SHA256
  
  4c7affdcc324cd791d10e235da809ce7501e8005be64340b6e8bf5595647a707
- SHA512
  
  fb2fe1548574da860bf27408a4f29d781fcefc300f744f4214843f343e343ad8bae29cb7047f87f5c3277641f561c6a30e5bc9d6490afbefc7af36974305a688
- SSDEEP
  
  12288:+ebg/8PzMVEOyMKdAMBa5UUEA2Wb9YQYrtu+co/9NjjFpvJ1:+XHD5gWQ
Score

3^/10
behavioral25 behavioral26
- Target
  
  locales/vi.pak
- Size
  
  439KB
- MD5
  
  065179c466c5b7457e249f11d152b99f
- SHA1
  
  cfc05e9dfb91b2af2944aed4718fa05b43844914
- SHA256
  
  b75694e390bd2e20780b3bc72f6e1473ba45d7537c27642a7d888dfd3bb6c3bb
- SHA512
  
  fb598391a028b7d3c7e25cae21ccfde655e6f871e498767a54f7cf0d5d4e48207213cd2598ca88e4f46c303cd2d8175238a5a5b720ab37beec1873d681165a8d
- SSDEEP
  
  12288:liWu4Bnzm058lwSwS2J6RlV5qhWziZ+UHNJziVyYH:liWxBnzm05kwSr2SX5uEiZ+UtliVyYH
Score

3^/10
behavioral27 behavioral28
- Target
  
  locales/zh-CN.pak
- Size
  
  319KB
- MD5
  
  2febe4ef32e1a3884089908f402ad62f
- SHA1
  
  e65c54adc127b78494dd6189cca71f1c7bd2a5b0
- SHA256
  
  a7ac9fda6f4cd189b75fdadc4b70cd0d369a09b66eaeb5d032678cb97ffc98f6
- SHA512
  
  8e8b030af4c952c32ec277850d5573414630ff5196eaed52820f44e9c5bd03ab6f71a8add19215b0456eed859be0d5a6f28d48e12f1677d39842f35feffd5e57
- SSDEEP
  
  6144:1n8PHtbPARLb7SnZKVtRU/0k5UNzRMLUyl1:1n8fgenZKfR/k5UNzRMZ
Score

3^/10
behavioral29 behavioral30
- Target
  
  locales/zh-TW.pak
- Size
  
  316KB
- MD5
  
  02e9e0bc5c30ca60a869ea761fb662eb
- SHA1
  
  c5200f692544b681af8757627da430aeea4283ee
- SHA256
  
  c5061ec00bd969f76f3c0c6ff15ddacafed7491260bd8ced78118691ba57bdff
- SHA512
  
  07b5f401f89dfc36499a3e74318b471d9b2e795dc363dfd5a9394089d4783a4b51fd78e2092701b6974f1c51020f3b5f81171ce21690f8547ff3c8f3d54ce781
- SSDEEP
  
  6144:yulvlGyS2kZuhv2hl4a85DuzpE49/9ywTl:N9Ag2hl4a85Duz2U/f
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32