Overview
overview
7Static
static
332a40983b6...d7.exe
windows7-x64
732a40983b6...d7.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$SYSDIR/SW...KF.dll
windows7-x64
5$SYSDIR/SW...KF.dll
windows10-2004-x64
5$SYSDIR/mfc42.dll
windows7-x64
1$SYSDIR/mfc42.dll
windows10-2004-x64
1$SYSDIR/msvcp60.dll
windows7-x64
3$SYSDIR/msvcp60.dll
windows10-2004-x64
3$SYSDIR/msvcrt.dll
windows7-x64
1$SYSDIR/msvcrt.dll
windows10-2004-x64
1$_2_/windo...KF.dll
windows7-x64
5$_2_/windo...KF.dll
windows10-2004-x64
5$_2_/windo...42.dll
windows7-x64
1$_2_/windo...42.dll
windows10-2004-x64
1$_2_/windo...60.dll
windows7-x64
3$_2_/windo...60.dll
windows10-2004-x64
3$_2_/windo...rt.dll
windows7-x64
1$_2_/windo...rt.dll
windows10-2004-x64
1SWUKey_Reg.exe
windows7-x64
1SWUKey_Reg.exe
windows10-2004-x64
1SWUKey_SafeHelper.dll
windows7-x64
5SWUKey_SafeHelper.dll
windows10-2004-x64
5SWUKey_Srv.exe
windows7-x64
1SWUKey_Srv.exe
windows10-2004-x64
1SWUKey_Tool.exe
windows7-x64
1SWUKey_Tool.exe
windows10-2004-x64
1General
-
Target
32a40983b6c68d9da41a1c40c24295a6dae68d06e07adf9358c4021b7f4543d7.exe
-
Size
2.2MB
-
Sample
240614-bje3kasgpm
-
MD5
738c1b8d6a22d7cbba23d824f54b492a
-
SHA1
616021cc12e54d7cd9aee965dc685f49ea1a32f2
-
SHA256
32a40983b6c68d9da41a1c40c24295a6dae68d06e07adf9358c4021b7f4543d7
-
SHA512
719a0a449526d108bb52fe76420593998d924371cefed924b4a8cfc3074b06c889c73633a6c2a276d1fc07d112817c81836fdef90611bc594e78cf347e60c00d
-
SSDEEP
49152:/Jez33R4PWkth21zcO7/deeckB8GN2IJOqgMuJMAbGDIYBJ:KR1kt0/1eeceBJOGmMAbGDI8
Static task
static1
Behavioral task
behavioral1
Sample
32a40983b6c68d9da41a1c40c24295a6dae68d06e07adf9358c4021b7f4543d7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
32a40983b6c68d9da41a1c40c24295a6dae68d06e07adf9358c4021b7f4543d7.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$SYSDIR/SWUKey_SKF.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
$SYSDIR/SWUKey_SKF.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$SYSDIR/mfc42.dll
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
$SYSDIR/mfc42.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$SYSDIR/msvcp60.dll
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
$SYSDIR/msvcp60.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
$SYSDIR/msvcrt.dll
Resource
win7-20240611-en
Behavioral task
behavioral16
Sample
$SYSDIR/msvcrt.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
$_2_/windows/SysWOW64/SWUKey_SKF.dll
Resource
win7-20240220-en
Behavioral task
behavioral18
Sample
$_2_/windows/SysWOW64/SWUKey_SKF.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
$_2_/windows/SysWOW64/mfc42.dll
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
$_2_/windows/SysWOW64/mfc42.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
$_2_/windows/SysWOW64/msvcp60.dll
Resource
win7-20231129-en
Behavioral task
behavioral22
Sample
$_2_/windows/SysWOW64/msvcp60.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
$_2_/windows/SysWOW64/msvcrt.dll
Resource
win7-20240611-en
Behavioral task
behavioral24
Sample
$_2_/windows/SysWOW64/msvcrt.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral25
Sample
SWUKey_Reg.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
SWUKey_Reg.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
SWUKey_SafeHelper.dll
Resource
win7-20240220-en
Behavioral task
behavioral28
Sample
SWUKey_SafeHelper.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
SWUKey_Srv.exe
Resource
win7-20240419-en
Behavioral task
behavioral30
Sample
SWUKey_Srv.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
SWUKey_Tool.exe
Resource
win7-20231129-en
Behavioral task
behavioral32
Sample
SWUKey_Tool.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
32a40983b6c68d9da41a1c40c24295a6dae68d06e07adf9358c4021b7f4543d7.exe
-
Size
2.2MB
-
MD5
738c1b8d6a22d7cbba23d824f54b492a
-
SHA1
616021cc12e54d7cd9aee965dc685f49ea1a32f2
-
SHA256
32a40983b6c68d9da41a1c40c24295a6dae68d06e07adf9358c4021b7f4543d7
-
SHA512
719a0a449526d108bb52fe76420593998d924371cefed924b4a8cfc3074b06c889c73633a6c2a276d1fc07d112817c81836fdef90611bc594e78cf347e60c00d
-
SSDEEP
49152:/Jez33R4PWkth21zcO7/deeckB8GN2IJOqgMuJMAbGDIYBJ:KR1kt0/1eeceBJOGmMAbGDI8
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
5f35212d7e90ee622b10be39b09bd270
-
SHA1
c4bc9593902adf6daaef37e456dc6100d50d0925
-
SHA256
31944b93e44301974d9c6f810d2da792e34a53dcacd619a08cb0385ac59e513d
-
SHA512
7514810367f56d994c6d5703b56ac16124fab5dfdcfbe337d4413274c1ff9037a2ee623e49ab2fb6227412ab29fcc49a3ada1391910d44c2b5de0adeb3e7c2f0
-
SSDEEP
192:E4n3T5aK+dHCMR1aQR9RuZl3WWmU7WYZsw1JpVGnrjaK72dwF7dBOne:tn3T5KdHCMRD/R1cOnrja+BO
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
fccff8cb7a1067e23fd2e2b63971a8e1
-
SHA1
30e2a9e137c1223a78a0f7b0bf96a1c361976d91
-
SHA256
6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
-
SHA512
f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
-
SSDEEP
192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score3/10 -
-
-
Target
$PLUGINSDIR/UserInfo.dll
-
Size
4KB
-
MD5
acbda33dd5700c122e2fe48e3d4351fd
-
SHA1
2c154baf7c64052ee712b7cdf9c36b7697dd3fc8
-
SHA256
943b33829f9013e4d361482a5c8981ba20a7155c78691dbe02a8f8cd2a02efa0
-
SHA512
d090adf65a74ac5b910b18bb67e989714335e7b4778cd771cff154d7186351a1bebbc7103cca849bdfa2709c991947ffff6c1d8fdf16a74f4dfb614bce3ff6fd
Score3/10 -
-
-
Target
$SYSDIR/SWUKey_SKF.dll
-
Size
1.2MB
-
MD5
1be136ed1d60b798b573328e878dc5f4
-
SHA1
b1de632e11165687d2906da6cb0dcd2f97aa9b1d
-
SHA256
01af8f7bfef64450844ad7b842a7583d2fbf3641ead17d866a43109fa506cfd6
-
SHA512
654da2e9b7b2dad22db1a4605a9a6fb424bd588190e4517b65c585a964a76d57895da90df956a00b75bd2c38e1660c47c367ded85d6481f8cd33015046dfd4cc
-
SSDEEP
24576:4llnP4OAMup+dVf2Ffyl8KuZGavkg3NyIabbTjoIBAUZLYhO:4lNPrAlp+dZ+w8KuZGaXnioIBAUZLYc
Score5/10-
Drops file in System32 directory
-
-
-
Target
$SYSDIR/mfc42.dll
-
Size
956KB
-
MD5
d15fb90410f8714cf6bb958172ca869c
-
SHA1
f592ec94a479362ac6e440143cbd683995fb5b66
-
SHA256
075504f6f1edb5de1a9b60add800e505b84fcbe3528bd06e61490ccd4ae3c1ee
-
SHA512
ee4ca1be5b9ce2c3839bdfb5e20df6122d148441d5d7f4f11f8841e0706267bf7741d42c05b3000493b9eaf7fc8053036593bbeaec634fb9fbb1a2ed06e0b2e6
-
SSDEEP
12288:dmhME0LzspKowr0F3Brq4AHpK8lt9Y32lDbh2o3V2KCkhkt51uyOIDaAx5BdU:8iE0LzWwr0F39Nutr/Uu2jBm
Score1/10 -
-
-
Target
$SYSDIR/msvcp60.dll
-
Size
404KB
-
MD5
bc3b4ff915515cd02e2a3112ffd29250
-
SHA1
4c31a9ba05e4b9beb998b26cf586bc19b4cb8e9d
-
SHA256
e7776a96cec56cd207b38bb0a7c4a41516331f636210a16e9712e2ee2fbc3742
-
SHA512
f2d65218a2f05c472b85fb563f100b9cfaf1685ab157d0bc7d5ea9bcbf03758009c62b06c9364ba87b8514978d642f53f3b5eee40f0a9ad4b47b8537e6f2b9c1
-
SSDEEP
6144:vBpnm3siQ87LJCTf+aZ2A5v3Xm+3OoxHkC78HbxX5:vPQL7L8iaT5/Xm+3OoxHkC7Abb
Score3/10 -
-
-
Target
$SYSDIR/msvcrt.dll
-
Size
335KB
-
MD5
3845ebe57ad6a4efa5e0194285afaef4
-
SHA1
c3a85992d3114d6c7bfba5231aefd3a50556ec6a
-
SHA256
b41c6df12eaa1f12ecb561701a439c6a2c0012497b3233932b3aa9329016d9ac
-
SHA512
17271d6b0e8350e23754701cccee18c2dd31f139908fc9762b18dcb16640afe2a407ed4f14036dca412503a7d1fcb5a173f37f54a04b6206f1ee0f73e7881167
-
SSDEEP
6144:MpRCAOnQoV1UA0eBsdrfBIdXZAvSswMonXxFMniF+NrbsYgWGT1B:EClQu1mIQrJIdXZAvDfC6q0S
Score1/10 -
-
-
Target
$_2_/windows/SysWOW64/SWUKey_SKF.dll
-
Size
1.2MB
-
MD5
1be136ed1d60b798b573328e878dc5f4
-
SHA1
b1de632e11165687d2906da6cb0dcd2f97aa9b1d
-
SHA256
01af8f7bfef64450844ad7b842a7583d2fbf3641ead17d866a43109fa506cfd6
-
SHA512
654da2e9b7b2dad22db1a4605a9a6fb424bd588190e4517b65c585a964a76d57895da90df956a00b75bd2c38e1660c47c367ded85d6481f8cd33015046dfd4cc
-
SSDEEP
24576:4llnP4OAMup+dVf2Ffyl8KuZGavkg3NyIabbTjoIBAUZLYhO:4lNPrAlp+dZ+w8KuZGaXnioIBAUZLYc
Score5/10-
Drops file in System32 directory
-
-
-
Target
$_2_/windows/SysWOW64/mfc42.dll
-
Size
956KB
-
MD5
d15fb90410f8714cf6bb958172ca869c
-
SHA1
f592ec94a479362ac6e440143cbd683995fb5b66
-
SHA256
075504f6f1edb5de1a9b60add800e505b84fcbe3528bd06e61490ccd4ae3c1ee
-
SHA512
ee4ca1be5b9ce2c3839bdfb5e20df6122d148441d5d7f4f11f8841e0706267bf7741d42c05b3000493b9eaf7fc8053036593bbeaec634fb9fbb1a2ed06e0b2e6
-
SSDEEP
12288:dmhME0LzspKowr0F3Brq4AHpK8lt9Y32lDbh2o3V2KCkhkt51uyOIDaAx5BdU:8iE0LzWwr0F39Nutr/Uu2jBm
Score1/10 -
-
-
Target
$_2_/windows/SysWOW64/msvcp60.dll
-
Size
404KB
-
MD5
bc3b4ff915515cd02e2a3112ffd29250
-
SHA1
4c31a9ba05e4b9beb998b26cf586bc19b4cb8e9d
-
SHA256
e7776a96cec56cd207b38bb0a7c4a41516331f636210a16e9712e2ee2fbc3742
-
SHA512
f2d65218a2f05c472b85fb563f100b9cfaf1685ab157d0bc7d5ea9bcbf03758009c62b06c9364ba87b8514978d642f53f3b5eee40f0a9ad4b47b8537e6f2b9c1
-
SSDEEP
6144:vBpnm3siQ87LJCTf+aZ2A5v3Xm+3OoxHkC78HbxX5:vPQL7L8iaT5/Xm+3OoxHkC7Abb
Score3/10 -
-
-
Target
$_2_/windows/SysWOW64/msvcrt.dll
-
Size
335KB
-
MD5
3845ebe57ad6a4efa5e0194285afaef4
-
SHA1
c3a85992d3114d6c7bfba5231aefd3a50556ec6a
-
SHA256
b41c6df12eaa1f12ecb561701a439c6a2c0012497b3233932b3aa9329016d9ac
-
SHA512
17271d6b0e8350e23754701cccee18c2dd31f139908fc9762b18dcb16640afe2a407ed4f14036dca412503a7d1fcb5a173f37f54a04b6206f1ee0f73e7881167
-
SSDEEP
6144:MpRCAOnQoV1UA0eBsdrfBIdXZAvSswMonXxFMniF+NrbsYgWGT1B:EClQu1mIQrJIdXZAvDfC6q0S
Score1/10 -
-
-
Target
SWUKey_Reg.exe
-
Size
24KB
-
MD5
4c0e759b226ec3648dc7844fb6626ec8
-
SHA1
332f20d6cad5a4b1d17c7b715c1ee3e7fdcdd252
-
SHA256
6f1b54173e2e1f32177a02917ad38deb9b2ea8db7aabdb7f1c052c9060139d65
-
SHA512
2006563bc8bd70f252ee5afd79936624ccef1eed2f45d9389809023657c20c5a474b1fe40ae24d25d778aedae352b7b3521ceb532da0c977c284d860216e4991
-
SSDEEP
192:9O5Ix3YualCR9vI0YG9cYG9IcM6uxQ/m639dhrg1mDHS1oyn+v+4gsBvOnehovEZ:Z9wy969IcM6Q6lo1oVvakRR
Score1/10 -
-
-
Target
SWUKey_SafeHelper.dll
-
Size
405KB
-
MD5
86607d168fa412a18a07be978fa209a4
-
SHA1
fc92a3f5441f85495b4283aab5d732cdc67b2c37
-
SHA256
90ce225b171aa529ee41799194b6833725b3daca0ab87091beadd2f22f17449c
-
SHA512
841a2eab068a4815db982b11692f984d0773f141d03582154b6b89883b2a7ec0857d7b3032aa5e5b1c9dfe6d8c77e1045d93d7569e19739bc90252537c0897ac
-
SSDEEP
6144:9wWsVDmqbOBfiGSOpcWKdsuYW29L+wT2W2sMmQHW4ZCeh8xCO9AskRG0Ev7M:9wRVKqbaiGrQwyW2hnQG49eGTTM
Score5/10-
Drops file in System32 directory
-
-
-
Target
SWUKey_Srv.exe
-
Size
56KB
-
MD5
4c2f0b298ff5a3dfc6c4224be83b40a0
-
SHA1
efef634b07a4ad9f380196e72b7110555051a161
-
SHA256
93e9290e23a74da8e1b9d99bead7384ab328f10b2c32bcbd0219d2347045efcf
-
SHA512
a15b63253ae12ebcc71f74150b3671b201ce622f3f4961cc1fca674e8f8ae78674d0903d82908d849204a419df44c21099d95c9ca5a9cffd2f4449a59006c1a6
-
SSDEEP
1536:QWBdebty7f2ku+BeipJiRRR0CiXBXjMRb0tfaog3i:xik2ku+BeipJoYCiXVjMRb0tbg3i
Score1/10 -
-
-
Target
SWUKey_Tool.exe
-
Size
1.9MB
-
MD5
efc72e1265ed6361a1a6940df32a18d0
-
SHA1
7abbe56db8f028d1f70793bba0f50f143bb6cce4
-
SHA256
319299b6e912baa13a51c56b07d42fb7fc1dc00a50329dff5141c14f2d013773
-
SHA512
bf1589a707fcea473e64d2d21453c0f3e5af060d8d36629bd4dd16d5a04b701b89205d21adbbf9f5bcba47efebfe07b19b459dd12a73556702e08e42120380d2
-
SSDEEP
49152:KxYjHMu+eo0dfQocuZDHM5Q5vYbJfGYeXEVoU/o8M8PKb5:aYjH7+ehdfQlcM5Q5vYVuYeXEVB/o8M8
Score1/10 -