General

  • Target

    32a40983b6c68d9da41a1c40c24295a6dae68d06e07adf9358c4021b7f4543d7.exe

  • Size

    2.2MB

  • Sample

    240614-bje3kasgpm

  • MD5

    738c1b8d6a22d7cbba23d824f54b492a

  • SHA1

    616021cc12e54d7cd9aee965dc685f49ea1a32f2

  • SHA256

    32a40983b6c68d9da41a1c40c24295a6dae68d06e07adf9358c4021b7f4543d7

  • SHA512

    719a0a449526d108bb52fe76420593998d924371cefed924b4a8cfc3074b06c889c73633a6c2a276d1fc07d112817c81836fdef90611bc594e78cf347e60c00d

  • SSDEEP

    49152:/Jez33R4PWkth21zcO7/deeckB8GN2IJOqgMuJMAbGDIYBJ:KR1kt0/1eeceBJOGmMAbGDI8

Score
7/10

Malware Config

Targets

    • Target

      32a40983b6c68d9da41a1c40c24295a6dae68d06e07adf9358c4021b7f4543d7.exe

    • Size

      2.2MB

    • MD5

      738c1b8d6a22d7cbba23d824f54b492a

    • SHA1

      616021cc12e54d7cd9aee965dc685f49ea1a32f2

    • SHA256

      32a40983b6c68d9da41a1c40c24295a6dae68d06e07adf9358c4021b7f4543d7

    • SHA512

      719a0a449526d108bb52fe76420593998d924371cefed924b4a8cfc3074b06c889c73633a6c2a276d1fc07d112817c81836fdef90611bc594e78cf347e60c00d

    • SSDEEP

      49152:/Jez33R4PWkth21zcO7/deeckB8GN2IJOqgMuJMAbGDIYBJ:KR1kt0/1eeceBJOGmMAbGDI8

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      5f35212d7e90ee622b10be39b09bd270

    • SHA1

      c4bc9593902adf6daaef37e456dc6100d50d0925

    • SHA256

      31944b93e44301974d9c6f810d2da792e34a53dcacd619a08cb0385ac59e513d

    • SHA512

      7514810367f56d994c6d5703b56ac16124fab5dfdcfbe337d4413274c1ff9037a2ee623e49ab2fb6227412ab29fcc49a3ada1391910d44c2b5de0adeb3e7c2f0

    • SSDEEP

      192:E4n3T5aK+dHCMR1aQR9RuZl3WWmU7WYZsw1JpVGnrjaK72dwF7dBOne:tn3T5KdHCMRD/R1cOnrja+BO

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      fccff8cb7a1067e23fd2e2b63971a8e1

    • SHA1

      30e2a9e137c1223a78a0f7b0bf96a1c361976d91

    • SHA256

      6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

    • SHA512

      f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

    • SSDEEP

      192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4

    Score
    3/10
    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      acbda33dd5700c122e2fe48e3d4351fd

    • SHA1

      2c154baf7c64052ee712b7cdf9c36b7697dd3fc8

    • SHA256

      943b33829f9013e4d361482a5c8981ba20a7155c78691dbe02a8f8cd2a02efa0

    • SHA512

      d090adf65a74ac5b910b18bb67e989714335e7b4778cd771cff154d7186351a1bebbc7103cca849bdfa2709c991947ffff6c1d8fdf16a74f4dfb614bce3ff6fd

    Score
    3/10
    • Target

      $SYSDIR/SWUKey_SKF.dll

    • Size

      1.2MB

    • MD5

      1be136ed1d60b798b573328e878dc5f4

    • SHA1

      b1de632e11165687d2906da6cb0dcd2f97aa9b1d

    • SHA256

      01af8f7bfef64450844ad7b842a7583d2fbf3641ead17d866a43109fa506cfd6

    • SHA512

      654da2e9b7b2dad22db1a4605a9a6fb424bd588190e4517b65c585a964a76d57895da90df956a00b75bd2c38e1660c47c367ded85d6481f8cd33015046dfd4cc

    • SSDEEP

      24576:4llnP4OAMup+dVf2Ffyl8KuZGavkg3NyIabbTjoIBAUZLYhO:4lNPrAlp+dZ+w8KuZGaXnioIBAUZLYc

    Score
    5/10
    • Drops file in System32 directory

    • Target

      $SYSDIR/mfc42.dll

    • Size

      956KB

    • MD5

      d15fb90410f8714cf6bb958172ca869c

    • SHA1

      f592ec94a479362ac6e440143cbd683995fb5b66

    • SHA256

      075504f6f1edb5de1a9b60add800e505b84fcbe3528bd06e61490ccd4ae3c1ee

    • SHA512

      ee4ca1be5b9ce2c3839bdfb5e20df6122d148441d5d7f4f11f8841e0706267bf7741d42c05b3000493b9eaf7fc8053036593bbeaec634fb9fbb1a2ed06e0b2e6

    • SSDEEP

      12288:dmhME0LzspKowr0F3Brq4AHpK8lt9Y32lDbh2o3V2KCkhkt51uyOIDaAx5BdU:8iE0LzWwr0F39Nutr/Uu2jBm

    Score
    1/10
    • Target

      $SYSDIR/msvcp60.dll

    • Size

      404KB

    • MD5

      bc3b4ff915515cd02e2a3112ffd29250

    • SHA1

      4c31a9ba05e4b9beb998b26cf586bc19b4cb8e9d

    • SHA256

      e7776a96cec56cd207b38bb0a7c4a41516331f636210a16e9712e2ee2fbc3742

    • SHA512

      f2d65218a2f05c472b85fb563f100b9cfaf1685ab157d0bc7d5ea9bcbf03758009c62b06c9364ba87b8514978d642f53f3b5eee40f0a9ad4b47b8537e6f2b9c1

    • SSDEEP

      6144:vBpnm3siQ87LJCTf+aZ2A5v3Xm+3OoxHkC78HbxX5:vPQL7L8iaT5/Xm+3OoxHkC7Abb

    Score
    3/10
    • Target

      $SYSDIR/msvcrt.dll

    • Size

      335KB

    • MD5

      3845ebe57ad6a4efa5e0194285afaef4

    • SHA1

      c3a85992d3114d6c7bfba5231aefd3a50556ec6a

    • SHA256

      b41c6df12eaa1f12ecb561701a439c6a2c0012497b3233932b3aa9329016d9ac

    • SHA512

      17271d6b0e8350e23754701cccee18c2dd31f139908fc9762b18dcb16640afe2a407ed4f14036dca412503a7d1fcb5a173f37f54a04b6206f1ee0f73e7881167

    • SSDEEP

      6144:MpRCAOnQoV1UA0eBsdrfBIdXZAvSswMonXxFMniF+NrbsYgWGT1B:EClQu1mIQrJIdXZAvDfC6q0S

    Score
    1/10
    • Target

      $_2_/windows/SysWOW64/SWUKey_SKF.dll

    • Size

      1.2MB

    • MD5

      1be136ed1d60b798b573328e878dc5f4

    • SHA1

      b1de632e11165687d2906da6cb0dcd2f97aa9b1d

    • SHA256

      01af8f7bfef64450844ad7b842a7583d2fbf3641ead17d866a43109fa506cfd6

    • SHA512

      654da2e9b7b2dad22db1a4605a9a6fb424bd588190e4517b65c585a964a76d57895da90df956a00b75bd2c38e1660c47c367ded85d6481f8cd33015046dfd4cc

    • SSDEEP

      24576:4llnP4OAMup+dVf2Ffyl8KuZGavkg3NyIabbTjoIBAUZLYhO:4lNPrAlp+dZ+w8KuZGaXnioIBAUZLYc

    Score
    5/10
    • Drops file in System32 directory

    • Target

      $_2_/windows/SysWOW64/mfc42.dll

    • Size

      956KB

    • MD5

      d15fb90410f8714cf6bb958172ca869c

    • SHA1

      f592ec94a479362ac6e440143cbd683995fb5b66

    • SHA256

      075504f6f1edb5de1a9b60add800e505b84fcbe3528bd06e61490ccd4ae3c1ee

    • SHA512

      ee4ca1be5b9ce2c3839bdfb5e20df6122d148441d5d7f4f11f8841e0706267bf7741d42c05b3000493b9eaf7fc8053036593bbeaec634fb9fbb1a2ed06e0b2e6

    • SSDEEP

      12288:dmhME0LzspKowr0F3Brq4AHpK8lt9Y32lDbh2o3V2KCkhkt51uyOIDaAx5BdU:8iE0LzWwr0F39Nutr/Uu2jBm

    Score
    1/10
    • Target

      $_2_/windows/SysWOW64/msvcp60.dll

    • Size

      404KB

    • MD5

      bc3b4ff915515cd02e2a3112ffd29250

    • SHA1

      4c31a9ba05e4b9beb998b26cf586bc19b4cb8e9d

    • SHA256

      e7776a96cec56cd207b38bb0a7c4a41516331f636210a16e9712e2ee2fbc3742

    • SHA512

      f2d65218a2f05c472b85fb563f100b9cfaf1685ab157d0bc7d5ea9bcbf03758009c62b06c9364ba87b8514978d642f53f3b5eee40f0a9ad4b47b8537e6f2b9c1

    • SSDEEP

      6144:vBpnm3siQ87LJCTf+aZ2A5v3Xm+3OoxHkC78HbxX5:vPQL7L8iaT5/Xm+3OoxHkC7Abb

    Score
    3/10
    • Target

      $_2_/windows/SysWOW64/msvcrt.dll

    • Size

      335KB

    • MD5

      3845ebe57ad6a4efa5e0194285afaef4

    • SHA1

      c3a85992d3114d6c7bfba5231aefd3a50556ec6a

    • SHA256

      b41c6df12eaa1f12ecb561701a439c6a2c0012497b3233932b3aa9329016d9ac

    • SHA512

      17271d6b0e8350e23754701cccee18c2dd31f139908fc9762b18dcb16640afe2a407ed4f14036dca412503a7d1fcb5a173f37f54a04b6206f1ee0f73e7881167

    • SSDEEP

      6144:MpRCAOnQoV1UA0eBsdrfBIdXZAvSswMonXxFMniF+NrbsYgWGT1B:EClQu1mIQrJIdXZAvDfC6q0S

    Score
    1/10
    • Target

      SWUKey_Reg.exe

    • Size

      24KB

    • MD5

      4c0e759b226ec3648dc7844fb6626ec8

    • SHA1

      332f20d6cad5a4b1d17c7b715c1ee3e7fdcdd252

    • SHA256

      6f1b54173e2e1f32177a02917ad38deb9b2ea8db7aabdb7f1c052c9060139d65

    • SHA512

      2006563bc8bd70f252ee5afd79936624ccef1eed2f45d9389809023657c20c5a474b1fe40ae24d25d778aedae352b7b3521ceb532da0c977c284d860216e4991

    • SSDEEP

      192:9O5Ix3YualCR9vI0YG9cYG9IcM6uxQ/m639dhrg1mDHS1oyn+v+4gsBvOnehovEZ:Z9wy969IcM6Q6lo1oVvakRR

    Score
    1/10
    • Target

      SWUKey_SafeHelper.dll

    • Size

      405KB

    • MD5

      86607d168fa412a18a07be978fa209a4

    • SHA1

      fc92a3f5441f85495b4283aab5d732cdc67b2c37

    • SHA256

      90ce225b171aa529ee41799194b6833725b3daca0ab87091beadd2f22f17449c

    • SHA512

      841a2eab068a4815db982b11692f984d0773f141d03582154b6b89883b2a7ec0857d7b3032aa5e5b1c9dfe6d8c77e1045d93d7569e19739bc90252537c0897ac

    • SSDEEP

      6144:9wWsVDmqbOBfiGSOpcWKdsuYW29L+wT2W2sMmQHW4ZCeh8xCO9AskRG0Ev7M:9wRVKqbaiGrQwyW2hnQG49eGTTM

    Score
    5/10
    • Drops file in System32 directory

    • Target

      SWUKey_Srv.exe

    • Size

      56KB

    • MD5

      4c2f0b298ff5a3dfc6c4224be83b40a0

    • SHA1

      efef634b07a4ad9f380196e72b7110555051a161

    • SHA256

      93e9290e23a74da8e1b9d99bead7384ab328f10b2c32bcbd0219d2347045efcf

    • SHA512

      a15b63253ae12ebcc71f74150b3671b201ce622f3f4961cc1fca674e8f8ae78674d0903d82908d849204a419df44c21099d95c9ca5a9cffd2f4449a59006c1a6

    • SSDEEP

      1536:QWBdebty7f2ku+BeipJiRRR0CiXBXjMRb0tfaog3i:xik2ku+BeipJoYCiXVjMRb0tbg3i

    Score
    1/10
    • Target

      SWUKey_Tool.exe

    • Size

      1.9MB

    • MD5

      efc72e1265ed6361a1a6940df32a18d0

    • SHA1

      7abbe56db8f028d1f70793bba0f50f143bb6cce4

    • SHA256

      319299b6e912baa13a51c56b07d42fb7fc1dc00a50329dff5141c14f2d013773

    • SHA512

      bf1589a707fcea473e64d2d21453c0f3e5af060d8d36629bd4dd16d5a04b701b89205d21adbbf9f5bcba47efebfe07b19b459dd12a73556702e08e42120380d2

    • SSDEEP

      49152:KxYjHMu+eo0dfQocuZDHM5Q5vYbJfGYeXEVoU/o8M8PKb5:aYjH7+ehdfQlcM5Q5vYVuYeXEVB/o8M8

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks