General

  • Target

    VoicechangerInstaller.exe

  • Size

    5.3MB

  • Sample

    240615-m7e81syakg

  • MD5

    0f8b9e211acb689574f8378dbf17cc87

  • SHA1

    06ce91d37800ac8abcf6ea7464f68771913c2c8a

  • SHA256

    054c39f4b985739cdd29b8ce14c95918ba333b86afc4c489a71eaa08877c1775

  • SHA512

    7fef4785f93f275b82ae6903613cfd563922dfd5bf05a58e452e0aaae5b28b6fe23851515378dec5d8615ec09f6a775ca923142103f0e99a6464949a5a0b3670

  • SSDEEP

    98304:UB5yrFa8CwUl3sO1qdwKYNb9m9ny/JpdDBSedQN+h/2a7qGiKlDLS/RvM3kxp1oZ:UB5yJqw6t5shWJpRF7BiKZ+/hHs5I8

Score
8/10

Malware Config

Targets

    • Target

      VoicechangerInstaller.exe

    • Size

      5.3MB

    • MD5

      0f8b9e211acb689574f8378dbf17cc87

    • SHA1

      06ce91d37800ac8abcf6ea7464f68771913c2c8a

    • SHA256

      054c39f4b985739cdd29b8ce14c95918ba333b86afc4c489a71eaa08877c1775

    • SHA512

      7fef4785f93f275b82ae6903613cfd563922dfd5bf05a58e452e0aaae5b28b6fe23851515378dec5d8615ec09f6a775ca923142103f0e99a6464949a5a0b3670

    • SSDEEP

      98304:UB5yrFa8CwUl3sO1qdwKYNb9m9ny/JpdDBSedQN+h/2a7qGiKlDLS/RvM3kxp1oZ:UB5yJqw6t5shWJpRF7BiKZ+/hHs5I8

    Score
    8/10
    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/CheckProVs.dll

    • Size

      7KB

    • MD5

      62e85098ce43cb3d5c422e49390b7071

    • SHA1

      df6722f155ce2a1379eff53a9ad1611ddecbb3bf

    • SHA256

      ee7e26894cbf89c93ae4df15bdb12cd9a21f5deacedfa99a01eefe8fa52daec2

    • SHA512

      dfe7438c2b46f822e2a810bc355e5226043547608d19d1c70314e4325c06ad9ad63a797905e30d19f5d9a86ee1a6d9c28f525a298731e79dbf6f3d6441179a8e

    • SSDEEP

      96:iqCVh8iNqVgRudZczLiJp2tvgaJOnT/323x3XQUPVAm6yBBECtu7ZyvN:9IhJqUudZkLi+bOni3x3X3PVR6yBBfj

    Score
    3/10
    • Target

      $PLUGINSDIR/SkinnedControls.dll

    • Size

      77KB

    • MD5

      364bb3c9218429dd1315ad1db47e152d

    • SHA1

      3253c1a381161c268bce8c487e892c8e5dd29dc3

    • SHA256

      5f7998711ea856730139c4dac403f11b947ed94a464dc6d2d4b22f928c3a8536

    • SHA512

      d9084068a259acb9a1691d10da8610053d3abdf6dc78d7357d80d1ac794d940478d2b05c3050484680ddee4c832ae30d71a67b2c2978845e298aca48058e01f6

    • SSDEEP

      768:Q0p2dJFs6nYFg0vxrF9jd+IpMCGC8BnmmfJmLVp1aB5tEEThyX7QirbTGgyhTFDK:Q0YsX7vxGjBvJgVTadaXBTeh55axv

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      ca332bb753b0775d5e806e236ddcec55

    • SHA1

      f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

    • SHA256

      df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

    • SHA512

      2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

    • SSDEEP

      192:eo24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol6Sl:k8QIl975eXqlWBrz7YLOl6

    Score
    3/10
    • Target

      $PLUGINSDIR/dotNetFx45_Full_setup.exe

    • Size

      982KB

    • MD5

      9e8253f0a993e53b4809dbd74b335227

    • SHA1

      f6ba6f03c65c3996a258f58324a917463b2d6ff4

    • SHA256

      e434828818f81e6e1f5955e84caec08662bd154a80b24a71a2eda530d8b2f66a

    • SHA512

      404d67d59fcd767e65d86395b38d1a531465cee5bb3c5cf3d1205975ff76d27d477fe8cc3842b8134f17b61292d8e2ffba71134fe50a36afd60b189b027f5af0

    • SSDEEP

      24576:3idS2cRQNb9dUcyezFSja7zEwA2BH6SEUVGDKX68zuQm6wwr5mAPepC:SQ2cRQh9GexmCxBxVV56CmWQax

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      ec62e1a8d16d8f1b0eb792aa26e5de5c

    • SHA1

      faa219618aec99cffb81c312728dc56c1fdc5798

    • SHA256

      193d396fc7be5fed9d585de3c43e23d640c1dce725499f0274b3898c248545aa

    • SHA512

      cb3f3458cf734ab7b964ed25cac87ff2938292eed9caae1305b2e5975bde885f4d8b06d05d4099ef614982cd55d97e9ddc0f13bbe2cdd9fb642d008788ed3017

    • SSDEEP

      96:O7fhZwXd8KgEbAa9PweF1WxD8ZLMJGgmkNp38:/N8KgWAuLWxD8ZAGgmkN

    Score
    3/10
    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      4KB

    • MD5

      f0438a894f3a7e01a4aae8d1b5dd0289

    • SHA1

      b058e3fcfb7b550041da16bf10d8837024c38bf6

    • SHA256

      30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

    • SHA512

      f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

    • SSDEEP

      48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj

    Score
    3/10
    • Target

      $PLUGINSDIR/setup.exe

    • Size

      3.5MB

    • MD5

      f6bb34a27df7b73ef84a3304b20e7f3f

    • SHA1

      b34131154d5898ee719d9d1f298f030269452ce2

    • SHA256

      e4bd75baf65899986814fa18a7b12832a425a856c4b807dd65e447d94d826fde

    • SHA512

      7669da93a821e3b139b2097144e6613a632efa91e14077d935b83b51695dd9a825a7de9b500fcd4df21897a92b699ca97c977cfd3c4a61d19879cd3efe47056f

    • SSDEEP

      98304:LHPttYZbwA2PNbMzSbwy9SbwgRqH5X3ng8nWIQ:LPYby9yqZXXg8BQ

    Score
    1/10
    • Target

      $PLUGINSDIR/uninstall.exe

    • Size

      2.2MB

    • MD5

      698bb95733b4af192c22b7889c17e32e

    • SHA1

      0139cfdb5b948b47f2a6a6d3ae1c9c081b38ee29

    • SHA256

      f8d91a91e99b225e47485e88860f94785cfed85b779ed0df9396ddecb0308990

    • SHA512

      447bfe51725c8ec4417f25b264e7e3eca19b870cbfeb9628beb92bd5f353009a7a47724c4b8fdd3f650c983f6a34d5dbb2531b46fd1e41fd6b1d870c6f332dbf

    • SSDEEP

      49152:78xUcg/azwhoKTqGVxTfy3SYouB4tADBDwSzujFNr:78xUL/AwhoKTqGnTfy3Sbt2N6jfr

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/CheckProVs.dll

    • Size

      7KB

    • MD5

      62e85098ce43cb3d5c422e49390b7071

    • SHA1

      df6722f155ce2a1379eff53a9ad1611ddecbb3bf

    • SHA256

      ee7e26894cbf89c93ae4df15bdb12cd9a21f5deacedfa99a01eefe8fa52daec2

    • SHA512

      dfe7438c2b46f822e2a810bc355e5226043547608d19d1c70314e4325c06ad9ad63a797905e30d19f5d9a86ee1a6d9c28f525a298731e79dbf6f3d6441179a8e

    • SSDEEP

      96:iqCVh8iNqVgRudZczLiJp2tvgaJOnT/323x3XQUPVAm6yBBECtu7ZyvN:9IhJqUudZkLi+bOni3x3X3PVR6yBBfj

    Score
    3/10
    • Target

      $PLUGINSDIR/GoogleTracingLib.dll

    • Size

      44KB

    • MD5

      624a9f37da45b426653a6ae687220138

    • SHA1

      1579138df2bca9d24bf1f30ace8ccdc2e79ffce4

    • SHA256

      ae29ce5e517fa86fc0dbc67c816cb39d568f5c34c9662654d44bffce2b3f1f7f

    • SHA512

      e07a65a204dc253b97c0735f7550bb9b14e3d7ad3d5e7c89cf6dc5753f85e9dad102036c1427a08db27a29c237a886e6c2261162aacdd28e7e188c80f0a3f221

    • SSDEEP

      768:rWXV2fVEC5h9KclMCumc6plPHY4jq7rOZkdhKZVAiSehp9E+8iROA7:HSmh9/BumTlg4kOZ+KzAwhQ+8iAA7

    Score
    3/10
    • Target

      $PLUGINSDIR/SkinnedControls.dll

    • Size

      77KB

    • MD5

      364bb3c9218429dd1315ad1db47e152d

    • SHA1

      3253c1a381161c268bce8c487e892c8e5dd29dc3

    • SHA256

      5f7998711ea856730139c4dac403f11b947ed94a464dc6d2d4b22f928c3a8536

    • SHA512

      d9084068a259acb9a1691d10da8610053d3abdf6dc78d7357d80d1ac794d940478d2b05c3050484680ddee4c832ae30d71a67b2c2978845e298aca48058e01f6

    • SSDEEP

      768:Q0p2dJFs6nYFg0vxrF9jd+IpMCGC8BnmmfJmLVp1aB5tEEThyX7QirbTGgyhTFDK:Q0YsX7vxGjBvJgVTadaXBTeh55axv

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      ca332bb753b0775d5e806e236ddcec55

    • SHA1

      f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

    • SHA256

      df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

    • SHA512

      2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

    • SSDEEP

      192:eo24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol6Sl:k8QIl975eXqlWBrz7YLOl6

    Score
    3/10
    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      4KB

    • MD5

      f0438a894f3a7e01a4aae8d1b5dd0289

    • SHA1

      b058e3fcfb7b550041da16bf10d8837024c38bf6

    • SHA256

      30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

    • SHA512

      f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

    • SSDEEP

      48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj

    Score
    3/10
    • Target

      $PLUGINSDIR/registry.dll

    • Size

      24KB

    • MD5

      2b7007ed0262ca02ef69d8990815cbeb

    • SHA1

      2eabe4f755213666dbbbde024a5235ddde02b47f

    • SHA256

      0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d

    • SHA512

      aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

    • SSDEEP

      384:W2mvyNjH3rPnAZ4wu2QbnC7qB7PnrvScaeYA4CIDEge/QqL2AQ:/75w/OfrzB4CUxuQfA

    Score
    3/10
    • Target

      $PLUGINSDIR/uninstall.exe

    • Size

      3.2MB

    • MD5

      87ddccf3d6174b9e28c85d3832540960

    • SHA1

      1725e442eb960947284984b90b6709a8d7537c19

    • SHA256

      1cc67d488441417c67e6816e220886f336af2230eff4e2f9af4de5cbc776914f

    • SHA512

      ff6fc2e0bbdb2c0c89fb3ccc4d7c1dc2087f3e23a7f36f321b3b8fc8ae9010e393d5da1fb93f05e8ac8d47c30b3fe63c7f0bcce7e34a57050845c7f2540ae4ca

    • SSDEEP

      98304:dPttYZbwA2PNbcgPtOCYMutEcgG5+BH5X3ng8igu:hYxg0WuyW0BZXXg8iF

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks