64af147c68a1e9ab272322962e043b51657da005a827980df1619e0f1e6ec35f

Sharing

Copy URL

Twitter E-mail

General

Target

Trojan.zip
Size

135.5MB
Sample

240620-xj87asseqa
MD5

9377e5c21554235825c41d5afa9d8c82
SHA1

0f0f5381bac2f3060f2261cfa3c27484599d1b8a
SHA256

64af147c68a1e9ab272322962e043b51657da005a827980df1619e0f1e6ec35f
SHA512

114bd091e5e3aa78124371521ba5e1695e304c2042a132c1cee809b1994455f45509fba66fd547901e8c05cf2e2283a652649f33e7fa0da65b7acd2a53ac92c1
SSDEEP

3145728:TFIFNotKZ96G2VEz7oH1fYbEuccv8wyDMWfdOvgfDQXJpIqC:58AEAAAucA8wyDbfc4fcXvC

Score

10^/10

Malware Config

Targets

- Target
  
  Trojan/+.exe
- Size
  
  215KB
- MD5
  
  bb9680f552ef1dc2d05213f02e10581d
- SHA1
  
  deac698089fdcd005fa557a3f1fd72fbc05c7e3f
- SHA256
  
  59d911f4a0361bf996f58008f49f98112ae4539cd58072bdfba98f0c06e4b281
- SHA512
  
  28e366b26a7d48802d23d5caefba58035caa7afce2f1b3adcf371338d301f9dcfc5cfa53dd79e5ecdee4ca12a62c6fa8e0855ba560a1a23f858c04b854461001
- SSDEEP
  
  6144:ktzsb5Uh28+V1WW69B9VjMdxPedN9ug0z9TB9ShTDBFuu35:ktzE5elwLz9TrWPS45
Score

1^/10
behavioral1 behavioral2
- Target
  
  Trojan/0.950095298700035.exe
- Size
  
  134KB
- MD5
  
  aedbbccb355b4b671b260ddae4caf48a
- SHA1
  
  fac537787c1c197c1eeff3776f18286c93fb62aa
- SHA256
  
  f87e7c558f070aba0493468837fcc6dacd76e5cc855a7f460c798af6fe8f0120
- SHA512
  
  09a412edfe005ab34006032fabcf7b12b18c1ff2aafdaa4a551a7da929c866532ff2d544dff55e2d6fbfbb52cca270481c9853652d6299eb077328d52dbee22a
- SSDEEP
  
  3072:s4/hNEFqgwt4AfLKUM3/oY+IUTzrojcbWy:ARATu3/Agcb
Score

8^/10

bootkit evasion persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral3 behavioral4
- Target
  
  Trojan/000.exe
- Size
  
  6.7MB
- MD5
  
  d5671758956b39e048680b6a8275e96a
- SHA1
  
  33c341130bf9c93311001a6284692c86fec200ef
- SHA256
  
  4a900b344ef765a66f98cf39ac06273d565ca0f5d19f7ea4ca183786155d4a47
- SHA512
  
  972e89ed8b7b4d75df0a05c53e71fb5c29edaa173d7289656676b9d2a1ed439be1687beddc6fb1fbf068868c3da9c3d2deb03b55e5ab5e7968858b5efc49fbe7
- SSDEEP
  
  3072:V3LA1++iCeFj0im6X/AXpT8vVMCcHVcdhghUuzzo9Y:lLJlC6j0CX4XmvWHVcd62uo9
Score

8^/10

evasion persistence ransomware
- Disables Task Manager via registry modification
  evasion
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies WinLogon
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral5 behavioral6
- Target
  
  Trojan/0x07.exe
- Size
  
  247KB
- MD5
  
  733eb0ab951ae42a8d8cca413201e428
- SHA1
  
  640ffb3ee44eb86afaea92e6c5aa158a5d4aafd1
- SHA256
  
  52d6d769eb474d4138ac31e05634a6ca7a4ebef5920f8356c1cd70d9fa42c2fb
- SHA512
  
  c7cdf77aa881c5dbb2abf17913dbf645fe88e16fa11fa055392d36ccf936fc43050c48feb631e193fe044123a190f123d2d6ff12234c0ff7c8c7c6e290209d8f
- SSDEEP
  
  3072:xaWEHnqlm+0FEaJSq6+ouCpk2mpcWJ0r+QNTBfZnazJ9k3kxMC+89+aPyXiwQ9M1:cWCMm8aMldk1cWQRNTBhz3Yz/qc9M1
Score

8^/10

bootkit defense_evasion discovery exploit persistence
- Drops file in Drivers directory
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- File and Directory Permissions Modification: Windows File and Directory Permissions Modification
  defense_evasion
- Modifies boot configuration data using bcdedit
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral7 behavioral8
- Target
  
  Trojan/0xc6666666.exe
- Size
  
  9KB
- MD5
  
  8b07df8ab7160c2692e9f86334b3678e
- SHA1
  
  ae11b4de120f9e87a2dbea10a5102ef3055aa859
- SHA256
  
  8ef6ca3e52d30dfaf0df411fc670f899506ca19cbfe1a35c9ff417acf93252da
- SHA512
  
  b69cf80172d82ceb7a3c878167e5e6bfd60e93b2c91afb834241f40a3829a5b57a88897d0e09e4b80a98732e4967d7e689f28ccb4975d9a68acc9941eed4b212
- SSDEEP
  
  192:9+OXjfrOVqKnwzjOhfwN7E5pz6rJoZgW0AX:7TfCVNnqjFN7mOW0c
Score

1^/10
behavioral10 behavioral9
- Target
  
  Trojan/10reset/10reset-helper.exe
- Size
  
  47KB
- MD5
  
  60033da4432b2614f8452a6f47680ae4
- SHA1
  
  ac980dc48fc90a6b1ed383777e55c2338f79e451
- SHA256
  
  1c75668ea50a19a9351d410d52cae0d7937f115df5b0c35367016739113ed461
- SHA512
  
  7e2cdf114194d639acc399c82335b4e608c729be56d091eb912a0613b089e9cace1edc3efccdd3ee85f76156e775d006d2fe53fb13cf8b4cc8cfedcd84f0c445
- SSDEEP
  
  768:9yLqzcQ8zwtHEBbGoaPbs9IKRQ5qo2GLQdJ274ztOyjg5YCtKO:cLqzcQ5kJxWpKRfzdJhIyjg57K
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral11 behavioral12
- Target
  
  Trojan/10reset/10reset.exe
- Size
  
  126KB
- MD5
  
  071bf467abb1d0642e303c5197007e46
- SHA1
  
  bbfff690deff6efc0f52c827f50adaffffad4f2d
- SHA256
  
  b522899e1d860d9444cf8e2bf998c43b9201beeef89e77c182d25a880799600b
- SHA512
  
  b686f9732fd665dd52537b0e68c3498e52253f31adfb42465131ef517148639d6ea3c2b3e38feadd87b9a6373b119f686f268df9992d1683f94c841fbb416746
- SSDEEP
  
  3072:05Mh7vujEbEqPCJ91lCmI8L7xujEbEqPCJ91lCmI843:05cZfKJN5BZfKJN54
Score

7^/10

bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral13 behavioral14
- Target
  
  Trojan/13reset/13reset-helper.exe
- Size
  
  47KB
- MD5
  
  067ea30ee389c67e02378836348f061a
- SHA1
  
  0fe37e9c0bea454a728a36a1cc77b053701c0008
- SHA256
  
  5879da0d7ab3626d8c38b7ef68a241233d3e55032c6a81102c31f75b92c2ab77
- SHA512
  
  84a2b732842b7055f524e62cb18f57afc2b57633df1197ed7857439441d2244f9dc85db4859ed8a924c69cc67afc2d807bc887d4697647cf1b581b9c3bf30609
- SSDEEP
  
  768:9yLqzcQ8zwtHEBbGoaPbs9IKRQ5qo2GLQdJLM4ztOyjg5YCtKO:cLqzcQ5kJxWpKRfzdJdIyjg57K
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral15 behavioral16
- Target
  
  Trojan/13reset/13reset.exe
- Size
  
  74KB
- MD5
  
  105c40b6c9b169d401eae3c243aa64c3
- SHA1
  
  702f9b235603412c71a3f727e9d42d29a34b4eaf
- SHA256
  
  d96400bbe3840a92dbd3d2ee7663a13419bda70a3f49979206cd09f2c5986d79
- SHA512
  
  7c352c6a7dc4321313e087df46835e7d2f2fffe0bdb8787ef196b37711b3f95f701b3b0b1ccf92f616161b61b2d2890c0b8351f97ce8061ac856fa776ef09dfc
- SSDEEP
  
  1536:w64fj+783T7pfXoD+gt6hdHRCeq8CT7QfXoD+gt6hdHRCi:1wj+783TF/ovMjHjq8CTk/ovMjHJ
Score

7^/10

bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral17 behavioral18
- Target
  
  Trojan/2repair.exe
- Size
  
  10.2MB
- MD5
  
  795d891f34890796120931c1b74318a4
- SHA1
  
  9a698435df1e850479f66b08dd8ee84e7473b0eb
- SHA256
  
  327e9f126a7d897239ddafc8adbae981e6a4c00d4d3383846ceb8d2befefef04
- SHA512
  
  77234732395eac75687aeff81d40fc3e7b1f1d7e14b4df9f786f0aa7cc2bee04d5614dbd6cdd04fd310ea455c2747cd2c0a598143a886807e690c2cc01b06aa0
- SSDEEP
  
  196608:LgOzUNRd/74b/Mqe9NPnjRs6j+2ufWvi2DuFg3k7bwanYP9UX5hT84jWR/B:CRd83Klji52RhwPA92584jmB
Score

10^/10

bootkit evasion persistence spyware stealer trojan upx
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral19 behavioral20
- Target
  
  Trojan/3PC.exe
- Size
  
  229KB
- MD5
  
  a5fa59d5da5b595056892a2653e94243
- SHA1
  
  f307ae227a656333f8deb99b8e20e2e6dd966b0e
- SHA256
  
  cb3dd0893f9feda97ab93fff5d607f508c5fbae775b2280a8534c07c0ca4a336
- SHA512
  
  a7fd5f28f7ea176333b3144b05306a2d2729e59088bb8ea3e24ba20b5b414a112522fb539b0f6a00a13e3a87874fc4f4968822a718eb3c77b4d53088dd4aea1d
- SSDEEP
  
  6144:lBlkZvaF4NTB88S1hJp7OdUoIeYZeOzv4npK:loSWNTW8S5YdUPeVOzQpK
Score

1^/10
behavioral21 behavioral22
- Target
  
  Trojan/4mm psy/4mm psy.exe
- Size
  
  6KB
- MD5
  
  529ef7f53e3fd61c1cad2c7ecf8b1c6d
- SHA1
  
  d67ef17f5389fa2e38f2acdf9f703be88b1773f7
- SHA256
  
  aa761ff437cee15e503fd70fda87dbdd04329ac4614477cf4670babd6c2bee02
- SHA512
  
  d996473bee9724bce5293c6bf711efa6a01f23aebdf60926a01bca44fa257eeb49935b4113ee9b65fbbc0d2754689009b9b03ebb4962426c53dabe9f3c2787b9
- SSDEEP
  
  48:0Pzuz3/foXeYDjyaAYqMettsQSaJiTi8xLEcztPLb3b3vr5vEuu6P+65I6FPrSh:0P67TeuaABBDSyst9pvr51V+65vDs
Score

1^/10
behavioral23 behavioral24
- Target
  
  Trojan/666.exe.exe
- Size
  
  6.8MB
- MD5
  
  63c96886aade3b86d982ad249ef7eb50
- SHA1
  
  12a56093ebfa3ba038742ab7e9a472727e70a3b5
- SHA256
  
  db6bbaa7de79fa26489c511fb59e996db796a491f047539fea8ef42107ff3eb6
- SHA512
  
  bcaf4f10292e4b15ab940457f13a917a323a47e03084e4694dab158d4c4f47807080407ceb206945b19a385411b7fb36d80ce39a07e1da7d88e38694b259c06c
- SSDEEP
  
  12288:+Rx0AYhMCua0AYhMCuulE0AYhMCud0AYhMCuf:+Rx0n3b0n3PlE0n3C0n3I
Score

8^/10

evasion persistence ransomware
- Disables Task Manager via registry modification
  evasion
- Modifies WinLogon
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral25 behavioral26
- Target
  
  Trojan/666mm psy/666mm psy.exe
- Size
  
  7KB
- MD5
  
  0094d516fb8b1cd38dbc22320db9d57c
- SHA1
  
  70dec0d081c29461c1a534905fa3ca13f559eaf9
- SHA256
  
  16f61017a179c22b18ef3b9207b1fa4dc8bc242fd36c9e73192b1a20a088e506
- SHA512
  
  2fe0b815f5aee8f7b1f61d69ab8ec9e981b087a05914c64af230258f85854982026303014d997414941ec0c22c85e1ea057eb0b235883156729ce977efdbd3d0
- SSDEEP
  
  96:0P67TeuaABBDSyst9pvr51V+65lssssssso:0y7TqABBW517lssssssso
Score

1^/10
behavioral27 behavioral28
- Target
  
  Trojan/9reset/9RESET-helper.exe
- Size
  
  47KB
- MD5
  
  08ff988efe49eba429c85dab8f882dd6
- SHA1
  
  939a636f16046b8b9cffaaef6b9ea1c9e320585f
- SHA256
  
  597043b14930a51815b0552be6ca19b0558342ba2e4b27ddd5f2573ff18d5f8a
- SHA512
  
  d288b7b052b7c32722bd4381a1efa26dbe2cf4fd4e120bfe61a065333211f50e263cc7e71040eaf516d63e312bade1913ed41fc2d8ef3a9342cb6e97d22ba688
- SSDEEP
  
  768:9yLqzcQ8zwtHEBbGoaPbs9IKRQ5qo2GLQdJvd4ztOyjg5YCtKO:cLqzcQ5kJxWpKRfzdJoIyjg57K
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral29 behavioral30
- Target
  
  Trojan/9reset/9reset.exe
- Size
  
  385KB
- MD5
  
  d05daaa1e1b95fa203891321f2345540
- SHA1
  
  e05de699d799c1366c0d0285a4c0395aa9b69fc9
- SHA256
  
  42785338860918c7caeb035d8f5689e258a1768db1650cd4758ac595a5c6a2bd
- SHA512
  
  fc63d87da773f145482a2d61d1583ba1f4ec76761522092990d83f710c9f282294d1f83948318a37678c5bd5e3f178fca7a07e6c0cd36643ab17b37902997f3d
- SSDEEP
  
  6144:9t5hBPi0BW69hd1MMdxPe9N9uA069TBxq/:9tzww69TLK
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral31 behavioral32