General
-
Target
Everything-1.4.1.1024.x64-Setup.exe
-
Size
1.8MB
-
Sample
240622-wq6t3sscjl
-
MD5
5036e609163e98f3ac06d5e82b677df8
-
SHA1
176db10a4cda7104f24eece2d87e1a664b7fb929
-
SHA256
b2afe799584c913532c673f99ade45113bf5a5b605a964ce9fa837f563b6fc21
-
SHA512
40c4332e2e4132fc7f3a5f0738a67e7725b329c4a4b0643fbc65f5d1de3ca4b6bf7374c2a722ea05f01a5e2ddd458344289fdb39bbb092a0b64e63eb168313e4
-
SSDEEP
49152:W45XjhjuyXlt4+3oNBGsCornEsYwmve86irCrHEOP:W45XtjLVt4tJ/pmNHerv
Static task
static1
Behavioral task
behavioral1
Sample
Everything-1.4.1.1024.x64-Setup.exe
Resource
win11-20240611-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/Everything/Everything.exe
Resource
win11-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win11-20240611-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win11-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240508-en
Malware Config
Extracted
purecrypter
https://360.asesoriaenfarmacias.com/Jhacc.dat
Targets
-
-
Target
Everything-1.4.1.1024.x64-Setup.exe
-
Size
1.8MB
-
MD5
5036e609163e98f3ac06d5e82b677df8
-
SHA1
176db10a4cda7104f24eece2d87e1a664b7fb929
-
SHA256
b2afe799584c913532c673f99ade45113bf5a5b605a964ce9fa837f563b6fc21
-
SHA512
40c4332e2e4132fc7f3a5f0738a67e7725b329c4a4b0643fbc65f5d1de3ca4b6bf7374c2a722ea05f01a5e2ddd458344289fdb39bbb092a0b64e63eb168313e4
-
SSDEEP
49152:W45XjhjuyXlt4+3oNBGsCornEsYwmve86irCrHEOP:W45XtjLVt4tJ/pmNHerv
-
Detected bankofmontreal phishing page
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Blocklisted process makes network request
-
Adds Run key to start application
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
$PLUGINSDIR/Everything/Everything.exe
-
Size
2.2MB
-
MD5
0170601e27117e9639851a969240b959
-
SHA1
7a4aee1910b84c6715c465277229740dfc73fa39
-
SHA256
35cefe4bc4a98ad73dda4444c700aac9f749efde8f9de6a643a57a5b605bd4e7
-
SHA512
3c24fa02621b78c5ddaf1ad9523045e9fa7ccc02d85a0342e8faafc31be2a3154558d3cefcd9ae8721973fb01450ab36e6bb75a1b95fcc485a4b919f20a2202f
-
SSDEEP
49152:GQdoNDZW77g1h0lv3o4MyTW+sWxXigRRlmrK:GQf75A4P9Fo+
Score6/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
15KB
-
MD5
ece25721125d55aa26cdfe019c871476
-
SHA1
b87685ae482553823bf95e73e790de48dc0c11ba
-
SHA256
c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf
-
SHA512
4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480
-
SSDEEP
384:EXsC43tPegZ3eBaRwCPOYY7nNYXC06/Yosa:EXJTgZ3eBTCmrnNA5p
Score3/10 -
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
5KB
-
MD5
68b287f4067ba013e34a1339afdb1ea8
-
SHA1
45ad585b3cc8e5a6af7b68f5d8269c97992130b3
-
SHA256
18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026
-
SHA512
06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb
-
SSDEEP
48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
cff85c549d536f651d4fb8387f1976f2
-
SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
-
SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
-
SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
SSDEEP
192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Power Settings
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1