Overview

overview

6

Static

static

3

CS16_Setup.exe

windows10-2004-x64

6

$PLUGINSDIR/Math.dll

windows10-2004-x64

3

$PLUGINSDI...rl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...er.exe

windows10-2004-x64

1

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...nz.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CS16_Setup.exe

  • Size

    267.6MB

  • Sample

    240624-hsmbkatajn

  • MD5

    dd72264702378e35d1145827603a6c9b

  • SHA1

    9365ecca306e78c1162a4550e4d2f10593a5a3f2

  • SHA256

    152e9b1adde12821f2460e9599d5f42ce08a80e74e032b66fbb40862a0ac3822

  • SHA512

    045553297154304b3cc2faf0e90dab86e0474ccfacedd4209748bd76d6e075748ca4c7136e3006242e8cd525dab94a1184b6af81156e9f0615a09305541d2215

  • SSDEEP

    6291456:znxPbTQ2Efa+OR2tRpmjt/BSu0sQ4N42Iw23nS7hIc9lUipgW18X:DJTdEvOgtatZSzsQTw23S7dyipgW18X

Score
6/10
bootkitdiscoverypersistence

Malware Config

Targets

    • Target

      CS16_Setup.exe

    • Size

      267.6MB

    • MD5

      dd72264702378e35d1145827603a6c9b

    • SHA1

      9365ecca306e78c1162a4550e4d2f10593a5a3f2

    • SHA256

      152e9b1adde12821f2460e9599d5f42ce08a80e74e032b66fbb40862a0ac3822

    • SHA512

      045553297154304b3cc2faf0e90dab86e0474ccfacedd4209748bd76d6e075748ca4c7136e3006242e8cd525dab94a1184b6af81156e9f0615a09305541d2215

    • SSDEEP

      6291456:znxPbTQ2Efa+OR2tRpmjt/BSu0sQ4N42Iw23nS7hIc9lUipgW18X:DJTdEvOgtatZSzsQTw23S7dyipgW18X

    Score
    6/10
    bootkitdiscoverypersistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

    • Target

      $PLUGINSDIR/Math.dll

    • Size

      67KB

    • MD5

      85428cf1f140e5023f4c9d179b704702

    • SHA1

      1b51213ddbaedfffb7e7f098f172f1d4e5c9efba

    • SHA256

      8d9a23dd2004b68c0d2e64e6c6ad330d0c648bffe2b9f619a1e9760ef978207a

    • SHA512

      dfe7f9f3030485caf30ec631424120030c3985df778993342a371bf1724fa84aa885b4e466c6f6b356d99cc24e564b9c702c7bcdd33052172e0794c2fdecce59

    • SSDEEP

      1536:GUZ9QC7V7IGMp2ZmtSX5p9IeJXlSM2tS:T97WSth5lwt

    Score
    3/10
    behavioral2

    • Target

      $PLUGINSDIR/NScurl.dll

    • Size

      3.6MB

    • MD5

      63216695ae786d558abeac2066d6b35d

    • SHA1

      5db94beb81e73f9fb5ca50467f857385028f9a89

    • SHA256

      b1e7fad63ec88c200fa80b7b3ba6066d820cd3a0960c7e0d93b9c562afca6fa2

    • SHA512

      9f72fb59b17409570abdebf201c532d125f293a4160f9ab39f76fa66888077a0a9dbf51b1445a67e6186602d1f916401d700087b7bd486bef49c6c0a7d107c9f

    • SSDEEP

      49152:RoidPHYhsX7OSWbiZsgYsAwJt1XViLLNGWVZk9ArLxj/FRj5NCxWX:RhRHYhsLkbPgrAwJt1XALLPVZPLxp9

    Score
    3/10
    behavioral3

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    behavioral4

    • Target

      $PLUGINSDIR/downloader.exe

    • Size

      203KB

    • MD5

      6922e66413b832878ac33061032d610f

    • SHA1

      0ec966e045149267007cd840798e7b0e0a077786

    • SHA256

      c014b10df32d537cb505efaa593bee22bcb2cd63b1bcd12a7ab44c958031846f

    • SHA512

      2c1ccde7c9bd793f40c3a0c6fc94aa8b8de222ed6eca52ca7249fad79d994200bd48bb1874579984ea74eb2e52d0b7fa7636b6f93fe18a17e76842e84807280f

    • SSDEEP

      3072:XWF1Sss2XaOvu+v7QC2mCAbtoJOBW0rArwrkut57cIrDjy6HyaPKbY64IrHxzMxz:XWF0+XaOvuyycWNrwrk6yabJIrRzM

    Score
    1/10
    behavioral5

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      6c3f8c94d0727894d706940a8a980543

    • SHA1

      0d1bcad901be377f38d579aafc0c41c0ef8dcefd

    • SHA256

      56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

    • SHA512

      2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

    • SSDEEP

      96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc

    Score
    3/10
    behavioral6

    • Target

      $PLUGINSDIR/nsisunz.dll

    • Size

      88KB

    • MD5

      bd97d86d8bd07ebdc8ec662a3f31dfd5

    • SHA1

      5e2b3a1af5ee53ab6d1d6c2cb8127add39ee7e82

    • SHA256

      c31b590cba443de87f0f4a81712f0883ac3b506f3868759d918d9a81f84ea922

    • SHA512

      4575d1ea0d1b2f74df74cad94eae7fdf31c513e5dc6d945e81e0873b99f94a5d81b1c385c71ab79a19e5bb6c00fc5fffec7a3bbfd60ad7de312cbb53d8bcce9a

    • SSDEEP

      1536:uPmnCuZs9reYWvAHvXhxQdJeY3tMCo9NTJwd6aimHr5jr5T51NT:uPmnCuZs9KoPX6rA9Nl2Rrt51h

    Score
    3/10
    behavioral7

MITRE ATT&CK Enterprise v15

Tasks