General

  • Target

    RTSSSetup736.exe

  • Size

    16.0MB

  • Sample

    240624-pdxx3s1fkc

  • MD5

    f57c07115788603cf14320f2632f6668

  • SHA1

    28f8643ec2cccaa623f045912453fc299a48f141

  • SHA256

    941cc44f629086310dba8c9e96ab55994f230eef6917a2e70ec6c9b698154d88

  • SHA512

    c89ceff65565872a9b5b4d0d5eee27707f60da8d1dabbfd584ab08703923ec516d085e4da2be9c733b1908402d91b61af05754135715985fa92066691158c956

  • SSDEEP

    393216:qFBK2BtyEcwROqvt3RQVDDdnnao1aQKT0+FTQP28uci:q7BUEcwRdv9RQJxna3A+VQPzi

Score
7/10

Malware Config

Targets

    • Target

      RTSSSetup736.exe

    • Size

      16.0MB

    • MD5

      f57c07115788603cf14320f2632f6668

    • SHA1

      28f8643ec2cccaa623f045912453fc299a48f141

    • SHA256

      941cc44f629086310dba8c9e96ab55994f230eef6917a2e70ec6c9b698154d88

    • SHA512

      c89ceff65565872a9b5b4d0d5eee27707f60da8d1dabbfd584ab08703923ec516d085e4da2be9c733b1908402d91b61af05754135715985fa92066691158c956

    • SSDEEP

      393216:qFBK2BtyEcwROqvt3RQVDDdnnao1aQKT0+FTQP28uci:q7BUEcwRdv9RQJxna3A+VQPzi

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      08de81a4584f5201086f57a7a93ed83b

    • SHA1

      266a6ecc8fb7dca115e6915cd75e2595816841a8

    • SHA256

      4883cd4231744be2dca4433ef62824b7957a3c16be54f8526270402d9413ebe6

    • SHA512

      b72e7cea5ce1f4dc64e65a1f683a3ef9e3fa2dc45cf421f569eb461f1fdcc0caf4ff62a872e62b400579f567c6ff9fc3c2e6e020cdca89d96015502c803a09b9

    • SSDEEP

      48:S46+/1TKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mLofjLl:zHuPbOBtWZBV8jAWiAJCdv2CmeL

    Score
    3/10
    • Target

      $PLUGINSDIR/LockedList.dll

    • Size

      28KB

    • MD5

      84c93011c323095555fcfcbebab4df83

    • SHA1

      69d6b67f1d73b9cda8397f8e0748b45c91987bd5

    • SHA256

      cf1b3d307918e11f4c90888ef65f9cad0302eabf7235187eaad5764646874340

    • SHA512

      c95008dce262608bee2bd2081d456a98e4a9d2814c0bfdd77c9a74394dd3aca373d57975d2c30be5f9af013772abed0a9b924a4e24e266110821147afa5e50e8

    • SSDEEP

      768:on7n6hKdgWn9Cb22ryBD3fvMkGksfLqo7B:onWhKdne22ryBDvvMPne+

    Score
    3/10
    • Target

      $PLUGINSDIR/LockedList64.dll

    • Size

      9KB

    • MD5

      f982f688c44a109382504be756e54a28

    • SHA1

      0050bf1d09975c9faa34ddf0cc579f3f611b71c0

    • SHA256

      fbe4c84d389b32d3646991f0f59c987d5052ecc0ecbaa4da2bbebd922fd3762c

    • SHA512

      fa0f10819b6a8d6a298a6274073b466ef5756f00e8dc7fdc786e5e0a8fd0dbb2777eb608d213874a92bd0481a363464f2a615bcde9ed3ed13db12ab338a91ae9

    • SSDEEP

      192:oDe6qk8regn9R+MO2Sz4p/sAMMmsGA/i9MWDqX:oDe6grPEMO2Sz4CAysN/i9Msq

    Score
    1/10
    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      6581c243481c0ba91ec1bd9fd93f1c30

    • SHA1

      b00b7fe38b0dbf5576239a8f62f01df7fb993e5d

    • SHA256

      72fa1a91185fda8b68a49b9ebb8d5ddf00f899f590d1e657a58c229f9bd0a700

    • SHA512

      c882c15e1222929369753addb023fe028dd95345c0b29a5a8c0ba00cbdee45f3a7aacafd9d4cdc5fe86e3676ba958abf841801d73361c4630e7f48ab63725055

    • SSDEEP

      96:g8dPIKJhMuhik+CfoEwknt6io8zv+qy5/utta/c3lkCTcaqHCI:tZIKXgk+cx6QYFkAElncviI

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      6e55a6e7c3fdbd244042eb15cb1ec739

    • SHA1

      070ea80e2192abc42f358d47b276990b5fa285a9

    • SHA256

      acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506

    • SHA512

      2d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35

    • SSDEEP

      192:MenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBaIwL:M8+Qlt70Fj/lQRY/9VjjgL

    Score
    3/10
    • Target

      $PLUGINSDIR/modern-wizard.bmp

    • Size

      25KB

    • MD5

      cbe40fd2b1ec96daedc65da172d90022

    • SHA1

      366c216220aa4329dff6c485fd0e9b0f4f0a7944

    • SHA256

      3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

    • SHA512

      62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

    • SSDEEP

      24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      ca5bb0ee2b698869c41c087c9854487c

    • SHA1

      4a8abbb2544f1a9555e57a142a147dfeb40c4ca4

    • SHA256

      c719697d5ced17d97bbc48662327339ccec7e03f6552aa1d5c248f6fa5f16324

    • SHA512

      363a80843d7601ba119bc981c4346188f490b388e3ed390a0667aaf5138b885eec6c69d4e7f60f93b069d6550277f4c926bd0f37bc893928111dc62494124770

    • SSDEEP

      96:ojsvUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3Y/NqkzfS:ojsvWyNO81b8pCHFcM0PuAgkOyhIFc

    Score
    3/10
    • Target

      $R0

    • Size

      871KB

    • MD5

      0a91221306a3298fba8fd1e0d4be269a

    • SHA1

      2ecc9696f03fa694aa0ff01e3658bb24e632ed91

    • SHA256

      7865c3e4003778ced6aa3ebcb7fad83421a45a13eb43ea2a5ba303d8e479a4b7

    • SHA512

      01885ebb32e0b4ed703341bc083f721393ab2ac1663ac3aaefcdd31990bca4a103e88afb631041bf1a565cb328fefbe8d60e1463f19f9d33f0b0b1affda64045

    • SSDEEP

      24576:huBpXNDkxDRsX1sUsJ7mq/ZBx69v9IbzehK9Ko:hqBNgJ7D29Ibzec

    Score
    1/10
    • Target

      Codec/rtvcvfw32.dll

    • Size

      871KB

    • MD5

      0a91221306a3298fba8fd1e0d4be269a

    • SHA1

      2ecc9696f03fa694aa0ff01e3658bb24e632ed91

    • SHA256

      7865c3e4003778ced6aa3ebcb7fad83421a45a13eb43ea2a5ba303d8e479a4b7

    • SHA512

      01885ebb32e0b4ed703341bc083f721393ab2ac1663ac3aaefcdd31990bca4a103e88afb631041bf1a565cb328fefbe8d60e1463f19f9d33f0b0b1affda64045

    • SSDEEP

      24576:huBpXNDkxDRsX1sUsJ7mq/ZBx69v9IbzehK9Ko:hqBNgJ7D29Ibzec

    Score
    1/10
    • Target

      DesktopOverlayHost.exe

    • Size

      76KB

    • MD5

      7057cab5e1d3d38d3d5a1f8f2f0cd7ef

    • SHA1

      fa9d1eb814552f2dbfa4843f25cc6403e423473d

    • SHA256

      d594b3870d81ffdcbda2cb630061cac915d239e921b4af7bf19c4fcb26ffceca

    • SHA512

      d3b20f7aa0ecd825c80e6516e01e142613ebac2555dbacd9e16b5b3a30eeeb3d2b95492278842360f65606a6588fe580a0976571e9439e48eb0d46686a0ed53c

    • SSDEEP

      1536:QHyIDtuLJ+R3LJ7tC3CL3xNOK2Rf+nVszNDtq:Qntue7oyL3xN32cVq10

    Score
    1/10
    • Target

      DesktopOverlayHostLoader.exe

    • Size

      25KB

    • MD5

      d9ff9504da8b627b720fe8f62f3bd24d

    • SHA1

      636b35abd84344b437b24efadd175f2c8bbcb18c

    • SHA256

      57dfce7a5cfe97578a45b35731a327e88b22fee0dbc4ec0b4dc1e919cc94e12f

    • SHA512

      9510198e016a52da3d231ce4b8a0a1d55987454196a99bdfa998d25d530d4c46646f141ab13ee38a260c2a069a5d07d7d3110e450356b5bfe2be72e44f77d672

    • SSDEEP

      384:0UvYJrPjoYTYNJVGzaC/uVGBkNl6bCIN6ki2ApxiRggivcV7Mp:0UvYtcYTYXVFWkNlTD2ApZL07Mp

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      EncoderServer.cfg

    • Size

      89B

    • MD5

      d81d3a63c3597a1ac1f61e7862e174f1

    • SHA1

      416c43386386a8916ae80482aacd5a998e9d4e83

    • SHA256

      d505f1850d38d5d6b5d4924cca0f7ed679bbae6ae1ecd8e5c24257fce01f602e

    • SHA512

      72188bb3629c4938a5b1c93e5be7b8fd87ed3ca946feccf36de4b3acb999585b3edde4bd517a173c32774ce46492bf94819e5a49350135ebb370648478685f14

    Score
    3/10
    • Target

      EncoderServer.exe

    • Size

      72KB

    • MD5

      c83df868c43bb65744f1dcc5e53b1355

    • SHA1

      b7b3dc21d2a1e67cc498d97b4b42669d6a8c65bb

    • SHA256

      cba3059339768ea42be1e14c3a705f71ebddee41dd2c76c9f41c94ad248ea56a

    • SHA512

      f4e424f8541f22d6dbec79b44fda912815e50c3e225b0ea08f07a9b9da5135b71416ed68dc9c8db05cdc2dbe1352c04370164d83d6d9c708f25381b4f8c41106

    • SSDEEP

      768:6wsRB95r7TLh/8APUHoRGHNxWtHokViHfdO/YrNCWkNlTD2ApZL2:6wsHTLhxcHo4HNxQTVes/zNDt2

    Score
    1/10
    • Target

      EncoderServer64.exe

    • Size

      77KB

    • MD5

      813f7094987655e2c6846eb1188ab420

    • SHA1

      37fd226110dbbf92998c9ba5edd408a5b472b671

    • SHA256

      f1ba5943a9010e879dbf832cb6741dae3fc92e19f657ce69335ad904fdbdeae4

    • SHA512

      c09759c67490647b2813f46570f865d9619bfbd676311f35b15b2e35f99dac922e860539bf74bdd796a3d1171c44db52f48c1ce9ed974e31f860d7f4fbc54641

    • SSDEEP

      768:RCf7sfo4g0aL4aqBxRVldx6rw909zLt6iY1jzd+Pw6iY1lx7SdLjMu735iHfdO/7:eASqteV18zzdcZVxaFr5es/JNDtnt

    Score
    1/10
    • Target

      RTFC.dll

    • Size

      72KB

    • MD5

      e9257c5379c36eba7e8f301472bccc88

    • SHA1

      2aa90a5d69753df9d899d4d8a27a1d19d51b2c1d

    • SHA256

      8e2e899f029ee75aa583597566f182f9a3cccd2e9dc4d60ea371efb98152c077

    • SHA512

      cdb2cc5216d41c9d9bfb4b82d99c19dec5cbd84df16c8ce2b130e9297ca059db843db441c0fa9c68ee8dbe3b5597c52933729204b7f92406f9a4724300c5d8fd

    • SSDEEP

      1536:y8Hdxz/ItCFzDGhS5bh7SOXpY9YG3qxQRhus:X9Ahya3qxQRhu

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks