6273033dde31d56147096d50f235da716b49878064b94a338f0b8c9d9bd67546

Sharing

Copy URL

Twitter E-mail

General

Target

CoutX-Setup.exe
Size

901KB
Sample

240629-ha37cssfmc
MD5

77ecac00dde81444199df34bcaa6bafb
SHA1

78e292fbd1ad9d2e8c78b3d75013b4ea1a09d3b8
SHA256

6273033dde31d56147096d50f235da716b49878064b94a338f0b8c9d9bd67546
SHA512

521e731852d70b74c8bcfb4d18eeb10e2e5478001c51e41f33e3b46af9d844014dac63e0be33c8be4488377d9f96765017b6769b2059b26b827839a3b3f12578
SSDEEP

24576:kPdPr0nvzHdcdTDbQedZfnff8pkhNNtNoX:sPMz9SH8erfffkgNNC

Score

9^/10

Malware Config

Targets

- Target
  
  CoutX-Setup.exe
- Size
  
  901KB
- MD5
  
  77ecac00dde81444199df34bcaa6bafb
- SHA1
  
  78e292fbd1ad9d2e8c78b3d75013b4ea1a09d3b8
- SHA256
  
  6273033dde31d56147096d50f235da716b49878064b94a338f0b8c9d9bd67546
- SHA512
  
  521e731852d70b74c8bcfb4d18eeb10e2e5478001c51e41f33e3b46af9d844014dac63e0be33c8be4488377d9f96765017b6769b2059b26b827839a3b3f12578
- SSDEEP
  
  24576:kPdPr0nvzHdcdTDbQedZfnff8pkhNNtNoX:sPMz9SH8erfffkgNNC
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  d095b082b7c5ba4665d40d9c5042af6d
- SHA1
  
  2220277304af105ca6c56219f56f04e894b28d27
- SHA256
  
  b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c
- SHA512
  
  61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9
- SSDEEP
  
  192:EyGQtZkTktEQUrJaZfuyCnSmUsv3sY7L7cW8Y6Q86QvoTr11929WtshLAzgSrX8:EyNt+4t7uJalUnGesY7Lt8nCr/Yosa
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  a8c86996c4230c2209f5927f21321377
- SHA1
  
  45ce0ab93cb6a3a594e54878cce05df724024393
- SHA256
  
  110545415a59402635e1c9439acba15b44bab268ed02ad2a262ce12604a47855
- SHA512
  
  69ee73496b916777936b0dddd2cc4a4f916e393f7d0b167cba77a4a239ee1e3f645d9b90dee1627c42a23eb6c3403e4d086546b9f78b3a2e4999c8f92f6a3bc3
- SSDEEP
  
  96:mIt3J2Gl0eVe0+Cfo0UkXt6+o69UiGdPh5/utta/23lkCTcaqHCI:bhE+A0+sF6piUFkAylncviI
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  4add245d4ba34b04f213409bfe504c07
- SHA1
  
  ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
- SHA256
  
  9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
- SHA512
  
  1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
- SSDEEP
  
  192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score

3^/10
behavioral7 behavioral8
- Target
  
  CoutX.exe
- Size
  
  798KB
- MD5
  
  ebae518666a71f94f9466e010bb5184c
- SHA1
  
  0c989607346570877cee14e6be9167e966897dce
- SHA256
  
  eb89facb54c5c9716d1c20e18b7ad89a084f5295333b5576033e9b7129318c96
- SHA512
  
  4269ddc83768e3bdc7f503f064a095276b606bded7c89644e9050dbf357459d74538823d62a45a43f50b50f4cab5928dc387cfc4c4e2ec5c05aeebe46fe1069b
- SSDEEP
  
  12288:UGujrfPsBsOmsBsBsiPRen14KGUPF/+piPuQUdp1byrB:UtrsaKaaA2V/+8Udpgr
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral10 behavioral9
- Target
  
  MSVCP140.dll
- Size
  
  552KB
- MD5
  
  cd0c37f1875b704f8eb08e397381ac16
- SHA1
  
  249d33c43e105a1c36ec6a24e5ef8dbc5f56b31b
- SHA256
  
  d86ac158123a245b927592c80cc020fea29c8c4addc144466c4625a00ca9c77a
- SHA512
  
  d60c56716399b417e1d9d7d739af13674c8572974f220a44e5e4e9ab0b0a23b8937bd0929eee9f03f20b7f74db008f70f9559a7eb66948b3afab5b96bdd1a6d5
- SSDEEP
  
  12288:C/Wn7JnU0QUgqtLe1fqSKnqEXG6IOaaal7wC/QaDWxncycIW6z/yjQEKZm+jWodm:EN59IW6z/8QEKZm+jWodEEY
Score

1^/10
behavioral11 behavioral12
- Target
  
  VCRUNTIME140.dll
- Size
  
  94KB
- MD5
  
  11d9ac94e8cb17bd23dea89f8e757f18
- SHA1
  
  d4fb80a512486821ad320c4fd67abcae63005158
- SHA256
  
  e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
- SHA512
  
  aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778
- SSDEEP
  
  1536:yDHLG4SsAzAvadZw+1Hcx8uIYNUzUnHg4becbK/zJrCT:yDrfZ+jPYNznHg4becbK/Fr
Score

1^/10
behavioral13 behavioral14
- Target
  
  VCRUNTIME140_1.dll
- Size
  
  43KB
- MD5
  
  3b22b2ec303b0721827dd768c87df6ed
- SHA1
  
  86f8af095cf7368ccbff2d0fd6d33586145acd2b
- SHA256
  
  3b792da47040c3b3e0804cdc5153eef4e802b6975963029d8dc360cb824a7b62
- SHA512
  
  79db774980ee132797f7e7dbc0e055b724d8fbf0e4917523b285f918730adfff81022cc6f5e15469b011d55501fd7b085bc070e9ecdfb75c05f4d6622a7f2475
- SSDEEP
  
  384:GRiuauREnUUWU55vZvS05fJjPg2h1RWmbzA+XfAXxy85xH0f9lWrGKWVQRpBj0HP:DJnUUV7xPg4RdPvv2DHkR+W+1CP
Score

1^/10
behavioral15 behavioral16
- Target
  
  tools/CoutX.bat
- Size
  
  61KB
- MD5
  
  9d9de233b39212edd52f376bdabc2b9c
- SHA1
  
  0f0ae692ec22867fbf4ee600efa7a9169f52ea28
- SHA256
  
  f783d2390ba2b2755c6b2467630d1d2703920cb4d42d34fb789fac9789e7bd18
- SHA512
  
  71c5e21745cc30f9cc6720cc9049415a8c8495487f7a9d26717ef6b56b49028f7d80ae1f175762e1ed3382fb6df6ae43f843d7cd1d164dbb7a4a25b677205293
- SSDEEP
  
  768:xGLTOwOkZ6DWMpLcKwtNh60aLIKoPw5PuE3MfFzL2IuGQIGQObWszHPjHv7gBOBF:YacKwXsIKoCuEFC0WszHPbv72+
Score

9^/10

defense_evasion evasion execution persistence privilege_escalation ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Stops running service(s)
  evasion execution
- Boot or Logon Autostart Execution: LSASS Driver
  Adversaries may modify or add LSASS drivers to obtain persistence on compromised systems.
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
behavioral17 behavioral18
- Target
  
  tools/MinSudo.exe
- Size
  
  121KB
- MD5
  
  728996e6f507ee02d606cb9408baa6c0
- SHA1
  
  50a292ee136b57c7d934ea192d9bfc64043fc818
- SHA256
  
  5809182e27bc4145e890a6dbd998a29a24f3b8e161bf7d35cac23160101d81e6
- SHA512
  
  344bdc5a0cc0d0086304dc1599ea855da49da9f1d23f89ebf6ce1baee420e84c38d21564ba432b4ddea14117f6d578557a32773dd5b94a57b2bf180fbfc4bda5
- SSDEEP
  
  3072:u3b3PPXBVXaXqSu7HdCI2/jH/Keq51KB9:uL3H7qXqSu7HdCISjHdq58
Score

1^/10
behavioral19 behavioral20
- Target
  
  tools/SetTimerResolution.exe
- Size
  
  15KB
- MD5
  
  c675b0dc6ce74772093263223e6f560b
- SHA1
  
  b282763914f9b8a0bce4e5e53d37cbe108071a7c
- SHA256
  
  3d5b4d790ffe6d8f0c16b4ddc4dc1b1ed93388c1cb1526083ad2d367309d805f
- SHA512
  
  3fc4ee9e977dd1157e42eb661efeff3ef3a53258056e8f60211066dd7503ddca35d51199dae0fc515de1cc8f6cf32765ca380d035eb0a18dca6a0d83055e898a
- SSDEEP
  
  384:pce13aUgN07Bq+5GjXbtJUmXmSHkON/GPJ24:X3HiMRGjXbtx2SEONuPJ24
Score

1^/10
behavioral21 behavioral22
- Target
  
  tools/nvidiaProfileInspector/nvidiaProfileInspector.exe
- Size
  
  535KB
- MD5
  
  ff5f39370b67a274cb58ba7e2039d2e2
- SHA1
  
  3020bb33e563e9efe59ea22aa4588bed5f1b2897
- SHA256
  
  1233487ea4db928ee062f12b00a6eda01445d001ab55566107234dea4dc65872
- SHA512
  
  7decec37c80d1d5ad6296d737d5d16c4fc92353a3ae4bd083c4a7b267bb6073a53d9f6152b20f9b5e62ba6c93f76d08f813812a83ce164db4c91107d7ad5a95f
- SSDEEP
  
  6144:4sP/zdlaCgMOx9mN1S0Mi11iBFmEobpU0u5p:/P5cCdOHmN1S0Mi2BFmLU0A
Score

1^/10
behavioral23 behavioral24