7c0b7f0a258f8d17a0ca27c5e03ce84f35cc3bd433f3a77b1b7fd58f061c8a91

Sharing

Copy URL

Twitter E-mail

General

Target

7c0b7f0a258f8d17a0ca27c5e03ce84f35cc3bd433f3a77b1b7fd58f061c8a91
Size

10.0MB
Sample

240705-tydr6a1gjn
MD5

11a63abfc7daf5a1e02f16b62f1ac705
SHA1

41c6d5a7777a98a84c46307146245ec881485339
SHA256

7c0b7f0a258f8d17a0ca27c5e03ce84f35cc3bd433f3a77b1b7fd58f061c8a91
SHA512

68b49c722ecf83bf085bd0f33639aeb91764084e25ba00653b2f0915291e974618e741325bf9dfbbf4caea99eca1eabb953afaf1918304f9a53eb97624808ff1
SSDEEP

196608:7AcgLO3NhRW+RHdQnGdtMT0MywRD6uWfrs3/N95nLj9zfAxcoINmLNLf:AU/R/R9ptE0Myw56ucuvdByz5f

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  ResIL.dll
- Size
  
  1.4MB
- MD5
  
  ee360e256e2b836865cf02a6bdd9e5be
- SHA1
  
  cd5118ed4363d7fc0027133622dddb37e1c6bbe6
- SHA256
  
  f9be6aea3b674a79872683a6622c3ba77fe628f5a2e7f0a000d379e2a0318310
- SHA512
  
  3fe6b9fbddcf402ebdebbd4bcfbb3a8d4632bb576dcb44246c1e248076c1f09e6926448217ca724d4febc8fc879838d0d378eb7cc9d1922381acf093ee2a680e
- SSDEEP
  
  24576:NL18jX6HrufWRTVl5DzapRdSdRBgF6MP70D16OAGZvEjm5YgWj55Tr52AaUzhW:fr2eVD9dRBgOv+mYTF2AaUA
Score

3^/10
behavioral1 behavioral2
- Target
  
  libGLESv2.dll
- Size
  
  4.4MB
- MD5
  
  e307e977ebb1df8ba0957a412425ed23
- SHA1
  
  e024a7a81e7f485058fec40fd0a745f0d7aecb1e
- SHA256
  
  af4f66e79e0cc1e4254f023cfb7f0140561c7d4e38d9bcf6184e8e69b32540db
- SHA512
  
  ab5f5beb80915385aea4b62337178c6dfa964edfb7e20c22d364c99cd323fa50df9e2c640d7850765e5a683a07034d6be8f61f47f06a8d1ee1f594da804e6def
- SSDEEP
  
  49152:PnBb2OR3KPf/Et3msx8M+TsZ2idR/O0zql9Kgtg6QMsWFxtqhk/bivfhjgrQuIEt:h5qc/622iLAv1NQcoa/bY3g
Score

3^/10
behavioral3 behavioral4
- Target
  
  res_mods/1.23.0.0/scripts/client/gui/mods/7zA.exe
- Size
  
  722KB
- MD5
  
  43141e85e7c36e31b52b22ab94d5e574
- SHA1
  
  cfd7079a9b268d84b856dc668edbb9ab9ef35312
- SHA256
  
  ea308c76a2f927b160a143d94072b0dce232e04b751f0c6432a94e05164e716d
- SHA512
  
  9119ae7500aa5cccf26a0f18fd8454245347e3c01dabba56a93dbaaab86535e62b1357170758f3b3445b8359e7dd5d37737318a5d8a6047c499d32d5b64126fc
- SSDEEP
  
  12288:AwAxBpwU5gU+2/9dB5XlH1YAEa5OLW0TjLWG3rn0Yf5ogmn9X9Rf6TIALr22DIVM:AhY2gUfVH5XlVYzagW4/3rn0Y5zmzRfq
Score

1^/10
behavioral5 behavioral6
- Target
  
  setup.exe
- Size
  
  794.4MB
- MD5
  
  6d95cb153d6806c9f408fa1d17253001
- SHA1
  
  38371c4df014bf03ea0430392202b78319f4b09f
- SHA256
  
  a04defc1f6811ebb64907ad79c63c2ccedb2cba15afca05758f537768da7b934
- SHA512
  
  0ab1800b639709648e82c9370e727999de9b5564107cd41b2d0ff5bbbb6f324a854ef5a5269cd8c3f3ac96c669014b9eac398c8902e47d779027b6726aec95d2
- SSDEEP
  
  98304:dmg6rK+6/Murdncf8kJPBesTcbMl3sjWpoDELiDKzyeByA:doYMKaP5eqcbM5sOLiDheB
Score

10^/10

evasion
- Modifies firewall policy service
  evasion
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  updates/Uninstall/unins000.exe
- Size
  
  1.5MB
- MD5
  
  3ab31d714c50ae078f9eaba7b2497191
- SHA1
  
  45c5e807e459d95618c03a6ded9debe1d70013f3
- SHA256
  
  4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb
- SHA512
  
  f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae
- SSDEEP
  
  24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral10 behavioral9
- Target
  
  vivoxsdk.dll
- Size
  
  3.9MB
- MD5
  
  2e61c567d528d08cef62b718cb8aa82f
- SHA1
  
  43d40774fc9495f9be27f8176b6d1816241237de
- SHA256
  
  a887805bf1286725ab930359086fb3302124f5ff81b2d9f43633dc02b97c7577
- SHA512
  
  17c9d4fe2d03e2723f37534701238688443041fe75ac77e7cfd8aa1b4a3885fb92dcdb23186a7415119e91def9e6fb6fdd27a7cf2fb810a32ed236ba2230d2b0
- SSDEEP
  
  98304:vkp0f3BzK7rh8Kg5IILhzkxJ4dFumlwtDCv49rMe3G0MxVp:cCf3tK7rh8Kg5IILhzhlVp
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Modifies firewall policy service

Looks up external IP address via web service

Drops file in System32 directory

Deletes itself

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12