06a448f5d8d34f922d25a4bf5bf1fd0eea0624b799c68677becd75135abb0d52

Resubmissions

13/07/2024, 04:14

240713-etre5avgjn 8

Sharing

Copy URL Twitter E-mail

General

Target

EEA.EES.v11.1.2039.2.exe
Size

63.8MB
Sample

240713-etre5avgjn
MD5

081492db8db60f8d927b50bac2ae8378
SHA1

3dd151dd5457ebefd54d67f155f2b99c6b3e5e7b
SHA256

06a448f5d8d34f922d25a4bf5bf1fd0eea0624b799c68677becd75135abb0d52
SHA512

24817e86cf8c2bdf5e7b34550f17a76be9d8afd2c13c5081d26f92f7be4962e36abfa59b7e4c46a2344119f7c094916b4e2f9b1ae93d29e9a4adfcae49ece983
SSDEEP

1572864:Erpo841veEuw508ph1bhOnxYCo6mDig3rK89arFG5EElo:Eto8F38XxhqDQDiCG89rOh

Score

8^/10

Malware Config

Targets

- Target
  
  EEA.EES.v11.1.2039.2.exe
- Size
  
  63.8MB
- MD5
  
  081492db8db60f8d927b50bac2ae8378
- SHA1
  
  3dd151dd5457ebefd54d67f155f2b99c6b3e5e7b
- SHA256
  
  06a448f5d8d34f922d25a4bf5bf1fd0eea0624b799c68677becd75135abb0d52
- SHA512
  
  24817e86cf8c2bdf5e7b34550f17a76be9d8afd2c13c5081d26f92f7be4962e36abfa59b7e4c46a2344119f7c094916b4e2f9b1ae93d29e9a4adfcae49ece983
- SSDEEP
  
  1572864:Erpo841veEuw508ph1bhOnxYCo6mDig3rK89arFG5EElo:Eto8F38XxhqDQDiCG89rOh
Score

8^/10

discovery persistence privilege_escalation spyware stealer
- Drops file in Drivers directory
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  [ProductDir]/DMON.dll
- Size
  
  254KB
- MD5
  
  5b4650b28c88ae1e5987419a7aeafe7e
- SHA1
  
  d6dc8f2aaa4111ef9b517024650860141b6aa51c
- SHA256
  
  c3c384947e4ab18d2584994fce7f6bef31837b95971e2b02bc442da02f5d2e08
- SHA512
  
  d7763ffa7591d16cc01fdcc5aa0e2362838b517d6c7729cdd3413d98957179a81358726cf4897c7e790da3161151a6ffda8d9c6db8e295ae40be4ab464926ad6
- SSDEEP
  
  3072:+tC6m7oX/EgDv5FhjQvxji3beDXo8yCHbS7pGLVxddadPfui/N4n+BvvPoAALZWy:WC07vDOhi3bSoiSFGLbddsgogzf
Score

1^/10
behavioral3 behavioral4
- Target
  
  [ProductDir]/Drivers/eamonm/eamonm.sys
- Size
  
  174KB
- MD5
  
  8b01f55c7db2464d3289b9da4ceb0e5b
- SHA1
  
  0296d7dd6578de20f3041bf942d8606d6b50ca2e
- SHA256
  
  c1397e205d4d484cad72a843e71927058b2d75810b700512a11a76f495b8d5f4
- SHA512
  
  1fe46e7a6095333dca7ca3c84ba616440225a0303374c64f136d7deff2d3b8e298ddc9f2a37609f209ba77a233d658b6ec9575826c5d8c13356f1ead057dd214
- SSDEEP
  
  3072:sNzw4jmnjgNV+rkMbDhBggmHF5Zygi7wW4VfCD+0+76mDouajvaS:sNzw46cokvlTNrXS+xJaDx
Score

1^/10
behavioral5
- Target
  
  [ProductDir]/Drivers/edevmon/edevmon.sys
- Size
  
  97KB
- MD5
  
  85485a546fff60e423f52202f2251200
- SHA1
  
  e27546f406e279d85c6448f6c6de2f3f23316c15
- SHA256
  
  341c21511a42e5ed9ef3c5ca4dd86fb2260a5959ef13367f4758e76bfd9e04b6
- SHA512
  
  cc2e58a2871da9d022cf92ef0b3d59f5f0e6bdf48d1b7b05ac7e4eedc4ce86c69b663c7735acc4fa06b73dc5ac2502f1290d2890b2976fba3e1ec2d9ad8ccf03
- SSDEEP
  
  3072:Uf9SQCEVBm5xYomXo4ezaft0TJYknfC0b6Wa:UfwyFoQo12knfRva
Score

1^/10
behavioral6
- Target
  
  [ProductDir]/Drivers/edevmonm/edevmonm.sys
- Size
  
  101KB
- MD5
  
  c7d9df14a68d0936756eab86ad9dec53
- SHA1
  
  a3351f5d8e24eaf02690ca307adad697bcd70fe0
- SHA256
  
  25c961cb2123bb342c93a680ac211a41aedfb24a3fb00c5b49596974d256f592
- SHA512
  
  3bad258f8f2fa6a016e55338a67d20ce2199413f8be7dc7304b440edd987250213ba006c3ceb453bc27540c99e849b3a53ab954bd09056ed55214dfdbdf755e1
- SSDEEP
  
  1536:wR0kCTiX3bxZ0u1K/WXDKOgRf2gyXFED1sD/V7tbexaB5J3z/:wSkCTiX3dh1KGKpf2gyX7D9/hr
Score

1^/10
behavioral7
- Target
  
  [ProductDir]/Drivers/eelam/eelam.sys
- Size
  
  15KB
- MD5
  
  01e6c1ed1267efc529a657f4154ba72e
- SHA1
  
  30a7eb6df1d75fd775fe0fcf34bd1ebc6dfe8e09
- SHA256
  
  df7ee747cf74956eb07bab8281b60e19994c221fff15f5d92c971fc0f4ca1767
- SHA512
  
  eb49527d10df9c9bac26514d17adca31a3c6583483ab5bef78598fbcebb9a63f3aaae87b8f7f30d252d8405491eb2f97cb697314e0a279630770f535dd01ecf4
- SSDEEP
  
  192:3vL8rCvZFuykmIWVDi5f/VWQ46WKDBL+8ZRrKOxHFTe5zX01k9z3A12muZ:forCRFulmns/vNLn1x85zR9zm2mq
Score

1^/10
behavioral8
- Target
  
  [ProductDir]/Drivers/ehdrv/ehdrv.sys
- Size
  
  211KB
- MD5
  
  da37dcdf6a00c9401d775f8c9be935ec
- SHA1
  
  6c815ca3b069e17afb4c74d10c115c5395624bc3
- SHA256
  
  4af265b1aac04cdbb6e972d4c5192367cbd6aa1b3ed7123ae23bc3fc83de62d9
- SHA512
  
  afa59675acbdc0a6446352df2748df874b8b5aeca52466c462ebb800d5201678c5d1bf5d0526c6f4d507d9c27de11b6124a34779e1621817ccc6feff49ea59b5
- SSDEEP
  
  6144:RaNW1k7nZvsmQF6kWsGs9WoulVFvBvZcUTE:WW1yvvxkZVkBt1E
Score

1^/10
behavioral9
- Target
  
  [ProductDir]/Drivers/ekbdflt/ekbdflt.sys
- Size
  
  48KB
- MD5
  
  3c5be658209bd4b1ddb7cd848cf693ef
- SHA1
  
  6d0b7dab9a094cbef7f00775f9c00bd3726e0208
- SHA256
  
  568e2e7fe33392c0173a256708094ed3098216fd16262d2db61eeb2da7a685f5
- SHA512
  
  38a38212a95b99507c60edc61464cd0633923c8939721eafdd363cb945152e22ed16e630225d9d068fbcb1ba4b2330d204379ee96e884c86da25f9448b0a6812
- SSDEEP
  
  768:wsq6kgTH3+Hgrv6I+z49JYitbpoKENAMxVSpvisSwE9zrwf:j53Xoz49J7tbYxWv5xszUf
Score

1^/10
behavioral10
- Target
  
  [ProductDir]/Drivers/epfw/epfw.sys
- Size
  
  74KB
- MD5
  
  7940c322c6960beaeda41fee93855b99
- SHA1
  
  1fdff47245413026f99417ca655575e7a4659aaf
- SHA256
  
  72a503b49b3c294bcbd5270979ac63c1b274e7d1561f6f876326f3429db44d67
- SHA512
  
  6dbf666f9124bd21f1a2952740827116511f007dff2c8d0b3a8470ec8b05fbbb30c1b77f0cb0c5ef902e73efd1dfe7dae47cde5dbf261930a73921dd7ed285fd
- SSDEEP
  
  1536:boFbCnEieC7E/K6Dm5D/MxZIgD5OUL7tbTxqSc54PxzN:boFbQelPZIgDgC3bxx
Score

1^/10
behavioral11
- Target
  
  [ProductDir]/Drivers/epfwlwf/EpfwLwf.sys
- Size
  
  60KB
- MD5
  
  9e9b94bb3ad223d0e83c01f658ba3637
- SHA1
  
  66e7dcc2b5c82fdbe49d73a51aca759deb1a7db4
- SHA256
  
  2fa352355604459b9358f3b1080a55b6f34862037ffb9b82088ec8268fad2e14
- SHA512
  
  42cbd202ffb27832341df7fca206ca65033a0023ffd132bf75f51b1b06da9533b778a122fbdc3a6c8ce27955c78a46f2d28c1af26e73d359ddd78d9b14662928
- SSDEEP
  
  1536:rpcDFbWIH6v9fbwsBvIl7tbBxtN5Jjrz9H:rp6FbW2UfbwsBAlrxr1
Score

1^/10
behavioral12
- Target
  
  [ProductDir]/Drivers/epfwwfp/EpfwWfp.sys
- Size
  
  106KB
- MD5
  
  5165fda782d38eec1b2c457d99164d22
- SHA1
  
  f2411bd922aed95ea4f59772a8af35ca817e8c0b
- SHA256
  
  0483b750d25fcf2f5fa5cf2aa97b3e024a8d22ff768ddb51c4668fc8963f2d86
- SHA512
  
  d1997527896671ccfdd9881885b47ec0f3e90d643bcc563142a3c286a7a2bf22813a102e69212a31bf3fbbcdb44f4e600019ce27d5c52d5a86eba51a2c9b11f1
- SSDEEP
  
  1536:lTd0tt7/t4kraTZdoOpYfqoinakrSzyYUx6vBjeB8EIfl4woY8aGi0P1M7tbSxM6:Nd0nYriyYUx65jeB8lpf8aV0dMdKl7
Score

1^/10
behavioral13
- Target
  
  [ProductDir]/EsetContextMenu.msix
- Size
  
  180KB
- MD5
  
  38832b8b17f417a7e522304de8475dc3
- SHA1
  
  7588bd31b76ebe3002014e0dbcfeb83cd8b342a6
- SHA256
  
  009cf195f5eaf2449c8e38978259dd62b4f1e66d37a5794d48d6cd216225b1f5
- SHA512
  
  b2f91d9775f34049636a1d34242cdced6223468e23faa8ce93a2451a9eab5de422285a0cc4f53209c9e5cf8cc9a9c37275237beb50a6fec383f40807ad106d4e
- SSDEEP
  
  3072:dvb8Rg/zvAbcedKQlH1bLwPBu3fg1rq4HdKgAiSuy1N99:dZzIgeEcH1bLIBu3B4HMnX
Score

1^/10
behavioral14 behavioral15
- Target
  
  [ProductDir]/HttpUpdaterPlugin.dll
- Size
  
  44KB
- MD5
  
  3ff305822b4aa1198f41855acdbacd4b
- SHA1
  
  8445b0a48868ef9db88fc48a8cb889be8170e712
- SHA256
  
  1714a109c6b2edac2ba5c1e789471e27fea7defc8eecf947409e929d90ef9796
- SHA512
  
  5a18322c53f9686b5548bea2c02c4c53226938d101619e18b02ca66d9df293b645b6e0fcdaea68435a975b42dfaab5c628fd6a59a67cb959bd85b22973cdb619
- SSDEEP
  
  768:xkJu/LX0hoHGxNYAGF7gQoPpz7XuYitbpoiENAMxbBSp17isS9:xkALkhoHGxN4FzoPpz7+7tbyxb655m
Score

1^/10
behavioral16 behavioral17
- Target
  
  [ProductDir]/InstSuppEx.dll
- Size
  
  349KB
- MD5
  
  b8838d44ef29a033997646f4b9c380d5
- SHA1
  
  126735987e78ee569988064eed7017fb974affd9
- SHA256
  
  ad68e0732c9417f723e65cae25a837e71a862cffdf32709f0540a61381762629
- SHA512
  
  119fe75ac4f11253e18baebac427b38f3bca60e95d7f42f837626972f8c7d8a6722d294634b66e13fc4251adc933feb268087afe8a103c615ab18b2018f50837
- SSDEEP
  
  6144:tMmNQeDTfEZgRZL9yBGi+u7FYeTMTrRjseDBOkq9r:BfE+RB9wDNoz9Of9r
Score

3^/10
behavioral18 behavioral19
- Target
  
  [ProductDir]/ProtobufLite.dll
- Size
  
  496KB
- MD5
  
  d58a017444c25d7adf66809b5e548469
- SHA1
  
  d431b1dbb2bb7bf3acf5d3edc08268e91c38ff39
- SHA256
  
  fd2a86a1ab908fdc55f201c173cf37c7468da2ce1a5407798e2809f9eae9088f
- SHA512
  
  7fa311911455e5e8f690246add7a0ad875f3d22b9ab31020a6996bfa83efd1fc50c66f299cb7481d08279867d431e10b25809087802622bf6cb8e5aac9704510
- SSDEEP
  
  6144:izDY0S8xgt6tsTuae7nrNC7tQB2jug3WMO8NZ2L7H3/Ets1aW+2m2g3:ifY0db/MOS2Luh
Score

3^/10
behavioral20 behavioral21
- Target
  
  [ProductDir]/ShellExtLang.dll
- Size
  
  111KB
- MD5
  
  174a5e826ccb40a218936b40c8711133
- SHA1
  
  7e11e8fcaf828a53f5bce8019ec502692b18e54b
- SHA256
  
  4a704f1017b135a64cb2bff1a3be75c658594c49f85f7a168355087b8b35c9dc
- SHA512
  
  42c37285a7331c62055e126d367c89914644159d067acee259632f7324db2330b60c0c6ec2606258ac44e64de7d4e52fc538ce92026f13f71aefe0678f351240
- SSDEEP
  
  3072:KGzdNbvLGwYOPTO5Ij5rsubikjg/zwWk0tFCa:tbDGwrsvd
Score

1^/10
behavioral22 behavioral23
- Target
  
  [ProductDir]/SysInspector.exe
- Size
  
  4.3MB
- MD5
  
  b9640065f3d432e984fd0183cf9a1884
- SHA1
  
  41ee6b8b0efa7191ac3a4fea8a3a1322e06c0c68
- SHA256
  
  5f38be9824433c53edf0a1d25e372d80f400c65dcfbbf48a87e2a62961e654fa
- SHA512
  
  0db31fa19198341b43752a6f433b998597a6cf44cd5f17311c3c5c35af6fbc50eab21c78adda9bae9d17f72fe808f011134c6fa581c325237add3dd58ec5b6d2
- SSDEEP
  
  98304:BrDSsEZg8B2kn6S+supggifcaSZODSYEGdsoT1SS:hDSbjaxaSuSVGKkh
Score

1^/10
behavioral24 behavioral25
- Target
  
  [ProductDir]/SysInspectorLang.dll
- Size
  
  589KB
- MD5
  
  2a119955f0bb585f00a4c9461c34ae1e
- SHA1
  
  990656b540405a0134f0d3f7ec5e2bdbd9f455ab
- SHA256
  
  e2f16c3f06e049f987afc709866393db833583b60a853eb962a00fd0e0d80b88
- SHA512
  
  c55f6b5280af974e6ae7d52fba393f051e9f873fb97e296402d34b89d1e658d758d8905b36eca8dc361bbb223125f1c4d87cbd2b8f44e2d4909a0806329b7c30
- SSDEEP
  
  6144:b0QlKchDXq6xjJgSqY9G6ZcHB7XBkhnnsihE:VhDXRq56OkhnphE
Score

1^/10
behavioral26 behavioral27
- Target
  
  [ProductDir]/SysRescue.url
- Size
  
  137B
- MD5
  
  4e040fa2445c880926390572682f8d24
- SHA1
  
  f78a4799347431d16808671e70a9f7dc570f07b1
- SHA256
  
  a963374c43a75dab2139d5702a34090ce4914acef571e29b88054b494c91ee00
- SHA512
  
  1d948240b384d1182d5297987d5d589855347b1e6b249019191ad4d33abe6608544a6bb0c9d66ecb4a76d022a8a89ea1c58ea4f972f598a01ffa5af2f01f6f16
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral28 behavioral29
- Target
  
  [ProductDir]/ToastNotify.dll
- Size
  
  160KB
- MD5
  
  4595ab7b604955dd0e155249e82bc90a
- SHA1
  
  4bab15511e509a0f5ba45ec69eda1fca6f37e0c5
- SHA256
  
  64f4eff8b60e628ff53a5c3379c990ab1355575812e5cde9e0b9b4a62ddf7a5c
- SHA512
  
  a81cbaca3800406fdadf3fb310c61f3456977a8d0316efb73acc4eaed1a91d923dde3bdb849ad91cc47346fd3d116e1a0d68416a1ea9b2d2c3954b98f2a0259b
- SSDEEP
  
  3072:DRGXv2U1tSF8e28Mj9pPjlboRqLiETwI4Rsf:cO626rjTKVPa
Score

1^/10
behavioral30 behavioral31
- Target
  
  [ProductDir]/VAPM/libwaapi.dll
- Size
  
  766KB
- MD5
  
  95d237c120d2056033aadcfd40091455
- SHA1
  
  6754b6582328a742414cc57f714038645079d184
- SHA256
  
  8a39cd0fb9df8da3552eb7eb3e3930e460bb588566d78c40f05b87d878e1dae2
- SHA512
  
  f08e72bf7a5a135abc9cfa36b78eb1af9128e8593df4351d549b31d182f94c1d1f9a6e2ff16a781153690531bbe883c26d73de22c146def20b64a927358e222a
- SSDEEP
  
  12288:qKNliO5Mro+zeMRtVpuSYAkNa1GHqfoADBvGh5ikVKVlhBcNGOQOxbK63F:qKLnW0+zeMRtbuSYAkNa1GHqfomvGjKm
Score

1^/10
behavioral32