Overview

overview

8

Static

static

3

AIO [EXTRA...ip.dll

windows10-2004-x64

1

AIO [EXTRA...ip.dll

windows11-21h2-x64

1

AIO [EXTRA...ip.exe

windows10-2004-x64

8

AIO [EXTRA...ip.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AIO [EXTRACT].zip

  • Size

    1.5MB

  • Sample

    240719-zckw8syclk

  • MD5

    40c5558efd0f10c2fc62d819790e2115

  • SHA1

    d62d496dec256483b095e26c7eac10287a0e7543

  • SHA256

    e96e2b3ceeddd6b5759df916e76e05fa95e1d2032b3d7602d0324cd5df82396f

  • SHA512

    bf794ae691f032d6a1c19fa97a2b436e0f0e6e58b1f2e0aa431774f9fbec19376a904fda4a11c2c50b856ada09c6c55c549f9e8b6e64aa39e12480ba2443b082

  • SSDEEP

    24576:EEDJhdaunTdQXsCv8RD6uQ2xBVpXzj3/HdHYImRq4l6Me4czkdy+S7XzTVQTIfg:jhdaEdQ86w6h2xvl3FHYLD6Me4czkd3R

Score
8/10
persistence

Malware Config

Targets

    • Target

      AIO [EXTRACT]/noclip.dll

    • Size

      3.1MB

    • MD5

      34c3df6070393fe67e9a2e113ad0eafb

    • SHA1

      65aacab7e179854f1df14129eef218e7ada2c9c7

    • SHA256

      4a9fd84a235270e428f1a9468c5d584881b6f8f4a13880ee78f2e8708ade35cc

    • SHA512

      93a87f28e11b2485518e8720ee448d2edeaee93cfcf3ee098bca6382e9f31e024356cee7bae515d07da374020c6cadb69bcbc99c4def2c140d002fc099f7c04e

    • SSDEEP

      49152:T+DvustdNfEwbcATRQyISE2YWdvhxOHTpjAO/E0mYC0qwysugGU+AfFm3OsOZiZE:Kjs1DNwFz

    Score
    1/10
    behavioral1behavioral2

    • Target

      AIO [EXTRACT]/noclip.exe

    • Size

      556KB

    • MD5

      e84e4da0f16e40521247870311efd7ac

    • SHA1

      30683171aae1e7dd7288e3b1ad7ef1fbde632365

    • SHA256

      fa4da01ef3e3d6eca87a36ba135e9b2084461a68e975895bc57050f6ab472def

    • SHA512

      0b763636a40bf7bb09521859db1b78ea205bc17a6fe685851a1dce8d3f64a101267c56f706742a7c2dab0e61709924126793853ffa3f84bb706145e6817dbb2b

    • SSDEEP

      12288:VRSNhZBlfA8/C8sSoC+PZE9O2bJIC0fDNNr:VsfA8K8J+O93l0fZF

    Score
    8/10
    persistence

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks