b7572dce6db5eb2433998122271571ad0b7e067f547a44474cc25ea15d4ae29b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

EqualizerAPO64-1.2.1.zip
Size

7.9MB
Sample

240720-fswtwsxfjl
MD5

59e88be9fa2e105e19f98db63f69f623
SHA1

25c9f194af9c4f21d1d82e95af4ae197bddc8cb5
SHA256

b7572dce6db5eb2433998122271571ad0b7e067f547a44474cc25ea15d4ae29b
SHA512

d8ba23edfecdc3908ccf31454d46a2e7625fb409956ec74d79d2f091160afead2641b8af2da5a1e3e7e464ff18a641cc8fb6926928995b07fa0d74a44f78e9c8
SSDEEP

196608:/aiLObVLoKiMgvfwilQt/0EZXpEyhBm/NDsxyvJQP9Y:HLObjhgnwke/bWyhs/NZxQ1Y

Score

7^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  EqualizerAPO64-1.2.1.exe
- Size
  
  8.0MB
- MD5
  
  1e090ac355e1f788dc57fce7e32f0b4b
- SHA1
  
  e4c0c0cc5a489a04bd3ecd75d34c42166f8f9b00
- SHA256
  
  bd0ac49633d02a387f906b5d4f47f9235d229470742d3433018245136756f583
- SHA512
  
  86f68396715aeac7dbddf5f5ad1d193a600254e98cb426e579584ad18a353592342ffba83b2615f62228268d705878e9943638524cf6c0043059fad6450dd721
- SSDEEP
  
  196608:HIT+DRN2KmwwnXkAliZZqKD1d68LFQ/NJ+PqjZOn99:oT+DbRwXkqqZFG8LO/3P9O99
Score

7^/10

discovery persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/AccessControl.dll
- Size
  
  13KB
- MD5
  
  9e7d36edcc188e166dee9552017ac94f
- SHA1
  
  0378843fe1e7fb2ad97b8432fbdcb44faa6fc48a
- SHA256
  
  d52a83c2a8551cebf48ff7a8d5930be1873bce990f855ccab4d7479cfeb22e3d
- SHA512
  
  92c31355cd124ba28c0ff9aa8fa34d5db9db0b093edb8978bc3cf94e1f72d526603d5d5c1e221dcb2ac6648bc420f4df9847c2b1e71046384d827814a77d1783
- SSDEEP
  
  192:y26NwF1FF8GqdxASZlSOnNGGPCqLXUdadWo2FfTCWWqDsYjGI5hBslft8gWNPjQo:I+8vwSZlgaJ3/4/4Q/bN
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/NSISpcre.dll
- Size
  
  164KB
- MD5
  
  bfe060c22b44914e05d3f5367de6c9fe
- SHA1
  
  24c72b0b57b0066a5e8b235104a0502400e44b9a
- SHA256
  
  43041f8540dccbc33268bfbef53037d17170b037f6393e77c21429f303ae828f
- SHA512
  
  ad3a23edd8d62b198e4a2ccf03f6d607dee41fa23fd6f9dfabdc5ee424b5e22a6e00b8a28e50fe177829a2cc25ce05484423e97c682036fc5146e2adf560bc44
- SSDEEP
  
  3072:5YFyk+vtvpoYYPkoYMtXTP5V+4Km//sbJVlseEOb+Y+UT:KFyznYntXL5XKCk9MeEm7
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  a4173b381625f9f12aadb4e1cdaefdb8
- SHA1
  
  cf1680c2bc970d5675adbf5e89292a97e6724713
- SHA256
  
  7755ff2707ca19344d489a5acec02d9e310425fa6e100d2f13025761676b875b
- SHA512
  
  fcac79d42862da6bdd3ecad9d887a975cdff2301a8322f321be58f754a26b27077b452faa4751bbd09cd3371b4afce65255fbbb443e2c93dd2cba0ba652f4a82
- SSDEEP
  
  96:2fiqP7bO2qHkAC40KhvSE+6nrxtMn0iGd88qRLqtJ1tbRhElfRx2:siqP7OHX1Q4xtcf8qo/ttgfRx2
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c10e04dd4ad4277d5adc951bb331c777
- SHA1
  
  b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
- SHA256
  
  e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
- SHA512
  
  853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
- SSDEEP
  
  96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score

3^/10
behavioral11 behavioral12
- Target
  
  Benchmark.exe
- Size
  
  651KB
- MD5
  
  e8e5c1a99b6bf3daec50bcbdc76f81d5
- SHA1
  
  9c477ccbb1a8bba9df8971038addc67cbb792dda
- SHA256
  
  a84c96a9a27648b16a6d8225b1688edc76e29a670b3ea5f6d577aaa35b1b66fa
- SHA512
  
  4eb70576702e81ef9b5c2b109e6271b07eec0979c78c787be529cd5d06a78562af098fdef7f74b328b2dab87bf131c33baa4ac6b75095790e6f3367ad04a199e
- SSDEEP
  
  12288:5W0+y2ChAyy8aBdleP4MaonR6xvAMEihIVkZ8Ti2yyqH31:Q0+XwbRsWNhTi2y931
Score

1^/10
behavioral13 behavioral14
- Target
  
  Configuration reference (online).url
- Size
  
  167B
- MD5
  
  b8ae8a09625a36105f78272736bf5e3d
- SHA1
  
  51fefd1bb3076c704b8d07186e4580cc940c15f6
- SHA256
  
  0386aba953d745c338636da1acba1941be7a5e18042ba74b63c6c047d17e75a2
- SHA512
  
  ddb257bfdc1223e4cf92c1dc06b643bfa228ac4fcd114e53aeb6303d462594afbcf9b8248d4668c6d8ac626dc36dc5c60e24e3edca6633ed943ba0b8ffe8da22
Score

1^/10
behavioral15 behavioral16
- Target
  
  Configuration tutorial (online).url
- Size
  
  169B
- MD5
  
  1e1d7502498c8afeb73241afc10c629a
- SHA1
  
  e68df70b786feb6927c21a576b8617eefa53e778
- SHA256
  
  f655030c56476500551b41bf2afd2545e728aa8674fd254700beeb0a21f1bb19
- SHA512
  
  59f198dcdc8b180be0a9dc50d83c004dcd1b5ec0013951faa451f64454c620f74da9fa675a98ccae713d69bbb2ff2727c66ce862933878b96d0c2596c9ac5bd2
Score

1^/10
behavioral17 behavioral18
- Target
  
  Configurator.exe
- Size
  
  199KB
- MD5
  
  8593b71cc119cdef9468a7b696c7279b
- SHA1
  
  a7ab128068207b81480d3be680fbd3f1a6d939f5
- SHA256
  
  187fe014bd8f7c1a43e6d67f81f9407c917208d73768b33377cbd656971b1710
- SHA512
  
  f9ae7a66ebd31a78937c2fdab41b3cb084c07b2d9c3f9442d1c8d00793abeff78b7d8b019e9d5deb46843040dd5638485d680c246801bfcc1e4fbf6219ab2ec7
- SSDEEP
  
  3072:zPV1ysAiZ8nmgikWn1yJZhQOnKDBprAIxAOw5qzdjvixS:zPV1yiZ8SP1uZyOJIxAOw5qz
Score

7^/10

persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral19 behavioral20
- Target
  
  Editor.exe
- Size
  
  1.6MB
- MD5
  
  7d644a3f13712daf6c4978790b69387f
- SHA1
  
  b65945b18fdd883a305e834b7df16a0044674c14
- SHA256
  
  b908f810951185ebb3fd5a21412db4e3f90ebf64f1aa417ef886ff47ae9794d3
- SHA512
  
  0cd5d115401eee9b770dcbca431da3c27e14e2a45ad71e1619ad4c73f6719b784d080525c03d5199612fe509266fa72d28e21e1f4d12e740f378e309a846a79a
- SSDEEP
  
  24576:k3TTgyqdVdj5vDVlJZyJUgG9NVi9MkeH6wWp1RGIO72X:k3Tfqp5vDZZyJUgG9riekeVc1RvO
Score

1^/10
behavioral21 behavioral22
- Target
  
  EqualizerAPO.dll
- Size
  
  652KB
- MD5
  
  55f1e6b487d6be7575fa9136a2eec398
- SHA1
  
  120affec0d6054f4d01081e8222a29f0782a1995
- SHA256
  
  edd53de48af404502f21d07e33cdd589e8794867aa07c5fd3401aecdcf1551de
- SHA512
  
  26ab1f488295207a916374bd9338b7371f6cf43410121597e04c9259f8570e05bf8f951cc3ecf0e025fd2681371ecb7033bfaa58a6374830a5204a5b76522076
- SSDEEP
  
  12288:fgc33MpQ72DqoIMx77P6f7+5GA3M/K8XL0iICU+JdATxW3UxixaU:JnMuf7+AqQ7U+JSxW3Uxi1
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral23 behavioral24
- Target
  
  Qt5Core.dll
- Size
  
  5.3MB
- MD5
  
  4d317395737d33e007298e1bbfdf99cf
- SHA1
  
  e882905256ab3912cfd478c781c1fc7f046b2505
- SHA256
  
  3b8c025cd54db64ec2600a587ae7383121cdaf16a08afe8b1eac16ca8027f301
- SHA512
  
  d688c60f3bc67ec79d9e1e7e5028f3f924ad14dea47e046c239b42798f338ad95bca945dfa7546ea41958e0e7d672e04b9a79debbb5027a63dd6bc48ccddf9bf
- SSDEEP
  
  98304:71MUYQz5xoWL4QJsv6tWKFdu9CkoAi0XOXcHfu:71MUYQz5xoiJsv6tWKFdu9Cki0acHfu
Score

1^/10
behavioral25 behavioral26
- Target
  
  Qt5Gui.dll
- Size
  
  3.8MB
- MD5
  
  ef976f4141d5251a04566d993354e285
- SHA1
  
  d56f2b611c40d376a757c0d19458952921d8480b
- SHA256
  
  af96aa3513d1cbf13b1e3495fd43a4ace38cca8573703d8eed8a746934102fcf
- SHA512
  
  68bb0f7e0bb323c20e60fbf2f650b0a70c45d4805490465866686af71944e0839b025d00f2776e3c4b77ce9cbd05b51c92a23c2a3cc65ae46203de637da98bb0
- SSDEEP
  
  49152:qGlUKIQ2Nq/7avfy7UPGMPyHXrQHjcB2kDDVrrS19QoV/0VjtngraJLQbY:JlsmIqWGMPyftqB0RQb
Score

1^/10
behavioral27 behavioral28
- Target
  
  Qt5Widgets.dll
- Size
  
  5.2MB
- MD5
  
  c0e681be32b2b0d111da897e4adf2e1d
- SHA1
  
  1977a81e37964868255ecdc477469c6dd0db4708
- SHA256
  
  95a3da80e21f4f104f8e9f578e594c8bdf80d094fd06d7f1dcc461e59435a72f
- SHA512
  
  3a8993abb0a5037120f90e58d2880dc34d841e6197a33620bb8dec0b8668188b0e0f95393e1e528947eeba05065a414495b1fdd527ec0c33c0fd07f5e27dce3e
- SSDEEP
  
  98304:junZLUL3akICW+PBAR7u6CNbZzFMkux1flm1lu2A/xqrLCR2ze/l1cYX1n16wtep:junZLUL3akICW+PBAR7u6CNbZzFMkuxa
Score

1^/10
behavioral29 behavioral30
- Target
  
  Uninstall.exe
- Size
  
  63KB
- MD5
  
  0f5b0b07dce59515f43706eb7d23abb5
- SHA1
  
  8ecf9235fcb772c7dd1cf3beb2f71dc0e8250f0e
- SHA256
  
  bfbc154a8b8058d95e2eb709895f3b7cb6f9eb5c658adb0cc790d48c3bae15db
- SHA512
  
  79da4496f535c234e025e4222aff40981785133f6ce974afe6d3a92dd06fdd8dce30707c0907bba48ed7d4bc796f9bbeb9c192cbf10d3a150f6019219f8c6dbc
- SSDEEP
  
  1536:gQpQ5EP0ijnRTXJcgdLeAyNZu5Mvqw5HLz/64:gQIURTXJcceAZEV5HHj
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

persistenceprivilege_escalation

behavioral20

persistenceprivilege_escalation

behavioral21

behavioral22

behavioral23

persistenceprivilege_escalation

behavioral24

persistenceprivilege_escalation

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32