f90867879e21c9d25daa3e434a25cd0288048a154896f58ec3ce28d3870b9653

Sharing

Copy URL

Twitter E-mail

General

Target

setup.zip
Size

15.6MB
Sample

240725-txwxca1dpl
MD5

6f275e8dedde7f0d475c454df6da9db3
SHA1

8ef7b71463322c4f109a6e21b7123718c2dae598
SHA256

f90867879e21c9d25daa3e434a25cd0288048a154896f58ec3ce28d3870b9653
SHA512

965ba8465c455cf3d85d24cbb927dd1dc9a273be4bae9941193f88e595fcc08d8f09840eb685d0d027691fe9ee8e16454bb275f26a99c16778f3f93113bcd2c5
SSDEEP

393216:e/4FV0uFyRuQ5FdsWyTRncFjDKhT8ejXaI+zmFevf9cqDdemY:e/4FRyRuQ5FdNASKhT8S0yFK9bxex

Score

8^/10

Malware Config

Targets

- Target
  
  setup/7zxa.dll
- Size
  
  221KB
- MD5
  
  04d3e794624a82228a7e683fdf22e182
- SHA1
  
  114b74e926913bb0a588e671025f9eb38e8b854b
- SHA256
  
  db3d0484228ed14ad8d3763f4880d36024fb27b189c91720ff147b92d46bcb5a
- SHA512
  
  b5767971f9075b5e483f9e77dcb50637eb81d70da86d655a230da6ad3dc5337d2a08038261f32e3867fde68fd33bf23a75b50e0381762becb46e859404e78d82
- SSDEEP
  
  3072:+ftOtcS7lCZc9Ltue1C+zV2zUmiRvgWDFSaRPQIDCuPK1gSBvAGfPFjaRv+PB7PT:etViwgLtun+soC1vx2Hr0/NG1E
Score

1^/10
behavioral1 behavioral2
- Target
  
  setup/Default.SFX
- Size
  
  437KB
- MD5
  
  ab1c239d68d65d84ee139dd0c8ce8a52
- SHA1
  
  1a638556de77369151839bf7a570d972410360e3
- SHA256
  
  b83a105dda4806f7ac5e9f3b6546829b37d42d85911d1c4487b1e95bfea91e9d
- SHA512
  
  ea2306628f2079bdf5420c12af3d097c78fb3d3cd90ae2283c6f591e0751325f3af675bb257b812babb4d03f7493e2819b97fca969dc9b5031ec07bb8517ecfb
- SSDEEP
  
  12288:xyveQB/fTHIGaPkKEYzURNAwbAgB2X+t4:xuDXTIGaPhEYzUzA0/0
Score

1^/10
behavioral3 behavioral4
- Target
  
  setup/Default32.SFX
- Size
  
  358KB
- MD5
  
  c5bcfd921f209366b9cfed632b174a3b
- SHA1
  
  332e2aeb7bc2d4491cbe4b994dbb8ff8e55fff9f
- SHA256
  
  476e3f779d2638238ea185df6019e4fcb54b3704ad12dbd051399fcf26e6e1bf
- SHA512
  
  72c0d13fa20a7648074601d5726f02c46ea7e62761f80366c2ebdce40d95568543e11d42907d789864d178d5da73992fc50400a50fc777b1bc02a02f9276fc55
- SSDEEP
  
  6144:pVJQ3KJxNVhbU3y83OI1SFc+gcYjhLPNVOIopJrX+t4rR8o:7Jf/DdUC83OIgFc+tYjhLFH8rX+t498o
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  setup/RUXIMUXResources.dll.mui
- Size
  
  12KB
- MD5
  
  9541f92d0a8dd22d449f0435f4fac330
- SHA1
  
  0d2c38b1196c6fa55b8fef0098d9377c7b7baf5f
- SHA256
  
  786f6f65071ced17e0df8c3bcb29fcc271191019db04b54ca26913d1e59f6d8b
- SHA512
  
  9f441d44ee280da4984ff59d0fe169aa94f739481007536185914274f31688d9d1000d445200a2e56961d7e5cf82e6855478b1c18542b7254475529eaa882d41
- SSDEEP
  
  384:ouPTqgJrO/9Gs2km9C64C9OyLVkyfVvE2g0NTvXvvXs:o6c
Score

1^/10
behavioral7
- Target
  
  setup/SetupV8/IEShims.dll
- Size
  
  454KB
- MD5
  
  a9156290b46cfef5c62facbc06792aa3
- SHA1
  
  d7612152ad3f29ca47aad3b61b40275fa5a11d35
- SHA256
  
  108b203e4f84d67c07d0eb91faac429099578c012ff49cfe2f72d987b6d00e3f
- SHA512
  
  da29261298d3e0ca2b47404ef2dc243fc63ec4f131438af0d6dfe04b5155123d118fdf53933a2f746702fbf2fdf3d41e85ee47d5c20e92a83287cd5b523eac11
- SSDEEP
  
  6144:i5GQl0l+Hz5S42+wA5uPeDSx8l68ArWAAfXXkxbsiCJMHYAz/k:LQmo5S4Pw6RSQ69rUfExbslJMFz/k
Score

1^/10
behavioral8
- Target
  
  setup/SetupV8/hmmapi.dll
- Size
  
  53KB
- MD5
  
  8a6cddcf40441607860950c0c110698a
- SHA1
  
  673341039e559e408c2c9ca518119413e85e894b
- SHA256
  
  10a763b9599282d19757c670cda735946dd11a376209683375a69d7382292df5
- SHA512
  
  72ed705138b91197aff0703976eb043c4378d8bc0dd80167ec7b0b8bfc9bfcdb430398fd50cccbe1ba1b54cad2bba421f2e1917fbd37e320de9ef385658daa4c
- SSDEEP
  
  768:47f5GO5yrqMVwppECZJMj0O6LvOFKrdjciUw0n:49z5yrlwppE1
Score

1^/10
behavioral9
- Target
  
  setup/SetupV8/sqmapi.dll
- Size
  
  48KB
- MD5
  
  abb02cf4f95140471eed4adc012645ce
- SHA1
  
  3651e7be8921661c55ba434e4620f19c455016be
- SHA256
  
  8c3c3ba91869d27872c3b373857fdf49d68e04cda1a0de39289cb56936fb78d3
- SHA512
  
  4b480fffce172015d92424a835f0c2e1431cad41eb459b87a7da54947e749970fe9530921917fbc1155958bf138232deaebf7cc15f7c1c1863468a9ba3896685
- SSDEEP
  
  768:DmuzodxqlL1ilAb+AxSeyoRTY8RYISZpoiq+ff9n6ee2jFgd1PfF29z4J:DfmUwtoRs5rff96OOLPfFCz4J
Score

1^/10
behavioral10
- Target
  
  setup/setup.exe
- Size
  
  52.5MB
- MD5
  
  fb924a28fbc84203e357faa853965195
- SHA1
  
  41815d7b8ffe39e8e31784d6709e551b0efc2dd9
- SHA256
  
  d81fb7571192a384e38cfa45b637118cab1e4f5623a2e2728afcebe85230e39e
- SHA512
  
  9914e41fa060c122f34ac6ae2726c7358ded52fe8d483acfcbf893814c1f10ebe6624442afa0692b41e18b316d1404e12e809acc6b32880a6c856bbe6aa35837
- SSDEEP
  
  393216:ubalLdWhqUsBeI2e/su0p4d6X9RDQrps7p91:ubaFd+qU0eIhso0NX1
Score

8^/10

discovery evasion persistence privilege_escalation trojan
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Enumerates processes with tasklist
  discovery
behavioral11 behavioral12