General
-
Target
x64__installer.exe.zip
-
Size
32.8MB
-
Sample
240801-z3jf4a1bkg
-
MD5
695e35874dc99730395e1c576ef3359d
-
SHA1
ecb67cdf501d63586f8cbfe4a1969b6f6862b1b4
-
SHA256
6cd928dbb06199acd086e5cd97c06ce8df59f3e1f6a4e0e021f5a9899c28c6a9
-
SHA512
8dbfa9303fee9167601e81f4e471ea8171088a76ba1ba34b19263e14b6a1c8a61743ee62808e594f794d26be890791bba523c69332cd8bfd5bdebee6836c03d0
-
SSDEEP
786432:GQ2i6o8P3tz7/N4EhnP25ugHOM4gi90roTTXqCwv0MVyDZnXDg:r2tDPsj4kronXNkbEXDg
Malware Config
Targets
-
-
Target
SSShim/CfgSPPolicy.dll
-
Size
135KB
-
MD5
d1e1efe9e439d921330eac0e93f5bacd
-
SHA1
7f8d6eabe7f806b6bd952c1ec55b30246425989c
-
SHA256
c59f70d7117d0ec9deed3c2e5f4d461bfdb07d2167767a861ae151d1e79a3a9c
-
SHA512
b77b44626cdfb445f7d6201d91b5830d7afe59753c94bb8bb1357c4037ff39274556705f9514bed7e18bb93a9f6db718fa68a105c1cb4432f2f3d63cee8aa766
-
SSDEEP
3072:QdqtXtatlmXczzWBVz4bio0aYWtu/SHuVpWzsK0qkCu:9/atUXczSBB4bN0aYwHaWzsKj
Score1/10 -
-
-
Target
SSShim/ChatApis.dll
-
Size
773KB
-
MD5
16e7ddbaf919eab658cfdab80a33c49b
-
SHA1
78a6608e0e45db7e7586440d074eb333ab0868e9
-
SHA256
c09c38713da37b9b7f245931edce389db9bd7275989f4198fef645a3b10534f4
-
SHA512
81239dfb9cf05fdd33adb371fd624de778d3113a0823a5c24ba2d9511eea93d8831374ec15a1c8e6d06c9b69d0f1904fa2bc8726c37ec6211636c9d84adddf79
-
SSDEEP
6144:wVbyOmsVVyBpvGIdEYtQzk07QSaO6l5NWjnjXPlO85ChiSZpzGhtMQ7F5dVyamwl:wh2vmDaArlOv6L+amUrtI+LKHPyG
Score1/10 -
-
-
Target
SSShim/SSShim.dll
-
Size
127KB
-
MD5
87a9f6512140d4e8cf244004b80ee73d
-
SHA1
e836041852dba214e9e2f75a349628b92280e8a1
-
SHA256
b7b7a2499f0ac528d925e70a277bba8afc9d7cd226717425133fbb00f1f54020
-
SHA512
65837577fddbcd01d7fde92afaf7c4acc592e7fe1db6294cfd6c52486996bf43969b1bab22b813f6b0f4d2a302d59cda3138f05836e41c2b5cc8c8c3b9ab4102
-
SSDEEP
1536:bRQ3PMfYa5lhXbqkomoXQXMDwLtaF3jCmuKFI/GGBmUCAuOxmN2qw4P:liUfThGmqo0p3jCRcGAAuOcDw4
Score1/10 -
-
-
Target
SSShim/computecore.dll
-
Size
662KB
-
MD5
bc9391ffe76bdf405f7079f557bd41f4
-
SHA1
3c798a8c4341a3d5451a0aa9c67d75ee2de66d0b
-
SHA256
c2107357edd94c87361eb2272f6ff0ae8fd07af201f24fc5f841ad517f95f6e3
-
SHA512
90a4f5660152c155c9dc68e68460e041d17672ee7ef50d43e6ca1e87494662c175305a85485080aea836680ddab7004675efc4f0549b1b78e179e664913e1537
-
SSDEEP
12288:+DLOj3m2QZEEYw5uVzkP5sx+RlB+oXXVr:+Dij3m2QZEIuosc+oXh
Score1/10 -
-
-
Target
cmdial32/PrintRenderAPIHost.DLL
-
Size
734KB
-
MD5
b6a23785dceea13673d3b503f38f6198
-
SHA1
4d61186296a7ddf4e72d9b218211565126538fe7
-
SHA256
004bdb9bb89fc9bde6dfc59cccde4ff4e07b23e26ef22a1327e06ab95a3acfd8
-
SHA512
b15f38d6c10d829eedd0a1f412605f5f774f620b6b3509985ee34fa354324f683dbf9cbbd4fd9e3caa44c2dc4b48ab6cbaa0d74716f9bc7d9328be54237125d4
-
SSDEEP
12288:GgGPQTPhKAb3pYl6dmVSL25UvpWoM3LNbA4Sb4lX4aD6N3Wrd:YPQdZ3ClZUvpWoMZcOIaD6xWx
Score1/10 -
-
-
Target
cmdial32/cloudidsvc.dll
-
Size
105KB
-
MD5
1c5bbc2cd8198622986f5b0028813347
-
SHA1
e9b7dc1d5c132aefb3dfe9122bce5d7ebafb3f03
-
SHA256
4d37a875eb3a7635c66ffc1ce63352fddc39eccfb737ffc6cf87e8ae2f741288
-
SHA512
4f95324c1dcab4b90bda63d5d4644b954bcd758bc30ba00de55dc838a59ba8fe1ba3c8d3d63139d5d8cf80995b0722c8ec977c33d2179c381dad9c349c9c3328
-
SSDEEP
1536:LWJ/T6AArwgxS386Oj1OSiXk6DsH99fIzMuu4K2SyIBFwAN3ep3tM:6wrwgSMfBOC6oH99iMuw9yInwx3W
Score1/10 -
-
-
Target
cmdial32/cmdial32.dll
-
Size
568KB
-
MD5
f28c417124accd9616c60bd10ba7ef0a
-
SHA1
f4ebf56ab4ba136fd952601d689232f0b5dc66b5
-
SHA256
49a024b703521eaeedeaf246a133e1d41642ddba921201f1f39dd89d0f2fcac1
-
SHA512
ce3ebd4870fc4303e7c49bf9272bffa07a370d1963a0250a78d1a57b2284366b88979769d56e656b1919841fcc47bd48e281ec8d9ef8887f69a99c2757a34807
-
SSDEEP
6144:RIyJ5et/uQBeEi8DBJ2qMxpmRON1/dU+BBTWuBNBNkexawATF/rGd37CjWiE4qbY:mFiEBJ2FUON1lUMFMwaKTow
Score1/10 -
-
-
Target
cmdial32/puiapi.dll
-
Size
200KB
-
MD5
342a6c69a9ef0c2f65008db588fcc4e5
-
SHA1
73a00428eb34d29e40a53d7e802f4344f6054bda
-
SHA256
23671ee477218f39ec3aba59c2f4ad3e0f75b88c38983b23325de61043224082
-
SHA512
11b23506c0f53c134c338450ce10d235e6dd415a01baac5cfee364fc0086692f5cec85c297796eadc28a2ee9d46f9e73e8ab7f7e12e7f628cc3056e37f486297
-
SSDEEP
3072:nn0AEZCtGLrr1SKGZk+dupt/+9u/QZEfomswlNK4AHn:n0AEZCY7G2Jt/N/QZgsOK4AHn
Score1/10 -
-
-
Target
dcntel/DafDnsSd.dll
-
Size
47KB
-
MD5
4a3be79ced4556bdf5f277d89377aa82
-
SHA1
a273e7ed8073a99e0568b254e00dd3e2696b7fee
-
SHA256
e17d2a9da24b9ff6708d9bbc62a8fe03260deadb17921defccde345787e55d82
-
SHA512
94801f525e950b90dc5da227e3bd0ad44a0d179f0dbc79a567bff6b1ccbbf7a5d31608826147a3f1882ee108b7522ae90b469a2d16b9b041408770278741fd7b
-
SSDEEP
768:EWYSJXbwjyVNktG+s3tN4il0aE515+EUNr+W3ksAPZ6YH5kYBGnm:QNjq3HO1gyP5H5kYQm
Score1/10 -
-
-
Target
dcntel/DuCsps.dll
-
Size
114KB
-
MD5
d13e08e9142678ee63196ea90b6a55d2
-
SHA1
f4940a96d27e68c3d0b87011ab7e986a75a83dcf
-
SHA256
de89f27aa70d915dace8786fbe0baf942a5f141826b97fd40cc1da9511d337d4
-
SHA512
85dbcf0ad265b88cf94067c80ec0b2fbe7f23bf8140733f3398adec0adbae57847a5552d4a32a3b04c00a1c478bf5fe8f01779aaf2f63b5cb4e7334bc00a2d31
-
SSDEEP
1536:vkJzmx3ZqU4VYHH0ox4i7Z/yws+TUGshJxSZroqc8Y6jhrwM/b1bNy1hVoGC3rWR:vZ80Rd9fTU1A8ItrlzpNy1hqGC3O
Score1/10 -
-
-
Target
dcntel/dcntel.dll
-
Size
768KB
-
MD5
34a0c0ceee88cc435a273253cac4ec07
-
SHA1
bf66c56aecbf52d26435ae2c85129a909dc6a8a7
-
SHA256
86eabe6da51fcf15428fd945492e27075721e3d857c987fe1a830a0f6f7dd4c6
-
SHA512
2f5d69938cfedcf5b3c5edabf181f3cdb9525e1604ec5ed262407217ad8c18dcd6e649d5ade95c9535809527a5a0c83de6f2cf9859b4dbb7047d2e86d502e1e9
-
SSDEEP
24576:LHo2SKj92XYJWOKMs8cPbM1TjRQX1cs2vbF:Lr3yM1s2vbF
Score1/10 -
-
-
Target
dcntel/kbdnecat.dll
-
Size
10KB
-
MD5
c7c5181427369a928996260bc1e36c74
-
SHA1
ff8899537f0b282822447e07c011f5ea8561df22
-
SHA256
664fbdf4f6ad652e928e39618cb959801297a20104e98a0454b0bb58b029f434
-
SHA512
cd63e52be3ce3b5ca80775a7d97fad788f9f5419b0af09940be36a16bccadac471b65136dc1f4e76b3652ef5f3f36bff8fb7aa0a2edf60f3325936708fa0a991
-
SSDEEP
96:iuZouxyK70GhPxIJ1vvbbVM90yMau934ou1WlhWw0:aMJIGPaJtby9Wf6WlhW
Score1/10 -
-
-
Target
setup.msi
-
Size
32.5MB
-
MD5
d6da2042931d97377d04fb375384618a
-
SHA1
d7f61f2366e8079d49cef1b018435f677ac53142
-
SHA256
27d0d02a0ed499ed981b87e7debf3865a30f5ff506dac0fa42e2393271d49847
-
SHA512
fe52bdc8d9d025e58b8d387ecf2bbb0935cd4f279b3fd2fb7a2c9de1e8c206b6ef8c064fc9ee7d58977901ac3e380605e219e3e407a04cac92f266596952fbb9
-
SSDEEP
786432:KRQVUyTDXySTjxA4Ztx2+G+N0WYQYBXPByttH+dktHEDv0yU:KRQp7xVLYjsp+ikJ
Score6/10-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
syssetup/SensorsApi.dll
-
Size
407KB
-
MD5
e5d1e8fbabdbe5c74777d0ac4c426506
-
SHA1
bba47a9e25b32320cd1936423dbf926864bf90fd
-
SHA256
349eced0b6eeb7d3ace7259a93d30ebc2823b128be409a87a712709af9bb140c
-
SHA512
3a0f2ba991de7c3fe7af13bdf0c3edb0c847185f51731dfe28bfbe6eeaa3e0ce5346af833b950f39a46bd4d021ede71224a90592519af6d1667a8ef064c02fdc
-
SSDEEP
6144:xzEG0WxoKAQTrfBvjF8VcYGNfelNz2TgYlQhgppm739UL20KcG8ZKXvSCoV:xzEGTW3Q3FZ8ONo2TnlJppmznmK
Score1/10 -
-
-
Target
syssetup/sendmail.dll
-
Size
144KB
-
MD5
e8f390109332233f0d58d30675916306
-
SHA1
8eb6649a252f49db730165885e18faa01b0669cf
-
SHA256
65570c37c9f15c742ef64bfb16d09a5679b1a4648036f0e7688e067daf065097
-
SHA512
04a08c430107cb13e268aa13cfe0d7d3a47d28b85b830ba64e6aad3f1cbf229801bb1c793f51462731511f1465a40ef3332480400a9b12c62315187af1d2b8c8
-
SSDEEP
1536:g5AKIc+5W38vl11d+ItKUvJ5TGL1tsOmslzaJtgBPu5SyS27ON:NPjl5+ItKUh56pyj2u5SAq
Score1/10 -
-
-
Target
syssetup/syssetup.dll
-
Size
19KB
-
MD5
9c19c80668ca9f0146ef4d2ba669c628
-
SHA1
6f71ee29229fc0a3602297e96f602914b20ce1c0
-
SHA256
9268f6a26d8f2a82344680a95c241be06ca53f27bc266a4c8d1274d4a7e128fe
-
SHA512
470dee5ca0d0970c0bdf26f9f595d9dd213bc4641190dcd69fbdc13e475d1451fed9d2cfbb1b9112e3c7ba1103eb3a5e5e40f94fdf0ac5e1993e90beb3b46920
-
SSDEEP
384:02GwAzIhh/MOLqyoOEhdZ93Wh2lnqWUnW:h0IUpnzQSY
Score1/10 -
-
-
Target
syssetup/vcamp140.dll
-
Size
396KB
-
MD5
e02baf8cf42baa9c39ddec9a6d573a2e
-
SHA1
7a43c3f407593a842cec29ec42a02ddcfa69c3c9
-
SHA256
1b02cdf81bda25b73d21eb38fa56c4c3330b86399fdd3385078312200a44f3cc
-
SHA512
63ade867874c7ce1eacd40084190ac87438433602fdad3eeeac6fcb57e43caa01d40a878036cdae858fa162cc40df006a1ebaa11f3461cee70b95ccb0c940f15
-
SSDEEP
12288:gn8TPix8G11laDuCwWDwvEX689X6dw1CBvB:gn8TPI11laDuCwWDwvEX6M6g0
Score1/10 -
-
-
Target
werconcpl/Websocket.dll
-
Size
46KB
-
MD5
5c9910facddd00db2c9a932461d4818b
-
SHA1
66559bd8d4941d628dd5404b59abfa43af876822
-
SHA256
10fda14639925940bfd4c410db69cb491c4b3504d9d4b6d06dbb01e64f885fb5
-
SHA512
f68322f9bc0f07ae01e7681ef956dd210e6d115c135db8f90cbae0ce2f448742511fd3dac0b0a1da17ae2d182715442386b21b1a1be978a7ac7c45d845c99437
-
SSDEEP
768:Xjgijw9DkwhmEIlLcde6Rl9Db9rhJtkF/TBdnPETRUw4LdhcEM47iI6PE97F:Xj7n0ld9rm4w6r4mI6PE97F
Score1/10 -
-
-
Target
werconcpl/imagesp1.dll
-
Size
2KB
-
MD5
08b119c2db5ecd2b0b6f502487f3688b
-
SHA1
def03a82ee71cf4727a8ba44284b676beca733a9
-
SHA256
494b5be61b561db063677b15fa0093efde12edb921fb2b6fde8db9c50c5c9f47
-
SHA512
b45581483c3af08f280e16491890fdbfbd7ed7c3fa62ad5a0acb10c3530c79221859565d5a8afb2eee2f649b83a65cd19ababe2041e5b11e5f87ce01f67095da
Score1/10 -
-
-
Target
werconcpl/ndishc.dll
-
Size
98KB
-
MD5
c8c8387c47401127eaeefecd9286b950
-
SHA1
c08c6caf1965c02878e62b23fc6ba46fa7c574e2
-
SHA256
95edfb45ef1715b93c685e691469e3f717fd5728df0226eeb551cace468ac1ef
-
SHA512
ecc9c9d67a5d2164b5f8f84e029eadb9a993d837c6b5e5a8738831c23c82c863d34ad10367fae73975fe57d32a7b62cf07add72efaf2b56c08d6c799710ca531
-
SSDEEP
1536:xFUYu1IaVyGN8RWHS56fJzLid3vE1n7E2Ro5LZI+yf7+lLuzdFzcREo:xFUVI6By5mx2/UA2RoHI+yf7gazzcRE
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
werconcpl/werconcpl.dll
-
Size
872KB
-
MD5
63c980c461e4ae90a17cab8653d0f962
-
SHA1
3dd31a5e24b1ce6806ab87658f8214f8126f1bc9
-
SHA256
dc93549350bfbbb94a56f07c397170cb2619e4a42f63161bb68363ecab620fb9
-
SHA512
ddedf9693b6348fb609529035769c5b5425126538a4c6af7e0bc7fb3072c3290ff6afbff74fea95f40f7b3889f03bcf1fe37e446bacaafb6695a1197c2e02dfa
-
SSDEEP
12288:v55lNy+kRFIa244j2ObdGwEVOsE5WgdPMgQ5luq2G:tNxa24+lJGfOQgdclLF
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Installer Packages
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Installer Packages
1