Overview

overview

9

Static

static

9

hwid pack/...sk.exe

windows10-1703-x64

6

hwid pack/...up.exe

windows10-1703-x64

3

hwid pack/...RU.exe

windows10-1703-x64

3

hwid pack/...ll.exe

windows10-1703-x64

3

hwid pack/...rt.exe

windows10-1703-x64

5

hwid pack/...64.exe

windows10-1703-x64

5

hwid pack/...IN.exe

windows10-1703-x64

3

hwid pack/...64.exe

windows10-1703-x64

1

hwid pack/...16.exe

windows10-1703-x64

hwid pack/...IT.exe

windows10-1703-x64

1

hwid pack/...LL.dll

windows10-1703-x64

3

hwid pack/...YS.sys

windows10-1703-x64

1

hwid pack/...64.sys

windows10-1703-x64

1

hwid pack/...64.sys

windows10-1703-x64

1

hwid pack/...lp.pdf

windows10-1703-x64

3

hwid pack/...rt.exe

windows10-1703-x64

3

hwid pack/...Un.exe

windows10-1703-x64

6

hwid pack/...Un.exe

windows10-1703-x64

6

hwid pack/...ew.chm

windows10-1703-x64

1

hwid pack/...ew.exe

windows10-1703-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    hwid pack.zip

  • Size

    14.1MB

  • Sample

    240801-z4ejjawfqk

  • MD5

    734c14a94f1778e506606804d3566594

  • SHA1

    8cbd6a9c512edaab288a0fd24c7c2d7d71c3999d

  • SHA256

    41caeb1dab6ab9da4571b88cd0a0a2b3a21ce305909358e538a04f988d4a139f

  • SHA512

    4a1f766a3758026f47263d2abde66827323bd914316fcb352aa229325cc7da81871e49aadb611920094f3516d3b02467ee671dc31a1d067a021653459b291bec

  • SSDEEP

    393216:E1dKjXZTpZ6y3WqZSs7jYqAb6HtBZsF5A4VoekX2hnm0:E1dK7ZTpZ/WKSSjY65sziekF0

Score
9/10
discoverylinkpdf

Malware Config

Targets

    • Target

      hwid pack/HardDisk.exe

    • Size

      636KB

    • MD5

      c20e96d4e616ce333c19a1c15a1cc137

    • SHA1

      f79645ec115130ee59958c55a556f564260b7a9e

    • SHA256

      2c141c06f7df57f11ef2c62f2a96093484a65df47065b1a475c53784af0e2664

    • SHA512

      519fec9955c4a18e45ec68d9e7dc2bcda74721a6ea088e59e634e26b136bfa15f5efedf8839c036a3cfdcdb9780a2121dc2d71f1fdbbfd3df02d9969e5db753b

    • SSDEEP

      12288:EN1TNRzUSWgDxPWnP0Lamg+hyMU1EUFT99qpDDcZDDR5Id1888888888888W888H:whNRASWgDxPWnP0LamWYC8EOd

    Score
    6/10
    discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

    • Target

      hwid pack/MacSetup.exe

    • Size

      5.1MB

    • MD5

      a7c8cf1d50ebe630a7d0c47686a0abbf

    • SHA1

      3229e8080975f4f5512d2382552f68c0389acff5

    • SHA256

      a453b3ea8d8133531fad26b18701c694c324cc201e3069d07e99f0e100908c1a

    • SHA512

      42340b7435605049e3f817feac1ac238177772b2b1ebf05eb9311bb58ee3dd1cab39913240a4c39e3407374009310770d8221c31914549524ecd92beab93b787

    • SSDEEP

      98304:ARU3j4wtopcj2dqCYV1coZ4hv3tmF1b6CrjfW/sfH6s7zQcKDsVv/JLSF66b/:ARqt/CdqRc64hv3tmF1b6CffW/sfH6sm

    Score
    3/10
    discovery
    behavioral2

    • Target

      hwid pack/monitor serial/CRU.exe

    • Size

      1.2MB

    • MD5

      0f69af48c32613f73c6acb87a7d18661

    • SHA1

      0756ae84f3b58aec29f4b9a2888624ca879f7856

    • SHA256

      0351a943ca93558ff36f74c3f0c768dceb724e833e282abcf1be5b2e71d5c67b

    • SHA512

      2b30c079831a30683aabc0effa6bb60c84a960c2bcda1ce5da204bebc2050a359ec2cf36df426a0d227165afb9c4b9401fd0316b2504394c7876ed177fff2377

    • SSDEEP

      24576:tLEWuIj9T0gR1U2vfVD8sA15qkJ1K3mbDQca9L32GY:twfIj9T0ujvTO6L3

    Score
    3/10
    discovery
    behavioral3

    • Target

      hwid pack/monitor serial/reset-all.exe

    • Size

      51KB

    • MD5

      3d47586c62bf61dac639d8cc1bf43ee7

    • SHA1

      36f605e1fb7cae972c6723ded6a5f126f36a8d01

    • SHA256

      70639c195430afb92799d711ed784406bfdfd04c648d5f3e4d9873da0063660b

    • SHA512

      638a75c0159de8553e8071a68b5a4355bfc002489d9ed62bfbb1019d287073a555133bd4a55abd68c51b3e2a1616f586a26998ce32ade322cd72ffeab5ffe105

    • SSDEEP

      768:Jd0XBRNU+hV81e14G8xGvMhBmqVHhc6ZrLy01fA5Egt2rHNZAEDFn27DQNE5B:b0XbeQ8xG0Kqjc6lLFfSortZBMDu8

    Score
    3/10
    discovery
    behavioral4

    • Target

      hwid pack/monitor serial/restart.exe

    • Size

      63KB

    • MD5

      8242ce426ad462eff02edae1487a6949

    • SHA1

      9a4f382d427e0de729053535aaa3310cac5f087b

    • SHA256

      b68ee265308dc9da7dbb521bb71238d27ac50a5ee816f21c13818393be982d7a

    • SHA512

      aff43a78d29ede49eac386d9b0b44d0f37d5a20bdda8553369d68dec90bbc727c6dd8fe239987a9d2e3affaeff8b72b5023ed973d7aecfbb99de46dca8c99ef1

    • SSDEEP

      768:xa+/MMnf2XivrjhmxEQSQIjDaGva2XaT+CSxKUAch9Itvo7vq2XFelWn2iED5Vx0:xa0wstmSpDaGS2RCSxK28otXFQwUx

    Score
    5/10
    discovery

    • Drops file in System32 directory

    behavioral5

    • Target

      hwid pack/monitor serial/restart64.exe

    • Size

      73KB

    • MD5

      297aa19bade534a791d053ca190b74ad

    • SHA1

      15cb6a33994f75fe9e30a2afbc8a7e4616b63962

    • SHA256

      5f779bb822aedaf5bd11693cdf73f6c7c3342f37371a78c07c2aca1e15dbfd00

    • SHA512

      df883950c598f31b81f22a68b2a9fed7459dcad5084ec6e39399658b0492bcc458d9fc5bb80fda6bc994bed3241f969fc67a0b8e021fb82b040455d64776c625

    • SSDEEP

      1536:8vXMJl7uRupZzidl/T+Dnx86Rpy4roKsIrryeq3OTM:8vMJl6RAZu/T+7x8qpRM8rNcOTM

    Score
    5/10

    • Drops file in System32 directory

    behavioral6

    • Target

      hwid pack/serial changer/AMIDEWIN.EXE

    • Size

      148KB

    • MD5

      182ec3a59bd847fb1bc3e12a41d48fa6

    • SHA1

      2f548bceb819d3843827c1e218af6708db447d4b

    • SHA256

      948dbd2bc128f8dc08267e110020fee3ff5de17cf4aaef89372de29623af96fa

    • SHA512

      91ecc5a76edc2aea4219f68569b54d3e9fe15c2a30a146edc0d09e713feaa739a5c1e7dbfa97e60828696078d43d1f8fd3466234525b099ed6e614e854ac6c4c

    • SSDEEP

      1536:tNFrdLFZ7JxIVhlPBo8Upxwpwf+gHkow3SMT4HOw2htj6oANy/ht+vSMoqEcViWw:Pv7JIhlBAKwf+gWCM4OwyWscSMoqtLe

    Score
    3/10
    discovery
    behavioral7

    • Target

      hwid pack/serial changer/AMIDEWINx64.EXE

    • Size

      453KB

    • MD5

      6a6505b2413d2c7b16c6d059448db9e5

    • SHA1

      dfe6c6b6051c26326a12dc9d0d5701cb4728266c

    • SHA256

      53e3b72f8eb13acf3cb69d4cb124e8dc64fc541555c3c95cc8003b8046853955

    • SHA512

      1c0531581f0efe683ab763f6633ace60f0637b22830e7ec551babe19ac777a1a6821dc568bce13a8abee8bfef1c7d9397e0bee1c78c00810c65dadd788dab2a3

    • SSDEEP

      6144:JIeh4+TOKGuTSuXCJ6AtCoZPhGL/TnJ+z5rsxQhsCI9t/tk7MP:jpPTxXihA+zBhsC2Z

    Score
    1/10
    behavioral8

    • Target

      hwid pack/serial changer/DMI16.EXE

    • Size

      30KB

    • MD5

      2a89d4e479351022ab8bd604030a76f3

    • SHA1

      ad1d39fd38fafaae4d77eed5f1c67f665686736d

    • SHA256

      28e6e1908f2996af9b7a9930f13d4c770d6963425df0869ce4bcdb1442a4a917

    • SHA512

      0fb48aaeeedb5a96246ffd80c167f501ff2f5a08cf8d2dbf63373666c6f3394244395e05e49b68fedf02c2a3df75ad6ba4223f0066c350993233cf218da83e43

    • SSDEEP

      384:d2a1f/coJEQ88t5hDQ8o3wk4YMoURAzMbdLWxrqw8CKn6l3myGWstap/+ZU0KXy+:dLf/NWQltVoV4YfDOWxXd3my/cY

    Score
    1/10
    behavioral9

    • Target

      hwid pack/serial changer/DMIEDIT.EXE

    • Size

      3.2MB

    • MD5

      fbaf6262fd84f9966338518d4de46fdd

    • SHA1

      291d481e3b42029e157e7c60febc8fe67cd50cf1

    • SHA256

      5d37e5e7ce01549965bf2166adcba33d1e2c4bd2c90711032f3987b58452ce49

    • SHA512

      5d8cc6e1ab85fae8d9a5ffa83cecc2608b1fbbb28b9e80afe2dc6f7d46b657d489e03f75e42fc147d49313b3a41ad768fd0f320a905cbc41d767c0fc3c3d9d7e

    • SSDEEP

      49152:VOQ6nNB9ySqeDoVFixOA9DruNebQk9DtTKkuecMC+coEbyxvgg+lV:D6nwNomN1AKku1M2Jfj

    Score
    1/10
    behavioral10

    • Target

      hwid pack/serial changer/UCOREDLL.DLL

    • Size

      112KB

    • MD5

      8370f3114924ed6c53741de7a253625a

    • SHA1

      f7782d51e73526226a89229b4f3625c7ce43f3b3

    • SHA256

      78a4d8e5e8c33793e5a2020325d3a49e92e4826167742e93179bdacbf167b409

    • SHA512

      5a13c0fb787366869fac57139fa2ebbd0c34a1bfa76c05ac879da60e534cbac694385f2b6120fdb6c7cf0e62cf4948efbdfde96e695a9d377f44eedb2e1b1398

    • SSDEEP

      1536:g+FKwswB29BLymvRwRvSpD0pQD61ShZT1Cw4cf0SbtsWFoYc0RkU:g8Vk9ymvyNMO4QqGeyqoLGL

    Score
    3/10
    discovery
    behavioral11

    • Target

      hwid pack/serial changer/UCORESYS.SYS

    • Size

      15KB

    • MD5

      9555d36fb21b993e5c4b98c2fc2b3671

    • SHA1

      210a98be7da32cea98618c5a9640c23ce518c0ee

    • SHA256

      fd6f56189cd723b32fc06392867fcd5128e63d8b5801e4f7a83523f820531981

    • SHA512

      3ec96ba6fca7a4aa45becfef84b23b12c305f34045ac1a15b22745289e33b9326103e853bad698434df772a76515e7e8109fa8724d65f0351ee380c16d888c60

    • SSDEEP

      384:pp4uPb5yDmnoMXP1oy5KYJLWd6jH9inbjJE:pp4sEmTDLAmH94b6

    Score
    1/10
    behavioral12

    • Target

      hwid pack/serial changer/UCOREW64.SYS

    • Size

      14KB

    • MD5

      a17c58c0582ee560c72f60764ed63224

    • SHA1

      bbc0b9fd67c8f4cefa3d76fcb29ff3cef996b825

    • SHA256

      a7c8f4faf3cbb088cac7753d81f8ec4c38ccb97cd9da817741f49272e8d01200

    • SHA512

      a820a3280da690980a9297fe1e62356eba1983356c579d1c7ea8d6f64bc710b11b0a659c5d6b011690863065541f5627c4e3bc13c02087493de7e63d60981063

    • SSDEEP

      384:q1ykKJX1BIAQ0r1IiFlYJLWd6jH9inbjJ+T:uygG1IiCLAmH94bgT

    Score
    1/10
    behavioral13

    • Target

      hwid pack/serial changer/amifldrv64.sys

    • Size

      18KB

    • MD5

      785045f8b25cd2e937ddc6b09debe01a

    • SHA1

      029c678674f482ababe8bbfdb93152392457109d

    • SHA256

      37073e42ffa0322500f90cd7e3c8d02c4cdd695d31c77e81560abec20bfb68ba

    • SHA512

      40bbeb41816146c7172aa3cf27dace538908b7955171968e1cddcd84403b2588e0d8437a3596c2714ccdf4476eefa3d4e61d90ea118982b729f50b03df1104a9

    • SSDEEP

      384:Cf8OVN6UDYm+b10HMHd6xhxuGZBBfSZsHLPK6jz/cf:CffV8KApCMMxDuIPKgwf

    Score
    1/10
    behavioral14

    • Target

      hwid pack/uninstall/Revo Uninstaller Help.pdf

    • Size

      1.9MB

    • MD5

      3302bc2fe6921c87e4a647851eccaade

    • SHA1

      4bab845a05f5cf54603f70b06aec7bfcb6a073a7

    • SHA256

      0e52207e8c1422aa51c6e94b1b6874d394a87f7ff3838f2e7711de278cc2a3f0

    • SHA512

      cf8635edaa23f2f06660613f87d30f476791ef065bcdbbbbcbfbd3ff35c2ef6c6900a820f9719638902bf520b9d5480869d21995ed4fd0cef89b20c020436017

    • SSDEEP

      49152:Mh1JSdd792yHssZsyWGf7L+JUpiTyDzPzuBj3N:Mh1JSdV92UskblK+piTybuBj9

    Score
    3/10
    discovery
    behavioral15

    • Target

      hwid pack/uninstall/RevoUPort.exe

    • Size

      200KB

    • MD5

      2f814a927d097a09911111dbf0fc2e93

    • SHA1

      8e4e953c60653a333182320345209765695d4e17

    • SHA256

      ef70640d701bf406f7008c9ef7dc594019c063e4436415c97033f0a998697edf

    • SHA512

      d57fa5fdd2ce0ed148e43814420103e0e340862d6a9c35714ede6fa059dad0b63963b790824cbc126535b97c23f2fd560eb0891050fc0f3996a30c7ee8e99619

    • SSDEEP

      3072:0kLnAdeRbvAZpoKIIn9xg//XHTfq2M0W30L/OHQ4HFs3qMGrfv8Th:3LAoYZCIn9SzsFwWqh

    Score
    3/10
    discovery
    behavioral16

    • Target

      hwid pack/uninstall/x64/RevoUn.exe

    • Size

      14.4MB

    • MD5

      740c47eaa20beeaf8b7121a17c39af99

    • SHA1

      bafa4a04765850a0c16430c01a32497e62f11e9d

    • SHA256

      a48b7b68c4865cf192e5800ea1fba0588a6ae2abccfab73450c38c3e410b31d0

    • SHA512

      004cc63fedc4c2233f3dd7296d4fa757c33428b4b1c4dabde1d5256eb887d2afa069323e24faaa2806b4f0335cfa7405a0fb523321220fb7e4912b05150d7252

    • SSDEEP

      196608:yLnucGdLdWIPrN2Ap6yi9crjE+pWwPWpGplR806IIIIIIIIIIIIIIIIIIIIIIIIq:wDGdLdWIPrN2yi9c3ppNPWpGplR8ZWz

    Score
    6/10
    discovery

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral17

    • Target

      hwid pack/uninstall/x86/RevoUn.exe

    • Size

      12.1MB

    • MD5

      bc5307a2b996f8994c4c93983a81fb05

    • SHA1

      2df1b09e0d4cf2cffd66b61fc7014c29219b393b

    • SHA256

      787a813efcdbfac68d0df2392beb1cde23b15958ea569a6506d64dec70709501

    • SHA512

      a4bd1a6271401acd82d973eb04f67e941de85c50d1b04607f89029a92555b52390d118090f7e5ff125e4eb3931f37995f67c6adc6927f8df19fb0ee9360780ca

    • SSDEEP

      196608:ndKABE/NdoCTHwPWpGplR806IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIA8Z:UoPWpGplR8ZW

    Score
    6/10
    discovery

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral18

    • Target

      hwid pack/usb device serial/USBDeview.chm

    • Size

      24KB

    • MD5

      ef8d0a30da9ab8cdbbbd62d74bce1187

    • SHA1

      06441c5dfa4b9577afc989454216ea014a49b8d6

    • SHA256

      d5909ca92c389ab1c01909a6f07fd351e2a655be97931caaecc3307a9e8f26e1

    • SHA512

      695faa16c29d0ca5bdb2afc5da3e05f25a6b17ce4dbee43aebc9ffdbe18d843273437bb0189bb1ef2a4ececbb236aefe634f38f94a179e593edaa6105fb2e789

    • SSDEEP

      384:ZaeGDZD/3k0Xb1/WN1iA73A8f2ZVDUDjGTa1Mu72:Za1ZtijuVDUHGO1j6

    Score
    1/10
    behavioral19

    • Target

      hwid pack/usb device serial/USBDeview.exe

    • Size

      135KB

    • MD5

      d0d19f2cccacf70bc84846076acc11c8

    • SHA1

      21154b5b479aaae4c56aec309bf6964eb52d1ce1

    • SHA256

      63012ea9ce8ed335db7bdd33fa7bb449aa1ba31755c6845c1e79c11cb60dc908

    • SHA512

      b45a024e3e22821c3a9fec56969fda164acab0f12a28a29a8c9263373004b57a246ff46f90a81b65714b09d788ed8c265de130eab059c546caae79b6d15b73d4

    • SSDEEP

      3072:xFRB1T0ABjInqx9sKJQ1jrD0ivz0ll27ENCP7g8g3OaAy:xFRBVnj0qxbJQp/0iolGENC6RL

    Score
    6/10
    discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral20

MITRE ATT&CK Enterprise v15

Tasks