0a94a43af2db7bdbada87b34bf03d3b221110d1ca21bbebec55b08767c1281cc | Triage

Sharing

General

Target

EasyBCD2.4 (1).exe
Size

2.2MB
Sample

240802-2latqstclp
MD5

2e06476ebe1137f543ee7176d34716e7
SHA1

6eaa6aa0e829ce8af54213f6de77e748c4388e23
SHA256

0a94a43af2db7bdbada87b34bf03d3b221110d1ca21bbebec55b08767c1281cc
SHA512

4f038b1bab87a9c552672a69d2122800e5f6809c6230c2cea4f14000d0c8555393621af0e4e85ef9471a6527d9458a6315576aab9de10058b3c320549f9d0c1e
SSDEEP

49152:vHQLkhcj2sy/yOnZMS3NTQDxX7Cc8kRD7zei:vwLKcjW/yGMoN+Obk1zD

Score

7^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  EasyBCD2.4 (1).exe
- Size
  
  2.2MB
- MD5
  
  2e06476ebe1137f543ee7176d34716e7
- SHA1
  
  6eaa6aa0e829ce8af54213f6de77e748c4388e23
- SHA256
  
  0a94a43af2db7bdbada87b34bf03d3b221110d1ca21bbebec55b08767c1281cc
- SHA512
  
  4f038b1bab87a9c552672a69d2122800e5f6809c6230c2cea4f14000d0c8555393621af0e4e85ef9471a6527d9458a6315576aab9de10058b3c320549f9d0c1e
- SSDEEP
  
  49152:vHQLkhcj2sy/yOnZMS3NTQDxX7Cc8kRD7zei:vwLKcjW/yGMoN+Obk1zD
Score

7^/10

discovery evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2
- Target
  
  $0/The NeoSmart Files.url
- Size
  
  167B
- MD5
  
  f265d51d28342684ffd78a4d6c8dc89d
- SHA1
  
  b7eb6757690be8baf554de2e86766e344bc55ac3
- SHA256
  
  1e0d489906665211f71ebc85f030c052fc9f433973e6fb3acc2fc11b01388115
- SHA512
  
  25f21d20e19c7bbc7430855be039e1a58296cecb6dd9765ba5345e07930af724f93f53d3a02b66cd41fa73f65f096904d03df4f84fb912c69839a7513ddd236b
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/INetC.dll
- Size
  
  21KB
- MD5
  
  92ec4dd8c0ddd8c4305ae1684ab65fb0
- SHA1
  
  d850013d582a62e502942f0dd282cc0c29c4310e
- SHA256
  
  5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
- SHA512
  
  581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651
- SSDEEP
  
  384:VpOSdCjDyyvBwRlX+ODbswYM2s74NS0v0Ac9khYLMkIX0+Gzyekx:rdCjW/lX1PfYM2X1
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  8d5a5529462a9ba1ac068ee0502578c7
- SHA1
  
  875e651e302ce0bfc8893f341cf19171fee25ea5
- SHA256
  
  e625dcd0188594b1289891b64debddeb5159aca182b83a12675427b320bf7790
- SHA512
  
  101da2c33f47bd85b8934318e0f0b72f820afc928a2a21e2c7823875e3a0e830f7c67f42b4c2f30596eaa073617790c89700c0d95b7949ec617e52800b61d462
- SSDEEP
  
  192:W4n3T5aK+dHCMR1aQR9RuZl3WWmU7WYZsw1JpVGnrjAK72dwF7dBOne:3n3T5KdHCMRD/R1cOnrjA+BO
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  b0c77267f13b2f87c084fd86ef51ccfc
- SHA1
  
  f7543f9e9b4f04386dfbf33c38cbed1bf205afb3
- SHA256
  
  a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77
- SHA512
  
  f2b57a2eea00f52a3c7080f4b5f2bb85a7a9b9f16d12da8f8ff673824556c62a0f742b72be0fd82a2612a4b6dbd7e0fdc27065212da703c2f7e28d199696f66e
- SSDEEP
  
  192:4PtkiQJr7jHYT87RfwXQ6YSYtOuVDi7IsFW14Ll8CO:H78TQIgGCDp14LGC
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  1f49d8af9be9e915d54b2441c4a79adf
- SHA1
  
  1ee4f809c693e31f34bc6d8153664a6dc2c3e499
- SHA256
  
  b22c8f676dec58be8d25fbad1a37835ffc4029f29aaf79f4dc0337ca73a38782
- SHA512
  
  c60827e322e3168a79795ffd4beb0b0039842128255100d6b005d261402d2ff570f3866f441f3d3c063097c71d44bc5ae80d177fa91ef4e46fc8c2d97de27aa4
- SSDEEP
  
  96:67GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNo3e:kXhHR0aTQN4gRHdMqJVgNv
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  EasyBCD.exe
- Size
  
  965KB
- MD5
  
  e478c92160a3c73c77cdc9f515dfd8b0
- SHA1
  
  f0fa230f8c26bcbddc3b68f38ce0793d46c0ca2b
- SHA256
  
  6a6e16c176004128b918ef3f9ecf1d51d828e6099fba6542b5ac6abdb67c1030
- SHA512
  
  3682b4f5bc31cd056c3f552da657309093e35b4757c073a223385c04765f622ce9ee000fb5dbc950c68ad7913ffdcc831ef65bd5ed7241f6179ea375b17be822
- SSDEEP
  
  24576:Ex3xciL6WoADwxT1wdMw8HvxDIDG1NBieKLjZRJ8ta:EtxOPADsT1FwA5gGNBieE1RGQ
Score

1^/10
behavioral13 behavioral14
- Target
  
  NeoSmart.Localization.dll
- Size
  
  25KB
- MD5
  
  ad0a59ae87d4ba106e965c62f0bc3d88
- SHA1
  
  5b39b6fd95b5bee72a17d79a1f4958256a5c4149
- SHA256
  
  3a56005b2efb34620019ef432fe90eeb63726fc78b37be841f25c2aed82eb1db
- SHA512
  
  562b2cbd3fdbbb71dee9fdb68bd24b9bbf27beab93de338a616baec837910f31ad3b13d75564d45a1cca26e1150517b47d0b3984bae7d08675593bde22bbea98
- SSDEEP
  
  768:VhBgzZSt4PP229G7Re7gs8KbYZDdXYGX6P1AAES:VhBSSWkRe718aGXs
Score

1^/10
behavioral15 behavioral16
- Target
  
  Newtonsoft.Json.dll
- Size
  
  472KB
- MD5
  
  0953851089821550ef013b487da3915a
- SHA1
  
  7b4dfb7d547404fb6f3cc561d9475209aa2c6172
- SHA256
  
  4a56ef352f84ad19c1b4486c7c9e64fef9a67c464c62e51bababa79cd2d89551
- SHA512
  
  4a41a97527604042e1d28e2869aac1dea79da372ffc7e211415e45e4212a853971731cf4fc9595d81c4f4b824f8e7441c2ad6f2641d053cd783b264c83c29e86
- SSDEEP
  
  6144:ePhUtuIXFCFuKXrzAoPymvVMzgIRHNR1P3VzCtbK5vablBFgOSjjyCR6QkMvh:luqCkpmtM5tbPwtbKaBoy46QkU
Score

1^/10
behavioral17 behavioral18
- Target
  
  bin/BootGrabber.exe
- Size
  
  183KB
- MD5
  
  2e12b37d32c8bcf8920f5ebb6d24a6b9
- SHA1
  
  7fcd9e4ebfa2c400d6340133440c087e56a3c9e6
- SHA256
  
  f9842333f0b562b4ab5349a09fc173b0b2971c1f600502c4284781c78a735d7e
- SHA512
  
  aa82f1ed984174a1b5a610eb28a422da6172dd027678d9d4b7a9714e85e050616403ad294a005ad1ab39032758a4d2fd8d498b1241dedda8c91698ffc7d3c527
- SSDEEP
  
  3072:GsBY0ds3votpUUKh3U240kfLCVvVdYD1P5SihxFPDiG+UB0okF6nxxHGqtK5Q8:1Q1hN40iLCX6twihziloOqqpf
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  bin/NST Downloader.exe
- Size
  
  18KB
- MD5
  
  a5b3ea9ee11e9752417159ba1c618b95
- SHA1
  
  7f336b35f3a2a9d0a1c9f47227b27545aa7ead34
- SHA256
  
  b92b2fa8916c78ccffef058d3be900c840cb996028d373ba55985fd1d1dddac8
- SHA512
  
  cebbec335baae8551c901106d325c2853891a27585ed47f1bbae2f73cb62f1af93f1534ade8f85e6f345141d2475e08ad75a5e1adb06f46ba78dd6f56f5a0953
- SSDEEP
  
  384:P5wJPt7NTnUE6d9sfF7ehXCxMMC1872ST:P5kVU5yxh7P
Score

1^/10
behavioral21 behavioral22
- Target
  
  bin/NetTest.exe
- Size
  
  11KB
- MD5
  
  3f3be08145d962f3146f9632ca1ec910
- SHA1
  
  50903bdb01df135ac4492a2f004a22da757e1170
- SHA256
  
  c35b26223b07d81e9ab638b52e5344d33e10df874457a7b1cfbda6f591a07c7f
- SHA512
  
  5bdea94a15a2514f33728f956cd89fdc6d9cd7cf9d0cb25ca85092494323cc1b21b7610792c3a0090c9835541a55eb1103e13caba8d2fd30c6bd1b8566696ef1
- SSDEEP
  
  192:ht0d1aeS+XqnYe+PjPEIFUg2oVd7uGauospvxu7bOv2G6:ht0d1aeS+anYPLESlOiu317
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  bin/UtfRedirect.exe
- Size
  
  189KB
- MD5
  
  5b40791899fa37507e7c08bc3d9f5294
- SHA1
  
  cb98852ec22251b5124507427d05b3dfe7ec53a7
- SHA256
  
  5a87d9485f6e13ee2c3ba4ac289a3e237d17a43ed428b8a5bd5f00fc4800d1ac
- SHA512
  
  d2c0de00943d7e9961571a8e798688e46a8e7267086e15abaae8abca0fa7aedd02d5df3c5eb3dc6cfab0c5982694129bf5b9c0cb5d8e978fec0d76d54e441390
- SSDEEP
  
  3072:e9C94N9X3WrYt2pbr2ixnVWdneELvt/iTV73x4nPrXY/JeKum3f+T4+:e5ArYkRyixnVWdlLyeOzvv+T3
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  bin/bcdboot.exe
- Size
  
  142KB
- MD5
  
  9f9e397630a146e875735f2f42339e6b
- SHA1
  
  2456a3bf83b095a31dd338decad7672a5472fceb
- SHA256
  
  9898f537b8d3097a05b42f42523cd66fca7c020e8083edbe461e6d9a12dd168e
- SHA512
  
  1e149f89800670c9564efa9406a09b513439209760da0d425fb17a68446d993048aefa5962b209c9ae438be8452ad88e767810fdacd755dd0ce826e973193767
- SSDEEP
  
  1536:LHu5Yg8tzsZYut/NsaKUzpT0/j/Nf5RK2YoC2fvN8KNt8kP2kYHkN1f7/X0v8EwL:7uKZ6wnR9skOkYHcjvvN5Om
Score

3^/10

discovery
behavioral27
- Target
  
  bin/bcdedit.exe
- Size
  
  317KB
- MD5
  
  a60cbaea0f8ac802d21c0cc7bc2589be
- SHA1
  
  f4c1f4b7f340968ba9c360f3fc1ef783a8bc7b2a
- SHA256
  
  8bf1b71182fed18d6b4112bdc4d496800b5bf6681de4c4f6536ba67378f38a12
- SHA512
  
  24ab704e214758b9318a333bb3a466a05e4218fbef70752b266d782e5fe89de19db8e5d5a584245fcc6aaf32ea99a0764583b3cc56299e99a2b7cf6ec42c2ccb
- SSDEEP
  
  3072:E4grG16GoeiMyCN8JcgYX0ygF6ukNkl1QfhG+FgWAKaWJaRhdNV/ysXo3HD62xKN:ETBqyCNIcD4guUkng0lmKdGJLk
Score

3^/10

discovery
behavioral28 behavioral29
- Target
  
  bin/bootsect.exe
- Size
  
  107KB
- MD5
  
  da39bba4267ec54de12374bfd88d0df4
- SHA1
  
  05b134624cde95176f76378e8c22c4b7ef7b8a7e
- SHA256
  
  f15e3c9a8f73c6dc4ea8f0a174915b6edca06c75332eec8a28e7a4b347276d4d
- SHA512
  
  c605422c8a09d20a11be7c8e3066995f308e58070f7c6b8a8e705c13360f1ec13b6eaecff3525bff7d2cd97e4b5eacb220e26b496baf8aeb57ba56bc728d90a3
- SSDEEP
  
  1536:qS567paZhaZtq4hH+eHu6PfBoqw7w3J9Y85aMHB:qcCpaZgZtZi6PfmVOc85aMHB
Score

3^/10

discovery
behavioral30 behavioral31
- Target
  
  bin/udefrag-kernel.dll
- Size
  
  46KB
- MD5
  
  f72f526b334a578b8fbdc6a20b9e2e4e
- SHA1
  
  e89977dbd6e3b21016764ea39e0bfd6c93a02f70
- SHA256
  
  0233af69b35decefdc7bb9ab7c8732434ebd4880c3b18085e6116f28431e3d4b
- SHA512
  
  ec25fa006943b411b20a2c9ca6824412a47615a62446d0aacf37fdbac48cf785f93008cae69697453efc94785ccdeef06c7292da625a88146369113d95bb3a0e
- SSDEEP
  
  768:gcPFbqnYkp+98StOUEiD7oXGeB6SGyrPVj4ZtWWBMK6133I5OgKssFhXOjy20uCn:IVp++StsiQvvGy5jStQb1HXV00x7
Score

3^/10

discovery
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32