94c7cf630ea81de4dbb4db3b031b96a90afc2ae1f3da6d329910e4fc1a51629c

Resubmissions

02/08/2024, 14:19

240802-rnce8sscne 3

02/08/2024, 14:17

240802-rl7hlasclb 7

Sharing

Copy URL

Twitter E-mail

General

Target

~x64__x32__installer__.zip
Size

37.2MB
Sample

240802-rl7hlasclb
MD5

2688578be19130e4f567c7ab0588904a
SHA1

8ea760acac456d51ba85543a2e9017f4a565ff6c
SHA256

94c7cf630ea81de4dbb4db3b031b96a90afc2ae1f3da6d329910e4fc1a51629c
SHA512

30a8b528f13d85520d14ae14af9cebd82c1ce019d755cfc47da33a7d6db7b4f8ac1a6fc1feae1fcaa80f28d291c21ef372015dfdb94d45023d10d9d43ba615a4
SSDEEP

786432:d+yYLsCtAiSo8P3tz7/N4EhnP25ugHOM4gi90roTTXqCwv0MVy8:dWLJA1DPsj4kronXNkbJ

Score

7^/10

Malware Config

Targets

- Target
  
  ~x64__x32__installer__.zip
- Size
  
  37.2MB
- MD5
  
  2688578be19130e4f567c7ab0588904a
- SHA1
  
  8ea760acac456d51ba85543a2e9017f4a565ff6c
- SHA256
  
  94c7cf630ea81de4dbb4db3b031b96a90afc2ae1f3da6d329910e4fc1a51629c
- SHA512
  
  30a8b528f13d85520d14ae14af9cebd82c1ce019d755cfc47da33a7d6db7b4f8ac1a6fc1feae1fcaa80f28d291c21ef372015dfdb94d45023d10d9d43ba615a4
- SSDEEP
  
  786432:d+yYLsCtAiSo8P3tz7/N4EhnP25ugHOM4gi90roTTXqCwv0MVy8:dWLJA1DPsj4kronXNkbJ
Score

1^/10
behavioral1 behavioral2
- Target
  
  fh/HalExtIntcLpioDMA.dll
- Size
  
  20KB
- MD5
  
  14cf6bf532b9ea9eb756fa3ac1b48047
- SHA1
  
  ea202ce337eb25677fd78239ba007ef62299ade5
- SHA256
  
  3da7cf0676adf77a65d46964ef738400c549963364208d6d2ece1bb120b1f357
- SHA512
  
  50354291f7b7ba91e9fcdedf7e50bc78efa91fae6277639878defae237588da2a5d1bf1c3b534e7568d189144d66e8bfa49120de7f8fedbe101d13e0224c09a7
- SSDEEP
  
  384:Uc4sYkHlo0olx8J+xYpmbAvWzPWhgxvlmKm:UxsYq4H3bF32
Score

1^/10
behavioral3
- Target
  
  fh/fh.dll
- Size
  
  52KB
- MD5
  
  0a0ba0ecdaba8843f9b239e28d686e13
- SHA1
  
  d719c9749c536c6dbf6eb7584c4f20ed9c00d636
- SHA256
  
  957fe3e1b04cc440f26b40314a0011ed45a213912cc86377fa687ea4ce87cf80
- SHA512
  
  c4bfa2ce20af47e585e46f01e50b2df7bbb5ff2c8ff904857ee1af476fe1a24afca6ff705d5ba503763808e8bbfbcef381e6fa51c7711f93750cb22884791889
- SSDEEP
  
  1536:58eze90DUA9vM6BXnDRIMqMASG3wFESHP:2EDDXnFrGOESv
Score

1^/10
behavioral4
- Target
  
  fh/gpsvc.dll
- Size
  
  1.3MB
- MD5
  
  ea9e9444d9e00a55433f12e8985dbed6
- SHA1
  
  5b308448ef002ffb365d91ff4af3e8f326874323
- SHA256
  
  49545521a549b9f045cf2dee0eda41deeab3f37e20735d7f905276b5f8980481
- SHA512
  
  204923e984427b9eb21b70d358f96e524d0d2b203c8ee2d0e2008ee33ec5d225c619eca3589e0aa1dc8e9c3f8c9b862a88cd5d04d331dbcc776b3fc9f2b097d8
- SSDEEP
  
  24576:SkmzGalx3MnAHAH9AXjBCTnAjBkreET9ZTBhldhrT5TfuAlE:SkezlxcbH9ATBY6Bqeq9Z5PT5TfuAl
Score

1^/10
behavioral5
- Target
  
  fh/msftedit.dll
- Size
  
  3.2MB
- MD5
  
  ad8d5b57063dda8523c2f653fc8e93e9
- SHA1
  
  0d59f82d22d0f483f4553681a89e0f5bb533f944
- SHA256
  
  b458aecce93656141538b2aab988e382ce8d6b376a42b05313b701874a4c2e55
- SHA512
  
  417dabf27b5761692011ada6a5c87e13953d58e2045c985a9a45825be2cae5fff9246e2b0708875a4777cecf75c2628e9dd56616466e15b1fd0153dc39af78b6
- SSDEEP
  
  49152:Sl6/Qm3K8bGgu0K3IBnlOq3lrUCBmLUI4oPSfvKqXPeh3ZNwEsoYb9wX5zonj16T:TzS+lBU4oP0Ze4+
Score

1^/10
behavioral6
- Target
  
  rmclient/SEMgrSvc.dll
- Size
  
  1.2MB
- MD5
  
  9a0f874ff0fe0099a83706e6015da522
- SHA1
  
  b135520a203aa4ac789088828fb6fe641e4fa21b
- SHA256
  
  8d02a3274d684c7736f5c088c56c19a628ea225319cf56ee5ff366f4194a77c4
- SHA512
  
  89fda4016692d699720dc372fbb455b94c5f6a9e844a98090b548a0085737e1d3a4a66af7c6d87d99329d18012b8b41d34c45d31590d77cdf177835f1393cf77
- SSDEEP
  
  24576:heDw4tKHTyK6yMHAhe2OOjhkHLFjbPMCHjt59qrAn:hyHtKzyVrLgh0BMCHjrgrA
Score

1^/10
behavioral7
- Target
  
  rmclient/SRH.dll
- Size
  
  3.7MB
- MD5
  
  7f924d8c45f8ad8ab667e74c48b454a2
- SHA1
  
  727352eba8abe8ec810e36581f892cd013fec022
- SHA256
  
  bb06defc907a6a57803db431fabeeb26dadaee86f910cc447d22d753241b4952
- SHA512
  
  93e933b4f91666ad644c996126a26c79fde0b5f8fab023733c45b583643b128a915fc998e61e4660b29b98f7f025118811318088a22b7d968d7cac9573def606
- SSDEEP
  
  49152:tbTLsJnsjvTZgisACjnoMymP5J91fkxqHi1GMe4gG96iJAozSe:RssgVomMe
Score

1^/10
behavioral8
- Target
  
  rmclient/rilproxy.dll
- Size
  
  57KB
- MD5
  
  70e5e88231068a5053aeaa4e1d952f9f
- SHA1
  
  b1be0d3ec94d1f993b6d19d68f90c387cb026799
- SHA256
  
  8fbf5ecb938268d5df468d723bff8ff9ec6a17fbee04c8847e889a027190a2f9
- SHA512
  
  a2aaee081fdfbb3d515dee30e92cdeeaef8551acc3673618421da5acc99e79199bd4d1fb85e480cd25fc9f008624c2a3d21bde84952022b329190e474c6b94db
- SSDEEP
  
  768:5SeTJsDf+jk12Q1BnZxLFeX3ofC+Z0GGaDCbv/GaKPv6h8B51iWwGrEc/00vbf8a:3bqxFeX3o5kiv88g7GrEc/00vbf8Y+k
Score

1^/10
behavioral9
- Target
  
  rmclient/rmclient.dll
- Size
  
  159KB
- MD5
  
  72cf0649c8e42c81f7487c0e08a13879
- SHA1
  
  d5c47b567c9132ce54f50e4e3a2ed0d49478a587
- SHA256
  
  69bfcb0063ee38680a828f1794cbdb045c0ec51a22eb2e32c60c130f3b92db0b
- SHA512
  
  dbeb6346c0d892b6033bbabfb12247828fb1e28dd4f8c35087d799e032b0592c24b5e676670d5f3b2f08ffd747384c9b02cb7276cf76327964fc03784dbe8944
- SSDEEP
  
  1536:A4p91HbO+943FFNWUtk9GQkUoP19YpyrSi0+uE2hxPufWvlp3YlHdGrQIP5Ua:ZH14F06EVYDrB0+uPKfo3YHdGrQIea
Score

1^/10
behavioral10
- Target
  
  vdsbas/TokenBroker.dll
- Size
  
  1.5MB
- MD5
  
  667698b4ca27f560125f74090602f16f
- SHA1
  
  2e839c381e8610eb46b1c008fad1d6f0db67ae49
- SHA256
  
  6c72728d02dabff7f95415c828372a343b4c7f12b3b32ddbed10644a040bcc4c
- SHA512
  
  f64834e3f04cc70b229471009dad70ed2673e010addb6bdec76b579e8a4f209d00d4d474181868942240053108e664c9efe8ae7e42f838a6154c0cbfcfd081c0
- SSDEEP
  
  24576:tLxmemlQ0jKWjBUfglYBix3a+hebOX9tvn/xPq8K2Y:LmemlQfWFURIV0bONtvntqf
Score

1^/10
behavioral11
- Target
  
  vdsbas/Vault.dll
- Size
  
  357KB
- MD5
  
  1606c923179eefdb54684cf4203ac69c
- SHA1
  
  4cdae3209d9df6eb9b6ba72448b4670c9e73b444
- SHA256
  
  e1eccbc3845bdf5213a2fae64bc7f0a4c5c1233333cf5716e5f198baf19a68f5
- SHA512
  
  459ca7f86de16b5fb59399c38ead1ea247e79e587f35862c2dc1d9fb2d638c389be76dc9f8dbe4069bb971ba1bae5cca62cf766188fa2d3d2fa2a9775a5638e5
- SSDEEP
  
  6144:BqE/2xc8e5QpN9NI5ryDHBA9uZBHvCHah0yNC1yb:BB2XN3XDhA8ZBPUarC4b
Score

1^/10
behavioral12
- Target
  
  vdsbas/tquery.dll
- Size
  
  3.2MB
- MD5
  
  78f653190c7a982ada029ffe94cb11d4
- SHA1
  
  440db188378e71988180f0c5dc11ac05ec0d8173
- SHA256
  
  9adf4752e15ed6370a4a9aca34e66ce367fb3a1f91941e681008f27829806166
- SHA512
  
  2c54217e07642f926fa7d97ef6debb38f7c566b93a4ff9bfc372e3fb3e64b71a07424f0510a571c6b7eebeff0cb0494ecc9130a4d304745b45fbf18791efc727
- SSDEEP
  
  49152:CNJqmln5WyJwJV8nAeiRdeAyGyjN6yFg4jzllNbzLrGy186EUHsr04P58BXlk:CNJzXCxd1F4j5zzvN8XE6
Score

1^/10
behavioral13
- Target
  
  vdsbas/vdsbas.dll
- Size
  
  250KB
- MD5
  
  f82423fabde3b816987a01d87892dbf6
- SHA1
  
  0859c6979a1847601ebc1d7390324902163a721b
- SHA256
  
  f0757d5716de255afbecfea2ca9cc7b753aadecf08367f412b3092156170070e
- SHA512
  
  bff9a8d33a1b22bd6e08fb545d0765db6a7382d48136e5f5ad77bc6f2df7007d4a6df161896072b82a4f7e6ff002c5c1e757500468d5a990d7269860d665d1f4
- SSDEEP
  
  6144:wK0PbIQ4izgHQCPWfYEgbUvyNzR45PeYSZl:l0PhzwTm
Score

1^/10
behavioral14
- Target
  
  winspool/wdmaud.drv
- Size
  
  253KB
- MD5
  
  8750e6e6368665eaa7563892e3aae69b
- SHA1
  
  cb11518c4ce8bd9d54c910da78c9460bb6e9b2fc
- SHA256
  
  f9134058d8c29d0b3a5a340796d155555fee431b7d6e5a44840ca76e307fcab2
- SHA512
  
  f78fa0966d13f29977720887721e83630498b119167bc381990c3b2864f615b13f87763a43c221db834cfa0ce440051fbc5b630b67be95d63c35676849027faf
- SSDEEP
  
  6144:HFxxr/DzW75uLsXZiXTR8EodNGGxpvgldZKxf:Px3zWFnMXSEbc9
Score

1^/10
behavioral15
- Target
  
  winspool/winspool.drv
- Size
  
  589KB
- MD5
  
  d7fdf5236fddb6b3d2da1485b49f4b00
- SHA1
  
  091caec545922114af3e91c8f370f70069a13d0b
- SHA256
  
  c7b20c9c100db5fe1d1ff68d889b1ccc44f1422bb761e069ade28f716f367cbe
- SHA512
  
  3af1fcda33f19a03d0c864fc8eff2a9cab83d72356f0dd2a7cbcef7fad6c61e0f730a1b01488c92138e150584f447e2aa07f66d4a94a82fd5dabc706beef2d25
- SSDEEP
  
  12288:QfmeNKf8J95PdYSe15xHrracYkpKyKgZoY:QFNKfwvdYSIJraNaKyKgZo
Score

1^/10
behavioral16
- Target
  
  winspool/wvc.dll
- Size
  
  566KB
- MD5
  
  5458c03d999412dfc5572a5382143319
- SHA1
  
  6460d719858580d9a8d8e326a244101bfa1ca7d4
- SHA256
  
  a006717da8c564af956f5e49586cacdaada23fb5b96e0d0134e56c510546162b
- SHA512
  
  0291160ddb65f98631c639e6a0d8994c3ae8e1b42eb2b62e1b19349e2988684976e1462e98721fa8093dc142f01fed162a1997d584de3980a3158de80c0c54ae
- SSDEEP
  
  6144:USZghpaCpkXQmZ5K667Ncv5KbL69joiBDoq7oLrynrwqD8u4GkOoiO2:VahpaCSXh67Y5i45V98Hp2
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral17
- Target
  
  x64__installer__v2.0.5.msi
- Size
  
  32.5MB
- MD5
  
  acf3049f9a32d9c2d30d0546e7a4249a
- SHA1
  
  491fbaf36bbb029601daf0e73ff17179f6f8ebd9
- SHA256
  
  4e5def247c481ea835d423ca3134dc1192dc688693676ac6730c5e60ab269f61
- SHA512
  
  02a40cd23470dff49afb6dcb80e7313b78aeb5bcd50ff564a7756aa01589379cae04953d6f50d0f22d6a251696a52702cdfde4f8daa7829b1e74d019fa66b900
- SSDEEP
  
  786432:VRQLUyTDXySTjxA4Ztx2+G+N0WYQYBXPByttH+dktHEDv0y:VRQ77xVLYjsp+ikJ
Score

6^/10

discovery persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral18 behavioral19