1934087948e7c56954803942c7d347d6ab49b806c24e49e800c462a79c37283a | Triage

Sharing

General

Target

BACeyeSetup.exe
Size

73.4MB
Sample

240806-kb1hzaybpg
MD5

da2a1d009d9b3516e168b858a34fa3ab
SHA1

9f22883eb0909dcb4e42da62b364eb576c98846d
SHA256

1934087948e7c56954803942c7d347d6ab49b806c24e49e800c462a79c37283a
SHA512

4bf03352aafc38b64f5f6566533cfec1596b1af980bb47fb9ca83170becdcce57af5562fec45a11d3de9c29552dc84e27e7052555dff23ec81d994c6474b8c66
SSDEEP

1572864:LAVBjIQSzQe3cf7xOCHKYrLn+XxdjrALIjOqWY99Ml8YEfI3s:MVBIbzQe3u7KYrCDS9299MYfQs

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  BACeyeSetup.exe
- Size
  
  73.4MB
- MD5
  
  da2a1d009d9b3516e168b858a34fa3ab
- SHA1
  
  9f22883eb0909dcb4e42da62b364eb576c98846d
- SHA256
  
  1934087948e7c56954803942c7d347d6ab49b806c24e49e800c462a79c37283a
- SHA512
  
  4bf03352aafc38b64f5f6566533cfec1596b1af980bb47fb9ca83170becdcce57af5562fec45a11d3de9c29552dc84e27e7052555dff23ec81d994c6474b8c66
- SSDEEP
  
  1572864:LAVBjIQSzQe3cf7xOCHKYrLn+XxdjrALIjOqWY99Ml8YEfI3s:MVBIbzQe3u7KYrCDS9299MYfQs
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/ExecDos.dll
- Size
  
  5KB
- MD5
  
  ebcf9f71d804abab3c2e5ce4c17dc22e
- SHA1
  
  17d13084e75cbfa5fbfdd0025e9a0ee5772ae765
- SHA256
  
  d387b725afbd2a6f9b44999278d21025fae55b391e45f7751b88dfb13511a993
- SHA512
  
  5576396c2d885c039668d7f401eeee583eb4de39e8497c3aaec32d47f4417a522fe6786c111d50a5fba7570f50e84144ef3a8aea42677d170e79114343c3a4a1
- SSDEEP
  
  48:qNpugCjmWaZ+rnHAUiP9JLw/RHFtly5vorpSpSi7+5HCAx31Oglt6Zlrz9QH96AD:r0W1nHAfPPORHnooAU3xYglt6WwE
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinPcap_4_1_3.exe
- Size
  
  893KB
- MD5
  
  a11a2f0cfe6d0b4c50945989db6360cd
- SHA1
  
  e2516fcd1573e70334c8f50bee5241cdfdf48a00
- SHA256
  
  fc4623b113a1f603c0d9ad5f83130bd6de1c62b973be9892305132389c8588de
- SHA512
  
  2652d84eb91ca7957b4fb3ff77313e5dae978960492669242df4f246296f1bedaa48c0d33ffb286b2859a1b86ef5460060b551edca597b4ec60ee08676877c70
- SSDEEP
  
  24576:UBOldyR6ORWsaM2QROxa6jsqUENfJjNK/CG6niqiL:2KzqWsayROxa6QDENuaG+ifL
Score

7^/10

discovery
- Loads dropped DLL
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/dotNetFx40_Full_x86_x64.exe
- Size
  
  48.1MB
- MD5
  
  251743dfd3fda414570524bac9e55381
- SHA1
  
  58da3d74db353aad03588cbb5cea8234166d8b99
- SHA256
  
  65e064258f2e418816b304f646ff9e87af101e4c9552ab064bb74d281c38659f
- SHA512
  
  241ba3f82f37818407bc00909c160b653b45a1a3d156e043b87ba18a7819294716705c952c7b46516c4afd86e6f99bad23e7235b951a371ae6728107f19e5f23
- SSDEEP
  
  1572864:cAVBjIQSzQe3cf7xOCHKYrLn+XxdjrALIjOqWY99:VVBIbzQe3u7KYrCDS9299
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/haspdinst.exe
- Size
  
  14.5MB
- MD5
  
  0ad68bd38d3857e983ddf6487e2b8773
- SHA1
  
  8f364dfc45183f6cec8aed8915f27195023fdce8
- SHA256
  
  9da31fc1b33b2a39ad31a121acfe6671173023eb4cda7530486e452a299592c5
- SHA512
  
  29c04515dc068eee4ea8de6e26465ae61cdabfd7a0e5f8a27ae8fdac50332ab0e245877925e51ce2eb7a11d678375958ed95c9c85ed177504c5611b25d51b2d3
- SSDEEP
  
  196608:c0HwBjQ6NCI+0a+mKSbIIeJtkVlXS3ZASg1BgxtUGcs6VDVI/eVs3fKZ8SNjkDDn:cMwBkWahHITJyVxWxgbQbGXI9fKZ8P2
Score

7^/10

discovery
- Loads dropped DLL
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c10e04dd4ad4277d5adc951bb331c777
- SHA1
  
  b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
- SHA256
  
  e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
- SHA512
  
  853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
- SSDEEP
  
  96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/vcredist_x86.exe
- Size
  
  4.8MB
- MD5
  
  b88228d5fef4b6dc019d69d4471f23ec
- SHA1
  
  372d9c1670343d3fb252209ba210d4dc4d67d358
- SHA256
  
  8162b2d665ca52884507ede19549e99939ce4ea4a638c537fa653539819138c8
- SHA512
  
  cdd218d211a687dde519719553748f3fb36d4ac618670986a6dadb4c45b34a9c6262ba7bab243a242f91d867b041721f22330170a74d4d0b2c354aec999dbff8
- SSDEEP
  
  98304:RuLgywiN1ah6HcG0UJrN7SDgndrHZDMeaNNjt0CKKBgY2r71pZ/APaOR72HgQo0z:I7wq1W6HqULS8djZDTaNNeCKVP5ORsg0
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral17 behavioral18
- Target
  
  AKSHLock.dll
- Size
  
  492KB
- MD5
  
  281f53d4c1842036d575087340ed0f0d
- SHA1
  
  ce9ed750d9c2f3393a050a26e92a93775dc71471
- SHA256
  
  507a8f2c12d2d5a0686e0aba307fc604d4e0ae8d4dba30a97a89badef23d1b7c
- SHA512
  
  b5d4aa28d98d75ca07179d647581a0cc7a9672761669bb831fcf65412dfd05003aa9c7c70a582b6e7b6eda4519e4dc3a41be80a41acd66acf148c095d7d2ce18
- SSDEEP
  
  6144:NAB+VgCDHg+Oza4FXRO2Sfj0HFNeqmHCWnP834vcc6yxqANP2tKgrvUrdSDDR3O:NAwVgCzPOL5ROMlNegWnwD9qNuEe3O
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  BACeye.Plugin.Interface.dll
- Size
  
  27KB
- MD5
  
  446fa780702ee4e0e5adafa04fdba63b
- SHA1
  
  ec23fb43a4550172c55af6464070da023d1a36d6
- SHA256
  
  9ce5203e7379c717ee7f33e82c07790f43f23e005d346ef461c1f4dd63dc2c81
- SHA512
  
  952eaded3de802d5bf2f9cddb0cb18de8412722bf9370d79783b922f92cf9230a89dc8e6d43f8c6b4f3e198baa1532f0d92298721842afe8ed332d57df4707f8
- SSDEEP
  
  384:Tb2IgxkgEViN9JDL/YoOCngFG4GnjmX2udPdyp9lkZbbVHb6opBnYPLIvgFOUdhN:Tv8kgEVSFzsym3lyp9lkZlHb64BgFn
Score

1^/10
behavioral21 behavioral22
- Target
  
  BACeye.exe
- Size
  
  6.6MB
- MD5
  
  38ce82a78c215232f7980d7ff88b8705
- SHA1
  
  c04adca32f07d922b8a83fd7d5b3b2f6d4bdf936
- SHA256
  
  762a912b3b96762c92c80d30c879cd6688c921aca3c00a964cd2cfd699e1eabb
- SHA512
  
  e99965458dc1bf48f4348fde24825a5d3269b143a190bd965ab56181fa6826c8247e550dd8834198eceb29813034a4b73277ea7699c1f5bef07a45c14ec3b556
- SSDEEP
  
  49152:RDyO9PuUsfWky2iOxCqxKD+yUKn+3NWC8+gjMNaZz4s821LvsAD56Aor32T8Y/+u:dPuUDNOxCqxKD+34yaZz4sR9
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral23 behavioral24
- Target
  
  BACnetBaseLibrary.dll
- Size
  
  143KB
- MD5
  
  f8b5bd21631709e9f7a47db7ba7a1a70
- SHA1
  
  f2ff4825f4c981a2f94048b12a45af50de3be522
- SHA256
  
  3af691f17c48c134b05da366c6924b810960647b7cf498bb971d22e3d3f6f1c7
- SHA512
  
  8f54365995a05ec7f6d482271a842a299d627cd70e3b9b51a9f21742ffa176fba36016c3b953c7ef5376082817dda8e5279d92bf59e0445961e1313a16716ea5
- SSDEEP
  
  3072:c4+yIvRhs2RUif0hShF4vQZ00mXluzsX9OF+zU0y7UjDV3cduYWTizSlu:cVvRt7fnhF4v4mXSsNOF+zU8tcdu/iF
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  BACnetObjectLibrary.dll
- Size
  
  166KB
- MD5
  
  70d33a8c47c03a199ea82e4d1df6189e
- SHA1
  
  da09ba764a8895b6363ad307fc788c6ed65d5850
- SHA256
  
  b01a9e7c9e332c9b09172466509921fbe7874b9d47acec67eaef0ab33e59bfd1
- SHA512
  
  1398ca6e747e071b2f036b9c11857ae32a2bc0049181b04f5cf3dc8e6065b80e27d61818d00f852fca54c309175aa8e970b9f65d6bc540c76494873ee290fd52
- SSDEEP
  
  3072:JrwMX4thCimddSKBi4Gt2lB8CVibENoiiyTG98UvVC+qRo9pQa32:JdX4dj2gCVibE6H468Uvs+qRoH2
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  CSLabTools.dll
- Size
  
  165KB
- MD5
  
  4e6794aa988b20a83b2dc1dc126ad8a9
- SHA1
  
  858436ea8c72d4990dabe5f7ef5867fe2ff2fd6a
- SHA256
  
  27f67f3b01e85aa4cfd5b901ad2b07cc8dfe2027e60846d2f70db117b6e69b58
- SHA512
  
  2c33549e428a0227af65d234a37edc0bb9e31484f79bed6ba72b7d5e6a388bbb76965215bff320b4ba5e99dc386fb04b0cb226f2210b9cc3ab3155a3cc32eae5
- SSDEEP
  
  1536:u+0DLVkFpW2Ifwu6llDCCvFeYycFHulD3Iqzk789CmOjDq6hA9JvJDQGUaKUovT0:QDLKEw7AqLRx6vCUEClt9H6QdbMhgFz
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  CliBACnetWrapper.dll
- Size
  
  2.0MB
- MD5
  
  cb1e64adcf3b34efc7e7882ebe754fef
- SHA1
  
  71aee17a853c9e9ab4c0d5df43872c008b88c2c7
- SHA256
  
  fc54984c93479d4e6a0931c8597acad1209ff04bb4da47abfc87da1856706240
- SHA512
  
  3430d530622bac4c99b845c9178cf99313d3747e2131dcfbde73997c3627dcedbcea548449073e423d1e52bc86dc4663162b1ba19db6e2dc00e6d034340616db
- SSDEEP
  
  49152:lkQSjWOBokEPqRQ6QB7Ku0GaXO34IBAUZLY3sTKL3:vhqokEPqRQPfBAUZLcsK
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32