0411d0243601938c6c2e2b40ae5d2e4e4ef00140ae7afed77bb94c6407f77219

Sharing

Copy URL Twitter E-mail

General

Target

Akko_Cloud_setup_370.1.21_WIN.zip
Size

112.2MB
Sample

240807-b8ehbs1cnh
MD5

536b5d357c5a501b89b78a141fa68957
SHA1

0b0092c63f879405c74566983080e8a8fbc73d15
SHA256

0411d0243601938c6c2e2b40ae5d2e4e4ef00140ae7afed77bb94c6407f77219
SHA512

feef2cced7c5c6b6e6a2b9ba43a37154accb53d0198795c4fc2a7612ab5dea605f2f63f75210707bdded1608946c7447d38ab05376e831a17968df0ee66dc0c6
SSDEEP

3145728:a5qb1qVnk71KHCjOXFr1whBFOlPUdH+KIoIuYATHoAzb:0g1qVnkJKHCqXFr1whB0MdH+KIoIuYAx

Score

7^/10

discovery execution

Malware Config

Targets

- Target
  
  Akko Cloud_setup_370.1.21(WIN20240531).exe
- Size
  
  112.3MB
- MD5
  
  39e462a6696ae99b6645172f669ec113
- SHA1
  
  b134e825f21041a42d3d71152b08f53f7f03ca67
- SHA256
  
  f2d4dcd13f692e5faf53d869fb6f91148ad2c5df760a90a984c4538667fd8a0b
- SHA512
  
  f2ad02a33dff88cc0e231b4ea1e7104473bb0eac61258f75247ab17e43e282c04202b07ffe369187572c60299d78d1b57cdea9bfcdc79919c94492ca1445d8e7
- SSDEEP
  
  3145728:ztO80M2Q6QQQ4KN1cQoIQyCQ95cRi0FK0BQ6QQQ4yN1cQoIQyCQ95cRZ8YIik6w9:QpQ6QQQ4KN1cQoIQyCQ95cRjQ6QQQ4yj
Score

6^/10

discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates processes with tasklist
  discovery
behavioral1
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

3^/10

discovery
behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral3
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral4
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral5
- Target
  
  Akko Cloud Driver.exe
- Size
  
  130.0MB
- MD5
  
  1d777b8c29920876ed2a46dbbc70937e
- SHA1
  
  4d868bf4b0716ec4be2ab1aecaf0eb0b126f5835
- SHA256
  
  d8c80251ce7fb6b38cbbe77310b0dee9067604bf7472a9fd34e4489fa849d76c
- SHA512
  
  6dac7c416eddfa89a6c56a46ef3d6af81afd7844cf1f86a16cabadc68fd7b540f98e728623d27434bd09fcd6b038e6666979cb96c7ad6e29015f53f744a68da7
- SSDEEP
  
  1572864:mBKoaKG6Ov+dLj9ie5XEAUjDZzGdgjdjApZbR7hqHtOod8QfOnxiScz2kr5zctp7:mXrWEpZ0Pd8QfO34vj/X5MqzsXR5H
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Enumerates processes with tasklist
  discovery
behavioral6
- Target
  
  LICENSES.chromium.html
- Size
  
  6.5MB
- MD5
  
  d18c09a075cb6531d7ffd7c3da77bd4e
- SHA1
  
  571f29b6004007111782bf5727c4bc9510cca286
- SHA256
  
  86f5222580a4ab03dad8ea62e6cea22b23454dccf1c77e74ae0e0410a13b16fc
- SHA512
  
  091cd68e12633919fc6100b606f3002b16f4b9c7c6d7c820ff20e31a3b9ea690c8a1fc90529ff3e5c21e8d778e254743a8708049830c3bb046eda8f2653000b7
- SSDEEP
  
  24576:8P5K5WfWSJiJjQlaCmf2P6e666A6o69/kHPZQHpuQ:UrYR
Score

1^/10
behavioral7
- Target
  
  d3dcompiler_47.dll
- Size
  
  3.9MB
- MD5
  
  ab3be0c427c6e405fad496db1545bd61
- SHA1
  
  76012f31db8618624bc8b563698b2669365e49cb
- SHA256
  
  827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
- SHA512
  
  d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba
- SSDEEP
  
  98304:q4Xyn7IfxiYMzgom1mEU/AJC/vujMD9rM:809om1hU/Aavu4D9rM
Score

3^/10

discovery
behavioral8
- Target
  
  ffmpeg.dll
- Size
  
  2.4MB
- MD5
  
  b63e9344554c0038deff8cdbb11522bf
- SHA1
  
  9875fd48da67ec43fdeda560a5b2d725fb4c619e
- SHA256
  
  05c918622b0621148ee260d5cb0660d7f0732deb02ca7d58476741c0be84e412
- SHA512
  
  824f0cf8e4c496fa411ff8ecb5acb9c573a562459bbced42c2d7ed5827ce722402d8e6bb658abdd8bb32ddbd4b7c30fe9e675f2db0c24cfecd39ff15f333d5e2
- SSDEEP
  
  49152:Y/LIKmZb04F/xKbOhyoWKuVWaMhGoEIoqcA:Y0vZjgqhyoW9v17A
Score

3^/10

discovery
behavioral9
- Target
  
  libEGL.dll
- Size
  
  375KB
- MD5
  
  2203e6514b4d27f43d08710e53ac27cc
- SHA1
  
  76980ea35af7543d96576e39f52ba4fd4f2e04f3
- SHA256
  
  01eb795c5d510702c06e5ed3d066980c76fcd056d033024069de85519973551a
- SHA512
  
  1687feee8e4b25b93677ccac2e82925c85b32e53c24549ad481dfef3b198f3e3790113b7038add57dbb0c498dfbcd4453b861e006c41bbefa8d737fe99d49e0a
- SSDEEP
  
  6144:3tp6qTYU1a4FPLg8Z166+6FKkHmIMTPSZmP:PvTnRm8Z161WGXPSZ
Score

3^/10

discovery
behavioral10
- Target
  
  libGLESv2.dll
- Size
  
  6.4MB
- MD5
  
  8236e6763fc5265eafd6c3c6aeece48e
- SHA1
  
  7336a462525e7ceebae7c241bea558e2c3298c69
- SHA256
  
  ebd63363c8585a466c8c6673be5398d48c2189b1f8b74dee11625b94e3cb5ced
- SHA512
  
  4db12345f0e32e03026d2742476e30d32c1eb8b20cf650d1ad3fcc05309506be6340926e777d8bca96feadd93c4d8e6fda257b0d87bf79e178855489e5aad971
- SSDEEP
  
  196608:7dBxrVg0L2AtQJbs+1Zb1t1A1SFaODMsckN:7dBxrVgvAtwbbZb1teKHMT
Score

3^/10

discovery
behavioral11
- Target
  
  resources/app/dist/index.html
- Size
  
  1KB
- MD5
  
  5fc15c19ddbd34db1b509be636ba2f5d
- SHA1
  
  3aa3cfea3a117c234bd244683877c4c07340d4a4
- SHA256
  
  6df9fee6f97b4195ca8880421ca3b909e27e9908ef70940671a9186d1df94d33
- SHA512
  
  be11ebef09a8acc87487492dabb78eb21fbddb33535494483a8fdd3cc0807659ebeef530ffd2fbcafe7d3fb3b9eb72317412a38b9be862d9a93d9f9e420e74ee
Score

3^/10

discovery
behavioral12
- Target
  
  resources/app/dist/static/js/main_51c30da0.js
- Size
  
  12.9MB
- MD5
  
  689cf4cceefe72a5e431007336a9750e
- SHA1
  
  25630d1b695b86a8cab1d0479b39bb7c2bfcac40
- SHA256
  
  29ce8adb540a3ef45541213e960fa2afea7e5220d00c0a9cfb84c725b7d43a76
- SHA512
  
  f15b5eb5aa89bf24dcf9d729c85b3a40ef44d731b07505fbf4756a33576013d6c41ce561741f592612825ffad403243489ef7428a36e7c8c12c8b0b6ab187d72
- SSDEEP
  
  393216:XNqOppD4xNzTJ9/YVqNZywIsTp9tmM5EGU86wGyR5en6K8uHf88iK6i46ZsuKHNj:C
Score

3^/10

execution
behavioral13
- Target
  
  resources/app/iot_driver.exe
- Size
  
  6.7MB
- MD5
  
  1ade1bea51eb0715af8d28a769e7a0c9
- SHA1
  
  be3d40c7cd5295a46dc393881287f95bc8c38ada
- SHA256
  
  7d05c01c41425a83d0c7d25dd991cbd8e1f865d51d04da53697a77afc4342227
- SHA512
  
  20672ed84da1a63f323cf72275a836eb3ba51c260d2a6e7f6a7ef5c7a599771b681823e056354dfed769fe4029a1732db76f368b23244362ba077f8f096c1b90
- SSDEEP
  
  196608:NkdMXoM/uEseXc93gOsP+abX6q0/qQ0aU/x6XfFEv0fEDHnWGfjRVLF4ckEN6hHq:NkdMXoM/uEseXc93gOsP+abX6q0/qQ0f
Score

6^/10

discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral14
- Target
  
  resources/app/main_dist/index.html
- Size
  
  1KB
- MD5
  
  b8889d3d81ddd6e3a31adb87b3fb9b4b
- SHA1
  
  40d4baab811db0eaad542ab00bb3e0ed39daae03
- SHA256
  
  c5cf024a43a8fa1f2a55d1a19f9e7ad1c19ea996e52fc37ae470362b97aac0b9
- SHA512
  
  e9ca97ce279b841fb397fa570610078f7eb8d2e4bce4d3e29b4e2880e191ecc3056d3292d2da82cf9bd6095d886406f11acaa7b32a7558c2d3a98056a4961d42
Score

3^/10

discovery
behavioral15
- Target
  
  resources/app/main_dist/main.js
- Size
  
  849KB
- MD5
  
  d82e53a7cc0d05423b4a1cc283fc4f74
- SHA1
  
  56ea4ab3369ddfe980abee296c8f8a005285886d
- SHA256
  
  f7ab1cb2c0c5bb3791251b8f9dd7fb1cfcad774109a1bedf8fe9f137278bd431
- SHA512
  
  82cb1ad9fcfc81875fad23380f672c0522cd8c2815b9e8d68a246fb055360b579b4cba8f51bd152ece8d16339a248e5e20f449eaed5f939090a349963f4ac6ff
- SSDEEP
  
  12288:wAf9bkPlxK1Kfp+KmY3nD9qTzlmZpackMH9MREMJc/jBZjr:wAf9klxK1KfpLU2Z6WZjr
Score

3^/10

execution
behavioral16
- Target
  
  resources/app/node_modules/@electron/remote/dist/src/common/get-electron-binding.js
- Size
  
  441B
- MD5
  
  0106cf7d56f545a842d9b502c8e71f18
- SHA1
  
  c3367470051e2e92e8237c7336247dd82bdcf7b0
- SHA256
  
  f857a19eec43c9f8d97736c86057064c5b71fc14f6e773d1d7b1c268598bd309
- SHA512
  
  d8713654bfe110315c6edccec830cf1e07c50f9d226d23be6d291c0c65ed52386fb19603d9b70aa7bb28a790236562574d33cbd49b2046c3e09d4eb2289d3695
Score

3^/10

execution
behavioral17
- Target
  
  resources/app/node_modules/@electron/remote/dist/src/common/ipc-messages.js
- Size
  
  77B
- MD5
  
  8963201168a2449f79025884824955f2
- SHA1
  
  b66edae489b6e4147ce7e1ec65a107e297219771
- SHA256
  
  d43aa81f5bc89faa359e0f97c814ba25155591ff078fbb9bfd40f8c7c9683230
- SHA512
  
  7f65c6403a23d93fb148e8259b012d6552ab3bff178f4a7d6a9d9cec0f60429fc1899e39b4bca8cc08afc75d9a7c7bfdb13fc372ca63c85eb22b0355eb4d6000
Score

3^/10

execution
behavioral18
- Target
  
  resources/app/node_modules/@electron/remote/dist/src/common/module-names.js
- Size
  
  1KB
- MD5
  
  dd62c07f7bfce25a6d42fb00340d29f4
- SHA1
  
  961e8ac31b85e4ee40197e31d729b645f04a7de6
- SHA256
  
  47cf518cee254db3a0823346a2c165805d06203db4c37d2b99d04e2e28833a5d
- SHA512
  
  ccd6236b8ca11d0caca6894ba4eb9b0da15e9931eb7c83235d7040c241340078d4454bebaf2caf8704c19ac7620527766e89d66446e6b3ae5ab8790698298ec8
Score

3^/10

execution
behavioral19
- Target
  
  resources/app/node_modules/@electron/remote/dist/src/common/type-utils.js
- Size
  
  3KB
- MD5
  
  c70855b91decfa97bb38c04014e304e3
- SHA1
  
  c6fc5f8877769e1d4210689f587fd5a4cf5fa5c7
- SHA256
  
  4e4e7bda21b242e517b9b1b582a15a45e8135bc7f7b1f0e9b33e56181dea3ee8
- SHA512
  
  41901684ada330b6aa143822ed2119df26be5ece733282ada2446c63676ba956990a414c5ca736d055d508ac4c0623aba72a4f471ad1861c2b59ed2ea3a88080
Score

3^/10

execution
behavioral20
- Target
  
  resources/app/node_modules/@electron/remote/dist/src/main/index.js
- Size
  
  535B
- MD5
  
  d371ebcc535da3f1d67426a7fe273559
- SHA1
  
  eeda9bc2ecead5d57d987e481ba528c3ec8cf073
- SHA256
  
  ae4b7e86235189c9a7ee079f4a7bddf7baacbdcc7d213f853ac32bc7ddeafcde
- SHA512
  
  5cc48826e0776782ee16ee659cb1be85f9a30a04379ee3fa256471c0bd4c58ac085f2c47dc25c2e7cbf7ca389d3ff5f58245862854e58d624bb727535525107c
Score

3^/10

execution
behavioral21
- Target
  
  resources/app/node_modules/@electron/remote/dist/src/main/objects-registry.js
- Size
  
  4KB
- MD5
  
  ec0ab96e69d519c3619f1ec995b474bb
- SHA1
  
  922ae8f58f157ccdeecbec30ddbcec6fec1f71e9
- SHA256
  
  0312d21bd8da83d0384deab4c87cf7d8f3bbfa8424cd65e07e259d3044afd8d9
- SHA512
  
  34720dedccfdc6232ecb352f95a946fbf716b25c5a3b2cc8e8a99cefd122102cec67ad9bf46a26a4a89f5554f31d14d14e90b776ccc35a2eb651b318729e458c
- SSDEEP
  
  96:KypWjErU08DnH7FSwbZvFq8c5FY3R6yinKNB4brZWzkkCDiY/ruOxvL:KkYErU08LbFSwbZvY8c5FY3R6yinKUbx
Score

3^/10

execution
behavioral22
- Target
  
  resources/app/node_modules/@electron/remote/dist/src/main/server.js
- Size
  
  20KB
- MD5
  
  b910036524a94ca041467cd84608bd3d
- SHA1
  
  ece41d0d356a02521859c11214cf11f5b9855644
- SHA256
  
  f64f4e5023d9c75f575271cded5f5b9bd7d821c41feb7c6f86a5b4e4b7ef20c2
- SHA512
  
  c8f7985bb56d734a7c68ffb7ef806b31ec80bed931c56717ac5699edcab8a08aad105ad9aa2dd723916122171752a8d94316ceca11d530f4ead62525d1bdf4f6
- SSDEEP
  
  192:48j5Bq1vFcwyQ5FAPCBI5I3enn7Mng93JZZwCwDG1T6Q1AePfXcMW2RSXWI+ivS/:l1n7AbAWOlEZkWLWGJi
Score

3^/10

execution
behavioral23
- Target
  
  resources/app/node_modules/@electron/remote/dist/src/renderer/callbacks-registry.js
- Size
  
  2KB
- MD5
  
  965ac5402fe4e11cd747bcadb81b185a
- SHA1
  
  dd8c8fe786422eb44c6a254ae106fe4f9ec528db
- SHA256
  
  14db4469fabeed645433a21fabe124f07a7b46e115829b170e9bb16aa77d5992
- SHA512
  
  a37f42cbef41d09f3957ace96440869215dde2bf6f45c73a994f6ee63f38c0344f599320953d58eb73a4f5e11436f6d0075ddda5ff83c10e885a054c5d8053a5
Score

3^/10

execution
behavioral24
- Target
  
  resources/app/node_modules/@electron/remote/dist/src/renderer/index.js
- Size
  
  793B
- MD5
  
  e4c0b6cfc41f1a136353f3cb3c1964bb
- SHA1
  
  f1fced358b70bafda33b5ba2883b8c9255a20afc
- SHA256
  
  f459072159108ef7cc53cb8ca2bb1ce32d752393808165df92ef3708cfe01f54
- SHA512
  
  9dc0acbc95ce12d80593838232f44f7418ba9ad2d48d05835d8709ad2fb2bde5bf9109ddb884482b0b1bc1a474167ea3a43e3e313bdfb6f1dbe7675fb07b2ba6
Score

3^/10

execution
behavioral25
- Target
  
  resources/app/node_modules/@electron/remote/dist/src/renderer/remote.js
- Size
  
  15KB
- MD5
  
  2181d59eecaf5b52269678a8ff25fc5a
- SHA1
  
  0b85fc4ffaa6b35bd35ba256245a0923bbbd3da2
- SHA256
  
  3632a9a1615506afcb1180fdd9517f00eeacdf715fc20a5980a24f21905fb7e6
- SHA512
  
  889f1c087cbc008988c325b5d0ecdbfbf748d40c8b460cf21f9dda6d3e075cd83354a7394f07ead253d22c2d71e674b566a3103f31d4087d7c876940e8f27145
- SSDEEP
  
  192:KYVLrZkMWTAfMAAkRNJgwlK2WEGUpw7KQu14IZEnAu3ieF3yo5giRNErGaBdBmu+:fi2e7Tu6AH6q3QnP2rHeobQKQoa
Score

3^/10

execution
behavioral26
- Target
  
  resources/app/node_modules/@electron/remote/main/index.js
- Size
  
  45B
- MD5
  
  33275c1942ce54f9d8d42e7dc6aa66e3
- SHA1
  
  0947fc59751d7f64f137a256e4d3e6d1fc1b3def
- SHA256
  
  289679196b4b9ea379488a1e810e108f697b7c7e4e4c3a303f403af35482eb87
- SHA512
  
  fbd6e614dcbdc024763dc952cfa0464e8f70ccfca82976e504a0bb823a8b1890b57d9b7ee2e5cd00abaa689fa587edf803c3b868870e0cd56729ab0f03774a50
Score

3^/10

execution
behavioral27
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  ec0504e6b8a11d5aad43b296beeb84b2
- SHA1
  
  91b5ce085130c8c7194d66b2439ec9e1c206497c
- SHA256
  
  5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
- SHA512
  
  3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
- SSDEEP
  
  96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Score

3^/10

discovery
behavioral28
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10

discovery
behavioral29
- Target
  
  $R0/Uninstall Akko Cloud Driver.exe
- Size
  
  146KB
- MD5
  
  f5ed6f451804fa7b86116f16f5c9173d
- SHA1
  
  097f78401bcd9ce59d6fe16271bbc3f33d303427
- SHA256
  
  83d29cf3662a1f0a8da3f2c4cbea88a65f42e368d326dcd113a9dcefd1c5290a
- SHA512
  
  291cb97dc9711ad66c7efd3472647b4fd66dfacd6ef777d4e5cd6eaf18d375de06d656d15bd810a53f91eac41e2522147774f9dfe225a5e8657069cf68144ff5
- SSDEEP
  
  3072:6n77v00hEoDEtautnCXOb8g4WnqaH2tvhOEA1RJCir86SrSrv6Ia3E:6740I9nSM8gxqs2t0EyL+yaU
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral30
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral31
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Enumerates connected drives

Checks computer location settings

Enumerates processes with tasklist

Checks computer location settings

Executes dropped EXE

Enumerates connected drives

Enumerates processes with tasklist

Enumerates connected drives

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32