2b0d41bab6c1322f1d9c4a48a4df33071097d2cd78a4f37e71a7411b9d3371a4

Sharing

Copy URL

Twitter E-mail

General

Target

imposter.rar
Size

2.9MB
Sample

240807-tnddms1apn
MD5

96164327dc76666525db9ec3e3e15866
SHA1

19afe49a01ffc16aeb1b16161c821eab7937918d
SHA256

2b0d41bab6c1322f1d9c4a48a4df33071097d2cd78a4f37e71a7411b9d3371a4
SHA512

3c3e2d99edd1e56b0733218610ec21e3639cdf85d5b042a2e1bef2dc5275b57cfb1dbfd01ea4bf3905ded2c8e71c741d88a602ac83d9d1c5f21a976b4c2d0c71
SSDEEP

49152:KRJ8C90HD44/E6kcHmGIBd0DcG0NA2oNmARfN7xsPUd/9vGixpAOtSNq9sfjXcfK:KH8C04APTVIBdObV2oQctwa9LxJSNsfK

Score

9^/10

Malware Config

Targets

- Target
  
  sus/PlutoniumSpoofer.exe
- Size
  
  708KB
- MD5
  
  09d28477e145e9f96f2e87bc588f4093
- SHA1
  
  c9a21e758dd4005c10d7573559528fec628afb6f
- SHA256
  
  a299e09ffab3dda1df1be4338beaa501f0d4f0d58275dad9fc83d8b971a9b1b2
- SHA512
  
  951363162b385f09945a8cb5e9ec81fa922fd0cdbb2f84bc41262b3d3dfac855cbb7683f3f10c59be0f411440b1da6725b039102b90e71dd4729086ccc969cad
- SSDEEP
  
  12288:dUj3JSpmaxIephPrYDKGCgfdcqvCoRts:drNZeDKGCgfdt6ow
Score

3^/10

discovery
behavioral1
- Target
  
  sus/data/createuser.bat
- Size
  
  71B
- MD5
  
  a3fca2181219e47e252ad1e6c5901c86
- SHA1
  
  1b3ff050d9a5a2bec457228dd69db4bae7d550f3
- SHA256
  
  68a516c4b18ba7b28af6f27d7f461aa02f4c897d16e2bf73fc39567922546a2d
- SHA512
  
  279e6cd0d29d9cd8ed285238905cc1e905477c7f23ac44109d250549c6705c848b6edb970d64a0138f64c1bbe0328e8c484134f036e6160fefb92d148d85011a
Score

9^/10

discovery
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
behavioral2
- Target
  
  sus/data/deleteuser.bat
- Size
  
  42B
- MD5
  
  c5f2766582f3642b8332c31e105c9742
- SHA1
  
  43f937555e5f4616c66fc819446672de07387595
- SHA256
  
  162d02688b41c98db6054f6db888216c86a6cf73e565e55dd5f2d24662b25c38
- SHA512
  
  0652c578b2d7adab0781ac8c588ff4fdc919ef1f90adc0e6701b3641d52e4ad2eacae80ecb93a1148cac14bc96e56cc5521a675cccefef17beb0106d059ed4b9
Score

8^/10

defense_evasion
- Indicator Removal: Network Share Connection Removal
  Adversaries may remove share connections that are no longer useful in order to clean up traces of their operation.
  defense_evasion
behavioral3
- Target
  
  sus/data/driver.sys
- Size
  
  6KB
- MD5
  
  96756deaff1b2667883d4a21e43f4f65
- SHA1
  
  bce3d6fb9eec3f2d2695d96e61442a58039d594a
- SHA256
  
  1992c044963f5c77aa7b5462e2bb69a37c66bc0e13032524fb1663c0314fd420
- SHA512
  
  b6f472c8296bbef5da4baf638e98c2e0c42ba3fa783c69a6c0cc1e2f92f4c365d6d1c0bcf26e1644bacd4a001fd97c19b5fe2b616ba3c0982fc7edefcb59ef7f
- SSDEEP
  
  96:eA/w8VE6wC4NrkXyhWZ2JMQ4LI5aUZ1ZM2a3:v/f/skjZAMTOA2a3
Score

1^/10
behavioral4
- Target
  
  sus/data/kdmapper.exe
- Size
  
  135KB
- MD5
  
  731fae4da3015ec85300b25502e8027c
- SHA1
  
  ef749be78498af35a102fad3d0b91eecb99cc6da
- SHA256
  
  64d54f559a98aced121e6a6a639683e6d38d937a93589cac5b95d0d77e491121
- SHA512
  
  7e50da0535b2665ef05d4a057397a2c7456b6212a99e09b41935b9dfba77f5f3ab74dde6237199050753673a71a8dad2e77ee8534ad1b29286254850adc8d78e
- SSDEEP
  
  3072:2QAfbv8/V/cS0Dfr8Uo9rUmJTQSaMm5/6bmGV:2qhcS0KTWlDGV
Score

1^/10
behavioral5
- Target
  
  sus/data/macchanger.bat
- Size
  
  2KB
- MD5
  
  86630f471a1c7f40e8494347f9ab8249
- SHA1
  
  10a2139adfb884f01799de89bf9b9ccb2a8bb460
- SHA256
  
  c15faade0e71acd4abcb60a7e9f3f002a46d3d47bd294f7b12d811c871d1292c
- SHA512
  
  666fe7866c2bedc78aad081bddf7e4dc8a9038b173527dc9464dd9c0776314a8c3e1ec7f4d0f34aff0d946b94ed1178a5c665d79173d1bfe0a0a611f6af65369
Score

3^/10

persistence privilege_escalation
behavioral6
- Target
  
  sus/data/spoofer.bat
- Size
  
  96B
- MD5
  
  84fad1059fef5f1d1b3e4aa418d726a9
- SHA1
  
  fb7d46e8cd66154f667ccfa0a49530aca0b07fe1
- SHA256
  
  591d6d5e336508a12ef91ec0ed898d91b841bb3d0d0a44a147a774464fbf83ab
- SHA512
  
  d19d702e2145272543a683aae2cf85e526e919a524683759571b1eada51cdbe248e31a6d41e2c745498934a560d4229414312617d3ba8de9ee6e81cdf4e64d68
Score

1^/10
behavioral7
- Target
  
  sus/data/spoofer.exe
- Size
  
  454KB
- MD5
  
  b954b605163a06bcd5ba4cf8f9cc4e03
- SHA1
  
  3cce640a2a71cb3b004256e23ad27eae63554498
- SHA256
  
  3b00d34ae7cd43fbd70d9bd8a15ffd7e432af77db6f76e8763573bbdda8f112b
- SHA512
  
  bfb4173de17e4fd6f843be18e7c799643883d6ea81e015e109da05f7c09709a8c0f8cb05ca4b0ffca8c448da947cc14a94f7acbd9b1d15e3a3c995cc806aaf39
- SSDEEP
  
  6144:W/HOdVi0dUkiLVyBBa+MTuWlCz7Hoc9VERc:W/HaVi0W4BBbMvYz7HJ
Score

1^/10
behavioral8
- Target
  
  sus/run.bat
- Size
  
  9KB
- MD5
  
  6050e9c5b35aeb80528e17b416de8aff
- SHA1
  
  0f5b3fca2bb24432fe83f6907e066b2d96997810
- SHA256
  
  55fbf0640d3cdc7be69c886a67052bb740a746742637990f9f289fec817963db
- SHA512
  
  b35b3f3a82fa15e74093d157525e1fa0a3f2300adf1393016e38c62e3b35f46a94919839f29c6a6f01a1f55afe0e40627fcdc4fa9dcd4e434df86274d0c432bd
- SSDEEP
  
  96:cT8T9OB3dwnXnLcisH0EB+yddAAalXlH45WdLBkqCviv:cw2Wn3wibEw0ilXlSuVkDE
Score

1^/10
behavioral9