Overview

overview

6

Static

static

3

processlas...64.exe

windows7-x64

4

processlas...64.exe

windows10-2004-x64

4

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

CPUEater.exe

windows7-x64

1

CPUEater.exe

windows10-2004-x64

1

Insights.exe

windows7-x64

1

Insights.exe

windows10-2004-x64

1

InstallHelper.exe

windows7-x64

1

InstallHelper.exe

windows10-2004-x64

1

LogViewer.exe

windows7-x64

1

LogViewer.exe

windows10-2004-x64

1

ProcessGovernor.exe

windows7-x64

1

ProcessGovernor.exe

windows10-2004-x64

1

ProcessLasso.exe

windows7-x64

1

ProcessLasso.exe

windows10-2004-x64

1

ProcessLas...er.exe

windows7-x64

3

ProcessLas...er.exe

windows10-2004-x64

5

QuickUpgrade.exe

windows7-x64

6

QuickUpgrade.exe

windows10-2004-x64

6

ThreadRacer.exe

windows7-x64

1

ThreadRacer.exe

windows10-2004-x64

1

TweakScheduler.exe

windows7-x64

1

TweakScheduler.exe

windows10-2004-x64

1

bitsumsess...nt.exe

windows7-x64

1

bitsumsess...nt.exe

windows10-2004-x64

1

pl-update.cmd

windows7-x64

1

pl-update.cmd

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    processlassosetup64.exe

  • Size

    2.5MB

  • MD5

    2a5f0d3806533289d6c009f2746964ef

  • SHA1

    bf0b319f572ca6716e8b71d429a6e9218c087ca1

  • SHA256

    de1358a2316eb39863b4fd9396dc3bc22a773e653f2d0488ac09e1a411280919

  • SHA512

    efe1fe3ed00173345bd951a27232b5b7044c22ff41013e720e62895ce68a8fdde69258beebf8bb0f88c02049b9f1de392f07b842bb3f15063e97e40b95bc3cf3

  • SSDEEP

    49152:m6Q7vcwpYwovDpfjo6RNCw2jisuu3l5uv49eFBD7uac2YxRa5d/k:mL7OJtUCL2jisuIo49ej7uVv7Ud

Score
3/10

Malware Config

Signatures

  • Unsigned PE 3 IoCs

    Checks for missing Authenticode signature.

Files

  • processlassosetup64.exe
    .exe windows:4 windows x86 arch:x86

    Password: infectedddddd

    61259b55b8912888e90f516ca08dc514


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/INetC.dll
    .dll windows:4 windows x86 arch:x86

    Password: infectedddddd

    735e27ae3d7df8c0487e4353d04f6f28


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/LangDLL.dll
    .dll windows:4 windows x86 arch:x86

    Password: infectedddddd

    3e8d18bb71c7ebbda2ddc2a4bb03547b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    Password: infectedddddd

    fc0224e99e736751432961db63a41b76


    Headers

    Imports

    Exports

    Sections

  • CPUEater.exe
    .exe windows:6 windows x64 arch:x64

    Password: infectedddddd

    bb96ea340e7d0e21c9f30dba0859dc31


    Code Sign

    Headers

    Imports

    Sections

  • Insights.exe
    .exe windows:6 windows x64 arch:x64

    Password: infectedddddd

    5e1dd7cc89eb2c877dff6c2110cfbd3b


    Code Sign

    Headers

    Imports

    Sections

  • InstallHelper.exe
    .exe windows:6 windows x64 arch:x64

    Password: infectedddddd

    8ad566efc926ddd82e059452fe69337c


    Code Sign

    Headers

    Imports

    Sections

  • LICENSES
  • LogViewer.exe
    .exe windows:6 windows x64 arch:x64

    Password: infectedddddd

    cc36a2f18051da76ebec6151edd7c7f2


    Code Sign

    Headers

    Imports

    Sections

  • ProcessGovernor.exe
    .exe windows:6 windows x64 arch:x64

    Password: infectedddddd

    07c49966b28d650bf516514c496bab40


    Code Sign

    Headers

    Imports

    Sections

  • ProcessLasso.exe
    .exe windows:6 windows x64 arch:x64

    56ab8670ec6af9e79861fa914a2b4a2f


    Code Sign

    Headers

    Imports

    Sections

  • ProcessLassoLauncher.exe
    .exe windows:6 windows x64 arch:x64

    57d3dfd0d74accc835dfeb836d8e80e4


    Code Sign

    Headers

    Imports

    Sections

  • QuickUpgrade.exe
    .exe windows:6 windows x64 arch:x64

    176c7b2cd2e3a0cf8b95625bf0480bdd


    Code Sign

    Headers

    Imports

    Sections

  • ThreadRacer.exe
    .exe windows:6 windows x64 arch:x64

    0a32a469d3b3ab97b177d3b6f5898ece


    Code Sign

    Headers

    Imports

    Sections

  • TweakScheduler.exe
    .exe windows:6 windows x64 arch:x64

    9c3aa8d9e5d84cdca4b3a8b5715b0107


    Code Sign

    Headers

    Imports

    Sections

  • bitsumsessionagent.exe
    .exe windows:6 windows x64 arch:x64

    a7701cdb73805c1b95559d6cb505e04d


    Code Sign

    Headers

    Imports

    Sections

  • pl-update.cmd
  • pl.cmd
  • plActivate.exe
    .exe windows:6 windows x64 arch:x64

    6165000e7b95b0dd4f16b61f6896a823


    Code Sign

    Headers

    Imports

    Sections

  • pl_rsrc_bulgarian.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_chinese.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_chinese_traditional.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_english.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_finnish.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_french.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_german.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_italian.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_japanese.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_korean.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_polish.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_ptbr.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_russian.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_slovenian.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • pl_rsrc_spanish.dll
    .dll windows:6 windows x64 arch:x64


    Code Sign

    Headers

    Sections

  • srvstub.exe
    .exe windows:6 windows x64 arch:x64

    7d94c4c800ab23365817607fc3a91c3a


    Code Sign

    Headers

    Imports

    Sections

  • start-governor.bat
  • stop-governor.bat
  • testlasso.exe
    .exe windows:6 windows x64 arch:x64

    2c5d2a94a5f323639094dc74dadda94b


    Code Sign

    Headers

    Imports

    Sections

  • uninstall.exe.nsis
  • vistammsc.exe
    .exe windows:6 windows x64 arch:x64

    0cef9d1aafb2d1c862fe37ea5858d18a


    Code Sign

    Headers

    Imports

    Sections