53ae5fb8b0c66f6ac36a04c508b11489dc95a8fc1821d5e3e03b969e157d0706 | Triage

Sharing

General

Target

53ae5fb8b0c66f6ac36a04c508b11489dc95a8fc1821d5e3e03b969e157d0706
Size

2.3MB
Sample

240817-bllywssalq
MD5

4f07d06694cc4ef62d4fd19f04074be8
SHA1

8c19d66270f3e0b6101a3f7c0c2196face43f96b
SHA256

53ae5fb8b0c66f6ac36a04c508b11489dc95a8fc1821d5e3e03b969e157d0706
SHA512

9ed669787f6c2a051d2321a1fe23bb0b115f8824e584e5fb8528dd3287585e9c80b913083f86e9e6afe7bb8ea2261dcc09e750dd53f176f77e61a4de48fbc27e
SSDEEP

49152:amrcH0lFcE9RSPgVLVwHYKDXtzUZZwgm5OxRY+/lUJvdbyoUeUpKm:a+cUlFHRS4xVojdzUZZbQ+dSVbyoUe4

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  53ae5fb8b0c66f6ac36a04c508b11489dc95a8fc1821d5e3e03b969e157d0706
- Size
  
  2.3MB
- MD5
  
  4f07d06694cc4ef62d4fd19f04074be8
- SHA1
  
  8c19d66270f3e0b6101a3f7c0c2196face43f96b
- SHA256
  
  53ae5fb8b0c66f6ac36a04c508b11489dc95a8fc1821d5e3e03b969e157d0706
- SHA512
  
  9ed669787f6c2a051d2321a1fe23bb0b115f8824e584e5fb8528dd3287585e9c80b913083f86e9e6afe7bb8ea2261dcc09e750dd53f176f77e61a4de48fbc27e
- SSDEEP
  
  49152:amrcH0lFcE9RSPgVLVwHYKDXtzUZZwgm5OxRY+/lUJvdbyoUeUpKm:a+cUlFHRS4xVojdzUZZbQ+dSVbyoUe4
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/INetC.dll
- Size
  
  24KB
- MD5
  
  640bff73a5f8e37b202d911e4749b2e9
- SHA1
  
  9588dd7561ab7de3bca392b084bec91f3521c879
- SHA256
  
  c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502
- SHA512
  
  39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a
- SSDEEP
  
  384:wv1j9e9dEs+rN+qFLAjNXT37vYnOrvFhSL+ZwcSyekzANZBJ:w1AvEs3HBLzYn29vYh
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  68b287f4067ba013e34a1339afdb1ea8
- SHA1
  
  45ad585b3cc8e5a6af7b68f5d8269c97992130b3
- SHA256
  
  18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026
- SHA512
  
  06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb
- SSDEEP
  
  48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  cff85c549d536f651d4fb8387f1976f2
- SHA1
  
  d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
- SHA256
  
  8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
- SHA512
  
  531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
- SSDEEP
  
  192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  CPUEater.exe
- Size
  
  446KB
- MD5
  
  65eb0f2cd5494dbf0bd25f84a50d9b67
- SHA1
  
  ee8da00ea9f5c3a4cdf458c9ec84c547d6d498a2
- SHA256
  
  9f90d547c9c4b4566282b3ef5ee9c8efefea8dfa46d2dffda1b9ea952f73a560
- SHA512
  
  4923ee27d40cd545b20d5f46042d26a0b0e4c24a67997b7af2843c207937905ab291b05202e1cf2b36e33650b613fb8346c9853c90a6a28ae82bda1ba07f2baa
- SSDEEP
  
  12288:DO1I9DE3KvKjKV0kfpDglwPqiuF6xzzzzzzzSmilCyK:rssDgl8pxzzzzzzzRilJ
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Insights.exe
- Size
  
  702KB
- MD5
  
  7fa2de0bb7c54147759f6db7841d098e
- SHA1
  
  cb2f7481b490ec968835680f125f3417542be2fb
- SHA256
  
  5a6ab5cdfbe7f9773fbcf9761c1314c947a62c7b9d36ad3b1d8b8f39160480ff
- SHA512
  
  d709c97952b0fe9f1dc34391907fcc47d505ac0baf951a8b2a30641b848ca4b3e59423514fa72c3521944abf6e9d342f81ed2ca56ffedcb6d8e6e96be42d2e41
- SSDEEP
  
  12288:+G/7w+Hsk4PRwRrI+Alr2muARs1mqQ8IWYYiT5TBGNjvmRAQqjDh63Y6JP3YOBwG:MYOBwDp0i/xMO
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  InstallHelper.exe
- Size
  
  691KB
- MD5
  
  2787bc3cedbca90e1656331739f8edf8
- SHA1
  
  5312bf35233fe5da1b73229cfd93fb61c45e5305
- SHA256
  
  2ddc7aef5084908aed820e0e93d9a532f2530f2bb87b69433182409add2cba1e
- SHA512
  
  4ea3b207b85bc8b10e2a2594441edf7e5934fa254516cd986172d3f5365d4df63de95bd50a61f277e0031cc943e551a3dfcb9d49ebc77f078ce2754a2db26b34
- SSDEEP
  
  12288:zlS9ZqF3qrkm0DeioUYArLa0Sf3PGidozPPEOUOVjwpLm8Nc9y/V6cmM5ENvMYtJ:zR4pqHeGGZ4QwUqz+3zA
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  LogViewer.exe
- Size
  
  726KB
- MD5
  
  df9d49625d9e52d1e1316305ed8e187a
- SHA1
  
  62fd185382f62b7160d29698bd22e3f56b8fc863
- SHA256
  
  cbefcc67db26bd714b6db827d1611dde6101cd65adf3516f999f8dc9def2b795
- SHA512
  
  737c7780b9c352e798d853d432112793607ca2d165834a321450c900659de4e4455a9f03863461228dbe669b5ce61fc999d1290189a739a0c60e5d6337a0d988
- SSDEEP
  
  12288:YLvH7LvSFU7PzaauWoRXv/+Izgrnh8FbDywHdeCHDRuoliPWanKx3HYL:YLfQnQjhkDy4de2Rtl4TKNYL
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  ProcessGovernor.exe
- Size
  
  1.1MB
- MD5
  
  123b2650e9762eb0cb429c17ec78e813
- SHA1
  
  7bb7c7635fc0dc7039f84fa00381a67a35c8db03
- SHA256
  
  958d836c0f808b138a0342e0f72b014a5b17ddccdb9402f9b3120f2df0f25651
- SHA512
  
  ae8ead239575ca506ead1744787bc8facd710f228242608fc24c381354ed7ffb63c3d4d9648b90cc6017dbb3fcbab226a89d34c4d5d93383b7dfa864fe0491a7
- SSDEEP
  
  24576:sHXZ2WvvwJgsEUhTG0GdxLVtUPxFU+0dZwc/:FWnwJg0hTG0Gdxxto/U+2Zwc/
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  ProcessLasso.exe
- Size
  
  1.6MB
- MD5
  
  b8a429468bb95c26e098d21236f59802
- SHA1
  
  4a194da81048838ca206cd1d031e16cb2a8577d0
- SHA256
  
  584265faf87ed4497174c080771dbd11c3b3f944d9985f8a46c4ca1a34a2c02e
- SHA512
  
  c1c4fb9e35c2176985ded3b12e46a3bd6ce4af6436f7b28fc59a6e43f686c09077a157e808a3225648b6a3d56eadd5f7d3ed84515ed7f28f4b092bcca54204ed
- SSDEEP
  
  24576:15/XG3av/BcYkFQ37EfIRAmtyMCGV+g+MgCO5WPMVL:D2qvQFK7EfIRAmt5CGVqMhO5+MVL
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  ProcessLassoLauncher.exe
- Size
  
  360KB
- MD5
  
  055adb91ebbc777d28fff7ddf93dac82
- SHA1
  
  eb19560e3a64e5238eceb5b842d7e932faf2cee8
- SHA256
  
  287901f6ddc4f4d29be6f54fd6392107e5491834a31db3a87b4a3207774e5ceb
- SHA512
  
  e2a94f56148939602d9ce0dc7dfd1b0e5465e35b1a12492e0d3b4660809734d2c9fccdefc7dbd98979c0f810ef0a0247ad5eaf9d83a6cf5391ab9e2e7c2ff9d3
- SSDEEP
  
  3072:uxPu2bzwwLVPpV/1B3l32C7kBicIQ7IM7sv3R+k7HoZ7WK7TNNs0:J2HX93x3/mIZ+7WGzs
Score

5^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral21 behavioral22
- Target
  
  QuickUpgrade.exe
- Size
  
  420KB
- MD5
  
  00c57ee3d3c2aaa6fdb3641e82adeace
- SHA1
  
  2c34d7b38906e64c910e50bd8da2ad81a3f3aeb4
- SHA256
  
  1534c055b0ac5d405fd71ceba3d94195a8e00187381323802da572e2cbe0ac79
- SHA512
  
  8ba7a3efb71e4e3c6dc7fb1acc9334f7235d893b44f0ad482f4061d48729357d39d6fc8a76438cded589adb3e730842df86e73f16efa2f638558351a3c14e940
- SSDEEP
  
  3072:vnVUdR/0SFEDIFfajzAkvLlWCFWVv4hND0YVPIMkbYv2k7HoZ7WK7TpiI+nh:tSJLEDoagRCFgv8jkcv27WGIxh
Score

6^/10

discovery
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral23 behavioral24
- Target
  
  ThreadRacer.exe
- Size
  
  478KB
- MD5
  
  b220d873b0699ffb88cd304ec10c4b4f
- SHA1
  
  cfdfb5d3b4619ed9e2ac30b687edd4da95613dad
- SHA256
  
  27286a84e6c0ab62370512c01f49f931021dc065d8f5765097cc9ad1f7ee3f48
- SHA512
  
  6bdef827ebbfdaba2e8cf09ffe208eea6f0ee84f54767b626984a9065032d6135aa227c5bccf6d0f7db875ec85523fe4552334197a0359c5efae8e71db1fc24e
- SSDEEP
  
  6144:SnWk5jseCCDm+Yvvu4cd89IbSP1Zq7WGYKG:SU8Yvvu4cbb1KGY/
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  TweakScheduler.exe
- Size
  
  580KB
- MD5
  
  dc16492503af9ba9a7316afe2860804e
- SHA1
  
  5e5447ad414d773d15dc3d35b6f41c984b9e8c4b
- SHA256
  
  6a63c86a3911f68c62b81182d49d770a113eb85bdeba353d80d813b80d13ad37
- SHA512
  
  19dbfd600d0336f1ae808cf351d4db2d4ed551b2039db65d829bc04092ab43a2e1040a0a32cd231dba3f2f88262515a2f874d6559ae4bd88a5ad2c7a8b11ce7f
- SSDEEP
  
  6144:vIsGORTYaQjGDrm+tve88seawyGEg7ND0SWFWOR32bOQIJqEufHGHM21N8d1F:vnTzt5GyGEgRD0hFboHEufH+Od1F
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  bitsumsessionagent.exe
- Size
  
  140KB
- MD5
  
  241a69a9df504f5f434341968ea2eff3
- SHA1
  
  82e5946b9df6f189d3f20cb2f5aeac1144301ef8
- SHA256
  
  eb09cd98819754b76790883bf786a79f7a8fd6fc0fe6d0be0bd3c7ab54291ae5
- SHA512
  
  40a6fd406a618f40cf6414908f37c9091ef0198715f292ec05865632fb4270dac81c327426598fa678961f4776f04fbfee6979f1a3d29796741d61a68a29349f
- SSDEEP
  
  3072:jepjxyGHB0w0VzHaBrP3H+EoAeN1Xz9aMF:j0ye03a9PU5Ja4
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  pl-update.cmd
- Size
  
  40B
- MD5
  
  cd60ccd708d428df44ca1d454ad0d68e
- SHA1
  
  83e3fb9ef19c7d3faabc0b391f96803652fda425
- SHA256
  
  ab965ed0402b4c474fe6c988afee9957c5494c687745114fc80d1fb70fb071bb
- SHA512
  
  b400530473683de0f7cba3f206b38ba1a0a4d3156a06168c3db0391eb33be1cb6fa65e736c746067aac394d538fc35de8764c30978734bcf4e84392b3294c10c
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32