Overview

overview

10

Static

static

7

48c616cbb1...9e.exe

windows7-x64

7

48c616cbb1...9e.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/gpyapi.dll

windows7-x64

3

$SYSDIR/gpyapi.dll

windows10-2004-x64

3

$SYSDIR/gtapi.dll

windows7-x64

3

$SYSDIR/gtapi.dll

windows10-2004-x64

3

$TEMP/Goog...er.exe

windows7-x64

8

$TEMP/Goog...er.exe

windows10-2004-x64

$TEMP/Goog...ed.msi

windows7-x64

6

$TEMP/Goog...ed.msi

windows10-2004-x64

6

$TEMP/setu...20.exe

windows7-x64

7

$TEMP/setu...20.exe

windows10-2004-x64

7

ies_uni.exe

windows7-x64

7

ies_uni.exe

windows10-2004-x64

7

iesuper.dll

windows7-x64

6

iesuper.dll

windows10-2004-x64

6

UUPlayer.dll

windows7-x64

3

UUPlayer.dll

windows10-2004-x64

3

UUSeePlayer.exe

windows7-x64

10

UUSeePlayer.exe

windows10-2004-x64

10

bass-plugins.exe

windows7-x64

7

bass-plugins.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    48c616cbb15b33f9f8001ae8074e8f68657f604bb20b923ddb6722f752427a9e

  • Size

    5.9MB

  • Sample

    240822-hmj91sxblq

  • MD5

    b6a1d4830b73825b6efe9ce64d4ca02a

  • SHA1

    4ac4be0396ce87ffb640e75ce13ba667617dacaf

  • SHA256

    48c616cbb15b33f9f8001ae8074e8f68657f604bb20b923ddb6722f752427a9e

  • SHA512

    18baf5c36a673c6b138a355fa78b3b5339e363df6a19250d680500bda4685ae72bee0de5f6868379768ba268e4ba511135458f18170985567f5cd5c13b2eb077

  • SSDEEP

    98304:jCfphzIjedVG0G16pvDNfK4URgpHH1a3B78CUGRSICkgn6x5ls7vGnOLLCdO9Rvx:jCxhzIya16RRf/11QR4oSrznG5CisCdg

Score
10/10
adwareaspackv2discoveryevasionpersistenceprivilege_escalationstealerupx

Malware Config

Targets

    • Target

      48c616cbb15b33f9f8001ae8074e8f68657f604bb20b923ddb6722f752427a9e

    • Size

      5.9MB

    • MD5

      b6a1d4830b73825b6efe9ce64d4ca02a

    • SHA1

      4ac4be0396ce87ffb640e75ce13ba667617dacaf

    • SHA256

      48c616cbb15b33f9f8001ae8074e8f68657f604bb20b923ddb6722f752427a9e

    • SHA512

      18baf5c36a673c6b138a355fa78b3b5339e363df6a19250d680500bda4685ae72bee0de5f6868379768ba268e4ba511135458f18170985567f5cd5c13b2eb077

    • SSDEEP

      98304:jCfphzIjedVG0G16pvDNfK4URgpHH1a3B78CUGRSICkgn6x5ls7vGnOLLCdO9Rvx:jCxhzIya16RRf/11QR4oSrznG5CisCdg

    Score
    7/10
    discovery

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      b18dfaded8f6d2380fdfd8f6b6969211

    • SHA1

      969fa0e906240ab1123254feeb833c275626cf76

    • SHA256

      747d0222b652dbfc85e0de4f8486473662d325a55e32c7eacb91e53e37ceba58

    • SHA512

      25fb09b8657997d31e61c908f1cd08357c1a1b68bbb1ba377e87b6a3eb347a2ef96c1a771b6c4332853abb33728c55c83efa73df5da03f3dfc132f8a69a2886c

    • SSDEEP

      192:66JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTLK72dwF7dBdcQOz:66JaVh4I5rpPbTL+BdhO

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      32KB

    • MD5

      83142eac84475f4ca889c73f10d9c179

    • SHA1

      dbe43c0de8ef881466bd74861b2e5b17598b5ce8

    • SHA256

      ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

    • SHA512

      1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

    • SSDEEP

      384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      810f3a0aefe36a9f63e29e604bea91a9

    • SHA1

      2559d3d4adf51f8ecbe2d07e669e344eb7d0bd80

    • SHA256

      f160eb7a1b4eb8d2e99e7424ae058acd81ba5019e43cbfa0ce81e3102b356779

    • SHA512

      836b73c38ab60260e1bc81ebf8347e14d02453fc361b7d6f10f137287b8189f8bc43758ce2d9def8fd1c71112aab7ef1930af2d64ae69f6d4e58a6fe17b310bb

    • SSDEEP

      192:CO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1argMO:XKAFERdlxhGRYUzqZar

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $SYSDIR/gpyapi.dll

    • Size

      40KB

    • MD5

      93d300348d2a6499ec7c4d1f8538c22d

    • SHA1

      3e011ea8ca5c44a4eb94d5911399730e577cfc31

    • SHA256

      88e111f10d36d7077ad6a2b6f4fac1727e625006ca0d6eb075c31559e23a4839

    • SHA512

      b96892c0b0fc5cae26a764259c93fe6e50dc48bd8c74ec0cc9a6de03bac9811df4085d37113166cc5bf9fb12432914e5bce62165781393a7d5485bd41490a60f

    • SSDEEP

      384:e223N+lhaenaPM/7rsECCXaTxR0bbggI7HsLV+EmmNp/VY4kiauVV8umrZrvADhx:e2Pqu9BFHggI7HsLcEmmNpEz5rYDh

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      $SYSDIR/gtapi.dll

    • Size

      44KB

    • MD5

      b19256632fd0ba5bed01e80e29402384

    • SHA1

      a4b72c88e688f53c7d3c0caffca37b65fbce31da

    • SHA256

      0de25aa419acd2f9534ef03de471d034fe89697e7d8405965b3e6e0b044ae3ad

    • SHA512

      052bf2f799977ad119c354b809001827f0e33d6122cc2eec02c15a5d1b50c57af4af38c5eed3c295ac3a7cc2604b4bfa89f3739f5b512046ce5b0326ff897f5a

    • SSDEEP

      768:mfQ6MpT8MNWNR+mLMTyyfFtEJuxorYDaY3:sQnT87z+mLwyybxTD7

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      $TEMP/GooglePinyinDownloader.exe

    • Size

      77KB

    • MD5

      1465ec3df8e8ab31f89fa32bcfaf07da

    • SHA1

      73a36f944fbe18a2b3308e790e1948db8a811ce1

    • SHA256

      e3c8772f34c183545cd6d643e8c1b28aeea0abdfb4ebd02b167363fb31195106

    • SHA512

      911276cbad2f32acd34af6c71e1cbd7c6204a4f0aad93a30fb1104d82469e620de878f292ffc406a8e8f8ce05dfe315e496844e8720b3cd74762163f6d7eb25d

    • SSDEEP

      1536:afppeVwsNT+W7Nv1KDMQ0jwg+rZGjvBtulY3ha:a+XwghQBNIZtulYk

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral13behavioral14

    • Target

      $TEMP/GoogleToolbarInstaller_zh-CN_signed.msi

    • Size

      1.1MB

    • MD5

      ec1629e2086cad6ccc4c995630896213

    • SHA1

      e0e1f7720072b85c04318d6d15b595d7e8f52670

    • SHA256

      101fc387cb284a27c943ea087b751aefb5c106a214253b7e29e7381da95beaee

    • SHA512

      3f7157a25a2d1f1fc345e9138ed5c1f17805256be985e8cfe54c60cb5a11d62e13472bdeee187c7b13e5746c8d9e08359d929410d3b5e5ab204cf4f91c02d9b1

    • SSDEEP

      24576:FBkI5/nyOeMDyWd8Dce5HrY5w6Rsa31L5Dh66NIXiQcAqHVIYzgD:jhyOeMPacWHruwOsa31L5Dh66N+iVh1O

    Score
    6/10
    persistenceprivilege_escalationdiscovery

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral15behavioral16

    • Target

      $TEMP/setup_iesuper_1020.exe

    • Size

      164KB

    • MD5

      2b869f2b00da6bd7fca714acf29c45d4

    • SHA1

      9d9364cfa3b9c497dd5ed96268ec607aac6c587a

    • SHA256

      15b3b4b702cc2a3d3b2f9fe0d2887b207a7321f2bea41d14aa67541ac06807bf

    • SHA512

      85d78560b46fb4a3687566a7ed56f1fd44ba9001351d1eb040feb25fc8b9fba63f88704cd4344bd943330b749cab88502d9906cd1e35c0266a6e7db852904124

    • SSDEEP

      3072:HtbKWzPmJbK5eqOllIx3fchSvJ9Q2cXvw0c8kSLK3NbkoTmOsZDWF7eAYa9Uxfh3:H1AK7vpfcO9t4vwokuMbqZeCXa9UNhmS

    Score
    7/10
    adwarediscoverystealer

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral17behavioral18

    • Target

      ies_uni.exe

    • Size

      52KB

    • MD5

      2cc8578a6b955aa273cebf117f9945b4

    • SHA1

      8cba806a7148748bb63f0c9252730effd9efb681

    • SHA256

      a4dd14b89d2167c69ee58591825081563b040a57e52bbafd1e364d8ce6b09f66

    • SHA512

      8be4839dd5276e4b41c81aee04b8270b7c4d3fdc6b6008d31c51d05fbc64823344963a69322f265346e1b7e627bfd103b1a38531d03dc4d95968785385d2c3b6

    • SSDEEP

      1536:1Oup7DCUaAVrEnWzuuLmJgMKH7NeYRNOllz:HtbKWzPmJbK5eqOllz

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral19behavioral20

    • Target

      iesuper.dll

    • Size

      296KB

    • MD5

      c005c3255a6207df7866eaf6a21321a2

    • SHA1

      f02b3b3e213dfccef233ee41514a799d88c2b776

    • SHA256

      d9cc7ce178d584ee18d01df20310b7b84e6cf2a0e1ad20d713303033a04e7d72

    • SHA512

      84d5256ffc9195a444f312c9360249fd85ac1bab4f98915e4d207870a02e2e995fdbb1f502bfcbb52701b1ae121d37d9d583360c9e37d11402edded1547ee299

    • SSDEEP

      6144:6wU0ydYlu19HNrG8I8i9bCiNOzvzLvtpmowIksm:e0zurNrqtSz3jy

    Score
    6/10
    adwarediscoverystealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral21behavioral22

    • Target

      UUPlayer.dll

    • Size

      163KB

    • MD5

      2bb9e0b854efbe6e5f273d01ee82f998

    • SHA1

      1a829fbc26b8690a6402ed1c8026850962849512

    • SHA256

      026e89aa3a28249cbd5d7559ddb5f147788d487a1c5854f450b09edc236f263f

    • SHA512

      f5f1397a3ee990e6339baae9e79b58cd2113483a0260fb83969eaa3c589e5deab384f5fc69597c505727d458d5253f9ce99520a8f68eac1b62dacb82896a8d51

    • SSDEEP

      3072:uuw06OhI8Vfz+7ca7UhS0AnJal6MdbswEG1cefUTNe6yIBYtJ6TLT9XB69MO25Z4:uuwBBibnaAzAnJal60szkus6UtgZXw97

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      UUSeePlayer.exe

    • Size

      421KB

    • MD5

      9ab0941a1c54567373b6afed3f2ed491

    • SHA1

      e0b8328027c65d4904e63124f80dc69e77ec0e6a

    • SHA256

      b99716d09b8aa83e4cad5d9d889a144ddb04f8fe1f7f5bb58c656d873c3d04fb

    • SHA512

      e79491c9c88775a735c9190d7a3d0536b62f62255f8da947358442309916a873d6923fa74cec237a1619ef12ecb2488b61394fb2058f3771ce621d7824190725

    • SSDEEP

      6144:wk37CXfkVQp0lV731pO8nhJFSVpInCOXJYE56NnGrpk3iRYjZt5Bo:D7CXff0lN31NtWsYE565GCSRYjZt5Bo

    Score
    10/10
    discoveryevasion

    • Modifies firewall policy service

      evasion
    behavioral25behavioral26

    • Target

      bass-plugins.exe

    • Size

      2.7MB

    • MD5

      9bd61ba44c6d933a13564cb8fe37bd22

    • SHA1

      8577baa06556c0403500960b8b387e6cbf62054d

    • SHA256

      4e5fde71a3b20b8c15726d06a57513d610a999af558e8daa305e60ed68cc4abb

    • SHA512

      a70ce11a7916954074634ee40d0c9a9b0416830d9e03739dea0251d8f532790183eae8f1c2d15e1c92c214f79e9e1054cf524cdbfc1915a06a3759f3d52976df

    • SSDEEP

      49152:pPzTBtrWHIjhNuCUZ39eRr+ICkgnMCJqZx5Rn6JLJB8OFW6GnOLL6J6kPK:p3B78CUGRSICkgn6x5ls7vGnOLLCi

    Score
    7/10
    discovery

    • Loads dropped DLL

    behavioral27behavioral28

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      b18dfaded8f6d2380fdfd8f6b6969211

    • SHA1

      969fa0e906240ab1123254feeb833c275626cf76

    • SHA256

      747d0222b652dbfc85e0de4f8486473662d325a55e32c7eacb91e53e37ceba58

    • SHA512

      25fb09b8657997d31e61c908f1cd08357c1a1b68bbb1ba377e87b6a3eb347a2ef96c1a771b6c4332853abb33728c55c83efa73df5da03f3dfc132f8a69a2886c

    • SSDEEP

      192:66JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTLK72dwF7dBdcQOz:66JaVh4I5rpPbTL+BdhO

    Score
    3/10
    discovery
    behavioral29behavioral30

    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      32KB

    • MD5

      83142eac84475f4ca889c73f10d9c179

    • SHA1

      dbe43c0de8ef881466bd74861b2e5b17598b5ce8

    • SHA256

      ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

    • SHA512

      1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

    • SSDEEP

      384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+

    Score
    3/10
    discovery
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

1
T1176

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Installer Packages

1
T1546.016

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Installer Packages

1
T1546.016

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

3
T1112

System Binary Proxy Execution

1
T1218

Msiexec

1
T1218.007

Credential Access

Discovery

Peripheral Device Discovery

2
T1120

Query Registry

4
T1012

System Information Discovery

4
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

aspackv2upx
Score
7/10

behavioral1

discovery
Score
7/10

behavioral2

discovery
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
8/10

behavioral14

discovery
Score
8/10

behavioral15

persistenceprivilege_escalation
Score
6/10

behavioral16

discoverypersistenceprivilege_escalation
Score
6/10

behavioral17

adwarediscoverystealer
Score
7/10

behavioral18

adwarediscoverystealer
Score
7/10

behavioral19

discovery
Score
7/10

behavioral20

discovery
Score
7/10

behavioral21

adwarediscoverystealer
Score
6/10

behavioral22

adwarediscoverystealer
Score
6/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discoveryevasion
Score
10/10

behavioral26

discoveryevasion
Score
10/10

behavioral27

discovery
Score
7/10

behavioral28

discovery
Score
7/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.