Overview
overview
9Static
static
9Setup.exe
windows7-x64
8Setup.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$PLUGINSDI...ss.dll
windows7-x64
3$PLUGINSDI...ss.dll
windows10-2004-x64
3$TEMP/Droi...32.msi
windows7-x64
6$TEMP/Droi...32.msi
windows10-2004-x64
6$TEMP/Droi...64.msi
windows7-x64
$TEMP/Droi...64.msi
windows10-2004-x64
$TEMP/Droi...86.exe
windows7-x64
7$TEMP/Droi...86.exe
windows10-2004-x64
77-zip.dll
windows7-x64
37-zip.dll
windows10-2004-x64
37z.dll
windows7-x64
37z.dll
windows10-2004-x64
37z.exe
windows7-x64
37z.exe
windows10-2004-x64
3AdbWinApi.dll
windows7-x64
3AdbWinApi.dll
windows10-2004-x64
3AdbWinUsbApi.dll
windows7-x64
3AdbWinUsbApi.dll
windows10-2004-x64
3General
-
Target
Setup.exe
-
Size
278.4MB
-
Sample
240822-p25mtszhrp
-
MD5
9dacbadf533162eee3232c6145379ad9
-
SHA1
9829f28df6665d9151bbb220859793195b22eea9
-
SHA256
7d16afe9c55f554a56e3e5475b7232aedfba3aff39ebb8f4000742a5a17011ae
-
SHA512
1899f9f7ccdcb7a153dde45542ae7aaf7efea4a80378dca7bf5d9ac4f2528c1f96e39ddc16e297e24e9f43e42fe2caa805358ec858a6325ea0122de95ede80b3
-
SSDEEP
6291456:1JFmXt8OwI1I7anuE5JMUmx12H5XnDjgeitIvWmNR2:Dct8ONIenuE5JTmxoZTjgHoWP
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240705-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win7-20240705-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
$TEMP/Droid4X/vbox32.msi
Resource
win7-20240705-en
Behavioral task
behavioral18
Sample
$TEMP/Droid4X/vbox32.msi
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
$TEMP/Droid4X/vbox64.msi
Resource
win7-20240704-en
Behavioral task
behavioral20
Sample
$TEMP/Droid4X/vbox64.msi
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
$TEMP/Droid4X/vcredist_x86.exe
Resource
win7-20240704-en
Behavioral task
behavioral22
Sample
$TEMP/Droid4X/vcredist_x86.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
7-zip.dll
Resource
win7-20240704-en
Behavioral task
behavioral24
Sample
7-zip.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
7z.dll
Resource
win7-20240705-en
Behavioral task
behavioral26
Sample
7z.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
7z.exe
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
7z.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
AdbWinApi.dll
Resource
win7-20240704-en
Behavioral task
behavioral30
Sample
AdbWinApi.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
AdbWinUsbApi.dll
Resource
win7-20240708-en
Behavioral task
behavioral32
Sample
AdbWinUsbApi.dll
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Setup.exe
-
Size
278.4MB
-
MD5
9dacbadf533162eee3232c6145379ad9
-
SHA1
9829f28df6665d9151bbb220859793195b22eea9
-
SHA256
7d16afe9c55f554a56e3e5475b7232aedfba3aff39ebb8f4000742a5a17011ae
-
SHA512
1899f9f7ccdcb7a153dde45542ae7aaf7efea4a80378dca7bf5d9ac4f2528c1f96e39ddc16e297e24e9f43e42fe2caa805358ec858a6325ea0122de95ede80b3
-
SSDEEP
6291456:1JFmXt8OwI1I7anuE5JMUmx12H5XnDjgeitIvWmNR2:Dct8ONIenuE5JTmxoZTjgHoWP
Score8/10-
Drops file in Drivers directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
325b008aec81e5aaa57096f05d4212b5
-
SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3
-
SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
-
SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
-
SSDEEP
192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score3/10 -
-
-
Target
$PLUGINSDIR/KillProcDLL.dll
-
Size
4KB
-
MD5
99f345cf51b6c3c317d20a81acb11012
-
SHA1
b3d0355f527c536ea14a8ff51741c8739d66f727
-
SHA256
c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93
-
SHA512
937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef
Score3/10 -
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
5KB
-
MD5
9384f4007c492d4fa040924f31c00166
-
SHA1
aba37faef30d7c445584c688a0b5638f5db31c7b
-
SHA256
60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5
-
SHA512
68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf
-
SSDEEP
48:iV6pAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Jlof5d2:2811GED5ZTvycNSmwVsTJuftpZR0Sd2
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/UserInfo.dll
-
Size
4KB
-
MD5
7579ade7ae1747a31960a228ce02e666
-
SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351
-
SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5
-
SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
acc2b699edfea5bf5aae45aba3a41e96
-
SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2
-
SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e
-
SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe
-
SSDEEP
96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
Score3/10 -
-
-
Target
$PLUGINSDIR/nsProcess.dll
-
Size
4KB
-
MD5
05450face243b3a7472407b999b03a72
-
SHA1
ffd88af2e338ae606c444390f7eaaf5f4aef2cd9
-
SHA256
95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89
-
SHA512
f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b
Score3/10 -
-
-
Target
$TEMP/Droid4X/vbox32.msi
-
Size
19.7MB
-
MD5
7f59758124f6927168fe6060e24aed0a
-
SHA1
ce9a9b9b1dd64f23c2f49ca5eae63dbc00eaa18b
-
SHA256
4db6e23f6a67d6dc8054f4132dcf5b366c9e2c24058b5bc7458cad62b5b6b1c3
-
SHA512
557183c30e303f213b1d648cf348c39c7255b56fba231f6d1fcd0d20f37e78e2e21ae98fa21bf876bf064af9df58bdf6c81a596249fde8354ba556f8faf72333
-
SSDEEP
393216:8OYMEV9Xi7Ftc/MoO3eg2/x3LpaqioutRmoVQnmvYFbpSuVy/dtOhqZ2DMn7:0r47FtckoOOT3aqPutsPnmvGSugP
Score6/10-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
$TEMP/Droid4X/vbox64.msi
-
Size
24.4MB
-
MD5
a70212c7b6c6508422f0ebbcaf28d30c
-
SHA1
3b87727ee01d4021d25fcaca689aef3b81f8d449
-
SHA256
71b3a3ec08233f7e8faddde27aad53b2fd541be3117be1b1992adda069c949c3
-
SHA512
42482a4f50d21a9882d126186d31af9c9c84ecae1d8b750248b054ab40b88451e49d6ff047d63f3c4c8482e7a297b7cb0795046c39fdb5069175f43f5a0b2a21
-
SSDEEP
393216:gFfY4jBbJDR8ypFtOwmULXuz7qBrRDp5nIlnsAA8kHWqP2rWZ7mObSk8QrCN1vhl:gJzJJDRxj71z6mrRDpJeyxHFr7Fg
Score8/10-
Drops file in Drivers directory
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
$TEMP/Droid4X/vcredist_x86.exe
-
Size
4.0MB
-
MD5
5689d43c3b201dd3810fa3bba4a6476a
-
SHA1
6939100e397cef26ec22e95e53fcd9fc979b7bc9
-
SHA256
41f45a46ee56626ff2699d525bb56a3bb4718c5ca5f4fb5b3b38add64584026b
-
SHA512
4875134c664503242ec60717232f2917edca20286fc4b675223edbbe5dc0239ebfaf8f67edd76fedcaa2be5419490dc6f47930ca260e6c9988ccf242416c204b
-
SSDEEP
49152:DQC7p7i0AY9PE1UJEfcnKiJ/K7+RIaCSi3haenvUvwwZDfimxQ02BhoZGxaJq8QQ:DLp7ilY9CQEcKz+kSixJvzwZeK2ggYK4
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
7-zip.dll
-
Size
48KB
-
MD5
f26d547ba386eb311269dcc9c8f5bc58
-
SHA1
1d9a90037b5c0cafa7834907fff08b6030f356f1
-
SHA256
8469c62689d0cbf6a6222245cebbdf93d00b148feeef89a44824db60deeb4e82
-
SHA512
03c9f0fdc7082476b015bb3e91e2d38bcdf2cfae242c612d06e6c335eca119144105224ed342627a789e5520a197f6c9d7f2d21fb29dd032b9774664dc21dde7
-
SSDEEP
768:amJDcy3s8FOA+GGOpVLBvGYSVFGJtJX4b4O7s5WvQZiDWa1ElD7whZK/CG:b2esjTGdWYSVsJj+4F5WZDWaClDshQC
Score3/10 -
-
-
Target
7z.dll
-
Size
1.0MB
-
MD5
e2bbe1d3fc7a945508c9c12dde0b0819
-
SHA1
6b0d91885a482056b14e4f410a970bdfb7ea25a1
-
SHA256
97a169f0fa3b447255475ac4dbfea935753c9f54e81a8a1563db84a2a38ddfc5
-
SHA512
0672162ddec34c31dec9e1a6efb603283fac987f7ba90f0f271ce2d74094b33ba7ae4c81678d0c48f30d293b2b3241d9756c8ef6dc1338f6cbda7769f88b2ff3
-
SSDEEP
24576:bmxEJAbl4UxkreWJvxrnpFwr7lGn3GgNiok2adu1tH+B:bJibl4USrewxrnp+fMH+B
Score3/10 -
-
-
Target
7z.exe
-
Size
264KB
-
MD5
c05e44965d82f5f2f887b9466760cbb5
-
SHA1
c8e805bace4a7be9bc3498a31034f54909262f2a
-
SHA256
1e3994903cde369371bb1d5fd8b410b05c74ead450f51a69eacd2e321cfa852b
-
SHA512
771c71847c73ccab88a6fac667b4a12a658e0b121dd7b109cccbaca52b79798087f010c08a1258fd142ff52534acd6ce0304cf39268e80eede968dbdd71b81e8
-
SSDEEP
6144:dEE/64dHsvO6xftbJKsUZ1RhINx23PMSEHYrPrD:CE/xAjftbgsUZexdo
Score3/10 -
-
-
Target
AdbWinApi.dll
-
Size
101KB
-
MD5
5abde136d977e153db425ca7c3134f88
-
SHA1
3cea022946e98277a4f679603e95f14ffab9b177
-
SHA256
86677a1ec3405204e945b21c4dc17bc2fc5dab9b2d7cf5f61f0817f17ba47d83
-
SHA512
e0d335c06de88493aa0c4a03c2cc6eed8283f5b34c5a0f0ad39a94aa375ea869a14d87bd2539df14f3c1819a876c855dc646845db8264b46569a5dc4bda86f9d
-
SSDEEP
1536:bpCxybY0FS6MqS6WvgD9xj03TabrFvY5J6sCGt+iM:bpo0k6ZWVTaif6sCG+
Score3/10 -
-
-
Target
AdbWinUsbApi.dll
-
Size
66KB
-
MD5
0062efdd212ff77216ca12d22b356f59
-
SHA1
440e31e18f2084a2b4b5445b04a6b39a58d9032b
-
SHA256
d591417e47274ed83865a94a866f742856c75e1e70b5d9422da3fdb8f82e8894
-
SHA512
f78360b5a46ae8fe82fc8573145417af61baf2be4e27246d9bb389f476c6f61217f4c10341daf34c0049e25f4d53ac4253cfb0476a991f3ae54a8013f1267699
-
SSDEEP
768:tLNk0yiFYWkgALpW+QvSugX0wUepQNXTQXdF+Q+An70edrqqOkIWyIELgr:8yY8wugEwOVEXdz70e4gIrsr
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Installer Packages
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Installer Packages
1