cc2dcc5d8ca7223ffb3319943591ef4d917d83e75c2cdfaa23ae240f72bb4264

Sharing

Copy URL

Twitter E-mail

General

Target

Loader.rar
Size

54.1MB
Sample

240824-aytntsxhpp
MD5

dadb35fb7434c61b7d3fc4a866ada96c
SHA1

c8405af86d72e52a70d9ad36566d42a8b70bbb5c
SHA256

cc2dcc5d8ca7223ffb3319943591ef4d917d83e75c2cdfaa23ae240f72bb4264
SHA512

139ab97b5a1a84c6d797f6b3228558b4b15a2a0f7c8cd8b6f3fc36be5cb4c73094e8404ed45a13ac15c8b88411087952006c7d6fb6b6d6611d6a68479bd35833
SSDEEP

1572864:/omDCTre9yXJ58dI00CZYozWdV8tizQvgQ3N9ariA:wmernJ5qJZnzBSQIviA

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  Loader/Monitor Spoof/CRU.exe
- Size
  
  1.2MB
- MD5
  
  0f69af48c32613f73c6acb87a7d18661
- SHA1
  
  0756ae84f3b58aec29f4b9a2888624ca879f7856
- SHA256
  
  0351a943ca93558ff36f74c3f0c768dceb724e833e282abcf1be5b2e71d5c67b
- SHA512
  
  2b30c079831a30683aabc0effa6bb60c84a960c2bcda1ce5da204bebc2050a359ec2cf36df426a0d227165afb9c4b9401fd0316b2504394c7876ed177fff2377
- SSDEEP
  
  24576:tLEWuIj9T0gR1U2vfVD8sA15qkJ1K3mbDQca9L32GY:twfIj9T0ujvTO6L3
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Loader/Monitor Spoof/reset-all.exe
- Size
  
  51KB
- MD5
  
  3d47586c62bf61dac639d8cc1bf43ee7
- SHA1
  
  36f605e1fb7cae972c6723ded6a5f126f36a8d01
- SHA256
  
  70639c195430afb92799d711ed784406bfdfd04c648d5f3e4d9873da0063660b
- SHA512
  
  638a75c0159de8553e8071a68b5a4355bfc002489d9ed62bfbb1019d287073a555133bd4a55abd68c51b3e2a1616f586a26998ce32ade322cd72ffeab5ffe105
- SSDEEP
  
  768:Jd0XBRNU+hV81e14G8xGvMhBmqVHhc6ZrLy01fA5Egt2rHNZAEDFn27DQNE5B:b0XbeQ8xG0Kqjc6lLFfSortZBMDu8
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Loader/Monitor Spoof/restart.exe
- Size
  
  63KB
- MD5
  
  8242ce426ad462eff02edae1487a6949
- SHA1
  
  9a4f382d427e0de729053535aaa3310cac5f087b
- SHA256
  
  b68ee265308dc9da7dbb521bb71238d27ac50a5ee816f21c13818393be982d7a
- SHA512
  
  aff43a78d29ede49eac386d9b0b44d0f37d5a20bdda8553369d68dec90bbc727c6dd8fe239987a9d2e3affaeff8b72b5023ed973d7aecfbb99de46dca8c99ef1
- SSDEEP
  
  768:xa+/MMnf2XivrjhmxEQSQIjDaGva2XaT+CSxKUAch9Itvo7vq2XFelWn2iED5Vx0:xa0wstmSpDaGS2RCSxK28otXFQwUx
Score

5^/10

discovery
- Drops file in System32 directory
behavioral5 behavioral6
- Target
  
  Loader/Monitor Spoof/restart64.exe
- Size
  
  73KB
- MD5
  
  297aa19bade534a791d053ca190b74ad
- SHA1
  
  15cb6a33994f75fe9e30a2afbc8a7e4616b63962
- SHA256
  
  5f779bb822aedaf5bd11693cdf73f6c7c3342f37371a78c07c2aca1e15dbfd00
- SHA512
  
  df883950c598f31b81f22a68b2a9fed7459dcad5084ec6e39399658b0492bcc458d9fc5bb80fda6bc994bed3241f969fc67a0b8e021fb82b040455d64776c625
- SSDEEP
  
  1536:8vXMJl7uRupZzidl/T+Dnx86Rpy4roKsIrryeq3OTM:8vMJl6RAZu/T+7x8qpRM8rNcOTM
Score

5^/10
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  Loader/RUN ME ALSO.exe
- Size
  
  288KB
- MD5
  
  2cbd6ad183914a0c554f0739069e77d7
- SHA1
  
  7bf35f2afca666078db35ca95130beb2e3782212
- SHA256
  
  2cf71d098c608c56e07f4655855a886c3102553f648df88458df616b26fd612f
- SHA512
  
  ff1af2d2a883865f2412dddcd68006d1907a719fe833319c833f897c93ee750bac494c0991170dc1cf726b3f0406707daa361d06568cd610eeb4ed1d9c0fbb10
- SSDEEP
  
  6144:kWK8fc2liXmrLxcdRDLiH1vVRGVOhMp421/7YQV:VcvgLARDI1KIOzO0
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral10 behavioral9
- Target
  
  Loader/RUN ME FIRST.exe
- Size
  
  24.2MB
- MD5
  
  101b0b9f74cdc6cdbd2570bfe92e302c
- SHA1
  
  2e6bae42c2842b4f558bd68099479b929bb7d910
- SHA256
  
  4dfe83c91124cd542f4222fe2c396cabeac617bb6f59bdcbdf89fd6f0df0a32f
- SHA512
  
  ccf4fd7da2c3440f1bc7fcac67c8a12599eab8d5c015affdc2e439fa30f5c7868ef5f52ede058361faae37ccc4af2c17c0adf30b8e1f852bb7106d0ec7162506
- SSDEEP
  
  786432:urp+Ty2SfUfnbu+zMFy/7zYgWXRLTArzttOaaFC:Sp+Ty2SfWnPzMFO7zYgWBLbFC
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral11 behavioral12
- Target
  
  Loader/SecureEngineSDK64.dll
- Size
  
  28KB
- MD5
  
  6d8722b257230e3f691197715ec2b4b1
- SHA1
  
  bf141f3aff5b5e1cd2f02a5d81125931ba4a842d
- SHA256
  
  175a75ca524b269b25fb5144dc0abb4ac9b1673852df3abfbd4f6c449e01827d
- SHA512
  
  b6d077c57780ab6d58649cee36a1016573adfcafcfa8c823297a19f8bb1d1ea0c1b613044076bcd805a0c18dc37a78208ebaa4d0e19c192b65415028355f1069
- SSDEEP
  
  192:3Mi08s5GvuxBdzbNEQaSpqX5xS5haVWUcSAfMVIBizxhv:cdZxBhaHfSsA0V
Score

1^/10
behavioral13 behavioral14
- Target
  
  Loader/libcurl.dll
- Size
  
  497KB
- MD5
  
  65fbb7674548d159e5bc1c5bb5dda427
- SHA1
  
  87ae6fe4045bb4d50def309b24c96930b63b89b2
- SHA256
  
  b3548dc70f66694e37b10ff26237a0b8d553fe6e1ad55565893878f2455a18bf
- SHA512
  
  f2f096cde7cd03401f48b947a4dcdb0557de50483e6691bf1b46f20c5029b0b91e625aeb1a1357f195eb6d75cbbfc4b2eb0960a3dc2efd91a4835743783d6655
- SSDEEP
  
  12288:Z+YFNRqjLSbhPgVJlWbSsDU0Eah0KJdHFWW1moH:Z+6hPy2DU0Eah0K/FW7oH
Score

1^/10
behavioral15 behavioral16
- Target
  
  Loader/spoofer.exe
- Size
  
  36.8MB
- MD5
  
  dfc9582152b2becc8601392cc3d51e51
- SHA1
  
  c2b9699c4bb10d2cccd875738565376d1e72197a
- SHA256
  
  7cf098964539194825339be0bfd2e3190be8f51cb5506cc2c53977c507f201a2
- SHA512
  
  11bfc5988ef7516bfd1464d05bbb41266e9705d438091b672d1f0143bf38dee85953cbb7e73790df8b084af76b10010e7dfe2ea419552e55b052d3efda5daf8a
- SSDEEP
  
  786432:4vkriFcxXaqOq0nWWKPn4jxd4X/BYbePHutE:4nKaqOTCn4i/BHPOt
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral17 behavioral18
- Target
  
  Loader/zlib1.dll
- Size
  
  85KB
- MD5
  
  6b2cfe74852195fb8187f368b74f7635
- SHA1
  
  e23e54714355b852726e81a17c444059e0d1339c
- SHA256
  
  be93482393ca7d2b440d5559d86268758dadf2f13899978e0271ab1db06b8091
- SHA512
  
  6f3ffb5baf6d89ecd76fbdd949327ad12bcfc25b973dc81df498033e3dd65e4bb9774d696e4059abd336dff3cb219ed5a36d38e2e0f63dae2db22c96c359ccd6
- SSDEEP
  
  1536:kTHRfzojvOeiRMPrpbAE1ApOal2qk0MGmnToIfUIOcIOYGW3wY:UBzojvOeiRMTtAEepOT0PSTBf6SYfwY
Score

1^/10
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Drops file in System32 directory

Drops file in System32 directory

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Drops file in System32 directory

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20