Overview

overview

7

Static

static

7

88d9e6540a...0N.exe

windows7-x64

7

88d9e6540a...0N.exe

windows10-2004-x64

7

$PLUGINSDI...ol.dll

windows7-x64

3

$PLUGINSDI...ol.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$R1/npstar...ep.dll

windows7-x64

3

$R1/npstar...ep.dll

windows10-2004-x64

3

$R1/npuuseep.dll

windows7-x64

3

$R1/npuuseep.dll

windows10-2004-x64

3

$SYSDIR/GdiPlus.dll

windows7-x64

3

$SYSDIR/GdiPlus.dll

windows10-2004-x64

3

$SYSDIR/apphelp.dll

windows7-x64

3

$SYSDIR/apphelp.dll

windows10-2004-x64

3

$TEMP/nsisweb.exe

windows7-x64

3

$TEMP/nsisweb.exe

windows10-2004-x64

3

$_2_/CCTVPlayer.dll

windows7-x64

7

$_2_/CCTVPlayer.dll

windows10-2004-x64

7

$_2_/CCTVU...ll.dll

windows7-x64

7

$_2_/CCTVU...ll.dll

windows10-2004-x64

7

$_2_/CoCode.dll

windows7-x64

3

$_2_/CoCode.dll

windows10-2004-x64

3

$_2_/Localserver.dll

windows7-x64

3

$_2_/Localserver.dll

windows10-2004-x64

3

$_2_/Reli_CCTV.dll

windows7-x64

3

$_2_/Reli_CCTV.dll

windows10-2004-x64

3

$_2_/StartService.dll

windows7-x64

3

$_2_/StartService.dll

windows10-2004-x64

3

$_2_/UFDeMux.dll

windows7-x64

3

$_2_/UFDeMux.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    88d9e6540a0701d8c13cf55a53a466c0N.exe

  • Size

    9.2MB

  • Sample

    240824-gftpfaxflr

  • MD5

    88d9e6540a0701d8c13cf55a53a466c0

  • SHA1

    bb46f9769dc99836d8de1a0b9d0fcee01526aeae

  • SHA256

    5f8bd8ae8b34ea918280f75581949480d33f056898efa06d6f5f741d7d08407a

  • SHA512

    87e50a9b103d1de8b8feb605c326cd53f2c7f60cda9b2320eeb06b40deed034a2a0fdeede5da39adc361f6d6c36d99bd7f7b1c2a169b767555c5cbd26c3a22c3

  • SSDEEP

    196608:SzFXfWIiCc7BNQR5zevFOmGyy9riWow/92vNb6kSUPRWgQ:S9fZc7kxmImGyqiWT9296co

Score
7/10
discoverypersistenceprivilege_escalationupx

Malware Config

Targets

    • Target

      88d9e6540a0701d8c13cf55a53a466c0N.exe

    • Size

      9.2MB

    • MD5

      88d9e6540a0701d8c13cf55a53a466c0

    • SHA1

      bb46f9769dc99836d8de1a0b9d0fcee01526aeae

    • SHA256

      5f8bd8ae8b34ea918280f75581949480d33f056898efa06d6f5f741d7d08407a

    • SHA512

      87e50a9b103d1de8b8feb605c326cd53f2c7f60cda9b2320eeb06b40deed034a2a0fdeede5da39adc361f6d6c36d99bd7f7b1c2a169b767555c5cbd26c3a22c3

    • SSDEEP

      196608:SzFXfWIiCc7BNQR5zevFOmGyy9riWow/92vNb6kSUPRWgQ:S9fZc7kxmImGyqiWT9296co

    Score
    7/10
    discovery

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/AccessControl.dll

    • Size

      10KB

    • MD5

      055f4f9260e07fc83f71877cbb7f4fad

    • SHA1

      a245131af1a182de99bd74af9ff1fab17977a72f

    • SHA256

      4209588362785b690d08d15cd982b8d1c62c348767ca19114234b21d5df74ddc

    • SHA512

      a8e82dc4435ed938f090f43df953ddad9b0075f16218c09890c996299420162d64b1dbfbf613af37769ae796717eec78204dc786b757e8b1d13d423d4ee82e26

    • SSDEEP

      192:8SEWBGgiJM4LN+xq56XdNcNz/NWdlJmlyOcROQ:8SEPgii9KTzyt

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      0dc0cc7a6d9db685bf05a7e5f3ea4781

    • SHA1

      5d8b6268eeec9d8d904bc9d988a4b588b392213f

    • SHA256

      8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

    • SHA512

      814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

    • SSDEEP

      192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      00a0194c20ee912257df53bfe258ee4a

    • SHA1

      d7b4e319bc5119024690dc8230b9cc919b1b86b2

    • SHA256

      dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    • SHA512

      3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $R1/npstartservicep.dll

    • Size

      289KB

    • MD5

      dfe81342c00513bb60aeb9945c72a2d4

    • SHA1

      ff8fd27149f937457f561adf4defd83263776a35

    • SHA256

      7b7f59f2b4a54b55a0bbc5df8d5becb6ac84ef74d7487dd0809b31e392eb8237

    • SHA512

      41dfcd521648d39bb83b44ce17a941132e0581d8de94b618d7632e04d9fdb4b83f0da8ecdde392eef9f9279dc839b997ce60addcb553f501fa4e8dcb7e175ea8

    • SSDEEP

      6144:cI76Lg5XapIAG5VL4UmvzJecWIgMP1xiSmZtI7mLejuqo:VXapy5Vu1jgMP1xiBtI7vjq

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      $R1/npuuseep.dll

    • Size

      298KB

    • MD5

      ab4f51ee7ae1581e5be9be037b26def0

    • SHA1

      53a19347461f7db52ab4a5430cf740a26a976f76

    • SHA256

      aa6405527be03180cb19f6e9d986359d2cc2b5a43c9ae69a4b37149b6822afca

    • SHA512

      dd532d556e348fd4a1e3c2d740ede7b5e56feaea07e7bbf42ae16a1887e9695f916a3e4676e7a7ebe762d2c02e3a64de3e9df72edc2de725c0f0ad38fd7cfd76

    • SSDEEP

      6144:BqYmM67Qzxgdv01sPFl7vmQGA/QVpLhM/oP70gwbDaqz4D:OQzx+f/v9lQVpLhZ7lwn/z

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      $SYSDIR/GdiPlus.dll

    • Size

      1.6MB

    • MD5

      4d328694bb516e46d2d184950d94433f

    • SHA1

      9b31771a8c201b74c846da1f1a254866dc2f912d

    • SHA256

      8199452af9e5289c126d0ff9d99f2302c52861ec49008702b7f95d64d316383c

    • SHA512

      dadf21cb702e309ba0f271e13a9c3e9d4bdb5cdd79699d331242c988c591716c265c11fb5a35a8b0d5892861d1c6d519ace228f2d4fcf0d3e604e33be4fa7cd2

    • SSDEEP

      24576:GSWwWpX3g7mgl074FUSIgi3g4bMG0x15IMQMLklslaswMeEd5DoQbcnO5c/K:GhwltF7C3/ouMvoslp3on

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      $SYSDIR/apphelp.dll

    • Size

      123KB

    • MD5

      dfd8d8d0ff28f17e42a0f19b40dc3966

    • SHA1

      fb385dbbd035caf80612c517e39e8555d6f4f262

    • SHA256

      de7dead249346eb03917f0e5ec4846aca73cd94bf6ea0ed6e4fb70fe7133b206

    • SHA512

      ebb8e402963979141e14225738ab3b7c67c47dee48786c43e7d1034f2959cd8d8d07d99ce17d2fea6a0c53a1940f1bb3231ff47e0e45d4a63ce19673f6f0dc03

    • SSDEEP

      3072:13i88zDCg5tGqbn29Ws0OnYfUZ2/09qJ3hGyqAAk:zUCIf8wRO2/aqJr

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      $TEMP/nsisweb.exe

    • Size

      29KB

    • MD5

      3950e11206ad261d52f3fbeb6727f29e

    • SHA1

      ec270419f3e82c8090351400f90136828bdd9e12

    • SHA256

      908e2a5f8729a0808508b3084d0ee904437d29f1364be17d7f4875540c39ac5f

    • SHA512

      1c874c2f60d41528538b436ddf7d72236690f7c34114c286f831af1727da27537c8636184396bbbb8624de8f9ab28c4ae393593fde2aa73e0fb67d3b095c2add

    • SSDEEP

      384:MVP9U9mK3HyAL5XfbiUyjDDE0sQReLUYJLu1wG4bC2:29NKXVTi/j/UTNLWQbC2

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      $_2_/CCTVPlayer.ocx

    • Size

      366KB

    • MD5

      8c4e00b2087c3ed3007c6592c6ed9a7d

    • SHA1

      a5ccf691b13e6ff748996a93768c254aba532d67

    • SHA256

      b4cfc9b35669fb5c17965c715315aa08d0274f260fad0ea5bb12523895b2b47d

    • SHA512

      154fe03979645cf34bfca381cd5ab4a5c5db7b44d74f71bc4afa852fd985089b35f92548bcce06f334a15ce939474cb0150a71067a6fa5f7e8fb3360b5ad2706

    • SSDEEP

      6144:624BUldhltmPnKcay4aydZ4atYH75Mt4zbnGFfMwghZwhpew2RX9EMppXpcrEs8c:62pldhPmPnKcj6dZ47H7et4zQfMwgIhB

    Score
    7/10
    discoverypersistenceprivilege_escalationupx

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral19behavioral20

    • Target

      $_2_/CCTVUpdateInstall.dll

    • Size

      41KB

    • MD5

      9fd36d39fde57cf909a047e31a7ede27

    • SHA1

      592c7472f03dd68d49d6e8a0902ccf0e5f79ff5f

    • SHA256

      3bdc400fa3bcfe5cac1988efa01d8bf739ccaa3afb7531f0bc24c884c18f242e

    • SHA512

      182451f6597fdcd5c14a45420fc50973ab18766c7fd4806a6d76a1d69bbb79ff0cbbeb33d16fa37ac878519168592d289bc6faa785a7785faf7bc7c01210b49b

    • SSDEEP

      768:NjqStPeiQNKexn8TDQezDuCiAggPwFJeiIJi95wwhC0kosyLWFbCXL:1qcPVjPQrzAf8Yi9ugzkosyaNCXL

    Score
    7/10
    discoverypersistenceprivilege_escalationupx

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral21behavioral22

    • Target

      $_2_/CoCode.dll

    • Size

      89KB

    • MD5

      e4350a40077170bc95f1dcfd9761219a

    • SHA1

      1142bdf4a31c041cf278f2469469e99f440e4eec

    • SHA256

      2b885ae002556985123aa995722b41cc179e76a582a5c0dffffa8f2cec3b5b42

    • SHA512

      f2c5cac541e507f167b09733bdd0e92d73a6b1bbe7225ebe74b8e21d728e50ae779db6af634e308fbce2675bf95321e1ad325a7edaebf7abeb037f33949ae20e

    • SSDEEP

      1536:UymUR3mvrr+b+Ksar9WAL2F0kZC59/56pKGe66R9y10aECZ2:U03Qr+bFs8L79tGe66R9y1V0

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      $_2_/Localserver.dll

    • Size

      343KB

    • MD5

      4625579788a484bb501d08d510b245df

    • SHA1

      6233d2aeb0cfc2005f8e2348bb950ce74a710567

    • SHA256

      f1280dac5caec7a87684c450318ba5019f78a3a17ebb6cd53bcb24415ec80447

    • SHA512

      8b36d3a7d4e6d06ee613d3f0a505de44b5f0beb4bc85461f06814dea15055c49e2be29146a43e4010e2ca57f6f5a0779721792ef6506b801585b9afd7aae29d3

    • SSDEEP

      6144:tUJXv86MeI0OfZswsEhgDjNsUf3OjwGavbT8i+kfYWTBQUv8KAV+gqRct:2XMe5wsEyPOUGav/f+kfYWTLv8oct

    Score
    3/10
    discovery
    behavioral25behavioral26

    • Target

      $_2_/Reli_CCTV.dll

    • Size

      2.5MB

    • MD5

      fa3b5d4c1c85b3a11bb464c80c37d545

    • SHA1

      f89461f789de7aba5cc4dc1d20a73ae64384dab8

    • SHA256

      6766d2fa96e0ee59e5705b9be56cc31cbee5cdb272e1434658b373bdd7a406e6

    • SHA512

      8f1009f12494075343aaa8b6a053130991d03347e4650d4cd04ca0d56d2ac5ff690a067aea60cc8c5fff96fedec2e98997a86b6a4e35c6b1dbc73e328d5ccf7e

    • SSDEEP

      49152:JYfohoDvf5KDqlKGvzWuMew6w4SwTh5/KTfvH27W/:ifohwn5KDqlK+Rwun/YXp

    Score
    3/10
    discovery
    behavioral27behavioral28

    • Target

      $_2_/StartService.ocx

    • Size

      380KB

    • MD5

      104d33372a0904c5c8ca63326f3d2cb6

    • SHA1

      8b2cfabe0ba7d8ac49665f4f3e5ce815fb0d630a

    • SHA256

      15a3b30e7c172690b669599074575d20f22e1d22afa07d1ffaa8027a1ff15ea1

    • SHA512

      034da53c160d8c51982b8af1fff005ec9d90fb6a1121e97103a45b805753b0b6a2ad678c18601da81cc444e5d88652babefe6c6a53360e3fd028406f25e61c19

    • SSDEEP

      6144:TAy0cB2UNMKHDAyuVkug7wPknnSkFyUg/Dr+v7bLUCv42Qk+kcySU907J:Uy6yu1knPFyUyDr+v7bLlv42QrkB07J

    Score
    3/10
    discovery
    behavioral29behavioral30

    • Target

      $_2_/UFDeMux.ax

    • Size

      165KB

    • MD5

      904a493808fe56c4a06d6a935c5f6222

    • SHA1

      05af1104eb0c7299c95df0474c1b6f5454bed9ab

    • SHA256

      dbfc75a0e981376318d54f9b4285aa5ca313ac963c6c66b571a9dc690d63b854

    • SHA512

      72f33d0df5ca7212bdafd14f79d0b52b73eeb0ebfbe50d24895a44cc85101b8510bc308d58d8e5708b8e1eb88541f733cc2fbd39cea959a7884b24fb5294f7b0

    • SSDEEP

      3072:3mxh3GMtTXw9g3KxQoxDyW4qbcQqpKh6MxGontqEIzft2:3mWuoK8nGoE/h2

    Score
    3/10
    discovery
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

discovery
Score
7/10

behavioral2

discovery
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discoverypersistenceprivilege_escalationupx
Score
7/10

behavioral20

discoverypersistenceprivilege_escalationupx
Score
7/10

behavioral21

discoverypersistenceprivilege_escalationupx
Score
7/10

behavioral22

discoverypersistenceprivilege_escalationupx
Score
7/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10