General

  • Target

    7934eefc7c9b17c138433b13b8ef99f77e88153193525b416219240d47ecdd39.exe

  • Size

    10.4MB

  • Sample

    240825-lt69xazdjk

  • MD5

    8a16c4b0c08337f7e78ae8e04e72bde4

  • SHA1

    63d3a549702aceed4b3f69cc465a941ff15fefeb

  • SHA256

    7934eefc7c9b17c138433b13b8ef99f77e88153193525b416219240d47ecdd39

  • SHA512

    c468e5e4ed31a6018ed3cecf4d996239f9a280b66d5f674bf6cf0fab35baefa946399238e99e55816482400235b0ef07d922f0d913ceeb2ad71a79c674da71c8

  • SSDEEP

    196608:RaZk+wgTIWmKN7oaKn5qVbrQPFOsti7A95DlWR/IT030HyB5Hsi:1ngTIA/KQOE7ALgIT0f5Mi

Malware Config

Targets

    • Target

      7934eefc7c9b17c138433b13b8ef99f77e88153193525b416219240d47ecdd39.exe

    • Size

      10.4MB

    • MD5

      8a16c4b0c08337f7e78ae8e04e72bde4

    • SHA1

      63d3a549702aceed4b3f69cc465a941ff15fefeb

    • SHA256

      7934eefc7c9b17c138433b13b8ef99f77e88153193525b416219240d47ecdd39

    • SHA512

      c468e5e4ed31a6018ed3cecf4d996239f9a280b66d5f674bf6cf0fab35baefa946399238e99e55816482400235b0ef07d922f0d913ceeb2ad71a79c674da71c8

    • SSDEEP

      196608:RaZk+wgTIWmKN7oaKn5qVbrQPFOsti7A95DlWR/IT030HyB5Hsi:1ngTIA/KQOE7ALgIT0f5Mi

    • Creates new service(s)

    • Downloads MZ/PE file

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    • Drops file in System32 directory

    • Enumerates processes with tasklist

    • Target

      $PLUGINSDIR/FindProcDLL.dll

    • Size

      31KB

    • MD5

      83cd62eab980e3d64c131799608c8371

    • SHA1

      5b57a6842a154997e31fab573c5754b358f5dd1c

    • SHA256

      a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

    • SHA512

      91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

    • SSDEEP

      384:1NWlNdqdAnhTKMLE2oIM05fnqCiWg3Yy9kflIinokN:1NWtqdihTKCldkYwkdpnoy

    Score
    3/10
    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      a5f8399a743ab7f9c88c645c35b1ebb5

    • SHA1

      168f3c158913b0367bf79fa413357fbe97018191

    • SHA256

      dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    • SHA512

      824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    • SSDEEP

      192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go

    Score
    3/10
    • Target

      $PLUGINSDIR/SimpleFC.dll

    • Size

      175KB

    • MD5

      6d38bb6f6f19c2c22a7ef774bc5d9855

    • SHA1

      99778940e059238ca23a513e717d4db2cf34e606

    • SHA256

      11ccded83aff463fb6f754ae4145efac64c9238917ab9a35045a67e4fdb39154

    • SHA512

      12a3999c73e43f3a07460c16fb6c6867b551a159314df15f05d6b4ffece450764bf1e27bb03ba5e81d8483b793d78d87a50391883bdcf4a441a4cd0e4035bada

    • SSDEEP

      3072:p2sd6EP05etg+rKTTmYjcnPMdsRrdU+/mbM/AuaNoNglzppVIgqKDhq426Au:Ys4zIg+rKTTmnhfAoSxqgNtqX

    Score
    3/10
    • Target

      $PLUGINSDIR/SimpleSC.dll

    • Size

      61KB

    • MD5

      d63975ce28f801f236c4aca5af726961

    • SHA1

      3d93ad9816d3b3dba1e63dfcbfa3bd05f787a8c9

    • SHA256

      e0c580bbe48a483075c21277c6e0f23f3cbd6ce3eb2ccd3bf48cf68f05628f43

    • SHA512

      8357e1955560bf0c42a8f4091550c87c19b4939bf1e6a53a54173d1c163b133b9c517014af6f7614eddc0c9bbf93b3b987c4977b024b10b05b3dc4eb20141810

    • SSDEEP

      1536:i/qXv1si+Xsp9MNptZ8KMT6+nMA4fx+kmA:Bv1EXZnLMT5M3x+km

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      4KB

    • MD5

      05450face243b3a7472407b999b03a72

    • SHA1

      ffd88af2e338ae606c444390f7eaaf5f4aef2cd9

    • SHA256

      95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89

    • SHA512

      f4cbe30166aff20a226a7150d93a876873ba699d80d7e9f46f32a9b4753fa7966c3113a3124340b39ca67a13205463a413e740e541e742903e3f89af5a53ad3b

    Score
    3/10
    • Target

      $PLUGINSDIR/nsSCM.dll

    • Size

      5KB

    • MD5

      62efa7b730eb0523a026ea4325403b77

    • SHA1

      806ed3bd677ccf5d9817c9b464015e347f2c8f3c

    • SHA256

      0b96456e8cf6b3e582388d3e530c73ce9121974381d51e5a21cd945c75fd2a38

    • SHA512

      748237582e1c25655cf512ec6b1a2f9ad59b3a0da2c3cada535f202dcc66e068ab3bb3be34016f944a4a4fae71a16aea12f9725fe9f679b3fd1073639e31033b

    • SSDEEP

      96:tqlcg4xFj0Gm+dqJ8tMQluPF/KSEmkpY0Qe1pe:tqlcg43jZRA4Jlpp5Q6e

    Score
    3/10
    • Target

      $PLUGINSDIR/nsisXML.dll

    • Size

      11KB

    • MD5

      13deb9a0f4e4286df01abc85e1895e09

    • SHA1

      3174853b32407fd85220de844b390a18a8a76c97

    • SHA256

      c40ef0b41c035b6d29656616ddc113a717bfd1bb78c9fcac75d7b6eefdc7bf83

    • SHA512

      604aa82a9c4818d2f63fb11bbde561afc137a77e9f3108dfd7f4596524e46ce71b6dc31606bce534b600b250c3b4092a311fd1eced83da01156d5bcfaad7aade

    • SSDEEP

      192:GRTSl/ex70OJp3U5WtRqRLnOyhb6hz801Sux3ulXhDQR:GRTSl/kfzWIRqRLnOy3mxaX1E

    Score
    3/10
    • Target

      AxInterop.MSTSCLib.dll

    • Size

      240KB

    • MD5

      0f581e56ed5ba500ce5d98d105b04a37

    • SHA1

      b6e2cade601bc6fd15e7f07ed41a4dfa4ee0a589

    • SHA256

      f041747b5b6b20b6620ca13a7b276c9e9070e54cda8c29f6add54cba9a42a2f5

    • SHA512

      9034b8c289ce3ac9386d43473a019a9b45d9de82090e7da90c3cfbb00c8e9aa1509eba4787958495ebb928481f7b42edd184ec9e0c0009d4f2f2ec98bbd92fdd

    • SSDEEP

      1536:/ri+u+4qhkPZVb45mF2UQJlPg85ycFtIhH0rOP7gVzySImpYQ6BDdrMkwbTTj+6v:TuBqhkPZ61wOrOzgVbpx4aX+6C1Z5gd

    Score
    1/10
    • Target

      AxInterop.ViewerX.dll

    • Size

      40KB

    • MD5

      edc5e696c4ad70f0be6301f703ab3672

    • SHA1

      9c699039715db6bf6746e438991988f9cfaf8ea2

    • SHA256

      c6e5f17b2bc91202a1c6a9f3f0547cd7f208368b4cfebb53f234a55f87c5acd5

    • SHA512

      58d9441d9648ece7f0284da75fb79777679e4f00610a71399ad2a22df8b418995f6a3fa06d69c17e62faeb3e7f061e3b3ec13ccf2ac00a809832594943c33760

    • SSDEEP

      384:2rezJLlifR3sVk72M6InhrJqOr9xun+mB1UDn0mVLAp8RQJ:wo3ifYBIpJqe7mUD02ApXJ

    Score
    1/10
    • Target

      CagService.exe

    • Size

      20KB

    • MD5

      475d122dfc7f38cdc8ada4e78c29476f

    • SHA1

      4e82b43a568d72d23f69afeaea5123cf0b663e10

    • SHA256

      524529cb73b924d7cb7c3b6a63537ffbb57c91c1aeee76905ab088b8768bd3a9

    • SHA512

      86d2ef11072b5daab8b20268ee516885ba9b3b7ec87c753e42032eba30a5c681bc4bad599242d2981b15adfb966ff11b5261e3c5d181314030efc74d2b0b8105

    • SSDEEP

      384:DDCIU+F4cOgXWJUHkwfrTJHsySIYiMdbqm:deB+N3/Yi3m

    Score
    1/10
    • Target

      Common.dll

    • Size

      17KB

    • MD5

      5f00964f1ceb0028ffa1d6cb2bb802da

    • SHA1

      51e1f9dc42cb6154897df79c583940d3cfcc4fe5

    • SHA256

      63b211fc957d0af9afac3fd7ddaa6fa26910c1609609d093cbba86771b4e6168

    • SHA512

      b2e926dd9988befb3aa066a3e08f3d74049648aa838141f4609c3b0d65a04dcf0c76ebfcdc0aa685c196a24d03f655a7cfa3e311ea28e8ce420d257131a02c90

    • SSDEEP

      384:t8l6iMRjEdXzqsKORsdsFuJJSIYiMdK6D:S6iMguEFuH/YisD

    Score
    1/10
    • Target

      Core.XmlSerializers.dll

    • Size

      10.6MB

    • MD5

      8e03044775b38cb3c3a1349a44c87b00

    • SHA1

      9bcf71e6bfa1e34958f04d4fb22bb85140696329

    • SHA256

      6b531d00b2481cc14080f6903667f7dd529fa090c2855a777da34ede3173cfd5

    • SHA512

      dff5467bab3ce14c922ec6e7e850af3a7a03e1784bcf1da9f1443f6d3ddf6ff7f2ce0544d8f808562f5a4b14a30896396004cee01d8d7dd810bbc0db5ce13295

    • SSDEEP

      98304:hm5L3CWeHCloGwJlx1s5l4i8CtlC5ryOBC3+94l1XZe00eO:OLyWeHClNOz1W4R8Aq3w4lA

    Score
    1/10
    • Target

      Core.dll

    • Size

      2.3MB

    • MD5

      c52c091441560c25f69fc82ef963d3cf

    • SHA1

      5a93e265bb9172a2a7a78e1624df6836a30d3c33

    • SHA256

      1aea56fad229ead28e18e2ef953e7e949101865dd063bb69df62194880cef037

    • SHA512

      5e122621a3bf675341724b978f2dde8ccbeb6fc229493bde7a9750be75b3873207a74f2ff0e84e9e80dfc8c4341bd88d4dd2f7d0ee868c6e97603f2508d6e21b

    • SSDEEP

      24576:hoL5aa+q+Nx6f4zWapi9f8jTFNKE6tK9zMm54o9M5qtyxGX+JaZX442W:hOIa+q+NxlG8jTFUfIGU9r

    Score
    1/10
    • Target

      CsExec.Service.exe

    • Size

      15KB

    • MD5

      93692fe982ff635bc9286979b9d390f2

    • SHA1

      704bca5b51f045510a6dbee8bbeb7cfed1916e4b

    • SHA256

      8af4ccc77c49f775ec8876f41381a922d215ad5141d8509a5ab8bcf03472c65a

    • SHA512

      74e383b92a349e010df713e4e7384bcbab1a8ae0757796012520d7858972b571379bcad484df6415f5eb0c05c3e9bee9b7842d8fe3bd19d2005d2b8c08b256c2

    • SSDEEP

      384:ysZOOW1SXLqF9Am3p0vA3C9h0VcSWLreL9/lAKmd+:8SXLqGmavA3Ccnj

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discoverypersistence
Score
7/10

behavioral2

discoveryevasionexecutionpersistenceprivilege_escalation
Score
8/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10