1bbae7fd65ce859fdebbef69b00e51de4940b85cbf3171f0199f444677b42ae5

Sharing

Copy URL

Twitter E-mail

General

Target

v6.15.8_installer_x64_.zip
Size

51.5MB
Sample

240907-st945asdnh
MD5

c0fef7eef8395a49ef48b63ab7b46789
SHA1

1f27e4d4eeca43a814eaffe97a4e96bf86f8898d
SHA256

1bbae7fd65ce859fdebbef69b00e51de4940b85cbf3171f0199f444677b42ae5
SHA512

25476f8634c209c329694249d90a2eaefcf7b8675ed1201d850b8c6d6ebe4f61aa1e3e5449f2d67db41929e6dc8b7ec328f1d41fc79e34221c640b5e60b1c3cf
SSDEEP

1572864:TOp+AkxOx6mkMspNbawUPlE6t7NqR2nWXHxMDT5oNc:TA+M6mk5pshPlE6t7NqR2nYMf5p

Score

7^/10

Malware Config

Targets

- Target
  
  v6.15.8_installer_x64_.zip
- Size
  
  51.5MB
- MD5
  
  c0fef7eef8395a49ef48b63ab7b46789
- SHA1
  
  1f27e4d4eeca43a814eaffe97a4e96bf86f8898d
- SHA256
  
  1bbae7fd65ce859fdebbef69b00e51de4940b85cbf3171f0199f444677b42ae5
- SHA512
  
  25476f8634c209c329694249d90a2eaefcf7b8675ed1201d850b8c6d6ebe4f61aa1e3e5449f2d67db41929e6dc8b7ec328f1d41fc79e34221c640b5e60b1c3cf
- SSDEEP
  
  1572864:TOp+AkxOx6mkMspNbawUPlE6t7NqR2nWXHxMDT5oNc:TA+M6mk5pshPlE6t7NqR2nYMf5p
Score

1^/10
behavioral1 behavioral2
- Target
  
  Repository/dnsclientcim.dll
- Size
  
  123KB
- MD5
  
  b19e94b944bb06be96f9efc3abc0e6a4
- SHA1
  
  4632a0b93f4fc3ced4a78f5719352febe2c26615
- SHA256
  
  ee05a7de454b561b51d063913e084252f5f8f02868392eb93b5d0f01a364fe1e
- SHA512
  
  7925a57c5ba1cf8883d3b9da30e1afd305b214029a98b7de0030b52a4cac46cb78141b8f79bb53995fadbc2f75a7366004e14525c4aedd6808394b42b166ae66
- SSDEEP
  
  1536:FE2lWm+50IkaXuBKRLQ6VN7hPJxMbS9j1guZ3Km4HojqR:yujiuMhQ6VN7hPJxMbCj2uRKm4I
Score

1^/10
behavioral3
- Target
  
  Repository/dnsclientpsprovider.dll
- Size
  
  187KB
- MD5
  
  28b1abfb1ec9590e38bbdb750c2bc719
- SHA1
  
  2ee1a1c8ae201c8a13ae719492d5c8bf2f33b929
- SHA256
  
  cfd969c82c408d1cdbc0084736fd888d78c4a0e1dd5bb5873da9fe8bf0c35211
- SHA512
  
  027b4fab4dc79622bb316f41c8b36d496649f6d67e50ae19d69ac09af2882e31219eec7c013223372bb1883ffa9831f2684404dcca19391e70319e11c5e6ec0d
- SSDEEP
  
  3072:t8sFW4j9LlwNa/aoBEB6tCnrGNidonQMAQy8mVy+Uhw72:t8s3mafBOGNzLAQHmVyFhw
Score

1^/10
behavioral4
- Target
  
  Repository/dsprov.dll
- Size
  
  202KB
- MD5
  
  c390f856b2d7e9271ccc7098d38df01b
- SHA1
  
  5f519d7675a4bacdb3cf0c7cfa7a7145f28a93ca
- SHA256
  
  6a0a91883c5a56125a12d36ef79dfa9f8be8986b2b9387b5b9712f793555308c
- SHA512
  
  a17758b1fe9ed2f596a08c1b4ba915a031278768d32149e884c8ed706b587c0e326b73790460eccf906cbe3a5e3e290492eee013178cc085d03101ede493e84d
- SSDEEP
  
  3072:4oSq0b8JS+2Vnz2H/YXQi78lXqeTb3BnacfGgn5SNF2:4oN0xLW+Qi78ZTtnzX5S
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral5
- Target
  
  SR/spsrx.dll
- Size
  
  103KB
- MD5
  
  f3a75622e931e20dffd1daa951d71f39
- SHA1
  
  b94bb09eb306b88972397b8af555623f0655f086
- SHA256
  
  7b8f98be4bd2145e4e1e4c71c6d2a1b789c6810f0582209502f4666a035b41c1
- SHA512
  
  6222714a9f2f37cb58577ede6d8246c528488d878830313d3d84372f1dce8c5b79cef99c4ac5cf229f2366663f1bb1dc7b8855dcd234426cfa202e32a08e8330
- SSDEEP
  
  3072:HGvgUUbeZWCkPhh7rnrwwFQIgplqiOPRcuwtB9N6f:mvgD7rnVQIgpl16otB9
Score

1^/10
behavioral6
- Target
  
  SR/srloc.dll
- Size
  
  475KB
- MD5
  
  29bb9b5d6efa4a639759e59641aa5821
- SHA1
  
  dc6e55ddb6f5c5061f48238e4aec290e26ec7804
- SHA256
  
  f373673d34cc74f76f8c951b664589845b9dd82c939f6973c67e8fff7d6f9840
- SHA512
  
  5e9d38856fa39f7f9221bca2c9fdb72e62590d9544e9446cd76ad983fd4454885e52daccfe8e1a71f1cbeaac1ba23e981b051fb89819532698af0aa20e15d65e
- SSDEEP
  
  12288:eQnZiz8HurXkIvbEoQwHG7jeCYtpEo7Tf:eQn/urXzzEtNopH7T
Score

1^/10
behavioral7
- Target
  
  SpeechUX/SpeechUXPS.DLL
- Size
  
  35KB
- MD5
  
  dfec0317a1ea262d948a18424b86c2ba
- SHA1
  
  25bc5196e6b47aa72b4f09752382ff2c860ff19b
- SHA256
  
  9c58c0059f53cd8b796a56a8d3f585a001fd29a3037fe8393292f52dc6ac1944
- SHA512
  
  522e0fd4788cf0ae5efe2312c7599d77474e4f54fdb5ac34757091a7abe13564ee7560e6e83cc6e6417e31bbdf05cfc9a57c0bffe2b21523f3062a43e9cf957f
- SSDEEP
  
  384:TzcEP6TRUpPzapbW8ufOOqvWiMq4GDDKkVuOUSo3OWczkjUJl0azvOpI80Ygkuuc:7pEahYABZI0
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral8
- Target
  
  SpeechUX/sapi.cpl
- Size
  
  236KB
- MD5
  
  2bbbd624b2a736a3806d00280df1ad3e
- SHA1
  
  cf3d04fd61427bd8dc90327b14db889a3316fed5
- SHA256
  
  39bd24863fbb18ff7b14838e8062cad91286a04550ba405b17e16d82759e23f0
- SHA512
  
  2d8e2a8ef8195026c87e2ff0351d6bca7ec32d66197cc9a379974fe1cfcaeb20691fcd23f5f0fbd489a4015858e6d0e6b6b0ce3a871f6ebacbad6cfac1dd8b59
- SSDEEP
  
  6144:sU3hZm7vF5qXHgWGQjof9jK57wz/k4KqugbPXU4AgV8:s2hZmj8c4wLkRLgLBAgV
Score

1^/10
behavioral9
- Target
  
  SpeechUX/speechuxcpl.dll
- Size
  
  446KB
- MD5
  
  d50c755812b615d82b9b5c2cb755edee
- SHA1
  
  236e108e4ab23e9ba6c08f1ba102c75edfe20f4c
- SHA256
  
  4b831e48b62d37f15f5bb465761d5341b6623db489453e932856f51d054bfa18
- SHA512
  
  f9c36417575c5862ce21164c71926923d173f669b600429adb7d19b9d5b85de42e06774afee5b542194f0a0a84a3de3b4ee65b9e93963a4fbd3cf16647be917d
- SSDEEP
  
  6144:L0TOSAgJrtnxbwz/k4KqugbPXU4AgV8CCQ4Vb4XURS9Z8DdkTniNnB0OF5O:L0TOSAubwLkRLgLBAgV7QSjkF5O
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral10
- Target
  
  TTS/MSTTSLoc.dll
- Size
  
  509KB
- MD5
  
  40eb1f198a18021833e65a076955b03c
- SHA1
  
  730f666a44942ad4ba59c69948036c57b5db9827
- SHA256
  
  4ed0e11df812cd586423182568e2f28b3dba92f85b5fda68351bf97468083079
- SHA512
  
  70c9514587b81ee9a744234f5a5afa1fbadb1df4e457d7a47b304736240b60320b330a655f7a9f907247a049c134b3b488af9898ace8263026f83c745006dd35
- SSDEEP
  
  6144:ZhyW3FrJhNl7y10hwkxJ7HNfS3GtsLtQNnzs4G8thhqsNYcoCfgISw:KW3F1Xl7ykxxt94b2hhqKYcngIS
Score

1^/10
behavioral11
- Target
  
  UMDF/EhStorPwdDrv.dll
- Size
  
  85KB
- MD5
  
  271fdbcf747e8cc90ab30856a4dc8270
- SHA1
  
  8745ddaf89a68bbad0f93382adecf077cc5c9da2
- SHA256
  
  586da86bd50099a725e747983af982389a5fb98afc7b3015a016093dafbef26d
- SHA512
  
  b91d37995624c6599ac03ffd83cf1d548fb415be912823511cea9e8ed89fc219813e02ee20cfd4afd766630aa0707e64f66a36b7752c536687b4c7a0bfd084ac
- SSDEEP
  
  1536:fiJqqTHEry1pHb4Z7c8AmRRvgCUKUl4/t4FOsXbVmfdPOM0q3z:faNp5mTIpsrj
Score

1^/10
behavioral12
- Target
  
  UMDF/HidTelephony.dll
- Size
  
  113KB
- MD5
  
  50321150f520e88b4f84265db18d3756
- SHA1
  
  e958e555828e759cacf27939aeb60da8b08d272e
- SHA256
  
  c92c65836bc995df54bbf5ef648e2a432a5af29abc828a5927a305e7dda1d720
- SHA512
  
  09baa69301de6da26d157a150b929c88d2713caee1cd55de03944a6866a160b758d9b2d522e35383f10a9e8bcd07a0bb75cba4f5a4c36ef7a1f9e0f93b66b3ee
- SSDEEP
  
  3072:e4MZzCxr4uqhBae8WBaH7wQBiI6xBFayk:e4IzCPqhBZ3BCUsj0ay
Score

1^/10
behavioral13
- Target
  
  UMDF/IddCx.dll
- Size
  
  289KB
- MD5
  
  6240f9abba33f2db904e1e56d1ab4350
- SHA1
  
  a71a5d1c360e783f8060f722d01f7ad4f6a357f7
- SHA256
  
  669704d3660a2d46f664fd816f5e2ec68d331d6e4c91e9fca6e61f9599de3e3b
- SHA512
  
  9626deea5098adc309af4b82c8c585cec7c99e6d98832600f4c0ddc20b47384705728814d2c094fe88d110c1e2913c43a737a2e33d56ea20bd99516cfa6f466f
- SSDEEP
  
  6144:B790/Q3d7QPCXNvAnNAM/gVHM7UhKUNUmO:BGK5eCKNTUhK9r
Score

1^/10
behavioral14
- Target
  
  UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll
- Size
  
  190KB
- MD5
  
  31a3ff4ee371f079304ef8e12d38c145
- SHA1
  
  7f28e2764447b5e08a16730568db45cb1950dce5
- SHA256
  
  8d8f902eba79fca768442b562a43a986b5c5c2b7088f78e7a865e6525fb0f7f1
- SHA512
  
  ac750405f88baf031ee722a91e725e9743550a1bf9186e2eaadf662396484a8d2a4ef9d6908797e25d22ac76776d17f6b258c575a5f2ce2585486ff286d60a2c
- SSDEEP
  
  3072:K7K92V80tJN+URXBo3ddejtMrZum4h/TSQovWhACnYeOKAraoSK7:K2JDYjtMrZujhOpvUmPraox
Score

1^/10
behavioral15
- Target
  
  UMDF/NfcCx.dll
- Size
  
  743KB
- MD5
  
  dc066d93cdd85afab63f188ca69a1479
- SHA1
  
  d169767ff5d562493dbffbb7abec57e6bdad30ac
- SHA256
  
  28de3bea210167dc0eb137305b012ded4e9ba5fdcaaccc61a053b7ca5c2c6aaa
- SHA512
  
  8fe419b5e921617d05e8a47096698b14825e6d685a0cf4177193ed46e9f6c9bc6f32318d3ebbf3d410149f5a35c133a23a53f5ebf9083ff84052c0f360a96241
- SSDEEP
  
  12288:1BCY05LFhBc0RQfvqWVqqT7bRVLt3XZOVdFf:1R0A0zWVqqT7npnZOVdF
Score

1^/10
behavioral16
- Target
  
  app__v6.15.8_t.msi
- Size
  
  53.7MB
- MD5
  
  e3671d6b5053d72b6049e6c399c46261
- SHA1
  
  7ee4351eb77b79091a67f3ca36702fe6a8b25be7
- SHA256
  
  714d68a959d01d13753f84f5e8cc6de7ad137d000dabf17691180ad7de2032c1
- SHA512
  
  7e250d1e89033e3587d22d2a99677d7a9e8302459eb1b66f569fb6a7ba07d4045746c08e2f33cc447ff918629a6a9f6f8c644101b893b4cad44d06fdcd142825
- SSDEEP
  
  1572864:Pp+Ty2SfWnHDk8FjVbfzPTq4W+Rqs7cPdT7NY0XQI:a/0WnHDkkjBPTq4vwPdT7N
Score

6^/10

discovery persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral17 behavioral18