1d677741ad3e892d6d66d18839957880e9d1344793a1ce1537bf5161a71cdc09 | Triage

Sharing

General

Target

1d677741ad3e892d6d66d18839957880e9d1344793a1ce1537bf5161a71cdc09
Size

7.7MB
Sample

240912-1zakfsxhmb
MD5

04747e1d15b9289b39e8454d799fe398
SHA1

7a42d6107749293753c71c030d661ed13c986be3
SHA256

1d677741ad3e892d6d66d18839957880e9d1344793a1ce1537bf5161a71cdc09
SHA512

a437afa0836b81d2d3920d23b156a09758ce6358f0c5b3354c4818af94e96a4defab5782ff222acd388848922f951daa8759677b0f0f6143ec0f47a267faf983
SSDEEP

196608:ClfBY4T3A7C/xtC78S5wDjY2xdsb3cZ2TKFKzn5WPxcHvykTPcQm8y:ClfBY4T3H/x1PjfzszcZQztWpcHakQz

Score

9^/10

discovery upx

Malware Config

Targets

- Target
  
  ПроверОчка/AnyDesk.exe
- Size
  
  5.1MB
- MD5
  
  aee6801792d67607f228be8cec8291f9
- SHA1
  
  bf6ba727ff14ca2fddf619f292d56db9d9088066
- SHA256
  
  1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
- SHA512
  
  09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f
- SSDEEP
  
  98304:G5WW6KEdJxfpDVOMdq2668yIv1//nvkYCRThGXBJdicotUgwoAo5beyjF:y3vEbxfjf4Y8yofvktkLdurH5iyR
Score

5^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  ПроверОчка/Everything/Everything.exe
- Size
  
  1.7MB
- MD5
  
  a7067594451cab167a4f463be9d0209c
- SHA1
  
  1c2b1e5a0826ca07cc0aa8b3d24bad0a41845df5
- SHA256
  
  d3a6ed07bd3b52c62411132d060560f9c0c88ce183851f16b632a99b4d4e7581
- SHA512
  
  8fb6e9a82213cc1c371eddc12833b8cad037b800a58a3a3520eb7b14c9e41e61a8bf5db27bd6a79dd8013c51649396feff22436cb7bacf64989552a5a11abbd4
- SSDEEP
  
  49152:Ohua8pOpRzsOV9bzmkSMDGtsFh29slhcReer+z:Ohudp6xlG6z
Score

6^/10

discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral3 behavioral4
- Target
  
  ПроверОчка/Everything/Uninstall.exe
- Size
  
  136KB
- MD5
  
  fc3732ef603b36055209652f749c1080
- SHA1
  
  bd8b0806abecf983c89814ab4dcbd3300a78fe88
- SHA256
  
  0deee0d9d6e140226de19047c0ab160ec957a6e4bf63bb1c058bac9f09c47874
- SHA512
  
  98ee82dfe67fa3d5fe2ae3977b959b0fb1277e5bdb320e7eca347771cd4ef8d8b99c6b3cefc0466347e8f49644386cc2d0f5f7a63eb5404a8371182bd880286f
- SSDEEP
  
  3072:OfY/TU9fE9PEtuSWKBAkae31mgjrzElP6pALO2MUrNGa6k91Kz:4Ya6IZCpe31mgjr4F6uvRxdcz
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  ece25721125d55aa26cdfe019c871476
- SHA1
  
  b87685ae482553823bf95e73e790de48dc0c11ba
- SHA256
  
  c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf
- SHA512
  
  4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480
- SSDEEP
  
  384:EXsC43tPegZ3eBaRwCPOYY7nNYXC06/Yosa:EXJTgZ3eBTCmrnNA5p
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  68b287f4067ba013e34a1339afdb1ea8
- SHA1
  
  45ad585b3cc8e5a6af7b68f5d8269c97992130b3
- SHA256
  
  18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026
- SHA512
  
  06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb
- SSDEEP
  
  48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  cff85c549d536f651d4fb8387f1976f2
- SHA1
  
  d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
- SHA256
  
  8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
- SHA512
  
  531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
- SSDEEP
  
  192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  ПроверОчка/SunProject-checker.bat
- Size
  
  5KB
- MD5
  
  fcd770692a9544d5a0c4818f6e665589
- SHA1
  
  4dc93668dc103bb1678590460f9dcf18d878a353
- SHA256
  
  1709e52e59dada3b782a5899e09bf2062bdfe940d6a522327a331807ad7316e9
- SHA512
  
  dabb38e337ab49afe7cc87577024d4d88f5cc09b2d77334859e24d6d2f372649b775b75b0435a77f40e65df3d500be6efd903e21290103ee82a98fd7629fac08
- SSDEEP
  
  96:AfUocUQ0wQDWmtvoKagC9CArkidoJAdXkm0NkH4pO5Hr9ya+mxsu4kdxkdowgjEm:eUocUq4WmtvoKzC9CArkEoJiXkm0NkHt
Score

3^/10
behavioral13 behavioral14
- Target
  
  ПроверОчка/System Informer.lnk
- Size
  
  516B
- MD5
  
  dc10d814828f0e1de2eb237d818a1c2d
- SHA1
  
  a1af1a1032afa0643c4270a09a2183c702f0f688
- SHA256
  
  94eaac28955d487f51ac9a17c0b782083ec064e4912bb768e91daa92c3e16018
- SHA512
  
  86c210288eea5be55ba84c22b886e0bb6d94ede465a42c069be34f101e6ba2c504f9ae5c74d59a5b812c787482b276858b43e060fd300020783ba3ead8edeaaa
Score

3^/10
behavioral15 behavioral16
- Target
  
  ПроверОчка/История устройств.exe
- Size
  
  135KB
- MD5
  
  d0d19f2cccacf70bc84846076acc11c8
- SHA1
  
  21154b5b479aaae4c56aec309bf6964eb52d1ce1
- SHA256
  
  63012ea9ce8ed335db7bdd33fa7bb449aa1ba31755c6845c1e79c11cb60dc908
- SHA512
  
  b45a024e3e22821c3a9fec56969fda164acab0f12a28a29a8c9263373004b57a246ff46f90a81b65714b09d788ed8c265de130eab059c546caae79b6d15b73d4
- SSDEEP
  
  3072:xFRB1T0ABjInqx9sKJQ1jrD0ivz0ll27ENCP7g8g3OaAy:xFRBVnj0qxbJQp/0iolGENC6RL
Score

6^/10

discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral17 behavioral18
- Target
  
  ПроверОчка/Открыть appdata.bat
- Size
  
  82B
- MD5
  
  200aadbf80ceabc021f7ae98213cf3de
- SHA1
  
  5580580838d5fe9ea6240a2612e11ae7d070df9d
- SHA256
  
  04fac8cb5297eea5cb8fb5f645d53682f429d5e4d86db62d9ff4106e88aaeee5
- SHA512
  
  3e80c5f11a5592bed69f463e1335acf685f5c7647758195e53e376257b0246603704baa4532a20715b80d31a70bf31b939fea78f777b958fc6ec79da6dba989d
Score

3^/10
behavioral19 behavioral20
- Target
  
  ПроверОчка/Последние запущенные.exe
- Size
  
  30KB
- MD5
  
  f36530f46a34516be38521ee9a134d28
- SHA1
  
  47f0553e0a0febbef59fd9a32149497bbdd5229c
- SHA256
  
  bc11c4150bbc6f8b2cf7bc96bedbb183c61d53ab8e4052b15d58bad6b6d1befa
- SHA512
  
  5c1a1282ffc25409d0044770c80e92f7a89fb40567dbb24f64f46750083bb30b842a63ef58b8b9433fa5a5903a5aa7bf71ee941709365c6bc17a9f4d85b1ad5d
- SSDEEP
  
  384:IecsPHRggjhCnMgZas8+oAEqPm63AovtX625wWMPODVDSt/U/BEUxhUp5Erzrbqu:HhCWSrPlX62arODxS1U/Br9nrbqUo
Score

9^/10

discovery upx
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral21 behavioral22
- Target
  
  ПроверОчка/Последние папки.exe
- Size
  
  93KB
- MD5
  
  1a7524a3f7443c3e041774d5f372142c
- SHA1
  
  b7f4ce125731505cb4961df217465ef6a94c31df
- SHA256
  
  e000c782af989e016efcef1664b9d652b0fee59b011e28154072f7b6001b124d
- SHA512
  
  3a3e4412727086bdfea85cb9da8d8994ff2f37aa4c761458ba0006dfd7e6fb72b313940eec5ad197b1026e6af4d10d72cbe85c99e3a245ba2c18141fa633ec19
- SSDEEP
  
  1536:zuHXbO8QQlS6sAS76Ffm4O8cwZN1L2k27Ruc5Jqbia:zkXbSQhs176Fuh7wZN0k27Rucu5
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  ПроверОчка/Последняя активность .exe
- Size
  
  131KB
- MD5
  
  4a0e27af4bc47aa761a1751caf69a3dd
- SHA1
  
  0fb8f1dcd7f37deae356ecf4ec099ba66af5a0bf
- SHA256
  
  d8a736232b6ebed152a20e922ea2798fda89069786fdd8d526013585215c3046
- SHA512
  
  d600a995a63efdf96aa8c771464b889c4ceb9b9de66223983b125b17f6309cc56e32e35114481bab8ebcd1f61ce576baab5295f11aeeb035a687a1db7e58d1a8
- SSDEEP
  
  3072:IvKB1ELeP2N+S0atKSPfptuaNH4XkOdL1E7Bd9f:IvpLe7S0EKSnptuaB4BS
Score

4^/10

discovery
behavioral25 behavioral26
- Target
  
  ПроверОчка/Удаленные папки.exe
- Size
  
  1.6MB
- MD5
  
  faaff4148db8cda4068234f5d5110c60
- SHA1
  
  b744ae0ee7f3cfeb762a4c9ea4b72f1f092fe391
- SHA256
  
  58304b1ed9a66d44938f1e04767d1219194693bc918750388f259b1d0d251dc1
- SHA512
  
  1956bad6e775b08fab06358225b5cb027ec3bcf35fa304c7e9dbcfcefe55b887a0dc95db24d6655eb299d6abb6740d64f36912683549c951d73836e4e63a18f0
- SSDEEP
  
  24576:0I0a0W7eWRWhccdtwc2DXeYU2qNEV9g7er:0IGE2ccnmhqa
Score

3^/10

discovery
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28