1adfe7331f6997e664db3065552e14000f9209db44c063c489d091dcf1378c80

Resubmissions

14/09/2024, 12:11

240914-pc2jwasgpm 7

Sharing

Copy URL Twitter E-mail

General

Target

pvz-hybrid-v2.4.exe
Size

90.1MB
Sample

240914-pc2jwasgpm
MD5

9775b1915baa4ec31a69f8a1ffe712e9
SHA1

ec120f160a7bf57f3be7cd941e3e87134d39c566
SHA256

1adfe7331f6997e664db3065552e14000f9209db44c063c489d091dcf1378c80
SHA512

a77553f24ec010a2842cb6dc88e46ad07688a721bc0465c19874ea24fdb4e55d7d557b556c87faac61582ed09eacd203f10e0f9be3c703d7ca034207a23bfa79
SSDEEP

1572864:L6YlVs2yxfzngwsNV5K4N+UmkxuNXAS7av/MTQpJ8+jBxbCRbGPvur0RsKtcXLz:LFE2Qf7aVX+UnAwdvETQBj7bCRWur0Fs

Score

7^/10

discovery upx

Malware Config

Targets

- Target
  
  pvz-hybrid-v2.4.exe
- Size
  
  90.1MB
- MD5
  
  9775b1915baa4ec31a69f8a1ffe712e9
- SHA1
  
  ec120f160a7bf57f3be7cd941e3e87134d39c566
- SHA256
  
  1adfe7331f6997e664db3065552e14000f9209db44c063c489d091dcf1378c80
- SHA512
  
  a77553f24ec010a2842cb6dc88e46ad07688a721bc0465c19874ea24fdb4e55d7d557b556c87faac61582ed09eacd203f10e0f9be3c703d7ca034207a23bfa79
- SSDEEP
  
  1572864:L6YlVs2yxfzngwsNV5K4N+UmkxuNXAS7av/MTQpJ8+jBxbCRbGPvur0RsKtcXLz:LFE2Qf7aVX+UnAwdvETQBj7bCRWur0Fs
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
behavioral1
- Target
  
  $PLUGINSDIR/AccessControl.dll
- Size
  
  15KB
- MD5
  
  d74bb4447af48da081c7d9b499f3a023
- SHA1
  
  dadf6e140e6fd8e49a1851cc144bb022e0adb185
- SHA256
  
  5fd5d8aec97cffaad9b7df6371b348d436cf1401e86fab614dc4cb8575428e52
- SHA512
  
  9a15de5c6b08914f5e5bbc1c318fb0e84da28a316cf51ccddca8dfb64cd67b7ad06acac307b41d5086a0740055d327007ff890807d6853bb2e767179a3b3d758
- SSDEEP
  
  192:0hdGZ2E0hm+Gc7ROMzCPvXWROt086dXHGrEKcDDi0b5ZsgMgiCXyo1Fp01eLLuIt:0hdGZ2E0YWV2908oj21ILud8
Score

3^/10

discovery
behavioral2
- Target
  
  $PLUGINSDIR/BgWorker.dll
- Size
  
  2KB
- MD5
  
  33ec04738007e665059cf40bc0f0c22b
- SHA1
  
  4196759a922e333d9b17bda5369f14c33cd5e3bc
- SHA256
  
  50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be
- SHA512
  
  2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef
Score

3^/10

discovery
behavioral3
- Target
  
  $PLUGINSDIR/ShellExecAsUser.dll
- Size
  
  43KB
- MD5
  
  34f26f7c3fe27d37dad8b799f61f2f06
- SHA1
  
  13693a61ef439137b9d4a05624f1b080c3773850
- SHA256
  
  1d1b08f87537884fcd95f4a8520bef11b89eeb852a025b04bf4cf62780992b5b
- SHA512
  
  18afe311c82574b77c344b3bb83bb9429614d51c3f408704b4544ada1a11dd9ef91fe1f41d7b7c246c4f028af65cfbe8df5b6b2455980d3426ebcf123b815891
- SSDEEP
  
  768:ENC1Ci32Komp/MQvvt/nkfohB0kk7AwnTEDlP4viKdHw8:ENC8i3mu1neAuk2JMxKdt
Score

3^/10

discovery
behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  bf712f32249029466fa86756f5546950
- SHA1
  
  75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
- SHA256
  
  7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
- SHA512
  
  13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
- SSDEEP
  
  192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/
Score

3^/10

discovery
behavioral5
- Target
  
  $PLUGINSDIR/license.rtf
- Size
  
  45KB
- MD5
  
  68ccbb8270c98f94d370eb924589e7a9
- SHA1
  
  bb9368843e0d0a78f540b6df69eb98256b4c042f
- SHA256
  
  0c47640694d32f91febb8c837081b77bc97aeb274152dba04c4e5448845d9520
- SHA512
  
  f4b0629d0ce11839ca384e5b041ec192b0727f80b559886029deaaf4c75b8126b1f55364f3ef4465c7aab31f953a31b635991d98e585c512ecf6ed80c24ef0eb
- SSDEEP
  
  384:YJggqaxikc+LAFzFdozPEFJDxGtH3/tirLmi6rGsuWTzc9TLvzh4nMNLoJ0o:YJggqagFVkH3/ti3HWTz2TLFNLoJ0o
Score

1^/10
behavioral6
- Target
  
  $PLUGINSDIR/md5dll.dll
- Size
  
  6KB
- MD5
  
  7059f133ea2316b9e7e39094a52a8c34
- SHA1
  
  ee9f1487c8152d8c42fecf2efb8ed1db68395802
- SHA256
  
  32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f
- SHA512
  
  9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51
- SSDEEP
  
  96:5mArJv6F3TqDmgK4ghEin1US36eHQZDUDgGogZcko5Nt4AMP:5XJ63LhR6inZ6dsgZkKQT
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral7
- Target
  
  $PLUGINSDIR/nsNiuniuSkin.dll
- Size
  
  891KB
- MD5
  
  cb9ccb0f6923b5e38221a2c9603eb669
- SHA1
  
  7214cae53f36cab79841e9d49b07cffd7ce5e1c5
- SHA256
  
  6a38b8084e7493ff57ea3eda7101fbfd6113d8470531b479ce05cefb4e34bc79
- SHA512
  
  5d510870559737ba9f10447716a654e3aa609b64a1b753e2d3722b7b92e1768980d2ff070e639add57a13a7941c1d680ffa6e13abd47c44b1d18a230590ebb6c
- SSDEEP
  
  24576:1pIQCUFPxa+iDkpxMJIpgT62mQh8lZIn:yUFPxarJICm25oZE
Score

3^/10

discovery
behavioral8
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  88d3e48d1c1a051c702d47046ade7b4c
- SHA1
  
  8fc805a8b7900b6ba895d1b809a9f3ad4c730d23
- SHA256
  
  51da07da18a5486b11e0d51ebff77a3f2fcbb4d66b5665d212cc6bda480c4257
- SHA512
  
  83299dd948b40b4e2c226256d018716dbacfa739d8e882131c7f4c028c0913bc4ed9d770deb252931f3d4890f8f385bd43dcf2a5bfe5b922ec35f4b3144247a7
Score

3^/10

discovery
behavioral9
- Target
  
  $PLUGINSDIR/nsis7zU.dll
- Size
  
  313KB
- MD5
  
  06a47571ac922f82c098622b2f5f6f63
- SHA1
  
  8a581c33b7f2029c41edaad55d024fc0d2d7c427
- SHA256
  
  e4ab3064f2e094910ae80104ef9d371ccb74ebbeeed592582cf099acd83f5fe9
- SHA512
  
  04b3d18042f1faa536e1393179f412a5644d2cf691fbc14970f79df5c0594eeedb0826b495807a3243f27aaa0380423c1f975fe857f32e057309bb3f2a529a83
- SSDEEP
  
  6144:rA9ssOlBrbYr5UP4m3mC/FvBbhQ1JzI+yQKiJGxdNtsm0:r2S165UP4mL/FvBtC8zQdSDmm0
Score

3^/10

discovery
behavioral10
- Target
  
  uninst.exe
- Size
  
  2.7MB
- MD5
  
  2fac711bc6ef7a6d71f5e1e68635a702
- SHA1
  
  6be544920bad49445a9b99f1d5f1c25ed4778aae
- SHA256
  
  350d3f4d77381fe1c0b7151a9432716d8ac42429960514823b86c57bf4b02d6f
- SHA512
  
  a5a2ace73f4d6fcbdbe3d461a2f9f43ce0d160d4a3dd085fb53002a0827028f52b345492c810e888a3896054355eb3e994641874af5d7e97d4cfa9639203dd7d
- SSDEEP
  
  49152:h2bv49jJ0Zld6MFwruie7Ko/p5HcvH8qmodwTbN7vt0RslvSJfPI39UWw:h2bA9j+ZCMKTRo/iw9hyXINUWw
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral11

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

ACProtect 1.3x - 1.4x DLL software

Executes dropped EXE

Loads dropped DLL

UPX packed file

Checks installed software on the system

Drops desktop.ini file(s)

Network Service Discovery

ACProtect 1.3x - 1.4x DLL software

UPX packed file

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11