23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851 | Triage

Sharing

General

Target

23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe
Size

732KB
Sample

240925-3yxppsyajc
MD5

eef803f8f59092866375b3807108e4f0
SHA1

9f8b3145b8088c43db180b9d8c62ad2cf46a4055
SHA256

23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851
SHA512

e19a4272662e09a81eac403df1ce58dbe2105b703b50884f18dcacf7d29e1e6c85bc273f4713ee9bd29c03ac32a3f339d2e2f1b37ff433d632c4435c3310901f
SSDEEP

12288:UDCxGuO8ODZ+1JbpyMpq65OxDub4hkWGzCeVIOqjcqjdOYmSaarVaEoVN4r:UUMZe1pyM1OxDG4hkkOq4SOYmS5Z+Vqr

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851N.exe
- Size
  
  732KB
- MD5
  
  eef803f8f59092866375b3807108e4f0
- SHA1
  
  9f8b3145b8088c43db180b9d8c62ad2cf46a4055
- SHA256
  
  23c707f9cc1a222d593738b5fcaf9d06da19104b83be91788c879f134800a851
- SHA512
  
  e19a4272662e09a81eac403df1ce58dbe2105b703b50884f18dcacf7d29e1e6c85bc273f4713ee9bd29c03ac32a3f339d2e2f1b37ff433d632c4435c3310901f
- SSDEEP
  
  12288:UDCxGuO8ODZ+1JbpyMpq65OxDub4hkWGzCeVIOqjcqjdOYmSaarVaEoVN4r:UUMZe1pyM1OxDG4hkkOq4SOYmS5Z+Vqr
Score

7^/10

discovery
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  f407939127208a009b9a825cb77ed3c7
- SHA1
  
  051d7fccf3fb544acaa8ab6be590bb4bc79cef82
- SHA256
  
  191fab998e58b66a2416873b06062166b547eb3ba06b1326a4a785a566aaf76d
- SHA512
  
  d45d08823ac7667f071b21d238b7fda43115db3195a442cb17d880d147e8a930374403c970afc31f676f01a83fb9c63e3be047de7e16718a08a1fdbe4b690901
- SSDEEP
  
  192:hzixixDOHhG9db9rd+oSVPECMlh3I8tqDyn/7hwbbHF1QuCb:hOx0DOHqrdwTY6+n/72bbMum
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  da3ad52de0af75df8b459c4f8c0c85bb
- SHA1
  
  5bfce84b6f3d19a4b7388f374ce1b915fbc9bbca
- SHA256
  
  a9b38a164cc032ead8fdedf6a987ecff1f933298c809c226a47ea57cc12710d8
- SHA512
  
  0d6141cda379f1889d4959ed945b1bb4e92e945a0e6ea99a2deee205106e7062debb6e5acecba3438d71d3206266fe69a293611fbee6d0564106e1bae4f35320
- SSDEEP
  
  192:pOSsJI/rqmIDNLU0dq51EgAiNbubv6tLZ:nHQQ0d01Egbq76t
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $TEMP/VVSNInst.exe
- Size
  
  104KB
- MD5
  
  3e9c72f5b57307229d75fd5b8891593d
- SHA1
  
  a7b7b6e51994d12e019783aadd6ff50f9a69946e
- SHA256
  
  6b86ab399643aca6c8a519efd0feef4cae5c091ccc4d032c9f3b1d6a3e6df098
- SHA512
  
  45fae09c4bdfcacbb94389f57dfd6ab6acef96c8c14af23b79ab525621e838b2fad583391385c229d751fe0396da0e97fd000d4415ce613f88174c8891655827
- SSDEEP
  
  1536:CNEiWQnz7iuDuRLVy2z57NmWerZdDoLHSWIQeNIuGx4izmq6v0FhQf57XDgZu+QJ:Gny3UW0DorSWIQeNuU5AQfNDgZQKyUK
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8
- Target
  
  $WINDIR/System32/dsaoms.dll
- Size
  
  92KB
- MD5
  
  a27e788246ebb3fb59173594d314fd33
- SHA1
  
  8081d0f8cb50ebec461427d132c1d6af0c1a734b
- SHA256
  
  c89a745ab8482e9871d1f86d0c73d30e651189769614c80a972b5e76aba28165
- SHA512
  
  3ae147466c0d15887db70f2f8aed92126e7c0e670444ec76d24f50c4beb67c6745edd87778a70581d9cc5b6ea7a0bfc6a4c20a8aa5ffe590a64eb40f3bd7bba2
- SSDEEP
  
  1536:fFp5UswnyM1VVvkXO9fWftSpfaaXVagKQwbMBwiAo3NN+8wlUsV/T0:z5UswnyM3VvlSsVa3X23T+8wlUs1A
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $WINDIR/System32/wkcajax.dll
- Size
  
  232KB
- MD5
  
  21e5ab0214714983584031e78c763aae
- SHA1
  
  67d96799572b2d847561d1dc5c5db639c3abb085
- SHA256
  
  2dd855c3a2d5acec7cf1daf44284576e3d97ae8891bdf15480ed530c0863855f
- SHA512
  
  2807cd740c1d50de1f6e26c869c466a503181f276832c1057c8269d50abaa3a7fc0769479d3357962dd63bcd57541ccf9a3fb31314d874365143e0442f7114cf
- SSDEEP
  
  3072:YoyLNAAt8jV5FEJ1cejHUDjE3tNtIhprSM33UCNneRwN2j821+RA3q3pIZ:svcMWbUCNneRwg32SZ
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Arcade!.exe
- Size
  
  108KB
- MD5
  
  e561b3a8cb9df848370069778be4a316
- SHA1
  
  55a7a5cc16880162763cce9c62bc09f91873bf7f
- SHA256
  
  56905c2b813439df0c45fdf661f957746c36dd71d3637b0a4b083c68db21fc98
- SHA512
  
  89876ecc3c4e59853d29120a422794d0be6302858ccf36dda81405e51adb045b93dc8c87132b8c795ebadcd309c49ce31bfcdce507611ae3a1715633c0107275
- SSDEEP
  
  3072:++/wkEAS4CZHx7FJfZY32CnBtPL52ynv:Hi4CH7FJfZdCnvPL52y
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  uninst.exe
- Size
  
  41KB
- MD5
  
  3ffe03fe0a494a88b37618bc40db695f
- SHA1
  
  a89eb3ea7954941fffa3e1f76b46818d06ffc902
- SHA256
  
  f5c4717f5c2b20c14403633d7faa42469a33ec61131578b1998d240c85fadb76
- SHA512
  
  667682dcf6bcf2b0fe842bf93d9dad81dec68ca38313bf2fc86c57c2e483ab2301d0ad2b7fb8d3c1de26d6a3bfc2cd6efe3a61d9529cec3d37b3526687ca761c
- SSDEEP
  
  768:KTDou/K2XYplvXh3eRMWpn2yJtKALOxqQo+JeCcFRHtqkkJVb/gyKFm:iWbXhuGWZzJkAKqQxenkJVzgysm
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16