9b85d6b53e95645934338f28d52fddf584ceb8e22583ceb6c34af44834d52a63 | Triage

Sharing

General

Target

9b85d6b53e95645934338f28d52fddf584ceb8e22583ceb6c34af44834d52a63
Size

12.3MB
Sample

240929-fx9xba1ejk
MD5

e263af0e6b0bfc55ab18c541d29bf4b6
SHA1

5e0838d39a1d3d92c6df6cd5357c9488d60739cb
SHA256

9b85d6b53e95645934338f28d52fddf584ceb8e22583ceb6c34af44834d52a63
SHA512

ad44193440abbde0fc83443cf949b3289ac41e9f01f69e36a50b5da04424123e5924bda6011a065f229b7a10ab51c1417dc48640c8e8a1c2b1d78d2a906cabfd
SSDEEP

196608:gyymRMNwW+d11STvlkV8R7Hl7atyL9lGeOzs3a1JRqfBV3ROr2As8zCm:gyyYMNwWDJkmRRaUmya+Yrtzj

Score

6^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  docsis_cfg2.0.7/Tality54.exe
- Size
  
  1.3MB
- MD5
  
  e8bde603a6837246c1dc0ea22b6623f1
- SHA1
  
  f28ef66b0529ce5f71beb81be55d65d225d01ceb
- SHA256
  
  65b6d5e8dfbfcb856c0d7d33f2d5f273269afc37e0f8a59320f2e17313ba528f
- SHA512
  
  9cfd032bc675a65585392676a4de8b67cf15e2698abc1b79c8a15f47f962b4d3299ec964114c849baeb00e4a9ad493f6bc7d493b2ce9a5046034d740d52c74ea
- SSDEEP
  
  24576:21Q2ncWj8xbWO0kiYeljTsywlOLH+6BjEmkRTYddKB:lijTsywlOBBEmuTYfKB
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Tality54.exe
- Size
  
  1.3MB
- MD5
  
  e8bde603a6837246c1dc0ea22b6623f1
- SHA1
  
  f28ef66b0529ce5f71beb81be55d65d225d01ceb
- SHA256
  
  65b6d5e8dfbfcb856c0d7d33f2d5f273269afc37e0f8a59320f2e17313ba528f
- SHA512
  
  9cfd032bc675a65585392676a4de8b67cf15e2698abc1b79c8a15f47f962b4d3299ec964114c849baeb00e4a9ad493f6bc7d493b2ce9a5046034d740d52c74ea
- SSDEEP
  
  24576:21Q2ncWj8xbWO0kiYeljTsywlOLH+6BjEmkRTYddKB:lijTsywlOBBEmuTYfKB
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  docsis_cfg2.0.7/cablelabs.url
- Size
  
  50B
- MD5
  
  30a714c2ac6dd0fa36424cf5f57dc966
- SHA1
  
  893765b82a5bab4bd65dcbd7196b048e8e0aeb6d
- SHA256
  
  1daefe9fee635e198603a2d08e6a7029b4a209b5adf1a74c85444ce02347efed
- SHA512
  
  45c5e97edb680df84fbac8542347d9c38b742aa15c24eed607fd59cdd4220868bd64d3934dcde3daa6b27c2263e044c518012e0e553162436b8c1824b2201c30
Score

6^/10

discovery evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral5 behavioral6
- Target
  
  docsis_cfg2.0.7/cygcrypto-0.9.7.dll
- Size
  
  848KB
- MD5
  
  ac2e747f6a39d514942374a470ed9728
- SHA1
  
  8a2986b4a4066bea5702d0396d09505dbdba7bc8
- SHA256
  
  e2e33a7b99c46a9f031c3ecda8fbf914eb87b9727cf4a9b7a09e5655d933e26f
- SHA512
  
  7e79fb22243f2820b1e6fe402072021239a51e0fa323be0d0480e2e81f6e63a14bb530f3c346a1113377d734c8b2a5e200432eb77285bc4b967880603252cdf9
- SSDEEP
  
  24576:Da55AxgXlfCc/T55glfLOdna4BQ7VNkD7Hgwb6:Y5AxgXlZF5glf2kZGgwb6
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  docsis_cfg2.0.7/cygwin1.dll
- Size
  
  948KB
- MD5
  
  5258d7be3bf683bedfb06778def1769b
- SHA1
  
  2c5b6f2cc366c078cb1249b9be493f012205396b
- SHA256
  
  a49126d9c1b9837591910d28bda5443501cb310a9afad03f8f54d7fbc5aba28e
- SHA512
  
  4437f357b967caf3cfbbcdf8aee318fe4e8312bccdaccc782bcdbfcba72b14a4bb1799e8ee39606459f67d069364d24fe8ca730b79cfb21110322ab20aa7e58f
- SSDEEP
  
  24576:N55ACAVysKDDHCuoSuei6sZdmEWOlao5oEd8bKNrmY0eV:ejAsKDDH+SuR6sWZss3K1mYTV
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  docsis_cfg2.0.7/doc/config-format.html
- Size
  
  41KB
- MD5
  
  75a87fa29a9d909f34e95c0ba9d58a4a
- SHA1
  
  ec6ca9d0fe21e43e671cf8a01f60a20c51b0c92e
- SHA256
  
  33166c43cdd2906be9ddfb171cccf5f03153983141b2993b0f35c81a23243749
- SHA512
  
  ebdef27874becc95a37bc3b1dbdc63c447370b00868d1e3c9478568e972295aaf22bdc097026d79bc1fd14b3a3c7c88bfec78efa307a34964737750d625eb9c2
- SSDEEP
  
  96:jgN7SfddxddGexnTdddddDSIddddd8dddddTSadddddZdddddddddddddZdddddF:jgBS+iv6KhBx+kYZ67wRP9Jkpyv
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  docsis_cfg2.0.7/doc/config-settings.html
- Size
  
  20KB
- MD5
  
  d7d773b283f4a5afee6fbc640bb078e2
- SHA1
  
  756791374149e494fe49a8c72874b84015780c84
- SHA256
  
  31109ce62f0bb418a5a1fc8a98489d1486929d668e063e90e1ae70500bd293f8
- SHA512
  
  a8b5404724e4bac0d12231a3159ee6f7c50893be100f4adcc0b205ee3623937ad71996fe168736f64b9ae6e2b99e57499c294d84623cec98880b9fa72e489788
- SSDEEP
  
  384:xlxX6sOBNz2zr0Nz2zrMTTpKbi0i92ubCZdKd2:xlxXW5q
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  docsis_cfg2.0.7/doc/index.html
- Size
  
  6KB
- MD5
  
  e9c374514c9452d307de0d074ef95b55
- SHA1
  
  de5c6d0c2059b841a62d6a86abbeb23ac221b6ec
- SHA256
  
  2b7e353dd45a3b0f155ef904a9e6c178fcef24d95922ee960df6cd6f62299af2
- SHA512
  
  97237609c7d968c7a7d3251769b922e4286d415da1f25281957313570bcb6717f184b31c112231553a3ee6d34e49525d1cd503c18f9169acb9651ef10c6a2552
- SSDEEP
  
  96:jAwfzDRHXNJsCTSTGhricBwmupEnt0gM1kfXxQ8IUAg5w0orw8Z0p8qBNoCcqE:jtt3w9TGViUupEnt0fCfhA2rp8SRE
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  docsis_cfg2.0.7/docsis.bat
- Size
  
  258B
- MD5
  
  f7b4679426f4e4c4b0207046c661bc6c
- SHA1
  
  79f01fcfc8ee0a12a2fb116ffb428b02874321fc
- SHA256
  
  d2779cbfe6f99303215ba49d7b3d21e23f0cff788f70b1af22b800e28183af54
- SHA512
  
  ddb64ac255f2e6792375f18a80d7043c989c1cbd50547d8fb994ea1660443e62e785b2118dddcc5f7aa71952ed847a5a53789da47de77a21fa4eeb4a9b5a38e8
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  docsis_cfg2.0.7/docsis.exe
- Size
  
  1.0MB
- MD5
  
  6879487a6f3ca7785900f568005620f7
- SHA1
  
  265714be556c9beac124333de4de5dd0149a029d
- SHA256
  
  0a53c444849a45119feb7600ef6b5712cf768ed976e3af2a64a3f525bd79c15e
- SHA512
  
  ed61add3f5f1ca63ea9e8c0564b2fefbf2cb2137979579d90d8ebed23cf4713cd675326ebca91ae501dc22294ecae123cd15bc882def949ccb4b462b232074d3
- SSDEEP
  
  24576:yHRUuF2BbUaIMPm++0/2XpfSgvO28xRv4upOgSxwAy1H:yP2hul0/2xh8xRv4upOxwAy1H
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  docsis_cfg2.0.7/docsis.url
- Size
  
  60B
- MD5
  
  99bed92015e851f81c5790e14c306adb
- SHA1
  
  3cf7bfbc0c7628abe3f332ff0e4cb04b04002f52
- SHA256
  
  923b9a2d48b34392a96c7839274d05f912ea365af475e15c1f6a791539a952a5
- SHA512
  
  e5fd2c043cd78ef1491ae50a30ba9fb67ba23928c9369c8b1c4b783bc654ec016ef1ccb1c09bb564600a8ab34040499e632e01745c54396f9e3b392c206b564e
Score

6^/10

discovery evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral21 behavioral22
- Target
  
  docsis_cfg2.0.7/docsis_cfg.exe
- Size
  
  24KB
- MD5
  
  472df4e60cad4c91b65b264f2ec6f189
- SHA1
  
  db6c07df8bb083556f20551e94f24d6255727a1b
- SHA256
  
  8e615807a54a422f62b53670ee3e4f31fd51a706c36b0856f837e3c9b564d424
- SHA512
  
  4dc1793000a32aa6d2ab27d3b2adc1df95aa36c281d11a052f62a4681bcce5ad0fd7a18c82d8f4f0eddfacd0d5c78b1b564b82f65a582dc21893147ab5c1b198
- SSDEEP
  
  192:DPJE5kRSJ4tGsMMrEEFJobOTAbEFP1oynu4p/2+:DArJfMrob6p1g4p/h
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  snmp/mibs/brcm-80211-mgmt.mib
- Size
  
  61KB
- MD5
  
  93ca631e7dd5fa1609716d1a3bfeeeb1
- SHA1
  
  41780322078366d796056aa774228d0c03dece19
- SHA256
  
  5ce6729defba977418bcd094f356b4c8f7b1111fa29e4d24bbf14ae53dc9bf4d
- SHA512
  
  416cbb7042cec8facdb334353a44b07083eab27a11e6a7a178afbb99c2094f50ef35512b9c7fd72940afb741351b5cbc1e5e19003f6686e772de33824c4704d8
- SSDEEP
  
  768:hOZUhFGy3EfO9oMwegyoya0sylF42B/8oXWA9:pMQOerNB0C
Score

1^/10
behavioral25 behavioral26
- Target
  
  snmp/mibs/cap.mib
- Size
  
  26KB
- MD5
  
  2a275aa10e9a3d3eaebceabb57953516
- SHA1
  
  cd71445d875394a9b2c891e1c3e17fe8b7fc0dcd
- SHA256
  
  c79f539e00ac66858ed784de5e76e230987fd18430b5b9c67160e62c2b025708
- SHA512
  
  ebaebd484a6c10610b7dead37bfe72c23db20b51935fa1ba43bf4e08f625ad38b5f2b28a1666081bb138201f4dca0d913eb70922c1c87fc8197efed8848ddd26
- SSDEEP
  
  192:tFeOf6dl5Gm35m3Bm3L8v5OPm8OLm3Rf63RFm3bzWn9WnTUiAuq6m3EN7OTvZ2Br:1fscUxbFAZ2B5W+rZy5YeXC
Score

1^/10
behavioral27 behavioral28
- Target
  
  snmp/mibs/ietf/AGGREGATE-MIB
- Size
  
  16KB
- MD5
  
  a24562547ba795c96dec25f7b08217b7
- SHA1
  
  33c7217f1f5fd3263b17aa167b49d9470b26115f
- SHA256
  
  6f34f057e82fb6874cf5d93d5f0ffde765e77e706a7eb80d37ae76fd58df803f
- SHA512
  
  fe2ce35a70f1fbe6c6580f95524e37a5ef00aad4c68fae209589fe43416e0587b0e463554bd93c3ef92e55435ebba39f6066a0d9186405715691b834e436451b
- SSDEEP
  
  192:/qfAWLdaE4RJuH4stgGRq0XQgrDfsu29Wev/grabpsW++XUO9Go6j:/qfAWCUXgGRDgaf+8ev//VqhO0x
Score

1^/10
behavioral29 behavioral30
- Target
  
  snmp/mibs/ietf/DISMAN-EVENT-MIB
- Size
  
  66KB
- MD5
  
  6c7bf2eb8aef70b616ed89424e908e6f
- SHA1
  
  a50ed173ee70103641a804b160a3f8da2d50e0e4
- SHA256
  
  095bf95ad1000b3e97f2eb605f980c58ef1c9881e8be01047ade616b09073365
- SHA512
  
  efc75599aca2a12473c2a948627cc51b48eb8e55c5595528b1fd4b19e02042f6c6a82ae5c3b8adfc881d268291b9991890d8cf1007e15ed935a019612573e6d4
- SSDEEP
  
  768:U+nF3As7M/xAoiZovDouCwcmTtojoBUuo4TUy:UEVA/nD3o4TUy
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

discoveryevasiontrojan

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

discoveryevasiontrojan

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32