f951a36c7c6485239857f9a6ce836936cba6411641ceee73918ead728ccc588f

Sharing

Copy URL

Twitter E-mail

General

Target

[0ffici@l@[email protected]]KMSPic0_10.2_v25.05.24.rar
Size

110.6MB
Sample

240929-fxl59atfph
MD5

c54bfb2af9f2cab1799f250d8912df27
SHA1

84fe69b4f6ba697db401a804809d4147f2d31a17
SHA256

f951a36c7c6485239857f9a6ce836936cba6411641ceee73918ead728ccc588f
SHA512

cf7ef4425e112d398307f39467e2975a64db07015405941061cd50f136365e439f4864409948df46b78dceead2dc948385cdc3f0e916ee69f57de8ce16962a76
SSDEEP

3145728:kWItXRcRlnIvh9z/qN/eFXuLn26iZIGREk9P:kWItXRcRmqCXTN1qk9P

Score

7^/10

discovery execution

Malware Config

Targets

- Target
  
  .Net_Framework_v4.0_Full_setup.exe
- Size
  
  48.1MB
- MD5
  
  251743dfd3fda414570524bac9e55381
- SHA1
  
  58da3d74db353aad03588cbb5cea8234166d8b99
- SHA256
  
  65e064258f2e418816b304f646ff9e87af101e4c9552ab064bb74d281c38659f
- SHA512
  
  241ba3f82f37818407bc00909c160b653b45a1a3d156e043b87ba18a7819294716705c952c7b46516c4afd86e6f99bad23e7235b951a371ae6728107f19e5f23
- SSDEEP
  
  1572864:cAVBjIQSzQe3cf7xOCHKYrLn+XxdjrALIjOqWY99:VVBIbzQe3u7KYrCDS9299
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1
- Target
  
  Data/0/1/2/3/4/5/6/7/8/9/1.exe
- Size
  
  3.1MB
- MD5
  
  a02164371a50c5ff9fa2870ef6e8cfa3
- SHA1
  
  060614723f8375ecaad8b249ff07e3be082d7f25
- SHA256
  
  64c731adbe1b96cb5765203b1e215093dcf268d020b299445884a4ae62ed2d3a
- SHA512
  
  6c6903f3a3092fd3d63c373189f2c06e12de032ee4fd6b80a15f58eaeb2079f3ae8a8bcdac85a358b1f9070b192b1c8260f9aa127d009b5afce475f966e91326
- SSDEEP
  
  98304:CgbTbhBxCLS0Kx/XRCsFlPsKh9ApbeicTkxchy6pA32b7SuzWl:rxBxCLS3xZCsFyBzxcE6pAGbq
Score

7^/10

discovery
- Executes dropped EXE
behavioral2
- Target
  
  Data/0/1/2/3/4/5/6/7/8/9/check.dll
- Size
  
  1KB
- MD5
  
  49e3fb9654025c12900ebdecb091c4b4
- SHA1
  
  d27586d5d0799ad3755cbf521b677101fad86536
- SHA256
  
  32a296d56f6abc2a9083f6258b9f9f8f374812dbad1d6bbe48c8ef12c90d4265
- SHA512
  
  3166c32daba9c935cf73ef104b68c4fe21f5560e29227588fe969d793c31b6157f92b69c3d3e2483767dc54e85a6c559f24796f840eb8bca72a9e42847afc48d
Score

1^/10
behavioral3
- Target
  
  Data/0/1/2/3/4/5/6/7/8/9/data.dll
- Size
  
  99KB
- MD5
  
  02e898e760470f76a383f2a5cdf1d58b
- SHA1
  
  45b59bc6faacb260a477e79fe3440d147fcb4c7f
- SHA256
  
  a1f0194f62c73f20cb7a5aa0e740d15d7838088010642c4b0ddd5266dc2dc6d6
- SHA512
  
  7c062b45fca6c0e37921c7f4566be714f01dd188ef13adc8b5e984a65e850bf0d1bdb84a68baf690a18d6b07721a71873782f8b614db1a57870f3817d6bc3751
- SSDEEP
  
  1536:D6f/jjwiZLVyHYk1iTlEYIoS4s/plCQD45O6GaW0yddZhlJyxdJk69kWabR3Wq2K:mgiGHLlZlJDCOdaY7znyxepOXz0GWf
Score

1^/10
behavioral4
- Target
  
  Data/0/1/2/3/4/5/6/7/8/9/info.dll
- Size
  
  872KB
- MD5
  
  c56b5f0201a3b3de53e561fe76912bfd
- SHA1
  
  2a4062e10a5de813f5688221dbeb3f3ff33eb417
- SHA256
  
  237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
- SHA512
  
  195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c
- SSDEEP
  
  12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01
Score

3^/10

discovery
behavioral5
- Target
  
  Data/0/1/2/3/4/5/6/7/8/9/msw.bat
- Size
  
  69B
- MD5
  
  1a2972c4ce3b677830af4e1f6cf20aa2
- SHA1
  
  e1faee7d34af2b7542453dadb506b827665ca54a
- SHA256
  
  cbb686245c21916ee149abed0d920efbb7e0acdd79637d8a2d91cc6f040ef047
- SHA512
  
  87bdfcbe5c46448d0e2b541ff20bd909d0b2e354239d11a0a777217ee8f8117166cfb69ee37694fef77be30b63fffd0883fbf2fd0c852431619ee830608cc1ca
Score

1^/10
behavioral6
- Target
  
  Data/Data
- Size
  
  50.8MB
- MD5
  
  61cb79de5d73b4644073f22596c8b30e
- SHA1
  
  55cb76243e1ec5a4cfe4145ca5f45bb65deaf380
- SHA256
  
  55edf7be8758a45dcffa506e0a92207fc874a3b964cb1de8e58d4afc9500f41a
- SHA512
  
  8ff23cc4d02a17d1b2e307bbef4cfc94ec11a020d3f0f31cd2d2913ac49d9423aa2ad8c516895cf6ded76f0c0d69608f8aef6e414ea1553c860808466d4bba01
- SSDEEP
  
  1572864:tHdSph0D2/bo6hXspsB47ToqJkm5/ryYzh+C:tH3qjoAsmW7sqJB1Hh+C
Score

3^/10
behavioral7
- Target
  
  KMS_pic0-setup.exe
- Size
  
  845KB
- MD5
  
  11bb7723ee9c4b496978d04799d98fa5
- SHA1
  
  0f392b21b96f5a456cb94ad2b731c306c254786c
- SHA256
  
  f906148c3c726afb6f37835438c777b4abef08cbcc04e7c55261e1a22f2c8ef1
- SHA512
  
  b21500b5d84a20261dd49a0fe3017e4e08804556ce8ded9b9a6b7a3aef75711dac7cf1979925fd0b6c0b82486fe26ee5f57b5302589a836e7645ea6592b9fb8d
- SSDEEP
  
  24576:SAHnh+eWsN3skA4RV1Hom2KXMmHay+m5:Vh+ZkldoPK8Yayr
Score

4^/10

discovery
behavioral8
- Target
  
  KMS_pic0-setupz.bat
- Size
  
  672B
- MD5
  
  4d8017d360dfa9fe6fd0a3fe2381772d
- SHA1
  
  de69f37f69d6e20268be2bc8230ff595cb5932f7
- SHA256
  
  b690cb1a46cede9d4260a3f2746aa7c3e4c66c899c85716cb967014c7fe988e8
- SHA512
  
  18e9eb52805108a4b8175f09465a7618ea211b13fbf123e05f17c347174e81b3a0c098b2bfb019fea0b1fdd876e393ba8fb3faf483bca2f8bd2cfb5ee57a2b40
Score

4^/10

discovery
behavioral9
- Target
  
  Password.txt
- Size
  
  721B
- MD5
  
  ac3646ede26a2b9f7fa2a9c5cd6b4ef9
- SHA1
  
  626cbce70c14eaa43fc09a401091f0dacde77ebc
- SHA256
  
  450ff65d36b29d40e160f789ccf7e60c5708a4f41485c48aa37d4e6958d7fe83
- SHA512
  
  c7334b1244fcecee9b11f244f335419a434c9b6dc38b955ddc1345c8bac4a8a75db9111bef5790e198bf74d1bb162e0d6a1237935c6572bf4dad18eb54198666
Score

1^/10
behavioral10
- Target
  
  Video Tutorials.mp4
- Size
  
  9.2MB
- MD5
  
  503afd7b487aed76e280a231800e84ee
- SHA1
  
  4808d5b0b33b17d25e6076e96cae966626f25a86
- SHA256
  
  72948de9c5941a4ce1c4df3607ba8a3d0bf753d62be4372aea98e3e381065c91
- SHA512
  
  8362dff89a5e467cc44faff7789befd05ffedf85b9ca9ed31361dee319fe2b9f6699158686e3361b134828452aea64aeff3197d856e7e49bc68c1c9fee9168bd
- SSDEEP
  
  196608:YmSxBhNuVkEphUqGD/rG7a/LUaDf+6cFM7VUXNoPipOT9+6dN2v8xT:Y9u8y7mLU0+6QMQNbpOTp/5xT
Score

6^/10

discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral11
- Target
  
  info.dll
- Size
  
  872KB
- MD5
  
  c56b5f0201a3b3de53e561fe76912bfd
- SHA1
  
  2a4062e10a5de813f5688221dbeb3f3ff33eb417
- SHA256
  
  237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
- SHA512
  
  195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c
- SSDEEP
  
  12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01
Score

3^/10

discovery
behavioral12
- Target
  
  reginfo.dll
- Size
  
  10KB
- MD5
  
  0001ef102b7419e6532e49a931d61c8f
- SHA1
  
  5c5a17b5cf9ed5cb7661bb9c717282db1de6d500
- SHA256
  
  4e9db7f1bbeafb3df89ac6660414874300130bf7728cfcc38a2da71858cbffc8
- SHA512
  
  547fc7d6116013861e6f86d7578bbb7a24f059697163fa8b150c3ae2aed026fe86482f3f0f5f1f13c67acf7236cc944dff1b3c73b161c2ea82c5f9e682ff8cea
- SSDEEP
  
  192:qfjDxGsdnRTOdvjkd1j6R3RUHqf1iJ/AfqXDcjSCGWQcgnySqQjnFymSmFRHlmaW:5s59OtjkTj6R3R4g1idAfUgm7WQcgyS2
Score

3^/10

execution
behavioral13

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Executes dropped EXE

Drops desktop.ini file(s)

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13