239dc7f7d28602284eb46d10ee7424450678be00ceb24c944bb437c0af59726a

Sharing

Copy URL

Twitter E-mail

General

Target

239dc7f7d28602284eb46d10ee7424450678be00ceb24c944bb437c0af59726aN
Size

3.9MB
Sample

241002-yq6kestfpl
MD5

e43e565e213cb7c43ab26ece7d489f10
SHA1

234e2247f535e070e5837ff54811445120373751
SHA256

239dc7f7d28602284eb46d10ee7424450678be00ceb24c944bb437c0af59726a
SHA512

aac75fffcb0df2501a11ca7a335554cc57ee8aab7d269b2f59cf11ecf060c4f9295add129135ce307e4ee54151dbe468ae1427747f7bcb7165780c8c131c6210
SSDEEP

98304:90OVHUVcB/bydZuYkt+MMBvEdayyiurQJI:90aaqqrkt+MMBUvy5MI

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  239dc7f7d28602284eb46d10ee7424450678be00ceb24c944bb437c0af59726aN
- Size
  
  3.9MB
- MD5
  
  e43e565e213cb7c43ab26ece7d489f10
- SHA1
  
  234e2247f535e070e5837ff54811445120373751
- SHA256
  
  239dc7f7d28602284eb46d10ee7424450678be00ceb24c944bb437c0af59726a
- SHA512
  
  aac75fffcb0df2501a11ca7a335554cc57ee8aab7d269b2f59cf11ecf060c4f9295add129135ce307e4ee54151dbe468ae1427747f7bcb7165780c8c131c6210
- SSDEEP
  
  98304:90OVHUVcB/bydZuYkt+MMBvEdayyiurQJI:90aaqqrkt+MMBUvy5MI
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  11KB
- MD5
  
  68613505b0843b1c8193a64579211eb1
- SHA1
  
  57ee1ad948492d2e6ca5c5317ce0404b1f27dc98
- SHA256
  
  85e74db69e141f110083bec37c4b24a946c306c34f53e2cec958d8e426c46970
- SHA512
  
  a8082ad86395ab8f59c4ae71032c8629cec87a03b13bad9954cc4e001ef945c194ad3991a9f46161d2163f348ab0ffe082427ccb66c8d284cf92f43e485ee17e
- SSDEEP
  
  192:m1F4jUZ9VqRmqzZNhF1JH2HESdA65czZnhXRYQJxb:Qus2ZNH1d2kSlc9nhhpJx
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  29KB
- MD5
  
  e7f0ebd99eaa19c29d4e2ae88fd49de1
- SHA1
  
  077f537436e6d6436d0489e73a8e4f9666564266
- SHA256
  
  b9717b61587901d5364624a4828d59b972609402e9f88ccc0ea0f077518bfc41
- SHA512
  
  06928bb40d798ebc55c71ad4eb667e9e38448069458741c06185c6b803e2fffbc176f92a03b7017ddd77c162980d9dc819d8e5112af30bdbf1082e0cd8ce0b1f
- SSDEEP
  
  384:KFhsFGrcWrG1d/Eb+EH1m60stoGyzKyqSVIwwHKb1EDdEQWmPleIg:KccK1BU+EInnBzxQHK2sR
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  14KB
- MD5
  
  6bb0e9e6f644bcf75384948d015f01c0
- SHA1
  
  79c587990ff6573756b81af0c4b831e37c5e92fc
- SHA256
  
  3fdc35956e71f53edf875ab2f65f46501bd3e744512e712297ab62d46226f42d
- SHA512
  
  ff6dee6ab857a8175a2953481b9945bcc05db9f7dddbfd92e21bce51a6d00938e2a975963ab155a487493a42a3fcb35398937a8fb6609ee64a135858dd077d4b
- SSDEEP
  
  384:QjHoDW5cLd1WN9acy7sMySwuc0Kq7Vgom:8DAi/D8sMdc0T
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  10KB
- MD5
  
  abe90273a5755e1a8159c5906e66653d
- SHA1
  
  e108f0e1a8930cd91bcd3ec8afd1ff2f8c4ad1cc
- SHA256
  
  5c64c3bbb47eb142391f8251baa3fafca9a88f53c5eea791ee1de99d4079c47d
- SHA512
  
  5f2eb1dee5009aeca5189c893bee83dc700da166b450b25192bfdad446b1d222be9a64f52e3bb09009dfd584fd9581906052ddb47f37bb2f6dfd4659bf915c8f
- SSDEEP
  
  192:2iVxUIjllWhysbgdcYmgOPCESdA6vyai5yFpckL1ApSVFJ:2iVxUI/Wcdmg83SbJi56hApSVFJ
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  faa7f034b38e729a983965c04cc70fc1
- SHA1
  
  df8bda55b498976ea47d25d8a77539b049dab55e
- SHA256
  
  579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf
- SHA512
  
  7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf
- SSDEEP
  
  48:iYXzAm8HGJLvwM8GJFd6I7W4JtT2bxNNAa4GsNf+CJ8aYqmtlKdgAtgma1QvtCSJ:lz2mJkpGR6GY74GQ1YqmstgGCtR
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Atol.Drivers10.Fptr.dll
- Size
  
  78KB
- MD5
  
  3c46c36b845b1da2c2bd9e0667df0f60
- SHA1
  
  570dcc02f0cfb97c352363943285212c833229fe
- SHA256
  
  d0f9b82de64219e37556834fb2a7491468d2cbe1d324880c23a3bda8851b9e5c
- SHA512
  
  68d24d34813b98ffb4cbc3e8175a19d601a530631f118326101d77a71b1419e8c0915d955ca80ad43c4e54339e43eca6b5c1d8d79050af90e2eea31f06fbe9bc
- SSDEEP
  
  768:niBRRkTSSrfbbMOCA5rLBdMkynic6MYnhtX4WYdv0+9fhGQ/Yh1ltJ28lp3Aqob4:IRR7IjbMg5Gj6nRKvPB/U1XAq0Qn
Score

1^/10
behavioral13 behavioral14
- Target
  
  AutoUpdater.NET.dll
- Size
  
  416KB
- MD5
  
  4919c59e98c927eb902a9370a45e71b8
- SHA1
  
  4c08f77658d33e5aec0c8873f02779a87ed09334
- SHA256
  
  0f2b1c726e47166cfe30f0edbd0939b3723bf3e63fc4dd9d8d178d85a4bcc72f
- SHA512
  
  99af63dcce2b058e425fe6eb5d1a3480aabb18a6db9a98d001e81624b492b176a3cd9355c4ad30877adba5a5a65a9a400a3df206500f3c8b76a06cdf492b03ea
- SSDEEP
  
  6144:/P1vaSlxihxLdFyjg6jTdL22hR+AKPQj7EvH7lf3J5iqXPpe:X1vaQiZFb6jTZ2
Score

1^/10
behavioral15 behavioral16
- Target
  
  BarcodeLib.dll
- Size
  
  105KB
- MD5
  
  b44f8d102da1a8bea10674b2ed905114
- SHA1
  
  32e80ba45066e43b516ec4b178e0ed77bd1be2de
- SHA256
  
  9963d40abdaa5c03e34d9b2fe8280b1ae1d16002742e4caf36004c4b35309827
- SHA512
  
  9edd2ac06f91bea4eefb021251c1bc4a76e1118049bdcc019c852d8763d6277d3e242f27989fa2a87b31bbf6f1801c8901bb77020a29bf64d44753c2ae5d58e7
- SSDEEP
  
  3072:G7F2D+XFMx2d225/gOnanSSbVmMPhPPmeuPeuUV9oLXvIUP/SqlPB5sqBTxvNeER:jI2xo
Score

1^/10
behavioral17 behavioral18
- Target
  
  DualConnector.dll
- Size
  
  110KB
- MD5
  
  3f58bddae90e15f1fa267fddf7902d99
- SHA1
  
  0dd80152d5871f73219a54f73fb60321e91bf7a2
- SHA256
  
  7e563cbf11d1fbf882ef2a26ae34b5029231c129bd32926b9a509ba94d577ebe
- SHA512
  
  aaeb3b22944366510c0518cf9e769e76ea7f511d3fb8f537eb3c7864ca34e4ea100ffe0f481d0761ba7b37164dfb86eada6f29a6b2c68150f0524f4eb1c1f0f4
- SSDEEP
  
  3072:khRrCH4WItKl+ubqNGp/6Kr4xnRj/LW+YEHQvc6i:AQ4WIMBBpjEzjiZ
Score

1^/10
behavioral19 behavioral20
- Target
  
  HtmlAgilityPack.dll
- Size
  
  166KB
- MD5
  
  b1f442802185d272aa4ad63a59702675
- SHA1
  
  78911e2dca636a2568c43f53cb80d0230b691ccb
- SHA256
  
  2c256383dfa736459a1880734de625e7b181f3c9cd46ea072e692b57133f5a8a
- SHA512
  
  49bc45bfc44bf74498cce82785ff6b6a9854441cbe632f5b9d2661b955d9ab275701bfb3c6e40c9497659d982c401d179188ee72409b0eb2bd117838efa04630
- SSDEEP
  
  3072:1TAQW7ZBlGNJBrWNs0eDI1j60DXCYWFLZeQW+wFZTa:S5ZONJB/cV60WGVt
Score

1^/10
behavioral21 behavioral22
- Target
  
  HttpServer.dll
- Size
  
  86KB
- MD5
  
  9207ed5dba6e5944798de386902f8980
- SHA1
  
  d802a07917c3e8c326d69fea31b240a2e31dfb00
- SHA256
  
  8687a54d7099b225ff11100cea88a98049ded255f4e12de6c49d1f5e3c1460e4
- SHA512
  
  274e3a9734f16ff7696e59340a9240edd87c611ac2a8e055a68bc9ca8483167bb64439f6a771a348141a0ed7927b1986c5c9597f1aea06f6ee1b1daa03bb605e
- SSDEEP
  
  1536:+NxGEFlBwuwSxnvZOIIYw516n/HStGk+LPCxGNFphGutQMt:qxBe5c/lLP5NFphGuSMt
Score

8^/10

discovery
- Blocklisted process makes network request
behavioral23 behavioral24
- Target
  
  KKMAgent.exe
- Size
  
  111KB
- MD5
  
  d96d9d8a9b421ea214c48b577617a182
- SHA1
  
  2aed04e1a8ec1d478e7d97702c3e88532983a7f8
- SHA256
  
  2a79b92b28f741d75e810f4b5c93db87282fbda5e7afe4c3745d2704ca431ffe
- SHA512
  
  c21eb7438bb13575f8ec8055fbc0f07dae98726f912cbca28bad873085a192bad8cad9f8a093e5a440a5d319e9013fc76397705d400465a6dc3b1a72e0402c3c
- SSDEEP
  
  1536:Z209btw+XFaGpnlVMhrE8Os2VbkbNPMyivE+8GeHTFg9Q4PR2aAiwjGB07dQ4Ia:c07Xk6S+bZyivE+8GezFsQ4Z3KicQ4Ia
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
behavioral25 behavioral26
- Target
  
  KKMCommon.dll
- Size
  
  56KB
- MD5
  
  412bc4bbc10bf3472f99b1e1ab91ce8f
- SHA1
  
  979f40b4ceab4acc2952f7ba932a6dfcd6ceeb8c
- SHA256
  
  b7a8475b989a2c31ed4a1c5f993aa4a348437c12c8a29e86153a276e8228df70
- SHA512
  
  6962f57318cf4aa394eb313103555cacf5eca9961d3edc54392d8b8aaa178a800d41e0ce9735500b00e43e53e25b662f7d7eed683adea27b714aa26e15322e91
- SSDEEP
  
  768:v19NPZXTGlPLZK4BTy+H2zq74wGhzmH4navNIp2LOTlT07GFFUQFcVFp9:trRTi17WphaYnavNIpDxT07GFFlFcV9
Score

1^/10
behavioral27 behavioral28
- Target
  
  KKMLib.dll
- Size
  
  258KB
- MD5
  
  7c4568b5c5f1352a28e4832c044c0cfc
- SHA1
  
  64dd04ab3ec5e997eaf40fe6dd82ec1237ea4441
- SHA256
  
  96145e782d17721dafebf36f2c4d20a8098ae20fdfdbfab3f3b7c42bd23ba590
- SHA512
  
  3d2b54bb2b3764b771dffb73c85e69050b76b1721264f987f3b9cdb79b245e51b03186befed5c659cdcfec232a28fcb93ff6de69cc2e577770a58fb296eca470
- SSDEEP
  
  3072:EivO3D9NnsIFAmIt63COSmxa4ry+CwHlRQiygkerGGnmtD8PWYuG2TB5v6kadsv6:P6DzsqEk3urLPuRmtD8Pbd4OkXda
Score

1^/10
behavioral29 behavioral30
- Target
  
  ManagedOpenSsl.dll
- Size
  
  142KB
- MD5
  
  e74b45510cf9c1beb5563f89c5a48b5c
- SHA1
  
  442e709ee8903219765f0a769a4de7876b329c8b
- SHA256
  
  9915eb5ffdeffd6d704f146a6c373f9563968b62b72a3d26afd6babaa605d55c
- SHA512
  
  95b9a7b2b158fe1ab614548301e01e7cf6410e94799a6e36e028a39c3948be580154ad69204b6b54ebfeca20ab029d420f6e6673d247ea88605ddb3e51cd4d1e
- SSDEEP
  
  3072:zFlafpcRurmI1JrOOEL4/wHuheEKY5ok5VODKEMgka/H+:D1I1yM/e5GjEMy
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Blocklisted process makes network request

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32