General

  • Target

    AIMP.msix.zip

  • Size

    37.7MB

  • Sample

    241003-kg1e6athlq

  • MD5

    42cb39b338f2b1bc94f5ae483b048e30

  • SHA1

    d42cad9e12c144c243614210b12f5042aa39c35e

  • SHA256

    9953bbe13394bc6cd88fd0d13ceff771553e3a63ff84dc20960b67b4b9c9e48e

  • SHA512

    455ade7911281854df8964999a8d4b56089b8189423e89608924e2968ae5b0e67b0a663e6efb7c4be7e7381831b34d55efcfd5d2295453ab6e241eff211132d6

  • SSDEEP

    786432:ctaNhGe3qU+4Xhnv+QRSvI/6cwLPyyPxYZS9S25EPyl0SEDJZPe8682:KwQwVvbuI/eV99x5ycqfPe8F2

Score
7/10

Malware Config

Targets

    • Target

      AIMP.msix.zip

    • Size

      37.7MB

    • MD5

      42cb39b338f2b1bc94f5ae483b048e30

    • SHA1

      d42cad9e12c144c243614210b12f5042aa39c35e

    • SHA256

      9953bbe13394bc6cd88fd0d13ceff771553e3a63ff84dc20960b67b4b9c9e48e

    • SHA512

      455ade7911281854df8964999a8d4b56089b8189423e89608924e2968ae5b0e67b0a663e6efb7c4be7e7381831b34d55efcfd5d2295453ab6e241eff211132d6

    • SSDEEP

      786432:ctaNhGe3qU+4Xhnv+QRSvI/6cwLPyyPxYZS9S25EPyl0SEDJZPe8682:KwQwVvbuI/eV99x5ycqfPe8F2

    Score
    1/10
    • Target

      PsfLauncher32.exe

    • Size

      302KB

    • MD5

      e005414b82df848717581bd260725b02

    • SHA1

      6ad75f8152617858d463f36cf4b2ce432e0ad4df

    • SHA256

      312bd304860f9865ed4073f5baffde8df9907a1ebfedd2d1d637ab48db3ca004

    • SHA512

      be3d06d2049551e2d5acc3232c6d520236747d53dc49e388c6e616d1f7e1f6f7b6338a4e743773f5461589f2325a8a722af023009cc709f076f51e418382b562

    • SSDEEP

      6144:Z85jcjnYXSFt8NUBtirDpOzF2akGcoRJKCNWcWAOEOrCng:Z85jedFtOdEF2asjnzrag

    Score
    3/10
    • Target

      PsfLauncher64.exe

    • Size

      370KB

    • MD5

      bfcb4275530e99a5e3fca4614a645fb5

    • SHA1

      622421f44db52d39947e8229f7fa44a98339957f

    • SHA256

      338fc84d0b309a726bae061ae7ef727884fd43a71aff70900dbce27de07791ea

    • SHA512

      21cab7c56f53305038fa5603720853a38aeddf0dde2e02c9f1d0e83d6dbf9983f755b11a00d487bb8356b0ab69cf9e953a9786cd89e2180b7d428e038271c41b

    • SSDEEP

      6144:thxzPfoMtkmiZqfrnZSG85YhDFohEUMaWT4I+wKn:tnzPLtbWqDUsNFoOaGKn

    Score
    1/10
    • Target

      PsfRunDll32.exe

    • Size

      92KB

    • MD5

      96376177175a1b23a95c6498e9ffb2b5

    • SHA1

      f9d41e74bf714ed8ba60eac4f99060a5d5f92b26

    • SHA256

      324f1db0dbe4a6577425d0c3dd72d4681e5000cca9d17cc62a2af0fcce12eca2

    • SHA512

      f792432ac0c675548849ea238934ea84eadc44cd94eb9e2e7859267e20ea18a52a9d562602d96f61c5080e0fa94caa4ef6a41e49bafb670b7dd29e35490b48df

    • SSDEEP

      1536:IU5eCS6ZrIb3BIh7iCH+E+MteSQ40X/qchNXQDGdl0S6gsWRUchcdesCkwcmSZ0l:/eCh23BIhWCMSQ40XCMNl0F6kesCkwcu

    Score
    3/10
    • Target

      PsfRunDll64.exe

    • Size

      115KB

    • MD5

      8466f69926a22670dcf6515a4fc3c054

    • SHA1

      fd7a2d377cce9545fff272905af7016bd512aefc

    • SHA256

      b37f6780adc7c7534ab474c1a9b8a5fbc1a8e9df105be9be7a9e13d96385dbe4

    • SHA512

      5be11238923613169a2627b01db76a09b83e8215dd1872f8e96d8f646171bd9e365fa653da221671fd46258f661794b846ed09aa4369b5d55b3ac27f0b96b0e7

    • SSDEEP

      3072:poN2YAE6yqki92M43MBaxRjn+ryYA/M5sfhew:pgAE6yq0MBBijDM5sfd

    Score
    1/10
    • Target

      PsfRuntime32.dll

    • Size

      368KB

    • MD5

      a9f0eeb621dd5883258113cc4b490929

    • SHA1

      3c84cdde573eb0f94865f749d9095940cdef409e

    • SHA256

      11d6916d6066e481f5d19bb503f654dcf9cac80aef818c2b52a2a1f0ca2efd5a

    • SHA512

      336709007cb4723227f47ff153c99630209995315c8ecbbbe1ca24a48a133ed74ad6e557a123886dbb9a2022c752c67ef7c26524e6a59e8f0e125753a264c2fd

    • SSDEEP

      6144:gkIVNQKH9HisvT9/taRJ9AONndrKV1UaMCk7KxAOOCyXjmw:gkIVDvT9/t6nAuEMjOxICQjmw

    Score
    3/10
    • Target

      PsfRuntime64.dll

    • Size

      467KB

    • MD5

      61863b4c1aeefe10d69f54c03d373fd5

    • SHA1

      4b448f7b4358945b3e9d744d97d6b7c860e5c5b8

    • SHA256

      495b13461b13c3ce1c766d9899b860add4dfcd9e6b2dc5815389aed6e26cda0e

    • SHA512

      f97b69a5567e477ca67ad7f41933b00a57f74bb4f69c01161c17735b8bb35590cf06aff0fafe8308104e9385a0eb808d8735be9a744c8d2d100c9a9ea5f842a8

    • SSDEEP

      12288:ybYu1g7I2hxD54yFTuWwp6wYcoDvbAfE63U4:qg7I2hZDFTuW/wx+kHU4

    Score
    1/10
    • Target

      StartingScriptWrapper.ps1

    • Size

      14KB

    • MD5

      da5bf3010154020db9db4cf8832b42ea

    • SHA1

      15ba3dc3bbcb16a26839862d79b3519e74a5e03a

    • SHA256

      7778c658411a2f1649ced14cdfe8a92145c1c7fa53b1ce5b14920000fe99bd98

    • SHA512

      d70c6df571a069797f5eb1ac9a3e30293914b8f1378714e97ae0b881ee5a833f0944ee7246e2768ed74747637deade85306e837a25b1757a1bc3abb7d6eaa9e2

    • SSDEEP

      384:wrBzBV4OHcvFcYlu2V8uMcg5apqpBw2qFA5WFQExxR/c/mZ1:KBr4DSYlu2VzMcgwgBLqJQO/ceD

    Score
    3/10
    • Target

      VFS/Common%20Desktop/AIMP.lnk

    • Size

      934B

    • MD5

      939ebff0a076545c6e0a8a2aa9ae52ea

    • SHA1

      2a1ec6bd4ba90999e456dce1c5e1b048e8079bfa

    • SHA256

      1627a57adba199bee47175c8da39b64b0639621883476a483e4385db403847c9

    • SHA512

      19985e90d63186c4aff799e0a456887a2b3cb6d3c0fe0399158808d27ec88d5ea5b47913e397d94dd9091a42d3886d8fd0b85ef7d304eed88a26ba4514c59c65

    Score
    3/10
    • Target

      VFS/Common%20Programs/AIMP/AIMP.lnk

    • Size

      952B

    • MD5

      1bdec51aff128dd489551b74f9c0bef2

    • SHA1

      0cd76fb4a0711f3790ff6a836f13770af3d1e2f9

    • SHA256

      6c826646fd31bc0c6fe91e25931b3d02e96a0797815a858959210a8cfdc58ecf

    • SHA512

      cf4830330a635f4042c98356961d1ad51ff1a809cd5430c6e91126e60b56aef990eb371633cb3260461aee78eb1f176ab319dd22f587e51cf0598b8b7b14e5fd

    Score
    3/10
    • Target

      VFS/Common%20Programs/AIMP/AudioConverter.lnk

    • Size

      964B

    • MD5

      fb8b4b1512c334a28d02db245a4b43bc

    • SHA1

      d1d3f56d51d4e9499e43380d3e644d051a86f1c5

    • SHA256

      b5e441df06d2543d82e8ab2bc0eb8bf45d08a049da2896b6129e9796e91659f5

    • SHA512

      8817af5aeba6590ed645a4748413587b816fe467a5152d3a0785c28b17c451ebcde87c73d16602e47d4802874339143613fbf09c17017c4aa09c88bcf37dcaba

    Score
    3/10
    • Target

      VFS/Common%20Programs/AIMP/TagEditor.lnk

    • Size

      969B

    • MD5

      6ebe5f9581209108347dbe2c2599d9db

    • SHA1

      4eeb93dcbfa30a5e9b17670ee46c382df30196cd

    • SHA256

      3ae750a7fb9f8558e38ec773607af7c8b03a8fdd90c8a6d9beec59137bdb52ca

    • SHA512

      e1bb1b0dca9896df477a9e810c4dd46f49c5323d6f782f11cbe2b16105e1f5b551c1623c806b9fb72dfcb64e638e2052cf875c4dadf313583272ce34f9a7b25a

    Score
    3/10
    • Target

      VFS/Common%20Programs/AIMP/Uninstall.lnk

    • Size

      1KB

    • MD5

      026bca5d50df76c1f18a3c6fd07fd9c4

    • SHA1

      e1bd5dbfc307db06b87c7f2ff0284efbd623d8af

    • SHA256

      711fea3b1eb32d9c02bd0d64205909cbcd1c1fe09bd1e1bbe4dc05da3b54dc82

    • SHA512

      0709a0848d0833f4c7beba5e54197a33718036a720d7bb88dcb57d779c4535afe077cb8c8ed45f8d68b85f635b2aee44f23d578a0e33714205ca89cd13f5736f

    Score
    3/10
    • Target

      VFS/ProgramFilesX64/AIMP/AIMP.Runtime.dll

    • Size

      12.7MB

    • MD5

      bb0d3298fc6f89148e6b64be2c2379af

    • SHA1

      f77008d07cf06a6b352a23bdb0e593f77e25930d

    • SHA256

      1bcc26f1ea6e369f370612a956fdb7fd8a5045f62b02a1463e30528eb7d0af7a

    • SHA512

      818fd4e30132de2cdeaccc596aeeda07b7bf506a379af3f73c185e486f66b7ed05419aee50703754a6cbe8dabeb939cf612a8f6189725889937d4f558f39070e

    • SSDEEP

      98304:TMlLWra6jqEcKT7iLIecb+7i7JQj2kohFoOtME0:TMlivVkYJQjNot6j

    Score
    1/10
    • Target

      VFS/ProgramFilesX64/AIMP/AIMP.Shared.dll

    • Size

      4.3MB

    • MD5

      cc616bf07d94ae481debdd28de1f16fe

    • SHA1

      274804593a0d060bee8744b2f890dce68b33cbde

    • SHA256

      41a9fa1f175a3368d6cce5f4b0d490d6490c927db78f7bb10bad777ae1881b84

    • SHA512

      f0b3ba41026012a6a4a54209abdbfb6aee1185cdb5336c16702d6d91c958ce8232932b3c8c22f095e6f3b2a32e6cf9fc7f8eabee7a89af2c256cb5503a92369b

    • SSDEEP

      49152:+Rlj9iK3cKMvrcK5hZKizUHyheVtVjBd6Slgx2w3y:+n9Z7tVjBd6Sla2

    Score
    1/10
    • Target

      VFS/ProgramFilesX64/AIMP/AIMP.exe

    • Size

      5.8MB

    • MD5

      eb0eb5dc3234d7f0bb64b7ed5bbc7673

    • SHA1

      2190d5f1a09100557e9112d5720bf7c59231f20a

    • SHA256

      4a0e5ff986b8355155b3efac9935c988f3c1ee5768869d731e832124a52aa8e2

    • SHA512

      da15ae5c078aa25658179331eb8e83b1f361d101c84039d3e99db5e7ea9b9a455493d96d0a6fbc6cdcdf239d69d9366592b4341f424927faf0088d0dc0c28c36

    • SSDEEP

      49152:9Ngn7bu88oQ6BLXVXOmCzM3mwIqYTk/Co4Qaqp8Spdkck:9N+O6Btp1Co4UpFGck

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

discovery
Score
3/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

discovery
Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

execution
Score
3/10

behavioral16

execution
Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
6/10

behavioral32

Score
7/10