b7a72c3f23c3e265caa74c60acbef350b268745c1e451a27e915011c720155f8

Resubmissions

13/10/2024, 11:52

241013-n15qrsvdrc 5

13/10/2024, 11:50

241013-nzlaqszcqk 5

Sharing

Copy URL

Twitter E-mail

General

Target

BDCAMSETUP_ENG_4_1_2_1385.EXE
Size

17.1MB
Sample

241013-nzlaqszcqk
MD5

f16613c3a3b77319538c9d5aaa2901b8
SHA1

64c2e645d00f5cabee070dec31527e021ba2edc3
SHA256

b7a72c3f23c3e265caa74c60acbef350b268745c1e451a27e915011c720155f8
SHA512

34593fcb6738acbd3fb455c03a018648d2650c7c589de000d3fdfa6bc4b29364eeffd962f106870e5868af8dd941a858ee6b8e27d9759e79bccaa222a1fffaa1
SSDEEP

393216:xHtmmkxvpntFfcAeBhgUDnuUS+qjkS5LsTQAqy0hPusNfznm4h4:jmmkxx0D7uU+hAqy0jNr/h4

Score

5^/10

Malware Config

Targets

- Target
  
  BDCAMSETUP_ENG_4_1_2_1385.EXE
- Size
  
  17.1MB
- MD5
  
  f16613c3a3b77319538c9d5aaa2901b8
- SHA1
  
  64c2e645d00f5cabee070dec31527e021ba2edc3
- SHA256
  
  b7a72c3f23c3e265caa74c60acbef350b268745c1e451a27e915011c720155f8
- SHA512
  
  34593fcb6738acbd3fb455c03a018648d2650c7c589de000d3fdfa6bc4b29364eeffd962f106870e5868af8dd941a858ee6b8e27d9759e79bccaa222a1fffaa1
- SSDEEP
  
  393216:xHtmmkxvpntFfcAeBhgUDnuUS+qjkS5LsTQAqy0hPusNfznm4h4:jmmkxx0D7uU+hAqy0jNr/h4
Score

5^/10

discovery persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  720304c57dcfa17751ed455b3bb9c10a
- SHA1
  
  59a1c3a746de10b8875229ff29006f1fd36b1e41
- SHA256
  
  6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9
- SHA512
  
  c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04
- SSDEEP
  
  384:E1C43tPegZ3eBaRwCPOYY7nNYXC0A/Yosa:E8TgZ3eBTCmrnNAf
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  17ed1c86bd67e78ade4712be48a7d2bd
- SHA1
  
  1cc9fe86d6d6030b4dae45ecddce5907991c01a0
- SHA256
  
  bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb
- SHA512
  
  0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5
- SSDEEP
  
  192:eY24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol+Sl:E8QIl975eXqlWBrz7YLOl+
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $SYSDIR/D3DCompiler_47.dll
- Size
  
  3.5MB
- MD5
  
  7375633014ca3bcabf6d337abe399afc
- SHA1
  
  bbaf4aa50ffc0d2bd363d5debe56d41121a1fec2
- SHA256
  
  80b8f0435b379b18bbfd91f9e62e3797b3e9bf07d77bb8e5201a74f590cba37a
- SHA512
  
  d81bfffb7b031f48e08ddf9d3f4862851ed87ce50d149c63eb74fa68d92e336c1da66a5bcceb55f22211c877441570111439d7383597ad6a2cecdbd5b7502990
- SSDEEP
  
  49152:VtdNhilBx6wvXmPwJTtLgvUACN5m5fsRu9qLHyPQiC7:VTNUlBUwv5hdAGQfsRu2uk
Score

3^/10

discovery
behavioral7
- Target
  
  $SYSDIR/vcomp140.dll
- Size
  
  178KB
- MD5
  
  1cd23a0f3daf4210f86ba8eb60b2612b
- SHA1
  
  979ab8d98d27fc0c8810822d80a4f1361657f21d
- SHA256
  
  dbc67dd65ef7d68bde9147c6244e7aaa8cb275ed6d0ef60301c7e4fbb95a5a42
- SHA512
  
  90941648d2cebf4bcd65e54c503a2ced7362fe2b5afa6772b0ecc8ca945d2e43ea14e90a17e64f3eab8ef76ecbb0ea3cc801dbcfeaa8a90ab8b1fe2e081c17c6
- SSDEEP
  
  3072:KDGRbh7RozAcuolrdTl2E72uRcQnFCt+DVFf/w62dQ:HoTuIT73CG/SQ
Score

3^/10

discovery
behavioral8 behavioral9
- Target
  
  $TEMP/BDMPEG1SETUP.EXE
- Size
  
  1.4MB
- MD5
  
  461d135a4fccd51bbae38f742e123fd3
- SHA1
  
  c12a442fbcd4a9c44102f0a560ba03d59bc501ed
- SHA256
  
  4c441e7d744a2a273f780103bcf5bcb1e32c2d9c6a32b62f9044b32107544079
- SHA512
  
  41eb816bf0cc0ca12b5c6c07517cd718b8701255ea81e94ffc937f2538b8cdf5db24751cdbc22fefd6496b767fc0d631fea76216b0363f4b625557097b3caaee
- SSDEEP
  
  24576:KmJpkgDvk80bh06JsAD8JLPHXcovQjy1jR8Qlq7m5xHlwP4mWunSCiwpFHNi:KUM80bO6JsA+jnb9iZK5plDjCTpFU
Score

5^/10

discovery persistence privilege_escalation
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral10 behavioral11
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  67d8f4d5acdb722e9cb7a99570b3ded1
- SHA1
  
  f4a729ba77332325ea4dbdeea98b579f501fd26f
- SHA256
  
  fa8de036b1d9bb06be383a82041966c73473fc8382d041fb5c1758f991afeae7
- SHA512
  
  03999cc26a76b0de6f7e4e8a45137ee4d9c250366ac5a458110f00f7962158311eea5f22d3ee4f32f85aa6969eb143bdb8f03ca989568764ed2bc488c89b4b7f
- SSDEEP
  
  192:CsIZHdT9uwYX94kYd2iCzHR+yK7imphLAykycpKPd5m78ozxGUWumle:CsUHd9GN2d2iwl0impATIPdA78Ov6
Score

3^/10

discovery
behavioral12 behavioral13
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  959ea64598b9a3e494c00e8fa793be7e
- SHA1
  
  40f284a3b92c2f04b1038def79579d4b3d066ee0
- SHA256
  
  03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
- SHA512
  
  5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64
- SSDEEP
  
  192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe
Score

3^/10

discovery
behavioral14 behavioral15
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  d16e06c5de8fb8213a0464568ed9852f
- SHA1
  
  d063690dc0d2c824f714acb5c4bcede3aa193f03
- SHA256
  
  728472ba312ae8af7f30d758ab473e0772477a68fcd1d2d547dafe6d8800d531
- SHA512
  
  60502bb65d91a1a895f38bd0f070738152af58ffa4ac80bac3954aa8aad9fda9666e773988cbd00ce4741d2454bf5f2e0474ce8ea18cfe863ec4c36d09d1e27a
Score

3^/10

discovery
behavioral16 behavioral17
- Target
  
  $SYSDIR/bdmjpeg.dll
- Size
  
  69KB
- MD5
  
  69bc2386dfa5e79bcdd1079b59cca1c4
- SHA1
  
  9a3c030025538ebb1e41c110eb1aea60d888351c
- SHA256
  
  5e81801c3fe84b58dea91c664d4036922c50378207d4ab2853ed59309c03b6f6
- SHA512
  
  f4bf717ef00f6a14b6560aeb8b1efc1e1455eeebf20c2d7745520c5993659793cf09d3d4357388783adf643676fdfe6066c593f62705a9066541d203b6a68a52
- SSDEEP
  
  1536:0pt++CjgDoSOGL7Yx9FiPmeRmpOV+yV+x2W:0f2UDodEPmeRmpOV+yV+x2W
Score

3^/10

discovery
behavioral18 behavioral19
- Target
  
  $SYSDIR/bdmjpeg64.dll
- Size
  
  73KB
- MD5
  
  531f17189c60ed61bde4dcc82cc66b59
- SHA1
  
  77cf2141da3a67f51a8a02376ca9d4481f3e4614
- SHA256
  
  4d4551ae19a5aa41fd235a73a9a3bbdda68560968c33f14549fe1ad49de1ded0
- SHA512
  
  b552e8b6e84cf8df6f01b3aba48794fa30fd239cf6f43c658319f38c8a19de555f1204ef1041e57c8ca8318d2ea7c627b3f0ff384fe5768ed4e2212099b22cf1
- SSDEEP
  
  1536:wJQoyIo3+9mAORBlOQZXAkMLakTwritg/49V+DV+62t:FoyI4om/R/CkwakMritg/wV+DV+62t
Score

1^/10
behavioral20 behavioral21
- Target
  
  $SYSDIR/bdmpega.acm
- Size
  
  69KB
- MD5
  
  9b3c54a9c49ca00f5a9da7c7f84a57f9
- SHA1
  
  3fb1409da3e1f87eb4fd35cbd92549f3962f5304
- SHA256
  
  940cfe50336b7865787ee94a7292aa9e38f4ec8714ae06e2969b76b473834cc2
- SHA512
  
  48c7a129ae02a4ea4f2ebb4b8e28b8eaccfcfb37a5fd9b51aec868b45d630e585bd73018225dbbdb1a6fa66382db0420f8f9f8e88efa5149b20f2c5ae1407552
- SSDEEP
  
  1536:WSnI0PYUuguZ707dBDUtatRc3AV+jV+m2P:WkI6h7BDUtatRcQV+jV+m2P
Score

3^/10

discovery
behavioral22 behavioral23
- Target
  
  $SYSDIR/bdmpega64.acm
- Size
  
  74KB
- MD5
  
  2f42956d6772a840d47c92c48004c946
- SHA1
  
  a51670ba15ddb1f53bb2c0ad4364a330287c627b
- SHA256
  
  6b3a8585421d68d70f935bc5a656bf5edc6117ebb95f98ef710a4adff5281d1d
- SHA512
  
  4198a8b942fe561d64f7358d26ec67319c8137ba78609066a094ac63f6da56e2bbee38c8dab04757a8a0a956615dfda0d259763a9e2288351a0c39eef28eb93a
- SSDEEP
  
  1536:C2WopVs/uBbcwOTlZTd7wOtO7FxrjaAvvE6V+AaV+0q28:5WopC+bly7fO7FxrjaAvnV+tV+Z28
Score

1^/10
behavioral24 behavioral25
- Target
  
  $SYSDIR/bdmpegv.dll
- Size
  
  69KB
- MD5
  
  90476773f98f4ae0a3cb013f4d21650b
- SHA1
  
  1fad203382e8479be70da44f1ff16b50d12f9e69
- SHA256
  
  ecc73f635ef7f9c165d693acee9250f763caa7e7b6b7795c32823f2e9fd739d9
- SHA512
  
  efeb534a53beea8d7930f230095c57cc4d2a3a501ad356c87c5015d175861dec7fff9584741eb77c70c4ced739754c6097e3f499f061bb13382a9ffc2d6d4e12
- SSDEEP
  
  1536:zQmp+kyjgKeemXkIh9FixwKaRokOV+AwV+D2xn:E0EUulxwKaRokOV+5V+D2xn
Score

3^/10

discovery
behavioral26 behavioral27
- Target
  
  RegVulkanLayer.bat
- Size
  
  118B
- MD5
  
  b35e7d846a436bf1bc48b53125176f0b
- SHA1
  
  6e859c9374441da33fb404bff2041bbb6b068f23
- SHA256
  
  8198189537e866909dbeb383bb3ce43fec3351fe85ca8ddc8e9955193054f808
- SHA512
  
  00644acf7e72887e4dcc3e29a83362f17fd3f5338d640b0f85407f8ed173f4f3763e2a6e85dca3fdbad2495b90c3aa1761859bdfe539231b250e93ba504a56e2
Score

3^/10

discovery
behavioral28 behavioral29
- Target
  
  UnregVulkanLayer.bat
- Size
  
  122B
- MD5
  
  13e241026906e9c49e8dcc436313dc55
- SHA1
  
  3d2c1fdb2e0166f915796569c6e4c04167aba9d3
- SHA256
  
  ec319ae952e4ffac8ff5edede7029050d53452a4df9bc026de3375ecfa983a44
- SHA512
  
  338fd96cad17b7f73328b9361a9a23da5c184c39a0fb185d772719daa2eb7abc268834fcba5cc2f0d6e6adf1b6364d3f7e59f9b330dba1ce769674cad295b0c7
Score

3^/10

discovery
behavioral30 behavioral31
- Target
  
  amf-component-vce-windesktop32.dll
- Size
  
  198KB
- MD5
  
  6ef74574e1b3b95d4a76a7496531180b
- SHA1
  
  00bbdf84eef8e5c3763801cba3bc9e75677ed2b5
- SHA256
  
  ca1e172624ac5ec0255c98acbe10d3b046c55d34df1f346189ada3701f32cb28
- SHA512
  
  d2feae0282480e7dcd016009171c5ff0feef61302be32f04fe0a12b8cae242f4cbf7893f8942ccf82d5767c21ce0a1185b89ff341ca2d833cb12d4902957fe83
- SSDEEP
  
  3072:dF3iiufuPikCgSwMnoEZ5UnYnOC8YhtsZKakU7n8TL57yGMwOBueNhGre:nSluPikCgStossZKakU781yG3OBueS
Score

3^/10

discovery
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Checks computer location settings

Drops file in System32 directory

Event Triggered Execution: Component Object Model Hijacking

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Event Triggered Execution: Component Object Model Hijacking

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32