Overview
overview
6Static
static
3rcsetup154.exe
windows7-x64
6rcsetup154.exe
windows10-2004-x64
6$PLUGINSDI...nt.dll
windows7-x64
3$PLUGINSDI...nt.dll
windows10-2004-x64
3$PLUGINSDIR/INetC.dll
windows7-x64
3$PLUGINSDIR/INetC.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$_107_/$_1...UI.dll
windows7-x64
3$_107_/$_1...UI.dll
windows10-2004-x64
3$_108_/lang-1025.dll
windows7-x64
1$_108_/lang-1025.dll
windows10-2004-x64
1$_108_/lang-1026.dll
windows7-x64
1$_108_/lang-1026.dll
windows10-2004-x64
1$_108_/lang-1027.dll
windows7-x64
1$_108_/lang-1027.dll
windows10-2004-x64
1$_108_/lang-1028.dll
windows7-x64
1$_108_/lang-1028.dll
windows10-2004-x64
1$_108_/lang-1029.dll
windows7-x64
1$_108_/lang-1029.dll
windows10-2004-x64
1$_108_/lang-1030.dll
windows7-x64
1$_108_/lang-1030.dll
windows10-2004-x64
1$_108_/lang-1031.dll
windows7-x64
1$_108_/lang-1031.dll
windows10-2004-x64
1$_108_/lang-1032.dll
windows7-x64
1$_108_/lang-1032.dll
windows10-2004-x64
1General
-
Target
rcsetup154.exe
-
Size
25.3MB
-
Sample
241015-3slegstake
-
MD5
990c04965d0069c6b30399bd7996d26e
-
SHA1
de2cf03a1dbdbe1b02327e92aeaef96a583280df
-
SHA256
dbf0895d886b428c8465ee57aea56a7e7b6e4c003efd04ca00d216a2d821eac9
-
SHA512
6cd56b81ca5e4850b24bf3ba76d3975430f672ea1692f511e1a74a4fdb9d83f1a37ec21a35c3b540a37cbd9259720a3d6686acdabe522c44d2cf3a5ac73cff6a
-
SSDEEP
393216:9XswzpKCszHe29+awN4Ac4Li2qtl5TtBgT2ef9su3OMJfS6uWuuJ3CCfTpTTofm:93zeBFwaf2OTtB3ahfSzuJ31Fvo
Static task
static1
Behavioral task
behavioral1
Sample
rcsetup154.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
rcsetup154.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ButtonEvent.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ButtonEvent.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/INetC.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/INetC.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/g/gcapi_dll.dll
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/g/gcapi_dll.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240729-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$_107_/$_107_/pfUI.dll
Resource
win7-20241010-en
Behavioral task
behavioral16
Sample
$_107_/$_107_/pfUI.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$_108_/lang-1025.dll
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
$_108_/lang-1025.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$_108_/lang-1026.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
$_108_/lang-1026.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$_108_/lang-1027.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
$_108_/lang-1027.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
$_108_/lang-1028.dll
Resource
win7-20240708-en
Behavioral task
behavioral24
Sample
$_108_/lang-1028.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
$_108_/lang-1029.dll
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
$_108_/lang-1029.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
$_108_/lang-1030.dll
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
$_108_/lang-1030.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
$_108_/lang-1031.dll
Resource
win7-20241010-en
Behavioral task
behavioral30
Sample
$_108_/lang-1031.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
$_108_/lang-1032.dll
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
$_108_/lang-1032.dll
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
rcsetup154.exe
-
Size
25.3MB
-
MD5
990c04965d0069c6b30399bd7996d26e
-
SHA1
de2cf03a1dbdbe1b02327e92aeaef96a583280df
-
SHA256
dbf0895d886b428c8465ee57aea56a7e7b6e4c003efd04ca00d216a2d821eac9
-
SHA512
6cd56b81ca5e4850b24bf3ba76d3975430f672ea1692f511e1a74a4fdb9d83f1a37ec21a35c3b540a37cbd9259720a3d6686acdabe522c44d2cf3a5ac73cff6a
-
SSDEEP
393216:9XswzpKCszHe29+awN4Ac4Li2qtl5TtBgT2ef9su3OMJfS6uWuuJ3CCfTpTTofm:93zeBFwaf2OTtB3ahfSzuJ31Fvo
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
$PLUGINSDIR/ButtonEvent.dll
-
Size
5KB
-
MD5
c24568a3b0d7c8d7761e684eb77252b5
-
SHA1
66db7f147cbc2309d8d78fdce54660041acbc60d
-
SHA256
e2da6d8b73b5954d58baa89a949aacece0527dfb940ca130ac6d3fd992d0909d
-
SHA512
5d43e4c838fd7f4c6a4ab6cc6d63e0f81d765d9ca33d9278d082c4f75f9416907df10b003e10edc1b5ef39535f722d8dbfab114775ac67da7f9390dcc2b4b443
-
SSDEEP
48:a7sTTDi+BjvqYR4gYFmsHFpXq65lZ9W5wOXnhLk4nOvlWxG5PZKuB:ri+BjSXgY8sHFE6TzWXzncsGSm
Score3/10 -
-
-
Target
$PLUGINSDIR/INetC.dll
-
Size
23KB
-
MD5
7760daf1b6a7f13f06b25b5a09137ca1
-
SHA1
cc5a98ea3aa582de5428c819731e1faeccfcf33a
-
SHA256
5233110ed8e95a4a1042f57d9b2dc72bc253e8cb5282437637a51e4e9fcb9079
-
SHA512
d038bea292ffa2f2f44c85305350645d504be5c45a9d1b30db6d9708bfac27e2ff1e41a76c844d9231d465f31d502a5313dfded6309326d6dfbe30e51a76fdb5
-
SSDEEP
384:l4Z8sUAUNuGGsPVPEZ+OLkCnFJDhgvZwcRa9h9S4y4fO:lG8sUAUnt88CFJDhmajMA
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
cff85c549d536f651d4fb8387f1976f2
-
SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
-
SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
-
SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
SSDEEP
192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score3/10 -
-
-
Target
$PLUGINSDIR/UserInfo.dll
-
Size
4KB
-
MD5
2f69afa9d17a5245ec9b5bb03d56f63c
-
SHA1
e0a133222136b3d4783e965513a690c23826aec9
-
SHA256
e54989d2b83e7282d0bec56b098635146aab5d5a283f1f89486816851ef885a0
-
SHA512
bfd4af50e41ebc56e30355c722c2a55540a5bbddb68f1522ef7aabfe4f5f2a20e87fa9677ee3cdb3c0bf5bd3988b89d1224d32c9f23342a16e46c542d8dc0926
Score3/10 -
-
-
Target
$PLUGINSDIR/g/gcapi_dll.dll
-
Size
348KB
-
MD5
2973af8515effd0a3bfc7a43b03b3fcc
-
SHA1
4209cded0caac7c5cb07bcb29f1ee0dc5ac211ee
-
SHA256
d0e4581210a22135ce5deb47d9df4d636a94b3813e0649aab84822c9f08af2a0
-
SHA512
b6f9653142ec00b2e0a5045f0f2c7ba5dbbda8ef39edf14c80a24ecab3c41f081eb466994aaf0879ac96b201ba5c02d478275710e4d08b3debc739063d177f7e
-
SSDEEP
6144:O3RIclFikwwYUP5SvL8z6uNMw4n8kUddV6F8Q4cfRUWj/aNTcES:O36SwwviL8VgnaddV6F8Q4cZBzES
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
6c3f8c94d0727894d706940a8a980543
-
SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd
-
SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
-
SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
-
SSDEEP
96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc
Score3/10 -
-
-
Target
$_107_/$_107_/pfUI.dll
-
Size
18.2MB
-
MD5
7e36940483a62f7e3bdd30d95ef37b93
-
SHA1
5e5624afd2170a8f32fbc52bc296caf4a16e211d
-
SHA256
a639f28eb67410b9d685ff7eb564eb8c1a45f1116a6c520321510c8c6eb89923
-
SHA512
32d12fb13fed59b7801f32a2d65cc54739e99f289398fa62bdf3e952c5c3561819c8d75b35bf2f127967585c11a272a633470ca7325b16c06453d4f06eded663
-
SSDEEP
393216:r9lsh4VsJYxHK4r0vLKvk7yYzB/iN6w+AG0:BmGVs4l5v8yYzBKsw+Ah
Score3/10 -
-
-
Target
$_108_/lang-1025.dll
-
Size
44KB
-
MD5
0d3d447c9970765f19bb7cd782756028
-
SHA1
dd84e86a91cc362fd5e08eb4f1f3910edf0076ed
-
SHA256
0dd80b0a75d09c587b54e4c527af5650ce0678d8dfb2627ff097439853b71a0a
-
SHA512
c35514f6b1960122d0986c830fad03cad328cc7e690c4428d60b1645148b00a74eae4b837dcb8d1889ba7de5b6388da8370b04db1d019daa7d73da95fd2e919d
-
SSDEEP
768:ePVpM7puy+sCFdveQY/0CjEc4ICxrQRx4hl84XMFYilIAMxkEO:ePzMAmQY/F4e4XO7gxC
Score1/10 -
-
-
Target
$_108_/lang-1026.dll
-
Size
46KB
-
MD5
71ecb94a15e9596a8bbcca5c4e3274dc
-
SHA1
e869a7e6a47df81e390bc09e7fd4c7f3b62cd2b4
-
SHA256
10b7e73b445eb063300f8d5b76cc8b91e3de63ee4084c4766a7d68000a5a52e6
-
SHA512
c3c4cbac2f2ef6d7f167d1a1835d978d559911bb5245276cae42b9c82435f63def34c49b564c61f76a7647c68cee64267980842db6d12cb5ccd85e9780bebbce
-
SSDEEP
768:OPCpjxS93hokCxmfOP4PKQlVXTYikAAMxkEk:OPwQ93hcTOXT7vxw
Score1/10 -
-
-
Target
$_108_/lang-1027.dll
-
Size
51KB
-
MD5
b581c8a181139d70fc96d38634ff21b4
-
SHA1
806aaa63ddfb0dd1ecb3d529c56d11631d833935
-
SHA256
8156b27c1677ff3d5a0208aed2e01cec4d5e5b55e3390875329340d5f7972a27
-
SHA512
5844e3dbe0af811e533012c0ff30bbd06716ae836af618c692b182864e9b736de5c40007aff6cb0dc32bd1999b8a55d7328f6306c2f38e0dc82510988781e2d6
-
SSDEEP
768:HPs6VX8o9aTNSWMd7eJMSCFG1uhq75C5f5viRPAz9yMJYFuaSRaIw1go0kSIoUlx:HP9jYnyUeNvcnirI6o+X47UxU
Score1/10 -
-
-
Target
$_108_/lang-1028.dll
-
Size
27KB
-
MD5
6fc9bcf180db0001a26175b15958f3aa
-
SHA1
0d0623371908b2ec26b7bd158c52e02d43ae0627
-
SHA256
16b27a8f4cf64a56cfdb8fe84ac497c8fbdaac3385bc0975ae63c39820f311d3
-
SHA512
9f3d80f4b6a61c5a587303876bdf1ad1e180485f62a032cf372e01a2c48a82b30d455bc8ce702d25fd6ee873ecf8fea15110c7cd882c11a06e3206f44e29d055
-
SSDEEP
384:UP3Rmn+l5vWw93L/j+RgkcRkGBPY+okbqyWa4fE+rdUIYi0cRU2AAM+o/8E9VF0h:UPBmn+fjbySXq+of9aIYis2AAMxkECx
Score1/10 -
-
-
Target
$_108_/lang-1029.dll
-
Size
46KB
-
MD5
aa0a34b36afe2d138c34db2e78de8c0f
-
SHA1
3bc66cc08c2380c1cb9a59ba879e67163b5edd7e
-
SHA256
bb648a873d5df48f1e2c3b7889c7ddbeddcfcc3d9ffdfdb5312a06e639fd7146
-
SHA512
95e2ee106e9b93da124edb9e7ecad8ed5d990221643be3d6632cc6c9cc4b99fe6a110404c768f8a3c377f6df0b9eb5d66e5db1651cc85db9579e547cefff8aaf
-
SSDEEP
768:MPZ2yVKJqdpBXvZ1X0m04I1hGxBQmRMtzaZG2mpXdYiENCAMxkEz4:MPZgExpbI1EQlXd7VxY
Score1/10 -
-
-
Target
$_108_/lang-1030.dll
-
Size
46KB
-
MD5
36805a518e09fd2c3c542658b7236685
-
SHA1
ba348d4370cb8fab13c571ff901a99d0da2e1f9c
-
SHA256
66be2616822511ddb956e352ed21beccfa5ae9299f5c925838161b26bba454ac
-
SHA512
0a2a280745926cacb75830385ffae5250a29f61e211f77f9fd332e23b712370b7ba710477d4172968bc26b154f428df086626b6e3830057e1e5e8b688eef09cc
-
SSDEEP
768:jPSrISbuV9apL2tA6EDTo4brqXIVJpWsJlF4+wKRvo5Kw3QYinCAMxkEY:jPXHUzouqYVJxi7YvaQ7Ax8
Score1/10 -
-
-
Target
$_108_/lang-1031.dll
-
Size
49KB
-
MD5
7bc339dfcea7528971b93abcad36b81e
-
SHA1
e2843316fca4d43cc64620ea74e3835a122e7445
-
SHA256
e8c68e0bb516fd172c966c78fccb934fcc034e9b4cb909d3356b2f894ccf9177
-
SHA512
afb8b2a99cff2bd12e4bc66f3a94850175ed58f572d66bdb6012a6414b3055f035244814b4d1881263385c77c88ad06d1ce9b9cd5e6a261138fb4f37069df26a
-
SSDEEP
1536:ePXVRWROry0rguqQgGHw8LZPL66mYvsGOAEYz/q4lfOVM+IgS/XW+J6ES/OepRCb:2VRWROry0rgL+Hw8LZPL66mYvsGOAEYN
Score1/10 -
-
-
Target
$_108_/lang-1032.dll
-
Size
52KB
-
MD5
60acdcb72ba110396610e2e1df7b1638
-
SHA1
1bef00663a3625ac19fb0d8c8a304674094f9b24
-
SHA256
21bb1f597d5e6ec2835eb9065a11e8bd39ca865102f4de20cb676fbb1a331ac0
-
SHA512
524bf6b53c053a6338a8f5479df2e69240de9d466de563f95da113f12e977e310571b4ae7bd7d6949da2c605444aaf8166b724751abfc6b25749b8197ba0e3e6
-
SSDEEP
768:DPwHSM/6YQeAcdvneC11Btg4c1qJsaFKo+2BnS58YiJCAMxkEN4c:DPwHSk2ohuaFD3BnS5876x9
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1Component Object Model Hijacking
1Pre-OS Boot
1Bootkit
1Defense Evasion
Modify Registry
1Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1