General
-
Target
epm_free_installer.17288686159294b32199.exe
-
Size
2.3MB
-
Sample
241016-a5dk7aydjp
-
MD5
91a21c1d08884e53cd6ddc5cb930fc49
-
SHA1
1ad3cc1e99573b145bc956417c26249b2041aada
-
SHA256
4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55
-
SHA512
d5fb68e5b9f045e0e775e81ec69ea58c09cb1eb2fcbca54f0395e1ce07799fe93901e40eb06fe45ab4662a9b3edab89e1ebff226b55522f0e3b8702aa11e3227
-
SSDEEP
49152:VcL+sgYt+1txi8vgR85eAZXmx/e7G+EpcII6v/SvnESvRknqKwoRnsToO5S:++sJt+1eYgS5z7G+EpcIIAyQRnCns
Static task
static1
Behavioral task
behavioral1
Sample
epm_free_installer.17288686159294b32199.exe
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
$TEMP/downloader_easeus/2.2.0/5free/EDownloader.exe
Resource
win11-20241007-en
Behavioral task
behavioral3
Sample
$TEMP/downloader_easeus/2.2.0/5free/aliyun/AliyunWrap.dll
Resource
win11-20241007-en
Behavioral task
behavioral4
Sample
$TEMP/downloader_easeus/2.2.0/5free/aliyun/AliyunWrapExe.exe
Resource
win11-20241007-en
Behavioral task
behavioral5
Sample
$TEMP/downloader_easeus/2.2.0/5free/aliyun/InfoForSetup.exe
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
epm_free_installer.17288686159294b32199.exe
-
Size
2.3MB
-
MD5
91a21c1d08884e53cd6ddc5cb930fc49
-
SHA1
1ad3cc1e99573b145bc956417c26249b2041aada
-
SHA256
4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55
-
SHA512
d5fb68e5b9f045e0e775e81ec69ea58c09cb1eb2fcbca54f0395e1ce07799fe93901e40eb06fe45ab4662a9b3edab89e1ebff226b55522f0e3b8702aa11e3227
-
SSDEEP
49152:VcL+sgYt+1txi8vgR85eAZXmx/e7G+EpcII6v/SvnESvRknqKwoRnsToO5S:++sJt+1eYgS5z7G+EpcIIAyQRnCns
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Impair Defenses: Safe Mode Boot
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Event Triggered Execution: Image File Execution Options Injection
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Enumerates processes with tasklist
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
$TEMP/downloader_easeus/2.2.0/5free/EDownloader.exe
-
Size
1.2MB
-
MD5
75c6aa0ea529a99be1aa7a6ce1d40eb7
-
SHA1
90b78031df82bb75366e26c5313ed2b5f41a4dc1
-
SHA256
2fae081440a24194dae7aeab20612cff53f6c94e6c0d09ead3ba2cba70a87e46
-
SHA512
d35250868409cb1c93471af557f895eaf76c38599c28730fb7a75300175c1b78c288e259d4d0d5fe1fefadb68c1f760ca6b1c2b7860598ddc1483b303cb500a0
-
SSDEEP
24576:2s/G6GbJFLBoVs9nIDak3ri91DcSF+oYPa5crmMO4k5mBc:2WsDsbWgo/5wBvk5mBc
Score4/10 -
-
-
Target
$TEMP/downloader_easeus/2.2.0/5free/aliyun/AliyunWrap.dll
-
Size
499KB
-
MD5
04bb1a799bcdba7643201749633e8a3a
-
SHA1
2039c43181f4a64bef31617749b517e30dae8a17
-
SHA256
84beff2c37a816ad67a2a9ed6cdb61469a1bb6971d22650e6c77098ac2fc6ebc
-
SHA512
4118717d6460aeeed7a8fcc8e5fb07abc1e55569bf5215e4f96b6c213bee73cd53cdc93953dbc0d923b1b9ad9cbbe06da78f5378e8777708928a6ab6073aea75
-
SSDEEP
12288:sErmJOpaClo3cm/jFjEwJaZECM4xv+Dk4Dl36PIp5HqEY727+:sBFYHnZQDsIbqES2q
Score3/10 -
-
-
Target
$TEMP/downloader_easeus/2.2.0/5free/aliyun/AliyunWrapExe.exe
-
Size
112KB
-
MD5
5d4e7b1182cf2e949223874e745e1b2a
-
SHA1
bca1eee3d745456f2cab6bee060e1ff01aa34b1a
-
SHA256
8465c20acc7934dee0c3856a665bd62670ee897d7e3f8265d6588f1279aefab6
-
SHA512
076db0349c321aa20cca3bee934a068ec2414d7af3dba80d18f9954d6d25b8a97fbb68c37fc7b9e9158ac6e146e35c9ada4dfe681bd5bc4abfe610ebbcb91ad3
-
SSDEEP
1536:O5LFMyXcLzwXUCyFw13KR8DQ8VrD4y2Lk34SPkRuD82ZnxWjckbiQOe0W2/5CE7Y:meXzrDmQ8Vd2Lk3BHxWn0B/5CEdC
Score3/10 -
-
-
Target
$TEMP/downloader_easeus/2.2.0/5free/aliyun/InfoForSetup.exe
-
Size
61KB
-
MD5
590682b853848e2119f74d9b79a079c0
-
SHA1
dfd265c022b769245e1217242af2f0f77cbe3432
-
SHA256
d824d6f746c8dfb8c5aefff3ead1b66a6d770075c7400445b4bb8b668de0ee41
-
SHA512
f896dad146a9939f8c65cdd932cca408c589558e7d6693dc5b25c811935ae2ed3f43acd6783aa47b83d632baa7ce9298c251e03e4132110e589ccf2bdf195bd8
-
SSDEEP
768:Tlo/MU0MQBr6xtYlQsSPIe5HLF//6HARKUu1qG5n3KgpnTgy/MId50LbpYiBwB:TeEZMQBru2n4LVCH8KUjGpJT50Z7Bg
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
3Change Default File Association
1Component Object Model Hijacking
1Image File Execution Options Injection
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
3Change Default File Association
1Component Object Model Hijacking
1Image File Execution Options Injection
1Defense Evasion
Impair Defenses
1Safe Mode Boot
1Indicator Removal
1Clear Persistence
1Modify Registry
4Pre-OS Boot
1Bootkit
1