General
-
Target
pct_trial_installer_20241016.17291248214345b9952.exe
-
Size
1.5MB
-
Sample
241017-arw6davfqj
-
MD5
ea7ec8fe149f4a57f984673107ebf35b
-
SHA1
bf23dc31b52af0f3a3d25bf05ef98721a2082e71
-
SHA256
ceb8acbdf48ee006b368fd5fa86aba3a9e8afee375afcc08940422949368b710
-
SHA512
fd6705ec5bca37c8584df99bc22a1a439d7b3aa3f0b5edfb4e50ad266102339f5ef79d6118a9de1a08a1f2dcb0b3a9d89d8e09bf4cf34e419500688225015ecc
-
SSDEEP
24576:wtVrIcgpwG+yO2FU8Aj+X4cT+SOAh0IogVJ8EUXtvqYgRDm02MlnXjZ2nnWAN6Mv:ylgpwNynUNjwo9IodEkCr9HT2nnbQMv
Static task
static1
Behavioral task
behavioral1
Sample
pct_trial_installer_20241016.17291248214345b9952.exe
Resource
win7-20240903-es
Behavioral task
behavioral2
Sample
$TEMP/downloader_easeus/13.0/4trial/EDownloader.exe
Resource
win7-20240708-es
Behavioral task
behavioral3
Sample
$TEMP/downloader_easeus/13.0/4trial/aliyun/AliyunWrap.dll
Resource
win7-20240708-es
Behavioral task
behavioral4
Sample
$TEMP/downloader_easeus/13.0/4trial/aliyun/AliyunWrapExe.exe
Resource
win7-20240903-es
Behavioral task
behavioral5
Sample
$TEMP/downloader_easeus/13.0/4trial/aliyun/InfoForSetup.exe
Resource
win7-20241010-es
Malware Config
Targets
-
-
Target
pct_trial_installer_20241016.17291248214345b9952.exe
-
Size
1.5MB
-
MD5
ea7ec8fe149f4a57f984673107ebf35b
-
SHA1
bf23dc31b52af0f3a3d25bf05ef98721a2082e71
-
SHA256
ceb8acbdf48ee006b368fd5fa86aba3a9e8afee375afcc08940422949368b710
-
SHA512
fd6705ec5bca37c8584df99bc22a1a439d7b3aa3f0b5edfb4e50ad266102339f5ef79d6118a9de1a08a1f2dcb0b3a9d89d8e09bf4cf34e419500688225015ecc
-
SSDEEP
24576:wtVrIcgpwG+yO2FU8Aj+X4cT+SOAh0IogVJ8EUXtvqYgRDm02MlnXjZ2nnWAN6Mv:ylgpwNynUNjwo9IodEkCr9HT2nnbQMv
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
$TEMP/downloader_easeus/13.0/4trial/EDownloader.exe
-
Size
1.2MB
-
MD5
b5791976db6be716f520c660de443e8e
-
SHA1
2a68065e1bce3540bbf506597639ea737d3817f2
-
SHA256
863c1c6cfbc0e16ea72b7bae915806c77b1fce1366ca9eb00c7a87038066db60
-
SHA512
8cc2c5703f02e0773ede600a16583776f4ec3fef9540eab1c5fb924fc8ecb1b84f4394c2dc9fa749f12cec45292495710b97f196015a0dafd3e571fba98c5b08
-
SSDEEP
24576:LIHpr4Q+0X+oZPvTWifDZiKg/VXbbyEiSikGhiaUrAoxkxYufmRdY:L0U4uohabbGhYA6cfSdY
Score3/10 -
-
-
Target
$TEMP/downloader_easeus/13.0/4trial/aliyun/AliyunWrap.dll
-
Size
549KB
-
MD5
24c01bc1560fa2b6b72a201eeea4cbed
-
SHA1
d66a91bd8faa929d6a5c46d5cfca2b3e5d24edb8
-
SHA256
5875f5a1c9eb4c4c238c77104c946b6ecb9234609851edcf758d24bf3cdcb4c2
-
SHA512
3a34db05cb5de1cb9c1fb0aabbaadfb5746f51d84d92ad9a52a343a4ebf78c688cdc6156647baa09343107c922ceb2f53e76d152bc5f6f761b6b1ba6c7cc7b7a
-
SSDEEP
12288:DaK0OuDBlYPIj/q9DQsEfExtrlp87pMaIPuboWMlyF0PFWq:B9DeuBc/IPu8WMAF0PFWq
Score3/10 -
-
-
Target
$TEMP/downloader_easeus/13.0/4trial/aliyun/AliyunWrapExe.exe
-
Size
106KB
-
MD5
674413dbbc708d32d53b386254eedb54
-
SHA1
281ef9b78e8a80dac4b4efe9d8d76ee4eeedc79c
-
SHA256
72371235cb364ab3891597f40a3f50bd64660a808979bd28bcf1c0e7154aa949
-
SHA512
34cd6e982c98d7d4cb763c9bbb20942a507fabc189f3fedd30433d2b79739189a3efbe81f4db465f9e401e3f01939bc8148b178679a0780fe1b000259fd947fe
-
SSDEEP
1536:i554a+kMgHZ73LkUluTbDJgX+oLENoN2CraI9WkF1X8OEdlg5BaAUbpic4pf:hswTbD6LLraInhEdlg5BJUbpiVp
Score3/10 -
-
-
Target
$TEMP/downloader_easeus/13.0/4trial/aliyun/InfoForSetup.exe
-
Size
65KB
-
MD5
63c4d4021b71947a29db6c5e99678d4a
-
SHA1
4d24026a82d98240221077dd72f3cc169c0597e5
-
SHA256
33c5f40b242955b96710a9e54a109b083d014e9d061ce5ac2875aba20c0acab7
-
SHA512
5cf5c481126fdb422614251dc4ed4052e36fc779226c5a233637f40f55d774d130b66342df47479e368b64f65b2a3eda6f62140e9413eb8540723043ac0f693b
-
SSDEEP
768:zVyp8XwXEXrjOgRXvLH4IE3jDnIoiiBbIADgykhUMId50BLbZpiN5M3vqDGgo:zECwXShvLYIE3nnInie2khc50npic/yo
Score3/10 -
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Event Triggered Execution
1Component Object Model Hijacking
1Pre-OS Boot
1Bootkit
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Event Triggered Execution
1Component Object Model Hijacking
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1