General

  • Target

    7265371fc791dd596be1dafae4db3b5a48195e5722f01798547391bd4e1dc875N

  • Size

    2.6MB

  • Sample

    241017-pxssga1eqq

  • MD5

    39f43e0b8c76245209213222c9126160

  • SHA1

    ccfd70f412eee8ee9c4f435835b6030fa7b30759

  • SHA256

    7265371fc791dd596be1dafae4db3b5a48195e5722f01798547391bd4e1dc875

  • SHA512

    ee24d4d25ca45a141b04fef0b83c02d2b87a58f056eb5b7e21ceb97d59170bab9f0e3d0567dae53d59c24075c641735e0e5c0fcac57d6e7b78429324515baa79

  • SSDEEP

    49152:Avd5S6nwlcvaUWHVVRLX5+NykAgvA/p9x08HbCAeKgvQuBvIYCk88Rhj:AvS6ocaUW1PlBqmb7CAeeuBvIYCk88Rh

Malware Config

Targets

    • Target

      7265371fc791dd596be1dafae4db3b5a48195e5722f01798547391bd4e1dc875N

    • Size

      2.6MB

    • MD5

      39f43e0b8c76245209213222c9126160

    • SHA1

      ccfd70f412eee8ee9c4f435835b6030fa7b30759

    • SHA256

      7265371fc791dd596be1dafae4db3b5a48195e5722f01798547391bd4e1dc875

    • SHA512

      ee24d4d25ca45a141b04fef0b83c02d2b87a58f056eb5b7e21ceb97d59170bab9f0e3d0567dae53d59c24075c641735e0e5c0fcac57d6e7b78429324515baa79

    • SSDEEP

      49152:Avd5S6nwlcvaUWHVVRLX5+NykAgvA/p9x08HbCAeKgvQuBvIYCk88Rhj:AvS6ocaUW1PlBqmb7CAeeuBvIYCk88Rh

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      72KB

    • MD5

      146f66baf9d049735cc35f83bed40994

    • SHA1

      efac0e51d71524ab69c17f8d329958772d6586b0

    • SHA256

      3453eb3506515053af667f2f07c4d84acf165e94f6ee1764d9711b0313d9e6eb

    • SHA512

      9ae7d511f70e6af4802e516c43bccb758b15cd01aaf0c1137fc7f3875307ff512478d4529685834fc311b3073e02e569597315a8b458a125860e01b66b21ccf3

    • SSDEEP

      1536:3qVwtrZYhZtqq7rrY7+xTTf4UGC5CkTwHoUgNz:3qMlYhZtWaf4UGC5CfoUgN

    Score
    3/10
    • Target

      $TEMP/prog-media-server-for-small-network-3.62.exe

    • Size

      2.5MB

    • MD5

      39f8f2d76e5cc37f7f1395fc680ee64d

    • SHA1

      8b96300ba71d36236de4bb5b462129aeb2009e09

    • SHA256

      723ca9c3e497cb108b10c7cb0bd0b7ead648d44d9091f27933638e1d02ef6251

    • SHA512

      5692b103693a56838bfb2e5a40805703c4d0e5caba839518b27ba471fc9036e92483e66d7cf2e8b664fd66dafb3f151e971b9236ac50e53fd1abc0b7e85d55e1

    • SSDEEP

      49152:rwHLQwbTvFU+a/83waPCazPrO85/W+Q08ObhKdnSjQNqQIO093Jcedj:cHLDLFU+SGPfD5ayhKdLNqQIO093JcA

    Score
    7/10
    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    • Target

      Modules/ProgMediaServer.Pro.module

    • Size

      2.0MB

    • MD5

      ba8b9fd2f94d74c9eaffe0b7bd98d2d5

    • SHA1

      f0ed66e6c4070f3e79e940e54816740c6ae6282d

    • SHA256

      a3d3615e832c762d0bd968ad5a3462e8945fd47771211962ee298911c336ca06

    • SHA512

      27537f977a76a07694a24ea6592447e53d4df31dfb4c74786d497aff43f7657a2daa7f07948dce09475b8ad617f5a3318675953574e26a652ee186377d104bfd

    • SSDEEP

      49152:WpRHvv5bmF289Vo9e+nOikm2rpEPDiYOX8cK8/+zYwA6Q:WpRHvNZEVKbOTrpEP2P7y4

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      Modules/lame_enc.dll

    • Size

      163KB

    • MD5

      01e669e26817f62bef78fc94453d37ff

    • SHA1

      4ae29f79f203072c6f2977d566e2ecd3871caf84

    • SHA256

      ed75a03f67c5a10af4feccdfdf08517fa4bd7b836b149316a7801a48f88bb4d2

    • SHA512

      07d2c4728604edef81039fc2d36f41b00d53e1c73e33ca84e15296c55fbeee2c51d5da2ed21d672224c06b28f34ec9254b33a558b95506acd2ace07d55aa4a40

    • SSDEEP

      3072:7RwD2H0+4trTVrmlmvHtmthnCuUPyvt6Mfr1KAeq6Qpl9syeNUNmJ6mhXGCHkUT+:7RZUVtvIimvnAyvt6Mz1KXRW9syeN+y2

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      Modules/mpglib.dll

    • Size

      124KB

    • MD5

      cfb234e17a4b2b59e574357f14ce6724

    • SHA1

      fe20fd345d32d8251a0712a3b62927a1349631ad

    • SHA256

      25067f352200b43619dc2f9d90e67a99c957652ebb230ae5de88a95d2bdc1f7b

    • SHA512

      f737649a6146e0f26b6142f4dc8b2c58a0c183c17c7de90b16d2306ea16497f74a680bef5ba4744b4338cd9a91a73e885c8fb4a924f95139465ff36bc35545d4

    • SSDEEP

      3072:yu0/jPV73hE1oSr3e/lUS+6bAg0FucocSI:yrPV7Yz3eUGAOTI

    Score
    3/10
    • Target

      PMSLauncher.exe

    • Size

      327KB

    • MD5

      a1b820f662ad3cc238dad1182acbdc98

    • SHA1

      56d4cf1ba9c371aaa94974f0951b3d7b18cd2f69

    • SHA256

      16971340711898ee9af15c451c98343f8e61f7b47fc9692504c65ccbecc8187d

    • SHA512

      b88037d365d6ad96d094b77640afc759a46bb18672d48a6c2548e67d189018035c584c6db4edd960d90f4cffda625767ec91fd65031ff00af2cb5b1be9a2a8dc

    • SSDEEP

      6144:3h8U5wZwtlC1l0shg//LOxTFCI4Kk93jSlS+dLXzX3erfG:3rlC1pC//ixT8I4KsGzXuy

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks