Overview
overview
9Static
static
77265371fc7...5N.exe
windows7-x64
77265371fc7...5N.exe
windows10-2004-x64
7$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$TEMP/prog...62.exe
windows7-x64
7$TEMP/prog...62.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3Modules/Pr...ro.dll
windows7-x64
9Modules/Pr...ro.dll
windows10-2004-x64
9Modules/lame_enc.dll
windows7-x64
5Modules/lame_enc.dll
windows10-2004-x64
5Modules/mpglib.dll
windows7-x64
3Modules/mpglib.dll
windows10-2004-x64
3PMSLauncher.exe
windows7-x64
1PMSLauncher.exe
windows10-2004-x64
3General
-
Target
7265371fc791dd596be1dafae4db3b5a48195e5722f01798547391bd4e1dc875N
-
Size
2.6MB
-
Sample
241017-pxssga1eqq
-
MD5
39f43e0b8c76245209213222c9126160
-
SHA1
ccfd70f412eee8ee9c4f435835b6030fa7b30759
-
SHA256
7265371fc791dd596be1dafae4db3b5a48195e5722f01798547391bd4e1dc875
-
SHA512
ee24d4d25ca45a141b04fef0b83c02d2b87a58f056eb5b7e21ceb97d59170bab9f0e3d0567dae53d59c24075c641735e0e5c0fcac57d6e7b78429324515baa79
-
SSDEEP
49152:Avd5S6nwlcvaUWHVVRLX5+NykAgvA/p9x08HbCAeKgvQuBvIYCk88Rhj:AvS6ocaUW1PlBqmb7CAeeuBvIYCk88Rh
Behavioral task
behavioral1
Sample
7265371fc791dd596be1dafae4db3b5a48195e5722f01798547391bd4e1dc875N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
7265371fc791dd596be1dafae4db3b5a48195e5722f01798547391bd4e1dc875N.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$TEMP/prog-media-server-for-small-network-3.62.exe
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
$TEMP/prog-media-server-for-small-network-3.62.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Modules/ProgMediaServer.Pro.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Modules/ProgMediaServer.Pro.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Modules/lame_enc.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Modules/lame_enc.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Modules/mpglib.dll
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
Modules/mpglib.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
PMSLauncher.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
PMSLauncher.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
7265371fc791dd596be1dafae4db3b5a48195e5722f01798547391bd4e1dc875N
-
Size
2.6MB
-
MD5
39f43e0b8c76245209213222c9126160
-
SHA1
ccfd70f412eee8ee9c4f435835b6030fa7b30759
-
SHA256
7265371fc791dd596be1dafae4db3b5a48195e5722f01798547391bd4e1dc875
-
SHA512
ee24d4d25ca45a141b04fef0b83c02d2b87a58f056eb5b7e21ceb97d59170bab9f0e3d0567dae53d59c24075c641735e0e5c0fcac57d6e7b78429324515baa79
-
SSDEEP
49152:Avd5S6nwlcvaUWHVVRLX5+NykAgvA/p9x08HbCAeKgvQuBvIYCk88Rhj:AvS6ocaUW1PlBqmb7CAeeuBvIYCk88Rh
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$PLUGINSDIR/NSISdl.dll
-
Size
72KB
-
MD5
146f66baf9d049735cc35f83bed40994
-
SHA1
efac0e51d71524ab69c17f8d329958772d6586b0
-
SHA256
3453eb3506515053af667f2f07c4d84acf165e94f6ee1764d9711b0313d9e6eb
-
SHA512
9ae7d511f70e6af4802e516c43bccb758b15cd01aaf0c1137fc7f3875307ff512478d4529685834fc311b3073e02e569597315a8b458a125860e01b66b21ccf3
-
SSDEEP
1536:3qVwtrZYhZtqq7rrY7+xTTf4UGC5CkTwHoUgNz:3qMlYhZtWaf4UGC5CfoUgN
Score3/10 -
-
-
Target
$TEMP/prog-media-server-for-small-network-3.62.exe
-
Size
2.5MB
-
MD5
39f8f2d76e5cc37f7f1395fc680ee64d
-
SHA1
8b96300ba71d36236de4bb5b462129aeb2009e09
-
SHA256
723ca9c3e497cb108b10c7cb0bd0b7ead648d44d9091f27933638e1d02ef6251
-
SHA512
5692b103693a56838bfb2e5a40805703c4d0e5caba839518b27ba471fc9036e92483e66d7cf2e8b664fd66dafb3f151e971b9236ac50e53fd1abc0b7e85d55e1
-
SSDEEP
49152:rwHLQwbTvFU+a/83waPCazPrO85/W+Q08ObhKdnSjQNqQIO093Jcedj:cHLDLFU+SGPfD5ayhKdLNqQIO093JcA
Score7/10-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
325b008aec81e5aaa57096f05d4212b5
-
SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3
-
SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
-
SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
-
SSDEEP
192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score3/10 -
-
-
Target
Modules/ProgMediaServer.Pro.module
-
Size
2.0MB
-
MD5
ba8b9fd2f94d74c9eaffe0b7bd98d2d5
-
SHA1
f0ed66e6c4070f3e79e940e54816740c6ae6282d
-
SHA256
a3d3615e832c762d0bd968ad5a3462e8945fd47771211962ee298911c336ca06
-
SHA512
27537f977a76a07694a24ea6592447e53d4df31dfb4c74786d497aff43f7657a2daa7f07948dce09475b8ad617f5a3318675953574e26a652ee186377d104bfd
-
SSDEEP
49152:WpRHvv5bmF289Vo9e+nOikm2rpEPDiYOX8cK8/+zYwA6Q:WpRHvNZEVKbOTrpEP2P7y4
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Modules/lame_enc.dll
-
Size
163KB
-
MD5
01e669e26817f62bef78fc94453d37ff
-
SHA1
4ae29f79f203072c6f2977d566e2ecd3871caf84
-
SHA256
ed75a03f67c5a10af4feccdfdf08517fa4bd7b836b149316a7801a48f88bb4d2
-
SHA512
07d2c4728604edef81039fc2d36f41b00d53e1c73e33ca84e15296c55fbeee2c51d5da2ed21d672224c06b28f34ec9254b33a558b95506acd2ace07d55aa4a40
-
SSDEEP
3072:7RwD2H0+4trTVrmlmvHtmthnCuUPyvt6Mfr1KAeq6Qpl9syeNUNmJ6mhXGCHkUT+:7RZUVtvIimvnAyvt6Mz1KXRW9syeN+y2
-
-
-
Target
Modules/mpglib.dll
-
Size
124KB
-
MD5
cfb234e17a4b2b59e574357f14ce6724
-
SHA1
fe20fd345d32d8251a0712a3b62927a1349631ad
-
SHA256
25067f352200b43619dc2f9d90e67a99c957652ebb230ae5de88a95d2bdc1f7b
-
SHA512
f737649a6146e0f26b6142f4dc8b2c58a0c183c17c7de90b16d2306ea16497f74a680bef5ba4744b4338cd9a91a73e885c8fb4a924f95139465ff36bc35545d4
-
SSDEEP
3072:yu0/jPV73hE1oSr3e/lUS+6bAg0FucocSI:yrPV7Yz3eUGAOTI
Score3/10 -
-
-
Target
PMSLauncher.exe
-
Size
327KB
-
MD5
a1b820f662ad3cc238dad1182acbdc98
-
SHA1
56d4cf1ba9c371aaa94974f0951b3d7b18cd2f69
-
SHA256
16971340711898ee9af15c451c98343f8e61f7b47fc9692504c65ccbecc8187d
-
SHA512
b88037d365d6ad96d094b77640afc759a46bb18672d48a6c2548e67d189018035c584c6db4edd960d90f4cffda625767ec91fd65031ff00af2cb5b1be9a2a8dc
-
SSDEEP
6144:3h8U5wZwtlC1l0shg//LOxTFCI4Kk93jSlS+dLXzX3erfG:3rlC1pC//ixT8I4KsGzXuy
Score3/10 -