General

  • Target

    b2c10de5a8d8ce2f4ec23f8a52a61cdfb08f33a0e0738891c8b84eb9f2972ca3

  • Size

    755KB

  • Sample

    241031-j98rkawman

  • MD5

    e6130e00b6c86753b9f94ddb6d4a1eeb

  • SHA1

    8a80ca1905f3727bb359a7f7408efd0c72579425

  • SHA256

    b2c10de5a8d8ce2f4ec23f8a52a61cdfb08f33a0e0738891c8b84eb9f2972ca3

  • SHA512

    61341a02ab0c67d364aafed4878aea2392d4922f1d712e61aabd6cf8627845e178c8655c06dbcfabbb24e77a5e5f8834094bc874f77a4d8b09945d31bc81beb5

  • SSDEEP

    12288:nSakcarsQeQzb6bn7V0S2dc864XRYUVkaNumwFrCcplljtqKHfU3lC9LA6+w4oi1:SahceqG3V0c864CFawmwFmklUlCXQ

Malware Config

Targets

    • Target

      b2c10de5a8d8ce2f4ec23f8a52a61cdfb08f33a0e0738891c8b84eb9f2972ca3

    • Size

      755KB

    • MD5

      e6130e00b6c86753b9f94ddb6d4a1eeb

    • SHA1

      8a80ca1905f3727bb359a7f7408efd0c72579425

    • SHA256

      b2c10de5a8d8ce2f4ec23f8a52a61cdfb08f33a0e0738891c8b84eb9f2972ca3

    • SHA512

      61341a02ab0c67d364aafed4878aea2392d4922f1d712e61aabd6cf8627845e178c8655c06dbcfabbb24e77a5e5f8834094bc874f77a4d8b09945d31bc81beb5

    • SSDEEP

      12288:nSakcarsQeQzb6bn7V0S2dc864XRYUVkaNumwFrCcplljtqKHfU3lC9LA6+w4oi1:SahceqG3V0c864CFawmwFmklUlCXQ

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Modifies WinLogon

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      2f69afa9d17a5245ec9b5bb03d56f63c

    • SHA1

      e0a133222136b3d4783e965513a690c23826aec9

    • SHA256

      e54989d2b83e7282d0bec56b098635146aab5d5a283f1f89486816851ef885a0

    • SHA512

      bfd4af50e41ebc56e30355c722c2a55540a5bbddb68f1522ef7aabfe4f5f2a20e87fa9677ee3cdb3c0bf5bd3988b89d1224d32c9f23342a16e46c542d8dc0926

    Score
    3/10
    • Target

      $SYSDIR/NXYCSP_82_HB_SKF.dll

    • Size

      612KB

    • MD5

      99f5ef6c49e60d4a6100a7e114ae565f

    • SHA1

      d5c82c5b8d8035a09f91cc054b1500312bfb2d63

    • SHA256

      4a766d7d13b387bbc820d48c8085531b6f18c8e5c82ca9051363a0bc3a3e24a0

    • SHA512

      01869c7593598d05d9a2eb6dcf156066782e8e28e667c2a89a714173919604e0809e6188725394056137e51c07f09b32845ac39c7fff3dae2d6d178b1bd5e2b2

    • SSDEEP

      6144:XP10YQq5xYzfxjtorBdfLUL9pv7enw4yfG4+jIeLapFVx:XJ5xYzkrPfAZJ7enw4yfG4+jRL6Xx

    Score
    3/10
    • Target

      $SYSDIR/NXYUKEY.dll

    • Size

      46KB

    • MD5

      9056181bf1e131ea1fbe79bc30182c0b

    • SHA1

      f5a863efb9a7dc7ff4058f7def7d1290d9f01262

    • SHA256

      4d033559167e53accb8224937c16f319bcb270fca3cfbdbd52218d9e7e0e9d9d

    • SHA512

      7c5ddb04e2254b938269269239c6c3d5fda3763c4ba9c9324c9ffff96120ceb56dd75e71b167977971408292c683df4c921a370f991ceddbfd354f9fef5e105f

    • SSDEEP

      768:fDmFwe6ZM9H12/nlx8/d4T1BSe/IZEOdjx:fDmFwe6aOnlx8/dC1BSCIZvd

    Score
    3/10
    • Target

      $SYSDIR/NXYUKEY_HB.dll

    • Size

      74KB

    • MD5

      17f390de566bbc388bca8ea0e1d39fbd

    • SHA1

      6f07a83dad22a592cb252a6dfdeef43581603df8

    • SHA256

      4098bb76fdc46e47c981b645eef1234f7981fcaea69e9c8809f705f277995d9c

    • SHA512

      5954809a23fbc21c9c621473e27faa4cf4460a5c712608492887333dda84aba041ec4394f45ac2593703f0a4db7625c2d63be65f263c1cd0a9dc904d3e047aa1

    • SSDEEP

      1536:TqhtEFhB329t/iZC9nW1BtaIU+3zkx8/PzI6er:Tqhr9ZiZogBtaIU+3zw8k6e

    Score
    3/10
    • Target

      $SYSDIR/NXYUSB_82_HB.dll

    • Size

      476KB

    • MD5

      0ed120a375f739507ebabbcc51083566

    • SHA1

      957be8c85111af3382156ede5627add200a2f37e

    • SHA256

      5c7f23027bf450205e5ab60a0e774b69c74a2d33497714ea0620d45ff65bb037

    • SHA512

      3bf75b40556bda29d93246f55b4c85ff701105a3c6bb5fb5064adebd5ff100d985de296e1462920a717d78f1135262f05f0c16be41463e13317530b9e61a466c

    • SSDEEP

      3072:+0rgeRWt61Bxx4ixMg/WBw6oyjkjle2l9rJLlHDIyuKh7LapttBrdiPE:rz74KOBcdjIeLapHZ

    Score
    3/10
    • Target

      $WINDIR/system32/NXYCSP_82_HB_SKF64.dll

    • Size

      592KB

    • MD5

      1ebc49e259f455d0bec127752891a981

    • SHA1

      85f56c371858099ae1c1917dfebb0b153834c4da

    • SHA256

      287f7e418ac7481e580115e19b15f8ba7a6917023c073387b748653192579f13

    • SHA512

      5886cf425bf5972ebd38bbf2277f4bb65401bdb034d0ab171889dadde4fdcb3e718473c6768b9e034ff6c4d718d35166df1155c811cdae3dfab8192c6d851e0a

    • SSDEEP

      6144:7SP8n/fKa007kTWf3Gtx2CQ5CLV6P/BL4+jIeLap0:7SP+3t7kXx2DCs/B4+jRL60

    Score
    1/10
    • Target

      $WINDIR/system32/NXYUKEY.dll

    • Size

      286KB

    • MD5

      5cfd956fb55139037cc266dca90e436d

    • SHA1

      30255bc7ec0e0d70f7717cc0a7ba1d17d0ab2a85

    • SHA256

      7553dc9faf7b6cee3d694d266b04adb1350b0d7bf7186bde779bda304d511dda

    • SHA512

      0f4f52927b9f3e0af480f8aeb52f6bc9df7a8ed1687536b29bd5162d3d9346274af3cab3792a635d73966aae5c3766e82b2299463702278311172e45832bcb7f

    • SSDEEP

      6144:AeCGzgfXoJHA0ltBGKp1L21gyiTMqPgYetpBDmnuk:AenznJHXnBGus1K9

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Target

      $WINDIR/system32/NXYUKEY_HB.dll

    • Size

      91KB

    • MD5

      82a23c02d57f07adfe7fe69a536f6ea3

    • SHA1

      b5e11c64e501167e622575a7e34a675b5b00c87e

    • SHA256

      9b37915a09f0f3ef563ef633cd3426f65a4e16c3282893f7c5a09f63d5a75978

    • SHA512

      8ef0719346ec62bf631beaa0b87356f0969563875d4886570eb3bab60dc11933ad705bc60e6d1c5645fccf1b4a982461eabf6cfc070d9d7df9342573a01f1870

    • SSDEEP

      1536:2+G9u2cJTI4IghbHiFbAmT6IDRT4JoxFrhwyUdGowb+e:2oJTptDiFbtT9DRFxFFZowie

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Target

      $WINDIR/system32/NXYUSB_82_HB.dll

    • Size

      476KB

    • MD5

      6c4a1846551dbbcb3ebbf511fb39b573

    • SHA1

      68b19c6e254b7cb18680e91239437dc7c1ba0b69

    • SHA256

      3152c9af0bb0bcb7e1d06cb00452a927cd1019cf49655b7bfee94675ab7be4b8

    • SHA512

      ba1fe8ca6694999bffe2007472a775e28456bc53dcfaf623d156a658085980dbfe225c10de7fa9b7ebbb35a5e423f52e032dc980c43f0e35f6359e974c51f753

    • SSDEEP

      3072:U8pMfhLgUGM5x4ixMg/WBw6oyjkjle2l9rJLlHDIyuKh7LapttBrVUZ:pMt4KOBcdjIeLapa

    Score
    1/10
    • Target

      NXYCSP_82_HB.dll

    • Size

      28KB

    • MD5

      f2abd84a39db0674a33aac93ed5fa1e5

    • SHA1

      fe7482ce81e30c613da289cc837a2707a12cbd4f

    • SHA256

      fb8d50a181b25850a525cb2139be09657fc76b72ae18e1dce4f309fbb2d816ed

    • SHA512

      b9f8cdf6de4b0de78d6d73d8e4fa0879c670cd349ecb3e338cdc3ce6f9ae22612539efa0452d9c9b21779aef3ba5cfefa4848f3c9a4274829f61bc82fd185f0e

    • SSDEEP

      192:2neGYyFrXh4jSgXg5MFM83IamAikX1oHTnA:IWyFrs6MFMjzn

    Score
    3/10
    • Target

      NXYCSP_82_HB0409.hbl

    • Size

      22KB

    • MD5

      d8a36f4da613e4782fd02eb35d7003e5

    • SHA1

      dd50d7136b3b01c0a9d1d2308f3b1a63fd228f60

    • SHA256

      93d4934045e2b857a9f1990410c417f2e0576e67f2779898321c350c69d471e4

    • SHA512

      aad7769b144b37d3030badd14171e126f3885f867fa96834a951c32657b482beeb108292f0c389ab3459a361cd4569484c5d02b24ae3ff0d64ace7a7967d9e46

    • SSDEEP

      192:5zYUrWFbltpmLjOKfxnAafNRogZzkn8xLI2EABbyGwLcN20Kv0rk8JxlJY412YYm:RdKpmnAI6g48pbZ1lhfOdeZlJZqi

    Score
    1/10
    • Target

      NXYCSP_82_HB0804.chm

    • Size

      53KB

    • MD5

      ec570724e200e6a8facae559f877049f

    • SHA1

      eb7c0bc8f68b8f31fcf4ba57f25e32d974a81720

    • SHA256

      6936ce136d72854268d5bcf17a5b782fae05be2c183774a8256b4123cf0ada21

    • SHA512

      4c8f07d35cb6dbcbf76dadb597272a00694fdc3c964ec53a478f03f599e8b6549f5a04caf70d19692f29a3f64fd1c17660984d48a9dad94d6eec975aad6ea75b

    • SSDEEP

      1536:LyVuotVKblzxNIdbdUrx1l1WzTPWxGPrBC/kL:WVP0BxNIdbdUrxBMTPGMrg8L

    Score
    1/10
    • Target

      NXYCSP_82_HB0C04.hbl

    • Size

      13KB

    • MD5

      cedf02c7c4d0db3253c3328ff4b9f675

    • SHA1

      4054b6073019b947c9720162880503dc4e1abbbb

    • SHA256

      cd499a2ccb4dae7bae3c6ec31b099c16f9b30496f43d9a003ca5a8731851c939

    • SHA512

      7382d820a3d4eae07be6aeb9728d2e64b076de5814995083ca494ec29024e1fbc39272fa7045756dbb1976a04cf11079e67d34459f7dbb9656dbe105430c4b0e

    • SSDEEP

      192:5kgccFQ9K8cE/8CtfvV4LIQMpC55woRKLmd2yU2ixstTwcE:+eO9K8NftlSNMpC55woRGmd2Gust

    Score
    1/10
    • Target

      NXYCSP_82_HB64.dll

    • Size

      12KB

    • MD5

      5929187aa274b1e4d772262f81052080

    • SHA1

      719cb9425bc08fb4f8bfc6aa3e3579f55354ee42

    • SHA256

      6728dc8495b2939043ca362504435b777942f9348379353be1d25e98d01c6d0a

    • SHA512

      ebcd6dc98a82bb0770da4374680de1dc3c289c1459b8ebcf75f492c09e2d4b44057f4411ff1a5e52a347ab301a074d86858864cabe8f083b6dd6e5c397cc9433

    • SSDEEP

      192:B/0+VVCc7VYHZT2vkOESq8ELO51KHx96xWp5ZyZJamA1FLs:B/0ECc72HUTfEqAyWb2cFL

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discoverypersistenceprivilege_escalation
Score
7/10

behavioral2

discoverypersistenceprivilege_escalation
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

persistenceprivilege_escalation
Score
7/10

behavioral18

persistenceprivilege_escalation
Score
7/10

behavioral19

persistenceprivilege_escalation
Score
7/10

behavioral20

persistenceprivilege_escalation
Score
7/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10