f80bc12ffee2539f5827757dc8052decbbd795e604a58d8c83ae357cf5055151

Sharing

Copy URL

Twitter E-mail

General

Target

f80bc12ffee2539f5827757dc8052decbbd795e604a58d8c83ae357cf5055151
Size

15.2MB
Sample

241119-rltxhaxfrk
MD5

23ac2dd53d9f44b721e72fa848ca6cbf
SHA1

891ff5cc02e260c348daf8bb35ec80e28fc193f1
SHA256

f80bc12ffee2539f5827757dc8052decbbd795e604a58d8c83ae357cf5055151
SHA512

43fbb3aa4ec80073ee98b64c0ade9011e14fee1e0cabf3f9378c4096ee02b864d16e8e9a8e336a833a97136c28a335da96c0b2764a25605040fdeb09dded2503
SSDEEP

393216:8Xrg24dyVnq2PJ1E7hSHMiusfjEo0Uqr+9JDiQB9X:8cddyVXJOufQo0Uqk+O

Score

8^/10

Malware Config

Targets

- Target
  
  f80bc12ffee2539f5827757dc8052decbbd795e604a58d8c83ae357cf5055151
- Size
  
  15.2MB
- MD5
  
  23ac2dd53d9f44b721e72fa848ca6cbf
- SHA1
  
  891ff5cc02e260c348daf8bb35ec80e28fc193f1
- SHA256
  
  f80bc12ffee2539f5827757dc8052decbbd795e604a58d8c83ae357cf5055151
- SHA512
  
  43fbb3aa4ec80073ee98b64c0ade9011e14fee1e0cabf3f9378c4096ee02b864d16e8e9a8e336a833a97136c28a335da96c0b2764a25605040fdeb09dded2503
- SSDEEP
  
  393216:8Xrg24dyVnq2PJ1E7hSHMiusfjEo0Uqr+9JDiQB9X:8cddyVXJOufQo0Uqk+O
Score

8^/10

discovery evasion execution persistence privilege_escalation
- Drops file in Drivers directory
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  kcinst.exe
- Size
  
  117KB
- MD5
  
  71f004189b77c2f668c30ec67b876e51
- SHA1
  
  425ccabbb9f238f9cb9b3f10546894d57d16a164
- SHA256
  
  2aac0a7e1295e3307b1b7c4d2dc9ea5c84245df02981cde43e88fe50529fb38b
- SHA512
  
  daff0c7a21a773851f0963aff29eb3aee5832a73764ccba87ab4eb6d79752485a35a41ad19621dda97058c679b7a7258b45e402299d4a3a0f060419aaea9ec2f
- SSDEEP
  
  3072:cG6nTqLzvA2tx/TfMSKF2QtL8MLjEq6x0js:c3M93zM7a8ER
Score

1^/10
behavioral3 behavioral4
- Target
  
  kcinst32.dll
- Size
  
  255KB
- MD5
  
  3d197a425190b754cd72f79c46edcacf
- SHA1
  
  d550711db2fd6d49ab62670f7b5374213873fcdb
- SHA256
  
  d464b80f9d383e9ec7b7260b89d3f9451e30ff80069e6a9c79b5e1282a3d671f
- SHA512
  
  34db88acbfbefa12c87b62dbb988e7b306f2ee91e04ed17bfc5045d9f50335a4b6670b4a5c7e311585b5c790f885fc8564bc6e13b88e63edafe6acfcdda41a96
- SSDEEP
  
  3072:/k6gYtPB3dGoBwp32ioW51HZBfK/Vx/QxiNyv3rYoP3b/8xrOXfRPnuXwASi6:/ngYjwoBwp32ioW5p/fK/C+ob8SySi
Score

1^/10
behavioral5 behavioral6
- Target
  
  letsvpn-latest.exe
- Size
  
  14.7MB
- MD5
  
  e039e221b48fc7c02517d127e158b89f
- SHA1
  
  79eed88061472ae590616556f31576ca13bfc7fb
- SHA256
  
  dc30e5dab15392627d30a506f6304030c581fc00716703fc31add10ff263d70b
- SHA512
  
  87231c025bb94771e89a639c9cb1528763f096059f8806227b8ab45a8f1ea5cd3d94fdc91cb20dd140b91a14904653517f7b6673a142a864a58a2726d14ae4b8
- SSDEEP
  
  393216:3Ie8M7oB2JNBXx9PMkglRy3mtFFu9zDVKZpw:3Rh8B2vB2c+kZD
Score

8^/10

discovery evasion execution persistence privilege_escalation
- Drops file in Drivers directory
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  192639861e3dc2dc5c08bb8f8c7260d5
- SHA1
  
  58d30e460609e22fa0098bc27d928b689ef9af78
- SHA256
  
  23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6
- SHA512
  
  6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc
- SSDEEP
  
  192:ljHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZqE0QPi:R/Qlt7wiij/lMRv/9V4bfr
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  b7d61f3f56abf7b7ff0d4e7da3ad783d
- SHA1
  
  15ab5219c0e77fd9652bc62ff390b8e6846c8e3e
- SHA256
  
  89a82c4849c21dfe765052681e1fad02d2d7b13c8b5075880c52423dca72a912
- SHA512
  
  6467c0de680fadb8078bdaa0d560d2b228f5a22d4d8358a1c7d564c6ebceface5d377b870eaf8985fbee727001da569867554154d568e3b37f674096bbafafb8
- SSDEEP
  
  96:ooEv02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YMNqkzfFc:ooEvCu5e81785qHFcU0PuAw0uyyIFc
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  7KB
- MD5
  
  11092c1d3fbb449a60695c44f9f3d183
- SHA1
  
  b89d614755f2e943df4d510d87a7fc1a3bcf5a33
- SHA256
  
  2cd3a2d4053954db1196e2526545c36dfc138c6de9b81f6264632f3132843c77
- SHA512
  
  c182e0a1f0044b67b4b9fb66cef9c4955629f6811d98bbffa99225b03c43c33b1e85cacabb39f2c45ead81cd85e98b201d5f9da4ee0038423b1ad947270c134a
- SSDEEP
  
  96:JgzdzBzMDhOZZDbXf5GsWvSv1ckne94SDbYkvML1HT1fUNQaSGYuHIDQ:JDQHDb2vSuOc41ZfUNQZGdHA
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  f0438a894f3a7e01a4aae8d1b5dd0289
- SHA1
  
  b058e3fcfb7b550041da16bf10d8837024c38bf6
- SHA256
  
  30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
- SHA512
  
  f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
- SSDEEP
  
  48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  driver/tap0901.sys
- Size
  
  30KB
- MD5
  
  b1c405ed0434695d6fc893c0ae94770c
- SHA1
  
  79ecacd11a5f2b7e2d3f0461eef97b7b91181c46
- SHA256
  
  4c474ea37a98899e2997591a5e963f10f7d89d620c74c8ee099d3490f5213246
- SHA512
  
  635421879cd4c7c069489033afaf7db1641615bfd84e237264acfe3f2d67668ecfe8a9b9edd0e9d35b44dec7d6ba0197ed7048dfb8ec3dba87ccdc88be9acfb7
- SSDEEP
  
  768:+tCuL1O/+AphG3F9NlXt5oZhDzbV104mmuiExsFwQv:+dCoTxk1lmmjExsFNv
Score

1^/10
behavioral17
- Target
  
  driver/tapinstall.exe
- Size
  
  99KB
- MD5
  
  1e3cf83b17891aee98c3e30012f0b034
- SHA1
  
  824f299e8efd95beca7dd531a1067bfd5f03b646
- SHA256
  
  9f45a39015774eeaa2a6218793edc8e6273eb9f764f3aedee5cf9e9ccacdb53f
- SHA512
  
  fa5cf687eefd7a85b60c32542f5cb3186e1e835c01063681204b195542105e8718da2f42f3e1f84df6b0d49d7eebad6cb9855666301e9a1c5573455e25138a8b
- SSDEEP
  
  1536:ImYSYxGfIZnRnD6M7EFOUakPhtUn6KXF4O7WfvZt9c:HYFZnRDGdvPXU6K1RW
Score

1^/10
behavioral18 behavioral19
- Target
  
  libCLI.dll
- Size
  
  32KB
- MD5
  
  3e513045bc9ead3c27f0e7116cfc4264
- SHA1
  
  87eb43d9f727cbb7221b5be7ccf648c5219dfd17
- SHA256
  
  842bda02e8a550e425992c100b70351c301eab46041180db023add78b0e6c553
- SHA512
  
  8c465363d5a12648578ea8ee98766acd9f42f31a7dee4f56697499fed5df2cf34422565b76efdb8e627157f0163b632baa9a0e7730ae57b4fb43b62f6f46ac35
- SSDEEP
  
  768:f/46Uoe2gsOD7Dzl+AEJ/c9gmmg1pJWWk:fNUGO7nUV3UVWW
Score

1^/10
behavioral20 behavioral21
- Target
  
  msvcp140.dll
- Size
  
  559KB
- MD5
  
  c3d497b0afef4bd7e09c7559e1c75b05
- SHA1
  
  295998a6455cc230da9517408f59569ea4ed7b02
- SHA256
  
  1e57a6df9e3742e31a1c6d9bff81ebeeae8a7de3b45a26e5079d5e1cce54cd98
- SHA512
  
  d5c62fdac7c5ee6b2f84b9bc446d5b10ad1a019e29c653cfdea4d13d01072fdf8da6005ad4817044a86bc664d1644b98a86f31c151a3418be53eb47c1cfae386
- SSDEEP
  
  12288:mPeu+VwM4PRpJOc8hdGE0bphVSvefIJQEKZm+jWodEEVwDaM:sqwpzSFJQEKZm+jWodEEq9
Score

1^/10
behavioral22 behavioral23
- Target
  
  vcruntime140.dll
- Size
  
  107KB
- MD5
  
  ded0fb624c202e3595551256e3bc0ba2
- SHA1
  
  97c0c52f69fe76c9f1469f3cef78e12e598ad325
- SHA256
  
  2aebc4e4ca7645188d12950ca68b39f71ebd86da4228419800c1b1a3754f3130
- SHA512
  
  e7b5b9e7898361254903f1dd8b6f4a49fc0854460a427f4249e9e5e1b95c116a7be61e9ec43f02f70a56ad5ad3ce5205d748525cb40829cc49dd835b605c9fef
- SSDEEP
  
  3072:yD7mylIhkoQpdK9H9YOecbKVfT8KuKnK/:uiylZoQwH93ecbKZ57K/
Score

1^/10
behavioral24 behavioral25
- Target
  
  vcruntime140_1.dll
- Size
  
  49KB
- MD5
  
  f498619721756332ef731f1b72b7f29e
- SHA1
  
  5beb1e7f35c33bf636cf1a336b3a02a6f02b0394
- SHA256
  
  fd1cc0c1287caf736c7e1e4d9aee80fd74cfdfa52563ddd126c03f45542d45b6
- SHA512
  
  ce98577b8783a6b0305ede64811b6a8e094a237589530cb0cbc3af3530d5503f3bf5abaa2b2abcf38f2d3588d5e54f2a322ff78ea8296f0327627eea0da5a8cd
- SSDEEP
  
  768:PECm5yhUcwrHY/ntTxT6ovF7Iyw4Bl9ziKxnVbgvqxN5UNK/Y/+2d:bOHc16opIyw4B3ziKxnKvKN5UNK/W
Score

1^/10
behavioral26 behavioral27