0ce879f13728266492e11f813f8dc021cd66ce1fe35b685c9d4293dc9dc7a203

Sharing

Copy URL

Twitter E-mail

General

Target

0ce879f13728266492e11f813f8dc021cd66ce1fe35b685c9d4293dc9dc7a203
Size

5.4MB
Sample

241120-eg7atazpbz
MD5

323ed9f0a33f5434c5c45e25982e9955
SHA1

9b10f72a403832561f77b282582fc31da81bba4b
SHA256

0ce879f13728266492e11f813f8dc021cd66ce1fe35b685c9d4293dc9dc7a203
SHA512

df5763deadd405ec8c20a26b44399973d5540d04258134875f8e9441a24326384200bebba644851ad7a26077d1771a16431f14dd264bc6987c77e8f6b2202f8e
SSDEEP

98304:209Ziy8P85sba5PoZ3WVDGGFoZH1WIpSNDPFL07nmZxy4hAMJhJEnKHO6c3:2YnIaGdyeONPF47nmZxywAtnz6c3

Score

7^/10

Malware Config

Targets

- Target
  
  HCAServiSignAdapterSetup_1.0.23.1227.exe
- Size
  
  5.4MB
- MD5
  
  617bf30d39f5bdd69945bfbd1bf5874e
- SHA1
  
  e6602c172775c4b6eaf3ab559a5a2777d52875d4
- SHA256
  
  f993a75b4dbf36edb1b65f28ea9d9136755c4f9610660e57ac1529a15d97f116
- SHA512
  
  3be82cf32c713f642be39ab6e4b01a0fcdd20c243c7e52d9b81d11d4f7e7bbfba83923557e805c3fedd4324ef1ba0c22eec485df529371ddc0f787775d740fb7
- SSDEEP
  
  98304:wixp++SR6/e1MJ3mDvEn5AwT2bLxWCbYnB5dVWVzWNny4vA0rlPOVUJKKcO:wm/8M474yqB5doVzWNnyeA3VVKcO
Score

7^/10

defense_evasion discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/AccessControl.dll
- Size
  
  15KB
- MD5
  
  f894e7068ee5f5b4489d7acdde7112c9
- SHA1
  
  79ec857791ad4ac76673b05e6fc44e55315424ef
- SHA256
  
  3948484bc6a6e8652c2220be411cdcabab73eab46578faca8c0bd01d3ea290ab
- SHA512
  
  e85b2bdc27b9721425bb03393e8aad897647053c77d7862ea541e03dc896173af6eaaf182514d46464d560d15c6b9d4652690885426ac1c68e2b9dd8d632e816
- SSDEEP
  
  192:VUmFdGZ2ESi0SGlIO1yn3B+boYt0/SNFdTmUJJimGf/5b2xlUqyWWKCi1wlLjck2:FdGZ2ESnTqkddTm43saIvy
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/FindProcDLL.dll
- Size
  
  40KB
- MD5
  
  5d24422dde303c17e0cf58190df93c0c
- SHA1
  
  2a5bfba56f24b9d85db9fce68e55e76825c9a0c6
- SHA256
  
  d064b776212492f6d9ecf2574c67ace885e5997148730bcda436e1af4b462d3b
- SHA512
  
  272ffa1377a6b581b4731744f89fcd12693428e80b3e8f63fec9eee0043e126776ce6c9632f88fa4681159528b50b0808c193032795b1090b39fbac5edf0e6d5
- SSDEEP
  
  768:XZaF0HtTwuz9yu3KgwRX1nWJ1q+noIVHimTinm3wht:XZaF0NEk73kYoDmGmght
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/KillProcDLL.dll
- Size
  
  48KB
- MD5
  
  32bae84b5c74c55bbd8ee19894658824
- SHA1
  
  2cdae9259fb9909dc9971e252f94cd32636e5675
- SHA256
  
  27b8739add301c8c57d4a56a25eb73b05c9196b989d443ae730242ca81bd0b6f
- SHA512
  
  7dd02081c24c12af56782639371cb9bedf448eed149c0af9d19ace534a1062169a728dfe0a14acce5a4785fc72a4c3d9b7038e248e208f47577acbacb139f16c
- SSDEEP
  
  768:LW50hJwwUTsXdPwxvtpDtdJotHi0igP3whe:KoVUTsXdPKdoQ1mghe
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  75ed96254fbf894e42058062b4b4f0d1
- SHA1
  
  996503f1383b49021eb3427bc28d13b5bbd11977
- SHA256
  
  a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7
- SHA512
  
  58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4
- SSDEEP
  
  192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/liteFirewall.dll
- Size
  
  94KB
- MD5
  
  70898e7be73cb52a65adab2da61c09aa
- SHA1
  
  326aa013d70de0f83a02d892644a795b190dd33c
- SHA256
  
  3aa8136b386cc190caa2f2b43541ccbead9df26418fde5c2b447c6d6fff6d7bb
- SHA512
  
  fe804d596ad4e499b7425084bff00f58b95c0906419151d2af0d0c098fc79323eed3e802a8ea025ea80bfc309f2fbe1796e81bb85ed8ba37cb62c8b40c92b92c
- SSDEEP
  
  1536:Xli3i1jKfTV0LzYpAzMk2nACScLw5jPATUghq:f9KLQ+ScLw5jPATU
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  3d366250fcf8b755fce575c75f8c79e4
- SHA1
  
  2ebac7df78154738d41aac8e27d7a0e482845c57
- SHA256
  
  8bdd996ae4778c6f829e2bcb651c55efc9ec37eeea17d259e013b39528dddbb6
- SHA512
  
  67d2d88de625227ccd2cb406b4ac3a215d1770d385c985a44e2285490f49b45f23ce64745b24444e2a0f581335fda02e913b92781043e8dfd287844435ba9094
- SSDEEP
  
  96:cjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNG3m+s:9bogRtJzTlNR8qD85uGgmkNP
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  f0438a894f3a7e01a4aae8d1b5dd0289
- SHA1
  
  b058e3fcfb7b550041da16bf10d8837024c38bf6
- SHA256
  
  30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
- SHA512
  
  f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
- SSDEEP
  
  48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $PROGRAMFILES/HCA/HCAServiSign/HCA/CSHIS.dll
- Size
  
  3.5MB
- MD5
  
  839a66bbeb67557e4ae6d1aa21b77607
- SHA1
  
  db1c768d8cf1696849177f2335bffd590a77283b
- SHA256
  
  63006c80e9b49aba1bccd5b175efee9f2c4d75af38ef0a6b7f4b4e0f63ee26b2
- SHA512
  
  9ddb94b56cfeb55c0ede4f0dcf68fbde2924d806a38b83ce528e2e4fbb526713f70e2c4eb6a4c8f8e326a35284ec798a298ba7397c5a3e3dd9b0f9c35f0f92bb
- SSDEEP
  
  98304:aewRN31zozdVpkex5IvwOheUqYhsKpzM+W65pDMs3iHdog0K:a5UpkewvFeJKJpDMs3wdog0K
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $PROGRAMFILES/HCA/HCAServiSign/HCA/CsHis30.dll
- Size
  
  1.4MB
- MD5
  
  40d354b9237a152265ed609afc8b0540
- SHA1
  
  1b1ee20810aba635ebc3d23374dc93ba253fd190
- SHA256
  
  994c7c9c9c5da43f2f6314b89dbe7a8c887adb832d77e2f70226fc0ded3e881d
- SHA512
  
  9a75eff34ffb73287acdc57dfd29823831cd2193549d50dc824c544f44de7b37aa93911720879563ca6cc28da2557b041c2432dbf489b0d0aba08f6f1a5ffda7
- SSDEEP
  
  24576:S8p3O4VCOeFJoVIUF3IEET4kS7WRqKb0H4e/lwGUH+ZlLGVIvONV:T84VpxEDRQHllh
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $PROGRAMFILES/HCA/HCAServiSign/HCA/CsHis50.dll
- Size
  
  3.5MB
- MD5
  
  839a66bbeb67557e4ae6d1aa21b77607
- SHA1
  
  db1c768d8cf1696849177f2335bffd590a77283b
- SHA256
  
  63006c80e9b49aba1bccd5b175efee9f2c4d75af38ef0a6b7f4b4e0f63ee26b2
- SHA512
  
  9ddb94b56cfeb55c0ede4f0dcf68fbde2924d806a38b83ce528e2e4fbb526713f70e2c4eb6a4c8f8e326a35284ec798a298ba7397c5a3e3dd9b0f9c35f0f92bb
- SSDEEP
  
  98304:aewRN31zozdVpkex5IvwOheUqYhsKpzM+W65pDMs3iHdog0K:a5UpkewvFeJKJpDMs3wdog0K
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $PROGRAMFILES/Mozilla Firefox/defaults/pref/firefox-windows-truststore.js
- Size
  
  98B
- MD5
  
  5a5bd39f0560b8e482d84d73237eeede
- SHA1
  
  10bd2be1e03e908d7382eadfc26d6e905fd84725
- SHA256
  
  9ebada68c30dc32023dac1d5d8b6ead110e14ba34430fc4e8993ac284cd1668a
- SHA512
  
  a3812416ba9f1562c1f3b6a84152e6a896bc773766c44c382f18f7e2a48abc05342654f0111c2679ede4ee67d58545ab77ed5448069807b5418ce28b393ca4bc
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  $PROGRAMFILES64/Mozilla Firefox/defaults/pref/firefox-windows-truststore.js
- Size
  
  98B
- MD5
  
  5a5bd39f0560b8e482d84d73237eeede
- SHA1
  
  10bd2be1e03e908d7382eadfc26d6e905fd84725
- SHA256
  
  9ebada68c30dc32023dac1d5d8b6ead110e14ba34430fc4e8993ac284cd1668a
- SHA512
  
  a3812416ba9f1562c1f3b6a84152e6a896bc773766c44c382f18f7e2a48abc05342654f0111c2679ede4ee67d58545ab77ed5448069807b5418ce28b393ca4bc
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  $WINDIR/System32/CSHIS.dll
- Size
  
  3.5MB
- MD5
  
  839a66bbeb67557e4ae6d1aa21b77607
- SHA1
  
  db1c768d8cf1696849177f2335bffd590a77283b
- SHA256
  
  63006c80e9b49aba1bccd5b175efee9f2c4d75af38ef0a6b7f4b4e0f63ee26b2
- SHA512
  
  9ddb94b56cfeb55c0ede4f0dcf68fbde2924d806a38b83ce528e2e4fbb526713f70e2c4eb6a4c8f8e326a35284ec798a298ba7397c5a3e3dd9b0f9c35f0f92bb
- SSDEEP
  
  98304:aewRN31zozdVpkex5IvwOheUqYhsKpzM+W65pDMs3iHdog0K:a5UpkewvFeJKJpDMs3wdog0K
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  $WINDIR/System32/CsHis30.dll
- Size
  
  1.4MB
- MD5
  
  40d354b9237a152265ed609afc8b0540
- SHA1
  
  1b1ee20810aba635ebc3d23374dc93ba253fd190
- SHA256
  
  994c7c9c9c5da43f2f6314b89dbe7a8c887adb832d77e2f70226fc0ded3e881d
- SHA512
  
  9a75eff34ffb73287acdc57dfd29823831cd2193549d50dc824c544f44de7b37aa93911720879563ca6cc28da2557b041c2432dbf489b0d0aba08f6f1a5ffda7
- SSDEEP
  
  24576:S8p3O4VCOeFJoVIUF3IEET4kS7WRqKb0H4e/lwGUH+ZlLGVIvONV:T84VpxEDRQHllh
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  $WINDIR/System32/CsHis50.dll
- Size
  
  3.5MB
- MD5
  
  839a66bbeb67557e4ae6d1aa21b77607
- SHA1
  
  db1c768d8cf1696849177f2335bffd590a77283b
- SHA256
  
  63006c80e9b49aba1bccd5b175efee9f2c4d75af38ef0a6b7f4b4e0f63ee26b2
- SHA512
  
  9ddb94b56cfeb55c0ede4f0dcf68fbde2924d806a38b83ce528e2e4fbb526713f70e2c4eb6a4c8f8e326a35284ec798a298ba7397c5a3e3dd9b0f9c35f0f92bb
- SSDEEP
  
  98304:aewRN31zozdVpkex5IvwOheUqYhsKpzM+W65pDMs3iHdog0K:a5UpkewvFeJKJpDMs3wdog0K
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Indicator Removal: File Deletion

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32