General
-
Target
програми.zip
-
Size
443.9MB
-
Sample
241121-jp87lazmgx
-
MD5
6c4bd57ee5b9627b37c38e5c5303cbd3
-
SHA1
0e1c1ed404ccb063ef226b5267c35d7522559e33
-
SHA256
c0cd9a7f2987c7eca65906f7f210c53f88055822a95f7833333d3c8a3c3c43fa
-
SHA512
f3eec44073e397f0ec843fe3828bf380da8ecad9726b0283e877d31b59d160b078878383debe11047a1300aeae47576aa20b85dca36c161f2ffc4a36a759bebf
-
SSDEEP
12582912:M+eD4nN2QjeVgsdneMXTRE3qp4A7DGsp/A:9lnwQ6esdf8q/GE4
Malware Config
Targets
-
-
Target
KMSAuto Net 2015 v1.4.2 Portable/KMSAuto Net 2015 v1.4.2 Portable/Antivirus scan - VirusTotal.html
-
Size
58KB
-
MD5
1b0eeba9d8afbc767635ac3636d1d833
-
SHA1
8244afe6e4a3fc8f27fc10d483b91c0a968a7d6e
-
SHA256
06a6aa7e6e472cb898413f1b75cfcad9f92c94e858200e51bb8bf519e148abbf
-
SHA512
95cb9607b5da973d7e343c617e9c6343f42c4f2b14d0ed2710af66e29dad05ad5fc69dc47bfe71b8e9049f4cc0c1e38ffc61abcd8f308df7b10186738ac14db3
-
SSDEEP
1536:866QeagBqoTOvOTfol4tefddC882hbGgE:Bleavqy/E
Score4/10 -
-
-
Target
KMSAuto Net 2015 v1.4.2 Portable/KMSAuto Net 2015 v1.4.2 Portable/RSLOAD.NET.url
-
Size
42B
-
MD5
fc46f7ade08fac419a53e55a42059c85
-
SHA1
3443de520b9fc2b051852a53b9f0a11319933492
-
SHA256
aaffe9e7c0ddbe808f18039acb857c1b3d8419a693f6ead5d7c5f8ed1896dbb1
-
SHA512
299e1c4d7298289ad82de7c64df98607b0a630d924f0b077a5a4557e63fbcf14a79874b5b004d606c63cf2c1d2fd08da5da3cfb72ccce29a18fb518bc02260ec
Score1/10 -
-
-
Target
Активаторы/Disableactivation.exe
-
Size
105KB
-
MD5
646c7c964d097d9cf751585c3fc944a0
-
SHA1
14cb5a39baa773d0b4e0703b03046a4c3495302c
-
SHA256
d879884c3663cebf99d2a566c756563a6bb5fa10ac361a6d951d4e011190f333
-
SHA512
0149b462b2c662be7e7bb965ca979cedf96ec0b55c4d10b84594080200bba3f41ac09f1ab6c306240f463a9c3dec06c08fc759fc5d8db2753e8aec56312855a8
-
SSDEEP
1536:nLUBZ37C+sASQIPdhf9VUk5LWuAxi8EcmrwfItmLZPnx538UZKmEWTIeSkE:LUBZ36A3AhfmuJewyPnj8UZKI/E
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Активаторы/RemoveWAT 2.2.6/RemoveWAT_2.2.6.0.zip
-
Size
8.1MB
-
MD5
52b4866ed0d5d766e3d0a4fa695ce4db
-
SHA1
fcb50a9cab2732d7ccd0a262863fba73560eb529
-
SHA256
2d3bc4dec78b8a53f2a9d07693d7c40860a123eb4e8a2ece721782e6b6964031
-
SHA512
8cc9b8e0c5afd27b9016ccfb6e8e10c24698511e960de62b8b41cfcb3127c79b6ea209ca3b2b0f5c794ab97a8bfb3ab3306230fe2d52e69f2ffd3c992fd4789f
-
SSDEEP
196608:gViFUnkhURxIAknIoNk206RX5xn9kX5U2ybs58/Y6PK5I1tN+A:gVKUq8dXoNkrw5xnCXH5z4bN+A
Score1/10 -
-
-
Target
RemoveWAT 2.2.6.0.exe
-
Size
6.4MB
-
MD5
bfacf78644ca41fd6d4b23976e7574a1
-
SHA1
6bdc28b673d25481a7a5828aca6efd87d2c90b14
-
SHA256
94a1a26f61b015c2ced2fd50bdba4070b6c9aec7d2938fbf7eb9e99960d3b7a9
-
SHA512
af53e3314aeeee95a082d7326abb0743f76f19b57f5d604a613858c0014d3454a6b842c844dc6675f61e55f72daff67e2b17127f745ea74a865d8abc97265a2d
-
SSDEEP
98304:G33yKMaL/eXV1i/kDxkmcL/eXV1i/kaRWYL/eXV1i/kmeM1qj4iwiANvSo2/CAyq:QyKnZrrLGA3PhsKPkG0tWu
Score1/10 -
-
-
Target
Staforce_v.13.exe
-
Size
3.7MB
-
MD5
ae4f208ddc22b5fb12dee94be485d75c
-
SHA1
43c6af186addb515bed95175391f31b08a5b7b70
-
SHA256
fd7491f2fa91779e7092581d627374c5d001c12b2f9b4f40e41705f1074e05a0
-
SHA512
0ca4af334bc4792e9c5f77941f54963c96e93acb19eeff3c0e0cd09356ab6aefdf4471dea94fb621a246ef187ca16eac076d8e6200760770b33a288d813a1c47
-
SSDEEP
98304:gbIwNmwZ9off30ya/88EZp7g2a3LskRsOjIdnpkb+AKAgx:gbzNdZ9cf30ya/85QlsXOjIdnpka
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
Активаторы/ОЕМ-Активация/W7OEMACT.exe
-
Size
1.5MB
-
MD5
b822bf9b2224a4228f3249cc07e72114
-
SHA1
4a56d163082dc45e2ddf32286485fd933312c88e
-
SHA256
6c2924c4e4d64dc8c0cc9687653979a028b83d93e04d02487c055a97946585a9
-
SHA512
33833912a42a148ca514bf099a4d3ccc7d20c160f720ecd03798596a85db9c7bca4edea0d96711e5f7074bc70057560e0f5925624552c9e83a988005567d3377
-
SSDEEP
49152:GuXME6xymYzPIgGJgw234c3nWrWX2SW0yz:Guqyzzwg8Z23Z3nd2Sgz
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
-
-
Target
дрова/7z.exe
-
Size
912KB
-
MD5
8908886ae257281846271d5de50a92b0
-
SHA1
307d52fc2abdd3005481f330bbf2b403a09faa08
-
SHA256
3adc723889588100f757e433e402df9ba1918c7b5fc98628d51d8140935121c8
-
SHA512
8eb3c2fbfea16ba4c40cf597dc43dc031590d4c24d838521a198aea31a04c4b79fb38b90a6c9ce423fd2420e7d6670c5364359743089e769769043bc340c874e
-
SSDEEP
24576:A3qZ8KdvJ8JHdONQdOAjgq6Vc3gEp6175wPPg/XRtY:AqZ8KdvQdWqacgs6VG3UE
Score7/10-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
12KB
-
MD5
99bc22826a0568dce241be3a4ffd0c0d
-
SHA1
62e4662250abdf10d23a61076fd7cbd00a5c5b6f
-
SHA256
120e4fac0538b7e7b75934706668063a4e7785d0405dca43fde36d55f6d968de
-
SHA512
35b016b6e2dc850e5432becd57f35faf73b180c0a6f822a406cf9d5439a87126c41c49aac025cdeecd38bbd01705ddbd8c217cb33134e978ecc9624053b52be9
-
SSDEEP
384:sKlm7i+c3QW6ckPhyDEaLnr2bbBBIXwZ:5qi8BcyhEhLCbbTI
Score3/10 -
-
-
Target
7-zip.chm
-
Size
85KB
-
MD5
bbd054824c93e196a55bacbb88726594
-
SHA1
6a95f48c6f48700eff211d0938231138b8bc303c
-
SHA256
61911350298d39c84b0d3d3fa9915ad9bc3ea865b87dc90f3705370d09e89b05
-
SHA512
27f26b19fa94167489559f39588a406afeddd48d217c7d6a6db1fe41c45b6087ea33ba86dc83e13c0ea904803e3c51b3bca22d91332cfd5f3f30880b99c1bd62
-
SSDEEP
1536:ZZ0MgtxA+Eby7FHEEx4Y0Qsd2QRrqjj7GaZo/dTR9aLUfvWHY1GDs:ZybtS+EbeZEEqYDsd2njVCVl9akgY1/
Score1/10 -
-
-
Target
7-zip.dll
-
Size
68KB
-
MD5
f36b70e79ecefb1e8c000166415b62f4
-
SHA1
859a1c5d325a84ddb4a42fbc7f41e2d48551895f
-
SHA256
ad54b05ce6ec96c4b95a95f5f736143391ecd3057e9ce4d21ededd0aa9b414e6
-
SHA512
3a77ee0775798747a2779a747b33cc52ea01d3e0c8d66f51c7ad55a394c5131acaa8ad28bdb32ecbe0f52a10be2e573b44ed08a22adac323198139e3cf3215bd
-
SSDEEP
1536:mkDlXXahQpYdfVdIKxmbs1xD1H5+G/vmMIKeXy:mkDlXqPf7ws1x1H5t/vmMIRXy
Score3/10 -
-
-
Target
7z.dll
-
Size
697KB
-
MD5
eb1e077e01d3af89f333998859807b80
-
SHA1
64a801e9faf3ddacd9e069b1356e021696cf9833
-
SHA256
b8e90915b965739b59b37caef8dffaaa90c64fd55f3df7e82364842b244e6a65
-
SHA512
ae794e50ab8aad5f6023eb59d61d9016cb100443acd0817962a9735cbb211717d60d808e90a780120ec2fd17388a0ce38819969bf1dfba63b9b964b048fcf647
-
SSDEEP
12288:P+EfhtVeUgCdoRt7/z53Xj7Xuuzj2d8Yi3kDAgyAy:VjoUg4ob7l3Xj7Xuuzj2d8Y31yAy
Score3/10 -
-
-
Target
7z.exe
-
Size
146KB
-
MD5
6c6f5790a3fcd3b6eeb89357dcf8ffbc
-
SHA1
0405cac36810dda5b1e20a9249e211b43639b10c
-
SHA256
9ad3715b28bd48ec64a9e6e8e49aa0da5784e176b7de501cf26a7dad96e72f2c
-
SHA512
f8cc63a2e7f972a0b07e869e9c83b2a3baa6020a3e684ccd33f6fb6851af0711ae49b2909cccdc1b5f8b57b9ba2123abd1a9432f5864acc898260e5d81e17431
-
SSDEEP
3072:X1tsuh7N9aBlz9HmsSy5XXDMAejb4iBHE7a2rpk+:X1tHhbavz9Ky5XXDOHjk7Ny
Score3/10 -
-
-
Target
7z.sfx
-
Size
136KB
-
MD5
ab4b169a5d76a6c5935bf8713baa7b77
-
SHA1
651fe13cf051cd11dfe3ac9dc3661967ab54129f
-
SHA256
f6a70628facb96dd6c5acde85af2f8c5e669d87b1376fbd03e3c7430d17ff072
-
SHA512
40cc75aecbfc883ba36fd545d06bdd907e7ffc8ae774c92520865569103f063f6ee81451519ea0495cf2400f5e222098cbca79b68db1f8e3fea072f234350a33
-
SSDEEP
3072:oDeTIoKBF1+jANl/6y33hLTlpN4i0FZM4PNeefJIU13:btKBF1+jANZ1333Wy4PNeeRIU1
Score3/10 -
-
-
Target
7zCon.sfx
-
Size
136KB
-
MD5
2e0e224e634c906a3137ce1a598edba1
-
SHA1
9ef5f61150f54dc4595a0c8fab60d8c8e48766fa
-
SHA256
48e3c6a41cceb919614004e1323c36576aef8a7ab958effe0c7c7a765e8f743c
-
SHA512
e114ae980abd0058c5a1fe3c7f0fcead4e3fe1c5f2e67a6cd66ad8deca6bb9daeed06a19489151182d7c4209105235165c65f5c956689e63e70d32ef8776fcee
-
SSDEEP
3072:UFzjcFuLNaq8ux26HOskTyikxjs6bME14o04bwbthOdFg1IYB7PdU2:UFZBaq8uU6Hg+iOjjMUkphOdeOq7lU
Score3/10 -
-
-
Target
7zFM.exe
-
Size
377KB
-
MD5
12fa963ace9a6e23487afd06fdd4a519
-
SHA1
ab764167ecc3746087797cba2ba7334982e12a86
-
SHA256
5c6f1ec2a3e7d744f950f2c53b04dea5afdb8c4ece2be19940944e6f9a7326fc
-
SHA512
35de11e7e13f92cf9474bca2d1f761a9b042ad02d01a0279aa498237c4dd5244281d979abab2466507dca408b5b828cb7bdc28365b3b24e82d511896ec88b94c
-
SSDEEP
6144:hrIeOdNnYzo+GL6vGCWtavsJjbfWZlbrNTiYwo7TFVub6H/bKjw:5IeOdNnYRGGuCWtIKPi/NTzwo7T1
Score3/10 -
-
-
Target
7zG.exe
-
Size
206KB
-
MD5
8b7bbca8f257999d0401d8836f4e85a9
-
SHA1
7607f94c7d9adb3dc6c49cb0fbf913c4e2c26a3c
-
SHA256
c2c5db333c4336be63934c48e5a934b3d0d6d548de76bcdbf0911029a7152f81
-
SHA512
6f44061b4f85e633bd37e8622f818164f36cd04d99dfa7ac7c29753dd3d9bc4545a7d5da1da9246cc59979871b42af387ebe6befff4e7754e83fc5234dcfd212
-
SSDEEP
6144:ChyQYxhgSj9uGcsx2V7rJmG7Jji+H/uKU:C8QYx9jdcsx2BrJJ7Nhe
Score3/10 -
-
-
Target
Uninstall.exe
-
Size
57KB
-
MD5
881bdc10831f28c0bce53acf1ef5f73c
-
SHA1
18bf74f2307549bf56f87b2d7f916bfa591ae529
-
SHA256
9af958b415f2d359ba086e20b3572762ca900112b6b8ed7bb423c980757ed592
-
SHA512
db820f224c7a5af4c01da783210ce017a3a92a20c1844d2c9327e2a1c5e11a3406b0a3c235b0c88dd4ba9f2fad954f6584de6f03857ed515e27cd631b60edb34
-
SSDEEP
1536:ZCxKWquTniCtK2SkJsqAELVig92w6Sdtcg:ZUjqKPakJrAI0bw6Sdtcg
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
12KB
-
MD5
99bc22826a0568dce241be3a4ffd0c0d
-
SHA1
62e4662250abdf10d23a61076fd7cbd00a5c5b6f
-
SHA256
120e4fac0538b7e7b75934706668063a4e7785d0405dca43fde36d55f6d968de
-
SHA512
35b016b6e2dc850e5432becd57f35faf73b180c0a6f822a406cf9d5439a87126c41c49aac025cdeecd38bbd01705ddbd8c217cb33134e978ecc9624053b52be9
-
SSDEEP
384:sKlm7i+c3QW6ckPhyDEaLnr2bbBBIXwZ:5qi8BcyhEhLCbbTI
Score3/10 -
-
-
Target
дрова/AIMP2.exe
-
Size
3.4MB
-
MD5
67dc854c472e599e202e80fbab81ece8
-
SHA1
9f592d049a1d374712415adf14e1576f4d0eefe8
-
SHA256
0660f0b29b46766b9c2ca3f108293ab77a75d2997508d7c445f4f5ac005fd136
-
SHA512
dc7eea783a6af0c3b631f429ba328dd0b70becc20f5332df237a66853c5bb5141e32892e3047b2474dd44c4572d7d2b269ba34c9b6f0944ae3aff858acd10938
-
SSDEEP
98304:hdY2NiaYCuHs0oFV4fdw9kUkwUXu9g7SKYWMeO+T:hzNiXCmSVC23YXu95KYWMeTT
Score6/10-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
дрова/Ace Player.lnk
-
Size
1KB
-
MD5
e8635c9f650b8c0d301ecb68c693144d
-
SHA1
f1547f08a54cc3422b4eb383a8af505200ec4c27
-
SHA256
1d0d62a155808f8de0dc5a2956d52589240a34c92ec59bb235aa90ab3470a704
-
SHA512
be94768b434638d49375f83f755f8eec0b91c2412adec6d7de0e045e8d00a8e9447e95e4e6840c7b372e291759c145f479c1288dbd162a36cc195d2f4907e287
Score3/10 -
-
-
Target
дрова/DTools.exe
-
Size
8.2MB
-
MD5
f0bf833db3c73cf53e39c2f16f3aca08
-
SHA1
2b9542c45d014cc6bfd25ef761f50e8f001b6ff0
-
SHA256
edefc7bbe606166c8a33e654046060ad53f3154c07e31f1fa01432b8323ed156
-
SHA512
ff73bf217f9960270e8666ca23f3f3ee50fc18a1fe6aea9a7a39f68d61f7dd4c5dd5d53502160f135c918f5eada526ede2eaa6b4a9e2d2f5d9956d18934f4f9a
-
SSDEEP
3::
Score1/10 -
-
-
Target
дрова/Excel2007.exe
-
Size
197.9MB
-
MD5
fbb2553fa048111256a62f788e0bf881
-
SHA1
c144f37d7a77f972b94bcfe056e25dd4022a7045
-
SHA256
2cee8abba52988d073328ac0525ea0f82e17f375ce710a32dc433581c41a4008
-
SHA512
1bd45ba74fa5c40c7485b991474059a318cbafd27a7d37d21275c31a0d8dda7e37fc032371d26aca9a9d6bd45634289edfda2ba95dc07f786577db60e227b784
-
SSDEEP
6291456:y1ZSjU7jhhY8giK2wHHWmNFUUYCHvH22XP:ynSangi1sHWmzYC/zf
Score8/10-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
-
-
Target
дрова/Foxit Reader.lnk
-
Size
1019B
-
MD5
a856897517827abae566f9ae13ba2516
-
SHA1
ed97af835cf2e60d6c6be6a5ab32b7f21c301b65
-
SHA256
94703530f8ee6d4fd9465bae006237aa341f0067201e54f68de5e6ceb88b7f1d
-
SHA512
9a768f64d660cbd1dddcdbb58eacb39739ad3e152d0bc2bed31947e219456081a82960fb3253c0aa4cbec3eea90c7559585d2e124aba28c9f356f51d7700fd10
Score3/10 -
-
-
Target
дрова/FoxitReader.exe
-
Size
3.5MB
-
MD5
97c45ea415594aacd11fc5c356a2098c
-
SHA1
e076af81e05ad05becc7e9122d6f97a00a6edf63
-
SHA256
8dda5fc18795b12f28ffadfbe54cf895cd370dc07606744f585684f8b4fc01ac
-
SHA512
f7a76a073b9e2c514a8670b17e6019b92704410a1fef913d257cbd187b0b91688f54108f013e5a3ea5a82eee842ee946b6167db059940e23388d0f14f1d7c907
-
SSDEEP
98304:wdYMxNfx4lZqVX8pkr4h7gIfpGiCsZvxkRs52toFr:wdxhWHh7gWQssRs56oFr
Score6/10-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
дрова/Rar.exe
-
Size
319KB
-
MD5
d74a171cc22654090ab5e639f41b3762
-
SHA1
fe815429eab238e6426f7766bcdbd7ca207a3edf
-
SHA256
bdd8a0d1d99fda28dcde661b6bdb7eb6576aa97655d869b14c2a105106594eb2
-
SHA512
277c16645cbe392c83faf3638d17c53b0695783b8fda1287232a0808565f598b694924308730fefdb1a9adf76acd5712a203a888874af6b772b5a526e3926ade
-
SSDEEP
6144:Crugh4eBm7vbQlCwPakaBstCRvIX6kth2mbh74N:CrlNQ7CsBkCRvIaN
Score3/10 -
-
-
Target
дрова/RarExtLoader.exe
-
Size
43KB
-
MD5
30108227f4b8533fa3955306747f93f4
-
SHA1
2574444ff72481119e65e618d318533a81c523fc
-
SHA256
1e7ba47b36cfc1a5347ee9029e0dd8d5f24ce906d65972b8b015227183ee2b3b
-
SHA512
1e512dbb8c638ecd24c83a4e6f0bc94b09638bab6cb2065dd3801e870fb494d4124729c6fc5fae559429dba282d95ae130c5e52aa8aa27d33f521d1b2d93c589
-
SSDEEP
768:s7sLbqH/yCTVTZCpHjcaQGTIjC1XHN7gqBPqO4G0GrOBLG:s74qHLVTsHIrGToC9HVHPqJG0GYa
Score3/10 -
-
-
Target
дрова/UnRAR.exe
-
Size
203KB
-
MD5
f97ced86d1fb5a76b695cef4aade517a
-
SHA1
661c5ee57075281d502dec79e7d9a15b37eb3d6d
-
SHA256
759e83927873607f56b35540c4b8a3c9efd6cdcdfa112f2ff6b7fff5ebcdee66
-
SHA512
d2103c26b9a91c833534f14fe8e0e1b712fc29d68957de9858437f157cb309e229d59471b262c9420e64e8312afcaa8677fd1d4e8f514b6de5349ebd58e6268a
-
SSDEEP
3072:9iuEE0E/zazhBG/OTDnQbH5V+epBdizwuMu2swpSlbOK/GSsXJ82C7HB4DZN:8ntrhLYbb+q7blAFsXJ82CzB4NN
Score3/10 -
-
-
Target
дрова/Uninstall.exe
-
Size
99KB
-
MD5
cfb0e5ff974e5fdefd8782af19f8e335
-
SHA1
951fbd266cb0af4322191412010464f6e898cb92
-
SHA256
cf13d502b62e2a118333b326fc0460336ceb0bc16ae59623ed6d183b5ce69852
-
SHA512
67f9a34c7cf378338fb62945d9005a594c8b1a78e4c89bf445d44b5bcc9b8d30b0296313226bd072cb62e847d6bde34a0d31dc7fc436d82e8a419bae24322803
-
SSDEEP
1536:JpaTdH5CVy9sP5gu+2oXU2kChHKTD+F73qyU5e9P4GkGgDkHCJlIz:JpaLx9m+hXU2kCdFD98DkHCJlI
Score3/10 -
-
-
Target
дрова/WinRAR.exe
-
Size
1.4MB
-
MD5
7b7c243db32c3b05a35df6454d7b1f93
-
SHA1
05eabcfab039008ffc1d735a5bd25bd39b573e72
-
SHA256
409fb9c7f7d4ce564ba52d9f25330f94ae77c9613d51356baa6349a50238805c
-
SHA512
107f73331ff3d1eba033ccf303af68b1558167284d813cb50d14e8f25469fcdeaf842e33f32ca2a7a31f20d4824c2e32256ba9ed9971dfa659bb45a8c12bdde4
-
SSDEEP
24576:NARK0LnI39vCwPb22v4caO5SFnfAtQ01lcr50kj8fkwDZ:NARtnIt6D2v4cPYZotWN0kQ
Score3/10 -
-
-
Target
дрова/Word2007.exe
-
Size
208.0MB
-
MD5
93e7f161f70a2cf69aeceda970b5fb3c
-
SHA1
a06e6edb1af4e12c00cf19d36d9b5fd2da2fb79a
-
SHA256
8474c6c6563fac52602a881c6f7f41c0e99ff974c4464e862ea94e9f7df0bef6
-
SHA512
c99d886ed23fd9455eb2e13c49deeed5bb263465382cfa7c0be1ad8da16739e30e37480bcd9ea2dba0fbcdd356eaa3e564cd930d5576fb195053a7a6dbe0d5a4
-
SSDEEP
3145728:w73EnpKCHvrM2S/nSogO4t0UDGLo+uKt6Yx2Z9PyhV0TQH1P4W:w7WYCHvo/2XcSzYxkpyktW
Score8/10-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
-
-
Target
дрова/klmcp.exe
-
Size
19.1MB
-
MD5
0a2ca34cb4107331c84106593c95dbd0
-
SHA1
fe553065040b0175dc5ba23205a0415ea320f858
-
SHA256
3d0a23d9564d7234c42bd437af57539b6e20728d8d906b872b7f9ab974887481
-
SHA512
4d2fc0d6acb542afb01986f800c77eac2756822c38973acca27ba346d7ece95a1e9d8852c61245f941aa405d4025902b79a37cb0e4e22f961fd41d1318f9e7a1
-
SSDEEP
393216:1E/h/ZTb0njlxPU5qXWAqCcvcAPEoV8ROsM8TofqkVkaU9Yy4A4:mhBELPU5cWBCcvcA2sgekaIY5F
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
2Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1