Overview

overview

8

Static

static

3

dbb2293f3f...42.exe

windows7-x64

8

dbb2293f3f...42.exe

windows10-2004-x64

8

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

driver/tap0901.sys

windows10-2004-x64

1

driver/tapinstall.exe

windows7-x64

1

driver/tapinstall.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dbb2293f3fdc5f95a1b84564b9c6b98af51344a3f9f053a68015b6dd075c2b42

  • Size

    14.7MB

  • Sample

    241121-ljz3va1ke1

  • MD5

    62074a16098bc74e9759d07c3cf1145d

  • SHA1

    0aeb2566c3924fcf2969b78912f98a514afc10e6

  • SHA256

    dbb2293f3fdc5f95a1b84564b9c6b98af51344a3f9f053a68015b6dd075c2b42

  • SHA512

    002ae3fe34cf98a1d7b21c95977c43ab65e57132934bca7f6ff45d8e5c22d7ed3a8aeefd0c4b7fa5241b30587b6cfb3698b5870ee5d59b22e779a0b27945e7d0

  • SSDEEP

    393216:NO02/Ql7Mas0hYW4x2r7jfbGNn4cIPfirmLvt6Mjzm3mGckdLQKZpL:NOLYMf0hyx2XjfbVk6Lvt6i6RrLQK

Score
8/10
discoveryevasionexecutionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      dbb2293f3fdc5f95a1b84564b9c6b98af51344a3f9f053a68015b6dd075c2b42

    • Size

      14.7MB

    • MD5

      62074a16098bc74e9759d07c3cf1145d

    • SHA1

      0aeb2566c3924fcf2969b78912f98a514afc10e6

    • SHA256

      dbb2293f3fdc5f95a1b84564b9c6b98af51344a3f9f053a68015b6dd075c2b42

    • SHA512

      002ae3fe34cf98a1d7b21c95977c43ab65e57132934bca7f6ff45d8e5c22d7ed3a8aeefd0c4b7fa5241b30587b6cfb3698b5870ee5d59b22e779a0b27945e7d0

    • SSDEEP

      393216:NO02/Ql7Mas0hYW4x2r7jfbGNn4cIPfirmLvt6Mjzm3mGckdLQKZpL:NOLYMf0hyx2XjfbVk6Lvt6i6RrLQK

    Score
    8/10
    discoveryevasionexecutionpersistenceprivilege_escalation

    • Drops file in Drivers directory

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Network Service Discovery

      Attempt to gather information on host's network.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      192639861e3dc2dc5c08bb8f8c7260d5

    • SHA1

      58d30e460609e22fa0098bc27d928b689ef9af78

    • SHA256

      23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6

    • SHA512

      6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc

    • SSDEEP

      192:ljHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZqE0QPi:R/Qlt7wiij/lMRv/9V4bfr

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      b7d61f3f56abf7b7ff0d4e7da3ad783d

    • SHA1

      15ab5219c0e77fd9652bc62ff390b8e6846c8e3e

    • SHA256

      89a82c4849c21dfe765052681e1fad02d2d7b13c8b5075880c52423dca72a912

    • SHA512

      6467c0de680fadb8078bdaa0d560d2b228f5a22d4d8358a1c7d564c6ebceface5d377b870eaf8985fbee727001da569867554154d568e3b37f674096bbafafb8

    • SSDEEP

      96:ooEv02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YMNqkzfFc:ooEvCu5e81785qHFcU0PuAw0uyyIFc

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      7KB

    • MD5

      11092c1d3fbb449a60695c44f9f3d183

    • SHA1

      b89d614755f2e943df4d510d87a7fc1a3bcf5a33

    • SHA256

      2cd3a2d4053954db1196e2526545c36dfc138c6de9b81f6264632f3132843c77

    • SHA512

      c182e0a1f0044b67b4b9fb66cef9c4955629f6811d98bbffa99225b03c43c33b1e85cacabb39f2c45ead81cd85e98b201d5f9da4ee0038423b1ad947270c134a

    • SSDEEP

      96:JgzdzBzMDhOZZDbXf5GsWvSv1ckne94SDbYkvML1HT1fUNQaSGYuHIDQ:JDQHDb2vSuOc41ZfUNQZGdHA

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      4KB

    • MD5

      f0438a894f3a7e01a4aae8d1b5dd0289

    • SHA1

      b058e3fcfb7b550041da16bf10d8837024c38bf6

    • SHA256

      30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

    • SHA512

      f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

    • SSDEEP

      48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      driver/tap0901.sys

    • Size

      30KB

    • MD5

      b1c405ed0434695d6fc893c0ae94770c

    • SHA1

      79ecacd11a5f2b7e2d3f0461eef97b7b91181c46

    • SHA256

      4c474ea37a98899e2997591a5e963f10f7d89d620c74c8ee099d3490f5213246

    • SHA512

      635421879cd4c7c069489033afaf7db1641615bfd84e237264acfe3f2d67668ecfe8a9b9edd0e9d35b44dec7d6ba0197ed7048dfb8ec3dba87ccdc88be9acfb7

    • SSDEEP

      768:+tCuL1O/+AphG3F9NlXt5oZhDzbV104mmuiExsFwQv:+dCoTxk1lmmjExsFNv

    Score
    1/10
    behavioral11

    • Target

      driver/tapinstall.exe

    • Size

      99KB

    • MD5

      1e3cf83b17891aee98c3e30012f0b034

    • SHA1

      824f299e8efd95beca7dd531a1067bfd5f03b646

    • SHA256

      9f45a39015774eeaa2a6218793edc8e6273eb9f764f3aedee5cf9e9ccacdb53f

    • SHA512

      fa5cf687eefd7a85b60c32542f5cb3186e1e835c01063681204b195542105e8718da2f42f3e1f84df6b0d49d7eebad6cb9855666301e9a1c5573455e25138a8b

    • SSDEEP

      1536:ImYSYxGfIZnRnD6M7EFOUakPhtUn6KXF4O7WfvZt9c:HYFZnRDGdvPXU6K1RW

    Score
    1/10
    behavioral12behavioral13

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

2
T1059

PowerShell

1
T1059.001

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Network Service Discovery

1
T1046

Peripheral Device Discovery

1
T1120

Query Registry

3
T1012

System Information Discovery

4
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks