5e276e821f3d3d0aefa466e229fbe8b1ffe92503f41349d2bd1d99e2a11c0a8c

Sharing

Copy URL

Twitter E-mail

General

Target

5e276e821f3d3d0aefa466e229fbe8b1ffe92503f41349d2bd1d99e2a11c0a8c.zip
Size

25.5MB
Sample

241121-qallbasmbx
MD5

4ee343ada47e98fdb16cab2157ba4bdd
SHA1

0e844700a660eab07d6358d9089b08ffcbe6dfdd
SHA256

5e276e821f3d3d0aefa466e229fbe8b1ffe92503f41349d2bd1d99e2a11c0a8c
SHA512

a849441365d04e5e7d9f04bfe2c3bddbc6c7a96cd01ea7d65ca54a15b189dac3f74b22154cec3c7aa5be6852730cfc8d0ad66ef0d743011a35f1be7cf5f6fc9f
SSDEEP

196608:11xOxOxOxOxOxOxOxOxOxOxOxOxOxOxOxOxOxOxOxOxOxOxUrHLLLLLLLLLLurH9:vYYYYYYYYYYYYYYYYYYYYYYmrOr57

Score

8^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  ExxxxSet_up.exe.lnk
- Size
  
  1KB
- MD5
  
  87619571a8b1b30c00b74b7c7f0649fe
- SHA1
  
  443f494bb21ba44fe3b6be107ae37bfd143afe68
- SHA256
  
  d7c0655c6f1db4acb14bb4c1ddec34ce8f3849c9e0bf9e28d28c8f1c00121fd7
- SHA512
  
  151234967c65a224d29f1c987d4d2aa5f930cd02da62ed46aef11692a7f4d9a7a05c70cd5e83f0b3831af540fde97ca19912e9ff4d5c6c58583b9aeaa7ff4a3e
Score

8^/10

persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2
- Target
  
  UP/ii.dll
- Size
  
  17.5MB
- MD5
  
  04312655f1288a6838029eab745ed584
- SHA1
  
  ccd001dcebb19b6aafcdd3e39f3860d24a59fe2c
- SHA256
  
  810da0429f85f429581fc1d9c67faf8797493dfab52132679bbcdecf823a42bf
- SHA512
  
  3d34be3f2ce76f388bb25f578724bb85cddd6a620a38ea107fea459e6c5a445c4b7e962b863ecac968582207ad7cd2266788f522cc5dadf4fa5faff40bb8a60d
- SSDEEP
  
  393216:s33333333333333333333333333333333333333333333333P:s333333333333333333333333333333f
Score

1^/10
behavioral3 behavioral4
- Target
  
  UP/machine_64.dll
- Size
  
  390KB
- MD5
  
  a1e69165b66d05938ab8fc8232edc866
- SHA1
  
  d0de23e3b6f03068a828e5e4201cc97c051994c2
- SHA256
  
  5b7345de0b70b8d0cefd4140acf428a5b0ffe5a147adf8a75d981b37fbd81e3a
- SHA512
  
  b4f94fdcaaad36958a35e194cd20e13c280f5c802c97d3b5813fe13ffc61ca4688a28f93b41e465a3def00fe6b13a6db47ea777418c0b6dfe7fde4a33a33cfbb
- SSDEEP
  
  6144:QXpzQBQvkr+bAdodpIwXpmuWs+lohHwFP1KkF7oOThiKD:Ql1vOajh8uWxo49KKTr
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral5 behavioral6
- Target
  
  UP/psmachine_arm64.dll
- Size
  
  17.2MB
- MD5
  
  98e0505fc7f9f5662554601973a240f2
- SHA1
  
  8245a185f2612364347f26d4bf80424a33959091
- SHA256
  
  142925ca121f0c5c05db78fae96658329f64c5e34b10cca00fe285427a3d8d84
- SHA512
  
  f89a7dad9cfa1aed1bfba7527079aa49fcc1c1cfe950f68db63c47bdf8f6ac302f65c3b29fa61f0b834dacb7838051780f98ac9fac6316dd0154772b3d395303
- SSDEEP
  
  393216:63333333333333333333333333333333333333333333333wz:6333333333333333333333333333333c
Score

1^/10
behavioral7 behavioral8
- Target
  
  UP/updateres_sv.dll
- Size
  
  34.3MB
- MD5
  
  26395664d06f9186cd231b0188f8b8c5
- SHA1
  
  4beae3a3735402249754ae594c7e6503c8de20da
- SHA256
  
  2c337128c782d7bdcf54805df1088532d6bf3a766f6036ba81de96f766dd219c
- SHA512
  
  45c1275e701d7108af8c3fb23d819b6f2b200e62a0132679b4966d805f0fe16202321b5cdcd62bd21eee57bc05d39719511df89e5a76c0077ff66ed24774062d
- SSDEEP
  
  786432:6333333333333333333333333333333333333333333333333333333333333333:0
Score

1^/10
behavioral10 behavioral9