c416db4cda367c4e1f8d45bc3e308bcfde7e958bdd8029d92e31599e0d764dd1

Sharing

Copy URL

Twitter E-mail

General

Target

FanControl.zip
Size

6.3MB
Sample

241121-wmw6gatrh1
MD5

542253310b141f47cd141665a3bb4324
SHA1

c07dd32580155be69278ee7526b08d547c61dd02
SHA256

c416db4cda367c4e1f8d45bc3e308bcfde7e958bdd8029d92e31599e0d764dd1
SHA512

0f7b7cde0980aed7f7f0780188a072326ce0885124e741f4f8d3a49ecd6e9b9cc2dabc77a21c04655e0019a9e72aacb45ca2b8ea2979bdd266838eff368ac686
SSDEEP

196608:XV0h0C9RGiXit6Al9gGsMlcXh/O+o+H2zo5kSI8VHkGm:XVIGiXiNgGsvhW+o+HMo5kSFkN

Score

7^/10

Malware Config

Targets

- Target
  
  FanControl.zip
- Size
  
  6.3MB
- MD5
  
  542253310b141f47cd141665a3bb4324
- SHA1
  
  c07dd32580155be69278ee7526b08d547c61dd02
- SHA256
  
  c416db4cda367c4e1f8d45bc3e308bcfde7e958bdd8029d92e31599e0d764dd1
- SHA512
  
  0f7b7cde0980aed7f7f0780188a072326ce0885124e741f4f8d3a49ecd6e9b9cc2dabc77a21c04655e0019a9e72aacb45ca2b8ea2979bdd266838eff368ac686
- SSDEEP
  
  196608:XV0h0C9RGiXit6Al9gGsMlcXh/O+o+H2zo5kSI8VHkGm:XVIGiXiNgGsvhW+o+HMo5kSFkN
Score

7^/10
- Executes dropped EXE
behavioral1 behavioral2
- Target
  
  ADLXWrapper.dll
- Size
  
  201KB
- MD5
  
  a310092f7692e6600d976d4e0d550a57
- SHA1
  
  c01e55a6e4c6bdac3756e76c87b56a17f3548ad6
- SHA256
  
  b2a979defdd8c6eebc84f3511ca1a9d87362b6881ccf141bb2ae770f73caf736
- SHA512
  
  76dd0e2f686b33fd19c0601cbaf83069a6e63a62e821a30ed51270e086563acfd71fe14289ff974dbe749dd4c89576c2b6cc767dcf5c2f94dd7e9c9e3a259555
- SSDEEP
  
  1536:3FEw5zT1gHWuE0nRo3/5JGHwqGrirolT5Cuj75jAumnef6Jy3NIg4V:3FEu31KiJhriropzVj8cNfa
Score

1^/10
behavioral3 behavioral4
- Target
  
  Autofac.dll
- Size
  
  365KB
- MD5
  
  38a6ddde446c9c2dc40e1ef62c1cceac
- SHA1
  
  b1743ad8fe49df111d578c15d6be4b28d62ff633
- SHA256
  
  13423484e1d184e01751f9ced5dba5cffda8a4a616f8560de97d29315aff1386
- SHA512
  
  f6478f4f50412ad59ca1844e6e05ab3e14315c547ae71c9c197faa0f4590538b8398de73bcbca45d3b328baa35f2e3e58195f04a06c0c7303d23187bd2b2697d
- SSDEEP
  
  3072:oPPpZ64wnXN/kNJqWY4PDAQ7CF6KZPK/jm83bmiNuAxvJVSYayWabq+SSYGjunv5:oHrdwnd/IDAQdU8rXNtpSy/uGjYjsS
Score

1^/10
behavioral5 behavioral6
- Target
  
  Emoji.Wpf.dll
- Size
  
  1.0MB
- MD5
  
  689e1a832309c484f95b07bd07fe6a2a
- SHA1
  
  26c6b4544038a43f48d14a27df1aea4c0c18a3dd
- SHA256
  
  21fb67eface68ade290ee88f8a6ccc3869e648a49b5f5ffbad686c3323d1cf03
- SHA512
  
  878b2ed3e6565c8fa9c56c34244934dd05c70fdc80d7c5ca9767ee3b81753131cd8a03d2834645c11fed81a38755be350d92675d1b674ad322140291243630fe
- SSDEEP
  
  12288:A77LaI4MQJfhmSzPTFVoqi4bRnEq1dJY4pH5vd:6NQlYWbFOJ4bRt1dKu
Score

1^/10
behavioral7 behavioral8
- Target
  
  FanControl.IPC.dll
- Size
  
  26KB
- MD5
  
  a7b84ee0e98e884f528e353e66341b1c
- SHA1
  
  a004bed13936e9ec2d51b6ed0a24e3074fffcf8c
- SHA256
  
  b8b7d775f0b8ba041713e4f03c8d2ed20c9937b12250df8bcdf8149c716a7836
- SHA512
  
  e68ad4aaebcf7be3244a357080b414299a4e917e95bfb6ff5825411b825a33c7aeb0f32661d17e948be195fce34bfd3031c29c39a8447c1c7a7a6bf5badc08a5
- SSDEEP
  
  768:UM0z3ywqnNy/8y9f+ATT1zV10lit7/eT:UM0z3y/ymgVSli
Score

1^/10
behavioral10 behavioral9
- Target
  
  FanControl.Library.dll
- Size
  
  132KB
- MD5
  
  2250678e7256ad39a9b081235079a9ce
- SHA1
  
  fc0d0bb2471f2a733e1899158b57051be57f694c
- SHA256
  
  2e41b457b825ddd2221bf6eb0d757b1bab46d7974928598aa005c1fbfb6e089d
- SHA512
  
  0670f38bf0fe8135fb78d3375280b3c3e1eead9ca171e426c94e81996ae3bed10ead83995f5826e366edd65f3076ecc7d441eaa6778b7a2e2078e89d80ce2d99
- SSDEEP
  
  3072:IbqIu9DzRlVVC/bsUOugF+58NnflcEJhc:IbqIu9DzfjSsBNnflh
Score

1^/10
behavioral11 behavioral12
- Target
  
  FanControl.Plugins.dll
- Size
  
  4KB
- MD5
  
  d2f54cdfb526b6b3891ac33d14a103ca
- SHA1
  
  c86f79382a0ab2c3a1b5460f0a3fd1ef9e5f3cc9
- SHA256
  
  37502192909adc3f8b402e55cb43b2337b8270d1c7d6646e97029f6c7686d487
- SHA512
  
  0823ae1c1dcc934e5e383ef0669704bbe608fb04d7b1624859c40bff7698114f3b3d32bcd22617aba302694f22046573f058ba21aa33cc6e9ddcc8ee71d58da5
- SSDEEP
  
  48:6R+lIjOs4B4KUzkBD4Pma61P6ZjNM4U48WB/JBr9lA+otiOl+u23euE+uzTF:vInKbD4o48WVJZIUuGeu3u
Score

1^/10
behavioral13 behavioral14
- Target
  
  FanControl.Resources.dll
- Size
  
  480KB
- MD5
  
  89e0e4bf3ce2a90c1f11ac8f9fd85f66
- SHA1
  
  c2fcec9e823e914007590e452dfcf205f6e329a8
- SHA256
  
  46b0bfedffe727cf4d83eedff400ebf0078c82db6aca76d42933104ae6021d80
- SHA512
  
  d5d255a3dee5668970a587a7a8507f7e3012248626ef2c465bce59098b84c54e59c7984cade003b960b00bd5c7629cd99c8af8e11cbae9cf234dd5ac1414f075
- SSDEEP
  
  6144:U6EBTfRt83qNNSdzhKusc6HterkolUQ02fZesqvYYX6eH/ZZHbZpvhk0t5YDUogd:MRtF+6HckIUQ7qv5X55rW
Score

1^/10
behavioral15 behavioral16
- Target
  
  FanControl.exe
- Size
  
  1.3MB
- MD5
  
  9b94d3f94fae042147cbe5dc8009370f
- SHA1
  
  3116e6fa60f5cd0d580ff748d6ae0499e7534ff2
- SHA256
  
  6d99e5b8af7bd2312f7d3aa2e42514ceb40ed3203dfc669558e8d5d0879c724b
- SHA512
  
  1ee4b0a0d5a5eee964f20f875b6c0254086b4ac2925e47be64e943e4bff97be2b536ebb787dd9390160649ccda6a29f3134800901880458c407695186c5dab71
- SSDEEP
  
  6144:ny2M4ziRCIr+bDy/oUMs2p+pGv1xPGUD5p7aQNwul3k8+uiOiK6kU2SPSC5rII2e:ny2M/CIr+bG/oE2cI/uUjtNu/rf/3pP
Score

7^/10

discovery bootkit persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral17 behavioral18
- Target
  
  GongSolutions.WPF.DragDrop.dll
- Size
  
  184KB
- MD5
  
  e9adb7c5be4081ab05284850d0636543
- SHA1
  
  1c25c38c1b087dba3117f82cce55d7eb048cdfa0
- SHA256
  
  469f272dbe10d924480477d790f1c437c3666040293e1468e8b11adbb2d3a12e
- SHA512
  
  335770e64acb762168947df13101397752fc99e474f7ef6ddd848db944b3deff36197d1178d7d213ef8c54364386470cfd79463ce7ad75ed01b2c613704fc146
- SSDEEP
  
  3072:S/8YvGFmngvkNQ0WPey7fSaOFLHyDkiplXpNymTNlkU/2t7LSZEzujBsngxw:VkGFmnbNQ0yXTJOFLHyDkibXpNy2kU/U
Score

1^/10
behavioral19 behavioral20
- Target
  
  Google.Protobuf.dll
- Size
  
  461KB
- MD5
  
  d4fc377df96077f4b38c4df41535c610
- SHA1
  
  8fcf9ea98cc52e042b7f1a0000749df421287cfa
- SHA256
  
  44b0b144e10ab00469bc4c9b29f14e903430746b0b5dba3e5f896f4eacd90277
- SHA512
  
  63f87a931a5c0df9d56327ee64e9cb3cbe31292601a0bbd3df5732258af8990e3adbec24290cf60091e76e461187af09057e349456b284a78c4e621ed4851c9e
- SSDEEP
  
  12288:qEo0WTZKG1thPtf83ICB76gxriER5/MBy0jPFKAhQ6LON:qEozbt4Vt3MnhQ6Ly
Score

1^/10
behavioral21 behavioral22
- Target
  
  Grpc.Core.Api.dll
- Size
  
  68KB
- MD5
  
  541ea1c3e38526648909b2792611363f
- SHA1
  
  7498a141b6076c4d5941eb488a9184bb12221dcf
- SHA256
  
  0d8a23ed2e943dd5f034bee91482b38cfa232a38cadc883c337313d7ad3e9eca
- SHA512
  
  286ecb248c76f492be2dfd611804e0992044a82edcd5d882e18454874b45975eb5376a32661c157f54a23d8e2ae147544b577cad69dc3f21bef480f67e2d40c9
- SSDEEP
  
  1536:TuuJQA5+vkLqGfr5fvTo06fm7vuwbAidfGYxd6SBGuToVsGRBGXyDYGQbKy0PcQJ:Nh5fvTv6SAidfh66kVsGayDYGQbK6Q
Score

1^/10
behavioral23 behavioral24
- Target
  
  GrpcDotNetNamedPipes.dll
- Size
  
  74KB
- MD5
  
  462683de4129f0a4b42e4242bbcaac36
- SHA1
  
  e7ff06c99f179715971f67dd8bcde4b32bf37ab4
- SHA256
  
  05c2126ea2a4c1bb817bf9e4e82e441d09241f2813b9eda3e52b45af7c37bea4
- SHA512
  
  9c83c8148273dc4747d57e07e440cd26e5584eceb81e421abd15040d4fd3895ea64591ebbfa2f7e323fd677ae6d5187f9a528526f4f4169411031fe19d2cbfbe
- SSDEEP
  
  1536:q5wmQKvhE1apIQdtJDE1vJCNk7FmbCM+2Xo4/keqeRObvL:q528hE1CDoJr7SXfXo4/rjRS
Score

1^/10
behavioral25 behavioral26
- Target
  
  HidSharp.dll
- Size
  
  236KB
- MD5
  
  8d3eb299f8447b633334d1c426a2f0f7
- SHA1
  
  8497ae75f2dd9271d9158a27250288905e8cca28
- SHA256
  
  8c58e5fba22acc751032dfe97ce633e4f8a4c96089749bf316d55283b36649c2
- SHA512
  
  e1b65393bc4c338a23e31ddee7071129aa70597b651c51c07b90e6d93d5d67e45f7715e0fe034c3508df4f2196f37360b2e07969036370b0a6170b0d8627cdfa
- SSDEEP
  
  3072:ct5N7ozr/ES/jKLCPuamzT/n3yJ/TLSIIeTnImstJr39ipdDnVnc0CK9MaCr6HGo:60zzZ/eLrJ/nkrIR3EpdnFp1MEGdZY
Score

1^/10
behavioral27 behavioral28
- Target
  
  LibreHardwareMonitorLib.dll
- Size
  
  691KB
- MD5
  
  c198c594d2867310bef25b0ad73c1880
- SHA1
  
  9460b398255fa8daee7fdc7ba822dd23777de123
- SHA256
  
  82c692d5d725b8b3d9ed443e91f669f92b88c1449b30ff5084685cc02856bd2e
- SHA512
  
  2780c43019ca033cfbb96fcad54b950e914f07ad1575e873098c70ffc2cf2c1a1220c10dad9bd95d6d31767a429f1b646b909e666fe3a34d8d86d21814f2712b
- SSDEEP
  
  6144:D/kpHuqT/k6KOkqzty9DQD/ZBd+fHTm+b9bim5inK5gA5pZVsGO/uD8t9Y6jzpHF:6WbimgzG648t9bF/RPusrH8VP/Gbh
Score

1^/10
behavioral29 behavioral30
- Target
  
  MaterialDesignColors.dll
- Size
  
  309KB
- MD5
  
  96e95d5d64b1c34974cab78822b03f27
- SHA1
  
  ede5179d60135f5c982c34549111908fb1d692f4
- SHA256
  
  c45e60b466a92feb0472a354d77b3d9d3eb3a2f52a83cfa2aa357ab32a62d75b
- SHA512
  
  452e528a7b7732c106651db29b733538b7db6db25b393c8b7260dba63dafa4e9e1842c47385c969a69cc42b63237701c9d30a4d6764bf5af3b4f8c9d0bddb017
- SSDEEP
  
  3072:zXVnWvw49ZFKa3K0HefMgKh4LNgXDB66aftO:zXVnWvw49ZFKaLH86af
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Checks computer location settings

Event Triggered Execution: Component Object Model Hijacking

Legitimate hosting services abused for malware hosting/C2

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32