General

  • Target

    c22b74bb5b950a631aab0b48d9480861b6bcd02de2be9cbc9294c760344b430b.exe

  • Size

    2.5MB

  • Sample

    241123-tmrjwatnen

  • MD5

    e44aa4739e6414c5dec3ede80232deab

  • SHA1

    a2a38256e63e2acd791f46a82cc74e34e26d4d79

  • SHA256

    c22b74bb5b950a631aab0b48d9480861b6bcd02de2be9cbc9294c760344b430b

  • SHA512

    1f10f95db7d67856bbebf9aa4510cb6122e3a7624ef7e3f0cd2d49b08a13b07e8ba43cbe771e4db0d7171f605dca78027cf56369ec90963f1577f3a75ea2f692

  • SSDEEP

    49152:P3g6ex2uF+sfC0sJfPT2Xs2WyexyCfXHHVz6UWimMVUiPCqsnaVnHB4lmtpQ3l5f:P7o2wfqNSoyc0G7r6XnaVn/tW5f

Malware Config

Targets

    • Target

      c22b74bb5b950a631aab0b48d9480861b6bcd02de2be9cbc9294c760344b430b.exe

    • Size

      2.5MB

    • MD5

      e44aa4739e6414c5dec3ede80232deab

    • SHA1

      a2a38256e63e2acd791f46a82cc74e34e26d4d79

    • SHA256

      c22b74bb5b950a631aab0b48d9480861b6bcd02de2be9cbc9294c760344b430b

    • SHA512

      1f10f95db7d67856bbebf9aa4510cb6122e3a7624ef7e3f0cd2d49b08a13b07e8ba43cbe771e4db0d7171f605dca78027cf56369ec90963f1577f3a75ea2f692

    • SSDEEP

      49152:P3g6ex2uF+sfC0sJfPT2Xs2WyexyCfXHHVz6UWimMVUiPCqsnaVnHB4lmtpQ3l5f:P7o2wfqNSoyc0G7r6XnaVn/tW5f

    • Modifies Windows Defender Real-time Protection settings

    • Modifies Windows Defender notification settings

    • Modifies security service

    • Modifies Windows Firewall

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Modifies Security services

      Modifies the startup behavior of a security service.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/SelfDel.dll

    • Size

      5KB

    • MD5

      e5786e8703d651bc8bd4bfecf46d3844

    • SHA1

      fee5aa4b325deecbf69ccb6eadd89bd5ae59723f

    • SHA256

      d115bce0a787b4f895e700efe943695c8f1087782807d91d831f6015b0f98774

    • SHA512

      d14ad43a01db19428cd8ccd2fe101750860933409b5be2eb85a3e400efcd37b1b6425ce84e87a7fe46ecabc7b91c4b450259e624c178b86e194ba7da97957ba3

    • SSDEEP

      96:NdekHUj5z13cPopei+Ml9PNDFbS7xg+TScrQ5:NdeuU9xcPopr+M9FbSS+TSE

    Score
    7/10
    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      7KB

    • MD5

      11092c1d3fbb449a60695c44f9f3d183

    • SHA1

      b89d614755f2e943df4d510d87a7fc1a3bcf5a33

    • SHA256

      2cd3a2d4053954db1196e2526545c36dfc138c6de9b81f6264632f3132843c77

    • SHA512

      c182e0a1f0044b67b4b9fb66cef9c4955629f6811d98bbffa99225b03c43c33b1e85cacabb39f2c45ead81cd85e98b201d5f9da4ee0038423b1ad947270c134a

    • SSDEEP

      96:JgzdzBzMDhOZZDbXf5GsWvSv1ckne94SDbYkvML1HT1fUNQaSGYuHIDQ:JDQHDb2vSuOc41ZfUNQZGdHA

    Score
    3/10
    • Target

      $_13_/PowerRun64.exe

    • Size

      923KB

    • MD5

      efe5769e37ba37cf4607cb9918639932

    • SHA1

      f24ca204af2237a714e8b41d54043da7bbe5393b

    • SHA256

      5f9dfd9557cf3ca96a4c7f190fc598c10f8871b1313112c9aea45dc8443017a2

    • SHA512

      33794a567c3e16582da3c2ac8253b3e61df19c255985277c5a63a84a673ac64899e34e3b1ebb79e027f13d66a0b8800884cdd4d646c7a0abe7967b6316639cf1

    • SSDEEP

      24576:X2DW/xbMX2YIbxQsu3/PNLoQ+HyS2I4jRk:X2EgXoQsW/PNUQWnX4jRk

    Score
    4/10
    • Target

      $_13_/SetACL64.exe

    • Size

      601KB

    • MD5

      1fb64ff73938f4a04e97e5e7bf3d618c

    • SHA1

      aa0f7db484d0c580533dec0e9964a59588c3632b

    • SHA256

      4efc87b7e585fcbe4eaed656d3dbadaec88beca7f92ca7f0089583b428a6b221

    • SHA512

      da6007847ffe724bd0b0abe000b0dd5596e2146f4c52c8fe541a2bf5f5f2f5893dccd53ef315206f46a9285ddbd766010b226873038ccac7981192d8c9937ece

    • SSDEEP

      12288:3G2NBTh+l8gAqAbdsuEa3nZGSebY7o937bfJ9Ud:3xNBTYlaLdaynZGBc7orbJ9Ud

    Score
    1/10
    • Target

      $_13_/bn.bat

    • Size

      885B

    • MD5

      b8f5f8991353b53c34e6909eced64f13

    • SHA1

      5e039faaf0125202fec8087475c62248de7a3976

    • SHA256

      f9b7a1395cd60cf2c03bc5b48c81742a6e2a9fc5f5d14dfb48232678c83f272e

    • SHA512

      4e5b61f09a6672e4fd93ebccfc8ef25139db6e5200a8203b3950a68cb3251316aef30f86facc1f7560a7f1215647d63cdae0b0fd5ae094097ed180856206ef70

    Score
    1/10
    • Target

      $_13_/bn1.bat

    • Size

      9KB

    • MD5

      95177638f9e6c0c5f4ae5b598a373ca2

    • SHA1

      fca0880d545b3937ceafa4f6ad0ece12168e2921

    • SHA256

      606e86d58f2c47eff90ad4b78463ca866854a278adeb09d06a29395a1b8aea89

    • SHA512

      55236ad069d9d4347bd2951bc5c5a05f5466e6a7937ec36b903dfb3e72c37bfb33ff610e42006a2da56c07c668cea0cb416fa412663c8d7c80ebc0641cd2d962

    • SSDEEP

      192:5yeKv9eA3sQlxRyEiLivnzA6fFrs3qUEGA6oh/HbzBBzKF6gF8XM9LjZApFpQjTN:4K

    • Modifies Windows Defender Real-time Protection settings

    • Modifies Windows Defender notification settings

    • Modifies security service

    • Modifies Security services

      Modifies the startup behavior of a security service.

    • Target

      $_13_/bnn.bat

    • Size

      146B

    • MD5

      0b4d87168954eff0d213d2785fce723a

    • SHA1

      79944843aba1c4ea95083026845552648a18f197

    • SHA256

      b2d3e4c0e7d1c0a3d1308df4673e971246356c7b7e11885a2b9631ecac828b65

    • SHA512

      9518c8af4c9870f058b57d97723581e979ebaa69478cd6b7ad9837cbdc84b75bc848019781aa9d20d498df6871833651f5c79e3d5da2e917a435cce71c8d0cc4

    Score
    1/10
    • Target

      $_13_/bnz.bat

    • Size

      1KB

    • MD5

      09f26047b6e9e6e8e0f61eb8937c69f6

    • SHA1

      2c0a32ada511bfed1d7b97e5a550aa8953d9b831

    • SHA256

      3ab809562d2c374bf6c4c8ee2f49f34e875055af65f95cb7645312deb8c29a7d

    • SHA512

      4b3f35f43ee1a8a74c96583d6ea24d69e7e75b289a6bd56e795b5e1918e772bec7f67a12113ecbacc4be9e2f1cc7611cefb94d6662b4778e90a228d97428ff15

    Score
    1/10
    • Target

      $_13_/dotNetFx40_Full_setup.exe

    • Size

      868KB

    • MD5

      53406e9988306cbd4537677c5336aba4

    • SHA1

      06becadb92a5fcca2529c0b93687c2a0c6d0d610

    • SHA256

      fa1afff978325f8818ce3a559d67a58297d9154674de7fd8eb03656d93104425

    • SHA512

      4f89da81b5a3800aa16ff33cc4a42dbb17d4c698a5e2983b88c32738decb57e3088a1da444ad0ec0d745c3c6b6b8b9b86d3f19909142f9e51f513748c0274a99

    • SSDEEP

      24576:+tW4x8xAxCdUcyezFSjaBHFaNlsqK5/oh6iZf1LUXw/vxNI:d4x8xqCGexm8FCspg0iZf1LUXD

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $_13_/dotNetFx45_Full_setup.exe

    • Size

      982KB

    • MD5

      9e8253f0a993e53b4809dbd74b335227

    • SHA1

      f6ba6f03c65c3996a258f58324a917463b2d6ff4

    • SHA256

      e434828818f81e6e1f5955e84caec08662bd154a80b24a71a2eda530d8b2f66a

    • SHA512

      404d67d59fcd767e65d86395b38d1a531465cee5bb3c5cf3d1205975ff76d27d477fe8cc3842b8134f17b61292d8e2ffba71134fe50a36afd60b189b027f5af0

    • SSDEEP

      24576:3idS2cRQNb9dUcyezFSja7zEwA2BH6SEUVGDKX68zuQm6wwr5mAPepC:SQ2cRQh9GexmCxBxVV56CmWQax

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $_13_/mbbyfatkrvotaiy.exe

    • Size

      6KB

    • MD5

      e20d4921a4e68cc82bf7263539595bb0

    • SHA1

      37ada032a527303c2b16f5529d2430f3b576ca03

    • SHA256

      38dd040c23ebaee60f80f2b1753be1509e5260328b67b144ac70887276b8742f

    • SHA512

      d54b1ad476d9bdbe87aa88cb5d1238003a1cb6923a88602ec02db579510742bc020deb4199c3d37db69f6f8f93dd32aa6bf9d13143117b02701a20c5694a490b

    • SSDEEP

      48:607m4bdFYKbXU57maZkkgmq8aNMfCIpKkQIKZbGqeYlK/XQtPT8W54tagjlm6ouQ:7HY+LaZfXKBlKXQt78PjI6o2zNt

    Score
    3/10
    • Target

      $_13_/win_version_csharp.exe

    • Size

      6KB

    • MD5

      7cb364701028767f8942cc3f8439f8f2

    • SHA1

      d6bede2206b7042b4cae32f416e1b43ffac94238

    • SHA256

      a2716605f8dd1930808e6918db670a3fe32287791862883dbabd26849b87b09e

    • SHA512

      3011b3d64f79280ab05de9658c4f5a13f637ad2e79d5770cfaeb3af6cb8c7a56b610dad69fdf295112be64cfb80e18f30bb1829eb3c0e549105f63d0e770dc13

    • SSDEEP

      96:/uidPNKO2mkcQ7DBOrkB0kPkKXwF4dkd8Nue3qYMns1BjgtRQWWzNt:FIOu7DBOrkB0kPkKXwF4dkd8Nn34nUBR

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

defense_evasiondiscoveryevasionexecutionpersistenceprivilege_escalationtrojanupx
Score
10/10

behavioral2

defense_evasiondiscoveryevasionexecutionpersistenceprivilege_escalationtrojanupx
Score
10/10

behavioral3

discoveryupx
Score
7/10

behavioral4

discoveryupx
Score
7/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

Score
4/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

defense_evasionevasionexecutiontrojan
Score
10/10

behavioral14

defense_evasionevasionexecutiontrojan
Score
10/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

discovery
Score
7/10

behavioral20

discovery
Score
7/10

behavioral21

discovery
Score
7/10

behavioral22

discovery
Score
7/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10