General

  • Target

    13101216127da473cec5dda480c23c4db57e1f1a9d25f46c7595818c30cf1f52.exe

  • Size

    2.5MB

  • Sample

    241204-ra6rxsxmgv

  • MD5

    4fb8a3b07100f5fec8a75931cae24c05

  • SHA1

    3ac325d26f6bd89f5bf77acd082cbca4f9296c68

  • SHA256

    13101216127da473cec5dda480c23c4db57e1f1a9d25f46c7595818c30cf1f52

  • SHA512

    68b2b45e32bc2a65f02b076addf50aca27b6742c0dfcc96ee06f463f344f2b43641ab08b5396cdddeac677ba85607f184e293d8b63b739e904273367b4ae3fd0

  • SSDEEP

    49152:RNg6ex2uF+sfC0sJfPT2Xs2WyexyCfXHHVz6UWimMVUiPCqsnaVnHB4lmtpQ3l5w:RVo2wfqNSoyc0G7r6XnaVn/tW5w

Malware Config

Targets

    • Target

      13101216127da473cec5dda480c23c4db57e1f1a9d25f46c7595818c30cf1f52.exe

    • Size

      2.5MB

    • MD5

      4fb8a3b07100f5fec8a75931cae24c05

    • SHA1

      3ac325d26f6bd89f5bf77acd082cbca4f9296c68

    • SHA256

      13101216127da473cec5dda480c23c4db57e1f1a9d25f46c7595818c30cf1f52

    • SHA512

      68b2b45e32bc2a65f02b076addf50aca27b6742c0dfcc96ee06f463f344f2b43641ab08b5396cdddeac677ba85607f184e293d8b63b739e904273367b4ae3fd0

    • SSDEEP

      49152:RNg6ex2uF+sfC0sJfPT2Xs2WyexyCfXHHVz6UWimMVUiPCqsnaVnHB4lmtpQ3l5w:RVo2wfqNSoyc0G7r6XnaVn/tW5w

    • Modifies Windows Defender Real-time Protection settings

    • Modifies Windows Defender notification settings

    • Modifies security service

    • Modifies Windows Firewall

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Modifies Security services

      Modifies the startup behavior of a security service.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/SelfDel.dll

    • Size

      5KB

    • MD5

      e5786e8703d651bc8bd4bfecf46d3844

    • SHA1

      fee5aa4b325deecbf69ccb6eadd89bd5ae59723f

    • SHA256

      d115bce0a787b4f895e700efe943695c8f1087782807d91d831f6015b0f98774

    • SHA512

      d14ad43a01db19428cd8ccd2fe101750860933409b5be2eb85a3e400efcd37b1b6425ce84e87a7fe46ecabc7b91c4b450259e624c178b86e194ba7da97957ba3

    • SSDEEP

      96:NdekHUj5z13cPopei+Ml9PNDFbS7xg+TScrQ5:NdeuU9xcPopr+M9FbSS+TSE

    Score
    7/10
    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      7KB

    • MD5

      11092c1d3fbb449a60695c44f9f3d183

    • SHA1

      b89d614755f2e943df4d510d87a7fc1a3bcf5a33

    • SHA256

      2cd3a2d4053954db1196e2526545c36dfc138c6de9b81f6264632f3132843c77

    • SHA512

      c182e0a1f0044b67b4b9fb66cef9c4955629f6811d98bbffa99225b03c43c33b1e85cacabb39f2c45ead81cd85e98b201d5f9da4ee0038423b1ad947270c134a

    • SSDEEP

      96:JgzdzBzMDhOZZDbXf5GsWvSv1ckne94SDbYkvML1HT1fUNQaSGYuHIDQ:JDQHDb2vSuOc41ZfUNQZGdHA

    Score
    3/10
    • Target

      $_63_/PowerRun64.exe

    • Size

      923KB

    • MD5

      efe5769e37ba37cf4607cb9918639932

    • SHA1

      f24ca204af2237a714e8b41d54043da7bbe5393b

    • SHA256

      5f9dfd9557cf3ca96a4c7f190fc598c10f8871b1313112c9aea45dc8443017a2

    • SHA512

      33794a567c3e16582da3c2ac8253b3e61df19c255985277c5a63a84a673ac64899e34e3b1ebb79e027f13d66a0b8800884cdd4d646c7a0abe7967b6316639cf1

    • SSDEEP

      24576:X2DW/xbMX2YIbxQsu3/PNLoQ+HyS2I4jRk:X2EgXoQsW/PNUQWnX4jRk

    Score
    4/10
    • Target

      $_63_/SetACL64.exe

    • Size

      601KB

    • MD5

      1fb64ff73938f4a04e97e5e7bf3d618c

    • SHA1

      aa0f7db484d0c580533dec0e9964a59588c3632b

    • SHA256

      4efc87b7e585fcbe4eaed656d3dbadaec88beca7f92ca7f0089583b428a6b221

    • SHA512

      da6007847ffe724bd0b0abe000b0dd5596e2146f4c52c8fe541a2bf5f5f2f5893dccd53ef315206f46a9285ddbd766010b226873038ccac7981192d8c9937ece

    • SSDEEP

      12288:3G2NBTh+l8gAqAbdsuEa3nZGSebY7o937bfJ9Ud:3xNBTYlaLdaynZGBc7orbJ9Ud

    Score
    1/10
    • Target

      $_63_/acxxtzcogvgr.exe

    • Size

      6KB

    • MD5

      54ccc3f74e50cf98876b489d534b202c

    • SHA1

      29115091237319b0df4696f2783d0ccce37ebef6

    • SHA256

      694d55981fcb0e07f5e6cfe3229b3fa565a7fcb80e2da77ef987af2f580d6e37

    • SHA512

      935e441c5d558c8825cc386ccfde6c1bd6cb0cf77892bbf1753190717004537756085147fd30ceb077ba403beda1e071c6a94ef91ff37e3dc5faa00935035d10

    • SSDEEP

      48:6T/mwndFYK26NCO6moJkQgmq/aNMfCIpKkQISeGqeYlK/B4tPpR54tagjlm6ouqB:0HYz6E0oJeXKBeKB4thajI6o2zNt

    Score
    3/10
    • Target

      $_63_/bn.bat

    • Size

      147B

    • MD5

      88416e9f6b3759064df76476c57b31fc

    • SHA1

      ffc41b3c48cd5f5461807ac87968a78b060b78d5

    • SHA256

      08c1f095933e606688e2166656e1d726eca5b7ae8240aacfa184ce8535e1baee

    • SHA512

      602d1d262c0954e2dfff2e5616ebfb9d5baebb96300136fc665dc1e6bd969e0876525954de0a3b83df69ac04fcf64447af8a28ea31dba6c527e8197033197480

    Score
    1/10
    • Target

      $_63_/bn1.bat

    • Size

      6KB

    • MD5

      18ed180c0b36d0e5bfee84806a19537c

    • SHA1

      e7c9b67bdd5ae63666960db92bb98fdf43e7b875

    • SHA256

      d388317f65ec52d46fc68548e60320758a6b512966c1d72314875dc29e459528

    • SHA512

      cf6e82e48f9e7b11a4be4ebd606af59909d0a372fd694435e747279771c9d9fac8bfeaf9fedbc4c37dd0fc8e23e77c6b619ac084f230a207f9f96d0dc17b5f1b

    • SSDEEP

      192:5qUEGA6oh/HbzBBzKF6gF8XM9LjZApFpQjTtf:AK

    • Modifies Windows Defender notification settings

    • Modifies security service

    • Modifies Security services

      Modifies the startup behavior of a security service.

    • Target

      $_63_/bnn.bat

    • Size

      599B

    • MD5

      a77f19fdf07ee0bdcec8889e50953c81

    • SHA1

      3bf08f4e5f0bc98cd9e370a2adc0111a37eb7c7f

    • SHA256

      65a32afecedfad8e6979735e65db8ac64dc17048d930c5bc6036c62764e6a9a2

    • SHA512

      ece9f684b8e081caf4aec6f1d1373a0931e27694beefa316f94771433d20418cd510443495b7a951f1ea14a8e585f442a5092bcb9dce6c73a73043c319149ff8

    Score
    1/10
    • Target

      $_63_/bnoo1.bat

    • Size

      2KB

    • MD5

      1f89930c9e4fd56765ca2ac17e06817d

    • SHA1

      cecb1c4a81dc27a6f4379ead464f418a1bf10ce9

    • SHA256

      2de693852c2127d52fe758bde2fa606d3adf5f4eb790f186797abc48e3e892e7

    • SHA512

      488f77ba07c40a27c3f76636fba2479146ce6aa0b6a4948677e4cc5a2937eae42f2b15c2bbf13ebb95cf3e2bd0ace5fa525072cb2bcd368571f8fe79eb6fcd1c

    Score
    10/10
    • Modifies Windows Defender Real-time Protection settings

    • Target

      $_63_/bnz.bat

    • Size

      2KB

    • MD5

      a639b0bfefec4e4032cffe1a11e7c28a

    • SHA1

      0247f009b3310e486a04ddc68c9123e184285407

    • SHA256

      1cb11eaa7973052f97f53e33e65be14e9c17aaa95e8f43d20cc42f89db96f78b

    • SHA512

      46b0a53cacfd9204884f50221fe2dd7e5607cf2abc16cfa4bc6edb076dc55228a07885bb511f475668a459895fd89407b1fd2a963fdfd764bd50b4bb92c04306

    Score
    1/10
    • Target

      $_63_/dotNetFx40_Full_setup.exe

    • Size

      868KB

    • MD5

      53406e9988306cbd4537677c5336aba4

    • SHA1

      06becadb92a5fcca2529c0b93687c2a0c6d0d610

    • SHA256

      fa1afff978325f8818ce3a559d67a58297d9154674de7fd8eb03656d93104425

    • SHA512

      4f89da81b5a3800aa16ff33cc4a42dbb17d4c698a5e2983b88c32738decb57e3088a1da444ad0ec0d745c3c6b6b8b9b86d3f19909142f9e51f513748c0274a99

    • SSDEEP

      24576:+tW4x8xAxCdUcyezFSjaBHFaNlsqK5/oh6iZf1LUXw/vxNI:d4x8xqCGexm8FCspg0iZf1LUXD

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $_63_/dotNetFx45_Full_setup.exe

    • Size

      982KB

    • MD5

      9e8253f0a993e53b4809dbd74b335227

    • SHA1

      f6ba6f03c65c3996a258f58324a917463b2d6ff4

    • SHA256

      e434828818f81e6e1f5955e84caec08662bd154a80b24a71a2eda530d8b2f66a

    • SHA512

      404d67d59fcd767e65d86395b38d1a531465cee5bb3c5cf3d1205975ff76d27d477fe8cc3842b8134f17b61292d8e2ffba71134fe50a36afd60b189b027f5af0

    • SSDEEP

      24576:3idS2cRQNb9dUcyezFSja7zEwA2BH6SEUVGDKX68zuQm6wwr5mAPepC:SQ2cRQh9GexmCxBxVV56CmWQax

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $_63_/win_version_csharp.exe

    • Size

      6KB

    • MD5

      7cb364701028767f8942cc3f8439f8f2

    • SHA1

      d6bede2206b7042b4cae32f416e1b43ffac94238

    • SHA256

      a2716605f8dd1930808e6918db670a3fe32287791862883dbabd26849b87b09e

    • SHA512

      3011b3d64f79280ab05de9658c4f5a13f637ad2e79d5770cfaeb3af6cb8c7a56b610dad69fdf295112be64cfb80e18f30bb1829eb3c0e549105f63d0e770dc13

    • SSDEEP

      96:/uidPNKO2mkcQ7DBOrkB0kPkKXwF4dkd8Nue3qYMns1BjgtRQWWzNt:FIOu7DBOrkB0kPkKXwF4dkd8Nn34nUBR

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

defense_evasiondiscoveryevasionexecutionpersistenceprivilege_escalationtrojanupx
Score
10/10

behavioral2

defense_evasiondiscoveryevasionexecutionpersistenceprivilege_escalationtrojanupx
Score
10/10

behavioral3

discoveryupx
Score
7/10

behavioral4

discoveryupx
Score
7/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

Score
4/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

defense_evasionevasionexecutiontrojan
Score
10/10

behavioral16

defense_evasionevasionexecutiontrojan
Score
10/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

evasiontrojan
Score
10/10

behavioral20

evasiontrojan
Score
10/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

discovery
Score
7/10

behavioral24

discovery
Score
7/10

behavioral25

discovery
Score
7/10

behavioral26

discovery
Score
7/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10