Overview
overview
10Static
static
71310121612...52.exe
windows7-x64
101310121612...52.exe
windows10-2004-x64
10$PLUGINSDI...el.dll
windows7-x64
7$PLUGINSDI...el.dll
windows10-2004-x64
7$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$_63_/PowerRun64.exe
windows7-x64
4$_63_/PowerRun64.exe
windows10-2004-x64
3$_63_/SetACL64.exe
windows7-x64
1$_63_/SetACL64.exe
windows10-2004-x64
1$_63_/acxx...gr.exe
windows7-x64
3$_63_/acxx...gr.exe
windows10-2004-x64
3$_63_/bn.bat
windows7-x64
1$_63_/bn.bat
windows10-2004-x64
1$_63_/bn1.bat
windows7-x64
10$_63_/bn1.bat
windows10-2004-x64
10$_63_/bnn.bat
windows7-x64
1$_63_/bnn.bat
windows10-2004-x64
1$_63_/bnoo1.bat
windows7-x64
10$_63_/bnoo1.bat
windows10-2004-x64
10$_63_/bnz.bat
windows7-x64
1$_63_/bnz.bat
windows10-2004-x64
1$_63_/dotN...up.exe
windows7-x64
7$_63_/dotN...up.exe
windows10-2004-x64
7$_63_/dotN...up.exe
windows7-x64
7$_63_/dotN...up.exe
windows10-2004-x64
7$_63_/win_...rp.exe
windows7-x64
3$_63_/win_...rp.exe
windows10-2004-x64
3General
-
Target
13101216127da473cec5dda480c23c4db57e1f1a9d25f46c7595818c30cf1f52.exe
-
Size
2.5MB
-
Sample
241204-ra6rxsxmgv
-
MD5
4fb8a3b07100f5fec8a75931cae24c05
-
SHA1
3ac325d26f6bd89f5bf77acd082cbca4f9296c68
-
SHA256
13101216127da473cec5dda480c23c4db57e1f1a9d25f46c7595818c30cf1f52
-
SHA512
68b2b45e32bc2a65f02b076addf50aca27b6742c0dfcc96ee06f463f344f2b43641ab08b5396cdddeac677ba85607f184e293d8b63b739e904273367b4ae3fd0
-
SSDEEP
49152:RNg6ex2uF+sfC0sJfPT2Xs2WyexyCfXHHVz6UWimMVUiPCqsnaVnHB4lmtpQ3l5w:RVo2wfqNSoyc0G7r6XnaVn/tW5w
Behavioral task
behavioral1
Sample
13101216127da473cec5dda480c23c4db57e1f1a9d25f46c7595818c30cf1f52.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
13101216127da473cec5dda480c23c4db57e1f1a9d25f46c7595818c30cf1f52.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/SelfDel.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/SelfDel.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$_63_/PowerRun64.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$_63_/PowerRun64.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$_63_/SetACL64.exe
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
$_63_/SetACL64.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$_63_/acxxtzcogvgr.exe
Resource
win7-20241023-en
Behavioral task
behavioral12
Sample
$_63_/acxxtzcogvgr.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$_63_/bn.bat
Resource
win7-20240729-en
Behavioral task
behavioral14
Sample
$_63_/bn.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$_63_/bn1.bat
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
$_63_/bn1.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$_63_/bnn.bat
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
$_63_/bnn.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$_63_/bnoo1.bat
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
$_63_/bnoo1.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$_63_/bnz.bat
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
$_63_/bnz.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
$_63_/dotNetFx40_Full_setup.exe
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
$_63_/dotNetFx40_Full_setup.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
$_63_/dotNetFx45_Full_setup.exe
Resource
win7-20241023-en
Behavioral task
behavioral26
Sample
$_63_/dotNetFx45_Full_setup.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
$_63_/win_version_csharp.exe
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
$_63_/win_version_csharp.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
13101216127da473cec5dda480c23c4db57e1f1a9d25f46c7595818c30cf1f52.exe
-
Size
2.5MB
-
MD5
4fb8a3b07100f5fec8a75931cae24c05
-
SHA1
3ac325d26f6bd89f5bf77acd082cbca4f9296c68
-
SHA256
13101216127da473cec5dda480c23c4db57e1f1a9d25f46c7595818c30cf1f52
-
SHA512
68b2b45e32bc2a65f02b076addf50aca27b6742c0dfcc96ee06f463f344f2b43641ab08b5396cdddeac677ba85607f184e293d8b63b739e904273367b4ae3fd0
-
SSDEEP
49152:RNg6ex2uF+sfC0sJfPT2Xs2WyexyCfXHHVz6UWimMVUiPCqsnaVnHB4lmtpQ3l5w:RVo2wfqNSoyc0G7r6XnaVn/tW5w
-
Modifies security service
-
Modifies Windows Firewall
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/SelfDel.dll
-
Size
5KB
-
MD5
e5786e8703d651bc8bd4bfecf46d3844
-
SHA1
fee5aa4b325deecbf69ccb6eadd89bd5ae59723f
-
SHA256
d115bce0a787b4f895e700efe943695c8f1087782807d91d831f6015b0f98774
-
SHA512
d14ad43a01db19428cd8ccd2fe101750860933409b5be2eb85a3e400efcd37b1b6425ce84e87a7fe46ecabc7b91c4b450259e624c178b86e194ba7da97957ba3
-
SSDEEP
96:NdekHUj5z13cPopei+Ml9PNDFbS7xg+TScrQ5:NdeuU9xcPopr+M9FbSS+TSE
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
7KB
-
MD5
11092c1d3fbb449a60695c44f9f3d183
-
SHA1
b89d614755f2e943df4d510d87a7fc1a3bcf5a33
-
SHA256
2cd3a2d4053954db1196e2526545c36dfc138c6de9b81f6264632f3132843c77
-
SHA512
c182e0a1f0044b67b4b9fb66cef9c4955629f6811d98bbffa99225b03c43c33b1e85cacabb39f2c45ead81cd85e98b201d5f9da4ee0038423b1ad947270c134a
-
SSDEEP
96:JgzdzBzMDhOZZDbXf5GsWvSv1ckne94SDbYkvML1HT1fUNQaSGYuHIDQ:JDQHDb2vSuOc41ZfUNQZGdHA
Score3/10 -
-
-
Target
$_63_/PowerRun64.exe
-
Size
923KB
-
MD5
efe5769e37ba37cf4607cb9918639932
-
SHA1
f24ca204af2237a714e8b41d54043da7bbe5393b
-
SHA256
5f9dfd9557cf3ca96a4c7f190fc598c10f8871b1313112c9aea45dc8443017a2
-
SHA512
33794a567c3e16582da3c2ac8253b3e61df19c255985277c5a63a84a673ac64899e34e3b1ebb79e027f13d66a0b8800884cdd4d646c7a0abe7967b6316639cf1
-
SSDEEP
24576:X2DW/xbMX2YIbxQsu3/PNLoQ+HyS2I4jRk:X2EgXoQsW/PNUQWnX4jRk
Score4/10 -
-
-
Target
$_63_/SetACL64.exe
-
Size
601KB
-
MD5
1fb64ff73938f4a04e97e5e7bf3d618c
-
SHA1
aa0f7db484d0c580533dec0e9964a59588c3632b
-
SHA256
4efc87b7e585fcbe4eaed656d3dbadaec88beca7f92ca7f0089583b428a6b221
-
SHA512
da6007847ffe724bd0b0abe000b0dd5596e2146f4c52c8fe541a2bf5f5f2f5893dccd53ef315206f46a9285ddbd766010b226873038ccac7981192d8c9937ece
-
SSDEEP
12288:3G2NBTh+l8gAqAbdsuEa3nZGSebY7o937bfJ9Ud:3xNBTYlaLdaynZGBc7orbJ9Ud
Score1/10 -
-
-
Target
$_63_/acxxtzcogvgr.exe
-
Size
6KB
-
MD5
54ccc3f74e50cf98876b489d534b202c
-
SHA1
29115091237319b0df4696f2783d0ccce37ebef6
-
SHA256
694d55981fcb0e07f5e6cfe3229b3fa565a7fcb80e2da77ef987af2f580d6e37
-
SHA512
935e441c5d558c8825cc386ccfde6c1bd6cb0cf77892bbf1753190717004537756085147fd30ceb077ba403beda1e071c6a94ef91ff37e3dc5faa00935035d10
-
SSDEEP
48:6T/mwndFYK26NCO6moJkQgmq/aNMfCIpKkQISeGqeYlK/B4tPpR54tagjlm6ouqB:0HYz6E0oJeXKBeKB4thajI6o2zNt
Score3/10 -
-
-
Target
$_63_/bn.bat
-
Size
147B
-
MD5
88416e9f6b3759064df76476c57b31fc
-
SHA1
ffc41b3c48cd5f5461807ac87968a78b060b78d5
-
SHA256
08c1f095933e606688e2166656e1d726eca5b7ae8240aacfa184ce8535e1baee
-
SHA512
602d1d262c0954e2dfff2e5616ebfb9d5baebb96300136fc665dc1e6bd969e0876525954de0a3b83df69ac04fcf64447af8a28ea31dba6c527e8197033197480
Score1/10 -
-
-
Target
$_63_/bn1.bat
-
Size
6KB
-
MD5
18ed180c0b36d0e5bfee84806a19537c
-
SHA1
e7c9b67bdd5ae63666960db92bb98fdf43e7b875
-
SHA256
d388317f65ec52d46fc68548e60320758a6b512966c1d72314875dc29e459528
-
SHA512
cf6e82e48f9e7b11a4be4ebd606af59909d0a372fd694435e747279771c9d9fac8bfeaf9fedbc4c37dd0fc8e23e77c6b619ac084f230a207f9f96d0dc17b5f1b
-
SSDEEP
192:5qUEGA6oh/HbzBBzKF6gF8XM9LjZApFpQjTtf:AK
Score10/10-
Modifies security service
-
-
-
Target
$_63_/bnn.bat
-
Size
599B
-
MD5
a77f19fdf07ee0bdcec8889e50953c81
-
SHA1
3bf08f4e5f0bc98cd9e370a2adc0111a37eb7c7f
-
SHA256
65a32afecedfad8e6979735e65db8ac64dc17048d930c5bc6036c62764e6a9a2
-
SHA512
ece9f684b8e081caf4aec6f1d1373a0931e27694beefa316f94771433d20418cd510443495b7a951f1ea14a8e585f442a5092bcb9dce6c73a73043c319149ff8
Score1/10 -
-
-
Target
$_63_/bnoo1.bat
-
Size
2KB
-
MD5
1f89930c9e4fd56765ca2ac17e06817d
-
SHA1
cecb1c4a81dc27a6f4379ead464f418a1bf10ce9
-
SHA256
2de693852c2127d52fe758bde2fa606d3adf5f4eb790f186797abc48e3e892e7
-
SHA512
488f77ba07c40a27c3f76636fba2479146ce6aa0b6a4948677e4cc5a2937eae42f2b15c2bbf13ebb95cf3e2bd0ace5fa525072cb2bcd368571f8fe79eb6fcd1c
-
-
-
Target
$_63_/bnz.bat
-
Size
2KB
-
MD5
a639b0bfefec4e4032cffe1a11e7c28a
-
SHA1
0247f009b3310e486a04ddc68c9123e184285407
-
SHA256
1cb11eaa7973052f97f53e33e65be14e9c17aaa95e8f43d20cc42f89db96f78b
-
SHA512
46b0a53cacfd9204884f50221fe2dd7e5607cf2abc16cfa4bc6edb076dc55228a07885bb511f475668a459895fd89407b1fd2a963fdfd764bd50b4bb92c04306
Score1/10 -
-
-
Target
$_63_/dotNetFx40_Full_setup.exe
-
Size
868KB
-
MD5
53406e9988306cbd4537677c5336aba4
-
SHA1
06becadb92a5fcca2529c0b93687c2a0c6d0d610
-
SHA256
fa1afff978325f8818ce3a559d67a58297d9154674de7fd8eb03656d93104425
-
SHA512
4f89da81b5a3800aa16ff33cc4a42dbb17d4c698a5e2983b88c32738decb57e3088a1da444ad0ec0d745c3c6b6b8b9b86d3f19909142f9e51f513748c0274a99
-
SSDEEP
24576:+tW4x8xAxCdUcyezFSjaBHFaNlsqK5/oh6iZf1LUXw/vxNI:d4x8xqCGexm8FCspg0iZf1LUXD
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$_63_/dotNetFx45_Full_setup.exe
-
Size
982KB
-
MD5
9e8253f0a993e53b4809dbd74b335227
-
SHA1
f6ba6f03c65c3996a258f58324a917463b2d6ff4
-
SHA256
e434828818f81e6e1f5955e84caec08662bd154a80b24a71a2eda530d8b2f66a
-
SHA512
404d67d59fcd767e65d86395b38d1a531465cee5bb3c5cf3d1205975ff76d27d477fe8cc3842b8134f17b61292d8e2ffba71134fe50a36afd60b189b027f5af0
-
SSDEEP
24576:3idS2cRQNb9dUcyezFSja7zEwA2BH6SEUVGDKX68zuQm6wwr5mAPepC:SQ2cRQh9GexmCxBxVV56CmWQax
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$_63_/win_version_csharp.exe
-
Size
6KB
-
MD5
7cb364701028767f8942cc3f8439f8f2
-
SHA1
d6bede2206b7042b4cae32f416e1b43ffac94238
-
SHA256
a2716605f8dd1930808e6918db670a3fe32287791862883dbabd26849b87b09e
-
SHA512
3011b3d64f79280ab05de9658c4f5a13f637ad2e79d5770cfaeb3af6cb8c7a56b610dad69fdf295112be64cfb80e18f30bb1829eb3c0e549105f63d0e770dc13
-
SSDEEP
96:/uidPNKO2mkcQ7DBOrkB0kPkKXwF4dkd8Nue3qYMns1BjgtRQWWzNt:FIOu7DBOrkB0kPkKXwF4dkd8Nn34nUBR
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
4Windows Service
4Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
4Windows Service
4Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
5Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5