43d9426874eea0bb56c3feac25d20bc35fb3ddaa9447e1ca5f0ba3de1d194382

Sharing

Copy URL

Twitter E-mail

General

Target

USBHelperInstaller.exe
Size

282KB
Sample

241220-v6lnea1mhq
MD5

d387c6c808a9ab80f0d8e843500f903d
SHA1

b14fc2a27c1e215d74d8cb6f01729855c1dbd8f4
SHA256

43d9426874eea0bb56c3feac25d20bc35fb3ddaa9447e1ca5f0ba3de1d194382
SHA512

e60b8d2ffebb9bbb27c31b52b0d6c597e0a72486a7865ecee84b40a84f8e9e102353990314d28cf01227a30c5fc3c1f407f38c95c68ec69ca075549dc9ce2085
SSDEEP

6144:F5GZq/Z1IVfA1AbKowcNj/CGYSx3YT+tT8:iZGZ05fwcNj/CDYoCV8

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  USBHelperInstaller.exe
- Size
  
  282KB
- MD5
  
  d387c6c808a9ab80f0d8e843500f903d
- SHA1
  
  b14fc2a27c1e215d74d8cb6f01729855c1dbd8f4
- SHA256
  
  43d9426874eea0bb56c3feac25d20bc35fb3ddaa9447e1ca5f0ba3de1d194382
- SHA512
  
  e60b8d2ffebb9bbb27c31b52b0d6c597e0a72486a7865ecee84b40a84f8e9e102353990314d28cf01227a30c5fc3c1f407f38c95c68ec69ca075549dc9ce2085
- SSDEEP
  
  6144:F5GZq/Z1IVfA1AbKowcNj/CGYSx3YT+tT8:iZGZ05fwcNj/CDYoCV8
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1
- Target
  
  $PLUGINSDIR/INetC.dll
- Size
  
  21KB
- MD5
  
  2b342079303895c50af8040a91f30f71
- SHA1
  
  b11335e1cb8356d9c337cb89fe81d669a69de17e
- SHA256
  
  2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f
- SHA512
  
  550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47
- SSDEEP
  
  384:KOoVVefeWsI7rsIquPLNN546o0Ac9khYLMkIX0+Gzyekv:4VVaeE7wIqyJN5i
Score

3^/10

discovery
behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fbe295e5a1acfbd0a6271898f885fe6a
- SHA1
  
  d6d205922e61635472efb13c2bb92c9ac6cb96da
- SHA256
  
  a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1
- SHA512
  
  2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06
- SSDEEP
  
  192:yPtkiQJr7V9r3Ftr87NfwXQ6whlgi62V7i77blbTc4DI:N7Vxr8IgLgi3sVc4
Score

3^/10

discovery
behavioral3
- Target
  
  $PLUGINSDIR/nsArray.dll
- Size
  
  12KB
- MD5
  
  0917ee492308b691326e6581e8c793c9
- SHA1
  
  ff689c8051ffca7657461ac828bc46e303ab8e59
- SHA256
  
  81745087f193b6fa131189f4b3ee9caa93e9692e408d3955fbcb9a4ec8516e2f
- SHA512
  
  2a4ae4b93b0eac113a0e65f459798466120f1af4605a82a11f9022d790fe0b4f7d368b312f8a073b1dcfe8760e529ea56a5b5d4289321dc9f2fc8a22691b42b5
- SSDEEP
  
  192:L+QMtjhIz23Tv7QpAXXcxwtXexpnGOO81h2xXP:SQ6nDv70AXXcWtXexpnGIhW
Score

3^/10

discovery
behavioral4
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  ab101f38562c8545a641e95172c354b4
- SHA1
  
  ec47ac5449f6ee4b14f6dd7ddde841a3e723e567
- SHA256
  
  3cdf3e24c87666ed5c582b8b028c01ee6ac16d5a9b8d8d684ae67605376786ea
- SHA512
  
  72d4b6dc439f40b7d68b03353a748fc3ad7ed10b0401741c5030705d9b1adef856406075e9ce4f1a08e4345a16e1c759f636c38ad92a57ef369867a9533b7037
- SSDEEP
  
  96:o3W4JlD3c151V1gQoE8cxM2DjDf3GEst+Nt+jvcx4K8qndYv0PLE:o3p3ggQF8REskpxZdO0PLE
Score

3^/10

discovery
behavioral5
- Target
  
  $PLUGINSDIR/nsJSON.dll
- Size
  
  22KB
- MD5
  
  c8222584e91b74c47f5ce2a84d1cdc4f
- SHA1
  
  750359dd536c840b1d4016826af7f34a8562e242
- SHA256
  
  6785ab17a6c27be18072aa1c274078321b4ea27bfa752d3c882ec3093dc4637b
- SHA512
  
  a89f0083c791e7d4d54fd728e848e44bd44ef9e11c799a48ab95a48d3c4e02e68699e28818c1232b694120973ac0c3e418740759830ef70d328d7ef9e5789f51
- SSDEEP
  
  384:qdctoQMA9RtBHo45eqtTv/lddWUn89tNj5AYXqUYevrTZg9MyhTZrdSw:qFqRtBneqtTXldBn+tNDqqz1mMIrn
Score

3^/10

discovery
behavioral6
- Target
  
  $PLUGINSDIR/nsisunz.dll
- Size
  
  40KB
- MD5
  
  5f13dbc378792f23e598079fc1e4422b
- SHA1
  
  5813c05802f15930aa860b8363af2b58426c8adf
- SHA256
  
  6e87ecb7f62039fbb6e7676422d1a5e75a32b90dde6865dcb68ee658ba8df61d
- SHA512
  
  9270635a5294482f49e0292e26d45dd103b85fe27dc163d44531b095c5f9dbde6b904adaf1a888ba3c112a094380394713c796f5195b2566a20f00b42b6578e5
- SSDEEP
  
  384:KExN66Yf2xL5Q4IsjuUjUZfqRDpImexpf88FwHxXvjX3hwlHt6oIfESxSHoOO8n9:O2x64GcVpI3xC8ynToIf1SIOhW4
Score

3^/10

discovery
behavioral7
- Target
  
  $PLUGINSDIR/xml.dll
- Size
  
  118KB
- MD5
  
  42df1fbaa87567adf2b4050805a1a545
- SHA1
  
  b892a6efbb39b7144248e0c0d79e53da474a9373
- SHA256
  
  e900fcb9d598643eb0ee3e4005da925e73e70dbaa010edc4473e99ea0638b845
- SHA512
  
  4537d408e2f54d07b018907c787da6c7340f909a1789416de33d090055eda8918f338d8571bc3b438dd89e5e03e0ded70c86702666f12adb98523a91cbb1de1d
- SSDEEP
  
  1536:U2A8OSGjylgkara+70LICin9zgtg2LxowhtJu6MqSNicNEtIfF42q2KC:OzjLkarn7O+n9z2L6whFtGF42bK
Score

3^/10

discovery
behavioral8
- Target
  
  Icon.ico
- Size
  
  66KB
- MD5
  
  318c585802326f5c37b1beaabb15db7d
- SHA1
  
  154eede47097db58e249d4c4ee4ca57e8c5fa16b
- SHA256
  
  28dafdfbac21f59bf928622f769f4c1a756d845b63e9622aba898f39e8082d8c
- SHA512
  
  87408d4ca222051bbd95804fe47b7106ffd3fdc7bb9fcb69fa8800e7de3f828bc3804bd24260acf83f05aa38774bb6af44b27c22f1f2ceec162c92e948f75952
- SSDEEP
  
  192:knOQeTh8MLTofnTcuuuuuoOkuuuuuuuuuuuuuuuuuuuuunuuuuuuuzuuuuuSuuuJ:knkquttngt
Score

3^/10
behavioral9
- Target
  
  Uninstall.exe
- Size
  
  123KB
- MD5
  
  8e2dd1a931d8163a84602060751b0f1b
- SHA1
  
  3ed2fd7883ab106738f5dfd1c7b6664e114d090e
- SHA256
  
  32d4d11c64c7949555fd14afa7732964e145342110c30529211867c1f9c1f371
- SHA512
  
  30213c8147b320dd439cc66320a830d5ac963c760f0d80b1e87ba7fe0fff5460ad3c0e60cc026af5fcb1611f6654e484fa76f09d881a10f158cd860423694832
- SSDEEP
  
  1536:FdnREfs9ke7FggdycMgNULeAyN/ZNTNikT/3eCpZ:FdRGsvFggQcMiYeAqN57
Score

7^/10

discovery
- Executes dropped EXE
behavioral10
- Target
  
  $PLUGINSDIR/nsJSON.dll
- Size
  
  22KB
- MD5
  
  c8222584e91b74c47f5ce2a84d1cdc4f
- SHA1
  
  750359dd536c840b1d4016826af7f34a8562e242
- SHA256
  
  6785ab17a6c27be18072aa1c274078321b4ea27bfa752d3c882ec3093dc4637b
- SHA512
  
  a89f0083c791e7d4d54fd728e848e44bd44ef9e11c799a48ab95a48d3c4e02e68699e28818c1232b694120973ac0c3e418740759830ef70d328d7ef9e5789f51
- SSDEEP
  
  384:qdctoQMA9RtBHo45eqtTv/lddWUn89tNj5AYXqUYevrTZg9MyhTZrdSw:qFqRtBneqtTXldBn+tNDqqz1mMIrn
Score

3^/10

discovery
behavioral11

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11