07aab4b73e6ddfdc331481b36c9ec94b0da42cac81eb50f6c50aeb0fd211a435

Sharing

Copy URL

Twitter E-mail

General

Target

07aab4b73e6ddfdc331481b36c9ec94b0da42cac81eb50f6c50aeb0fd211a435
Size

1.9MB
Sample

241221-r2cm6a1pfr
MD5

e313218796f47af030d34e60590eb180
SHA1

2d22bec5d653d2dd4e2f6e6bd6c17da9892ff1b9
SHA256

07aab4b73e6ddfdc331481b36c9ec94b0da42cac81eb50f6c50aeb0fd211a435
SHA512

062dab0cbbe847a38349846e7f241f1c99f72cb317113509d6aa42f24ef07267138e91cf29876a9760cf28f7859915e8fa970d60fe0e2d9657cfdaa25538b34b
SSDEEP

49152:oTl+Ffl0KCV8rEKbhHJikCz/NqoNcugBhnem0Xy:oTl+xLRHAVLVNcpipi

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  07aab4b73e6ddfdc331481b36c9ec94b0da42cac81eb50f6c50aeb0fd211a435
- Size
  
  1.9MB
- MD5
  
  e313218796f47af030d34e60590eb180
- SHA1
  
  2d22bec5d653d2dd4e2f6e6bd6c17da9892ff1b9
- SHA256
  
  07aab4b73e6ddfdc331481b36c9ec94b0da42cac81eb50f6c50aeb0fd211a435
- SHA512
  
  062dab0cbbe847a38349846e7f241f1c99f72cb317113509d6aa42f24ef07267138e91cf29876a9760cf28f7859915e8fa970d60fe0e2d9657cfdaa25538b34b
- SSDEEP
  
  49152:oTl+Ffl0KCV8rEKbhHJikCz/NqoNcugBhnem0Xy:oTl+xLRHAVLVNcpipi
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $0/ArchiveUtilityx64.dll
- Size
  
  150KB
- MD5
  
  ec2d7737e78d7ed7099530f726ac86f9
- SHA1
  
  8f9230c9126de8f06d1cddaa2e73c4750f35b3d9
- SHA256
  
  dd034654cffd78aabc09822a9a858ecf93645dcc121a4143672226b9171c1394
- SHA512
  
  e209784fc2338d33834101ac78e89cba6c1da144e74330fd0ff2a2372e70316c46c2189b38b34b18b157c9221a44760d20bce8549573fbeda248d4ceb03e8365
- SSDEEP
  
  3072:RAZpz3eQkXBlJ6pM91zgrn4oul5ntwc0sOct7Bml+:RAvzD6l0+1grn4vtX
Score

1^/10
behavioral3 behavioral4
- Target
  
  $0/Microsoft.Win32.TaskScheduler.dll
- Size
  
  340KB
- MD5
  
  192d235d98d88bab41eed2a90a2e1942
- SHA1
  
  2c92c1c607ba0ca5ad4b2636ea0deb276dcc2266
- SHA256
  
  c9e3f36781204ed13c0adad839146878b190feb07df41f57693b99ca0a3924e3
- SHA512
  
  d469b0862af8c92f16e8e96c6454398800f22aac37951252f942f044e2efbfd799a375f13278167b48f6f792d6a3034afeace4a94e0b522f45ea5d6ff286a270
- SSDEEP
  
  3072:51sSJApTSnQU/x0ImhuDzHfs4zbYOjujDRfygDgKQINXLLHIaKlay8weCycJ5DfV:51sSmRIt/xhtsOju1DH5NXnIKAco
Score

1^/10
behavioral5 behavioral6
- Target
  
  $0/RAVEndPointProtection-installer.exe
- Size
  
  538KB
- MD5
  
  31cb221abd09084bf10c8d6acf976a21
- SHA1
  
  1214ac59242841b65eaa5fd78c6bed0c2a909a9b
- SHA256
  
  1bbba4dba3eb631909ba4b222d903293f70f7d6e1f2c9f52ae0cfca4e168bd0b
- SHA512
  
  502b3acf5306a83cb6c6a917e194ffdce8d3c8985c4488569e59bce02f9562b71e454da53fd4605946d35c344aa4e67667c500ebcd6d1a166f16edbc482ba671
- SSDEEP
  
  12288:nZLZVgIQtZM1A0+Nwhq3drt0ZAPKYZzrOZW4zlK:nZV661A0ue8lCZAPHZzrOZW4zl
Score

1^/10
behavioral7 behavioral8
- Target
  
  $0/System.Data.SQLite.dll
- Size
  
  362KB
- MD5
  
  110de32af906e9eed32332b785f90bd4
- SHA1
  
  37ca7af131a5db1e06cb36db2943c7a4e6f0d8e9
- SHA256
  
  598adb6f4a7362fedf047ce7282f39c0c7da264cea10c0c39870932ee1ceb647
- SHA512
  
  555a006b4b5236d6e6b76c6a8c79a8b0c3e350de42a0a38c792bfe65b3e7f99a232261a1bf8b357618168fde7e7c2e3281f38e05d20451fcbabca15fe35a02c5
- SSDEEP
  
  6144:eruNWxFaLx73+nRo2GGmZ2CRGpAM3JUGuT5up6zOPLyU0SJFNFaFeFOFwcGF6cm9:tNWx6xz+nRo2GGWHQZMaLyJSJFNFaFeE
Score

1^/10
behavioral10 behavioral9
- Target
  
  $0/System.ValueTuple.dll
- Size
  
  74KB
- MD5
  
  7af831f20c4a0c5a78a496afb62f28bb
- SHA1
  
  4380a7c2abe739b49f568af70d8dab8371b10687
- SHA256
  
  01dca2d3efedd9f4269427e949e8a3be64686d8ed84ea863389ef2449b6dc8e3
- SHA512
  
  11713885d4a11b49088ea220963ae6fe6519eb6b0499d3ce85aad1eb95acee4b5f357ad9ef07d8e20721596b510b8d43138be9aa6c4de24dd78d5fefb88d0cac
- SSDEEP
  
  1536:r784YWau8lqubx6WxXLA+o2SLFyEdux136ytgHo0AuresehSAA7yxpD:r7NV8v36tI0XCKAAQD
Score

1^/10
behavioral11 behavioral12
- Target
  
  $0/cs-CZ/RavStub.resources.dll
- Size
  
  12KB
- MD5
  
  3691cd9a157d027569a203dcddfb3336
- SHA1
  
  9d9d158b6683cd0cd570a235333303137c890a25
- SHA256
  
  917dd83d6cb87adf9ecc3f0f17e5266c6c1e435ce966b45760e7c0244a0fd4a0
- SHA512
  
  8f41c6c052c4440cdc6c45a21e42f102b7677462e2d78a2f78261dae80fa7dcfec8bcf14a5bb9bfd101477b983411435e56a92da304e7da47fff6a933fa3ca9b
- SSDEEP
  
  192:ZIY1pQ8vGO4xToxMi5eX2zUA8rYgLIgPrEyz23tMuuVWJkYUECd1Vl7Iru+M3YVe:Z3pQ8vQToxMi5emzUA8rYgLIOrnz8uuw
Score

1^/10
behavioral13 behavioral14
- Target
  
  $0/da-DK/RavStub.resources.dll
- Size
  
  12KB
- MD5
  
  98b6df5f4e0f1d34a0bd3dd49f92d82b
- SHA1
  
  b69000a0998055612ea5940d4b1d5f2ce07ae427
- SHA256
  
  3e7d3946c5efeb9f7a27ae43de75f1a1d0af34ccbb69f857217be97bd28c0761
- SHA512
  
  833b5e0fc14e247e788d59a7d21edc7f6db1ff0d9378a77fb13f25ccfbea820623b2b5f9823ae409d7eaa3b5526aa61bb367bf83bee2a33263457fd3049d3fb6
- SSDEEP
  
  192:FIYRN3EsGGj3fvKEx8rUrb+M0lIVixNPqDGomU3WUeQoXjAUwMXrAfeMA7AWmBHP:FXN3EsVfvVx8rUrb+M0lIVixNqiomyJD
Score

1^/10
behavioral15 behavioral16
- Target
  
  $0/de-DE/RavStub.resources.dll
- Size
  
  12KB
- MD5
  
  00b5369bcd510787679cfaafb478217f
- SHA1
  
  26a44a1b05fe4314d8cf1d810b759b6a5bc74385
- SHA256
  
  3b8b89c4241f5e8f0fd101ba84b13b37f40d37f3ff2739cb6c6332b56bef88ce
- SHA512
  
  2f6e14a3b06ecb053c261e62058ca99f2e365a88182c02db4f60231bea2525a31260a6980187798d8b1685f87e9a307eb928f279f67a6cb139ad6481d421ffd0
- SSDEEP
  
  384:45rayxOPAxMtzTxCmf6hC/s2TvOFk6AOPh3+yFdmyndw3s8i:NPAKtnHOdvPhO2dmyndw3s8i
Score

1^/10
behavioral17 behavioral18
- Target
  
  $0/de/Microsoft.Win32.TaskScheduler.resources.dll
- Size
  
  9KB
- MD5
  
  f83d720b236576c7d1f9f55d3bb988f9
- SHA1
  
  105a4993e92646b5dbb50518187abe07ca473276
- SHA256
  
  6909a1c134d0285fba2422a40ea0e65c1f0ca3c3ef2b94a1166015af2a87780f
- SHA512
  
  fd8a464f2bc9d5b6c2efa80348c3a9362f7473d4d632b2addad8c272e8874e7e67c15b99b67e6515906b86d01d57cd42f9f0f1e9251c0af93a9391ccc30e3202
- SSDEEP
  
  192:0MiWWNv/jzSENtqcadVl8PandjJUf7ZJSqSi/ufP/1S5rxg0XWr:0D1Nvb5adVl8P2djJMZJSGu3A5rxg0Xq
Score

1^/10
behavioral19 behavioral20
- Target
  
  $0/el-GR/RavStub.resources.dll
- Size
  
  15KB
- MD5
  
  9b86d1ed1d99ddb84b5fb7cf176b3f8f
- SHA1
  
  2e1c164816ee2de6ac4e3bc6a61214d72516632a
- SHA256
  
  71093535ec2e97398b13385a7ba9e7aac046f190fe06bd68e057c8ea0da1afdc
- SHA512
  
  134985a9a7ae78593a760d362c57f430aeb1920e6e7517684da78573702796e381d99a8df191a9dfa3bac9ad1eb6ccd71e7db40ed4dc9de76ecfebd075f98355
- SSDEEP
  
  384:inpUcW/WJsxvxwKW9iu6Wxtp701zA27r+PMvozTi3s8o:QJs5xEGzfOPMvM+3s8o
Score

1^/10
behavioral21 behavioral22
- Target
  
  $0/es-ES/RavStub.resources.dll
- Size
  
  12KB
- MD5
  
  86ff4304190b9acdcbc4034a8eb910f6
- SHA1
  
  b5d597f31963b35dde1b024523b5afdca9aa454b
- SHA256
  
  6f5f0ba42a1c4ef8a7cd4b504e959173fa3ac8782200e48548681f7209c1927f
- SHA512
  
  aee1a0f3a426a77ba0b9d4edf8e9eab2d1b6d9bc2b5379d716f9850021a1816b09f37debbeb5e3395b3214ae3f4cc93612ae289344548cea00f3c8eff6fe509b
- SSDEEP
  
  192:+IYVmGe/VGuDqni6wxCjfp3DocEs5dMvGPcDonP33TewxlhiYwEHU4dIyrokBD7r:+uGe/V0ni6wxCjfpzocEs5dMvkcDqPDR
Score

1^/10
behavioral23 behavioral24
- Target
  
  $0/es/Microsoft.Win32.TaskScheduler.resources.dll
- Size
  
  10KB
- MD5
  
  15db634b70d6d9d6cd41baae3f02eb14
- SHA1
  
  1456ffe09df896271a746f9cb40a230f188ad397
- SHA256
  
  e893c6907da8d68c03b1a10e68b554ad5a8c0533f15912106f32e925f2beabf0
- SHA512
  
  1230e5368d4dab9776d57056993669327e95fe72e262efa541ed5d43abc1bcd3618db13b6bd6b3a27da053c103e3fb647eae759ccaeb443f7d9ffd1ecaa1122b
- SSDEEP
  
  192:r0WWNv/jzSEStoC1vxx6hUltfxx+BE00cUnAP9115rxg0XWr:r01NvbGVxx6hUltfxgE00cLF5rxg0XWr
Score

1^/10
behavioral25 behavioral26
- Target
  
  $0/fi-FI/RavStub.resources.dll
- Size
  
  12KB
- MD5
  
  94bf9de34c0870791640ab7067f0d24a
- SHA1
  
  b21458166f08902ebfe2a4f68caf3945ed5364a8
- SHA256
  
  37cbec3559e5536da35d87d72ef8ea37d98d70265c921a0acadf75695a14331c
- SHA512
  
  a0e09d4e9f15589043ab2d071f5004ad00f8fe58e85491f32c0d76c8f5cb8eef95b069a2d532638cb812c05a15bf50a442d8649884e78abe826e32dcdbd27e7a
- SSDEEP
  
  192:kxIYXkNcDGwgTsxJoRxAM2+9Ul/laxRe+PE8v+GA3kr29zrJzfPWCiqxskBbHUiJ:kxRkNcDtxJMxAM2+9Ul/laxRe8ZGGWgI
Score

1^/10
behavioral27 behavioral28
- Target
  
  $0/fil-PH/RavStub.resources.dll
- Size
  
  10KB
- MD5
  
  da6b3fe38876d703f7d39b163ddd8bfc
- SHA1
  
  f60b54de800a5dbb535babd2667c9fbd9c37766e
- SHA256
  
  93d2a195e47c1c1e11a2b6960b47c7b4b043cd5ce6a0723af06cac91e292f50e
- SHA512
  
  8a261c61d441e6eba09bccdeb8e2c94cd540aa9f07631b477431c717f3f111e4b10819ec8524531584561a6c9fa3c785ed082429d6bb97587ebb074bf357515c
- SSDEEP
  
  192:60Zne9hwoGBjeCipxwU6LOl+DDUbqN4PPjjDr8d30LfmJyXOhZCa2m5sml+T9lmc:60Y9hwoEipxwU6LOl+DDUbqN4Xjz8V4F
Score

1^/10
behavioral29 behavioral30
- Target
  
  $0/fr-FR/RavStub.resources.dll
- Size
  
  12KB
- MD5
  
  9ea4bcd8d3c7599a5a8ba78ff9b11c3c
- SHA1
  
  2c859731430a4fa3d82c4cd5088167cf31536969
- SHA256
  
  c576ea42cefe28228c341488140c7fcf24dd063fab2b82d563794772f82b97ba
- SHA512
  
  61ad6b22dadfa30ba4fad527bc564414981ebb6f5eb0c7d224ecf1bba093d071dd3544e08acb90c4d95505887457c65b44447b6abb0e2f97e482477cc9e4dd51
- SSDEEP
  
  384:gY0al1sBIxgyFzjXZfu14MpXrOUDlK8yXahGY7uXn3s8D:eBImyDM5DtyXwGY7uXn3s8D
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32