Overview

overview

8

Static

static

3

b30ab1b380...81.exe

windows7-x64

8

b30ab1b380...81.exe

windows10-2004-x64

8

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$TEMP/Micr...up.exe

windows7-x64

6

$TEMP/Micr...up.exe

windows10-2004-x64

6

readest.exe

windows7-x64

1

readest.exe

windows10-2004-x64

1

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b30ab1b380ee546899be96f381029842cc148bca2242a85da5f03a10dd978e81

  • Size

    9.4MB

  • Sample

    250109-ncsraszrcl

  • MD5

    8c4671102dac817379b37a28d21cbae0

  • SHA1

    f2334d39f782a508dcc10586b531de0da8cda6bc

  • SHA256

    b30ab1b380ee546899be96f381029842cc148bca2242a85da5f03a10dd978e81

  • SHA512

    bb813baa9bd8886b2feeb4f481022993efce9e7dc4ae200b5af4e33e1378fd508e91923a03e38b9ff579d574083f55ae567e69d8807b5b3fef014ef4f58667c2

  • SSDEEP

    196608:nEjnlKcUXpRbNi20qVFLhR+oeFO3Lv4/H8jPHNjKwh0zXXJ/J:nEHkpvi2PV5h0I3jc8jPtehXr

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      b30ab1b380ee546899be96f381029842cc148bca2242a85da5f03a10dd978e81

    • Size

      9.4MB

    • MD5

      8c4671102dac817379b37a28d21cbae0

    • SHA1

      f2334d39f782a508dcc10586b531de0da8cda6bc

    • SHA256

      b30ab1b380ee546899be96f381029842cc148bca2242a85da5f03a10dd978e81

    • SHA512

      bb813baa9bd8886b2feeb4f481022993efce9e7dc4ae200b5af4e33e1378fd508e91923a03e38b9ff579d574083f55ae567e69d8807b5b3fef014ef4f58667c2

    • SSDEEP

      196608:nEjnlKcUXpRbNi20qVFLhR+oeFO3Lv4/H8jPHNjKwh0zXXJ/J:nEHkpvi2PV5h0I3jc8jPtehXr

    Score
    8/10
    discoverypersistenceprivilege_escalation

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      d070f3275df715bf3708beff2c6c307d

    • SHA1

      93d3725801e07303e9727c4369e19fd139e69023

    • SHA256

      42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7

    • SHA512

      fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d

    • SSDEEP

      96:h8dPIKJhMuhik+CfoEwknt6io8zv+qy5/utta/H3lkCTcaqHCI:yZIKXgk+cx6QYFkAXlncviI

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      6c3f8c94d0727894d706940a8a980543

    • SHA1

      0d1bcad901be377f38d579aafc0c41c0ef8dcefd

    • SHA256

      56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

    • SHA512

      2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

    • SSDEEP

      96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/nsis_tauri_utils.dll

    • Size

      29KB

    • MD5

      c5bd51b72a0de24a183585da36a160c7

    • SHA1

      f99a50209a345185a84d34d0e5f66d04c75ff52f

    • SHA256

      5ef1f010f9a8be4ffe0913616f6c54acf403ee0b83d994821ae4b6716ec1d266

    • SHA512

      1349027b08c7f82e17f572e035f224a46f33f0a410526cf471b22a74b7904b54d1befb5ea7f23c90079605d4663f1207b8c81a45e218801533d48b6602a93dbc

    • SSDEEP

      768:jnvg/4R1C7063G5I1CabuqcFKpnq0jdhK7W+q:jvu4RM2WCqYMX/

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      $TEMP/MicrosoftEdgeWebview2Setup.exe

    • Size

      1.6MB

    • MD5

      b49d269a231bcf719d6de10f6dcf0692

    • SHA1

      5de6eb9c7091df08529692650224d89cae8695c3

    • SHA256

      bde514014b95c447301d9060a221efb439c3c1f5db53415f080d4419db75b27e

    • SHA512

      8f7c76f9c8f422e80ade13ed60f9d1fabd66fef447018a19f0398f4501c0ecc9cc2c9af3cc4f55d56df8c460a755d70699634c96093885780fc2114449784b5f

    • SSDEEP

      49152:2iEx3ZsKgbBPetIhztPqpP0NxVjRLhlcoRZ:2issKgbBOIhzV3RhlcoRZ

    Score
    6/10
    discoverypersistenceprivilege_escalation

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral11behavioral12

    • Target

      readest.exe

    • Size

      23.8MB

    • MD5

      c4799bdb31afc888ed22ba2a3c23ccfb

    • SHA1

      67719fa2ad7cbd27f29de1d8cb15257c6341206b

    • SHA256

      7c8e83b043104b853448f7690bf71423bb6c44453712fdadd8ebe68d62f208e3

    • SHA512

      d0c0b81c743fee4130e8ed40fb6fffa6d52159c4e1c0a6a732a5a7d85de74a4745929e36796ee56851ce5f168cb41483ba92adec519fe9cc375d7a963655e284

    • SSDEEP

      196608:GxR5QMFpJZsBa2ADsB7Y42zztvrfR+RljdVRQuDKR+KIbeSkIi/nnnnnnnBUn6C:GxR6MLmMsBMvLAnjdVRSQKoeSki

    Score
    1/10
    behavioral13behavioral14

    • Target

      uninstall.exe

    • Size

      75KB

    • MD5

      d9c44dd090c291b8909a70ae9093d797

    • SHA1

      f6689a06a1803baaba6f7e354bb7d61c150b428c

    • SHA256

      d51a23d86690df562b13aa24a78c469a61fdb60936f069638856e52fbbf9ef58

    • SHA512

      80613d4811ce1781e0f9c0f29d8a179cb714469f31b37d3a309c3b9cd0c0a429392cf2be88a4736f79289d58ee6d4ae5402d696292f5e6143fd4b0d3a5bc278e

    • SSDEEP

      1536:tmsAYBdTU9fEAIS2PEtuOgdLeAyNxW+ZBb6kZANHzxFobK0qE6qwbb:sfY/TU9fE9PEtuOceA38rUzxFobK016f

    Score
    7/10
    discovery

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral15behavioral16

    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      68b287f4067ba013e34a1339afdb1ea8

    • SHA1

      45ad585b3cc8e5a6af7b68f5d8269c97992130b3

    • SHA256

      18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026

    • SHA512

      06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb

    • SSDEEP

      48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      $PLUGINSDIR/nsis_tauri_utils.dll

    • Size

      29KB

    • MD5

      c5bd51b72a0de24a183585da36a160c7

    • SHA1

      f99a50209a345185a84d34d0e5f66d04c75ff52f

    • SHA256

      5ef1f010f9a8be4ffe0913616f6c54acf403ee0b83d994821ae4b6716ec1d266

    • SHA512

      1349027b08c7f82e17f572e035f224a46f33f0a410526cf471b22a74b7904b54d1befb5ea7f23c90079605d4663f1207b8c81a45e218801533d48b6602a93dbc

    • SSDEEP

      768:jnvg/4R1C7063G5I1CabuqcFKpnq0jdhK7W+q:jvu4RM2WCqYMX/

    Score
    3/10
    discovery
    behavioral21behavioral22

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discoverypersistenceprivilege_escalation
Score
8/10

behavioral2

discoverypersistenceprivilege_escalation
Score
8/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discoverypersistenceprivilege_escalation
Score
6/10

behavioral12

discoverypersistenceprivilege_escalation
Score
6/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

discovery
Score
7/10

behavioral16

discovery
Score
7/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10