8dd3f68af9ccbcf347e5b319909fd972e6c29d3c9859b2ba966159ba0ec51d87

Sharing

Copy URL

Twitter E-mail

General

Target

6GZ4B0XxJPfg.rar
Size

59.7MB
Sample

250220-rk8n9swncx
MD5

7d87d1c1a6e39633e55a0d83d40f382f
SHA1

bf425e0d7bf24dba8943db09643f5d3ae371fe8a
SHA256

8dd3f68af9ccbcf347e5b319909fd972e6c29d3c9859b2ba966159ba0ec51d87
SHA512

5d4bbde0684e4388820a75ce86b947bea696e8565cbd2c935de5aa2f7fcdf06c129fceaed9592f06ba9c58a9636fc5eec5945026d49a39261885707ad6ef7cb1
SSDEEP

1572864:/gl3lXu2ArW3EZJzwCQyojzAxKX2WDHeZwoO9Y:/gPXulC3QhzHoqKXz7eW/Y

Score

10^/10

Malware Config

Targets

- Target
  
  6GZ4B0XxJPfg/6GZ4B0XxJPfg.exe
- Size
  
  31.8MB
- MD5
  
  3942c35ddcbd712138286422c13a89cf
- SHA1
  
  4d5c25447252e4ac03a0c0c414dd154b8e19fc86
- SHA256
  
  4b296d3eaa1e73ae9101209bbc5de413bc33e697fbe90a5c5d3f42f7e5a82621
- SHA512
  
  b0ccd973f4b0c53639988e8a4406ead6a95687ca37453721ab87e8d2420ac951b5541b9f60f966e1a5d395e5553a64952299b60f98928feb17cd00ed222e2602
- SSDEEP
  
  786432:4Y3qYvw3l4K8oC/4Bfxv/vmIXmLQFzI9MWCj:WY+4GrxXL7zcMLj
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  6GZ4B0XxJPfg/Requirement/Defender Control/Defender Control.exe
- Size
  
  447KB
- MD5
  
  58008524a6473bdf86c1040a9a9e39c3
- SHA1
  
  cb704d2e8df80fd3500a5b817966dc262d80ddb8
- SHA256
  
  1ef6c1a4dfdc39b63bfe650ca81ab89510de6c0d3d7c608ac5be80033e559326
- SHA512
  
  8cf492584303523bf6cdfeb6b1b779ee44471c91e759ce32fd4849547b6245d4ed86af5b38d1c6979729a77f312ba91c48207a332ae1589a6e25de67ffb96c31
- SSDEEP
  
  6144:Vzv+kSn74iCmfianQGDM3OXTWRDy9GYQDUmJFXIXHrsUBnBTF8JJCYrYNsQJzfgu:Vzcn7EanlQiWtYhmJFSwUBLcQZfgiD
Score

10^/10

defense_evasion discovery evasion trojan upx
- Modifies Windows Defender DisableAntiSpyware settings
  evasion trojan
- Modifies security service
  defense_evasion
- Windows security modification
  defense_evasion trojan
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  6GZ4B0XxJPfg/Requirement/Defender Control/Defender_Settings.vbs
- Size
  
  313B
- MD5
  
  b0bf0a477bcca312021177572311e666
- SHA1
  
  ea77332d7779938ae8e92ad35d6dea4f4be37a92
- SHA256
  
  af42a17d428c8e9d6f4a6d3393ec268f4d12bbfd01a897d87275482a45c847e9
- SHA512
  
  09366608f2670d2eb0e8ddcacd081a7b2d7b680c4cdd02494d08821dbdf17595b30e88f6ce0888591592e7caa422414a895846a268fd63e8243074972c9f52d8
Score

3^/10
behavioral5 behavioral6
- Target
  
  6GZ4B0XxJPfg/Requirement/MAC CHANGER.bat
- Size
  
  2KB
- MD5
  
  86630f471a1c7f40e8494347f9ab8249
- SHA1
  
  10a2139adfb884f01799de89bf9b9ccb2a8bb460
- SHA256
  
  c15faade0e71acd4abcb60a7e9f3f002a46d3d47bd294f7b12d811c871d1292c
- SHA512
  
  666fe7866c2bedc78aad081bddf7e4dc8a9038b173527dc9464dd9c0776314a8c3e1ec7f4d0f34aff0d946b94ed1178a5c665d79173d1bfe0a0a611f6af65369
Score

3^/10

persistence privilege_escalation
behavioral7 behavioral8
- Target
  
  6GZ4B0XxJPfg/Requirement/Visual C++ AIO.exe
- Size
  
  27.7MB
- MD5
  
  91e79e0543a28b0003ba1801a5132830
- SHA1
  
  00caec42c200e33c87a15b9ae105a977b3a1edde
- SHA256
  
  de0f71175828f9214494a6f6612bb653d0c023875b8b544556bff84ee4953d96
- SHA512
  
  786775f33a1b2efc06604248261503012ae457a8805f2c1d6fdfc3f189257db116acf13b2420963c68951718af1b957cd8a1a612ba5fc7ac9bb6ddafb1831c4f
- SSDEEP
  
  393216:rV8PuFzZgmwO6R2AIEd3A3Pr9J6SrAYVLMnbu7vB5uBlwBR3i4VZssb3piHVm7/N:x6u6IA/dwjqYVLvuBmBRS7e3MgTN
Score

7^/10

discovery persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral10 behavioral9
- Target
  
  6GZ4B0XxJPfg/Requirement/dxwebsetup.exe
- Size
  
  288KB
- MD5
  
  2cbd6ad183914a0c554f0739069e77d7
- SHA1
  
  7bf35f2afca666078db35ca95130beb2e3782212
- SHA256
  
  2cf71d098c608c56e07f4655855a886c3102553f648df88458df616b26fd612f
- SHA512
  
  ff1af2d2a883865f2412dddcd68006d1907a719fe833319c833f897c93ee750bac494c0991170dc1cf726b3f0406707daa361d06568cd610eeb4ed1d9c0fbb10
- SSDEEP
  
  6144:kWK8fc2liXmrLxcdRDLiH1vVRGVOhMp421/7YQV:VcvgLARDI1KIOzO0
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral11 behavioral12