b10b48cf55b004e377f60df81fddb75bfeea712062f6a30da39713038f52045b

Sharing

Copy URL

Twitter E-mail

General

Target

commissioning.zip
Size

19.4MB
Sample

250328-mw2ymswry9
MD5

200121af6b79ce32b43404239c8f63db
SHA1

84815942f888421c8377138ecc2dccdf7f49b5cd
SHA256

b10b48cf55b004e377f60df81fddb75bfeea712062f6a30da39713038f52045b
SHA512

020ee9920834ebef976c4132eb32da1a4aff8f70eacc8da5b7fed620f686f486a283657ef343385f25e5ac8a11791015c3733aa2edb0b4f7a9fc29e8515b820d
SSDEEP

393216:/GhMGWRllAtMnhqWL3psvNAkAGnRv5mhG69fykMv/zOBmPcn1JUV:kWHhnDL5OAPGnRv5X696djOmknHE

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  CommissioningTool64_1.6.11_Setup[1].exe
- Size
  
  19.4MB
- MD5
  
  66ce370d01d3e99e128bb02dc51c39ab
- SHA1
  
  2abce930f957a2c5ea31f52722bfa0cde46cd1ab
- SHA256
  
  c7aef3a2baffe891e6e72cb30365a474122f7659e3ca6e5adda089025e3e5579
- SHA512
  
  cd57f5ffe503baef80788715d1dcfd7f92a583fe5eb8a2d277f36ccc050583bdfaf46227c8e12fd44138337ec2a4729143bcdd058571331a8d9f032f04ab9714
- SSDEEP
  
  393216:h+Jn+OLO2dHo7gMxt8QHpMd5He3D5MBwZMd0b4oSQ7VSrAs1gEdUJ:hSLdI7RydM5MO+8dVWA8gEdUJ
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  8fb72af40578e779e69049cccbfb473d
- SHA1
  
  3cd042d8ec9e2216558e96a2663b6e42d33aab56
- SHA256
  
  70a91d4b67b0017beb83e93724e799e2cde82cb2500d872266bf478878840d0c
- SHA512
  
  15453d4e7f894084a3dc385f9d17299920d09903d38b68af69da25a93028432a02c900372aabafd1998fe016e53572a81a55c04791aea5cd5291804002d9398e
- SSDEEP
  
  96:iXEsZNrFTm1YLvt8RxvjLM2Orp2YbDBKIakCT9KCw8hwlDw55k4icYOO:iXEsIYLvtuqDBxan9fKwzu
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  bf712f32249029466fa86756f5546950
- SHA1
  
  75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
- SHA256
  
  7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
- SHA512
  
  13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
- SSDEEP
  
  192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  4ccc4a742d4423f2f0ed744fd9c81f63
- SHA1
  
  704f00a1acc327fd879cf75fc90d0b8f927c36bc
- SHA256
  
  416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6
- SHA512
  
  790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb
- SSDEEP
  
  192:SbEunjqjIcESwFlioU3M0LLF/t8t9pKSfOi:SbESjFCw6oWPFl8jfOi
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $TEMP/vcredist_x64.exe
- Size
  
  9.8MB
- MD5
  
  c9d9eebccef20d637f193490cec05e79
- SHA1
  
  15d032d669078aa6f0f7fd1cbf4115a070bd034d
- SHA256
  
  cc7ec044218c72a9a15fca2363baed8fc51095ee3b2a7593476771f9eba3d223
- SHA512
  
  24b56b5d9b48d75baf53a98e007ace3e7d68fbd5fa55b75ae1a2c08dd466d20b13041f80e84fdb64b825f070843f9247daba681eff16baf99a4b14ea99f5cfd6
- SSDEEP
  
  196608:n9A3D5MBD0vwqMKgL29M2JWMWiKV/nPlnqIaAAVINqsAsbPnpCxmz7dU8:23D5MBwZMd0b4oSQ7VSrAs1gEdU8
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral10 behavioral9
- Target
  
  CommissioningTool.exe
- Size
  
  8.8MB
- MD5
  
  4cad9598711a1fb6c560e821ce06144c
- SHA1
  
  ac80dbbe386722cbf72a6f1d24d8ce3b0a01ed9a
- SHA256
  
  b50145dcd1e21638da6ddb841b720cea3cecf278f5117cc06c71acb1954b9f56
- SHA512
  
  1f7dd029c09fa91404cf46439f5591f526691b844f39b8c0abc8644b200d7bd718fd4aaa153be843ef1e479d432af18f577d3f44862a60d0734d6d9ed31af94a
- SSDEEP
  
  98304:0z70ovHcqagAyvdIxbg2VnaH4Y25Tubt+JxpbV82:0z70oogTdIxbgauCVZ
Score

3^/10
behavioral11 behavioral12
- Target
  
  CrashRpt1401.dll
- Size
  
  182KB
- MD5
  
  a29d5aa2977abfa37af43bb45fadcec8
- SHA1
  
  d1c9fb5e0b0185a996ffec53de28ccdfb5f19424
- SHA256
  
  a6853bfd4e23e6b6e51eead14d6f3c54f0ec99176029c18219522ffc9f9fd23f
- SHA512
  
  14d8742e1e9c2ebba204bdd2626813795346c304c65597629e159a3afffc1d582780f521fec85b2ac36e0710e926b7c01d1fdf958206d307d8bbc9afab687f1e
- SSDEEP
  
  3072:BxgICHlpFie7nXiQpw4uKnXoY7iOv4kSnlO/Rdz6:BxgICHZfBMyXoQ4nO/RR
Score

1^/10
behavioral13 behavioral14
- Target
  
  CrashSender1401.exe
- Size
  
  1.2MB
- MD5
  
  9cb75810c708b477d8fc7e62e9ca715c
- SHA1
  
  b23c36371ee9a5f21c75080dc60cd8d6759fe295
- SHA256
  
  f71b2db08fdbbdea4a6397e13888ed65da549cb599ad9b3618769ba70eb95653
- SHA512
  
  31191520467964b15b0bf8b88f4a4cfcb196fafb6596340ff749f865666ddd28fd565b58a10e1722b8287c5fb731ff66a3e96fbd80a09aa0a59a8d4f0fab9f57
- SSDEEP
  
  12288:jJEGA28+c7kVygxulGOeuOBdGQ/crdV2zwAaeVGGAXZaENMMS69fT7DdnckC4I2W:yG87kVyauOBd/Er5Ap/TKjxT7pcSILm
Score

1^/10
behavioral15 behavioral16
- Target
  
  Driver/32Bit/cyusb.sys
- Size
  
  39KB
- MD5
  
  ec0cc1aa9abfe9a32daa66832cb06271
- SHA1
  
  2b0f67ea69570df3c90a300b818ce362512aa032
- SHA256
  
  0aafafee82cad14f4b4651751851de1147e45a3e63394ef8ec57ee4daff817be
- SHA512
  
  bcc329f3c1fd733dab25689038b1e490fb00f1f48378a070bda5e941adb7dd33d1727c53906403d35a7b1c919d2e1f6ec4d86540ee689da6f5ae09bf902e37c7
- SSDEEP
  
  768:ooaGcWqY1icxf8T2iq5I9K7KQVf4puEz3S5hcpFr1:GWq2CHKMuEUa3
Score

1^/10
behavioral17 behavioral18
- Target
  
  Driver/32Bit/dpinst.exe
- Size
  
  900KB
- MD5
  
  30a0afee4aea59772db6434f1c0511ab
- SHA1
  
  5d5c2d9b7736e018d2b36963e834d1aa0e32af09
- SHA256
  
  d84149976bc94a21b21aa0bc99fcbdee9d1ad4f3387d8b62b90f805ac300ba05
- SHA512
  
  5e8a85e2d028ad351be255ae2c39bb518a10a4a467fd656e2472286fee504eed87afe7d4a728d7f8bc4261245c1db8577deeee2388f39eb7ee48298e37949f53
- SSDEEP
  
  6144:EZtaKSpwmx5ATm/LC3fwf3OoU9xkYSr/mdBTRhKWIjsRP/1HHm/hHAM8i6r+LyIU:EZxSpwmxvL/f3vCN1PMaLi6rAyIQjF
Score

4^/10

discovery
behavioral19 behavioral20
- Target
  
  Driver/64Bit/cyusb.sys
- Size
  
  46KB
- MD5
  
  8ec96b753727b380089d66d4ab5869df
- SHA1
  
  14c8697ac2813fbf265211f1583d442e54e792b2
- SHA256
  
  f8e36b68eed9680291610c83e7df16a04d278e3e7bc807cf8a870d01c4e5a95e
- SHA512
  
  a12f6a677914b011a094c1d4edabbdc16f064318527f49c6648ec240ced8a5ec41625a4de690d376212d0be0bd4423e8bc5255eb95190cfbac679c977a4de957
- SSDEEP
  
  768:Axs4aNRYfxtHzh58h3EBeJBd4VzOYFusnPv08qNhjJLqYUGC8wn+uMzMsGG2:AygBeJ34hkJu+uMzMsGG2
Score

1^/10
behavioral21 behavioral22
- Target
  
  Driver/64Bit/dpinst.exe
- Size
  
  1.0MB
- MD5
  
  be3c79033fa8302002d9d3a6752f2263
- SHA1
  
  a01147731f2e500282eca5ece149bcc5423b59d6
- SHA256
  
  181bf85d3b5900ff8abed34bc415afc37fc322d9d7702e14d144f96a908f5cab
- SHA512
  
  77097f220cc6d22112b314d3e42b6eedb9ccd72beb655b34656326c2c63fb9209977ddac20e9c53c4ec7ccc8ea6910f400f050f4b0cb98c9f42f89617965aaea
- SSDEEP
  
  12288:uIId79EaUTvwieMozMEcOigSpuPMaLium:xIdqaWw1MsbTScP0
Score

4^/10
behavioral23 behavioral24
- Target
  
  FWUpgrade_dll.dll
- Size
  
  114KB
- MD5
  
  d2eeff2d2de13e02bb8240272568b21d
- SHA1
  
  32916657b5f5f9eea161c368956b2b49996c9c7f
- SHA256
  
  80c19014a0b1baf082b1a6d9e3a2cdd167537fad98aa9ae785b062a7c36f2736
- SHA512
  
  171c4ce4991a62fe2e37261dc9e6b45d640fca13c95cc133333e3a70588da0b31cfa1e0eaf38a06eb8acdb1c0457bc0f7599b663aa5468420a1f9a1d87f49d43
- SSDEEP
  
  3072:xAMH37dcJ1JYjqhndrDtHaOZDtEeHRvk7YOlC:iWdcf1daOZCUcMOlC
Score

1^/10
behavioral25 behavioral26
- Target
  
  Uninstall.exe
- Size
  
  65KB
- MD5
  
  3a2a95d79afec4103c945184f3c5136b
- SHA1
  
  3982705fb95707d6d44db31c13d1537f3257b31f
- SHA256
  
  09f6d7355d797379f3a917eb5e2cd1d976c3e2041c8943ecdb7aaab2d027d117
- SHA512
  
  bb4dc11a7ecd2ea096fd4b707aa204339e428d7a6319d8e69934a214ac4d6ab33427cc581dc1624ba2a009998d7b06134925405ce348c1ac411db5ef28e0d7e8
- SSDEEP
  
  1536:+ErPZ3IBZcbTfu1HlrJFCPcbPnOgdLeAyN2lsO/:1PC23aJFC0bPnOceAzl/
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral27 behavioral28
- Target
  
  dbghelp.dll
- Size
  
  1.0MB
- MD5
  
  5c5e3afd499e5146fef1da5ef8a23205
- SHA1
  
  8245691416e509a3a1bd8e321aa6d2ff1925a224
- SHA256
  
  9a26ffaffb26fa6549c6da75f76238a903ca723f9dad356fba8d91067fe312fd
- SHA512
  
  595eb2a4928092a64224077a3fee0dc80a58cb12cf174bf648efe381f81846f345f1f1556cfd90026715ae4fd5c7913eeb46cc7df08f97118a76c58422e7d0dc
- SSDEEP
  
  24576:MA/j0DVD9vQYvfPlhPbZA28wtdzswxeqWiZUC82OLmoQKXIzrWNz:iVDZQYvfPlhPbZ97tdKeUC/OLmoQs
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  freetype.dll
- Size
  
  502KB
- MD5
  
  0e1dab1a55bc9c62d85bf35ad466e0af
- SHA1
  
  26e3a6fda927aa10e123d0aef7205f0176af2b00
- SHA256
  
  d24f396cd9184e4ea26c3cf35848c61aa1cf66a7ef26751e9c65ef34bacd52ef
- SHA512
  
  a7af26f81b3f695e2bcc6197032806314238136a92ac3a6487ece51d1da86c351382c83379fab674b4ed2a2c07763da15eeec52608cef0b7ccab493afb584163
- SSDEEP
  
  6144:go5Y/xedcmtFEDg5tBWt9RU7o+MfZXJE4uJJk+KwWWsEWmfDSuqnkyuJzzn7a/qt:7MEdcUEDK/n7o+MNuE+KnfEWmjyuz2
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks system information in the registry

Deletes itself

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32