84832b0936661d524244e33720a139eaaa475e7178d1c34b73297047f2c78e95

Sharing

Copy URL

Twitter E-mail

General

Target

S2US.zip
Size

69.9MB
Sample

250415-cekb6awps9
MD5

0b33f08cd41160cd68e61fa38ea04018
SHA1

2bfa487ab9dda97c09f281ae50c2b281abcc4dce
SHA256

84832b0936661d524244e33720a139eaaa475e7178d1c34b73297047f2c78e95
SHA512

cba4be7d22412e44216375fc411c0a2b072aa8558a8b668c2cd3244cc6606233e467c1d4a18166d7dd5e22f12760c0a0e910258986265a5ceb2dfeb61ccfd08c
SSDEEP

1572864:Q7LzeajuEp6Ekpq6hDfaIGW2LotInFu/lzYgff/AI0aCEwBsL1om:mLzlSTq6daLJLSEFYRYgfAIdCEwWL1n

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  S2US.zip
- Size
  
  69.9MB
- MD5
  
  0b33f08cd41160cd68e61fa38ea04018
- SHA1
  
  2bfa487ab9dda97c09f281ae50c2b281abcc4dce
- SHA256
  
  84832b0936661d524244e33720a139eaaa475e7178d1c34b73297047f2c78e95
- SHA512
  
  cba4be7d22412e44216375fc411c0a2b072aa8558a8b668c2cd3244cc6606233e467c1d4a18166d7dd5e22f12760c0a0e910258986265a5ceb2dfeb61ccfd08c
- SSDEEP
  
  1572864:Q7LzeajuEp6Ekpq6hDfaIGW2LotInFu/lzYgff/AI0aCEwBsL1om:mLzlSTq6daLJLSEFYRYgfAIdCEwWL1n
Score

1^/10
behavioral1
- Target
  
  S2US/Script2us.exe
- Size
  
  68.0MB
- MD5
  
  b20ac15c8d7d2497fef8f0cc2184fb22
- SHA1
  
  7dfe9d6244233e874a56362da572ceeb808847b6
- SHA256
  
  6a41dd549e9222d362f42eab61fa8442138c9898c104a8d3a70b540d1c9b756a
- SHA512
  
  981edf3f68e2ae20c81aaf41cd3faa99bf77c16019cc01d63c661a260fc0e66478c00578845a333f9e7e7db102ef54f73f7206ad6f139d4ddaa301ce81b84361
- SSDEEP
  
  1572864:noxGs5ujdKKKKKKKMAZEcIxQyvuiyUb749jWHc:dFKKKKKKKTEnyS4NW8
Score

3^/10

discovery
behavioral2
- Target
  
  S2US/Tesseract.dll
- Size
  
  130KB
- MD5
  
  e3836788744fa34f35814c208ca9e532
- SHA1
  
  b7e495c1b279d187097503461ee5078fa7b072ff
- SHA256
  
  e1d71edb2b95be1869d8b1ecb9dc81ec28d7ba5ea95a146483fbb8af204f7fa0
- SHA512
  
  685cb22502f2a55866a2cf06ce2129404dcf77a860fb21689621c61c0a7dd4b3f9fdcdb332902a5cb8f1e543c77988768eaddf423bda0df43ab3afeb8d8cda55
- SSDEEP
  
  3072:/ZQiorxOZDQMUxFkNQMI/5IvlaTKTzEJELjjL6+wXL:/ZQiorxO2JFkFIR
Score

1^/10
behavioral3
- Target
  
  S2US/Updater.exe
- Size
  
  1.1MB
- MD5
  
  5cbaaab2491b5fcfc0652a7c895af064
- SHA1
  
  2d318b658287e62c425f4172bdca4e308a2ad5cd
- SHA256
  
  6a5036d708767b5ae7320f2f1523aac10c84e0fdc1777210505b2c23c5edf280
- SHA512
  
  37385cc81ad624b9a37fe6b50ccfa5cc213a3e8d28fc9a83fb3f4849f5a87435ff17d01b147fc9a60b9bceb69efba22b91c49ac0d154d1e4519e6ced61a4756f
- SSDEEP
  
  24576:WjL32OeHgnnDIBvzIH6cIKd0VGUBU2OGCp96W03vPWIe0yP6D47+FtyirHQD5PRm:y32tAnDIBvzIH6cIe0VGUBpODp9903vK
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral4
- Target
  
  S2US/x64/leptonica-1.82.0.dll
- Size
  
  4.0MB
- MD5
  
  2813455700fb7c1bc09738ca56ae7da7
- SHA1
  
  54de0b23a10acc5a97c61b00dbfee9a4b4ce0a80
- SHA256
  
  dfcb3e6ed0b16bc55bfdbcf53543cfe42a354b87c3e35bd3a95eebf005d73e76
- SHA512
  
  49c2d2f22daadb2b3d60344c2b4b1387c79ee8dc56fdc3d9e023088f1a5a18469a220a499802c1aa58498fb3dcc0d070e6c9fea9eea470c072eb8f8d02b9e647
- SSDEEP
  
  49152:AyeqkefPjBthD9lmJ/teqmlWjIBpSbVqS/hlpC5GiptUw2qv5Nan6hI7G2f7S5V:9NDPqBEWbq2qv7J
Score

1^/10
behavioral5
- Target
  
  S2US/x64/tesseract50.dll
- Size
  
  2.7MB
- MD5
  
  446370b590a3c14e0fda0a2029b8e6fa
- SHA1
  
  58d38c3e3acc8fb6c9e6e540e5877f89e09b5272
- SHA256
  
  de4d04ec75095374d98f5dd7a60d14d7e2e0f76589db693eccf7ae658be8cb2b
- SHA512
  
  51e29a643dd9d873ad67bd73b0fa05d887e3d1f6914227aa20513f1cbf6ce58088f24ac228087ca4a4470d93558769369f0065cd409083a6f140e17d66935c25
- SSDEEP
  
  49152:zEuBRPoTZPD1JvFQomLfqqzn1CKVnc235nlilIQ9O6/J:DY1rg1BFcU8T
Score

1^/10
behavioral6
- Target
  
  S2US/x86/leptonica-1.82.0.dll
- Size
  
  3.2MB
- MD5
  
  e62f9ef3dd31df439fa2a37793b035db
- SHA1
  
  14497cbf51b94af3d89e7527b08e9199933f560c
- SHA256
  
  1700330110ada8e4f07fb063915e60e2b585ad87d9b1948093945e4645b66d08
- SHA512
  
  11ae50c42b393dc8f2f19e75e50d348f186fcd4150f96b2564b3bf6d61c6230f14eab0c61cda10824735c5e0a44753d181b2932931d7ea4986c7adca2d12bd1f
- SSDEEP
  
  49152:QPQ3LXmkoChDOtojwcyQc0Iq3jzfzGL+ON4Ge/MKFVsrpouf/xo7r2+gu:sQbXmkF/8+4SFqNfc
Score

3^/10

discovery
behavioral7
- Target
  
  S2US/x86/tesseract50.dll
- Size
  
  2.2MB
- MD5
  
  a87ba6ac613b8ecb5ed033e57b871e6f
- SHA1
  
  39f6c33b5e9cae045854b711af29fc4b916b79bf
- SHA256
  
  7f4873cdb78b9cd18c069eae434d38dd14e987531866463357cf51c016241820
- SHA512
  
  8cac87aaf7f7e335c82bbb4adacdaf81df9d36e719fd26a1b1e95f169134013677ea06202a3b9c5a3e02584d3ca6cd629ae34c6b8d70bd74ff2e2a2e6c474c7d
- SSDEEP
  
  49152:cDrN2OaIP2WOIyZPQhd7aLcrmArnVaB8DqYv4W6rXoYO:cDrN2OaIP2ZIE4fCUmArnk+DqYQ
Score

3^/10

discovery
behavioral8

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

MITRE ATT&CK Enterprise v16

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8