General

  • Target

    CH341A-Softwares-Windows.zip

  • Size

    183.1MB

  • Sample

    250604-3y4g9aylz5

  • MD5

    3bebda083766bfd6d98eb325554ced1b

  • SHA1

    0c0d714ef5161814c93cfcc7e7656c282f71c70e

  • SHA256

    bdd51877005fb96e140a280fcc738db400d8e1bfda3d00696e001dec1577e046

  • SHA512

    8d6bc70d74f178d623f4d0bb973de54760a8645c8b29385e32bdfac328973abddf7d5c11c4c660a6fa4b2f26020cf613e2c730903f3d5ad370205285bb1fb4f4

  • SSDEEP

    3145728:1xiFC8CDK0wbseE3bHo4aQ/hOmm8sOW381ERSpxTpj/t0INiZR:1wFPIeE3jBoL3sERSnoIe

Malware Config

Targets

    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.1/Drivers/CH341A/CH341WDM.SYS

    • Size

      19KB

    • MD5

      e6e76d443e2925f7ae9d9fbf4255b50c

    • SHA1

      7b015676e8c4e95bf82455b6e14ad3ee4748fdcc

    • SHA256

      a3045a4f29a8c86e6fe5af9e5c9225294d266c6218d65bbfcaa5a7d1c683abd7

    • SHA512

      0d1640b77031749d9b520aa801d9734a7bd9c41176177754de23841a5e948899458fafff6cabefbb8c357e1435248b3afa1f08a35dc1f7c11e5bb832c832e2c4

    • SSDEEP

      384:ssQeTJ1C/0kXll74neTi90iXE5JIfreHM3FJR3V7z:VQh0WLfuPXw6frL97z

    Score
    1/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.1/Drivers/CH341A/DRVSETUP64/DRVSETUP64.exe

    • Size

      45KB

    • MD5

      1fe688688c2082b37827db54c4282af0

    • SHA1

      d6dc4f97a61a9f1919cbbd7cc52c7bb59b0291fb

    • SHA256

      a5a07ee7b5195497be4796845cb05b38618daaf2af98884b29eead6d073353b8

    • SHA512

      5d2a93ea1c47f1d9623cddf57f4f7961c9b78258bdeeec5cb62a461853be6b7b47c20617de300366e60bb4146b6a283a8ca7694fee3ee8afb90e72875841272b

    • SSDEEP

      768:Km0g8/JV5NDAGcN37MpHdMon5f/D1yM4E9obXDC8TvmS+geyX8K:7ydNUG1as5DerDJmS+aX8K

    Score
    1/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.1/Drivers/CH341A/SETUP.EXE

    • Size

      97KB

    • MD5

      181f68547d52360fc142ac3adc2436b7

    • SHA1

      8d5eac850374e4faf2bac2e439d1e02d2d2c704b

    • SHA256

      a8f306d5ba1a23f587283fd410313f50ac1ac5ce1268938b065130a0dc84c658

    • SHA512

      1ee8fdb1692061482a0fcc6030ece500fa7473586fffe6eb3836b3d3d54bed4cb4fe443de8173d252e5d206eabee6e363c387366b159ae29859c77bbfe5cee4e

    • SSDEEP

      1536:kkemXlWr2vWvTSQUbnShitoodAO7i9eoneAGXH:kkbv9fUILAOOUoneAiH

    Score
    5/10
    • Drops file in System32 directory

    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.1/NeoProgrammer.exe

    • Size

      3.7MB

    • MD5

      60a12af6acc28325e3acb20c916ceed7

    • SHA1

      e5ea54188fd4edefbc0a2009172cd67c156718c7

    • SHA256

      6463b11b55da090d3747ccfa1329ab58de66f8bdc1acf937b2fa414d46e4223f

    • SHA512

      68b32fa26f22e1783cb3099517b4687b9bbe27a2f2a77e6a34de21111006f7db115898b18ea1cbf9ca7d317ffaf14709c5d465e3650bb170af029189b2e7e3ec

    • SSDEEP

      98304:I3O/VJxRFPRyKX0VsZ+Zc3ETDPhlMl1+OA8l+:I+L/FPRyKX0VsZ+Zc3cplMlUa

    Score
    3/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.1/libusb0.dll

    • Size

      66KB

    • MD5

      535779909a40b42f4f3e48598f5778a5

    • SHA1

      3a238468009a6dea3e4f70821339185e56ea3b69

    • SHA256

      00caca07869b19d10b370552ac7cc2f6f2ee246fc15db11650f6cd3f4ef9b666

    • SHA512

      723b42c3df960f031343b9bb74a55ab874cd1f740a187a58bfecdad78876dd227392f18f6faea33e743593511a12635ef6419bb68d4361c6631584ebc8838e80

    • SSDEEP

      1536:oy92wLYdq5fSmFBkg9uiMNoRP/RzojE5h5IlmkOC+ziUqT:ozwLjtSIi8MNoIjCh5IlmBM

    Score
    3/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.1/scripts/README.TXT

    • Size

      14KB

    • MD5

      0234f9ba302fed02010bb0f8a29baad1

    • SHA1

      baf708e3160bdba39a48f03f061a56f71c64b47f

    • SHA256

      1c365f3b55dba4d0ab88a8700e8c058fe794f2c832c3c44a1c00a9b4b5001e70

    • SHA512

      66a6c14d6a33edcdfe9838d6cd2b414ccfe330bac8a1c0f4f57d003d8c7300c2826177d4a7530b14e1ac5188b0071851b398f23ed87c737eb63687f084445490

    • SSDEEP

      192:gDb71xYndt1SJXuH7QRlZxwEC3A9wYl98CYOHb+1CgRpASXGgM99WMcAyOa:wbxxYndtlbO7LwYr/Y/CCeSYJkJ

    Score
    3/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.1/scripts/README_RU.TXT

    • Size

      16KB

    • MD5

      cff4a4e648761d05213b691c1eaaad09

    • SHA1

      7536b03ac0f3edea2f6bcdb0b697acc0d15de0b7

    • SHA256

      c4d07749d38ed0af3d35bc3a7adde44eaf5ddd8584a94db3c621b8a145c68fac

    • SHA512

      188654759511f89586463d35c23bed9f4d32b4a63292756d5ac5d886e9c86c1913792c472537113c4e67d4ea2e042c63386cb22e201f7923c756cd666c1441bc

    • SSDEEP

      192:CjC1GLZPTyvQYlQ5SzxP9A9wYl98CYOHb+1+y6Uqtb73CrLdLPUzgH6evm3:A2mZWX2wYr/Y/vtrhbUUL6

    Score
    3/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.1/scripts/script_func.html

    • Size

      12KB

    • MD5

      5c20581ea5176364278c8b568cfd9027

    • SHA1

      5444ee02d1cd35a18d9c99f263acd2ab0224cd8c

    • SHA256

      2f2b6708b62766d204da5e448686ba6791d954dbff198ed8604ff6a8109c5730

    • SHA512

      95ddd8c11f6d67f117e2facb2e2a14593c0c7bc0a726c267a2f73a84e757ea2717458e600c349c58fe41cf24f87f79880ef76610bdddf8e0cd07b05ae2e793ea

    • SSDEEP

      96:e8l17j7w2oKVMPFPQ0O0PY4tScyidf0A31C2aDsaS04+E1EvxYeKqcYeKq3aGVMb:f17j7w25VuB1b0g0yjM3vhK5T1MMmv

    Score
    4/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.1/scripts/script_func_EN.html

    • Size

      31KB

    • MD5

      eba9e7480eb7c7337a4135df68d78bb3

    • SHA1

      d16e953f3e936291be622467e13643ba78f606b5

    • SHA256

      1ead18d53850513d4bdf5ee5d0f30b617b9b45098b6aca45d58d49db2d2e21ba

    • SHA512

      2a603211590ccb19f595d6ce0022c534eabfe164923e00a99228df63ed05b8374267955d320f89f8783223cf6d4d412ec975b51e801e258a234c8aa2efd231b6

    • SSDEEP

      96:X7ndUmsk619aE01YW2z8MGV3aE0MNt6XEaSEa6G9GyeVJevZ2oke/J2ok7KXQ8Bx:2fxU47OHAlvZ+99xgQmc

    Score
    4/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.2/CH341DLL.DLL

    • Size

      30KB

    • MD5

      d84b4c0f270ea6ea91a0ddad53b88c2b

    • SHA1

      79e54001f70c2833bc14985d1db659a58801d247

    • SHA256

      48e025e8d4d3320b273b3a2f029fb33a877ea94ee0a2a7943ee181209fc412a2

    • SHA512

      92e6701400c230cc3e33e4e810fae9568a05aaf4e12989f516028d03601d5fb0950a662eca061d3f41a734883aa090b78c489e0e5fd7f60e2e1722341da912cc

    • SSDEEP

      384:dX3mJPDhYdCNMZQHXg8XMpcuMt80acI0m+VkSezswqqNCgd59UNcAFvw6:p3qYdCN3Xg8c10actm+yS/oLAJw6

    Score
    3/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.2/Doc/CH341/Adapters/I2C ADAPTER FOR CH341 (EN).pdf

    • Size

      484KB

    • MD5

      e0f03eefa9101ac85fe137fbad7e603d

    • SHA1

      0c257b314754e1492d545eba686ccfe56e4260fc

    • SHA256

      e74cf27432badbeb4d3251610aa6bcac4cd065f89122cb1a84395ca7d9a35202

    • SHA512

      4a286c3c7751344359737ee4ba10a74e30e191c44736abe9041695f48242323e954237e39d42fc5d9bdca2e57b31c3c870c9dfa4a28e680b0de72237a7b578c5

    • SSDEEP

      6144:o0xAG7OGfFqKT5LsBeNNFIUh/Trgd/9zX5GbTftIwt38cdesTtDnSZzwcYK2ZFh:7l7OcFqKqUFDRTu9zJUT6wbespytYfh

    Score
    3/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.2/Doc/CH341/Adapters/I2C АДАПТЕР ДЛЯ CH341 (RU).pdf

    • Size

      487KB

    • MD5

      8eb20671ab9bc49d562e01b5493433c0

    • SHA1

      a2fc140ba6891179b9ca319bbebc822ee3c393c8

    • SHA256

      3051348206dd09a59f379defaabc00f86dd70763587cfb055e6696b819ef490b

    • SHA512

      d3be628bd35b2ef85ab84d48f93337e79750c2ab97e3ae214041c04ac94b54f0b2c76eb88fb5e10d16634e36e07c5f3bf6bcd1a958bdb9a662b426ed6d67c2de

    • SSDEEP

      12288:2l7OcFqKfUFDRTu9zJUT6wbespytY2lEfs0O:25TDUdRTQS6wbe9Y2Ms0O

    Score
    3/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.2/Doc/CH341/Adapters/MICROWIRE ADAPTER FOR CH341 (EN).pdf

    • Size

      609KB

    • MD5

      0b73963a3f0c6fc8ade9280e2c4b548a

    • SHA1

      063ae5a3b16e0997506388a95889d03d9129eae2

    • SHA256

      a4ce1c9b0e18282f53f01e3e594b9cda7dcbfe5f294c03d9cd747dc137d317d3

    • SHA512

      a2ca4c239b1672a8f47a7412f3ae60606ee863c2b0c34a6b898958691223332f6ee3c99a7b9bb4d5a954c0efcd093b7fe91dd86a3f89f2040d86fd12621ccde6

    • SSDEEP

      12288:vl7OcFqKe2d7R5YeNg7GniMxNZEzHiHrsMYcIAKfVwKOw+SpG:v5TDRzNjnp/EKDYcI1NpODSpG

    Score
    3/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.2/Doc/CH341/Adapters/MICROWIRE АДАПТЕР ДЛЯ CH341 (RU).pdf

    • Size

      606KB

    • MD5

      a01a5d8cc67ca23f4f89a2b909b87c2e

    • SHA1

      4b8c0463f1990a522496a4480c4b405bf221f2ed

    • SHA256

      2665f6da155b4d18b24d6c3797907fecba3f4e0754143048d45ec7d0d089ca07

    • SHA512

      5706695fdf262bacb5297b3ed23535bf845a949340c608acdd501d1ac2c2aacdc4643cca1eb56459c3095199cddd1ce22b7e808e2366ac6a2f7f74713fcead62

    • SSDEEP

      12288:nl7OcFqKe29r7R5YeNgwYYMxNFkYzQqkpJmrVwKOp1hD:n5THRzNEjkYfA8hpOpf

    Score
    3/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.2/Doc/CH341/Adapters/SPI45xx ADAPTER FOR CH341 (EN).pdf

    • Size

      330KB

    • MD5

      e09291e842990378bf9b872308e2d4c3

    • SHA1

      0312f748d1a1237ded98dce5430e642b4e1b688e

    • SHA256

      d5d2ebabc15e51158610b6fcca8658ee4ad49f26194047f87dfb9a8a2b95b203

    • SHA512

      0408d3a593deeda8033761077a3872bcbadd01e2c9d459e2d7e34d6b0b06e104d0b8ee2522ab115355d7eda57458fbad19e19a5bae9b8e6dc585f78388b7c11e

    • SSDEEP

      6144:+0xAG7OGfFqKTV15ZOOpYwgEKRFOjt5Kvo5NaAEp7:Vl7OcFqKR1DOKgEKwEAO

    Score
    3/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.2/Doc/CH341/Adapters/SPI45xx АДАПТЕР ДЛЯ CH341 (RU).pdf

    • Size

      333KB

    • MD5

      23b02ac4322a39e11f4b8c7c7ac6cd70

    • SHA1

      75b0e6d51cb199ebd567148f60ac6d24f03f00ee

    • SHA256

      ab675a9b866401bed60df2b96bbe0a8630437b8a121d5d1f37b24bcf37b2229d

    • SHA512

      16a90fd32b1d86e1728f66472651123e38eb856e4ed5e2b94f415449d1d1439be8a0515dd9ce72bfaacdffe6528651238a58b205acc16d8a230bf1c8f31b3aa9

    • SSDEEP

      6144:Pt0xAG7OGfFqKTc15ZOOpYwgEKRFOjt5Kvo5NaAqWszT+BDV:+l7OcFqKY1DOKgEKwEAeWszyBDV

    Score
    3/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.2/Doc/CH341/Programmers/ch341a_programmer_Green_3.3v_5.0v_EN.pdf

    • Size

      293KB

    • MD5

      dd44f9aa5f59c7222738d5dc90c3a08c

    • SHA1

      ca3c22562331f88d09a7bef96df4bce5b1b9c355

    • SHA256

      6de3f3ca1a92ef5da475bf4ea74ae537e97198da04ab0df184a34222e89e280b

    • SHA512

      8bbbf42bad9177cb57d1a9ac15da0ed5967ccbe1edd20b6fd6efc19cc139b25d73e47bb6c7ebe4fa128dd93a377e8c12ae9f3850ed6e46b371ea9e5392a14b49

    • SSDEEP

      6144:6c1FJ5Wx2UvsBlICtzSThSm4HrAJ4K6hkBrThKcriYb9AQKdROC:6c1FWx2Uv4hZ+h/JgUThK8iYFKzOC

    Score
    3/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.2/Doc/CH341/Programmers/ch341a_programmer_Green_3.3v_5.0v_RU.pdf

    • Size

      291KB

    • MD5

      2dcf046c9c86f7d7586e7fcadacff6b0

    • SHA1

      38aa83926d4995562e6f992a17a0f6094d564a52

    • SHA256

      d17191af073a92df87f2449d1f64a78ea46814754ecfd27dfcceefa8f7ffabb0

    • SHA512

      34d5034d2339df6ba8931f27ec616c40140b8a35cad57bf336eb662c8b0cb9b63865f8941644edc06fa7af41f607f22edd93157d03609aca88c162a78a4dcf73

    • SSDEEP

      6144:z/SLJ5Wx2UvsBlA6rAJ4K6hkBrThxCtzSThSm4uqX1SAOtfTY97vf:z/SLWx2Uv4qJgUThUZ+hsRVH

    Score
    3/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.2/Doc/CH341/Programmers/ch341a_programmer_black_3.3v_5.0v_EN.pdf

    • Size

      746KB

    • MD5

      9d8950090702a3d89122194ce8794dfa

    • SHA1

      5080be5692eecd9363085970dfdb1ce4eab67eda

    • SHA256

      4ca5358e278ac25abcd090a2730e94f18b834ff7aa70406418fe462307eed720

    • SHA512

      4933fba4d61552fa41c152e6381092c8b89d4d456d424c1a2ae8c52970de78c9bce4780d3914fdb72c039ac19b648ba051c67d5f188fe2a23c97bc7f62d27d6d

    • SSDEEP

      12288:T8jbbJpsRaaB8QenoA9rvt4KTOyMXh3ub/xlv6O9ddc76yB0bXnk7V:T8jbbJpdMBul4C4Nub/LvDIRB0bK

    Score
    3/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.2/Doc/CH341/Programmers/ch341a_programmer_black_3.3v_5.0v_RU.pdf

    • Size

      749KB

    • MD5

      223428411145931a3104c4e9fe7e18b3

    • SHA1

      39ad02e876cd5bd759d8e7b7edef5fbaac2d57ce

    • SHA256

      277771395afd929873352d4f259ee2730a6fb39e222f4a80f1ba6dd354670fe1

    • SHA512

      2c46d69153305ab6dcbfcdbf2e7e5fbcd7558a3ae777eb2f363caacd014f476dd6de8854c2be1cc0a87163b7247185782b033a210d94d71ccec49f9be93ed599

    • SSDEEP

      12288:4fp5ib2psRabB8QenjA9Imt4uTOy/hku+/xlv6O9fdc76yBhLURtsV:4fp5ib2pdN8Ru4Guu+/LvJIRBhLlV

    Score
    3/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.2/Drivers/CH341A/CH341DLL.DLL

    • Size

      30KB

    • MD5

      d84b4c0f270ea6ea91a0ddad53b88c2b

    • SHA1

      79e54001f70c2833bc14985d1db659a58801d247

    • SHA256

      48e025e8d4d3320b273b3a2f029fb33a877ea94ee0a2a7943ee181209fc412a2

    • SHA512

      92e6701400c230cc3e33e4e810fae9568a05aaf4e12989f516028d03601d5fb0950a662eca061d3f41a734883aa090b78c489e0e5fd7f60e2e1722341da912cc

    • SSDEEP

      384:dX3mJPDhYdCNMZQHXg8XMpcuMt80acI0m+VkSezswqqNCgd59UNcAFvw6:p3qYdCN3Xg8c10actm+yS/oLAJw6

    Score
    3/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.2/Drivers/CH341A/CH341W64.SYS

    • Size

      30KB

    • MD5

      2e8e48ad2ca64024c20c67c747f217f6

    • SHA1

      b72e7c6618a85f214b7d6ee3fc7aeae1541897e9

    • SHA256

      aed7640e2195f5a52e788844d38b08f906264d2e740bd362db76c241cbb27f7e

    • SHA512

      01c824497946cc25fbda3df7e5c38d010b4aa8ced4867d643fc5a9abb2e6ba4a6f47af6fde04ee17cb16f81d04b96e030df52704c9ca4cf833db25b259d26c57

    • SSDEEP

      384:AdmJz2AbXLmX4wOvRH5GmVaY3cJbr/ZmxOUXEAwfo25rO2KdQxDyTa0mo4OfTyBF:emJyGU4wOvRHUjinEAwfd5083o3fTo

    Score
    1/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.2/Drivers/CH341A/CH341WDM.SYS

    • Size

      19KB

    • MD5

      e6e76d443e2925f7ae9d9fbf4255b50c

    • SHA1

      7b015676e8c4e95bf82455b6e14ad3ee4748fdcc

    • SHA256

      a3045a4f29a8c86e6fe5af9e5c9225294d266c6218d65bbfcaa5a7d1c683abd7

    • SHA512

      0d1640b77031749d9b520aa801d9734a7bd9c41176177754de23841a5e948899458fafff6cabefbb8c357e1435248b3afa1f08a35dc1f7c11e5bb832c832e2c4

    • SSDEEP

      384:ssQeTJ1C/0kXll74neTi90iXE5JIfreHM3FJR3V7z:VQh0WLfuPXw6frL97z

    Score
    1/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.2/Drivers/CH341A/DRVSETUP64/DRVSETUP64.exe

    • Size

      45KB

    • MD5

      1fe688688c2082b37827db54c4282af0

    • SHA1

      d6dc4f97a61a9f1919cbbd7cc52c7bb59b0291fb

    • SHA256

      a5a07ee7b5195497be4796845cb05b38618daaf2af98884b29eead6d073353b8

    • SHA512

      5d2a93ea1c47f1d9623cddf57f4f7961c9b78258bdeeec5cb62a461853be6b7b47c20617de300366e60bb4146b6a283a8ca7694fee3ee8afb90e72875841272b

    • SSDEEP

      768:Km0g8/JV5NDAGcN37MpHdMon5f/D1yM4E9obXDC8TvmS+geyX8K:7ydNUG1as5DerDJmS+aX8K

    Score
    1/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.2/Drivers/CH341A/SETUP.EXE

    • Size

      304KB

    • MD5

      023412e67f579dc4c35cc32c1e42434b

    • SHA1

      ad91ec05adfd15f99687ee927c4829c84fca511a

    • SHA256

      80b6e08ce1b5e17c7dc26bb98eb05c690c01f7630e848312267e3aada31e6442

    • SHA512

      8059dc7ad0f0a014f0407a445c04227c1f75c5d3067c322723075b950ea0bc9fd947c1bc407b2078e662c61958caac8569231a0f4cd093ea9d723c3c33a0d322

    • SSDEEP

      6144:zvEN2U+T6i5LirrllHy4HUcMQY6Zkz9fUIsfZ:zENN+T5xYrllrU7QY6GhfCx

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Adds Run key to start application

    • Drops file in System32 directory

    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.2/NeoProgrammer.exe

    • Size

      4.1MB

    • MD5

      9866d0423621d8a58fcb41bad918f88f

    • SHA1

      2ec09391f5d4c33a409643352858b4a3fedcc0a9

    • SHA256

      6c62b2a77e1286c2de788c8e9d576b835a1019cf75e03db426b5e998f290baba

    • SHA512

      f1a7363a57f178011fc9d5960ee7bcde566ace28c87af99d8865845bcec9b9be994d24b9de7ad4bd028991e1fe0304ad8f434714f0a11d208dc3d38d1e4c7e6d

    • SSDEEP

      98304:Z11zFtA50y8YSdfoAIppKIr/gjogG7fIZYLihHUI4oBdrKj:Z11zFtA50y8ZVCpp/mogG7KUI4wJm

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Adds Run key to start application

    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.2/libusb0.dll

    • Size

      66KB

    • MD5

      535779909a40b42f4f3e48598f5778a5

    • SHA1

      3a238468009a6dea3e4f70821339185e56ea3b69

    • SHA256

      00caca07869b19d10b370552ac7cc2f6f2ee246fc15db11650f6cd3f4ef9b666

    • SHA512

      723b42c3df960f031343b9bb74a55ab874cd1f740a187a58bfecdad78876dd227392f18f6faea33e743593511a12635ef6419bb68d4361c6631584ebc8838e80

    • SSDEEP

      1536:oy92wLYdq5fSmFBkg9uiMNoRP/RzojE5h5IlmkOC+ziUqT:ozwLjtSIi8MNoIjCh5IlmBM

    Score
    3/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.2/neoprogrammer.exe 

    • Size

      3.9MB

    • MD5

      8cf0e0781a200a55a1fe1829153972d3

    • SHA1

      7da62c569a428fa274de66d0289f80eb3f352c4c

    • SHA256

      48fe89645b5dd476adb1a0b5621d4aed3285dbd762d142466ccd06f7143c741d

    • SHA512

      0f5d0b82275b8bdfe17ba023ae4c10c93b3a2684e1d03d21bf5f8339c1851be17cadb4db01ec2c2179bd555c123f71bbaf7017d9a864d94f75d29e4d93ece8d9

    • SSDEEP

      98304:Y1zFtA50y8YSdfoAIppKIr/gjogG7fIZYLihHUI4oBdrK:Y1zFtA50y8ZVCpp/mogG7KUI4wJ

    Score
    3/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.2/scripts/README.TXT

    • Size

      14KB

    • MD5

      bf6d1a384d63375cb807797ca1c49741

    • SHA1

      e09265b4d2ffa97871f1cea08355223ad7ece56d

    • SHA256

      17d51a7eba2e4386839e9b2610da801ca7142a0f45a3925208bf824c478da918

    • SHA512

      b9f8a33032b32fa9145f6a88b6eda3221d8ed300ceba61979c902a89fbd14a224f15a7dd1827048b7a285d47095b77cb4e8d471d39355bee353301d92942178c

    • SSDEEP

      192:gDB71xYndt1SJXuH7QRlZxwEC3A9wYl98CYOHb+1CgRpASXGgM99WMcAyOa:wBxxYndtlbO7LwYr/Y/CCeSYJkJ

    Score
    3/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.2/scripts/README_RU.TXT

    • Size

      16KB

    • MD5

      cff4a4e648761d05213b691c1eaaad09

    • SHA1

      7536b03ac0f3edea2f6bcdb0b697acc0d15de0b7

    • SHA256

      c4d07749d38ed0af3d35bc3a7adde44eaf5ddd8584a94db3c621b8a145c68fac

    • SHA512

      188654759511f89586463d35c23bed9f4d32b4a63292756d5ac5d886e9c86c1913792c472537113c4e67d4ea2e042c63386cb22e201f7923c756cd666c1441bc

    • SSDEEP

      192:CjC1GLZPTyvQYlQ5SzxP9A9wYl98CYOHb+1+y6Uqtb73CrLdLPUzgH6evm3:A2mZWX2wYr/Y/vtrhbUUL6

    Score
    3/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.2/scripts/script_func.html

    • Size

      13KB

    • MD5

      4656e710221e17452d2435b06e86094b

    • SHA1

      a57261c40d10bf81754b98f1364048b072952945

    • SHA256

      ab56540f83bc339201e4369beeca782c7e31bed51ff80434effb8a64958db717

    • SHA512

      d4819bef36195a49a364f5c72a1745d6ccbdf0448d6c4ecd053e2e92c222a5243ca2cbd71d880d7edf027cd107f3a2239c08b4519b577f123306e5eb4f60998a

    • SSDEEP

      96:e8l17j7a62oKVMjPQ0O0PY4tScyidf0A31C2aDsaS044gFE1EvxYeKqcYeKq3aG8:f17j7925VMB1b0P0yjM3vhK5T1MMmv

    Score
    4/10
    • Target

      CH341A-Softwares-Windows/Programas/Windows/NeoProgrammer/NeoProgrammer 2.2/scripts/script_func_EN.html

    • Size

      32KB

    • MD5

      7edf768d3a1a7b437b6ec5e911ab6b6e

    • SHA1

      fdf776f0aa67c6d695a337d0e04d485d5b1298ad

    • SHA256

      0be8806803e0778c46b55654978aad5d3b7c4c8627f76f3c9288e1b6b7ec3b78

    • SHA512

      71398f23520602a43ec38edf9bc299539dfa08b05a47c4a2a56a1def95ead398b7a536f32d5a5efdb41e45212fe967cb9fa653621d921f637eae23b93076e494

    • SSDEEP

      96:X7nd4UXmsk619aE01YW2z8MGV3aE0MNt6XEaSEa6G9GyeVJevZ2oke/J2ok7KXQI:1XfxU47OHAlvZ+99xgQmc

    Score
    1/10

MITRE ATT&CK Enterprise v16

Tasks

static1

pdflinkupxmofksys
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

discovery
Score
5/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

execution
Score
3/10

behavioral7

execution
Score
3/10

behavioral8

discovery
Score
4/10

behavioral9

discovery
Score
4/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

mofksysdefense_evasiondiscoverypersistenceworm
Score
10/10

behavioral26

mofksysdefense_evasiondiscoverypersistenceworm
Score
10/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

discovery
Score
4/10

behavioral32

Score
1/10