General

  • Target

    Easy_Load3r(pa$$-1212).rar

  • Size

    102.1MB

  • Sample

    250702-xkqfkszvhy

  • MD5

    91acc0c3c0d53181f2941acd6125507e

  • SHA1

    5b53ccef17e5c0c6e3ae3384801d59660067d9a5

  • SHA256

    e155e56cd7e19b1c3df8bce9f07bd5d0597daed00a38363eb0fcbef3b5500eef

  • SHA512

    8e23214a57317a6780ea73b5554c6ac1aaf80fdd011c9d98e7570849365d52ec3ae37a65dc066897fcca10e88c9117762b9efc820b1e1ba719c0b482a7983c16

  • SSDEEP

    3145728:GAC5OrCdgDLjvGWx3D697o2jUiA5eF5uq3zKKQopI:vCdqDhq7o2Igyqv+

Score
5/10

Malware Config

Targets

    • Target

      eLoad.exe

    • Size

      1.6MB

    • MD5

      2f2041c3166e4303de3a357e84842962

    • SHA1

      d11dac594ace0a24086c11a8a732a31286bf50e0

    • SHA256

      92caa95429d0cd0958e14d84c8bd24138696593b0b36572957a83f91abf05c8e

    • SHA512

      284a93179940ada9aa392058ec77f87cd1accf0cb884765bb94300fb156e01a60dfb6c0646e188a5e01ecad78af4c7821b6992e7d1979dddbb72daf5b6fcb37f

    • SSDEEP

      24576:gNuSeBR3+PXKc1OqaLqYQd3Qu65QfvA9KgghaiZBWopmyG0:gNuSK3iaxLqYQd3V6+XngYaizLo0

    Score
    5/10
    • Suspicious use of SetThreadContext

    • Target

      ispell/Sounds/DG/PAV3WSC.exe

    • Size

      149KB

    • MD5

      8014bff2c0237d2002624d6b76c846c3

    • SHA1

      70f26ef7d0496d2c23eeac928a7cb43cfff97be9

    • SHA256

      d71836b7deccb91c9419b064284aa6824fdb06609e44b0adb1a95c976a928388

    • SHA512

      8bc0cbf8a1f6cfe273700c536e125659b27e290fc71ae0b097e1991dc371a0db0cfe9894bf32538593dbcfb5f6ea8e7d70bbe27178c5f511c75f8ad243a64fff

    • SSDEEP

      3072:XcYpATai7hZ0Bvz3K540ZSrRQf/cGQi2y:MYSTaiV+Bvz3iSt0rQib

    Score
    3/10
    • Target

      ispell/Sounds/Drivers/NNSDhcp/NNSDhcp.sys

    • Size

      108KB

    • MD5

      fcbf498ab77e374319aa72d093a37161

    • SHA1

      6e07ee655c08e8118438f3f5039f7a044a067cf5

    • SHA256

      a32fec18b6d3972095f2b177bd57deacf5fb52af187ca203ecc78f85368e234a

    • SHA512

      d6f07aa26b3e10cc7080c5969df8255b365f151f621084535997a2f146e669cfb07b3abb6bd5fb0b6b1c06d79e8d5351ab0ef72a3dd993be8dfa92c11757e6c9

    • SSDEEP

      3072:vvbyls/1NB29RvBEPpJBUL8YaFBbJxaVE:vjylstwpBuo2f

    Score
    1/10
    • Target

      ispell/Sounds/Drivers/NNSDhcp/WVista/NNSDhcp.sys

    • Size

      108KB

    • MD5

      361fc24cd58434ef7d71b51f18537af0

    • SHA1

      632febef312a3a28866549decde3a2dbf91ae971

    • SHA256

      56559cb8b4ecce9cedf3e85e6928641a01fc86f976eb6d3255d216a9613045b7

    • SHA512

      a285df3a06de9c31fe4202a0ab95d0bfa67454525a148fbac0711b327d5c19176ad627c405c39b515972b14f0d024f1e95fb5adede2d6c8d06a584daa0e37998

    • SSDEEP

      3072:4vbyls/1NB29RvBEPpJBUL8YaFBbqHSxxn:4jylstwpBuo29

    Score
    1/10
    • Target

      ispell/Sounds/Drivers/NNSDns/NNSDns.sys

    • Size

      142KB

    • MD5

      eeafb784b225d517bd1d5b55dc7096a8

    • SHA1

      9144d65d32eb3b06143663e90880cbdb68fbca48

    • SHA256

      b98d86866e271c1d7187d9c28fe55742ecb5b2f9a7f27b316f147e39ec2a9dca

    • SHA512

      8342a9e6d1bf0328c1075666b46c0dc0033e7e9659c9a62626827b81bca0eaca29f2aec245b323fd54ef4334b0a7aca91e09d08aa33d3de4dd6c2b02379c9046

    • SSDEEP

      3072:p7QLAKuiepTOj596NG9EMu/zCaQD1+3SG3Gx08L8Ti7e2Viy6Cx76z:p7QLAKuiehOj596NG9EMu/zCaQ03SGkQ

    Score
    1/10
    • Target

      ispell/Sounds/Drivers/NNSDns/WVista/NNSDns.sys

    • Size

      142KB

    • MD5

      17c5773e535107a3e277e65720b11daf

    • SHA1

      8fa46e94a0582436d6c38e7fa2ea0a1c78034b83

    • SHA256

      efa6a571030ed33c675d4eda1efeb8d6942ea7ea142a3a9ab57468e91095d49f

    • SHA512

      8c9c17e0504d47c9356841d66bec48cdfc6127d4618b54e228b7e91512248120959f7d597fc8e00f07b7d2dc30cfcdcd27328457b0a54ee6e6395b65cbc5795a

    • SSDEEP

      3072:i7QLAKuiepTOj596NG9EMu/zCaQD1+3SG3Gx08L8Ti7e2ViyrcRcDxe:i7QLAKuiehOj596NG9EMu/zCaQ03SGkk

    Score
    1/10
    • Target

      ispell/Sounds/Drivers/NNSHttp/NNSHttp.sys

    • Size

      210KB

    • MD5

      1c3d01596c2cfa08ac90d74e119abbcc

    • SHA1

      8788c7e2a7710091ee18c01e8fcd93fcd4a11b6b

    • SHA256

      126f977a81ecb10ed8aa1ba1314e8ef8a92c0eecfdfc031a79f68415fb423b34

    • SHA512

      165073940d058153805bb4ac58f8eed81ceba64040f160155d84c053bde2485c83a56b5e796a72fe356121e680b5b4a4f3cbcce015fb90cd2e77fbe8b928841b

    • SSDEEP

      3072:G2J2GnFgrxWmZ9Hnmsq6y+bPOM2g7ufg0o/ef0Fl75bkB6V3z5+9ZPoBMR6x5/:3JvUo8b+9M2dfg0o/wKd5bkR9ZPZW

    Score
    1/10
    • Target

      ispell/Sounds/Drivers/NNSHttp/WVista/NNSHttp.sys

    • Size

      209KB

    • MD5

      96522be9ab926c44b3efe02d190eb399

    • SHA1

      5a08ba21e9b6fb896a4bec7d35f0f697be7cb206

    • SHA256

      5aed214a995fc9d3ec6d952d373c88e971cb3ad723c13f955bad1dba38dd90a8

    • SHA512

      b02bf5ba76a7e4b416e04042664df04d914cadd029fe9318cea7111644272cbdc57a2283ebd27ed315caef27059590373f36ec135f837f0a8c10887adaa02918

    • SSDEEP

      3072:U2J2GnFgrxWmZ9Hnmsq6y+bPOM2g7ufg0o/ef0Fl75bkB6V3z5+9ZPoBMRP7yx9:FJvUo8b+9M2dfg0o/wKd5bkR9ZPZe

    Score
    1/10
    • Target

      ispell/Sounds/Drivers/NNSHttps/NNSHttps.sys

    • Size

      125KB

    • MD5

      887a6e211601dc15730e5f2d0bf4df30

    • SHA1

      70b505fa302be63507812c9fe1c006a32d0ae075

    • SHA256

      69b8e87b5fd7e86f18a019eb133b91bff2fd7e34314fde4c8f652bd7942017f7

    • SHA512

      4b793c0d6dba2490c325616dc3d656c755edd4c295953486657576fb0c1719df8e6147762e485463637f4433fa7d0c3492ff055bde2867f392fa4a6e38048990

    • SSDEEP

      3072:zDW3zAoNcfLpGv6gP/CJ+K8ni+cEMRjxJb:HWjAo+fLpsLPPhU

    Score
    1/10
    • Target

      ispell/Sounds/Drivers/NNSHttps/WVista/NNSHttps.sys

    • Size

      125KB

    • MD5

      1c75e0df00def2030a7ff496a5b945b6

    • SHA1

      79ccc0d74781d2c8bb29578160f6a16f28eaf8ff

    • SHA256

      310eeaf49ff346dbbf07ee4401e1ae60bd2f70c4c6b21abf7cc5a399aa1db5a1

    • SHA512

      33e4eb5e1d48f138cfe7d94390063d92faf37d68f66b1e210c56a7b0bba42475996e0a2858568f4d6c294f39903c21da261c9dcf313a87674ea7d5ad56683070

    • SSDEEP

      3072:XDW3zAoNcfLpGv6gP/CJ+K8ni+cEMRwn9xE:zWjAo+fLpsLPPhS

    Score
    1/10
    • Target

      ispell/Sounds/Drivers/NNSNHWFP/NNSNHWFP.sys

    • Size

      206KB

    • MD5

      0d390a7c3f7db2f150ecd33203bec3fd

    • SHA1

      f7dbe21d13d60214c944500ac8e81bb08bd69232

    • SHA256

      3d1b9feafce7ccd1f52b6ab031819dc0171c87808fec22556e252695dbd349b5

    • SHA512

      90438a7460c978bdfd0f3cfd9bf486c98bb0efda0538312fd04681f709d2d1c69f9f904337731f5c834a20590ad145f47b926dbcb84ee1a70e39022138370d5f

    • SSDEEP

      6144:Cz1ppXZaTwWPCopz7ng8N01owCb50NPxv9oqHw8t0W04oht7U8Yo+z8:ypJaTwtopng8N01owCb50NPxv9oqHw8I

    Score
    1/10
    • Target

      ispell/Sounds/Drivers/NNSNHWFP/W8/NNSNHWFP.sys

    • Size

      205KB

    • MD5

      b086de66625da8dab49e7cf8e253ec04

    • SHA1

      149e5123f59915ea42a30127b3a03c2809775d58

    • SHA256

      0f7b4f7d535157ee2546b2d33933ec89b5856597ee9dee85046a1bf3930b8c37

    • SHA512

      3e15af0602c465fc633839ace369a9e228ba09f1d37bc12dda8a48f4cde0796f623e8b2aceb6b25aec24abe8a184964a82f4740e398908c31aea33dd980ce443

    • SSDEEP

      6144:1z1ppXZaTwWPCopz7ng8N01owCb50NPxv9oqHw8t0W04oht7U8Yo+q:ppJaTwtopng8N01owCb50NPxv9oqHw8a

    Score
    1/10
    • Target

      ispell/Sounds/Drivers/NNSNahsL/W8/NNSNAHSL.sys

    • Size

      147KB

    • MD5

      fcab7abe8a60f19b6ffe88df7d4594f0

    • SHA1

      65a6cffc074bff36003d2be63cdbb03b0a8319c0

    • SHA256

      4b814163d49d05e72f8dd518158006ccb854ed03d98adef95f206703ca500507

    • SHA512

      89385e1603ef9a9e95b6026de3dda1673be67cff3774daf45efedb59b7dd278935ec698070fcb05ea88935762f948670b43f8d3727e3559fc5cee69190477b86

    • SSDEEP

      3072:6KQwTYdkzMWZ0wIDOmsycLmj5CPQMzkZsQ7Hd7jI2aZ0/ekV7feBh9PxE:1gWCwIqnPGHd7jck0B3i

    Score
    1/10
    • Target

      ispell/Sounds/Drivers/NNSPop3/NNSPop3.sys

    • Size

      134KB

    • MD5

      472e053ca5a4784eb16674d9971d8b32

    • SHA1

      1b5669bc52f405c6649623011dae02f7cfba91f2

    • SHA256

      ff8844bb121bde577f344680c4f6b7441760e4243187e26fe261eb0dabc21bf4

    • SHA512

      1b86d650bc9879c85bcda729b476daa5d14f4e2872d313b5a1f8f31a7e8417e6d1f3921d2ff36851f938c9de4d61766efee8022339cf2e57c2f93e5fd40b0c0c

    • SSDEEP

      3072:0k2RHlIdsxt49agKzw31P4uNNmh1YvQbOR16xwE:0kel9w31P43FZ

    Score
    1/10
    • Target

      ispell/Sounds/Drivers/NNSPop3/WVista/NNSPop3.sys

    • Size

      134KB

    • MD5

      8347e712bb4d547312581a3ccab4eacd

    • SHA1

      0ed815763fa439541ca9094ab7182b6209f43ab3

    • SHA256

      814e7fdf2a709ed818a15ad6f431b09ccf36d36fee40041bb6f10647c54fb0a2

    • SHA512

      cbbfbff6f610fb2e6c84cd7422b47a01c6f7ca693e43d1dff9d01ab3923953d40e9dabff21c9251fc843324941a746b95e37256cb5fdce27ce671462d8427d38

    • SSDEEP

      3072:ek2RHlIdsxt49agKzw31P4uNNmh1YvQbOR1uQrxD:ekel9w31P43F+

    Score
    1/10
    • Target

      ispell/Sounds/Drivers/NNSProt/NNSProt.sys

    • Size

      397KB

    • MD5

      156d8d8bb9a1a884977f465c576894c1

    • SHA1

      79784aa46ebc8ebbce754d7907567f39e9b1623e

    • SHA256

      b1193a8da487a212f262e50a37087fdcbc9d8f5d847a1a22ca290dffe7b3da5a

    • SHA512

      b325a01bf0900098465d4d192a28ba79c19d65437d09d2455d5d54aa459862e300c883fac76d51f2809a87f9aedef4907c3e39cdd7a290d894657b8ba1df1a65

    • SSDEEP

      12288:n/TjSHl6SyXJYPqZomrNAcHkaF66B3GoScwSITojTVzW0AW7C+g3K+aq13fRjeEq:/OFkC+CK9qaEq

    Score
    1/10
    • Target

      ispell/Sounds/Drivers/NNSProt/WVista/NNSProt.sys

    • Size

      397KB

    • MD5

      f54dc9e8c91c5664eef5adc1aeb1cc95

    • SHA1

      76e70ccba8ab854c132358335791e16a60b052fd

    • SHA256

      d000fc30227c6f53a6c7a659dcf2d7dad5945d099463c84014fa018f967931da

    • SHA512

      bf2fe87099f83b30435dd687a3094def13219b8b7021f820b63cc75885e43c1e214463894ea53f6004557845340e3d165fffe58ce1cf8d4acb89521544d36770

    • SSDEEP

      12288:t/TjSHl6SyXJYPqZomrNAcHkaF66B3GoScwSITojTVzW0AW7C+g3K+aq13fRjeEC:ROFkC+CK9qaEqn

    Score
    1/10
    • Target

      ispell/Sounds/Drivers/NNSPrv/NNSPrv.sys

    • Size

      562KB

    • MD5

      51c2877303cff764b6b9ee7a0de94d95

    • SHA1

      02cb49aea36d991949c1981a78dde75fa3697a46

    • SHA256

      c92424c13c159a59731a969511923cb3e0ceed866963de02412f95b5c5c0d1c4

    • SHA512

      3d52ad20e1899fc3059edb96c3cc1998db6e4c12094f4e1f04170e979369443a00b611263efea2b717dc6295c3b5d8f7500e5eb371271441cc863167b967d4ed

    • SSDEEP

      12288:g4gJAEw/Hr/HJqW27ZDR4W+DwBTEbBIPxg48Rom42xdcwL+:g4gJAEw/H7HJV2j4LGTIIPxgemrYR

    Score
    1/10

MITRE ATT&CK Enterprise v16

Tasks

static1

Score
3/10

behavioral1

discovery
Score
5/10

behavioral2

discovery
Score
5/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10