Overview

overview

10

Static

static

3

ussm_setup.exe

windows10-2004-x64

10

$APPDATA/L...er.scr

windows10-2004-x64

1

$PLUGINSDI...ol.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...id.dll

windows10-2004-x64

3

$SYSDIR/Li...er.scr

windows10-2004-x64

1

ISCC.exe

windows10-2004-x64

1

ISCmplr.dll

windows10-2004-x64

3

ISPP.dll

windows10-2004-x64

3

LiveScreensaver.exe

windows10-2004-x64

1

LiveScreen...or.exe

windows10-2004-x64

Setup.exe

windows10-2004-x64

1

SetupLdr.exe

windows10-2004-x64

1

islzma.dll

windows10-2004-x64

3

ss.exe

windows10-2004-x64

1

ussm.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ussm_setup.exe

  • Size

    13.5MB

  • Sample

    240617-qslc9sxblk

  • MD5

    98b8665b96a90c222664747ba5ce87ca

  • SHA1

    978f73a86c03e03082140ce62b8ec9befd8f68f3

  • SHA256

    79d09a008ac61e606845d0e17b4fd423bb584807a5c6ae8eb6584215c6856e7b

  • SHA512

    153adbc03c7fc3172e63433fe21c2df36c162aa67d868f94b2fc5c23c016550378a043acaeeab1fdc0d27ad1cce69393f42a95d4af7880f16eb4ea444ca30585

  • SSDEEP

    393216:TBK1BgFlNlvvA0fEPi4YGplf1oRm5TyEsOPuzffKD:TA1BgFZv4443B1oM5TZs5rW

Score
10/10
banloaddiscoverydownloaderdropperevasiontrojan

Malware Config

Targets

    • Target

      ussm_setup.exe

    • Size

      13.5MB

    • MD5

      98b8665b96a90c222664747ba5ce87ca

    • SHA1

      978f73a86c03e03082140ce62b8ec9befd8f68f3

    • SHA256

      79d09a008ac61e606845d0e17b4fd423bb584807a5c6ae8eb6584215c6856e7b

    • SHA512

      153adbc03c7fc3172e63433fe21c2df36c162aa67d868f94b2fc5c23c016550378a043acaeeab1fdc0d27ad1cce69393f42a95d4af7880f16eb4ea444ca30585

    • SSDEEP

      393216:TBK1BgFlNlvvA0fEPi4YGplf1oRm5TyEsOPuzffKD:TA1BgFZv4443B1oM5TZs5rW

    Score
    10/10
    banloaddiscoverydownloaderdropperevasiontrojan

    • Banload

      Banload variants download malicious files, then install and execute the files.

      trojandropperdownloaderbanload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1

    • Target

      $APPDATA/Live Screensaver/$SYSDIR/Ultra Screen Saver.scr

    • Size

      2.8MB

    • MD5

      3866bd93ab8c237a9bc5c3d1d047c632

    • SHA1

      7696fde299a1a1711f13d267f31b0c44a5981e97

    • SHA256

      c05a3af16e2069e02c3c890d4dda948b0877761c9ec8a240a5e3f79e25c9f8a1

    • SHA512

      6ef9bbe3987883214cd692f3c5abb432f78e11d965dcf1b9e1b6ed912c96df19644fef812fa69bf32be3741b6660982923568213e65dbe878946206db2a1fcc2

    • SSDEEP

      49152:m9Qw1oLPt3cjle4VGEkKngXtX1xlH569i+PSE+GNeGarAf3sKDlUMLmV0DaTxV:m9Qw1oLPR0leq5gXtFxlH56Y+PdBN0rr

    Score
    1/10
    behavioral2

    • Target

      $PLUGINSDIR/AccessControl.dll

    • Size

      13KB

    • MD5

      9e7d36edcc188e166dee9552017ac94f

    • SHA1

      0378843fe1e7fb2ad97b8432fbdcb44faa6fc48a

    • SHA256

      d52a83c2a8551cebf48ff7a8d5930be1873bce990f855ccab4d7479cfeb22e3d

    • SHA512

      92c31355cd124ba28c0ff9aa8fa34d5db9db0b093edb8978bc3cf94e1f72d526603d5d5c1e221dcb2ac6648bc420f4df9847c2b1e71046384d827814a77d1783

    • SSDEEP

      192:y26NwF1FF8GqdxASZlSOnNGGPCqLXUdadWo2FfTCWWqDsYjGI5hBslft8gWNPjQo:I+8vwSZlgaJ3/4/4Q/bN

    Score
    3/10
    behavioral3

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    behavioral4

    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      2f69afa9d17a5245ec9b5bb03d56f63c

    • SHA1

      e0a133222136b3d4783e965513a690c23826aec9

    • SHA256

      e54989d2b83e7282d0bec56b098635146aab5d5a283f1f89486816851ef885a0

    • SHA512

      bfd4af50e41ebc56e30355c722c2a55540a5bbddb68f1522ef7aabfe4f5f2a20e87fa9677ee3cdb3c0bf5bd3988b89d1224d32c9f23342a16e46c542d8dc0926

    Score
    3/10
    behavioral5

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      6c3f8c94d0727894d706940a8a980543

    • SHA1

      0d1bcad901be377f38d579aafc0c41c0ef8dcefd

    • SHA256

      56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

    • SHA512

      2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

    • SSDEEP

      96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc

    Score
    3/10
    behavioral6

    • Target

      $PLUGINSDIR/nsis_appid.dll

    • Size

      3KB

    • MD5

      19071761e91c43c115a16b52458869b7

    • SHA1

      75ddb807157f1aa31a08f87be0270f60990bcbbc

    • SHA256

      e9e1ba410636698d666b328eea71346b8287248d262e44da07ce8b5fa24c5e5f

    • SHA512

      bc0eab51cf27f657cd3fd62a47894ee13f3f561feaa565f16ba15088be39be73c9839a3cf35b538219ec83a03d48970b89258c5f20c37bcaf76438998437786c

    Score
    3/10
    behavioral7

    • Target

      $SYSDIR/Live Screensaver.scr

    • Size

      2.9MB

    • MD5

      8c78a65d57a66d312e63ac2785fe1c91

    • SHA1

      c7325ee8ab0ff76e6270ad9e6d41addc448e736d

    • SHA256

      b5c06208e3101120d70b7e1f84d8bcc169432a94482126a5a9c0ff3565d86aa0

    • SHA512

      a58542ed77b863992e8d3ed65675b31bb1e7fae9b94d8e7282d3e1e5017d4637ba302ddf6a39b286aa1508e4733fb5a37829f072e39313798afa06881794481e

    • SSDEEP

      49152:3r9kvdQ2RdiMQdEC2El7AP/Dy5q+66UOE7qmOdGhWTjlPkZlxWeqOMMkA8xeLHAO:3r21Q4cMQdEIl70/DMq+66UOEemOdGhr

    Score
    1/10
    behavioral8

    • Target

      ISCC.exe

    • Size

      854KB

    • MD5

      272761722fad70322be6d2f89839f329

    • SHA1

      c894f5d96e81cf5bd8d03d6586c9bd412f508f27

    • SHA256

      0d02e30a6ad432a50eb86f1ecf330147046e671de340bcb43a170fecbd19bf51

    • SHA512

      ba4e0ce3a511eff43dce2999bc3905580bc19858dd1e73e5cf1b9dc7a7fa6848d11821e1db8d2af968728f2aebb18ce330cad775b640e718201d6c899b8027ef

    • SSDEEP

      24576:u4wpMgurJoZlmqQvT3GTAB2wHmjyst5mTjqqIwp:cMgCo2qQb3GTAB2wUKL

    Score
    1/10
    behavioral9

    • Target

      ISCmplr.dll

    • Size

      1.6MB

    • MD5

      f70a42376ca3c3b6ccec8b1b52f6018d

    • SHA1

      24d735c4f17514ab9a68fe3344dcf0b23b99e99a

    • SHA256

      5ea9bb338795bffa33da5581e5fe1c976a561f6dc32105635dcd518fbb5a33b4

    • SHA512

      051720c8e9b5fa2fb754b361aee8681563d5edce393eb9bab004d496e7d5a2abfffab583936df4e7af24c11ee8f46c6973dbb52e162de0b66f187a057d764bad

    • SSDEEP

      24576:rsJCEdnJAXtDXwzqbPywkF2SU88/v8MgH6G6ym5t:r3EjARgjU8gmH6G6Z

    Score
    3/10
    behavioral10

    • Target

      ISPP.dll

    • Size

      994KB

    • MD5

      37f945c55cc916c2cb79eb9b063f9e46

    • SHA1

      7ef72b485ff971d24d9d98bce4da803a28642768

    • SHA256

      1be06b60090221d7a7d236d374ab4ff7e6a56013107f806be4bea2b79dad3703

    • SHA512

      cce739d33e152d1606227d34c8c241954ee0643e9970a8858fad47a97c69986b715932638fa605cae3f639b208deeccc8b01b2ced135103634a830ed91e6af3e

    • SSDEEP

      24576:+drDH1m8Eo9rep60E835vkQKMP/RXCp6N:+d1m+quEVCA

    Score
    3/10
    behavioral11

    • Target

      LiveScreensaver.exe

    • Size

      2.9MB

    • MD5

      8c78a65d57a66d312e63ac2785fe1c91

    • SHA1

      c7325ee8ab0ff76e6270ad9e6d41addc448e736d

    • SHA256

      b5c06208e3101120d70b7e1f84d8bcc169432a94482126a5a9c0ff3565d86aa0

    • SHA512

      a58542ed77b863992e8d3ed65675b31bb1e7fae9b94d8e7282d3e1e5017d4637ba302ddf6a39b286aa1508e4733fb5a37829f072e39313798afa06881794481e

    • SSDEEP

      49152:3r9kvdQ2RdiMQdEC2El7AP/Dy5q+66UOE7qmOdGhWTjlPkZlxWeqOMMkA8xeLHAO:3r21Q4cMQdEIl70/DMq+66UOEemOdGhr

    Score
    1/10
    behavioral12

    • Target

      LiveScreensaverCreator.exe

    • Size

      3.0MB

    • MD5

      0861956722ac7d6024aa0ea66effdf1a

    • SHA1

      cbe8cfb187ffe468088d3758c765be4ea7028fe1

    • SHA256

      a85954f61329d96156841dd47f9a4031c8c235277962150bf08feb159efe1c01

    • SHA512

      2ebdb5934f39cccab64710a369019d980c118b49bd3808468f57508a9fdbbc3449e994ed8196081abe4f3df641c5ee3686e93bfc17a6edf59f7c3f7ffcfefaec

    • SSDEEP

      49152:0JTvGfFSxbMMuL60jWz3kTCVk/8Myme34bkhRsZ1SyyIhjzfISSrYo1Y7m7n5ZTG:0VE0VMMk6HFkEMyme34bkhRsZ15h3oFG

    Score
    1/10
    behavioral13

    • Target

      Setup.e32

    • Size

      3.0MB

    • MD5

      80de36c7c5092a3b21f923d408033df0

    • SHA1

      55036034ab43264e53b41a7f9582e938e9ec557b

    • SHA256

      088622096c373250d04e46de5cda072a921a89900c57988bbe52f1e308e48043

    • SHA512

      4e4a4d6d10f8f3e732806abc9eb9d8f01455325bd92d68c6b195ced23e900c5cbd5931c5a80b8b8e6923a97face299e6965e7a8a7c2c1c6c2921db82c085a959

    • SSDEEP

      49152:ndx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoHVHNTQTEjT333TY:sHDYsqiPRhINnq95FoHVBT333T

    Score
    1/10
    behavioral14

    • Target

      SetupLdr.e32

    • Size

      813KB

    • MD5

      410e3415c9ff3e83d68bdb4a3b513903

    • SHA1

      c86daeb8822baf3a4889bddbc6aeca0ca25a320c

    • SHA256

      86154d725c21660f220e957eb6dcaf73ca609eef486dcdce6d5d7c286abd03d5

    • SHA512

      fcc2f69c1703b0fd0aa07883246909860ecfc6077b8a78a4f0260a5979cd8d5eb56bcbb2bdf734f81ff3012a34cd822f9d380088620784b24b308dfa90a33d22

    • SSDEEP

      6144:eS005y5u11vsH0Db0cHEdzopG5rgfLNWI0bggvVmHuUiVk2yZ/h2kfYYq4qNrCs6:eS8cmUDowAy0bgTziwE3UCuaWR0Q

    Score
    1/10
    behavioral15

    • Target

      islzma.dll

    • Size

      88KB

    • MD5

      a3ddc4cd74cc38811ca2ab4c7e51b8f6

    • SHA1

      07963ac2321779410262fc65ee79395d3e2463a1

    • SHA256

      0b2e19e473a47e10578b05a2f3b43ad96603f3ee1e397c06a280c3b7458a76e2

    • SHA512

      baaafbda169958b9855394ffc6063034e73bfe54896a05f5e64fc754d1a72d3a45d55d665c6d71e325c9433116db769bc1913cc83327c6a5394e9d1f3ddefc17

    • SSDEEP

      1536:Q8Fao9EFoG9xSbHuBTF+RAspiHrEM3WYltVgRiPWXydWXi/X1:inxSbHuBGlYtVgRm0ydge

    Score
    3/10
    behavioral16

    • Target

      ss.exe

    • Size

      2.8MB

    • MD5

      3866bd93ab8c237a9bc5c3d1d047c632

    • SHA1

      7696fde299a1a1711f13d267f31b0c44a5981e97

    • SHA256

      c05a3af16e2069e02c3c890d4dda948b0877761c9ec8a240a5e3f79e25c9f8a1

    • SHA512

      6ef9bbe3987883214cd692f3c5abb432f78e11d965dcf1b9e1b6ed912c96df19644fef812fa69bf32be3741b6660982923568213e65dbe878946206db2a1fcc2

    • SSDEEP

      49152:m9Qw1oLPt3cjle4VGEkKngXtX1xlH569i+PSE+GNeGarAf3sKDlUMLmV0DaTxV:m9Qw1oLPR0leq5gXtFxlH56Y+PdBN0rr

    Score
    1/10
    behavioral17

    • Target

      ussm.exe

    • Size

      3.0MB

    • MD5

      574cf1a75223dff17950509948130d2c

    • SHA1

      905dc7a5a65026f9798e357152446521da74f798

    • SHA256

      b448fc254abe3a3575f9605b703951af20d0dc46c501fcba832ab23d840eeb20

    • SHA512

      801c707be84b275d180d3df7889405dc0167ce99cb61a79e5fc900cc87bce859e23c0aab624ac2faf07abcccc1e0d345af2b6b06819d7aa183419787d72727ea

    • SSDEEP

      49152:aTXlrbhgDtDY0tLqOhc6Xg/XiTRlVMn2v2GTQbkxRs91ryyIhjzfISSrYo1Y7mP:Wihc0tLNh1tlVs2v2GTQbkxRs91Eh3ol

    Score
    1/10
    behavioral18

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

4
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks