41caeb1dab6ab9da4571b88cd0a0a2b3a21ce305909358e538a04f988d4a139f

Sharing

Copy URL

Twitter E-mail

General

Target

hwid pack.zip
Size

14.1MB
Sample

240630-t8kcpa1bjh
MD5

734c14a94f1778e506606804d3566594
SHA1

8cbd6a9c512edaab288a0fd24c7c2d7d71c3999d
SHA256

41caeb1dab6ab9da4571b88cd0a0a2b3a21ce305909358e538a04f988d4a139f
SHA512

4a1f766a3758026f47263d2abde66827323bd914316fcb352aa229325cc7da81871e49aadb611920094f3516d3b02467ee671dc31a1d067a021653459b291bec
SSDEEP

393216:E1dKjXZTpZ6y3WqZSs7jYqAb6HtBZsF5A4VoekX2hnm0:E1dK7ZTpZ/WKSSjY65sziekF0

Score

10^/10

Malware Config

Targets

- Target
  
  hwid pack/HardDisk.exe
- Size
  
  636KB
- MD5
  
  c20e96d4e616ce333c19a1c15a1cc137
- SHA1
  
  f79645ec115130ee59958c55a556f564260b7a9e
- SHA256
  
  2c141c06f7df57f11ef2c62f2a96093484a65df47065b1a475c53784af0e2664
- SHA512
  
  519fec9955c4a18e45ec68d9e7dc2bcda74721a6ea088e59e634e26b136bfa15f5efedf8839c036a3cfdcdb9780a2121dc2d71f1fdbbfd3df02d9969e5db753b
- SSDEEP
  
  12288:EN1TNRzUSWgDxPWnP0Lamg+hyMU1EUFT99qpDDcZDDR5Id1888888888888W888H:whNRASWgDxPWnP0LamWYC8EOd
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1
- Target
  
  hwid pack/MacSetup.exe
- Size
  
  5.1MB
- MD5
  
  a7c8cf1d50ebe630a7d0c47686a0abbf
- SHA1
  
  3229e8080975f4f5512d2382552f68c0389acff5
- SHA256
  
  a453b3ea8d8133531fad26b18701c694c324cc201e3069d07e99f0e100908c1a
- SHA512
  
  42340b7435605049e3f817feac1ac238177772b2b1ebf05eb9311bb58ee3dd1cab39913240a4c39e3407374009310770d8221c31914549524ecd92beab93b787
- SSDEEP
  
  98304:ARU3j4wtopcj2dqCYV1coZ4hv3tmF1b6CrjfW/sfH6s7zQcKDsVv/JLSF66b/:ARqt/CdqRc64hv3tmF1b6CffW/sfH6sm
Score

1^/10
behavioral2
- Target
  
  hwid pack/monitor serial/CRU.exe
- Size
  
  1.2MB
- MD5
  
  0f69af48c32613f73c6acb87a7d18661
- SHA1
  
  0756ae84f3b58aec29f4b9a2888624ca879f7856
- SHA256
  
  0351a943ca93558ff36f74c3f0c768dceb724e833e282abcf1be5b2e71d5c67b
- SHA512
  
  2b30c079831a30683aabc0effa6bb60c84a960c2bcda1ce5da204bebc2050a359ec2cf36df426a0d227165afb9c4b9401fd0316b2504394c7876ed177fff2377
- SSDEEP
  
  24576:tLEWuIj9T0gR1U2vfVD8sA15qkJ1K3mbDQca9L32GY:twfIj9T0ujvTO6L3
Score

1^/10
behavioral3
- Target
  
  hwid pack/monitor serial/reset-all.exe
- Size
  
  51KB
- MD5
  
  3d47586c62bf61dac639d8cc1bf43ee7
- SHA1
  
  36f605e1fb7cae972c6723ded6a5f126f36a8d01
- SHA256
  
  70639c195430afb92799d711ed784406bfdfd04c648d5f3e4d9873da0063660b
- SHA512
  
  638a75c0159de8553e8071a68b5a4355bfc002489d9ed62bfbb1019d287073a555133bd4a55abd68c51b3e2a1616f586a26998ce32ade322cd72ffeab5ffe105
- SSDEEP
  
  768:Jd0XBRNU+hV81e14G8xGvMhBmqVHhc6ZrLy01fA5Egt2rHNZAEDFn27DQNE5B:b0XbeQ8xG0Kqjc6lLFfSortZBMDu8
Score

1^/10
behavioral4
- Target
  
  hwid pack/monitor serial/restart.exe
- Size
  
  63KB
- MD5
  
  8242ce426ad462eff02edae1487a6949
- SHA1
  
  9a4f382d427e0de729053535aaa3310cac5f087b
- SHA256
  
  b68ee265308dc9da7dbb521bb71238d27ac50a5ee816f21c13818393be982d7a
- SHA512
  
  aff43a78d29ede49eac386d9b0b44d0f37d5a20bdda8553369d68dec90bbc727c6dd8fe239987a9d2e3affaeff8b72b5023ed973d7aecfbb99de46dca8c99ef1
- SSDEEP
  
  768:xa+/MMnf2XivrjhmxEQSQIjDaGva2XaT+CSxKUAch9Itvo7vq2XFelWn2iED5Vx0:xa0wstmSpDaGS2RCSxK28otXFQwUx
Score

5^/10
- Drops file in System32 directory
behavioral5
- Target
  
  hwid pack/monitor serial/restart64.exe
- Size
  
  73KB
- MD5
  
  297aa19bade534a791d053ca190b74ad
- SHA1
  
  15cb6a33994f75fe9e30a2afbc8a7e4616b63962
- SHA256
  
  5f779bb822aedaf5bd11693cdf73f6c7c3342f37371a78c07c2aca1e15dbfd00
- SHA512
  
  df883950c598f31b81f22a68b2a9fed7459dcad5084ec6e39399658b0492bcc458d9fc5bb80fda6bc994bed3241f969fc67a0b8e021fb82b040455d64776c625
- SSDEEP
  
  1536:8vXMJl7uRupZzidl/T+Dnx86Rpy4roKsIrryeq3OTM:8vMJl6RAZu/T+7x8qpRM8rNcOTM
Score

5^/10
- Drops file in System32 directory
behavioral6
- Target
  
  hwid pack/serial changer/AMIDEWIN.EXE
- Size
  
  148KB
- MD5
  
  182ec3a59bd847fb1bc3e12a41d48fa6
- SHA1
  
  2f548bceb819d3843827c1e218af6708db447d4b
- SHA256
  
  948dbd2bc128f8dc08267e110020fee3ff5de17cf4aaef89372de29623af96fa
- SHA512
  
  91ecc5a76edc2aea4219f68569b54d3e9fe15c2a30a146edc0d09e713feaa739a5c1e7dbfa97e60828696078d43d1f8fd3466234525b099ed6e614e854ac6c4c
- SSDEEP
  
  1536:tNFrdLFZ7JxIVhlPBo8Upxwpwf+gHkow3SMT4HOw2htj6oANy/ht+vSMoqEcViWw:Pv7JIhlBAKwf+gWCM4OwyWscSMoqtLe
Score

1^/10
behavioral7
- Target
  
  hwid pack/serial changer/AMIDEWINx64.EXE
- Size
  
  453KB
- MD5
  
  6a6505b2413d2c7b16c6d059448db9e5
- SHA1
  
  dfe6c6b6051c26326a12dc9d0d5701cb4728266c
- SHA256
  
  53e3b72f8eb13acf3cb69d4cb124e8dc64fc541555c3c95cc8003b8046853955
- SHA512
  
  1c0531581f0efe683ab763f6633ace60f0637b22830e7ec551babe19ac777a1a6821dc568bce13a8abee8bfef1c7d9397e0bee1c78c00810c65dadd788dab2a3
- SSDEEP
  
  6144:JIeh4+TOKGuTSuXCJ6AtCoZPhGL/TnJ+z5rsxQhsCI9t/tk7MP:jpPTxXihA+zBhsC2Z
Score

1^/10
behavioral8
- Target
  
  hwid pack/serial changer/DMI16.EXE
- Size
  
  30KB
- MD5
  
  2a89d4e479351022ab8bd604030a76f3
- SHA1
  
  ad1d39fd38fafaae4d77eed5f1c67f665686736d
- SHA256
  
  28e6e1908f2996af9b7a9930f13d4c770d6963425df0869ce4bcdb1442a4a917
- SHA512
  
  0fb48aaeeedb5a96246ffd80c167f501ff2f5a08cf8d2dbf63373666c6f3394244395e05e49b68fedf02c2a3df75ad6ba4223f0066c350993233cf218da83e43
- SSDEEP
  
  384:d2a1f/coJEQ88t5hDQ8o3wk4YMoURAzMbdLWxrqw8CKn6l3myGWstap/+ZU0KXy+:dLf/NWQltVoV4YfDOWxXd3my/cY
Score

1^/10
behavioral9
- Target
  
  hwid pack/serial changer/DMIEDIT.EXE
- Size
  
  3.2MB
- MD5
  
  fbaf6262fd84f9966338518d4de46fdd
- SHA1
  
  291d481e3b42029e157e7c60febc8fe67cd50cf1
- SHA256
  
  5d37e5e7ce01549965bf2166adcba33d1e2c4bd2c90711032f3987b58452ce49
- SHA512
  
  5d8cc6e1ab85fae8d9a5ffa83cecc2608b1fbbb28b9e80afe2dc6f7d46b657d489e03f75e42fc147d49313b3a41ad768fd0f320a905cbc41d767c0fc3c3d9d7e
- SSDEEP
  
  49152:VOQ6nNB9ySqeDoVFixOA9DruNebQk9DtTKkuecMC+coEbyxvgg+lV:D6nwNomN1AKku1M2Jfj
Score

1^/10
behavioral10
- Target
  
  hwid pack/serial changer/UCOREDLL.DLL
- Size
  
  112KB
- MD5
  
  8370f3114924ed6c53741de7a253625a
- SHA1
  
  f7782d51e73526226a89229b4f3625c7ce43f3b3
- SHA256
  
  78a4d8e5e8c33793e5a2020325d3a49e92e4826167742e93179bdacbf167b409
- SHA512
  
  5a13c0fb787366869fac57139fa2ebbd0c34a1bfa76c05ac879da60e534cbac694385f2b6120fdb6c7cf0e62cf4948efbdfde96e695a9d377f44eedb2e1b1398
- SSDEEP
  
  1536:g+FKwswB29BLymvRwRvSpD0pQD61ShZT1Cw4cf0SbtsWFoYc0RkU:g8Vk9ymvyNMO4QqGeyqoLGL
Score

3^/10
behavioral11
- Target
  
  hwid pack/serial changer/UCORESYS.SYS
- Size
  
  15KB
- MD5
  
  9555d36fb21b993e5c4b98c2fc2b3671
- SHA1
  
  210a98be7da32cea98618c5a9640c23ce518c0ee
- SHA256
  
  fd6f56189cd723b32fc06392867fcd5128e63d8b5801e4f7a83523f820531981
- SHA512
  
  3ec96ba6fca7a4aa45becfef84b23b12c305f34045ac1a15b22745289e33b9326103e853bad698434df772a76515e7e8109fa8724d65f0351ee380c16d888c60
- SSDEEP
  
  384:pp4uPb5yDmnoMXP1oy5KYJLWd6jH9inbjJE:pp4sEmTDLAmH94b6
Score

1^/10
behavioral12
- Target
  
  hwid pack/serial changer/UCOREW64.SYS
- Size
  
  14KB
- MD5
  
  a17c58c0582ee560c72f60764ed63224
- SHA1
  
  bbc0b9fd67c8f4cefa3d76fcb29ff3cef996b825
- SHA256
  
  a7c8f4faf3cbb088cac7753d81f8ec4c38ccb97cd9da817741f49272e8d01200
- SHA512
  
  a820a3280da690980a9297fe1e62356eba1983356c579d1c7ea8d6f64bc710b11b0a659c5d6b011690863065541f5627c4e3bc13c02087493de7e63d60981063
- SSDEEP
  
  384:q1ykKJX1BIAQ0r1IiFlYJLWd6jH9inbjJ+T:uygG1IiCLAmH94bgT
Score

1^/10
behavioral13
- Target
  
  hwid pack/serial changer/amifldrv64.sys
- Size
  
  18KB
- MD5
  
  785045f8b25cd2e937ddc6b09debe01a
- SHA1
  
  029c678674f482ababe8bbfdb93152392457109d
- SHA256
  
  37073e42ffa0322500f90cd7e3c8d02c4cdd695d31c77e81560abec20bfb68ba
- SHA512
  
  40bbeb41816146c7172aa3cf27dace538908b7955171968e1cddcd84403b2588e0d8437a3596c2714ccdf4476eefa3d4e61d90ea118982b729f50b03df1104a9
- SSDEEP
  
  384:Cf8OVN6UDYm+b10HMHd6xhxuGZBBfSZsHLPK6jz/cf:CffV8KApCMMxDuIPKgwf
Score

1^/10
behavioral14
- Target
  
  hwid pack/uninstall/Revo Uninstaller Help.pdf
- Size
  
  1.9MB
- MD5
  
  3302bc2fe6921c87e4a647851eccaade
- SHA1
  
  4bab845a05f5cf54603f70b06aec7bfcb6a073a7
- SHA256
  
  0e52207e8c1422aa51c6e94b1b6874d394a87f7ff3838f2e7711de278cc2a3f0
- SHA512
  
  cf8635edaa23f2f06660613f87d30f476791ef065bcdbbbbcbfbd3ff35c2ef6c6900a820f9719638902bf520b9d5480869d21995ed4fd0cef89b20c020436017
- SSDEEP
  
  49152:Mh1JSdd792yHssZsyWGf7L+JUpiTyDzPzuBj3N:Mh1JSdV92UskblK+piTybuBj9
Score

1^/10
behavioral15
- Target
  
  hwid pack/uninstall/RevoUPort.exe
- Size
  
  200KB
- MD5
  
  2f814a927d097a09911111dbf0fc2e93
- SHA1
  
  8e4e953c60653a333182320345209765695d4e17
- SHA256
  
  ef70640d701bf406f7008c9ef7dc594019c063e4436415c97033f0a998697edf
- SHA512
  
  d57fa5fdd2ce0ed148e43814420103e0e340862d6a9c35714ede6fa059dad0b63963b790824cbc126535b97c23f2fd560eb0891050fc0f3996a30c7ee8e99619
- SSDEEP
  
  3072:0kLnAdeRbvAZpoKIIn9xg//XHTfq2M0W30L/OHQ4HFs3qMGrfv8Th:3LAoYZCIn9SzsFwWqh
Score

1^/10
behavioral16
- Target
  
  hwid pack/uninstall/x64/RevoUn.exe
- Size
  
  14.4MB
- MD5
  
  740c47eaa20beeaf8b7121a17c39af99
- SHA1
  
  bafa4a04765850a0c16430c01a32497e62f11e9d
- SHA256
  
  a48b7b68c4865cf192e5800ea1fba0588a6ae2abccfab73450c38c3e410b31d0
- SHA512
  
  004cc63fedc4c2233f3dd7296d4fa757c33428b4b1c4dabde1d5256eb887d2afa069323e24faaa2806b4f0335cfa7405a0fb523321220fb7e4912b05150d7252
- SSDEEP
  
  196608:yLnucGdLdWIPrN2Ap6yi9crjE+pWwPWpGplR806IIIIIIIIIIIIIIIIIIIIIIIIq:wDGdLdWIPrN2yi9c3ppNPWpGplR8ZWz
Score

6^/10

discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral17
- Target
  
  hwid pack/uninstall/x86/RevoUn.exe
- Size
  
  12.1MB
- MD5
  
  bc5307a2b996f8994c4c93983a81fb05
- SHA1
  
  2df1b09e0d4cf2cffd66b61fc7014c29219b393b
- SHA256
  
  787a813efcdbfac68d0df2392beb1cde23b15958ea569a6506d64dec70709501
- SHA512
  
  a4bd1a6271401acd82d973eb04f67e941de85c50d1b04607f89029a92555b52390d118090f7e5ff125e4eb3931f37995f67c6adc6927f8df19fb0ee9360780ca
- SSDEEP
  
  196608:ndKABE/NdoCTHwPWpGplR806IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIA8Z:UoPWpGplR8ZW
Score

6^/10

discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral18
- Target
  
  hwid pack/usb device serial/USBDeview.chm
- Size
  
  24KB
- MD5
  
  ef8d0a30da9ab8cdbbbd62d74bce1187
- SHA1
  
  06441c5dfa4b9577afc989454216ea014a49b8d6
- SHA256
  
  d5909ca92c389ab1c01909a6f07fd351e2a655be97931caaecc3307a9e8f26e1
- SHA512
  
  695faa16c29d0ca5bdb2afc5da3e05f25a6b17ce4dbee43aebc9ffdbe18d843273437bb0189bb1ef2a4ececbb236aefe634f38f94a179e593edaa6105fb2e789
- SSDEEP
  
  384:ZaeGDZD/3k0Xb1/WN1iA73A8f2ZVDUDjGTa1Mu72:Za1ZtijuVDUHGO1j6
Score

1^/10
behavioral19
- Target
  
  hwid pack/usb device serial/USBDeview.exe
- Size
  
  135KB
- MD5
  
  d0d19f2cccacf70bc84846076acc11c8
- SHA1
  
  21154b5b479aaae4c56aec309bf6964eb52d1ce1
- SHA256
  
  63012ea9ce8ed335db7bdd33fa7bb449aa1ba31755c6845c1e79c11cb60dc908
- SHA512
  
  b45a024e3e22821c3a9fec56969fda164acab0f12a28a29a8c9263373004b57a246ff46f90a81b65714b09d788ed8c265de130eab059c546caae79b6d15b73d4
- SSDEEP
  
  3072:xFRB1T0ABjInqx9sKJQ1jrD0ivz0ll27ENCP7g8g3OaAy:xFRBVnj0qxbJQp/0iolGENC6RL
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral20

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Enumerates connected drives

Drops file in System32 directory

Drops file in System32 directory

Checks installed software on the system

Checks installed software on the system

Enumerates connected drives

Maps connected drives based on registry

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20