Overview

overview

7

Static

static

3

2594790310...ae.exe

windows7-x64

7

2594790310...ae.exe

windows10-2004-x64

7

$PLUGINSDI...ID.dll

windows7-x64

3

$PLUGINSDI...ID.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$TEMP/Micr...up.exe

windows7-x64

6

$TEMP/Micr...up.exe

windows10-2004-x64

6

OpenAI Translator.exe

windows7-x64

1

OpenAI Translator.exe

windows10-2004-x64

6

resources/..._apple

macos-10.15-amd64

4

resources/..._intel

macos-10.15-amd64

4

resources/copy.vbs

windows7-x64

1

resources/copy.vbs

windows10-2004-x64

1

resources/...xt.vbs

windows7-x64

1

resources/...xt.vbs

windows10-2004-x64

1

resources/paste.vbs

windows7-x64

1

resources/paste.vbs

windows10-2004-x64

1

resources/...ll.vbs

windows7-x64

1

resources/...ll.vbs

windows10-2004-x64

1

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25947903109ba1bf70d1e06423be6d39fccdece8258cf5c959b65ec8d0fe6aae

  • Size

    12.1MB

  • Sample

    240428-h3yscaaf88

  • MD5

    31469440076eed8943402f591a36a4c6

  • SHA1

    da4a122e68c21e79d1bf3624550644c57f22eddd

  • SHA256

    25947903109ba1bf70d1e06423be6d39fccdece8258cf5c959b65ec8d0fe6aae

  • SHA512

    5c02e8d930debb5fcee9baa8199c08dd62d954c4f460fe8815247838c85fc45ba405e3b4d23c551e29da8e5aaa6edd4f238645c29845a004279441df3b52abf0

  • SSDEEP

    196608:x+27jhX163gO/A/TORJmdb/1kFIQv6zAn5njGwa4ZpzS583hF+r2i7bKvyIwGFlN:x5J14VjXmdhkFIl8n5jGiL/c7O/wGF7z

Score
7/10
discoveryevasionmacospersistencetrojan

Malware Config

Targets

    • Target

      25947903109ba1bf70d1e06423be6d39fccdece8258cf5c959b65ec8d0fe6aae

    • Size

      12.1MB

    • MD5

      31469440076eed8943402f591a36a4c6

    • SHA1

      da4a122e68c21e79d1bf3624550644c57f22eddd

    • SHA256

      25947903109ba1bf70d1e06423be6d39fccdece8258cf5c959b65ec8d0fe6aae

    • SHA512

      5c02e8d930debb5fcee9baa8199c08dd62d954c4f460fe8815247838c85fc45ba405e3b4d23c551e29da8e5aaa6edd4f238645c29845a004279441df3b52abf0

    • SSDEEP

      196608:x+27jhX163gO/A/TORJmdb/1kFIQv6zAn5njGwa4ZpzS583hF+r2i7bKvyIwGFlN:x5J14VjXmdhkFIl8n5jGiL/c7O/wGF7z

    Score
    7/10

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/ApplicationID.dll

    • Size

      198KB

    • MD5

      91c2e2f34b5bba068e9a6178e13a4e5c

    • SHA1

      affcac00894c9afd152e55d0bff7899349edcd6c

    • SHA256

      f6851dcbf0a39edecd8a46564bc455e5273736c3dbcb02b954c201c79ccdf117

    • SHA512

      ce7f629bc0e6e10eca9d671513062f353d8d47666df58c9ad7cc7f767df520b75b2da1f9d6551eae86c738455919463ec89a0c3dc2a8366fa021e6fa6e292000

    • SSDEEP

      3072:/1RnVZfr2qLTV4U3fKHzy/s3fyitDJXqtZnyj80mAg0FubAPl/IJ:/Hnzfr7HU6ipJaLAOKy

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      d070f3275df715bf3708beff2c6c307d

    • SHA1

      93d3725801e07303e9727c4369e19fd139e69023

    • SHA256

      42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7

    • SHA512

      fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d

    • SSDEEP

      96:h8dPIKJhMuhik+CfoEwknt6io8zv+qy5/utta/H3lkCTcaqHCI:yZIKXgk+cx6QYFkAXlncviI

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      6c3f8c94d0727894d706940a8a980543

    • SHA1

      0d1bcad901be377f38d579aafc0c41c0ef8dcefd

    • SHA256

      56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

    • SHA512

      2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

    • SSDEEP

      96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc

    Score
    3/10
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/nsis_tauri_utils.dll

    • Size

      968KB

    • MD5

      0ba06473cec3f0e72fc6865d870b6bd9

    • SHA1

      16df1d1a5b4d5df3859447279c55be36d4109dfb

    • SHA256

      2b454443f12806d9e531e18bf19933c0aad1cd8ae397c71b99e814566e6bb5fd

    • SHA512

      42b3c4ce685afb43b8ba235b29919f7fdbc1997618b74d189817d14d1d80e52ea67f6e614d4097bce6ca53b90d46a6d6a54882cd2ea176134a308b64a2b882cc

    • SSDEEP

      24576:v2zSi+70fdjsUD5Y/CjsS5NpIMDcuHeoPffPJT1Qn652hOfuvNwRnkYkN2IO:ivm0TYKw8DnVbTwbBInkYkN2F

    Score
    3/10
    behavioral11behavioral12

    • Target

      $TEMP/MicrosoftEdgeWebview2Setup.exe

    • Size

      1.6MB

    • MD5

      8b9812ba27e12c79319d859e97955ca4

    • SHA1

      3cb35ac811c27e7b21b381dccab55517609190c3

    • SHA256

      a63d59b2af0c7b2be6984280386042a230dab928e3b426d51a0afb2eff5f98e9

    • SHA512

      8312081fcca20f1d8d393ea2588c2fd19830eb9b36700ec8bc541cd25c4c2046008f3eec07883056956adae5c56083d43ded74d3122d21555d1e43a9d1ab5618

    • SSDEEP

      24576:o9ye32wIdWoAH+miAQoCZoWf4fh29ht/5iqSxulBbxAl/f1scgIDnzMwdF9fZ4T+:Qye32wIuAAQZKwEqbBe1scgID7fZcZJ

    Score
    6/10
    discoverypersistence

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral13behavioral14

    • Target

      OpenAI Translator.exe

    • Size

      27.2MB

    • MD5

      47288685df2969b998beadd450f52873

    • SHA1

      8d6f9ad930d2279ed92d885c87cade3f384d2fb7

    • SHA256

      b92920d9f050c9a6ed3c6c95189f03b4d770b62da60af0bf0087bfce9486795a

    • SHA512

      61c0794376fa6f449165078ac3e8e2f4906cc1f5449b475c4af9612099da930d4570e4d4b356792201881ea586efc5c8138fc1666bf8cf0a45bfb498ae1d205d

    • SSDEEP

      393216:REgEd1wb1JZVqFp5NuEO0dAQ012hmiSB5hH:REgEA/EzAQ5hmThH

    Score
    6/10
    evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    behavioral15behavioral16

    • Target

      resources/bin/ocr_apple

    • Size

      454KB

    • MD5

      182c85589d21f23a1fbd5dda4e313041

    • SHA1

      408669738826fe618c6c18b5a1eb4eb6016222a8

    • SHA256

      b8fa71cb8647f3a462876945cdca8c4fded764ef6b7888e1cf0fc0bce377493c

    • SHA512

      9ab9a2d92b976a8ee4155a3f05468f1cd3b00450c84a444a048f956bd219c20213751c955fa5fab19f47f9ccf561be425288d01efe9d63f06d9dd3849fdb2805

    • SSDEEP

      6144:wQmDQ+AsZbI+Fd750poC3eC6b2ViOxPUcw0tlNrOhJaN9A+wL7CE4DhSNOW/0Ldh:wWsNgHChoN9AtLz4DhSNQ

    Score
    4/10
    evasion
    behavioral17

    • Target

      resources/bin/ocr_intel

    • Size

      454KB

    • MD5

      2f668b0629a70939e38a0b752b29a02b

    • SHA1

      79ea55fead29f9d03633fc0f7501ed869ec31ff9

    • SHA256

      e02ace949e89b7dda0647ad5631b6cd2b77080a1f65c2a5fedf2e28b458aa448

    • SHA512

      711ac6dd07d10a9898b3190fdcbbe56de4aa97e1db37708b4048201bef1ee174841f5fb15e9afd77aadc1e1d580dda68d451793a07627a6a78361ba6a132d1c7

    • SSDEEP

      6144:wQmDQ+AsZbI+Fd750poC3eC6b2ViOxPUcw0tlNrO++uN9A+wL7CE4DhSNOW/0Ld+:wWsNgHC+RN9AtLz4DhSN3

    Score
    4/10
    evasion
    behavioral18

    • Target

      resources/copy.applescript

    • Size

      338B

    • MD5

      1817ac37d477121cccfba349cb211dfd

    • SHA1

      ec0f888668eb604c78dd85c51181ceef62604f02

    • SHA256

      ea9c202e99caa9304e0662cd02eaa8c0867b6fc45a24eecd569c05a59e6ba012

    • SHA512

      f0b47ccd928ef0c7f8079e536561988a5692cffed380f4015c71de7fa5e2ec73515dc3ab5053a81e5b3717cf0840d2101f39db08e05146ac05f7bc6df40e17ad

    Score
    1/10
    behavioral19behavioral20

    • Target

      resources/get-selected-text.applescript

    • Size

      884B

    • MD5

      bec9b163c00cde8f6e32b873b880123b

    • SHA1

      82dd69fcbdc33ac0f4855f79a4aefab1c9458993

    • SHA256

      ccc75b865effe8795a182d85efd03feb8b4cd4d5d7fca6b03df96d7f2e12fad8

    • SHA512

      eec6bf4920b6b6ba0b350f949f7b3af259c1895f898501d70bce0b7c588d8a63192e67d51757abbc58bffd38d20bf646f8f2e0890e24ec5c4d51e4524954479a

    Score
    1/10
    behavioral21behavioral22

    • Target

      resources/paste.applescript

    • Size

      312B

    • MD5

      3f1e920f462a3db565cc72b875093dd4

    • SHA1

      4fb5250a75225d7fee5e1fe8037819d5a217b537

    • SHA256

      67756fdf9f203755900c771c5b74f5eccbf545d7622368fd1ac4299ff2579eef

    • SHA512

      69df6bec0b1d47673cda798903995c5ffa3c71db397a948127669d47b8325533432be1d4d34342877c62fb47f2681e58ed669f3f7d4b09fda006bec7736c1fb1

    Score
    1/10
    behavioral23behavioral24

    • Target

      resources/select-all.applescript

    • Size

      317B

    • MD5

      01f42028769dd0a5ef5d4bbd10aaf457

    • SHA1

      7934052be821bb346947b41c6d9d9bc3ba4ae202

    • SHA256

      779bb4479743ac88e08fcbb5a881c8f0e9005bba46cc18cc5710e68ea1e4888c

    • SHA512

      70f626865789a5ad8541e32b60bf84841dccf2b71151b42fe99073626661ab88c4c755fa979323c66e62eb9cba1d0f3a32dbed3fb5481a5073bc882054a6ea81

    Score
    1/10
    behavioral25behavioral26

    • Target

      uninstall.exe

    • Size

      496KB

    • MD5

      0daddf16e0b13e998889df73cbd964b3

    • SHA1

      f4024712736add86e4d08a15bd53aadb35387051

    • SHA256

      aa2a301f10474828281c9716c848c6ae6cbbae5c4fb7fc512e00c5eca26d092c

    • SHA512

      8101a79ccede1a8414f93b1d419839cebdc0efab4a8f59ef051d5782f98fffbf2b224ffc0688f38959b1c425405bb11f6f77d890b129c28aa24b5ca0ca3b599e

    • SSDEEP

      12288:wYukBdqWUAO7U4lXNQKefsAE1a0H6LlRojKIXmp6cqzW7IHil:wYuklTOg4l+Ty1a0m3oXXxcqy7ICl

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral27behavioral28

    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      68b287f4067ba013e34a1339afdb1ea8

    • SHA1

      45ad585b3cc8e5a6af7b68f5d8269c97992130b3

    • SHA256

      18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026

    • SHA512

      06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb

    • SSDEEP

      48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L

    Score
    3/10
    behavioral29behavioral30

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

1
T1112

Hide Artifacts

2
T1564

Resource Forking

2
T1564.009

Credential Access

Discovery

System Information Discovery

7
T1082

Query Registry

4
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks

static1

Score
3/10

behavioral1

Score
7/10

behavioral2

Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

discoverypersistence
Score
6/10

behavioral14

persistence
Score
6/10

behavioral15

Score
1/10

behavioral16

evasiontrojan
Score
6/10

behavioral17

evasion
Score
4/10

behavioral18

evasion
Score
4/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
7/10

behavioral28

Score
7/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

Score
3/10