Overview
overview
7Static
static
3librewolf-...up.exe
windows7-x64
7librewolf-...up.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$PLUGINSDI...ss.dll
windows7-x64
3$PLUGINSDI...ss.dll
windows10-2004-x64
3$PLUGINSDI...64.exe
windows7-x64
4$PLUGINSDI...64.exe
windows10-2004-x64
4AccessibleMarshal.dll
windows10-2004-x64
7LibreWolf-...er.exe
windows7-x64
3LibreWolf-...er.exe
windows10-2004-x64
3ScheduledT...te.ps1
windows7-x64
1ScheduledT...te.ps1
windows10-2004-x64
1ScheduledT...ve.ps1
windows7-x64
1ScheduledT...ve.ps1
windows10-2004-x64
1defaults/p...efs.js
windows7-x64
1defaults/p...efs.js
windows10-2004-x64
1freebl3.dll
windows10-2004-x64
1gkcodecs.dll
windows10-2004-x64
1gmp-cleark...ey.dll
windows10-2004-x64
1ipcclientcerts.dll
windows10-2004-x64
1lgpllibs.dll
windows10-2004-x64
1libEGL.dll
windows10-2004-x64
1libGLESv2.dll
windows10-2004-x64
1librewolf.js
windows7-x64
1librewolf.js
windows10-2004-x64
1librewolf.exe
windows10-2004-x64
6mozavcodec.dll
windows10-2004-x64
1General
-
Target
librewolf-125.0.2-1-windows-x86_64-setup.exe
-
Size
131.7MB
-
Sample
240428-jhkwesbb9z
-
MD5
f22fb03eb8956a9cbccc611cf3398c6f
-
SHA1
bf465cf5d0bf00a2e8afc9be33bf5f796cbd426f
-
SHA256
7688f9e447e2cd002f5ea71e7a9c622e0b5c29ec74fcd1dab19f94d51c855a78
-
SHA512
24a9b869a09a719ee4f339d1cc24fa5609c360d03420d6f6026e9ed644025ca5241c5ea7c89d7f0f68daa0641465d45b4b0ee8154b25bf40a8f830bfe3a144fc
-
SSDEEP
3145728:ICouU1zGD7SxXBlvi5C6IrY0K45S0q3XfHhdUvMiEk+3gHWNkV:GuU1c7S/lvi5ZIrMMS0qn5dUvMiEk+3C
Static task
static1
Behavioral task
behavioral1
Sample
librewolf-125.0.2-1-windows-x86_64-setup.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
librewolf-125.0.2-1-windows-x86_64-setup.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win7-20240419-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/vc_redist.x64.exe
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/vc_redist.x64.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral13
Sample
AccessibleMarshal.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral14
Sample
LibreWolf-WinUpdater.exe
Resource
win7-20240419-en
Behavioral task
behavioral15
Sample
LibreWolf-WinUpdater.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral16
Sample
ScheduledTask-Create.ps1
Resource
win7-20240220-en
Behavioral task
behavioral17
Sample
ScheduledTask-Create.ps1
Resource
win10v2004-20240426-en
Behavioral task
behavioral18
Sample
ScheduledTask-Remove.ps1
Resource
win7-20240221-en
Behavioral task
behavioral19
Sample
ScheduledTask-Remove.ps1
Resource
win10v2004-20240419-en
Behavioral task
behavioral20
Sample
defaults/pref/channel-prefs.js
Resource
win7-20240221-en
Behavioral task
behavioral21
Sample
defaults/pref/channel-prefs.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral22
Sample
freebl3.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral23
Sample
gkcodecs.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral24
Sample
gmp-clearkey/0.1/clearkey.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral25
Sample
ipcclientcerts.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral26
Sample
lgpllibs.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral27
Sample
libEGL.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral28
Sample
libGLESv2.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral29
Sample
librewolf.js
Resource
win7-20240419-en
Behavioral task
behavioral30
Sample
librewolf.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral31
Sample
librewolf.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral32
Sample
mozavcodec.dll
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
librewolf-125.0.2-1-windows-x86_64-setup.exe
-
Size
131.7MB
-
MD5
f22fb03eb8956a9cbccc611cf3398c6f
-
SHA1
bf465cf5d0bf00a2e8afc9be33bf5f796cbd426f
-
SHA256
7688f9e447e2cd002f5ea71e7a9c622e0b5c29ec74fcd1dab19f94d51c855a78
-
SHA512
24a9b869a09a719ee4f339d1cc24fa5609c360d03420d6f6026e9ed644025ca5241c5ea7c89d7f0f68daa0641465d45b4b0ee8154b25bf40a8f830bfe3a144fc
-
SSDEEP
3145728:ICouU1zGD7SxXBlvi5C6IrY0K45S0q3XfHhdUvMiEk+3gHWNkV:GuU1c7S/lvi5ZIrMMS0qn5dUvMiEk+3C
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
22KB
-
MD5
b361682fa5e6a1906e754cfa08aa8d90
-
SHA1
c6701aee0c866565de1b7c1f81fd88da56b395d3
-
SHA256
b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04
-
SHA512
2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9
-
SSDEEP
384:78+Qlt70Fj/lQRY/9VjjgLZvDGFtart8E9VFK4ietffvtlh:7SqFjm6YL1DGFo+EA6tlh
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
19KB
-
MD5
2f2cd6e22e761b0d4e768b23bef637b2
-
SHA1
415ed80a3d4d2559bedfcb68d4d104b0d282618f
-
SHA256
55316f619c56fbb91ae0519e242ff4ae018d12ae03cba200d98533117a72ef3c
-
SHA512
18d7c0db90e551c1688ec2f53158929cfde43f8b8775e422ced39ddabd03dafca3e957305e7a2d3ad8e727591013c13273e1fd81f63a7b22590c4c72b02aceb8
-
SSDEEP
384:zo7Q8F8pMv0WAgkBhIFcBavDGFtart8E9VFK4iJ0/2Qg:8RapMv/AgknwDGFo+EABF
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
17KB
-
MD5
0e584c7120bd474c616013c58d51dc6b
-
SHA1
0bc980892341b52985d92fb3d8fbb6be77951935
-
SHA256
7fb626aa05bee1095633a75aeb7895ebd816a98e0aa1581a0154e4c196de5391
-
SHA512
aa3a471b3f33c3ffdbe1b1e3c1e5d04367bcab3c16049396a8dd12c5a8317e4b153761f74f39b756dd4fb1806aedc4f1bb38bfbc12f16480eed3fd3087a0d157
-
SSDEEP
384:qDrvAxnJGernNQZGdH7vDGFtart8E9VFK4ibEge:qDrkoernAGRLDGFo+EAxe
Score3/10 -
-
-
Target
$PLUGINSDIR/nsProcess.dll
-
Size
4KB
-
MD5
f0438a894f3a7e01a4aae8d1b5dd0289
-
SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6
-
SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
-
SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
-
SSDEEP
48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score3/10 -
-
-
Target
$PLUGINSDIR/vc_redist.x64.exe
-
Size
24.2MB
-
MD5
a8a68bcc74b5022467f12587baf1ef93
-
SHA1
046f00c519900fcbf2e6e955fc155b11156a733b
-
SHA256
1ad7988c17663cc742b01bef1a6df2ed1741173009579ad50a94434e54f56073
-
SHA512
70a05bde549e5a973397cd77fe0c6380807cae768aa98454830f321a0de64bd0da30f31615ae6b4d9f0d244483a571e46024cf51b20fe813a6304a74bd8c0cc2
-
SSDEEP
393216:Dwlp+dkBSuF2SfUfn6+eDl2ugjMoA+hxV33wsBH+Jh+5l+BvlOchteAHYhx9vy:DMp+Ty2SfUfnxk/kpsjlOchcEu2
Score4/10 -
-
-
Target
AccessibleMarshal.dll
-
Size
20KB
-
MD5
1d8e25f72404b7d9c92d1f5b907ceef7
-
SHA1
19f1ac0d943ce77541aa453c507948820507e618
-
SHA256
c78ed7158ac22e0964177c584803976ef1f65ddc73bf45e8cb8ccb52c49dbe3f
-
SHA512
f884833799733e94cf1a51c7e0d982721a16430d3451956be50434b351d3dd6bb4eb0657637c4f710e31fb710619bfd96ab422c1c56c1c4f6c26c5839e934380
-
SSDEEP
192:LGzHM43w7b4l2smMy2MDCrqi9BCAmfNi+dBZPCINdaDqVfnR/qyc7XfaeE4c:ws42cllpeD0BmbvCMdfjyycDieE4c
Score7/10-
Registers COM server for autorun
-
-
-
Target
LibreWolf-WinUpdater.exe
-
Size
843KB
-
MD5
886bdd7e26695e0cff6bb1501501baf1
-
SHA1
88dd2d1c17788f415653ac51c6e549ee3755ea69
-
SHA256
ec5ecdca62e9742d3a3f3b05de5c205f725b10faba3e03d474cdbe2aa6dfe523
-
SHA512
9e37f0bbff8959f5b505916f79ec695ffac6312a1e4f4daaa9cc0947a9ae598847185810ed5bc648000c11480434e5e881243bd2651dbffe194806db5c01e861
-
SSDEEP
24576:j8w41MYT0mWFR6DeLC+pjJT5cyl4+HBoODln:+1beL/xJtcGh
Score3/10 -
-
-
Target
ScheduledTask-Create.ps1
-
Size
1KB
-
MD5
8ddb261562ea06e0387e1352d27073db
-
SHA1
8cf252d5001e589205de3ee9a4947d0ba86624fd
-
SHA256
d542f351c3079a36abab5e1fcb30af88ea47152a40ffda8ac85c0a01143ad385
-
SHA512
4e5c9ba380b8eb8228105aa0774d47a77883c18680d3c04e5c35e89b5a0090fee86453490d8a7e225afe0422846eb727a39b1b625e21d4f79707666a637444d4
Score1/10 -
-
-
Target
ScheduledTask-Remove.ps1
-
Size
795B
-
MD5
3b670d8c2ac24ccb1c8319d37749bbe7
-
SHA1
e8a01444acb287f0baaa19cf41bd23eb8068b1a2
-
SHA256
128e696c01cd44800d80e0c42572e1ff68fc0bfcc5fe1b64002208f5b28e8ef5
-
SHA512
9d969ab1bae5d34255ebdaee5615113867c0ce72c6efaed1fdae4f84c9a71ee19c13124c2d39d7a795da7bf5b3b2e9ba78c9d5c242c1199d7a652299a828167c
Score1/10 -
-
-
Target
defaults/pref/channel-prefs.js
-
Size
429B
-
MD5
7bf8c4ca1cfa4e7fa4d2ba4149e3d217
-
SHA1
ee563f07617fe87b0b9c37af794874852b6820ff
-
SHA256
ef9fba57b2c3755b630b44ccfe703e2753d538fa50e3c52fc279c29e6db8200f
-
SHA512
d9923b90572e6d8d5236a8d76838953553c7b46e812c891f9246ba941c630199feadf16663a002444138839babbff696246a0636993fc1b1ccac17fabbc40cd1
Score1/10 -
-
-
Target
freebl3.dll
-
Size
892KB
-
MD5
c4031571f8d02dd8a0e9b0deab2e93b9
-
SHA1
62f19ff7fb04f4b2c5761c3f6fa986bb1c2b185e
-
SHA256
8d12da1656a97f9be488ddf9869e845de1d5b313cab2f66f82e4d25500e26ed4
-
SHA512
1c77f53c5b940b49a50a74c4c6a18a99ce3b1e7425ab01ba7929d31381af17472ed000f7529fef26e6891dc87ed50fbab34b67dd2d69a526630f855bea91c701
-
SSDEEP
24576:CWtqxfGq685ILpfemCcN9X3p8P7Q8+h9:CKafr68cfhps7Q3
Score1/10 -
-
-
Target
gkcodecs.dll
-
Size
8.4MB
-
MD5
a0137960d3f626d96a6029865849ce03
-
SHA1
1a9aa7c105686e7f168b35c62a3caba8171d7476
-
SHA256
264216eb24288c0a23ca520be94a993df9bda0b20dc409017f4a272f2b8260c5
-
SHA512
5ff19735ce678fb6c4b5767e9bf3d9f62fb4940447fe529c8e24d0bec7994f14811a6cba863808956ff1968c4667e8155a75ad022311b48f53644ea0cfea9cb4
-
SSDEEP
98304:7foMYFgLAGeihXlDJK2lb+088qjn79yLvfakLj9Czfa8Fyi4ixz1KrS:bfAQD3tpdgvpx4O
Score1/10 -
-
-
Target
gmp-clearkey/0.1/clearkey.dll
-
Size
96KB
-
MD5
49b5c0e0a31d01f24d5fba5ba8679590
-
SHA1
bdb158ce054ba44c5c4d529cd5dbc2c970597a4e
-
SHA256
200370d4adb1916e8b0aa036be0a53d53b76dde29d1eb1ddbd7cccdbfd217846
-
SHA512
cfc83a8439f73be7d1bda426f846570d325ecc771ab6c7d5b0586a76a2886a8ec29fec0998f90cf3d9d2ff67e249c41c3c329b7b4976591dc0706271b1ae34fc
-
SSDEEP
1536:6/Fpm7mWcS7T5CjgeSYtHO9I2Aco1cev/t2Xf+Uvu++E1BtIECeQm/oQ3THSEUWx:ZmWFT2geSYhgo5v/g+2u1ErtIECeQm/X
Score1/10 -
-
-
Target
ipcclientcerts.dll
-
Size
189KB
-
MD5
f3813fd95370d2602596dc56cbfdf779
-
SHA1
315dbccf4590f54f97cd2abb83bb5cacbff88ce0
-
SHA256
21b0fc06bd8dfae9d1a73fa6acedb4587c0b080f94a41813ff86e7ccc737b658
-
SHA512
3aec9b68dad8f50c42025c8ce4215f0fed653b960a2aa49b3d45179b895456fa4f43354127ea4365926b2dac3ab902bb0612761a9cee566867d8d78a8a7f6b0e
-
SSDEEP
3072:355ek8r1QXPHqwHj3Pv1SnN6AhksB7hDGHdC413B1FsfV9CBV:35Xu1aHqkrv10NcshhDGsCxMfz0
Score1/10 -
-
-
Target
lgpllibs.dll
-
Size
149KB
-
MD5
29b7602ef54b1e9b8d78410828108a12
-
SHA1
b832986e3e0a9e42ee164b3a4f3b02b4b23b3a22
-
SHA256
e1d16c9bd7bead0583f6fed4ab96d1fdacc8e1da9f6f138681beef8f4de90c0d
-
SHA512
8b1bf34f9ac15947ad5e0d92669f6dcc132860c6dc87cbb5c1c992cda402e7ec3f54568467543b8d57b2314634f56ccf52ce4452d4e32237092700b3378b48f6
-
SSDEEP
3072:gVFMz6Sg9HILnXPl9ds+HWyFvqLBtME8SuK3NhY+LyG3DnBTc3TFPC2v/xWVGs:0F4WHIL2YmtTuOh7DnBTc3TRC2vUV
Score1/10 -
-
-
Target
libEGL.dll
-
Size
38KB
-
MD5
4973bc911fd90b9e4bf489123edd9f9d
-
SHA1
aa4d633448ac4c0ccb9b8e17089c6ccf0d01596b
-
SHA256
0162ac3f1b57639ce8bfae0270b82f5968c88b1330bf8572515c15045316bdf6
-
SHA512
6d6cfea6c65ac3c8556e2adf461f206ac71a772374f5eed86ec531aecb9e2d3ef1e295d6589738d803374cf7b2d30725d0533977eaa3a44990cf2cf3daaa68e9
-
SSDEEP
384:UL/dGNaFx2qHcVIIzmG8d9PABDCVxLF+EmBMg7SGmjq7bU:qdGYLHchAuDCVxp7fGaq7bU
Score1/10 -
-
-
Target
libGLESv2.dll
-
Size
4.6MB
-
MD5
b18fbc067954ce48e76ad0692443e572
-
SHA1
a3e55c99cdb08dcef015f96c4c097e7665514821
-
SHA256
da49490d02ca79106f8cf62466f21d559a15746d72ac07f4f2634ce3942fa0b1
-
SHA512
906b3e2e8ede1a2a5893db4164a8481c3d6bb5b269b90a821fedcba967c081b3b310100cabd961008d7857d58864ada7c169a8cf2b1965bb835084fdcbd0f623
-
SSDEEP
49152:ZhOXHS/UwKpDVthsK7de4n2X7NYkDE7hNC1VcuB7lRMRh2UAPiqrx5OJNgFsYpqv:vOeUw6glLVcKv1
Score1/10 -
-
-
Target
librewolf.cfg
-
Size
25KB
-
MD5
5285ebdfd71a276a01ccb632859770bd
-
SHA1
dd36e5c5c37f31c8d1a98c9e6ddcc8134da953f5
-
SHA256
648d3284e68bb241d9c19d71decde39221507e5f53537c7ca7211d21e1e55199
-
SHA512
a9e4de9b8806670690b0b81ec929028a3f49528584e46651ea9a5cd2e204b3f87e2eb47c3024fc34a992e6f9bb5b959662fa00e6fe34be085f4bf41c3953ed8d
-
SSDEEP
384:AX+P+Wte+7MZcTn2H17nFiOQFsNwXEIuPf4dXhBubUihN:AX+P+Wte+7MZcT2VrF7QruPfSXhAbZP
Score1/10 -
-
-
Target
librewolf.exe
-
Size
695KB
-
MD5
f59c86d7c3f5397a6880b1d94deb3a38
-
SHA1
05fc180cffcfce6b30d97a2409b09f832362459c
-
SHA256
ddaa89851cb4749aafe981a595e1a343c20d7510cccb9aeb022ddd0fbae64edd
-
SHA512
3e0b9b8bb749cd059c0f2fb7d04d58877fa1f314045d082bc6761785ab5e5c59bea363fabc45ccb9e9992331c36061f80e595880bf47430fddf8d3855cda0179
-
SSDEEP
6144:bKEljHyLoO9TmgXSq56csDtqLa6q8wUkZkDWrPYS0mvg3dpm+q9VXpBrHVXo:eEJbtq08wtTrPv7veLm+cV5lHVY
-
-
-
Target
mozavcodec.dll
-
Size
3.2MB
-
MD5
10b84133797daf71e2408efa81180ad7
-
SHA1
8a485b77facb2dd64ee4bd8ecd9d733abaa762d8
-
SHA256
fea84688f0f84477951a03dd65b6a7265091c23fc30b3a418f05958bc9add6c2
-
SHA512
995a6ac3b3e0eb1ff1164b8dc14a918f7edd18e976a7822e624832c3b4766aec4f37cc7f4731ce3c3b45dabb8d38305983095e7c8d7f994271f33c030f2cdb92
-
SSDEEP
49152:K5wy2MwS5xRxgzEkd7Dzc984TD14YymsqVDzx+WGkWB+cMKn:KOSgZ4TUqVDzx+WH
Score1/10 -