7688f9e447e2cd002f5ea71e7a9c622e0b5c29ec74fcd1dab19f94d51c855a78

Sharing

Copy URL

Twitter E-mail

General

Target

librewolf-125.0.2-1-windows-x86_64-setup.exe
Size

131.7MB
Sample

240428-jhkwesbb9z
MD5

f22fb03eb8956a9cbccc611cf3398c6f
SHA1

bf465cf5d0bf00a2e8afc9be33bf5f796cbd426f
SHA256

7688f9e447e2cd002f5ea71e7a9c622e0b5c29ec74fcd1dab19f94d51c855a78
SHA512

24a9b869a09a719ee4f339d1cc24fa5609c360d03420d6f6026e9ed644025ca5241c5ea7c89d7f0f68daa0641465d45b4b0ee8154b25bf40a8f830bfe3a144fc
SSDEEP

3145728:ICouU1zGD7SxXBlvi5C6IrY0K45S0q3XfHhdUvMiEk+3gHWNkV:GuU1c7S/lvi5ZIrMMS0qn5dUvMiEk+3C

Score

7^/10

Malware Config

Targets

- Target
  
  librewolf-125.0.2-1-windows-x86_64-setup.exe
- Size
  
  131.7MB
- MD5
  
  f22fb03eb8956a9cbccc611cf3398c6f
- SHA1
  
  bf465cf5d0bf00a2e8afc9be33bf5f796cbd426f
- SHA256
  
  7688f9e447e2cd002f5ea71e7a9c622e0b5c29ec74fcd1dab19f94d51c855a78
- SHA512
  
  24a9b869a09a719ee4f339d1cc24fa5609c360d03420d6f6026e9ed644025ca5241c5ea7c89d7f0f68daa0641465d45b4b0ee8154b25bf40a8f830bfe3a144fc
- SSDEEP
  
  3145728:ICouU1zGD7SxXBlvi5C6IrY0K45S0q3XfHhdUvMiEk+3gHWNkV:GuU1c7S/lvi5ZIrMMS0qn5dUvMiEk+3C
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  22KB
- MD5
  
  b361682fa5e6a1906e754cfa08aa8d90
- SHA1
  
  c6701aee0c866565de1b7c1f81fd88da56b395d3
- SHA256
  
  b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04
- SHA512
  
  2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9
- SSDEEP
  
  384:78+Qlt70Fj/lQRY/9VjjgLZvDGFtart8E9VFK4ietffvtlh:7SqFjm6YL1DGFo+EA6tlh
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  19KB
- MD5
  
  2f2cd6e22e761b0d4e768b23bef637b2
- SHA1
  
  415ed80a3d4d2559bedfcb68d4d104b0d282618f
- SHA256
  
  55316f619c56fbb91ae0519e242ff4ae018d12ae03cba200d98533117a72ef3c
- SHA512
  
  18d7c0db90e551c1688ec2f53158929cfde43f8b8775e422ced39ddabd03dafca3e957305e7a2d3ad8e727591013c13273e1fd81f63a7b22590c4c72b02aceb8
- SSDEEP
  
  384:zo7Q8F8pMv0WAgkBhIFcBavDGFtart8E9VFK4iJ0/2Qg:8RapMv/AgknwDGFo+EABF
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  17KB
- MD5
  
  0e584c7120bd474c616013c58d51dc6b
- SHA1
  
  0bc980892341b52985d92fb3d8fbb6be77951935
- SHA256
  
  7fb626aa05bee1095633a75aeb7895ebd816a98e0aa1581a0154e4c196de5391
- SHA512
  
  aa3a471b3f33c3ffdbe1b1e3c1e5d04367bcab3c16049396a8dd12c5a8317e4b153761f74f39b756dd4fb1806aedc4f1bb38bfbc12f16480eed3fd3087a0d157
- SSDEEP
  
  384:qDrvAxnJGernNQZGdH7vDGFtart8E9VFK4ibEge:qDrkoernAGRLDGFo+EAxe
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  f0438a894f3a7e01a4aae8d1b5dd0289
- SHA1
  
  b058e3fcfb7b550041da16bf10d8837024c38bf6
- SHA256
  
  30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
- SHA512
  
  f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
- SSDEEP
  
  48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/vc_redist.x64.exe
- Size
  
  24.2MB
- MD5
  
  a8a68bcc74b5022467f12587baf1ef93
- SHA1
  
  046f00c519900fcbf2e6e955fc155b11156a733b
- SHA256
  
  1ad7988c17663cc742b01bef1a6df2ed1741173009579ad50a94434e54f56073
- SHA512
  
  70a05bde549e5a973397cd77fe0c6380807cae768aa98454830f321a0de64bd0da30f31615ae6b4d9f0d244483a571e46024cf51b20fe813a6304a74bd8c0cc2
- SSDEEP
  
  393216:Dwlp+dkBSuF2SfUfn6+eDl2ugjMoA+hxV33wsBH+Jh+5l+BvlOchteAHYhx9vy:DMp+Ty2SfUfnxk/kpsjlOchcEu2
Score

4^/10

discovery
behavioral11 behavioral12
- Target
  
  AccessibleMarshal.dll
- Size
  
  20KB
- MD5
  
  1d8e25f72404b7d9c92d1f5b907ceef7
- SHA1
  
  19f1ac0d943ce77541aa453c507948820507e618
- SHA256
  
  c78ed7158ac22e0964177c584803976ef1f65ddc73bf45e8cb8ccb52c49dbe3f
- SHA512
  
  f884833799733e94cf1a51c7e0d982721a16430d3451956be50434b351d3dd6bb4eb0657637c4f710e31fb710619bfd96ab422c1c56c1c4f6c26c5839e934380
- SSDEEP
  
  192:LGzHM43w7b4l2smMy2MDCrqi9BCAmfNi+dBZPCINdaDqVfnR/qyc7XfaeE4c:ws42cllpeD0BmbvCMdfjyycDieE4c
Score

7^/10

persistence
- Registers COM server for autorun
  persistence
behavioral13
- Target
  
  LibreWolf-WinUpdater.exe
- Size
  
  843KB
- MD5
  
  886bdd7e26695e0cff6bb1501501baf1
- SHA1
  
  88dd2d1c17788f415653ac51c6e549ee3755ea69
- SHA256
  
  ec5ecdca62e9742d3a3f3b05de5c205f725b10faba3e03d474cdbe2aa6dfe523
- SHA512
  
  9e37f0bbff8959f5b505916f79ec695ffac6312a1e4f4daaa9cc0947a9ae598847185810ed5bc648000c11480434e5e881243bd2651dbffe194806db5c01e861
- SSDEEP
  
  24576:j8w41MYT0mWFR6DeLC+pjJT5cyl4+HBoODln:+1beL/xJtcGh
Score

3^/10
behavioral14 behavioral15
- Target
  
  ScheduledTask-Create.ps1
- Size
  
  1KB
- MD5
  
  8ddb261562ea06e0387e1352d27073db
- SHA1
  
  8cf252d5001e589205de3ee9a4947d0ba86624fd
- SHA256
  
  d542f351c3079a36abab5e1fcb30af88ea47152a40ffda8ac85c0a01143ad385
- SHA512
  
  4e5c9ba380b8eb8228105aa0774d47a77883c18680d3c04e5c35e89b5a0090fee86453490d8a7e225afe0422846eb727a39b1b625e21d4f79707666a637444d4
Score

1^/10
behavioral16 behavioral17
- Target
  
  ScheduledTask-Remove.ps1
- Size
  
  795B
- MD5
  
  3b670d8c2ac24ccb1c8319d37749bbe7
- SHA1
  
  e8a01444acb287f0baaa19cf41bd23eb8068b1a2
- SHA256
  
  128e696c01cd44800d80e0c42572e1ff68fc0bfcc5fe1b64002208f5b28e8ef5
- SHA512
  
  9d969ab1bae5d34255ebdaee5615113867c0ce72c6efaed1fdae4f84c9a71ee19c13124c2d39d7a795da7bf5b3b2e9ba78c9d5c242c1199d7a652299a828167c
Score

1^/10
behavioral18 behavioral19
- Target
  
  defaults/pref/channel-prefs.js
- Size
  
  429B
- MD5
  
  7bf8c4ca1cfa4e7fa4d2ba4149e3d217
- SHA1
  
  ee563f07617fe87b0b9c37af794874852b6820ff
- SHA256
  
  ef9fba57b2c3755b630b44ccfe703e2753d538fa50e3c52fc279c29e6db8200f
- SHA512
  
  d9923b90572e6d8d5236a8d76838953553c7b46e812c891f9246ba941c630199feadf16663a002444138839babbff696246a0636993fc1b1ccac17fabbc40cd1
Score

1^/10
behavioral20 behavioral21
- Target
  
  freebl3.dll
- Size
  
  892KB
- MD5
  
  c4031571f8d02dd8a0e9b0deab2e93b9
- SHA1
  
  62f19ff7fb04f4b2c5761c3f6fa986bb1c2b185e
- SHA256
  
  8d12da1656a97f9be488ddf9869e845de1d5b313cab2f66f82e4d25500e26ed4
- SHA512
  
  1c77f53c5b940b49a50a74c4c6a18a99ce3b1e7425ab01ba7929d31381af17472ed000f7529fef26e6891dc87ed50fbab34b67dd2d69a526630f855bea91c701
- SSDEEP
  
  24576:CWtqxfGq685ILpfemCcN9X3p8P7Q8+h9:CKafr68cfhps7Q3
Score

1^/10
behavioral22
- Target
  
  gkcodecs.dll
- Size
  
  8.4MB
- MD5
  
  a0137960d3f626d96a6029865849ce03
- SHA1
  
  1a9aa7c105686e7f168b35c62a3caba8171d7476
- SHA256
  
  264216eb24288c0a23ca520be94a993df9bda0b20dc409017f4a272f2b8260c5
- SHA512
  
  5ff19735ce678fb6c4b5767e9bf3d9f62fb4940447fe529c8e24d0bec7994f14811a6cba863808956ff1968c4667e8155a75ad022311b48f53644ea0cfea9cb4
- SSDEEP
  
  98304:7foMYFgLAGeihXlDJK2lb+088qjn79yLvfakLj9Czfa8Fyi4ixz1KrS:bfAQD3tpdgvpx4O
Score

1^/10
behavioral23
- Target
  
  gmp-clearkey/0.1/clearkey.dll
- Size
  
  96KB
- MD5
  
  49b5c0e0a31d01f24d5fba5ba8679590
- SHA1
  
  bdb158ce054ba44c5c4d529cd5dbc2c970597a4e
- SHA256
  
  200370d4adb1916e8b0aa036be0a53d53b76dde29d1eb1ddbd7cccdbfd217846
- SHA512
  
  cfc83a8439f73be7d1bda426f846570d325ecc771ab6c7d5b0586a76a2886a8ec29fec0998f90cf3d9d2ff67e249c41c3c329b7b4976591dc0706271b1ae34fc
- SSDEEP
  
  1536:6/Fpm7mWcS7T5CjgeSYtHO9I2Aco1cev/t2Xf+Uvu++E1BtIECeQm/oQ3THSEUWx:ZmWFT2geSYhgo5v/g+2u1ErtIECeQm/X
Score

1^/10
behavioral24
- Target
  
  ipcclientcerts.dll
- Size
  
  189KB
- MD5
  
  f3813fd95370d2602596dc56cbfdf779
- SHA1
  
  315dbccf4590f54f97cd2abb83bb5cacbff88ce0
- SHA256
  
  21b0fc06bd8dfae9d1a73fa6acedb4587c0b080f94a41813ff86e7ccc737b658
- SHA512
  
  3aec9b68dad8f50c42025c8ce4215f0fed653b960a2aa49b3d45179b895456fa4f43354127ea4365926b2dac3ab902bb0612761a9cee566867d8d78a8a7f6b0e
- SSDEEP
  
  3072:355ek8r1QXPHqwHj3Pv1SnN6AhksB7hDGHdC413B1FsfV9CBV:35Xu1aHqkrv10NcshhDGsCxMfz0
Score

1^/10
behavioral25
- Target
  
  lgpllibs.dll
- Size
  
  149KB
- MD5
  
  29b7602ef54b1e9b8d78410828108a12
- SHA1
  
  b832986e3e0a9e42ee164b3a4f3b02b4b23b3a22
- SHA256
  
  e1d16c9bd7bead0583f6fed4ab96d1fdacc8e1da9f6f138681beef8f4de90c0d
- SHA512
  
  8b1bf34f9ac15947ad5e0d92669f6dcc132860c6dc87cbb5c1c992cda402e7ec3f54568467543b8d57b2314634f56ccf52ce4452d4e32237092700b3378b48f6
- SSDEEP
  
  3072:gVFMz6Sg9HILnXPl9ds+HWyFvqLBtME8SuK3NhY+LyG3DnBTc3TFPC2v/xWVGs:0F4WHIL2YmtTuOh7DnBTc3TRC2vUV
Score

1^/10
behavioral26
- Target
  
  libEGL.dll
- Size
  
  38KB
- MD5
  
  4973bc911fd90b9e4bf489123edd9f9d
- SHA1
  
  aa4d633448ac4c0ccb9b8e17089c6ccf0d01596b
- SHA256
  
  0162ac3f1b57639ce8bfae0270b82f5968c88b1330bf8572515c15045316bdf6
- SHA512
  
  6d6cfea6c65ac3c8556e2adf461f206ac71a772374f5eed86ec531aecb9e2d3ef1e295d6589738d803374cf7b2d30725d0533977eaa3a44990cf2cf3daaa68e9
- SSDEEP
  
  384:UL/dGNaFx2qHcVIIzmG8d9PABDCVxLF+EmBMg7SGmjq7bU:qdGYLHchAuDCVxp7fGaq7bU
Score

1^/10
behavioral27
- Target
  
  libGLESv2.dll
- Size
  
  4.6MB
- MD5
  
  b18fbc067954ce48e76ad0692443e572
- SHA1
  
  a3e55c99cdb08dcef015f96c4c097e7665514821
- SHA256
  
  da49490d02ca79106f8cf62466f21d559a15746d72ac07f4f2634ce3942fa0b1
- SHA512
  
  906b3e2e8ede1a2a5893db4164a8481c3d6bb5b269b90a821fedcba967c081b3b310100cabd961008d7857d58864ada7c169a8cf2b1965bb835084fdcbd0f623
- SSDEEP
  
  49152:ZhOXHS/UwKpDVthsK7de4n2X7NYkDE7hNC1VcuB7lRMRh2UAPiqrx5OJNgFsYpqv:vOeUw6glLVcKv1
Score

1^/10
behavioral28
- Target
  
  librewolf.cfg
- Size
  
  25KB
- MD5
  
  5285ebdfd71a276a01ccb632859770bd
- SHA1
  
  dd36e5c5c37f31c8d1a98c9e6ddcc8134da953f5
- SHA256
  
  648d3284e68bb241d9c19d71decde39221507e5f53537c7ca7211d21e1e55199
- SHA512
  
  a9e4de9b8806670690b0b81ec929028a3f49528584e46651ea9a5cd2e204b3f87e2eb47c3024fc34a992e6f9bb5b959662fa00e6fe34be085f4bf41c3953ed8d
- SSDEEP
  
  384:AX+P+Wte+7MZcTn2H17nFiOQFsNwXEIuPf4dXhBubUihN:AX+P+Wte+7MZcT2VrF7QruPfSXhAbZP
Score

1^/10
behavioral29 behavioral30
- Target
  
  librewolf.exe
- Size
  
  695KB
- MD5
  
  f59c86d7c3f5397a6880b1d94deb3a38
- SHA1
  
  05fc180cffcfce6b30d97a2409b09f832362459c
- SHA256
  
  ddaa89851cb4749aafe981a595e1a343c20d7510cccb9aeb022ddd0fbae64edd
- SHA512
  
  3e0b9b8bb749cd059c0f2fb7d04d58877fa1f314045d082bc6761785ab5e5c59bea363fabc45ccb9e9992331c36061f80e595880bf47430fddf8d3855cda0179
- SSDEEP
  
  6144:bKEljHyLoO9TmgXSq56csDtqLa6q8wUkZkDWrPYS0mvg3dpm+q9VXpBrHVXo:eEJbtq08wtTrPv7veLm+cV5lHVY
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral31
- Target
  
  mozavcodec.dll
- Size
  
  3.2MB
- MD5
  
  10b84133797daf71e2408efa81180ad7
- SHA1
  
  8a485b77facb2dd64ee4bd8ecd9d733abaa762d8
- SHA256
  
  fea84688f0f84477951a03dd65b6a7265091c23fc30b3a418f05958bc9add6c2
- SHA512
  
  995a6ac3b3e0eb1ff1164b8dc14a918f7edd18e976a7822e624832c3b4766aec4f37cc7f4731ce3c3b45dabb8d38305983095e7c8d7f994271f33c030f2cdb92
- SSDEEP
  
  49152:K5wy2MwS5xRxgzEkd7Dzc984TD14YymsqVDzx+WGkWB+cMKn:KOSgZ4TUqVDzx+WH
Score

1^/10
behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Blocklisted process makes network request

Checks installed software on the system

Enumerates connected drives

Drops file in System32 directory

Registers COM server for autorun

Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32