c5eb078b5a5f4093d4878579f614142d2a1149b9c977f17aa6fbeb0df6332ae3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c5eb078b5a5f4093d4878579f614142d2a1149b9c977f17aa6fbeb0df6332ae3
Size

405KB
Sample

221004-l4chaaaed6
MD5

76341692f5460167cb93f22fe86e06d1
SHA1

35c80548a0d376d6ca573275b915b6104b123345
SHA256

c5eb078b5a5f4093d4878579f614142d2a1149b9c977f17aa6fbeb0df6332ae3
SHA512

353271c37cf78a78bf3ea3d78fbc39baebba124da47f854af8614bf8e75250ecbfbd290b9691e07742abb00e11cd874eaa5b98642a7d8ed41658d24255e57d33
SSDEEP

6144:Fol78KsKEcKYl+rPUeGGr1KbSR0TX2GOn3nlW3DVvJ5tLkZHt6NLKzDKmKEO3:aALwMoE1KP/On0BvCZHt6N+vDu

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  Duplicate File Finder Plus/App/DuplicateFileFinderPlus/Duplicate File Finder Plus.exe
- Size
  
  315KB
- MD5
  
  226b40e0e43d60e79795c24b6c609848
- SHA1
  
  0984091f7f2156963e2562589092dfe89da94c71
- SHA256
  
  064be21f3e44a433084ee83eb1e0029f835c5f78e96efcc630e72deeef5c5412
- SHA512
  
  16315dcc6d4d573e7d178ba1aba27e2657fff3fafca35ccc8c999cd3af8ee289ae772715dd7676734e1a21c53f2086a17bc005fb08d1805f8b5bf66b05f24ba1
- SSDEEP
  
  3072:F8cNAwyjD/cUV4ucdmlJ/c5/eq4Dtxel2/ccJVQ5xoBcTYULBnmSkDgFiW+vf+6K:cw6NXiO47XNgVPMwHDNLO7AZwehq2/
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  Duplicate File Finder Plus/App/DuplicateFileFinderPlus/Duplicate File Finder Plus.exe.config
- Size
  
  12KB
- MD5
  
  e11e610d73f37e88aadf20a30bb14764
- SHA1
  
  b0c988ba24f0391484394f28010dbdd522834fbc
- SHA256
  
  e5ffe6c51e5fd106feee2e83332ced96c9f6e455460a36a67a9c63aeed29293c
- SHA512
  
  a4048de02131fa414ba6af7d4ec6005bb288a04877950da6818ab846de4da19aaa77eaf7f703dbd0265aaf9b2b70e5de149ede24112b6b331b4032ec61517a42
- SSDEEP
  
  192:HrT6Q0+HeGpyWHlG1XLbn8HJEJjME/A+B:HXgGpyWH8XLpjMwB
Score

1^/10
behavioral3 behavioral4
- Target
  
  Duplicate File Finder Plus/App/DuplicateFileFinderPlus/Interop.IWshRuntimeLibrary.dll
- Size
  
  48KB
- MD5
  
  cafe8842d8d130db8ca8010e64ad941d
- SHA1
  
  2e7816afe99729e4e122d7caa966a5a53f6e3696
- SHA256
  
  2276a18da2e8b3290c18399cbad0ab0fce606ac566d04226f1177731bdf6d43e
- SHA512
  
  4acb9dbe2e194631ff836acfe95c4d6489033df3033714148b029d472103e73309fa3231941e74bf3b3b434a908819a5b01b0c3f48d9f075ff021032fc281b03
- SSDEEP
  
  768:Sx3LY+sPhWVJPsedLVDUYlkXrSXVteUdzttJ2z9IkCB7QtcNg:yL9nVJEetVDUxSpvJ2z9ID73g
Score

1^/10
behavioral5 behavioral6
- Target
  
  Duplicate File Finder Plus/App/DuplicateFileFinderPlus/TSS Foundation Libraries.dll
- Size
  
  44KB
- MD5
  
  fcbcc0dca649a47330d5e650d545c091
- SHA1
  
  13d20b6f449f2dbdfd3637c4bd440532c416658f
- SHA256
  
  e16609cf0f132b59813af9198f6c373b08c41a22fe18742bf275efd8b8ce41bb
- SHA512
  
  203c2765a5d486c9e3e572f031eaefb9845316ba374c229b700cb6ff625b1677cf335e2e99de33d481808b2c4a436c2384ccff909fb2a10e1540851fcd5605ca
- SSDEEP
  
  768:q6S9NG9/YsuJxWd8EAzamsbE9pU7Kea+D3ixo7ODMrZND:RS9NG9Qsum8LaeeBlZND
Score

1^/10
behavioral7 behavioral8
- Target
  
  Duplicate File Finder Plus/DuplicateFileFinderPlusPortable.exe
- Size
  
  249KB
- MD5
  
  2a48cc1537f74b015ff19f12f33763d2
- SHA1
  
  703289383d6272be0e7f68cc0f2d4e4ca71a82cf
- SHA256
  
  98cf20d38f72f0735b4cce6f74b72bd72d2ed73efb4a169cf2a22a28732b3b74
- SHA512
  
  7842abb55ce2bdf0118ab02543803d872ad0c32ce83c9a2fd9e0628cbce67ac39b8bafd41a3b1e4221483dbd029d2ebeec3d796100e70f4fa59e032a10608912
- SSDEEP
  
  3072:xweqOYEUXPnx7gCb6cmlWNp9xVvJUKt+KYVWnvBHBZ8k6NI6ZLzWOGW0WP8rKnq8:GEUX5VUlW3DVvJ5t+kZHt6NLKxKdKEOs
Score

7^/10
- Loads dropped DLL
behavioral9 behavioral10

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10