4f8d8ea9646d4e22bde910ff285f60de42280dc778202bda1dc326f5a9244f4b

Sharing

Copy URL Twitter E-mail

General

Target

4f8d8ea9646d4e22bde910ff285f60de42280dc778202bda1dc326f5a9244f4b
Size

4.7MB
Sample

221127-wv78psgh38
MD5

ce6f3dcbaaea407b90607460d7ac6c83
SHA1

3969f5468fabd8bbb1849279a9a019c43689f678
SHA256

4f8d8ea9646d4e22bde910ff285f60de42280dc778202bda1dc326f5a9244f4b
SHA512

e3cb1e76c2689a2b2ab258b8a606ee9273b74254f1187d7ae9696f07a4d94aade9df3593c3ea9c05f650c374872be83deaab44e262706f2ac3f854e3ac3cfdba
SSDEEP

98304:yUWRkiJEtl0WPBwPqrLe56d2XrQ2iMZQ2lY/mqaZ8IOyOA8ylgQCwWcsY4mqhPU4:cjexPBwPU6Drn/Q2KK2yOAiQBsY4mqht

Score

5^/10

Malware Config

Targets

- Target
  
  0908-exploits/CoolPreviews_Firefox_Extension_Security_Advisory.pdf
- Size
  
  268KB
- MD5
  
  6a6adc238f22333a79d378d631684384
- SHA1
  
  cfb8863b303f3e69f58a238477dc12cf2f22b7d8
- SHA256
  
  4f2706bad6a05c9cdd2540149bff931f39721d5ed60c8ef6695a3e216f3e75b8
- SHA512
  
  e6a06c7d9ae1f5aec527ff81c95923f8b746238975fd8f93cb1688b47ebccdab5244ed907c52a29070002436eb2fd50e2be84d065b686e5d22d9a06584bccaf3
- SSDEEP
  
  3072:ZX7QAI2GwHBDqfK40F0JBBdDGLAAI2GwHBDq2K40F0JBBdD3LAT/PgcIKn9cgm:uEHkfMmRd4XHk2MmRdHUb+gm
Score

1^/10
behavioral1 behavioral2
- Target
  
  0908-exploits/Feed_Sidebar_Firefox_Extension_Privileged_Code_Injection.pdf
- Size
  
  270KB
- MD5
  
  e999d3eee3c3d631d21568a60a819067
- SHA1
  
  5f49d79cae02d7b371a8bcb08deb2c5bda53d0f0
- SHA256
  
  9051078957e8b0620115d0506d0a10139829ad1a4cd09e064fb9e6d0856a4b50
- SHA512
  
  585ab900ecb920e0381f2a844fed554b10d15125e9bde3275c19d3121d31d0146309bca0f51db7aad6320cea3f9d9902887f7adf4dd370d53a1e882587b2e64e
- SSDEEP
  
  6144:OHk8MmRd4NHk2MmRdHLDvMmCF3yK6d3wl5W:UoJDvG9qwlY
Score

1^/10
behavioral3 behavioral4
- Target
  
  0908-exploits/ScribeFire_Firefox_Extension_Privileged_Code_Injection.pdf
- Size
  
  261KB
- MD5
  
  7fc3eaf4cac5c42aad50e04ac96b2b25
- SHA1
  
  567162ecfd35264225800a3afeb8ce0f19a9f0cf
- SHA256
  
  b3bf839f159fdf42897a46b649dfe4a6a6a4d45628ff8ae2c0db85f957eb1e8b
- SHA512
  
  742f9689e5c082bf914c9b924f0e958d539b1803388c284b98b9f3c04f878cd68463dd4e081b422906762cd4f2b8c00454ef5e0ed2f041671392e084980e1614
- SSDEEP
  
  3072:NUqI2GwHBDqNK40F0JBBdDGLAHI2GwHBDqCK40F0JBBdDELAbANchIjrI1LR7/TV:CKHkNMmRd4iHkCMmRdWzU1NrTPt
Score

1^/10
behavioral5 behavioral6
- Target
  
  SkypeTrojan/SkypeTrojan.cpp
- Size
  
  24KB
- MD5
  
  6ef7edd0ec0738d6236bb1af16156c6b
- SHA1
  
  61cb479d750635f44243f09987553be67ad63a67
- SHA256
  
  d91f5933eccacb01962397ee2b5cb4941422f184abe3d8ef855d8d1d78ea8fbf
- SHA512
  
  c47affb3d75218c11eb01df87f687c6703d20c9fc7ab53600330391cb91dc6e86c01285780dd8b9b8e8a1b9f0a72799a8cd5e106be91856973416ec9bff75835
- SSDEEP
  
  768:X/jFTt2plOWtxAAoXaYfxr13Tl5nE8skm:i7LoXaYfxrVls
Score

1^/10
behavioral7 behavioral8
- Target
  
  0908-exploits/Update_Scanner_Firefox_Extension_Security_Advisory.pdf
- Size
  
  266KB
- MD5
  
  e62351031170ea9a210839c2977e6757
- SHA1
  
  bbf75fcf18fcf5bb6e184c094ac48a7308ee5e34
- SHA256
  
  a84cea7dcca8c8129f0476869c42bf49f5faf21e8ed4c9dc9b68f23483dd9f82
- SHA512
  
  11ed8816e876803e42c0d9a3cb26f915968aad23615cfa2a6ac14d7354112ff9c0faa838383f4c52ff1b5136d6f76b15ea70733147a3353c714e6e530d4532d6
- SSDEEP
  
  3072:ShI2GwHBDqlK40F0JBBdDGLAQI2GwHBDqaK40F0JBBdDQLALKeJ3EC3E+eLguEle:wHklMmRd4/HkaMmRdCGKOUmENLkr2v
Score

1^/10
behavioral10 behavioral9
- Target
  
  0908-exploits/WizzRSS_Firefox_Extension_Privileged_Code_Injection.pdf
- Size
  
  269KB
- MD5
  
  9561794d949396f501dba2e440aa10f1
- SHA1
  
  f90ceb856239585da62e8b77f7e4538e2f6974cd
- SHA256
  
  ec171eaddaaab7708cf6e05a1cf76f2dfe84fb8052fc10a26dcbe9f834b2d4a5
- SHA512
  
  b4d01c1161fb4cc9f859c46f97cf9b1c2069aeac56612e8a1ae304fb5c7864564b889c18ff7e7a2aa60a294bdc0ff3d88595383d90dfe6fbac05b9d0daa4e58c
- SSDEEP
  
  3072:2QtpNI2GwHBDqlK40F0JBBdDGLA3jI2GwHBDq2K40F0JBBdD3LAphuScWIjO+Mzg:2Qf1HklMmRd4KHk2MmRdHSuScHin15U
Score

1^/10
behavioral11 behavioral12
- Target
  
  0908-exploits/a2mpp-overflow.txt
- Size
  
  2KB
- MD5
  
  93affe60b6b9d64e2837b2a8b0d9a237
- SHA1
  
  df4badded262aa2c2001b6530c5149767320e0bf
- SHA256
  
  832b63a4423a0e0fefc833d58b8931ff863248533d20ad1a486cd91116742880
- SHA512
  
  c0d72c2cb2306556e7cb164d26249bb8b3c1d63601159541c180fcdc05608dc736956aecd866be251c335967e87c716a270baa73ae8f076dba7b6cb6400729df
Score

5^/10
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral13 behavioral14 behavioral15 behavioral16
- Target
  
  0908-exploits/adobeflex-xss.txt
- Size
  
  4KB
- MD5
  
  d13f5adc72a43f7d1cf1bc9fef6875d0
- SHA1
  
  a2930b453a799ca095fd70ab6bb14e77e42a17bc
- SHA256
  
  19e76a5fdee8f5a3cec432ecfb64d9d3567085717670c7c1135650fe4d2e853b
- SHA512
  
  988e8285ad92ab7097541aec5ea0f67370bd7849f9ffea4e43e85aeb676655db96d0b0a02c4d69c5135a12815f5be816055c4f0512bd82ea160451d16d91397c
- SSDEEP
  
  96:p3Sa8iPamUK2bQDMehyNxjqdbKqzbr9dmJqc:VSUPaPeZ+xjqdGqz9Bc
Score

1^/10
behavioral17 behavioral18
- Target
  
  0908-exploits/aio-crash.txt
- Size
  
  650B
- MD5
  
  ba29145c9a2fea971268c67b556eb4c3
- SHA1
  
  d3a40fd05778a3c62e83a41cd1a528f105fb0c18
- SHA256
  
  ee6c3d544638885b74a9b19721e792accc172ec4ebc7ddb23d2be67aa9c4c517
- SHA512
  
  f7b4672db630c6536a7e0d457f9cf9b56d73f519424413cf5b8d1acf1a1a31f278d270d1506db9ae146b37a90cc0d9bd15785c9a817e47a93a4c3de0b0e0f8a4
Score

5^/10
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral19 behavioral20 behavioral21 behavioral22
- Target
  
  0908-exploits/amayaw3c-overflow.txt
- Size
  
  1KB
- MD5
  
  45fab9e63e4b5f5d90e4db4b3be0a0fd
- SHA1
  
  e8ab804530e92e6e1d88eab7299f97d13d56fef8
- SHA256
  
  4f580ce6b0d0a1455564b8712abbdd29cce687fd15564c38f3c70f6f012539bf
- SHA512
  
  3e7e09ae4062ecb30c825c0f45ef7a95b0b4ba61be4d971bfa1305e4c1ec03ed8a4af7b93b34495e15b17e0e36ad8b1532650e0a4df28100b9395a46631f6bbb
Score

1^/10
behavioral23 behavioral24 behavioral25 behavioral26
- Target
  
  0908-exploits/arabportal2-sql.txt
- Size
  
  5KB
- MD5
  
  3495c7dfdd7109ad6d0759cfe902fbd1
- SHA1
  
  cd36d8e02923c871bcc7ffe1bd3783b49f2162ef
- SHA256
  
  14076b1857b841d117585bc631df83fd6a4ca9f67621154c72dffe621ebaac7c
- SHA512
  
  26b3ea1c8e059cd49f440b9a1d5817bbc9ac475d5f0cbe173d7435cb3fd56f502849b7729dade77d86c670266eae829004612aebc876ecab553de84130c12c56
- SSDEEP
  
  96:IyhOfvfUiJrN87GzH3bOiqLw2P3facPFSxs8khqCwxcqJJ:j0fvfPNN87GTLOiyw2Pv5PFSx3kUCjqb
Score

1^/10
behavioral27 behavioral28
- Target
  
  0908-exploits/arabportal22-sql.txt
- Size
  
  5KB
- MD5
  
  7449753c98d9674f651dff1bb0b7bb51
- SHA1
  
  48384b7efa18b6d03e70ed6fe0aeeef80579ed9c
- SHA256
  
  a06d67bf24c568fe854bbfac13e880aab7737c67f7ee37757991816058bd505c
- SHA512
  
  018950d0332061eafe13e12d81d716cfb91504d57761c16f6e090568bd8b1a64ebd386b6df489a4f28ed6c53b2f7a09d844e9d4d527907bf571a6fdf8711593c
- SSDEEP
  
  96:v7v9NF7gB8W5xBv6Ba2CcH3CT6OexpOl1GScX3yDaBXsqScX3yDIBv:v7fF8B6QVcHse2TFcXLXspcXbv
Score

1^/10
behavioral29 behavioral30 behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Writes file to tmp directory

Writes file to tmp directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32