774e3967b822539cb0a145c0ae24a0869fc412c87a336b0e6f038255eed9dafc

Sharing

Copy URL

Twitter E-mail

General

Target

ghub-main.zip.7z
Size

10.3MB
Sample

221129-yssrcabe88
MD5

0e515b2ce22502bc222e894e7a0d775f
SHA1

7f99fc4cb3064777cb1b272dff489af6086d8159
SHA256

774e3967b822539cb0a145c0ae24a0869fc412c87a336b0e6f038255eed9dafc
SHA512

2718c9a595ac431237cb5cb6cd3e0d602b5e78d97a229ff4ba1814c14a63d8467bdf4a051c36abebfd9dc9a34eb7cc7c96fd8c244da6cc27b696d0bfd882ee2f
SSDEEP

196608:xpyDY7UI8+3xdagspSda7Q28pFfAMGGTGGXKLdeimI/Nxc:yDY7p8WbspS328pyMttKLdBX/N

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  lghub/Configuration/System32/AUDIOKSE.dll
- Size
  
  411KB
- MD5
  
  e98568fbc069f9fa9c657d36d111a4a1
- SHA1
  
  f7244796bcd651a7b70cd075043353f0aec0cfdd
- SHA256
  
  c0ca03a8f441b85f622060a7da85df17104728be987332c7dbbeb7388bc78258
- SHA512
  
  b7448a3353ec3f47837b33505d9a9b8a264510b6506eed1d9d9d96c49e4c2a6582ce60628626f263c5a8ddbcdd5a249efb0824f24a2c3f256da6ac1aa297a2b4
- SSDEEP
  
  12288:ctMpeG9fTxy/C+55MNFdVwW80SPfC8i1gnKY:tIG9cC+55WdVwh0SPfC8i1gKY
Score

1^/10
behavioral1 behavioral2
- Target
  
  lghub/Configuration/System32/AudioHandlers.dll
- Size
  
  360KB
- MD5
  
  db49b99e5ccc599987e4ffd6ab607a71
- SHA1
  
  f37da2c8061d8b9a36cbebb727b9ca011feadfeb
- SHA256
  
  ab9818317f9bff90b15c480f000f27942b510cb2a0d47f27d790725afa6c3ec4
- SHA512
  
  c08b4b1300f9237e2f6c07b9856ecc567202b97c0076bf4369939126ccdf071e37b2af253912db0ad2d5c3827d0a201bc0c8666f7ee72a330bdc83733602fb1b
- SSDEEP
  
  6144:7rDGGUxLY1XeRTGfFrYFlkWymbQ+pelUdCthE23Xe6TRBvT5X6j9cT:7GGHeTGfFZ+iEaTsc
Score

1^/10
behavioral3 behavioral4
- Target
  
  lghub/Configuration/System32/AudioSrvPolicyManager.dll
- Size
  
  340KB
- MD5
  
  a2cd00f30bcd91624b7ed4caece9219c
- SHA1
  
  8e49956dd83c76047ad5088b3d64d32e32916295
- SHA256
  
  2959fc7206c0985ce11ded0c72144015c613922c70e1174227c91df5877abc7f
- SHA512
  
  923003c5b69d8a9d8054f3828c4e916b80b1c89fd8657a8d7c34e89fb9b011c6b5b798eacd0b355d51159319b685b55a842f4b81e07f181b0dd516eea48d3a81
- SSDEEP
  
  6144:0U7OLFM+b6V9KBRShs+fCM0YUiipv3dKkaDn/+KgJ5Qx:tKzShNCMuv3dDKgUx
Score

1^/10
behavioral5 behavioral6
- Target
  
  lghub/Configuration/System32/AuditPolicyGPInterop.dll
- Size
  
  73KB
- MD5
  
  c991a447fca0fb6193ac2504155e8659
- SHA1
  
  7a7b36a77caa607d9f1364a8f0b2486214451a4f
- SHA256
  
  d38bf44dd1d0fbd364a45674fb58149b9b36ffe299f7b153ed2d4526d70c1eb5
- SHA512
  
  dc5df161862f3888b12677a83e3a9d7f923636d3a2172f35b002a6b0d206d28d8cb1017004fa15e59567b60feccbb12deb16797349829cacc3f9dc2193b5e774
- SSDEEP
  
  1536:ZPijnRz3ylq7twjsvc2ndPvsrA+0n7qmIesrfr/lPXmXqZmbVMOO:cjnVOq7twjsvcudMUf7qmIHrfxPXxmJr
Score

1^/10
behavioral7 behavioral8
- Target
  
  lghub/Configuration/System32/AuthBroker.dll
- Size
  
  211KB
- MD5
  
  fb98a9eeae0a10cd6835b885b8c3f95e
- SHA1
  
  0a24a82f0ab88f7fbd8337f6f37001de1cbddb93
- SHA256
  
  fe00c6f139f489fb00b8f8dfa8cf0e945fc5a0f086f3167aad47ad19fcc645b6
- SHA512
  
  1bce826015da3b38c54a046f48ff1f054a160d88ebd72ef6a44241439ca0fa0c380730c1eebed04f0dbdf4a2c4616277e1dbb44f2759678a1c4311cc1235008d
- SSDEEP
  
  3072:17ZXr28bsZZ921BJ/uAR9yy00Ev6Wg+qVoWkhuYv0azl4XdGYSrNH1m4uWH:17x28UZAv1uARsy00Ev3qVp6a4
Score

1^/10
behavioral10 behavioral9
- Target
  
  lghub/Configuration/System32/AuthBrokerUI.dll
- Size
  
  110KB
- MD5
  
  09b23a6902a5317edaee32aa710e8ad5
- SHA1
  
  1074ab987b9e67716ce59260492682aa801e15d9
- SHA256
  
  53ec647dec5ceaeb1d0aff6cb112e1015a97c9091a1100c97545ad6ae37297e4
- SHA512
  
  2a405f4724cff046bc429889e90991877af41d89366628054112e924a5f97f83b3a5e04358c2175811cb2aebc76ff4dfafd3a5d9adf9a9950104d612702b8bd6
- SSDEEP
  
  1536:sBR8/RPG3K2WYmwzfQUXzeFS7opgQrpy7E2mq7oJ8+mFiQjA3AdFk9iTe0zJOzdR:saRt2OwzNKR6RE2mAoJ8BoA4iTOzdG6
Score

3^/10
behavioral11 behavioral12
- Target
  
  lghub/Configuration/System32/AuthExt.dll
- Size
  
  50KB
- MD5
  
  711854525dbfd9a7406ed59d32d37f45
- SHA1
  
  4721784d3feddd5c163ee5c71e15b6441ec8f5ba
- SHA256
  
  ae9cddc6823e75579367ee307e243e090165e104aef5031f7cbc42e8c42c005a
- SHA512
  
  8587328c04a5ec5ca2416111fb476b1634962bab5ec9b03787cdfea3c638825987a49a6de99e83a1391eb551e2d7436f42dd20c48c1cb59555bee4004a1ea54f
- SSDEEP
  
  768:vGkBE+5SiVcZkmIzQkbMK6KPK+IYaBe2MojxNKEfF8xR:vGGEsSieZniMNKy+IYaBe2MiF8xR
Score

1^/10
behavioral13 behavioral14
- Target
  
  lghub/Configuration/System32/AuthFWGP.dll
- Size
  
  32KB
- MD5
  
  aec29dd818090c5fc3274179ef262d1a
- SHA1
  
  a237042bcf46f33b0616c11d592b2ef1387106e3
- SHA256
  
  24eddbf36e9a04a60dd092ea8c65cb30af18706fb2810e88de043c8cf163150a
- SHA512
  
  59e72f28d182b6eea46ad386708b8a1361476f8186460fa3c19bf7b18ec786fc4c400766acb575924c5694f9916768e2fa704ea0d6bd0a949912df07a08b1779
- SSDEEP
  
  384:BxBdwA7dUh6DtDVB41QwiqyRV+l0yZbwUzU6pcrWtnndjzJGkj0pEEQPA4rQsWyj:XBdwALtDmQt+6upTcAnpTj4vQoZ
Score

8^/10

persistence
- Registers COM server for autorun
  persistence
behavioral15 behavioral16
- Target
  
  lghub/Configuration/System32/SyncRes.dll.mui
- Size
  
  28KB
- MD5
  
  0a8225eb0bc7362fc44bb91c8690c69a
- SHA1
  
  a4658b81afdd92f5b860b6cd7a395df0afbfde31
- SHA256
  
  cf22b6822d205b51ba8b59fd180be707861d0d26307f9ebe1a022fcfb08f6fb3
- SHA512
  
  7f9088f399f86635d43cdbbb831d338f1ad75573169c8f905eee6f941530784e8bb49ccb8b624262d169194bda76793ec76d9615ef9a5ad53ebfa53e79a8fc07
- SSDEEP
  
  192:5HHJhh/7UgtSqzqhz53oim5ORXZg6QqimkM6rMgwpgTN9CA8UWj6FWo:5nThDUAmmqBSTqoMAMgwmTPl/WOFWo
Score

1^/10
behavioral17 behavioral18
- Target
  
  lghub/Configuration/System32/WWAHost.exe.mui
- Size
  
  20KB
- MD5
  
  6a63decc341b47bb7e8b44031950a018
- SHA1
  
  7d71805bbd16157b1810c8dd9c9d6f6b48121af8
- SHA256
  
  237fd32c8c7740197fd8de8fa41fa8abdc98f1cf85828dce94db8a07f8fa2a22
- SHA512
  
  0022419642ebbf6ccd9bcf4ac64dd02981fe3c190771e45e0195eda18629400cd759219a627c0a4e95d5a7f8ce2d255dbc19b50191c1168c30de4a3b8bd4c665
- SSDEEP
  
  384:IhqqdXiq0wFGSvoBh4ibEYOZojiwIWSU7jWn:IhqqdXiq0wcS3zUs
Score

1^/10
behavioral19 behavioral20
- Target
  
  lghub/Configuration/System32/Windows.Media.Speech.UXRes.dll.mui
- Size
  
  8KB
- MD5
  
  2d50cbcd8ed9941dd5df76a9090d9a4e
- SHA1
  
  5be4d294e955189b9e989bac377a6e30c6c77134
- SHA256
  
  63a36a02cefe14d970d5881d83304ca34eb8d160f01247e5f660191da8bac99c
- SHA512
  
  23f86482ce9ca64c063e0e177d041c7959f4c747b6e61eacf9f720b25288925abaf02abd3baa6c53512650a89d314255207ae2b60c087acfd8fa84fdd9f47f57
- SSDEEP
  
  96:7N7O68r6pcDjEMoFtrMoFoytdXMoFoyodptSZZxwCHACbJ2XIOWdKWw+:t8WCVomobUobaMwDB4OWdKWt
Score

7^/10
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral21 behavioral22
- Target
  
  lghub/Configuration/System32/audioresourceregistrar.dll
- Size
  
  55KB
- MD5
  
  c689351a093e0e2ddc31871cca37093c
- SHA1
  
  456839dc921405b2cbfcd62e6b5fdcb181dc246a
- SHA256
  
  ab449d1e1828c0ba12faf3f32784be782977aa929e08ee89bc70af779e581da3
- SHA512
  
  84c391139054562387bacf519e96eea4db73cbf4b209fe14fe2b3745d7ebaf608506408df991651b2ae0f14b4bc9d2bc7ddead1e7d5f851f998db17f39e51fad
- SSDEEP
  
  768:khpRUit0OKos+FP7dmwjnBvQE02471X5xsl+O0vXVb63SDwO5jN7bHqGS6S3rFSL:kFz7d5wz9gOFRbTSB7Efdsg
Score

3^/10
behavioral23 behavioral24
- Target
  
  lghub/Configuration/System32/auditcse.dll
- Size
  
  203KB
- MD5
  
  3b1f9fdd9dd3a66144c6ab4ab153e05b
- SHA1
  
  535cf13000a85d4811bebbdad28e4e9d6fe605de
- SHA256
  
  d760dbd00c07a6c187b0360906449162c20236d219c50c349a7ec6a287f08f16
- SHA512
  
  032bc890d2fd745e5c4af81994dda7472dbd93eedf6d458b63f645c535faefd7f3e408bf64891568aad9fbed2fec80cdada5c93eeef23f9e78a2337848acfbc7
- SSDEEP
  
  3072:kmG63rM9OjTLfC3Xox/qQtWxNXOab3CVEQEiZO4:kmGzWTLyoePOKSVEQPZ
Score

3^/10
behavioral25 behavioral26
- Target
  
  lghub/Configuration/System32/auditpolmsg.dll
- Size
  
  93KB
- MD5
  
  560b3dccb58dc8e04551fb4197ccceb3
- SHA1
  
  b1e669343a9f6c1421564af78b5db99f1c4ed940
- SHA256
  
  fb764c109e0b2cfeb320b2280f104adcaa7e7080d09004c97ec8d586ac72960e
- SHA512
  
  4b445215e62cb825d8153e0e5ec4920e9733b6c6806301a754df8f675ce1e739f68fde712875f31ac4c3456e8d37e70bc58dab18ccb3031d9799e253721a472f
- SSDEEP
  
  1536:UR9sSnIh8Pxvp1Jz1mEmzJ0RtW9yBozETuEGeJvO41ZZnr26:UR9d7PxB3m10RgFz/4vB1Tn1
Score

1^/10
behavioral27 behavioral28
- Target
  
  lghub/Configuration/System32/authentication.dll
- Size
  
  53KB
- MD5
  
  1bce2bf027c7404e1557dcb26631ecdb
- SHA1
  
  dad2be4ab012a9aa88749460e4113208bd4a2152
- SHA256
  
  f4ff79f74e589ddfc0ca38d9e5fbff7a6c5870b568525eee87ef7cae07aaa26e
- SHA512
  
  b6fb41a7bcb45c1adc47744d5f8a68b9c19d30ba5ef01b7ff63b35ba783c324aff14b544ecb62acffd3f5216bbbc104112ee189ab9dc62c3384869e969c8caf1
- SSDEEP
  
  1536:hZRrsy/In8Lg/oxB3po5U5Oct+5yWs1EBPw:VHI8Lg/Mpwyp1YPw
Score

3^/10
behavioral29 behavioral30
- Target
  
  lghub/Configuration/System32/authfwcfg.dll
- Size
  
  548KB
- MD5
  
  617c796943a8a8bee803c0ced2262e5c
- SHA1
  
  d94f03f5d4fde2413ea8d7cffdcc32474ff7b768
- SHA256
  
  83674dc38b8341200c38953e0be839a670129d4d9a49abaa5f9e9bc4bdf07282
- SHA512
  
  3f5ba2e4a582e061d35f5c1e9df917cab0403919101b7424b24586b216007c7990c15f422d8cb06a9d507c5ec01a2205ae7e983ad5fcd30fb50cae2672890ba3
- SSDEEP
  
  6144:eD0ZhtDXlJPmg1l0CgzCu5bQ05rg1jMmP1JwjcpjB46t97Q7IEfqRj6A:O0ZThJPjoDV781jp1JimjB46tAIFp6A
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Registers COM server for autorun

Unexpected DNS network traffic destination

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32