Overview

overview

10

Static

static

AsepriteTo...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AsepriteToolInstaller.exe

  • Size

    14.1MB

  • Sample

    230105-dwhekaag55

  • MD5

    05fa8f159d573796a10ebc7ff71ead46

  • SHA1

    21596be221232066e07e454685fd87770baa5002

  • SHA256

    8e5deeda104e2d39c40cd5251f598c640e03f49a1fde55a16e2a999208f0d48a

  • SHA512

    4a23ef81563d6ad9b2e93918b431fdbba3d3e7725ed9835d8bfefb1e1028112234f9217524a994688656fe78f208ef13f8b4aec4abe48a72e87313b5928809e4

  • SSDEEP

    393216:E6UiaGcbN3gSEA/qstVBHdfczPq4yAUtw:E6OwkCK/cj3cw

Score
10/10
discoverypersistencepyinstallerransomware

Malware Config

Extracted

Path

C:\Program Files\Microsoft Visual Studio\2022\Community\Licenses\1033\ThirdPartyNotices.txt

Ransom Note
NOTICES AND INFORMATION Do Not Translate or Localize Microsoft Visual Studio This software incorporates material from the projects listed below. Updates to this file may be found at https://go.microsoft.com/fwlink/?LinkId=661288. Microsoft makes certain open source code available at https://3rdpartysource.microsoft.com, or you may send a check or money order for US $5.00, including the product name, the open source component name, and version number, to: Source Code Compliance Team Microsoft Corporation One Microsoft Way Redmond, WA 98052 USA Notwithstanding any other terms, you may reverse engineer this software to the extent required to debug changes to any libraries licensed under the GNU Lesser General Public License. 1. .NET Compiler Platform ("Roslyn") (https://github.com/dotnet/roslyn) 2. .NET CLI 3. 7-Zip (http://www.7-zip.org/) 4. abbrev.js (https://github.com/isaacs/abbrev-js) 5. acorn (https://github.com/ternjs/acorn) 6. Acorn (and other files) 7. acorn-jsx (https://github.com/RReverser/acorn-jsx) 8. acorn-loose (https://github.com/acornjs/acorn) 9. acorn-to-esprima (https://github.com/babel/acorn-to-esprima) 10. Active Directory Authentication Library (ADAL) for .NET (https://github.com/AzureAD/azure-activedirectory-library-for-dotnet) 11. ActiveState cookbook recipe "Remove duplicates from a sequence" 12. Adrian Mato Gondelle (http://yensdesign.com/2008/09/how-to-create-a-stunning-and-smooth-popup-using-jquery/) 13. agent-base (https://github.com/TooTallNate/node-agent-base) 14. Alexander ChemerisÕ ISO C9x compliant inttypes.h for Microsoft Visual Studio (http://code.google.com/p/msinttypes/) 15. align-text (https://github.com/jonschlinkert/align-text) 16. alter (https://github.com/olov/alter) 17. amdefine (https://github.com/jrburke/amdefine/) Includes: require-cs (https://github.com/requirejs/require-cs) 18. Anaconda packages (https://repo.anaconda.com/pkgs) Includes: asn1crypto Includes: bzip2 Includes: ca-certificates Includes: certifi Includes: cffi Includes: chardet Includes: conda Includes: Conda (4.7.10) Includes: conda-env Includes: conda-package-handling Includes: console_shortcut Includes: cryptography Includes: idna Includes: libarchive Includes: libiconv Includes: libxml2 Includes: lz4 Includes: lzo Includes: menuinst Includes: openssl Includes: pip Includes: powershell_shortcut Includes: pycosat Includes: pycparser Includes: pyopenssl Includes: pysocks Includes: python Includes: python-libarchive-c Includes: pywin32 Includes: requests Includes: ruamel_yaml Includes: setuptools Includes: six Includes: sqlite Includes: tqdm Includes: urllib3 Includes: vc Includes: wheel Includes: wincertstore Includes: win_inet_pton Includes: xz Includes: yaml Includes: zlib Includes: zstd 19. Astring (https://github.com/davidbonnet/astring) 20. Anaconda Python (https://www.anaconda.com/) 21. analysis-smartcn (https://github.com/elastic/elasticsearch/tree/master/plugins/analysis-smartcn) 22. Android dirname_r (https://android.googlesource.com/platform/bionic/+/android-4.0.3_r1.1/libc/bionic/dirname_r.c) 23. Android native_app_glue 24. Android Open Source Project files licensed under EPL v1 25. Android Studio (https://source.android.com/) Includes: Android Cookbook recipe "Handling the Nuances of strings.xml" Includes: CSVReader.java 26. AndroidSupportComponents (https://github.com/xamarin/AndroidSupportComponents) 27. AngularJS Intellisense (https://github.com/jmbledsoe/angularjs-visualstudio-intellisense) 28. AngularJS logo (unmodified) (https://github.com/angular/angular.js) 29. ansi (https://github.com/TooTallNate/ansi.js) 30. ansicolors (https://github.com/thlorenz/ansicolors) 31. ansi-escapes (https://github.com/sindresorhus/ansi-escapes) 32. ansi-regex (https://github.com/sindresorhus/ansi-regex) 33. ansistyles (https://github.com/thlorenz/ansistyles) 34. ansi-styles (https://github.com/chalk/ansi-styles) 35. Anti-Grain Geometry (http://antigrain.com/license/index.html#toc0002) 36. ANTLR (http://www.antlr.org/) Includes: ANTLR v3 Includes: ANTLR v4 37. antlr4cs (https://github.com/tunnelvisionlabs/antlr4cs) 38. Apache Ant (https://ant.apache.org/index.html) Includes: File with code from bzip2 Includes: File with code from Info-ZIP 39. Apache Camel (https://github.com/apache/camel) 40. Apache Hive (https://hive.apache.org) 41. Apache log4net (https://logging.apache.org/log4net/) 42. Apache Lucene (http://lucene.apache.org/core/) 43. Apache Qpid (http://qpid.apache.org/) 44. Apache Thrift (https://thrift.apache.org.) 45. applicationinsights-analytics-js (version 2.5.7) (https://github.com/microsoft/ApplicationInsights-JS/tree/master/extensions/applicationinsights-analytics-js) 46. applicationinsights-channel-js (https://github.com/Microsoft/applicationinsights-js) 47. applicationinsights-common (https://github.com/microsoft/ApplicationInsights-JS/tree/master/shared/AppInsightsCommon) 48. applicationinsights-core-js (https://github.com/microsoft/ApplicationInsights-JS/tree/master/shared/AppInsightsCore) 49. applicationinsights-dependencies-js (https://github.com/microsoft/ApplicationInsights-JS/tree/master/extensions/applicationinsights-dependencies-js) 50. applicationinsights-properties-js (https://github.com/microsoft/ApplicationInsights-JS/tree/master/extensions/applicationinsights-properties-js) 51. applicationinsights-shims (https://github.com/microsoft/ApplicationInsights-JS/tree/master/tools/shims) 52. ApplicationInsights-node.js (https://github.com/Microsoft/ApplicationInsights-node.js) 53. applicationinsights-web (https://github.com/microsoft/ApplicationInsights-JS) 54. aproba (https://github.com/iarna/aproba) 55. Archiver (https://github.com/archiverjs/node-archiver) 56. archiver-utils (https://github.com/archiverjs/archiver-utils) 57. archy (https://github.com/substack/node-archy) 58. are-we-there-yet (https://github.com/iarna/are-we-there-yet) 59. argparse (https://github.com/nodeca/argparse) 60. array-filter (https://github.com/juliangruber/array-filter) 61. array-index (https://github.com/TooTallNate/array-index) 62. array-map (https://github.com/substack/array-map) 63. array-reduce (https://github.com/substack/array-reduce.) 64. array-union (https://github.com/sindresorhus/array-union) 65. array-uniq (https://github.com/sindresorhus/array-uniq) 66. arrify (https://github.com/sindresorhus/arrify) 67. artifact-engine (artifact-engine) 68. asap (https://github.com/kriskowal/asap) 69. ASM (https://www.ow2.org/) 70. asm-analysis (https://www.ow2.org/) 71. ASMJS Validator (https://hg.mozilla.org/integration/mozilla-inbound/rev/100721f9718f) 72. asm-tree (https://www.ow2.org/) 73. asn1 (https://github.com/mcavage/node-asn1) 74. ASP.NET (http://www.asp.net/) Includes: ASP.NET Core (https://github.com/aspnet/AspNetCore) Includes: SignalR (https://github.com/SignalR/SignalR) Includes: Web Stack Components (MVC) (https://github.com/aspnet/AspNetWebStack) Includes: Web Stack Components (WebAPI) (https://github.com/aspnet/AspNetWebStack) Includes: Web Stack Components (Web Pages) (https://github.com/aspnet/AspNetWebStack) Includes: Caching (https://github.com/aspnet/Caching) Includes: Common (https://github.com/aspnet/Common) Includes: Configuration (https://github.com/aspnet/Configuration) Includes: CORS (https://github.com/aspnet/CORS) Includes: DataCommon.SQLite (https://github.com/aspnet/Microsoft.Data.Sqlite) Includes: DataProtection (https://github.com/aspnet/DataProtection) Includes: DependencyInjection (https://github.com/aspnet/DependencyInjection) Includes: Diagnostics (https://github.com/aspnet/Diagnostics) Includes: dnvm (https://github.com/aspnet/dnvm) Includes: dnx (https://github.com/aspnet/dnx) Includes: Entropy (https://github.com/aspnet/Entropy) Includes: FileSystem (https://github.com/aspnet/FileSystem) Includes: Hosting (https://github.com/aspnet/Hosting) Includes: HttpAbstractions (https://github.com/aspnet/HttpAbstractions) Includes: HttpClient (https://github.com/aspnet/HttpClient) Includes: Identity (https://github.com/aspnet/Identity) Includes: jquery-ajax-unobtrusive (https://github.com/aspnet/jquery-ajax-unobtrusive) Includes: jquery-validation-unobtrusive (https://github.com/aspnet/jquery-validation-unobtrusive) Includes: KestrelHttpServer (https://github.com/aspnet/KestrelHttpServer) Includes: Logging (https://github.com/aspnet/Logging) Includes: Options (https://github.com/aspnet/Options) Includes: Razor (https://github.com/aspnet/Razor) Includes: Routing (https://github.com/aspnet/Routing) Includes: Scaffolding (https://github.com/aspnet/Scaffolding) Includes: Security (https://github.com/aspnet/Security) Includes: Session (https://github.com/aspnet/Session) Includes: Signing (https://github.com/aspnet/Signing) Includes: StaticFiles (https://github.com/aspnet/StaticFiles) Includes: Testing (https://github.com/aspnet/Testing) Includes: UserSecrets (https://github.com/aspnet/UserSecrets) Includes: vsweb-publish (https://github.com/aspnet/vsweb-publish) Includes: WebSocketAbstractions (https://github.com/aspnet/WebSocketAbstractions) Includes: WebSockets (https://github.com/aspnet/WebSockets) 75. assert-plus (https://github.com/mcavage/node-assert-plus) 76. ast-traverse (https://github.com/olov/ast-traverse) 77. ast-types (https://github.com/benjamn/ast-types.) 78. async (https://github.com/caolan/async) 79. async-some (https://github.com/othiym23/async-some) 80. Attractive Chaos' h.h (https://github.com/attractivechaos/klib/blob/master/khash.h) 81. Autogrow Textarea Plugin (https://github.com/jevin/Autogrow-Textarea) 82. AutoRest (https://github.com/Azure/autorest) 83. aws4 (https://github.com/mhart/aws4) 84. aws-sign2 (https://github.com/request/aws-sign) 85. axios (https://github.com/mzabriskie/axios) 86. axon (https://github.com/visionmedia/axon) 87. Azure Key Vault (https://github.com/Azure/AutoRest) 88. azure-storage-net (https://github.com/Azure/azure-storage-net) 89. azure-storage-net-data-movement (https://github.com/Azure/azure-storage-net-data-movement) 90. Babel (Babylon) (https://github.com/babel/babel/) 91. Babel-eslint (https://github.com/babel/babel-eslint/) 92. babel-plugin-constant-folding (https://www.npmjs.com/package/babel-plugin-constant-folding) 93. Babel/Runtime (version 7.12.13) (https://www.npmjs.org/package/@babel/runtime/v/7.12.13) 94. babel-sublime (https://github.com/babel/babel-sublime) Includes: get-stdin 95. balanced-match (https://github.com/juliangruber/balanced-match) 96. Batch File (Sublime Packages) (https://github.com/sublimehq/Packages) 97. Beautify-html.js (https://github.com/einars/js-beautify) 98. BERKELEY YACC (http://dickey.his.com/byacc/byacc.html) 99. binary (https://github.com/substack/node-binary) 100. binutils (https://www.gnu.org/software/binutils) Includes: amd64-match.S Includes: libffi 101. bl (Buffer List) (https://github.com/rvagg/bl) 102. block-stream (https://github.com/isaacs/block-stream) 103. bluebird (http://github.com/petkaantonov/bluebird) 104. Boehm-Demers-Weiser conservative garbage collector (https://github.com/mono/mono/tree/master/libgc/include) 105. boom (https://github.com/hapijs/boom) 106. Boost (http://www.boost.org/) 107. Boost Test Library (http://boost.sourceforge.net/libs/test/doc/index.html) 108. Boost Unit Test Adapter (https://github.com/etas/vs-boost-unit-test-adapter) 109. bootstrap (https://github.com/twbs/bootstrap) 110. Bootstrap (verion 3.0.0) (http://nuget.org/packages/Twitter.Bootstrap) 111. bootstrap-touch-carousel (https://github.com/ixisio/bootstrap-touch-carousel) 112. BoringSSL (https://github.com/mono/boringssl) 113. Bouncy Castle (https://www.bouncycastle.org/csharp/) Includes: Implementation of the OCB Authenticated-Encryption Algorithm (https://tools.ietf.org/html/rfc7253) Includes: JZLib (http://www.jcraft.com/jzlib) Includes: secp256k1 (https://github.com/bitcoin-core/secp256k1) 114. Bouncy Castle JCE (http://www.bouncycastle.org/viewcvs/viewcvs.cgi/java/crypto/) 115. Bower (https://github.com/bower/bower) 116. bower-config (https://github.com/bower/config) 117. bower-endpoint-parser (https://github.com/bower/endpoint-parser) 118. bower-json (https://github.com/bower/json) 119. bower-logger (https://github.com/bower/logger) 120. bower-registry-client (https://github.com/bower/registry-client) 121. brace-expansion (https://github.com/juliangruber/brace-expansion) 122. breakable (https://github.com/olov/breakable) 123. browserkeymap (https://github.com/marijnh/browserkeymap) 124. BSD fnmatch (http://opensource.apple.com/source/gcc/gcc-5666.3/libiberty/bsearch.c) 125. BSD glibc bsearch (http://www.gnu.org/software/libc/download.html) 126. buddy.js (https://github.com/danielstjules/buddy.js) 127. buffer-crc32 (https://github.com/brianloveswords/buffer-crc32) 128. buffer-equal-constant-time (https://github.com/salesforce/buffer-equal-constant-time) 129. buffers (https://github.com/substack/node-buffers) 130. buffers (DefinitelyTyped) (https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/buffers) 131. buffer-shims (https://github.com/calvinmetcalf/buffer-shims) 132. builtin-modules ( https://github.com/sindresorhus/builtin-modules) 133. builtins (https://github.com/juliangruber/builtins) 134. C++ Standard Library (https://github.com/Microsoft/stl) 135. camelcase (https://github.com/sindresorhus/camelcase) 136. Camellia (http://www.openssl.org/~appro/camellia/) 137. capture-stack-trace (https://github.com/floatdrop/capture-stack-trace) 138. cardinal (https://github.com/thlorenz/cardinal/) 139. c-ares (http://c-ares.haxx.se) 140. caseless (https://github.com/request/caseless/) 141. cctools 142. cecil (https://github.com/jbevain/cecil/) Includes: cci Includes: CryptoConvert.cs Includes: Files copyright Juerg Billeter Includes: Files copyright Microsoft Includes: Files copyright Novell, Inc. Includes: Files copyright Ximian, Inc. Includes: Files copyright Ximian, Inc. and Xamarin Inc 143. center-align (https://github.com/jonschlinkert/center-align) 144. cfe (https://llvm.org/) Includes: unicode.org code 145. CF-Lite 146. CFStreamAbstract.h 147. chainsaw (https://github.com/substack/node-chainsaw) 148. chalk (https://github.com/chalk/chalk) 149. chmodr (https://github.com/isaacs/chmodr) 150. chownr (https://github.com/isaacs/chownr) 151. Chris SwensonÕs sorting routine implementations (https://github.com/swenson/sort) 152. Chromium (https://www.chromium.org/Home) 153. ch-siphash (https://github.com/tanglebones/ch-siphash) 154. cityhash (https://github.com/google/cityhash) 155. clang (https://clang.llvm.org/) Includes: unicode.org code 156. clang v12.0.0 (https://github.com/llvm/llvm-project/blob/llvmorg-12.0.0/clang/LICENSE.TXT) 157. clang-tools-extra (https://llvm.org/) 158. CLAP.dll (http://adrianaisemberg.github.io/CLAP/#what) 159. cli-cursor (https://github.com/sindresorhus/cli-cursor) 160. Clide (https://github.com/clariuslabs/clide) 161. cliui (https://github.com/bcoe/cliui) 162. cli-width (https://github.com/knownasilya/cli-width) 163. Clojure (https://github.com/mmcgrana/textmate-clojure) 164. clone (https://github.com/pvorb/node-clone) 165. CLR Instrumentation Engine (https://github.com/Microsoft/CLRInstrumentationEngine) 166. CMake (daemon mode) (https://github.com/steveire/CMake/tree/cmake-daemon) In
Emails

[email protected]

<[email protected]>

[email protected]

<[email protected]>

<[email protected]>

<[email protected]>

<[email protected]>

[email protected]

<[email protected]>

<[email protected]>

<[email protected]>

<[email protected]>

[email protected]

<[email protected]>

[email protected]

<[email protected]>

<[email protected]>

<[email protected]>

<[email protected]>

<[email protected]>
URLs

https://go.microsoft.com/fwlink/?LinkId=661288

https://3rdpartysource.microsoft.com

https://github.com/dotnet/roslyn

http://www.7-zip.org/

https://github.com/isaacs/abbrev-js

https://github.com/ternjs/acorn

https://github.com/RReverser/acorn-jsx

https://github.com/acornjs/acorn

https://github.com/babel/acorn-to-esprima

https://github.com/AzureAD/azure-activedirectory-library-for-dotnet

http://yensdesign.com/2008/09/how-to-create-a-stunning-and-smooth-popup-using-jquery/

https://github.com/TooTallNate/node-agent-base

http://code.google.com/p/msinttypes/

https://github.com/jonschlinkert/align-text

https://github.com/olov/alter

https://github.com/jrburke/amdefine/

https://github.com/requirejs/require-cs

https://repo.anaconda.com/pkgs

https://github.com/davidbonnet/astring

https://www.anaconda.com/

Targets

    • Target

      AsepriteToolInstaller.exe

    • Size

      14.1MB

    • MD5

      05fa8f159d573796a10ebc7ff71ead46

    • SHA1

      21596be221232066e07e454685fd87770baa5002

    • SHA256

      8e5deeda104e2d39c40cd5251f598c640e03f49a1fde55a16e2a999208f0d48a

    • SHA512

      4a23ef81563d6ad9b2e93918b431fdbba3d3e7725ed9835d8bfefb1e1028112234f9217524a994688656fe78f208ef13f8b4aec4abe48a72e87313b5928809e4

    • SSDEEP

      393216:E6UiaGcbN3gSEA/qstVBHdfczPq4yAUtw:E6OwkCK/cj3cw

    Score
    10/10
    discoverypersistencepyinstallerransomware

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks