Overview
overview
8Static
static
1Pass_55555_Setup.rar
windows10-1703-x64
3Installer-x64bit.exe
windows10-1703-x64
8Qt5Gui.dll
windows10-1703-x64
1avcodec-58.dll
windows10-1703-x64
1avformat-58.dll
windows10-1703-x64
1license.txt
windows10-1703-x64
1plugins/im...if.dll
windows10-1703-x64
1plugins/im...co.dll
windows10-1703-x64
1plugins/im...eg.dll
windows10-1703-x64
1plugins/me...ne.dll
windows10-1703-x64
1plugins/me...ne.dll
windows10-1703-x64
1plugins/pl...ws.dll
windows10-1703-x64
1plugins/st...le.dll
windows10-1703-x64
1scripting/citra.py
windows10-1703-x64
3General
-
Target
Pass_55555_Setup.rar
-
Size
16.6MB
-
Sample
230227-ex6n8abg69
-
MD5
e723764b64c812d553c53f88f02fc1b6
-
SHA1
13a7c40f7dccda372d4c96f8061d72c0d3c4b776
-
SHA256
ff87d820baf913ae59727dab8579b9f2d349b95bfb78aebcfeeb91cbce8c6ce3
-
SHA512
74e11cd487215bc1f8dbfb88f689b32ffa7ede074ca3d54a3aed75e85fdbd32ebdfadc554f37cbcd78c16603cc808244fd9df9d96e7276d07db2d1f7d032e0ea
-
SSDEEP
393216:4k47PRY7aDgd/8k8YsWBdMbOrnBMFREW/VapQI+6Szlk2hEG5+SLJZA:eY7Vd8GjMbKBMFRzMixzzhX1XA
Static task
static1
Behavioral task
behavioral1
Sample
Pass_55555_Setup.rar
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
Installer-x64bit.exe
Resource
win10-20230220-en
Behavioral task
behavioral3
Sample
Qt5Gui.dll
Resource
win10-20230220-en
Behavioral task
behavioral4
Sample
avcodec-58.dll
Resource
win10-20230220-en
Behavioral task
behavioral5
Sample
avformat-58.dll
Resource
win10-20230220-en
Behavioral task
behavioral6
Sample
license.txt
Resource
win10-20230220-en
Behavioral task
behavioral7
Sample
plugins/imageformats/qgif.dll
Resource
win10-20230220-en
Behavioral task
behavioral8
Sample
plugins/imageformats/qico.dll
Resource
win10-20230220-en
Behavioral task
behavioral9
Sample
plugins/imageformats/qjpeg.dll
Resource
win10-20230220-en
Behavioral task
behavioral10
Sample
plugins/mediaservice/dsengine.dll
Resource
win10-20230220-en
Behavioral task
behavioral11
Sample
plugins/mediaservice/wmfengine.dll
Resource
win10-20230220-en
Behavioral task
behavioral12
Sample
plugins/platforms/qwindows.dll
Resource
win10-20230220-en
Behavioral task
behavioral13
Sample
plugins/styles/qwindowsvistastyle.dll
Resource
win10-20230220-en
Behavioral task
behavioral14
Sample
scripting/citra.py
Resource
win10-20230220-en
Malware Config
Targets
-
-
Target
Pass_55555_Setup.rar
-
Size
16.6MB
-
MD5
e723764b64c812d553c53f88f02fc1b6
-
SHA1
13a7c40f7dccda372d4c96f8061d72c0d3c4b776
-
SHA256
ff87d820baf913ae59727dab8579b9f2d349b95bfb78aebcfeeb91cbce8c6ce3
-
SHA512
74e11cd487215bc1f8dbfb88f689b32ffa7ede074ca3d54a3aed75e85fdbd32ebdfadc554f37cbcd78c16603cc808244fd9df9d96e7276d07db2d1f7d032e0ea
-
SSDEEP
393216:4k47PRY7aDgd/8k8YsWBdMbOrnBMFREW/VapQI+6Szlk2hEG5+SLJZA:eY7Vd8GjMbKBMFRzMixzzhX1XA
Score3/10 -
-
-
Target
Installer-x64bit.exe
-
Size
750.0MB
-
MD5
926183968d138d7486529820c768c3b5
-
SHA1
8058b2204ebdcbf19e888a628c94e201b108b58d
-
SHA256
a2465fc5059ea57c7b64b1dc01caf8735422a005ddb7fabeddfa3cbc89085ccf
-
SHA512
40b2b026c4058fd5d2c39de5b0d28fc64aca6df6a3610a7f332d2d2674ea5c6f85ca6a88fb9b6d53b47fbd816d6ebaea5e8b916c62b109012746fe075c90a93a
-
SSDEEP
6144:0WQoTBfjc6gSNv0owMEbjlqOVPrevcfK2fqcz1IOq:0WQ4OMc0OVPe2fx14
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
Qt5Gui.dll
-
Size
7.0MB
-
MD5
0f967945f45b4094306cdbee9c298f7c
-
SHA1
bb18a4fa34d6b17d9f95aabf38b7b3c4f73d2e3c
-
SHA256
c5cfcb5f8d4fe7586f5c8848c071d7cceb0edc959c8a87f953b6d68a4f420533
-
SHA512
67e2811a5a58884426531f907eae455f5106dea057328ff42eabb6eea97ee4b4c73a5ef75405d32ceb0a51dda5f75e8825f8a3119b89e61caa5828b4620d559d
-
SSDEEP
98304:NsIdwYNfTHJx8HFy7l7AsJiosx10vEBWU:NsIdXxxp7AsJiR0vEAU
Score1/10 -
-
-
Target
avcodec-58.dll
-
Size
43.0MB
-
MD5
8ec6bcbfbab9def5b3a331ee6a44bd38
-
SHA1
96d5dec42acb3ad6c81c3489864d6258bcaed771
-
SHA256
4742e47c42016769e03329ae40f77030a0643d0c8d2c4ec4f877ad411d13e91d
-
SHA512
b649981995d9f131f05a14684b1f770af62379435f3618b99e46905048bcf98490e38dcb38704b20677f55e25c5c8f910d9beb65cb0bb45cf10077bf3ab93d56
-
SSDEEP
196608:In/0gVdaQyGjZ3DnAMxaefzyNMBsWj3az8mnKYyzR6xiBKvEhpPDrvVymudl70:In/0udafCABWDaznylBKvEhpPkpdC
Score1/10 -
-
-
Target
avformat-58.dll
-
Size
6.1MB
-
MD5
5177e610ba322d0579036212529de9c3
-
SHA1
482574335f1df6bc869f84534a4c9a6155b1eda1
-
SHA256
cb7bc81dcaee4e7edb8813000caf04836ca1661393c0dc6b193b250ab04528eb
-
SHA512
8cda9db8eb3f7e2ec058956a724578a117fd3080f87a389720b36251230936048dda20c21aefa9b65be1c8e7bc42f7218aa6db03124ba20f0a4854c29343e8ca
-
SSDEEP
98304:tqJ64NoXjgRc9RxhHNBsl3WaLShk/OnrYDpoB:GI0qBCLShk/O8D
Score1/10 -
-
-
Target
license.txt
-
Size
19KB
-
MD5
90df4d454db203057f5860b62f8771e3
-
SHA1
dc038d536a218fbecb83c6ad28990e9b8e655699
-
SHA256
8bd137ca8047a040d6d7e96b68910bc3b78b9b223c13420113f92c0e0fd39452
-
SHA512
f498a5987530cf8595c34450df616bfb890a566e4faa4f4bbe6669ef49c8bc0864533ab376661ebfc8857c7b86851d9c489388e60f9da48bce5dd39a0db19223
-
SSDEEP
384:Thj2PmwERb6k/iAVX/dUY2ZpEGMOZ77o0UDqHnfBVRbVXSIavl6J:Th6un1iYWrTXo0UDqHmy
Score1/10 -
-
-
Target
plugins/imageformats/qgif.dll
-
Size
31KB
-
MD5
9e9d69ccf49a3e603b5988412cd803ac
-
SHA1
8e8cc2725630aed6b07d15a57a1bede75148eb28
-
SHA256
cfa19804579366e5d806ee9a64d725bb97624807c2f161ef104dd7f38f8bc565
-
SHA512
2ebcbb89aeab632b37f1074f9deaed18b566ef017159b938f0d6e897e33ccf85fcfaa519f18c6f550be2336466230e69c890dd5fed4b5dfdd144341fa8be9b86
-
SSDEEP
768:w/+sv//cFFI24HskmhKD9uGG9C1z/u2Ih:LsvX+K24HskSK5uT9CpIh
Score1/10 -
-
-
Target
plugins/imageformats/qico.dll
-
Size
30KB
-
MD5
013584effd748102dbf8be4d3fceca1c
-
SHA1
69327e5c66ae2209326e35e198a52371016e9716
-
SHA256
a877756c4d8a50245ae05c6e8afd04d887f2a56551b1f530179947f7522eda8e
-
SHA512
a9b87ee7d960be914d13540d1888b5316e770741369eb3bdf6e862291c160a076cedac3850da079220becbc2fbd11d922d230895492bacd8b0233682fffb2416
-
SSDEEP
384:FPfpeemnT2xbwC8fWgD4LBHARhM2vBO70TloqGCFkNSsIs:RpeTnT2ddBEfO70Tl/ySsIs
Score1/10 -
-
-
Target
plugins/imageformats/qjpeg.dll
-
Size
423KB
-
MD5
c64f33a1f0dbc9d6ea16d553474a2589
-
SHA1
8796a55a18f488aef3697172d883da8a2f21f0f1
-
SHA256
d2316909e8427f7e429d038b59c857a09f008b846ee498ebc28fc3a4bc021444
-
SHA512
78279344733e5ece5006c8ca8b38d8d734a8d27a38824ab202a16a8f3818aa7f081fd4580d06226e62adc9a32ffe141e999ac5a039256749773cc23cbc5bad92
-
SSDEEP
12288:5mBBDtyWu4Vv/d8gQMtTLgWFxtde+MmxFbjJEacyV775EusYbpn5RScs87jmpOZY:5m
Score1/10 -
-
-
Target
plugins/mediaservice/dsengine.dll
-
Size
286KB
-
MD5
94d52681d4fd14c4fd1524a55b53d3d1
-
SHA1
e1fdf9c4c412c83ec22c907e70a935195b02d111
-
SHA256
0878e41b4e54c667f19f31a62bb5962964fc7ead43e0d164560b6335361d0a99
-
SHA512
4886ad83cafeef606f1674377a6162a6aeeff5227b3b79f51bffbb36487915f911defb8dc26c7a903f8c8452a0f709ee72ba826af0819c980863d0e8339c23d3
-
SSDEEP
6144:55Ctxg5TibkRvGOQOELBlHdAf1KNdnPqQ0FoMsF6:ms5ebkMHOELBfS
Score1/10 -
-
-
Target
plugins/mediaservice/wmfengine.dll
-
Size
192KB
-
MD5
7eed178ba3c1b5f30107ee1255b670b0
-
SHA1
0d12775a8b87ce50025cbfc3c97c796fbd27016e
-
SHA256
a3970ce8baccd192ff9d963f685708a1fa7205e4a8e06ef84b55c750cdd1b8d0
-
SHA512
be7a406859448fce8aec07884f6c11657b23ae54687018a62a40d4750b521c1b59386d55378af7fb8fc20d6af604fe980c9f55660d82656342d9b739e04a9089
-
SSDEEP
3072:GMckAcs4sBmWa2Cp3ndOk0Fq1hf4MuHI0S9pcrgHydPxkColgAj:GWc5a53ngcAMuo0+ydPxkCoCA
Score1/10 -
-
-
Target
plugins/platforms/qwindows.dll
-
Size
1.4MB
-
MD5
9166d6ae9b72979196cada66b47cce13
-
SHA1
11c2dc4d58abdc613f7215f39306ac7c08021c9b
-
SHA256
402718e1f9d06ca8ca40894e26c59d552977700fd0ff0c735e39aec8932495cd
-
SHA512
fce4ee93bbab70761e8f47fdba1803f34a8b584784231d73026fb726c294102c4d3792148ba98f82ebab8b14d8ea629bcd69455b8c89e6255f1be6ee4f1e19f4
-
SSDEEP
24576:gge4fDuaRZ0yiIs11xijs8TyYVmSeHGAacrie9LnZEo:dfDuaRZ1iIs1Hi9yYV0qcrLL9
Score1/10 -
-
-
Target
plugins/styles/qwindowsvistastyle.dll
-
Size
134KB
-
MD5
871c33dba8c48682bdbf391aae658cfc
-
SHA1
9b9b6b1ae811e9c03f0e4d3a22fb9c90d039e3c8
-
SHA256
8cffe86da581baa3a5e0c991e08774d6eefd0ade2775ee2f2396050723a952b1
-
SHA512
09f50b1a985c4ee58f9dbb86386beccab7ec315e8fcdc7857f50db6bef55525d33c7ca67a6d5770ac01a0dec4b94974f0ded5e79a1f81ea494f25977caca14e4
-
SSDEEP
3072:qSEMUX/o0JCMUFIwNO314wF4OldUQSNYLf8Af5MLtqR:8FvoQWK3WwF4odUQSNYLf8Af5MLK
Score1/10 -
-
-
Target
scripting/citra.py
-
Size
3KB
-
MD5
17029cc3a1237a2760c266823a8a3937
-
SHA1
face198755f58583cb86f23638d2308f30ced85d
-
SHA256
7fef07e4a7d6dcd0b203b6a35cf9f41463c6658bcf67e95ebcb4ca440c9be11e
-
SHA512
41f1624ab9119cfdfa4a223fe4794a110dc0bbfedf3424a777a35d94a80e801c33a61701dc5cac7615edfdfa15c5da8e3e3668189506f87b5cd9763f759d6cb2
Score3/10 -