Overview

overview

8

Static

static

1

Pass_55555_Setup.rar

windows10-1703-x64

3

Installer-x64bit.exe

windows10-1703-x64

8

Qt5Gui.dll

windows10-1703-x64

1

avcodec-58.dll

windows10-1703-x64

1

avformat-58.dll

windows10-1703-x64

1

license.txt

windows10-1703-x64

1

plugins/im...if.dll

windows10-1703-x64

1

plugins/im...co.dll

windows10-1703-x64

1

plugins/im...eg.dll

windows10-1703-x64

1

plugins/me...ne.dll

windows10-1703-x64

1

plugins/me...ne.dll

windows10-1703-x64

1

plugins/pl...ws.dll

windows10-1703-x64

1

plugins/st...le.dll

windows10-1703-x64

1

scripting/citra.py

windows10-1703-x64

3

Resubmissions

27-02-2023 04:37

230227-e83rpsbf3s 8

27-02-2023 04:25

230227-e2b1eabe9v 3

27-02-2023 04:20

230227-ex6n8abg69 8

27-02-2023 04:14

230227-ets9qabe8t 4

12-02-2023 12:22

230212-pkc69adh37 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Pass_55555_Setup.rar

  • Size

    16.6MB

  • Sample

    230227-ex6n8abg69

  • MD5

    e723764b64c812d553c53f88f02fc1b6

  • SHA1

    13a7c40f7dccda372d4c96f8061d72c0d3c4b776

  • SHA256

    ff87d820baf913ae59727dab8579b9f2d349b95bfb78aebcfeeb91cbce8c6ce3

  • SHA512

    74e11cd487215bc1f8dbfb88f689b32ffa7ede074ca3d54a3aed75e85fdbd32ebdfadc554f37cbcd78c16603cc808244fd9df9d96e7276d07db2d1f7d032e0ea

  • SSDEEP

    393216:4k47PRY7aDgd/8k8YsWBdMbOrnBMFREW/VapQI+6Szlk2hEG5+SLJZA:eY7Vd8GjMbKBMFRzMixzzhX1XA

Score
8/10
discoveryspywarestealer

Malware Config

Targets

    • Target

      Pass_55555_Setup.rar

    • Size

      16.6MB

    • MD5

      e723764b64c812d553c53f88f02fc1b6

    • SHA1

      13a7c40f7dccda372d4c96f8061d72c0d3c4b776

    • SHA256

      ff87d820baf913ae59727dab8579b9f2d349b95bfb78aebcfeeb91cbce8c6ce3

    • SHA512

      74e11cd487215bc1f8dbfb88f689b32ffa7ede074ca3d54a3aed75e85fdbd32ebdfadc554f37cbcd78c16603cc808244fd9df9d96e7276d07db2d1f7d032e0ea

    • SSDEEP

      393216:4k47PRY7aDgd/8k8YsWBdMbOrnBMFREW/VapQI+6Szlk2hEG5+SLJZA:eY7Vd8GjMbKBMFRzMixzzhX1XA

    Score
    3/10
    behavioral1

    • Target

      Installer-x64bit.exe

    • Size

      750.0MB

    • MD5

      926183968d138d7486529820c768c3b5

    • SHA1

      8058b2204ebdcbf19e888a628c94e201b108b58d

    • SHA256

      a2465fc5059ea57c7b64b1dc01caf8735422a005ddb7fabeddfa3cbc89085ccf

    • SHA512

      40b2b026c4058fd5d2c39de5b0d28fc64aca6df6a3610a7f332d2d2674ea5c6f85ca6a88fb9b6d53b47fbd816d6ebaea5e8b916c62b109012746fe075c90a93a

    • SSDEEP

      6144:0WQoTBfjc6gSNv0owMEbjlqOVPrevcfK2fqcz1IOq:0WQ4OMc0OVPe2fx14

    Score
    8/10
    discoveryspywarestealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral2

    • Target

      Qt5Gui.dll

    • Size

      7.0MB

    • MD5

      0f967945f45b4094306cdbee9c298f7c

    • SHA1

      bb18a4fa34d6b17d9f95aabf38b7b3c4f73d2e3c

    • SHA256

      c5cfcb5f8d4fe7586f5c8848c071d7cceb0edc959c8a87f953b6d68a4f420533

    • SHA512

      67e2811a5a58884426531f907eae455f5106dea057328ff42eabb6eea97ee4b4c73a5ef75405d32ceb0a51dda5f75e8825f8a3119b89e61caa5828b4620d559d

    • SSDEEP

      98304:NsIdwYNfTHJx8HFy7l7AsJiosx10vEBWU:NsIdXxxp7AsJiR0vEAU

    Score
    1/10
    behavioral3

    • Target

      avcodec-58.dll

    • Size

      43.0MB

    • MD5

      8ec6bcbfbab9def5b3a331ee6a44bd38

    • SHA1

      96d5dec42acb3ad6c81c3489864d6258bcaed771

    • SHA256

      4742e47c42016769e03329ae40f77030a0643d0c8d2c4ec4f877ad411d13e91d

    • SHA512

      b649981995d9f131f05a14684b1f770af62379435f3618b99e46905048bcf98490e38dcb38704b20677f55e25c5c8f910d9beb65cb0bb45cf10077bf3ab93d56

    • SSDEEP

      196608:In/0gVdaQyGjZ3DnAMxaefzyNMBsWj3az8mnKYyzR6xiBKvEhpPDrvVymudl70:In/0udafCABWDaznylBKvEhpPkpdC

    Score
    1/10
    behavioral4

    • Target

      avformat-58.dll

    • Size

      6.1MB

    • MD5

      5177e610ba322d0579036212529de9c3

    • SHA1

      482574335f1df6bc869f84534a4c9a6155b1eda1

    • SHA256

      cb7bc81dcaee4e7edb8813000caf04836ca1661393c0dc6b193b250ab04528eb

    • SHA512

      8cda9db8eb3f7e2ec058956a724578a117fd3080f87a389720b36251230936048dda20c21aefa9b65be1c8e7bc42f7218aa6db03124ba20f0a4854c29343e8ca

    • SSDEEP

      98304:tqJ64NoXjgRc9RxhHNBsl3WaLShk/OnrYDpoB:GI0qBCLShk/O8D

    Score
    1/10
    behavioral5

    • Target

      license.txt

    • Size

      19KB

    • MD5

      90df4d454db203057f5860b62f8771e3

    • SHA1

      dc038d536a218fbecb83c6ad28990e9b8e655699

    • SHA256

      8bd137ca8047a040d6d7e96b68910bc3b78b9b223c13420113f92c0e0fd39452

    • SHA512

      f498a5987530cf8595c34450df616bfb890a566e4faa4f4bbe6669ef49c8bc0864533ab376661ebfc8857c7b86851d9c489388e60f9da48bce5dd39a0db19223

    • SSDEEP

      384:Thj2PmwERb6k/iAVX/dUY2ZpEGMOZ77o0UDqHnfBVRbVXSIavl6J:Th6un1iYWrTXo0UDqHmy

    Score
    1/10
    behavioral6

    • Target

      plugins/imageformats/qgif.dll

    • Size

      31KB

    • MD5

      9e9d69ccf49a3e603b5988412cd803ac

    • SHA1

      8e8cc2725630aed6b07d15a57a1bede75148eb28

    • SHA256

      cfa19804579366e5d806ee9a64d725bb97624807c2f161ef104dd7f38f8bc565

    • SHA512

      2ebcbb89aeab632b37f1074f9deaed18b566ef017159b938f0d6e897e33ccf85fcfaa519f18c6f550be2336466230e69c890dd5fed4b5dfdd144341fa8be9b86

    • SSDEEP

      768:w/+sv//cFFI24HskmhKD9uGG9C1z/u2Ih:LsvX+K24HskSK5uT9CpIh

    Score
    1/10
    behavioral7

    • Target

      plugins/imageformats/qico.dll

    • Size

      30KB

    • MD5

      013584effd748102dbf8be4d3fceca1c

    • SHA1

      69327e5c66ae2209326e35e198a52371016e9716

    • SHA256

      a877756c4d8a50245ae05c6e8afd04d887f2a56551b1f530179947f7522eda8e

    • SHA512

      a9b87ee7d960be914d13540d1888b5316e770741369eb3bdf6e862291c160a076cedac3850da079220becbc2fbd11d922d230895492bacd8b0233682fffb2416

    • SSDEEP

      384:FPfpeemnT2xbwC8fWgD4LBHARhM2vBO70TloqGCFkNSsIs:RpeTnT2ddBEfO70Tl/ySsIs

    Score
    1/10
    behavioral8

    • Target

      plugins/imageformats/qjpeg.dll

    • Size

      423KB

    • MD5

      c64f33a1f0dbc9d6ea16d553474a2589

    • SHA1

      8796a55a18f488aef3697172d883da8a2f21f0f1

    • SHA256

      d2316909e8427f7e429d038b59c857a09f008b846ee498ebc28fc3a4bc021444

    • SHA512

      78279344733e5ece5006c8ca8b38d8d734a8d27a38824ab202a16a8f3818aa7f081fd4580d06226e62adc9a32ffe141e999ac5a039256749773cc23cbc5bad92

    • SSDEEP

      12288:5mBBDtyWu4Vv/d8gQMtTLgWFxtde+MmxFbjJEacyV775EusYbpn5RScs87jmpOZY:5m

    Score
    1/10
    behavioral9

    • Target

      plugins/mediaservice/dsengine.dll

    • Size

      286KB

    • MD5

      94d52681d4fd14c4fd1524a55b53d3d1

    • SHA1

      e1fdf9c4c412c83ec22c907e70a935195b02d111

    • SHA256

      0878e41b4e54c667f19f31a62bb5962964fc7ead43e0d164560b6335361d0a99

    • SHA512

      4886ad83cafeef606f1674377a6162a6aeeff5227b3b79f51bffbb36487915f911defb8dc26c7a903f8c8452a0f709ee72ba826af0819c980863d0e8339c23d3

    • SSDEEP

      6144:55Ctxg5TibkRvGOQOELBlHdAf1KNdnPqQ0FoMsF6:ms5ebkMHOELBfS

    Score
    1/10
    behavioral10

    • Target

      plugins/mediaservice/wmfengine.dll

    • Size

      192KB

    • MD5

      7eed178ba3c1b5f30107ee1255b670b0

    • SHA1

      0d12775a8b87ce50025cbfc3c97c796fbd27016e

    • SHA256

      a3970ce8baccd192ff9d963f685708a1fa7205e4a8e06ef84b55c750cdd1b8d0

    • SHA512

      be7a406859448fce8aec07884f6c11657b23ae54687018a62a40d4750b521c1b59386d55378af7fb8fc20d6af604fe980c9f55660d82656342d9b739e04a9089

    • SSDEEP

      3072:GMckAcs4sBmWa2Cp3ndOk0Fq1hf4MuHI0S9pcrgHydPxkColgAj:GWc5a53ngcAMuo0+ydPxkCoCA

    Score
    1/10
    behavioral11

    • Target

      plugins/platforms/qwindows.dll

    • Size

      1.4MB

    • MD5

      9166d6ae9b72979196cada66b47cce13

    • SHA1

      11c2dc4d58abdc613f7215f39306ac7c08021c9b

    • SHA256

      402718e1f9d06ca8ca40894e26c59d552977700fd0ff0c735e39aec8932495cd

    • SHA512

      fce4ee93bbab70761e8f47fdba1803f34a8b584784231d73026fb726c294102c4d3792148ba98f82ebab8b14d8ea629bcd69455b8c89e6255f1be6ee4f1e19f4

    • SSDEEP

      24576:gge4fDuaRZ0yiIs11xijs8TyYVmSeHGAacrie9LnZEo:dfDuaRZ1iIs1Hi9yYV0qcrLL9

    Score
    1/10
    behavioral12

    • Target

      plugins/styles/qwindowsvistastyle.dll

    • Size

      134KB

    • MD5

      871c33dba8c48682bdbf391aae658cfc

    • SHA1

      9b9b6b1ae811e9c03f0e4d3a22fb9c90d039e3c8

    • SHA256

      8cffe86da581baa3a5e0c991e08774d6eefd0ade2775ee2f2396050723a952b1

    • SHA512

      09f50b1a985c4ee58f9dbb86386beccab7ec315e8fcdc7857f50db6bef55525d33c7ca67a6d5770ac01a0dec4b94974f0ded5e79a1f81ea494f25977caca14e4

    • SSDEEP

      3072:qSEMUX/o0JCMUFIwNO314wF4OldUQSNYLf8Af5MLtqR:8FvoQWK3WwF4odUQSNYLf8Af5MLK

    Score
    1/10
    behavioral13

    • Target

      scripting/citra.py

    • Size

      3KB

    • MD5

      17029cc3a1237a2760c266823a8a3937

    • SHA1

      face198755f58583cb86f23638d2308f30ced85d

    • SHA256

      7fef07e4a7d6dcd0b203b6a35cf9f41463c6658bcf67e95ebcb4ca440c9be11e

    • SHA512

      41f1624ab9119cfdfa4a223fe4794a110dc0bbfedf3424a777a35d94a80e801c33a61701dc5cac7615edfdfa15c5da8e3e3668189506f87b5cd9763f759d6cb2

    Score
    3/10
    behavioral14

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks