Overview

overview

8

Static

static

1

EN-US/Aut0...eN.dll

windows7-x64

1

EN-US/Aut0...eN.dll

windows10-2004-x64

1

EN-US/avicap32.dll

windows7-x64

1

EN-US/avicap32.dll

windows10-2004-x64

1

FileSetup.exe

windows7-x64

8

FileSetup.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    FullFiles-2022-PaSS.rar

  • Size

    11.5MB

  • Sample

    230305-rghcxage88

  • MD5

    dfaf5ad6ad73d1e20526893d9ed9d589

  • SHA1

    c3728a8f842bd7122ece549e0d67dfd497bba444

  • SHA256

    f8049271309b5ed8a3bfed91b316b5dae91a7f9df0c7ac5e931805f4b601ad29

  • SHA512

    4ddf49836de13d457fa94f2f9686f297f279d091612b37867137b2412f66bee5fb915ba0a99071814880d6f08d2269e607d7e5e06cacd2a42fc0278f9af4789d

  • SSDEEP

    196608:gaX4pWRh+/sVv80Cp2daYUQSBgHTixRkXln0ZOnL6RJ8wLWF1g68fgQQRFxV2dhA:gw+2+RYxSBY8w8cAJ8OWF1g9xQRvVghC

Score
8/10
discoveryspywarestealer

Malware Config

Targets

    • Target

      EN-US/Aut0W0rkplaceN.dll.mui

    • Size

      2KB

    • MD5

      a311c98e7cb3bc2c6f4ad9ca65e95810

    • SHA1

      481168e5c9437731ab632fcacb9c88471c008d6b

    • SHA256

      799cf32fc0515a4bcc0388d0d39618d9c67ee67a1c2000d7344c5a8120004e2e

    • SHA512

      8eefd67ab748725145db643dab47f608b66582c194e42ed412bfe31f26c36b2bd2c4e157fa1bfaa582c697de267c242e5e809be109c7ab3f61f19bd6812e416a

    Score
    1/10
    behavioral1behavioral2

    • Target

      EN-US/avicap32.dll.mui

    • Size

      8KB

    • MD5

      a5696b2d379fb322c7ee1e18c01ca920

    • SHA1

      0063d4f4814d4565334b5937fd83b56287ab413a

    • SHA256

      cb852e13a323c8e226b9bccc7786df3c55e4be16d9d63f4911ea0565ac879a9c

    • SHA512

      01e93385f90fd0a25d8c7da31704cf8d04596113fbc9c19199506bbb5ba978f974c65a636ea663fec0c32408a931499814f806091ef7b3d9ca59c26fa01cdabd

    • SSDEEP

      96:9XIEThBLwopUCfwpyIR3M7Pel5LdDzdlSjrviqEtp9JhZ47/5PYBtTdbhFYIDiqf:KKxy3M7P5vRULZ4S5HTbnWnUrTWQ

    Score
    1/10
    behavioral3behavioral4

    • Target

      FileSetup.exe

    • Size

      730.9MB

    • MD5

      b54f9a72ccccd392b935176250224fe0

    • SHA1

      ecfbeb24e407299b06f2e373734d2ceef245f338

    • SHA256

      e255a222ca8c53634531b79fd8eba293c35c028cdfa7221345484eaecdf5cdeb

    • SHA512

      e26fae7fe9360ea8aff6c8c50c666b9bf4aeb45c8219ebf90ce4b690b890df48871c1c0b3fb8f561ee09dd2d8d221f6a123cb964fa6d7377023109d064d3f562

    • SSDEEP

      393216:WttM57QLidBt+cLB5CW4/U9ekJcy0ytgqoPolc:WUcK+cLBAx/fkJcy0ytHoglc

    Score
    8/10
    discoveryspywarestealer

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks