62b74a688d22bfdf20f673a351580029d7b9de67c6facc9a5613b22b3f798968

Sharing

Copy URL

Twitter E-mail

General

Target

Shadowsocks-4.4.1.0.zip
Size

4.2MB
Sample

230721-vcadaafd92
MD5

bb8fabe90e342c166aa227ad9978e36b
SHA1

1aab2b5f41c1c90ba8024c5a8bb8f902e7600727
SHA256

62b74a688d22bfdf20f673a351580029d7b9de67c6facc9a5613b22b3f798968
SHA512

6a52eb8a3a7410a5d3ff858d4f79ca7dec46250341262b7fdf76752070c37a3406e7000e12619dbc2f4eeccdcce2534f57cac2f7c6634925483fc00eb437f6cb
SSDEEP

98304:cqSVdlKKPgAJDGINBhXDItp4F/nrlApxL4ZuT0lTB:s8YP3TISf2PEuU

Score

7^/10

Malware Config

Targets

- Target
  
  Shadowsocks.exe
- Size
  
  5.1MB
- MD5
  
  f586a79bc66c029745324780aa5995ea
- SHA1
  
  e028b13e304f3c2ac3264560cc16ac16374f8ac1
- SHA256
  
  afd2adaeebbe7c77b91ff2b899a282abfabc9afc1b39ea8a9a89e5a39306e749
- SHA512
  
  b8e3c82167cce637e5d9fdec109618aca2978b4390599b0eaf78e8b65fab6c544edd8d1a205cbe81dfadd76461c145f1568ece40b97e8bf46383a63438eaa5e4
- SSDEEP
  
  98304:nC8GIY9g74W5BaBiiwZclBdLHEzr31un7toLAWoB0BFd:C8b74jIiIcBdLHWhuuMx2
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  fr/Shadowsocks.resources.dll
- Size
  
  4KB
- MD5
  
  6da4b266d46435e6d908c50f3050b3ab
- SHA1
  
  28265d1651dd89ef64afde0de06f464d0cda62d6
- SHA256
  
  1847a7a1107ec533937de67887a7b7b2711d66d8e6d954897f9cc554a512d507
- SHA512
  
  5d922f5c7a0519225ed34972adf1fc59ac494196df2b3471cfe1ad718519aa12f2cbbfdb49cc3e351ca4b1c4e63a0642803bc5e1fd54b2d0b4af73439a02d401
- SSDEEP
  
  96:YNaJpClkFhoMQ7FOwBlcTnpz2lPcSVAsf:YMposhd5pSS8
Score

1^/10
behavioral3 behavioral4
- Target
  
  ja/Shadowsocks.resources.dll
- Size
  
  4KB
- MD5
  
  93f67f928be772370a2a555ed23c4812
- SHA1
  
  0864a3506c44b74c94766b0b611eafba827be010
- SHA256
  
  36324a3ed5fa25d49dff0b021a02efe829bace83688483433172111a7d76117f
- SHA512
  
  02b3a2ed6e44f500ad300792485f9e7cbb8a6bc09953a84362ab19f999ce6ce1275ea3c3c066f90925dbd837fc9223ca33a3ddbe7bb10b04aefd69736054f7fd
- SSDEEP
  
  96:YOGCSky5MuqLkww95gXmeZMlPHylSesf:fGHnj+PZM9A8
Score

1^/10
behavioral5 behavioral6
- Target
  
  ko/Shadowsocks.resources.dll
- Size
  
  4KB
- MD5
  
  74eda354447f02009504f696c10fa054
- SHA1
  
  ab3865b2f893bc00ed643ccad56d9a9690766427
- SHA256
  
  41842a45eb491a9a45480e0758f32c57af7423e26596a802bd81ec7a8cd6ed0f
- SHA512
  
  4e49ddcfa02edc7b2b2744e90ca67162bf636229e6eed549784222bd6dbfa9beb28ad679d46ed21e16f967b38f8e73ae1ca34168429716e490901f0acc773fdc
- SSDEEP
  
  96:YgvrGCSkykMJj11wLuj2yp8SlPSbSesf:tTGHnPcymSs8
Score

1^/10
behavioral7 behavioral8
- Target
  
  ru/Shadowsocks.resources.dll
- Size
  
  5KB
- MD5
  
  9d071acf8d294a1c9522331ecb45354d
- SHA1
  
  eb48b9bcba782a35e62bb1bd82b32ff23b704920
- SHA256
  
  1623705e7a5518f15a72ca47cf07d3a484efc8b8b07d8f51e920b81bec9b4a6a
- SHA512
  
  643745ffe88a3bc49a288a08ea4ece17cfbda2c8aa6fcd2a457140b09ec8b5cc0421f024b0b4621826ca9db428a0daf7f1978e65f0146f7006f21335008b001d
- SSDEEP
  
  96:YpClkFLuMLHwAw2ctkCp5RdNuad+lPuqSHsf:YposLDCdNuago78
Score

5^/10
- Drops file in System32 directory
behavioral10 behavioral9
- Target
  
  zh-Hans/Shadowsocks.resources.dll
- Size
  
  5KB
- MD5
  
  3888d2bc5601ed781f286fd5f0a0f80c
- SHA1
  
  e2417718bc1e8e20645c6a2cfceee300bb26b7bb
- SHA256
  
  36c769006ce4afbf877a34fdb6f5d09702e5d61231467b92c971d1d5dd92452a
- SHA512
  
  c3ad505a37d71cdb4ee27d21fa20c22588c9e48a8fe32523514de4ecc24b2472259275f91bb3bad55194222f033eae79c788f97805bbb2f88380e8fb621cb08d
- SSDEEP
  
  96:s20GS/MM1VImwwZRerUbDGmQxJ+KlP4uS+sf:s3Gbi2gKyu8
Score

1^/10
behavioral11 behavioral12
- Target
  
  zh-Hant/Shadowsocks.resources.dll
- Size
  
  4KB
- MD5
  
  d32ed24c2ff0629f1b08c75a03ca7efc
- SHA1
  
  d0da6b0cff90b6d406e32db2a0d624d6cdcd1d5d
- SHA256
  
  69e04655a5219353675256ee279c9731fca214405eae0d879d3186638594859b
- SHA512
  
  303634bc1988bbf633eb208abfeb7735336548ff4e11ff7db41cddc1ecfbd36e18fe27934cda58b038304bd6918ff9045d645aeb4607eb81486e60e88fdbb653
- SSDEEP
  
  96:YNoemCykJhM6tA+9T+Pc/PyaGNFZ2ocKlPOqSysf:AoemnkNFG7ZEKn8
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14