e3026e2bd11e4d1f35c49a32bdc24d1b29dd62394d68c51361f590ff7886e091

Sharing

Copy URL

Twitter E-mail

General

Target

e3026e2bd11e4d1f35c49a32bdc24d1b29dd62394d68c51361f590ff7886e091
Size

8.8MB
Sample

231003-vcc46sff98
MD5

d4f571e435e6da2cf54de74cfb402ab8
SHA1

e7946566076374f85a12009373fc8c9e20447b9f
SHA256

e3026e2bd11e4d1f35c49a32bdc24d1b29dd62394d68c51361f590ff7886e091
SHA512

cd6129454c08726c39c0b8f07e00517dc8a6b704f21ed24a22db52d86da53c9bcdca590028621a18a0eee1f3d754db8cbf3ecbe4a2069145df2c46344d005e85
SSDEEP

196608:7m5fGsNb80iKwnH27WjVSuI9grI6KJ7u0AhTY2mpm/S9nNiQF2HVi:KQjfnHSgVSD9grI3Izhv8mKyJw

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  Tools/Colors/Colors.exe
- Size
  
  2.5MB
- MD5
  
  e0e1a7c2b7ee4470f46a9055bdaba5cc
- SHA1
  
  1185fc5ebed00a770aec9674b0a594bd3e45b80a
- SHA256
  
  d995d400fa9d55a28df45c4a29ccc4206122186a857ad82b99e93181757f1db8
- SHA512
  
  c7cc745bbdaaa13c38018dc7c05c2386cdc1ee6ba7d8150fddafb29cf65136f0e245e00bc2612742cc623d0d47c3ea50591bb2cd938702d2da51e319c7b24899
- SSDEEP
  
  49152:DbGdnmDZmITazcxMu+YMQ6jJ1rkeSj3yYebFV6Guh1gRPR/:DKIDZ9mAxMYd+1Wj3Ebr
Score

1^/10
behavioral1 behavioral2
- Target
  
  Tools/FSCapture/FSCapture.exe
- Size
  
  5.2MB
- MD5
  
  6bd1e86e1667a96ce7a3d462481db4c5
- SHA1
  
  0f2ba500b3f0258d80484a80284165b8ed0474a2
- SHA256
  
  a5bd5bdb5466979e7b93e9011f1d1e36d26bfc8e89006288aa8d67ff6418f30c
- SHA512
  
  39812ab2b08753d3c561ddff4bf2ffb78ff9fb435e088c4dcab9c12190bccebf46bbb2b3dbbf71f97b9a559abf94f1ca5db31aa57755e0777f6c238f140d8708
- SSDEEP
  
  98304:xJ9v8CKhkZZsCXdvMoK3Z86Korl4hqtJoFyMwBiGo/Mmh5d:xJ1K2ZZswS3D6Ujzixvh5d
Score

3^/10
behavioral3 behavioral4
- Target
  
  Tools/FSCapture/FSCaptureHelp.chm
- Size
  
  151KB
- MD5
  
  6bc96d6f2e201f037bddf72c290091be
- SHA1
  
  6f102bfc7f6724eaccdd2a35cb7c69c17d0144cb
- SHA256
  
  76cf8e8d27dd075448cf1d13e4dbf7bdbe286f1675b6c1ca4a0c10f549457804
- SHA512
  
  42d3eed5b9d074d099a2ed27ff931d2eed8c809faee718812def6d991c8f10d2601a2d80475dbb8e99f9f58d7ea8f03d306b1c67c583e1913fbbcbf1ab27e277
- SSDEEP
  
  3072:9LEq24W+xNFIVUfjhdCOi8IwYQA4WoY/0sw4e9y6nG/G/en/qTY1dz:9LEMWUMVUtdCO0FthNw42vX/6qTA
Score

1^/10
behavioral5 behavioral6
- Target
  
  Tools/FSCapture/FSCrossHair.exe
- Size
  
  408KB
- MD5
  
  37aba64f06b6eccc10efccc98cc60477
- SHA1
  
  1ff39c96ecabaf3c6c85040f8effc126fafc44be
- SHA256
  
  1b95f83b29017d137153a754dd3a47c68b1476cf11798f4d3ec26ee10d06deb1
- SHA512
  
  5514a1146fa9b877d35927dd484b4162b63e17a81d00538b6e386822fbf233ce1f053adedf5e9c68f2f1c538eab94dd77905063f7d2ff4384370d52a689f0ff7
- SSDEEP
  
  6144:k4NelB5rmxgIqbnYyxM0h5EoJT1/rNBu0O65zFwomR3Vf1CaejctXqpyQ:JYBpYgIqbYyM0hCA5rNBR5woACJgtG
Score

1^/10
behavioral7 behavioral8
- Target
  
  Tools/FSCapture/FSFocus.exe
- Size
  
  391KB
- MD5
  
  9c43be495e8dcda243fb4f12f506f162
- SHA1
  
  8dd527d8bbd3b546801beadce95cf32e0e02477e
- SHA256
  
  dcb0994a7515899907fe69529ab99306bdd809491fba6c53a6c1b3c4add8e484
- SHA512
  
  499ee08a3d7bd86a6b2ad8b5f63a33cdde5e190a349c50a3d7f2a288bee90e8abf0903effa2d67eabcabe59d2246f40b89f4cea94a808a5bea455f29e6f4e975
- SSDEEP
  
  6144:40a41VEueH7LGpEAkik7XQTWeMTMfWg0l+ORcpmVTC5JWiOtUYFDug0:x1Vtq7LGpEATkjH/TFvRwxkRUqr
Score

1^/10
behavioral10 behavioral9
- Target
  
  Tools/FSCapture/FSRecorder.exe
- Size
  
  4.6MB
- MD5
  
  b88643ef8f59724abb8006d2bcb0dc07
- SHA1
  
  48970ce8c876ef49588ea2fc72e87ee3e0c0612e
- SHA256
  
  35ae91e328ea4bd8ebf523672c0a72b3977240435b309eb5c24ad39b35702aff
- SHA512
  
  d5a6902676ca2e420d50b619a42a87d8b3d6fbbb411d504729dea6b022118dfca2dd20ddd8e681c10aa1cc9c0d975860b46134eaeb890c0c56383a265f10b52b
- SSDEEP
  
  98304:+a+thB1T2r/KrmHIWMdp3dMzG2/6Zhq0Vlb4TL:KhnTsyraIWMdp36zeXqCU
Score

3^/10
behavioral11 behavioral12
- Target
  
  Tools/HotkeyP/HotkeyP.exe
- Size
  
  344KB
- MD5
  
  77ae2171da77ea05d1cbc96a83f1e64c
- SHA1
  
  29ff22fc2ec46e1011ce262a4c3f5446c3b7ffa7
- SHA256
  
  3cf992880584b44f8d61a1fa9d846c8a1ef10cd5c4b66a8cd5a75c8624d27794
- SHA512
  
  f3bf93007be0e7818be746026e47c6a225a45b02d044fae765c81a11268c5d0e0cb4451bb067a35da15a57294108a1f3abf3caadffd505ddddb27b2116572a0a
- SSDEEP
  
  6144:j7Chjf2kV+HpCf63AmvIgJTKViMCTV1ZR0qHRciK24XjcUI:sTbV+HpCCwNg4iMWkTk
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral13 behavioral14
- Target
  
  Tools/HotkeyP/help.chm
- Size
  
  21KB
- MD5
  
  601f51f0c47de895e7815112b899e8c5
- SHA1
  
  1350b063b1b130f47b0e65af20b8d508144dceb5
- SHA256
  
  17d45eaf9c6f70de69dfbb553f96f88a8702a29f905d1459d47ad04a25de7aa7
- SHA512
  
  cafea1936bfbae1ed17074884a58b0905d4ef9c52d99bd89ce2cab3af9fc4e363ccca07f7b64b170639cbac80e1785b6514f3dc7234292d96ee31d8f897eb6ad
- SSDEEP
  
  384:ZQYBle/OU5ERTQVu7G2JNRFC28CuJfhhdDg:ZFBeO1R7G4RVyJJ4
Score

1^/10
behavioral15 behavioral16
- Target
  
  Tools/HotkeyP/hook.dll
- Size
  
  24KB
- MD5
  
  552ab6bc5d18c66af0615d4af161b0b3
- SHA1
  
  00423c0abc5b5bd0960935436d8e6d594b892674
- SHA256
  
  b92b50e77128b7b1740f1f53407b55f4a6ed405a36978783bf19c82fc45876ff
- SHA512
  
  972e3587775021a09c0c7582de975d37ce4d6f8022c654ba7bcaed8f9be586f831bf1a9558952c09b57e9802e5f4904e01017c7b9ee0c69ec49107f765816d98
- SSDEEP
  
  96:/DCPFFAITXyGg1741L9UMpt3e64+OAbrDZ44RSP/q:/+PF2ITXRW41Lbt3e3u/DZBS
Score

3^/10
behavioral17 behavioral18
- Target
  
  Tools/HotkeyP/hook64.dll
- Size
  
  6KB
- MD5
  
  f3b923b9486849c6adf4970d57ba8911
- SHA1
  
  16a3361e7a0b46aeb1631c614f4f3a912851a031
- SHA256
  
  f629ffc9254f6a5bfeade41bcde0d03a7a90911048802adbf24ff129d086ff93
- SHA512
  
  01d8511eda5c8cfc46f6bbabad86f24801d9e04b88ac38f315b1c3ac302c46d4b28d0ef7666e6fb739be7bcf9b523cb374bd01709fffd9a118a55902d3b6e38b
- SSDEEP
  
  48:a8RG9kewNzlW6VYZrhY3GS5QAF2Gyti8cGW6awcukiiQphll0U4JQ+IRhIRuqS:1GoFlW6eMGS2pinCanuNiQXf74RgYx
Score

1^/10
behavioral19 behavioral20
- Target
  
  Tools/HotkeyP/hook64.exe
- Size
  
  5KB
- MD5
  
  02870169c2275f8093d27ddb8e66d6a3
- SHA1
  
  6e87209abeaf020625fb195d34d0f187fd1b7abf
- SHA256
  
  1e50aa283a218b9815166877e73d9a25ce227996cd38ff92a3846b9918a555a2
- SHA512
  
  bb84987e218b99ce60709fa3327482ff29b8bec77cb02a54de89c19a318dc6fa6c387b17f3065f791b64db41f3290abb76f8d69b6074faae510beed45903145b
- SSDEEP
  
  48:Sbw9/E0wD+gr+gZ4p8qLNBEy2I+UnyyF82H04JwGiVhURuqS:bPgrFJqJb29Uyg82U4SRkx
Score

1^/10
behavioral21 behavioral22
- Target
  
  Tools/HotkeyP/spy.exe
- Size
  
  20KB
- MD5
  
  f8b82d9eaf3abc3379bb37e119ef55f6
- SHA1
  
  e0d04d3d8f276522a43cadaf0f3bbe7d2407898f
- SHA256
  
  9443c379cfa94f264473f2bb44e2e7d10543c27baccd303532e08f966ec0963e
- SHA512
  
  99329df75f96149973d1f73654c43572db447d659d73ade7913a96df92eb1a25f6c488e445a085571e1f6f20dfc87ab990595fd5c3b0658a85b9a4ceaedb70b9
- SSDEEP
  
  192:ZzvaLO7BeH4Iw2b69bTHz9zlD3AmM412PBkP1oynMVMc2:JaLrH4D9bTT9BDHEc1fc2
Score

1^/10
behavioral23 behavioral24
- Target
  
  Tools/MouseInc/MouseInc.exe
- Size
  
  1.2MB
- MD5
  
  f91badf0ffd4c981ecc18bfd27ba3c61
- SHA1
  
  277b37889536d71c69eb01eabb0612ae3f998bbf
- SHA256
  
  2007971f7c44dbeaa0c6d2f06933a1f0b8f0e228a67257149658f40e2b8b6ea8
- SHA512
  
  e5c4003a8cbd68297d539da6377e00203bc115bef6c8f257e92befc5983905fff7b89c0f60f975543ae89a120d525f3c30cbe8a5c432fb70e9ca9c5d23995d0c
- SSDEEP
  
  24576:SACAM65EglFPp4hNqSB4YbH1Sn3nx/ny9:SACAM6igrLs4Egn3xvk
Score

3^/10
behavioral25 behavioral26
- Target
  
  Tools/Notepad2/Notepad2.bat
- Size
  
  757B
- MD5
  
  247efd2debf1c0f8480aa42dde02df95
- SHA1
  
  6b19a0cedb8e8adc64f105af7d44c3928512ede0
- SHA256
  
  3f017f8303f1a926697a29d4c5a75bf36b952d96399ace617b65a1b12c52ce11
- SHA512
  
  e201d74bb6d58fa1976619342f24282d7fac803c1d496f0b74c50f21f0f64d27fee147d1f8f30bcbeaa5a55416dae5a2464e7b5a1376334fa933ba5250173c82
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral27 behavioral28
- Target
  
  Tools/Notepad2/Notepad2.exe
- Size
  
  1.4MB
- MD5
  
  714fbba5e9be0080b0a7036a5dbf481a
- SHA1
  
  ece9f9c4b05c33564320b63e269420cf50af8649
- SHA256
  
  eff06b85a8ab54bb6752aa5c778dbde5da5c07413607fa11b4bfcf35d8a82c87
- SHA512
  
  f5dd18c8dd7d9d9d047530ee6094e01ff5d9380822fe7e21ffe995f5f297ac912aa65ba374bc6b2b2fa82794ee282076bf89b9069a47262500fe5748c7e573ad
- SSDEEP
  
  24576:2ELttK8+xBuKhpSK438pckG0WY9gxdvAp2ei9tige/5iXdufl7RUvOIxWnR7NPez:2ELtPXIA2H9NbAdtstnwFfLQA
Score

1^/10
behavioral29 behavioral30
- Target
  
  Tools/ScreenToGif.exe
- Size
  
  2.1MB
- MD5
  
  d5f92442cd49154d532fbdaaf9c7beb1
- SHA1
  
  531df46cc577e3b9280357fbd3530e58c8d82099
- SHA256
  
  97a9bd4b5ca68cd1a5cf93b05d2124bd56c01d37d08daad7329c00bf839b4c0e
- SHA512
  
  39a560fe66f124697e555b5040ba09679a387bd06e9759f45f405703725f3c449c962e5ffb4b035fdb86347871e5dd965194bbdfc931631d2d73ebc8479d0f3f
- SSDEEP
  
  24576:CTfpdCSpgtNf7hyjACOBUlIDKi8dC/6hO56hOTGlD0y:CTMhCACOBUGDKi8dC/6hO56hOTGl4
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Adds Run key to start application

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32