d98cf4a908148155fbf73bf7b134f2050b5ec74cc47a84f7196b00b13a34ed93

Sharing

Copy URL

Twitter E-mail

General

Target

Trojan.JS.Youareanidiot-main.zip
Size

39.9MB
Sample

231105-tdyltsad32
MD5

68b723829477a5c0e603b1fdbb71e0bd
SHA1

2be2cce224d1ce7103fe7d0f600e6b3866e194d2
SHA256

d98cf4a908148155fbf73bf7b134f2050b5ec74cc47a84f7196b00b13a34ed93
SHA512

64a96ef64f3b6b5df226031b576e3e8ea8674140343dff27518cff3ca218993f6c25c4c1b813ed791084d524bb4a67880de85fb21e0088b929f18d60a4d8bc83
SSDEEP

786432:4MsmSLhNqXOJIwE7mOhXzGx/0jl0LMsmSLhNqXOJIwE7mOhXzGx/0jl0h:4H9qXoBE7mGXzGFU0LH9qXoBE7mGXzGN

Score

7^/10

Malware Config

Targets

- Target
  
  Trojan.JS.Youareanidiot-main/Mostly Local/Idiot!.html
- Size
  
  1KB
- MD5
  
  76b5f578abab7155e4f98e50c6ca24d2
- SHA1
  
  76a3d945b025a5c5830020cd4b59c78c00458663
- SHA256
  
  5e75e3136044b5ae53de976f2cb2f21c08e3fedf680c6f82cbbf05f5c29ccf29
- SHA512
  
  70e1b6d6e2146792c1e3d67a36dbcf69e2d5ddd09519de2e3c66d132775e91c11d96b2ce22588b635f821882645cc5da0f87832c17d8b14cf10ffb0332dea514
Score

1^/10
behavioral1 behavioral2
- Target
  
  Trojan.JS.Youareanidiot-main/Mostly Local/Idiot!_files/flashplayer32_0r0_371_winax.msi
- Size
  
  20.9MB
- MD5
  
  ee8a1e16c9c520929c565ea7c97b3189
- SHA1
  
  77fe833fb091475fd4cff01135273731c64d04c5
- SHA256
  
  06adb72a820e100c2ce2bf65605bebf835fbd0447b882a9ed6e99a340ba0f843
- SHA512
  
  c480be9096a4f4f384705f0e91dc3887ce507fd5670e64f571f8abcb079cdbdd07b85b9a1576cc97bb482adb6b8f12f33a5b0e17f1a27860b4321a1d673c614b
- SSDEEP
  
  393216:mktMY5dmLqNyGgUVuXb9eDjtUj7gNZyQLfrtjJ1b9Rd9vwRQYiPzDaOg:PfmewkuXpYsykSjJFb0RQbft
Score

7^/10
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral3 behavioral4
- Target
  
  Trojan.JS.Youareanidiot-main/Mostly Local/Idiot!_files/idiot.png
- Size
  
  12KB
- MD5
  
  c25a5b5f9c57ee2b0450ba6000232f21
- SHA1
  
  ed2caba08975fa207119fb1b895b516506f41af2
- SHA256
  
  cd87d30c5ccd43ee025ea376fe4a4f6636e6760de8113713eb55051b0a11fb35
- SHA512
  
  360d9c7740ba9206e6ac1108039b2ae7b7214944526c605ed9158b2d6009d849c0f37655fbbca8456d14ab2df1b62adb323195442a39298bf34ce50f62fc5aea
- SSDEEP
  
  384:jrh0V98XcgRo0GZWib5Ddr3c6EG+m1HCFkV:Z0VO/cD1c6EICFkV
Score

3^/10
behavioral5 behavioral6
- Target
  
  Trojan.JS.Youareanidiot-main/Mostly Local/Idiot!_files/swflash.cab
- Size
  
  224KB
- MD5
  
  b4b293b6e67c747fe473a1b01f427927
- SHA1
  
  bd17b437783e7a58e66b484d9899b4ca3a090301
- SHA256
  
  451ca0e57eb064feb5671f49a02f430a3b9f8ca73c0470081b2a82574f1380b8
- SHA512
  
  ba6ed723383eb672b9a02a4e84fbf259b26217b5ba96e72d640a5b159948564f85585416a352710e7f97c3c1f27097bdd7e44439b81815e704459a06a5b8c59c
- SSDEEP
  
  6144:TJzPE5PGQuVd0fjIg+Vrw+zAZ8ZEwI2C+UEj2DVbgK4Eu:TVAhuVrg+Vs+zAmEw2+z6VTju
Score

1^/10
behavioral7 behavioral8
- Target
  
  FP_AX_CAB_INSTALLER64.exe
- Size
  
  757KB
- MD5
  
  c7a36096c3c7fe45a70fe9375cabfbd7
- SHA1
  
  a8ce9a12c963874a28cf067eb4f187d63e82f356
- SHA256
  
  b1124fb749b2e46e6d5e572b28f847f20c3432dc693c41c765b569e17485d95b
- SHA512
  
  06c9eadeddcdd5c4274b430336c96d39ee3df2fa6814272cbf937e24a8f07661bad276de9486fb5570202855b97e7a1fa266d4f36885457215f581fada88000b
- SSDEEP
  
  12288:FZi53OdV+TLBLD5bHoIP4+9B7OzbgxyT08CAAAAAAAAAAAAAAAXAbAAAAAAAAAA6:FZ23Odc1R94zbvT0bW
Score

5^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral10 behavioral9
- Target
  
  swflash64.inf
- Size
  
  218B
- MD5
  
  60c0b6143a14467a24e31e887954763f
- SHA1
  
  77644b4640740ac85fbb201dbc14e5dccdad33ed
- SHA256
  
  97ac49c33b06efc45061441a392a55f04548ee47dc48aa8a916de8d13dabec58
- SHA512
  
  7032669715c068de67d85d5d00f201ee84bb6edac895559b2a248509024d6ce07c0494835c8ee802dbdbe1bc0b1fb7f4a07417ef864c04ebfaa556663dfd7c7f
Score

1^/10
behavioral11 behavioral12
- Target
  
  Trojan.JS.Youareanidiot-main/Mostly Local/Idiot!_files/you.js
- Size
  
  1KB
- MD5
  
  0f2443c5a2e2694487e134455cc2cac4
- SHA1
  
  54caa6da51e9de80aee8f29d0fa3f9a3ce38d0a3
- SHA256
  
  7ed2b253fe8bfbbb4c08f3390b23b55158833796d081529b507e61de6dfe2f6f
- SHA512
  
  edc95d265d1bdb441ed113a51ff9f4dca3a3d0bb5f00f0078f3086f433795baf26af104e9f4623598259f625b739e5c81ba0fce727f78ae4ad7dc56740b24395
Score

1^/10
behavioral13 behavioral14
- Target
  
  Trojan.JS.Youareanidiot-main/Mostly Local/lol.html
- Size
  
  831B
- MD5
  
  24c112429e44246bd7ba142637045f0e
- SHA1
  
  e094de4e53b6be071c720f45fa6786bae7546a2b
- SHA256
  
  d062d283a9e4b6418df033018e452f3e309dc5a61729c182f45c2a01d3eed625
- SHA512
  
  28431544cb21f1efb6ec28af58b80d19d4e28c5de460f62164076f63618ef821ec195ee7eba387647d706c83f8ff0378a8ff5664c0225361de15d71cdc2127b5
Score

1^/10
behavioral15 behavioral16
- Target
  
  Trojan.JS.Youareanidiot-main/Mostly Local/lol_files/flashplayer32_0r0_371_winax.msi
- Size
  
  20.9MB
- MD5
  
  ee8a1e16c9c520929c565ea7c97b3189
- SHA1
  
  77fe833fb091475fd4cff01135273731c64d04c5
- SHA256
  
  06adb72a820e100c2ce2bf65605bebf835fbd0447b882a9ed6e99a340ba0f843
- SHA512
  
  c480be9096a4f4f384705f0e91dc3887ce507fd5670e64f571f8abcb079cdbdd07b85b9a1576cc97bb482adb6b8f12f33a5b0e17f1a27860b4321a1d673c614b
- SSDEEP
  
  393216:mktMY5dmLqNyGgUVuXb9eDjtUj7gNZyQLfrtjJ1b9Rd9vwRQYiPzDaOg:PfmewkuXpYsykSjJFb0RQbft
Score

7^/10
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral17 behavioral18
- Target
  
  Trojan.JS.Youareanidiot-main/Mostly Local/lol_files/swflash.cab
- Size
  
  224KB
- MD5
  
  b4b293b6e67c747fe473a1b01f427927
- SHA1
  
  bd17b437783e7a58e66b484d9899b4ca3a090301
- SHA256
  
  451ca0e57eb064feb5671f49a02f430a3b9f8ca73c0470081b2a82574f1380b8
- SHA512
  
  ba6ed723383eb672b9a02a4e84fbf259b26217b5ba96e72d640a5b159948564f85585416a352710e7f97c3c1f27097bdd7e44439b81815e704459a06a5b8c59c
- SSDEEP
  
  6144:TJzPE5PGQuVd0fjIg+Vrw+zAZ8ZEwI2C+UEj2DVbgK4Eu:TVAhuVrg+Vs+zAmEw2+z6VTju
Score

1^/10
behavioral19 behavioral20
- Target
  
  Trojan.JS.Youareanidiot-main/Mostly Local/lol_files/you.js
- Size
  
  1KB
- MD5
  
  0f2443c5a2e2694487e134455cc2cac4
- SHA1
  
  54caa6da51e9de80aee8f29d0fa3f9a3ce38d0a3
- SHA256
  
  7ed2b253fe8bfbbb4c08f3390b23b55158833796d081529b507e61de6dfe2f6f
- SHA512
  
  edc95d265d1bdb441ed113a51ff9f4dca3a3d0bb5f00f0078f3086f433795baf26af104e9f4623598259f625b739e5c81ba0fce727f78ae4ad7dc56740b24395
Score

1^/10
behavioral21 behavioral22
- Target
  
  Trojan.JS.Youareanidiot-main/Mostly Online/Idiot!.html
- Size
  
  2KB
- MD5
  
  1ee06193bd858b693cff2ba6d7870c5d
- SHA1
  
  f07955983e8ed8c76a947629b8310bd51bccb2fb
- SHA256
  
  7756de87f1fee7112ef50a06c9cf64187041a07cab1681a48d1e529105884273
- SHA512
  
  92b96a1efb3dc64e051cdf9b3ae1d63676cf28cd5ec94630f12c7dbe99213c6d360134d672340c99dee074efd592a72ccd68ef6c610db359012a42dc96a152d5
Score

1^/10
behavioral23 behavioral24
- Target
  
  Trojan.JS.Youareanidiot-main/Mostly Online/Idiot!_files/you.js
- Size
  
  1KB
- MD5
  
  275e9ad779553160d5cdc5f55be61c0c
- SHA1
  
  5282f731e0efec0481421f8d6a4bea24638af290
- SHA256
  
  c6869abc2db9309edeab76c79e44e4e91e500ceb37329906c4a5944228619af4
- SHA512
  
  45be29b7f11a2d8d5624763e9b0a64cfefce4626153ff2aaca72219bf6ba217910f4166539938f9eebf7f31f1f203754d8ca8426ae33b4ff2bd63845ae3a9bad
Score

1^/10
behavioral25 behavioral26
- Target
  
  Trojan.JS.Youareanidiot-main/Mostly Online/lol.html
- Size
  
  932B
- MD5
  
  dc3daa72e92dd02f70f667d52ff570d1
- SHA1
  
  4183d006b8c4e3b8f4f6aa44a310dea9e2631975
- SHA256
  
  b576556e51f4bf0546e891d51b834c284e5c43c9de92a81359c192cdfcbfaa47
- SHA512
  
  f94f120555dfec51bef92b69ec0f9c2c705b94263b43d4b8b0b346272b9d246bba1f26c2ae315e14fcc52a053b3cc3f9c37514b5763e6c68d11f2262e0f1aa73
Score

1^/10
behavioral27 behavioral28
- Target
  
  Trojan.JS.Youareanidiot-main/Mostly Online/lol_files/you.js
- Size
  
  1KB
- MD5
  
  275e9ad779553160d5cdc5f55be61c0c
- SHA1
  
  5282f731e0efec0481421f8d6a4bea24638af290
- SHA256
  
  c6869abc2db9309edeab76c79e44e4e91e500ceb37329906c4a5944228619af4
- SHA512
  
  45be29b7f11a2d8d5624763e9b0a64cfefce4626153ff2aaca72219bf6ba217910f4166539938f9eebf7f31f1f203754d8ca8426ae33b4ff2bd63845ae3a9bad
Score

1^/10
behavioral29 behavioral30

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Blocklisted process makes network request

Enumerates connected drives

Checks computer location settings

Loads dropped DLL

Blocklisted process makes network request

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30