783f9ce000a059a8e67cc8aaaa4e470b7d2e262a9f36abc049ea55a0eee8c76c

Resubmissions

01/01/2024, 09:33

240101-ljj2maadb3 7

Sharing

Copy URL Twitter E-mail

General

Target

tor-browser-linux-x86_64-13.0.8.tar.xz
Size

107.4MB
Sample

240101-ljj2maadb3
MD5

6103309ddb847f63021974d5a9dd1af5
SHA1

d2d0d0a1848cb3ff74465efb6a5f0f29802d4c26
SHA256

783f9ce000a059a8e67cc8aaaa4e470b7d2e262a9f36abc049ea55a0eee8c76c
SHA512

fe152008ed577ac108500f857ebc787c43ca8fa8ddf621400ac829158ca2e9e5c064af4f28f74a227c75667d46844a040e766c44cfea2bfe2b5fd28beadfa337
SSDEEP

3145728:TpKFYkd+Hf6iwcTWdhGdE22euMNgpEpikn:FGYpi5ciTdWFg+i4

Score

7^/10

antivm linux

Malware Config

Targets

- Target
  
  tor-browser/Browser/TorBrowser/Tor/PluggableTransports/conjure-client
- Size
  
  8.6MB
- MD5
  
  697dd4dcc386ad86dd14316ed7b4164e
- SHA1
  
  012b06426e7077faa81ac5f8056cc7297e721251
- SHA256
  
  f78458009914e324fde0555ddfe548d02e294ea9978f39e69b4e6abfc3597c6e
- SHA512
  
  d4fd587fed648ce3c7ee6c6685a87b9cd3853067d31eed7957310387fd5e470825837c6700000c11369b6755b58e616e2306bfd74cf5dd0e0a303fa28b74de8f
- SSDEEP
  
  49152:hLeUn68I1xlJiZa1PQgPYvblYOzu6g1aJbwhKMU6gGvmuHIryy0YQ59aAGJ5EkUE:ZvoxlXZQXeDbFU67RHZzUET/fAXnLsO
Score

3^/10
behavioral1
- Target
  
  tor-browser/Browser/TorBrowser/Tor/PluggableTransports/lyrebird
- Size
  
  6.6MB
- MD5
  
  793432a0154c849fbbdf57b810b749e2
- SHA1
  
  f3d135029f3201cfb0206f6018a1ab29fceabce4
- SHA256
  
  cafa6c4082126ec5c2d3d7f69e1e79bc3046f64ae8934ce24227f8eb219f8bf0
- SHA512
  
  6488cc44a761625b82f1186dfdefbfbd5332fb6a2ce0179775fc2ce3b3a002b539541a7f1e033d7924e754bc72f7d967f719bfa4f2dabfbebe33ab12446390f7
- SSDEEP
  
  49152:bG6YufK+U7E6DBJFF8uaK/SNEEHEgKEmegnEquI50krUfy9j5ECh4CiTIzl0Zim8:d5+EY8FNEsEgnkhVECN0ce
Score

3^/10
behavioral2
- Target
  
  tor-browser/Browser/TorBrowser/Tor/PluggableTransports/snowflake-client
- Size
  
  12.6MB
- MD5
  
  569f64feb7547b953dde46294ba3481f
- SHA1
  
  cf6cfc0f42b44dc4058e3f1787819cc4d4fac5c0
- SHA256
  
  54aa7843f4599f3ebee11b5f6510ede121ce71d727243a17cf2cfc729a7c1cf9
- SHA512
  
  b572e782b3454a4aa78723737c47019887145ff9cd86929b1058ead39a304a4ea863349d680dbef36105984297ca11cee269874482332a6596f3aeade30ea8c4
- SSDEEP
  
  98304:GqekaD4JkFdQeJEIDZdKDd2oCpjdE4isTTo1CJXjBS:G3LQeJEIYooC0420JFS
Score

3^/10
behavioral3
- Target
  
  tor-browser/Browser/TorBrowser/Tor/PluggableTransports/webtunnel-client
- Size
  
  4.0MB
- MD5
  
  fac4f21609560fd26f08383497812894
- SHA1
  
  4a804f91ea195a185dd0db4fc9fa00324dc7584d
- SHA256
  
  ba69a83989c95be98cb76de0eed537d6a330465a274b6fa0dc3b1c86b50dd8d5
- SHA512
  
  c2ba8196850d7ae8d9c5928ed604efaf3d2b43f21305899ae13caf9e107a81fd2b4a0e1e2fb2d1b5659668efe926b971f2decec9f4d9641406b6434bc0ce2ba0
- SSDEEP
  
  49152:kqeONGBrka/5n7iQeHnexNqdo9MLwe5EvOQrS1rWS2m8R:TatQeySMLw0EvFS5C
Score

3^/10
behavioral4
- Target
  
  tor-browser/Browser/TorBrowser/Tor/libcrypto.so.3
- Size
  
  4.3MB
- MD5
  
  6c2b892a9f54d59b60d51bc5b645816d
- SHA1
  
  0d4883222bab928f024d6b4d6217b35a24d6d10f
- SHA256
  
  20dc98ad49db5aad594885ff2a79d4580e1366e08d6e80222470f03065568d2c
- SHA512
  
  af046ccbd58c712b4731ad19239d8cf00f1ca7cf84c1b1865822f97fa6282b1f8b7f957de8db1ba1fd9a80f0906f7dbebe1c71867fbd660e3e6959de0cad1c94
- SSDEEP
  
  98304:YeGtv13uFnCPwPssbrPRdbpztqrXFCDHn+lZm3PaDbxuDjhcZWZya8bqiAB:YeGtv13uFnCPwPss7j61YqmCUzZIb5A
Score

1^/10
behavioral5
- Target
  
  tor-browser/Browser/TorBrowser/Tor/libevent-2.1.so.7
- Size
  
  334KB
- MD5
  
  76ecc59cf03a14776096ab705379dbb9
- SHA1
  
  355f8334b1f45c73b33dd56e0fc52a15befef0e0
- SHA256
  
  ac9c728b83f8ac5b814f2ee4458f90e71330e7f960bc0505ac089c3bfa0f74a4
- SHA512
  
  5c926d4466f3a0aaeb8f9b87478e17ae3ad1bcd86b21ecf04b8196e30d16d5042e1aa7ff1eece39a00fa23ec89373552ee34923d874bc58bfcf242fcba0072ca
- SSDEEP
  
  6144:6ZE1dk2dbr5ntLJhEoM9vSMEZyaEbCNFunin:6w35nlHEoM9DtbCjR
Score

1^/10
behavioral6
- Target
  
  tor-browser/Browser/TorBrowser/Tor/libssl.so.3
- Size
  
  659KB
- MD5
  
  d4f50445702085471f31144cfa8d4331
- SHA1
  
  ec750921de82d563651affd5698e35d0cf588fa0
- SHA256
  
  a8ddd22f1ae34110f4b800f2d760b18d5e98ff8495fe7c49c8e8cd10a22e752a
- SHA512
  
  3d8f975f6700fe6f5abd7695dc42cf7fef4f43b89e34772de1cd98686cf501808b451ce749902851d804fba7340001fa6d4b081316709dac0262352c1fb3df11
- SSDEEP
  
  12288:Pbt3upJ3W0S6pr0soyIRJdXOPKDCTDPjg:zt3upJ3W0S6R0soXJNOaCTDbg
Score

1^/10
behavioral7
- Target
  
  tor-browser/Browser/TorBrowser/Tor/libstdc++/libstdc++.so.6
- Size
  
  1.8MB
- MD5
  
  c5d5c0baf36c6c3e505d56f1a0ecff4d
- SHA1
  
  e9f83e2a3d5774dab435ad1193263d6c41368278
- SHA256
  
  d015803ac62c46cc12cb7573d712437e890a9959f9220f0162385e411a2c81d2
- SHA512
  
  22f986c373fe09b7457756ea82800129ca7363a72a7bc20f9852fd8de092a997e6e0ad190831c468824956f2e48f0ac61bcf07103d21e497b6fde78cf5cbcdb2
- SSDEEP
  
  24576:8k/8X/gTDrwwJwh7eMJU7pc//i29vhCzXd:/TDcQwhc7pc/68
Score

1^/10
behavioral8
- Target
  
  tor-browser/Browser/TorBrowser/Tor/tor
- Size
  
  3.4MB
- MD5
  
  a1d9f0e5c68765e9f629190d8bd48998
- SHA1
  
  50ea4121527feefb57cbf533c2c657a0e24a3a97
- SHA256
  
  63a3195e1667720b6594879359e665c4092a08cdb16d18cecfbe1887f8a9d47b
- SHA512
  
  3f9e852f0fa28a74d057d2050d782c40e2b3482a902a059c97ca0effcde754b5bcff7f6802a77f03aca05240a3de3db9fd4db505160b024d4446f071d7116cdf
- SSDEEP
  
  98304:5vG4NNeG4n3K1PFsCY/3T3xAn8bgtvI2BIT3XAR9Hn:VNE3K19Is+2BITgz
Score

1^/10
behavioral9
- Target
  
  tor-browser/Browser/abicheck
- Size
  
  16KB
- MD5
  
  04dfa0ff3dd0fbbf0cf5c5f2d03de0cd
- SHA1
  
  07d3ff43acd4ce15871d3c29fe871477dcec7673
- SHA256
  
  c4d2f556813cb3087571facb79a528d144d9354944fb6d1ac336b1215b64c73e
- SHA512
  
  d52bcc9d0131cfe623bfc975ecabdfe52b5f492a498d7fa8023be357405bc48e1bcf02cb159e116fc337b01b091bb9de57e30ff7777779cce424322005215914
- SSDEEP
  
  96:GH06TuHy5yLof6Vqi32JHbrl+MRrfO9cScqIw7/seaOUH9qjJMxH+:G3wy5yLoiJ3urAkGc6Q+89q
Score

1^/10
behavioral10
- Target
  
  tor-browser/Browser/defaults/pref/channel-prefs.js
- Size
  
  429B
- MD5
  
  3d84d108d421f30fb3c5ef2536d2a3eb
- SHA1
  
  0f3b02737462227a9b9e471f075357c9112f0a68
- SHA256
  
  7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b
- SHA512
  
  76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5
Score

7^/10

antivm
- Changes its process name
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
behavioral11 behavioral12 behavioral13 behavioral14
- Target
  
  tor-browser/Browser/execdesktop
- Size
  
  287B
- MD5
  
  d1fb113a0486cb6be13ea671713d547a
- SHA1
  
  080c882bfac31295e011c2420dd23283d8bdc577
- SHA256
  
  a73cbc88bd98e5132bc0bd7af3617309a0ea889c2aac831fbe8f3956e5e979ee
- SHA512
  
  6340c593b1142218b9a0011646089ed3b51546e0f4bb88b3993af32ea33c0e6e600c44f9d10205727ae606dc382c842a20c80a13db43c9b71796ece8145a6122
Score

3^/10
behavioral15 behavioral16 behavioral17 behavioral18
- Target
  
  tor-browser/Browser/firefox
- Size
  
  524B
- MD5
  
  fb1c642f367532e02ccb42e0cf946414
- SHA1
  
  9ea6a3cb6a1cbe57d0190b8066159747ceadc43f
- SHA256
  
  25d3a6874e9d7db8134d8bf11adde4c687aea636a0a6eaf68ec46293424ffd58
- SHA512
  
  090e72a87db78bcce89e1b3af1816e18a0c447509482de5d92d36a49c471df9b5662bb0b3ee73563f39c6a62dbf0572d1c769ed060e8ed14347e77c6766df42e
Score

1^/10
behavioral19 behavioral20 behavioral21 behavioral22
- Target
  
  tor-browser/Browser/firefox.real
- Size
  
  778KB
- MD5
  
  3223ee1064196ff5e6e44ebd8f3dfff5
- SHA1
  
  9943dda2703ae047a04df5f729e66bd2c55801f0
- SHA256
  
  9c98a2709d8f58077e93d8c32f3bffaefcd79805f4857fdc8e1825d29d9d8bef
- SHA512
  
  5f4ced16c76b5d576e544f64114287a221afe3ea5d601b7de060fd1d0d076d870e3f86dcbf81984a5196552db257e8d85dbd5d4c51ea17c0e1ea514b969bacbc
- SSDEEP
  
  24576:0R79aXeEIUtyItNV/9ICumB2r6ZlUBCYEF8/RFb7hp:0RBaX5Bykf/9ICPfUsYEF8/RFb7
Score

3^/10
behavioral23
- Target
  
  tor-browser/Browser/fonts/NotoSansNKo-Regular.ttf
- Size
  
  38KB
- MD5
  
  675a36c0b084fd16c8a0c466da26df2f
- SHA1
  
  08cb816c2d82646eb012477ca9180a9ccbe94f10
- SHA256
  
  c756efb2c40f754107d76fa4e401fc3b8b7edec5cc65db549d3d0236ac6d08a1
- SHA512
  
  685ac3f7e308a1d32f0bae0571378897b2b59a56da8c871d90bd568ccacbfc3d58976f33e6e3dad23e9473c6d7bf38465f257ae8824b6cc57585b769015b8508
- SSDEEP
  
  768:Fzr0MfLbiEt/HoF4ssQiwNgJ3I/R6oBWmQYYY5iH95ETFsQPRzT9xFFrDW/iSD5:RNfL3+F4+gJ26oPQYYY5iH95EB5VFBaV
Score

1^/10
behavioral24 behavioral25 behavioral26 behavioral27
- Target
  
  tor-browser/Browser/libfreeblpriv3.so
- Size
  
  766KB
- MD5
  
  6a8d2a4d4d9fe7090f49c4e701c09d0b
- SHA1
  
  b54d612a2179f03d917048f75ec5acca0f70ec7f
- SHA256
  
  fa06469bdba6b6f6bfbdfe9a5782142f2e29530ed96d1140dfe935cde3b0c5a1
- SHA512
  
  b79b9044976ed150986f571f893aced3ddee87289e4882b2cd393b4b7c610f09b1256be4949002f50e3e9214b54e446348dfea0ee6d11493bff7bf05ca90d4fe
- SSDEEP
  
  12288:WYOJEvt6QwB44r0yJtWSyOYoAuoioNVcrOMtBUyZEoqnh5u:32EklAOYojoioNVsOSayb+hA
Score

1^/10
behavioral28
- Target
  
  tor-browser/Browser/libipcclientcerts.so
- Size
  
  343KB
- MD5
  
  accbad9d4b6a33f3aa049485b2a635ce
- SHA1
  
  1840c18e0fe3b3d820101a611633fedc794889c1
- SHA256
  
  e2f007624bca4c23abaecf051cfeb9fde76a69293c07a7d8a577f7a43d09225f
- SHA512
  
  61692964e1b75a7b52b2dc110f2838a08678ff07ad622ea1a7547b802cc50e0783666d670ad7196855858bd4e3fc96c89ad2057cd31937c918224477217bbbd8
- SSDEEP
  
  6144:US9+MhMmkU8jB7kG/0/HVzvPFQ9p6UTJoPjmsBfjigIViQL2gbR:US9Z8f4VhQ0jmAig3Q3
Score

1^/10
behavioral29
- Target
  
  tor-browser/Browser/liblgpllibs.so
- Size
  
  42KB
- MD5
  
  a713109fbe533cfccf9dfcb81181d863
- SHA1
  
  71380566701d7f4beec26109acd0d41712f51e26
- SHA256
  
  e1916858ec2728203da8bfad30e16ee056107de6a3858e7b630acef778affea0
- SHA512
  
  11ebd4bc5da94245e3cd515e672746d7cf0439b9a5efe701566f7f80bce1e8b3c9f057698694a3d9e7ffb72b102a7d8f1e5634f98b1231b7819f4208558c6baa
- SSDEEP
  
  768:tOZTr8uDYNMvtnAsm0ey7MGb0cFeFEAX8nPgO+8i61irDWoz:tOljDOMvNO01KHFEhgO+CODWoz
Score

1^/10
behavioral30
- Target
  
  tor-browser/Browser/libmozavutil.so
- Size
  
  254KB
- MD5
  
  5ca72148013f0f513a38d6314d3ea8b9
- SHA1
  
  ff96a8408addd01985daa76654ebc59f60f08998
- SHA256
  
  44f3d6e2e3999f63e1f6199db31d1e3c8cad6cfaa185e6ffa24c76e13b4d2513
- SHA512
  
  5968f982acabfcc97d7324e830ae6bbc00a332affa63d10e11a8e9b363394bbfec714db75f79874755f37e5c0e6d4676c09d79bb086622fa0f697fb621b734b6
- SSDEEP
  
  6144:X9d2r4f57fWViBj+Z+Mv1oB3l0ctYqsGQTudhVGHB56fI:Nd2r4f57fWVt+MtoBNhw0
Score

1^/10
behavioral31
- Target
  
  tor-browser/Browser/libmozsandbox.so
- Size
  
  174KB
- MD5
  
  4706b2913e997f40da142f6988b69646
- SHA1
  
  b4ba53260220ee694cb029438a7dbff909550a8c
- SHA256
  
  cfc9576b64ed5a0e9d3ce436b6df82e024652665b12d315050bfc558c03c85d1
- SHA512
  
  75e3af4cd00397867eaf2592ad7680d2bb147d196e48776c19b295d6b11121ed272ad4179e8fe7fcab473c134110e980b9ccc0b8c224ed89781f69fd492a9330
- SSDEEP
  
  3072:T33evfNPTl3/MfSS2eX3BZP/pPPotASL:TnevfNRPw+L
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Changes its process name

Checks CPU configuration

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32