Overview

overview

7

Static

static

3

55589f0ba3...49.exe

windows7-x64

7

55589f0ba3...49.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/Mp3T...le.exe

windows7-x64

7

$TEMP/Mp3T...le.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/mp3t...up.exe

windows7-x64

7

$TEMP/mp3t...up.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Mp3TubeDownloader.exe

windows7-x64

1

Mp3TubeDownloader.exe

windows10-2004-x64

1

Mp3TubeDow...vc.exe

windows7-x64

1

Mp3TubeDow...vc.exe

windows10-2004-x64

1

mp3tubedow...tb.dll

windows7-x64

1

mp3tubedow...tb.dll

windows10-2004-x64

1

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

xpi/chrome...nts.js

windows7-x64

1

xpi/chrome...nts.js

windows10-2004-x64

1

xpi/chrome...deo.js

windows7-x64

1

xpi/chrome...deo.js

windows10-2004-x64

1

xpi/chrome...dlg.js

windows7-x64

1

xpi/chrome...dlg.js

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    55589f0ba31caeb1506b805768840749

  • Size

    1.5MB

  • Sample

    240112-dv16aadffq

  • MD5

    55589f0ba31caeb1506b805768840749

  • SHA1

    be7a0fa20dec57b9b94efb533e23a513547e3981

  • SHA256

    aec7d3254663753493cc816f6064fd39c6eaa477e9fe1af715480c4c2aee8112

  • SHA512

    a6484eeb0eeadd1e16f1ddd33e130f7a8194da2a68236d6178f5bb404fdc45b2e2fc6c615e045d10c013d9d9a745beebc1cfe70d78b3c9724d397849cbe47078

  • SSDEEP

    49152:68Gl0svU8HLuBX2sdu7c/WJdHhZZ39MT4Xq:68Y0svHLuBX2SuY/WJ5t3924Xq

Score
7/10
adwarediscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      55589f0ba31caeb1506b805768840749

    • Size

      1.5MB

    • MD5

      55589f0ba31caeb1506b805768840749

    • SHA1

      be7a0fa20dec57b9b94efb533e23a513547e3981

    • SHA256

      aec7d3254663753493cc816f6064fd39c6eaa477e9fe1af715480c4c2aee8112

    • SHA512

      a6484eeb0eeadd1e16f1ddd33e130f7a8194da2a68236d6178f5bb404fdc45b2e2fc6c615e045d10c013d9d9a745beebc1cfe70d78b3c9724d397849cbe47078

    • SSDEEP

      49152:68Gl0svU8HLuBX2sdu7c/WJdHhZZ39MT4Xq:68Y0svHLuBX2SuY/WJ5t3924Xq

    Score
    7/10
    adwarediscoverypersistencespywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      13KB

    • MD5

      d765c492c21689e3d9d61634371fd861

    • SHA1

      ac200933671ae52c9d5544d0e2e8e9144d286c83

    • SHA256

      551e6042dd494ea01549555ffc194ab9729da09058ec714eb368dd06642c9bbc

    • SHA512

      9919a9e848c8f1e26c75d0d29207571e4b86a4140bd554743d2c1f8bd7f386fe4919345b163d89a5d907fb165e435ba0ac5f6b1101713636141f156a420e2e0f

    • SSDEEP

      192:9B6RvrfvOuJQDghBy/X7QKq3TLGciZJf0EzWzMnz6WoF1dBs:v6RrviWaX7eiZJ7nz6bB

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      fe24766ba314f620d57d0cf7339103c0

    • SHA1

      8641545f03f03ff07485d6ec4d7b41cbb898c269

    • SHA256

      802ef71440f662f456bed6283a5ff78066af016897fe6bfd29cac6edc2967bbd

    • SHA512

      60d36959895cebf29c4e7713e6d414980139c7aa4ed1c8c96fefb672c1263af0ce909fb409534355895649c0e8056635112efb0da2ba05694446aec2ca77e2e3

    • SSDEEP

      192:rO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1aMBgMO:yKAFERdlxhGRYUzqZaMB

    Score
    3/10
    behavioral5behavioral6

    • Target

      $TEMP/Mp3TubeDownloaderBundle.exe

    • Size

      572KB

    • MD5

      98a4cfde210e294d92fcdc2e5d9aae07

    • SHA1

      4fe27e06393258b9beaf333ecc641aa43c822d08

    • SHA256

      bf6511cbeba8f982d61ada3bc262ddec737ea484eb6734108df71d2881d346c4

    • SHA512

      653e229efbe872fe929c7c429f629446cc362ec45b56c90b7dcd4e002b9f9d35047a8073f47b7736bc2d2a15c4dbde5382fec02054807cdb28ecb90ada9eeacd

    • SSDEEP

      12288:UyZxV60PFOBUq/DV4IIw0SzIOFCE0cBBRtPF1sh6h2480KRzRK9:UP0CxDKw0jE0cBBRlTh248hzRK9

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      13KB

    • MD5

      d765c492c21689e3d9d61634371fd861

    • SHA1

      ac200933671ae52c9d5544d0e2e8e9144d286c83

    • SHA256

      551e6042dd494ea01549555ffc194ab9729da09058ec714eb368dd06642c9bbc

    • SHA512

      9919a9e848c8f1e26c75d0d29207571e4b86a4140bd554743d2c1f8bd7f386fe4919345b163d89a5d907fb165e435ba0ac5f6b1101713636141f156a420e2e0f

    • SSDEEP

      192:9B6RvrfvOuJQDghBy/X7QKq3TLGciZJf0EzWzMnz6WoF1dBs:v6RrviWaX7eiZJ7nz6bB

    Score
    3/10
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      fe24766ba314f620d57d0cf7339103c0

    • SHA1

      8641545f03f03ff07485d6ec4d7b41cbb898c269

    • SHA256

      802ef71440f662f456bed6283a5ff78066af016897fe6bfd29cac6edc2967bbd

    • SHA512

      60d36959895cebf29c4e7713e6d414980139c7aa4ed1c8c96fefb672c1263af0ce909fb409534355895649c0e8056635112efb0da2ba05694446aec2ca77e2e3

    • SSDEEP

      192:rO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1aMBgMO:yKAFERdlxhGRYUzqZaMB

    Score
    3/10
    behavioral11behavioral12

    • Target

      $TEMP/mp3tubedownloader-tb-setup.exe

    • Size

      522KB

    • MD5

      7527ab5ac2c6e787c4e3f2aa3b18ccc0

    • SHA1

      a8592be06f5bb8e46b143d13ea3b10762e85e6de

    • SHA256

      7e29d985209500f030d5ce5fe6a2c4ab2229d42eadee1b7fb66953967aecd911

    • SHA512

      2025878ea1f605a1da0d798992d820ba27d528f8dc4427f903a2e9c2d3c54a464dd69fe674c6f7b9efdb814f1de0119e61d9bbe650918134d4e38f55c7fdbd96

    • SSDEEP

      12288:ITjIznvFsLpsTreHcJ8CFfGPDKRU+S+3HtqQ0AS3:I6NfNo4USPjS3

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      fe24766ba314f620d57d0cf7339103c0

    • SHA1

      8641545f03f03ff07485d6ec4d7b41cbb898c269

    • SHA256

      802ef71440f662f456bed6283a5ff78066af016897fe6bfd29cac6edc2967bbd

    • SHA512

      60d36959895cebf29c4e7713e6d414980139c7aa4ed1c8c96fefb672c1263af0ce909fb409534355895649c0e8056635112efb0da2ba05694446aec2ca77e2e3

    • SSDEEP

      192:rO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1aMBgMO:yKAFERdlxhGRYUzqZaMB

    Score
    3/10
    behavioral15behavioral16

    • Target

      Mp3TubeDownloader.exe

    • Size

      180KB

    • MD5

      717a59b3e58b0bf9cd39a2f00f370546

    • SHA1

      8850091309e738bc9b4ad16381c27c40152c367b

    • SHA256

      602a0eb7be172180979c197b0340d278bf5494cea7d5e41b9802e721c98d8360

    • SHA512

      4ee1857a214caad7dbaa85d50c5c34f5111b474c89100282ad5f5eebe141c3cb057e0bee815b6dfd5f35e441b22cb7421fe18d4600ad9e0a672482ac978fed16

    • SSDEEP

      1536:F5cFxVTGI06uOLCxjnYrhj+YghNb/LeKEs/F/O81bvKLaQc85kilvEksp6IGkM:FOxVGXJxD1h9RU81bvNX859Gksp6IGk

    Score
    1/10
    behavioral17behavioral18

    • Target

      Mp3TubeDownloaderSvc.exe

    • Size

      156KB

    • MD5

      ecaf84c10b0f4e12a3f2108b83ae8557

    • SHA1

      4f42ed7e1db1610f886385ec82147e5e2eaccb4b

    • SHA256

      41d8e857e83a4c2d4ecbf75f3b759bf7cef858362dca0558f3b65262aa89eb30

    • SHA512

      e5c56216be01696519cb058158276d671066bf6fd445faa83b6b26fa2b7b710a4c3675daea716e05660fc7adc469fc7df07edcf9a309cfa7c87412b33622fe09

    • SSDEEP

      3072:ByiemTBX4fpgtysBLFYH08wZEVxA52zb5:0ielfivLF6wWfzt

    Score
    1/10
    behavioral19behavioral20

    • Target

      mp3tubedownloadertb.dll

    • Size

      928KB

    • MD5

      cfcf25f560bf3fd86d7a7c78e12967d2

    • SHA1

      d95569828f4e1d14f14aedeebd486d968a9152b8

    • SHA256

      d0ad885cf83a5c72143c85d45edd2847cfaf6a67d023208b8eebd662db5212cd

    • SHA512

      a28907c0a1feffce4e3751a06580510202148ee58093bb2da3c2712f19b561fc830f9783482124059647bf1a6c11f5ce5df5d1ab1486c909bc12405d17528921

    • SSDEEP

      12288:bfjUfrqhZXGk1kNWbeJGKaA3nXucW07M9wc0dAOMLJyLRQCeVBNWpYmYgFkiQi91:bYfWXG5F/CfIAOMELi1NWpYmL9

    Score
    1/10
    behavioral21behavioral22

    • Target

      uninstall.exe

    • Size

      54KB

    • MD5

      600b5a3a286c931f5e9394065bea94af

    • SHA1

      da97ebb6ca80d8a1d5be04f0a8c5142ded6abce9

    • SHA256

      5167be3ce947f785fa1989b011e72ecedae41ae2314d24052922e6e9143a3e84

    • SHA512

      de0713964dfe5f057dd5dfaec69bf0eda11e365f72aa63f6fd8f8845c096236056991c22e76cc22bbe2800b5a4d97a180f121b01edd207eed002e39983bad15b

    • SSDEEP

      768:x2gF2QptPs4BBNsZZ1x/mWX6Vz5FiqeWkJn+eJRn5Am6kRRJ2iZ3igJjDe/09KtF:M42cPHBg5mVXkJ+qAELVigJgkU

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral23behavioral24

    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      fe24766ba314f620d57d0cf7339103c0

    • SHA1

      8641545f03f03ff07485d6ec4d7b41cbb898c269

    • SHA256

      802ef71440f662f456bed6283a5ff78066af016897fe6bfd29cac6edc2967bbd

    • SHA512

      60d36959895cebf29c4e7713e6d414980139c7aa4ed1c8c96fefb672c1263af0ce909fb409534355895649c0e8056635112efb0da2ba05694446aec2ca77e2e3

    • SSDEEP

      192:rO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1aMBgMO:yKAFERdlxhGRYUzqZaMB

    Score
    3/10
    behavioral25behavioral26

    • Target

      xpi/chrome/content/constants.js

    • Size

      6KB

    • MD5

      d1c582a69b4e8730f2330ef8f5fb3017

    • SHA1

      fceccd619d302e043d077a56e3a12943e9fb8c60

    • SHA256

      592aaeedf6991678d0621d724d9c39393a4040f054ebeee5729b8924945079aa

    • SHA512

      67178c4266ed9a69295d32e04f82dd8d8b9cab72c6b89624af7366173b7e106470f8cc40eb2fe0b884937fb068b618b04af03f01faaee5e868daf5429bf78c76

    • SSDEEP

      192:AOr8HTaTzW8hi6jna/UysHRj7lm57cfFEW1y:1hwHs9gtcfxE

    Score
    1/10
    behavioral27behavioral28

    • Target

      xpi/chrome/content/convertvideo.js

    • Size

      702B

    • MD5

      ea3bfa856662594d107be2549029e033

    • SHA1

      af2639e75f3e9cf17d0623bc0afc5366d6f8b15e

    • SHA256

      fdafa6079283145aea54bb062faac049014e0c750591841967e5bc86f20ed634

    • SHA512

      d3aaf3ed829dd78ae82d210ab1af175eae182ca3cdbcb0297a005fd59a0fca9b8743b56545b83de0fa36da2267de0114ec97adc0bb0971f3bc066fcb439b5f47

    Score
    1/10
    behavioral29behavioral30

    • Target

      xpi/chrome/content/convertvideodlg.js

    • Size

      15KB

    • MD5

      fbf8b8989cc2107b3d2b9b45f869c2a0

    • SHA1

      a89a19eb48afde1428a38333749385b5bfa9aa63

    • SHA256

      92aa3fa47817efe57d4b97f7458660f39f169388b5951ee3e7a0d804b5a1725e

    • SHA512

      8081be4be00ba4104f9b281cc3646da3c051d0c8c56a8fb0126d2fe0032ff6fd80ffcb7f31c53298db4f08c1f4be1c1dae74bcf6da1153c7febba7109f8ee1e9

    • SSDEEP

      384:rWgvMxYTsfunmX38zTo+Jh9UX4XmJ2a1jayWK99DLGo2iONtC24S46:rWgvMxYoumnkNh9JXmxjayW6L92iONwO

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

adwarediscoverypersistencespywarestealer
Score
7/10

behavioral2

Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

discovery
Score
7/10

behavioral8

discovery
Score
7/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

discovery
Score
7/10

behavioral14

discovery
Score
7/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
7/10

behavioral24

Score
7/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10