bacf1ae72d809382dc9ceba302a3f1fc91542620767e9d34e5caab2a2619e133

Sharing

Copy URL

Twitter E-mail

General

Target

5c476b47ecc73dbd3412c5d37676f6f9
Size

2.5MB
Sample

240115-gdt77abdb3
MD5

5c476b47ecc73dbd3412c5d37676f6f9
SHA1

5c5bb58226cc903fb5b230d2fe0359f017dd1772
SHA256

bacf1ae72d809382dc9ceba302a3f1fc91542620767e9d34e5caab2a2619e133
SHA512

f713ee497720206a33880186fef7eec169911b258c052b7b9e0e4b3a9f259e0ed4ebf4f4249449b7068870ea167fb5558287c88136a9bdd6a1655e98fec76f1a
SSDEEP

49152:j0Ii8g9VPJlLQBkK8q3ws6krWiSERpTT8TnrKPMaU9R0Q02p+4:wIi8g9BMBLVWixrsTOvIJ

Score

7^/10

Malware Config

Targets

- Target
  
  5c476b47ecc73dbd3412c5d37676f6f9
- Size
  
  2.5MB
- MD5
  
  5c476b47ecc73dbd3412c5d37676f6f9
- SHA1
  
  5c5bb58226cc903fb5b230d2fe0359f017dd1772
- SHA256
  
  bacf1ae72d809382dc9ceba302a3f1fc91542620767e9d34e5caab2a2619e133
- SHA512
  
  f713ee497720206a33880186fef7eec169911b258c052b7b9e0e4b3a9f259e0ed4ebf4f4249449b7068870ea167fb5558287c88136a9bdd6a1655e98fec76f1a
- SSDEEP
  
  49152:j0Ii8g9VPJlLQBkK8q3ws6krWiSERpTT8TnrKPMaU9R0Q02p+4:wIi8g9BMBLVWixrsTOvIJ
Score

7^/10

upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $TEMP/TeamViewer/Version5/TeamViewer_.exe
- Size
  
  2.4MB
- MD5
  
  5fdc7abc293f55b307c52c927c726948
- SHA1
  
  f469b3103a64d0c694f16f85ee62e0d7efdf60de
- SHA256
  
  8928ae4aa22a26e9cefa9e1e1f046f02b0e8e49830b4c7a3eff6f39a8a09963f
- SHA512
  
  9670700c04d0400643fbbf387c6f92bf02cfe1f890f9ddd1746d7ff1611a0c8da5c7d3bf75ff71578262caf731751a4a40d216ddd7d96615218f0896096121ab
- SSDEEP
  
  49152:v0Ii8g9VPJlLQBkK8q3ws6krWiSERpTT8TnrKPMaU9R0Q02p+o:sIi8g9BMBLVWixrsTOvIV
Score

7^/10

upx
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/AccessControl.dll
- Size
  
  9KB
- MD5
  
  15a0c55e77f3028bf9a621a80f45c39a
- SHA1
  
  66b62493ae4d8ea2e72da262f407a25c33afd586
- SHA256
  
  f75be8f7d39dcbeeb07e772a842dd26ad72e38e106f1cb4179daf738ac634d7a
- SHA512
  
  6e681d82e125488b3863a3962d49ee7ea15a866ff4c9853201bd9deaed04c13f6482f31f7d84b67f7a993f232bac25867799fd0207d99a8dd8f8f5ac349279f4
- SSDEEP
  
  96:LoolSAhQXvE2++443oyasVAaY4ZSTJdyJal6NHuekueGuXcolEspBh+p:MolSAhQXS43oyixZTJdyIl6NHXkXGGc
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/Base64.dll
- Size
  
  3KB
- MD5
  
  5cd56a89f090c3dd0b4d98dfeb3b648d
- SHA1
  
  7c1a2a72cdd2f13bd095a4d2eda6b3a9806e7334
- SHA256
  
  71d1f1bdaaf23618aa36f6e648b35aada1dc6f1ad0eaf8570cdab5f26d8601a9
- SHA512
  
  e69a2eb5e8d21da58478fe99ee86341a735bdc3ee05caeb05ae388e9f82f4f577cb687381dc64060cffc6fe5b835a6c104b06b8d6dcc19337cdc48f1a69927ae
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  0dc0cc7a6d9db685bf05a7e5f3ea4781
- SHA1
  
  5d8b6268eeec9d8d904bc9d988a4b588b392213f
- SHA256
  
  8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
- SHA512
  
  814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
- SSDEEP
  
  192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/SimpleSC.dll
- Size
  
  48KB
- MD5
  
  72b95a219d2525f9b1c2213ab9b8556c
- SHA1
  
  de5b369a18b8701ebb6852d3a4b0d55213f789e8
- SHA256
  
  0b6b5ef0835c570c4330e597eebfa00c2a13d4c5f043283b604e585fdaea6b4e
- SHA512
  
  2e31684638d136049c89cecee7a86360933845a0f115f145150b31a144bdd2b621d779392e14b0504e40c19a0c8e23a50f8b3534bc002b12150aa6cf12696596
- SSDEEP
  
  768:AutqkcrJvsz+w+S9CoMY7If7gQ1To2rIF/wYpyFmQAw1+04VtD//1GV4MCR:rtqkcrJvsRLMYcb1nYpyoLOwCmMCR
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  4e96f412a8cc653053d5d918df6b0836
- SHA1
  
  a3c7d59043feecb1603874b27c23d4166b341f2d
- SHA256
  
  e4a54bfc327986a89165bdef361069810aaa985c3abecd442c786725fabaf977
- SHA512
  
  2fec61b4ad31250bdbdbbfd551d831801790b96902c67200661e8f4f2753378bbf6c0c88b12e1be9173a29597827c1c4809511b6d52666dc3324bd7031c8229d
- SSDEEP
  
  96:IiqA7bDe2xHkR1C41EhvSE+6nNtMn0iGd8CqRLqtJ1trRhElfL:IiqA7/ZH0uQMtcfCqo/tdgf
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  00a0194c20ee912257df53bfe258ee4a
- SHA1
  
  d7b4e319bc5119024690dc8230b9cc919b1b86b2
- SHA256
  
  dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
- SHA512
  
  3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/TvGetVersion.dll
- Size
  
  13KB
- MD5
  
  eb062eb8b2c498c03b1542ccde87ad90
- SHA1
  
  44432fa3d16baa6bd5243fab7187204d4c0a2166
- SHA256
  
  81888a1166ae594aef28084d00c5d59e899e8f0b6bc632f99df08fba3ad77c3b
- SHA512
  
  e21af0d46cb71ecbe764915fc9ef67ebbe3c0dd428b4816adb7e966aafb761aa72248a21392236bf4ce068be855e9a43f3ccf96db612edef3cb17e1a10afe4e1
- SSDEEP
  
  192:fpwWuq7+HhyNKj5vmoOjWZeQw4y/TiBkRPrWR+WmPUkl6RyBi46AQuibi:fpzuqkyERK7QwfSgj+mPrHBi46AQuib
Score

3^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  17KB
- MD5
  
  88ad3fd90fc52ac3ee0441a38400a384
- SHA1
  
  08bc9e1f5951b54126b5c3c769e3eaed42f3d10b
- SHA256
  
  e58884695378cf02715373928bb8ade270baf03144369463f505c3b3808cbc42
- SHA512
  
  359496f571e6fa2ec4c5ab5bd1d35d1330586f624228713ae55c65a69e07d8623022ef54337c22c3aab558a9b74d9977c8436f5fea4194899d9ef3ffd74e7dbb
- SSDEEP
  
  384:59TzaeW+WyB8c7LX+OGkrwWvVrkUiEMAWm5nskAvXkq:5ZaB+W62Mr5vGUiEum5sk
Score

3^/10
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  1e8e11f465afdabe97f529705786b368
- SHA1
  
  ea42bed65df6618c5f5648567d81f3935e70a2a0
- SHA256
  
  7d099352c82612ab27ddfd7310c1aa049b58128fb04ea6ea55816a40a6f6487b
- SHA512
  
  16566a8c1738e26962139aae893629098dc759e4ac87df3e8eb9819df4e0e422421836bb1e4240377e00fb2f4408ce40f40eee413d0f6dd2f3a4e27a52d49a0b
Score

3^/10
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  e54eb27fb5048964e8d1ec7a1f72334b
- SHA1
  
  2b76d7aedafd724de96532b00fbc6c7c370e4609
- SHA256
  
  ff00f5f7b8d6ca6a79aebd08f9625a5579affcd09f3a25fdf728a7942527a824
- SHA512
  
  c9ddd19484a6218f926295a88f8776aff6c0a98565714290485f9b3b53e7b673724946defed0207064d6ab0b1baa7cb3477952f61dbe22947238d3f5802fa4f4
- SSDEEP
  
  96:57GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgN532E:VKgfwgcr8zylsB49Ud0qJVgNQ
Score

3^/10
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/nsisFirewall.dll
- Size
  
  8KB
- MD5
  
  69f2e8c6fd141e9e720b2c4c366a8154
- SHA1
  
  a6279d93a102b6d7608dced32a36ddcd3e51994c
- SHA256
  
  2e204ee4f1d12b4ca35c8205cea0cabe354f2e79a471863cfb76a7cee83cf107
- SHA512
  
  bf23a5f3ce98e6a1c04fe8ae6b6f385483ceed62470cd109017c97f37c23adbf0203bfb43d09b007c6925aeb5da9617f33bc5c478618f00cc91da83a48cacaf2
- SSDEEP
  
  96:KCQjg8aCpUcmloiwmXaYY8NVxIYn69TEdUc1ND0RrXQAcuAtoFrJxalMu2k:KCQPeip58NjMNWND0RrXYuAWkM
Score

3^/10
behavioral25 behavioral26
- Target
  
  $PROGRAMFILES/TeamViewer/Version5/SAS.exe
- Size
  
  62KB
- MD5
  
  bfd3bcb57d73e8a6c645c3f810f5680f
- SHA1
  
  1469865bb9a625b9aca886cb5328a5abd25ef890
- SHA256
  
  673126754a5faa4870554bb741b19c043bc9c17bcd842945206d475da31f2f9e
- SHA512
  
  e1c8a3fff4a8507e78349098fe3590f3ffb57221edd96bb0aea24c198dbb6f1a57a9370df2a6aacb45eb6380401b92f885123bf759ca0dbbede4e34d8cecdea0
- SSDEEP
  
  1536:obtBmzFCBgjTbs5S5MhpBoSFkBKstOCtp8mHs:ob6TbE4KsoCtp8V
Score

1^/10
behavioral27 behavioral28
- Target
  
  $TEMP/TeamViewer/Version5/TV.dll
- Size
  
  101KB
- MD5
  
  0023fd164efd7c7154313ed57295f86e
- SHA1
  
  a619e54451f8bb7e41fb2cb88e33fcaf2263b0d0
- SHA256
  
  604dde7ab970bd51b7703fdbc313a6d260e4797c3efbe9d9078141f5f93af954
- SHA512
  
  b4f5ac5d8dc1b76dfc1235b3d3a22e8b84d1e55b5ac5eccb788a7f8400658074c250526faefb58b42baf4dce3c7017835ae33b9d27edebf24460da9b57c32312
- SSDEEP
  
  768:gLIdQErfBiOVZUGpKxUxQgKbnlOGGJNFz5qpfOdsRn03ltW5lYNL/beFXE:zdjgOVZUATlRJ78JOdSsltSlYNHWE
Score

3^/10
behavioral29 behavioral30
- Target
  
  $TEMP/TeamViewer/Version5/TeamViewer.exe
- Size
  
  4.8MB
- MD5
  
  163d51041a322b849ce16c2c019d8335
- SHA1
  
  4b1458abe96fd493dcebd1cf7831ba9f28d6c7f4
- SHA256
  
  e6279ef293ac389c7d0f91f529d70c601aa30fb5f1c88b14715347b2be1caf18
- SHA512
  
  b9195ccf9781a795eb114fa9f65c89f4d68d8a6d9aadc2e89086d0f31a097167c7d91a1b6467abf5409c4896f49e68cc45656061cb0ee9f38c0bff75925e54cf
- SSDEEP
  
  98304:VAj+gvcIommkHwzP7qXDbd3yjpiuxbrOTMklzuZknEX0lvY5jq18ne5QV+3u:VAq2cIomZQzzqV3yliuxm/MKE8vYT
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

Loads dropped DLL

UPX packed file

Checks computer location settings

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32