cc3fbfa0fa74fbc726e44e82698122ef072faba171c51b65c769b79b359d6790

Sharing

Copy URL

Twitter E-mail

General

Target

7b6e0e0a9844777fe52da9bd0a573d92
Size

6.0MB
Sample

240127-18wjaafbgl
MD5

7b6e0e0a9844777fe52da9bd0a573d92
SHA1

b90f07023d59162dc7b895159b909d5828c8f9f6
SHA256

cc3fbfa0fa74fbc726e44e82698122ef072faba171c51b65c769b79b359d6790
SHA512

db17c6846ed13ed09548b749b1955d5ba4da5219c175a29e24398ab45551f4c1a61671a2d337b37a4d01a95f221922391170df424068f2199136db33089af109
SSDEEP

98304:SqpDdk/EqH7oDhQbi7sR56jFh1jfXs/C7rMp/X3cweoVOo5de0/xTdX3Vf:3pDfqHR75ShlfXSCE/XLeTMrxD

Score

7^/10

Malware Config

Targets

- Target
  
  7b6e0e0a9844777fe52da9bd0a573d92
- Size
  
  6.0MB
- MD5
  
  7b6e0e0a9844777fe52da9bd0a573d92
- SHA1
  
  b90f07023d59162dc7b895159b909d5828c8f9f6
- SHA256
  
  cc3fbfa0fa74fbc726e44e82698122ef072faba171c51b65c769b79b359d6790
- SHA512
  
  db17c6846ed13ed09548b749b1955d5ba4da5219c175a29e24398ab45551f4c1a61671a2d337b37a4d01a95f221922391170df424068f2199136db33089af109
- SSDEEP
  
  98304:SqpDdk/EqH7oDhQbi7sR56jFh1jfXs/C7rMp/X3cweoVOo5de0/xTdX3Vf:3pDfqHR75ShlfXSCE/XLeTMrxD
Score

7^/10

discovery evasion persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $TEMP/DSCToolkitV30.dll
- Size
  
  523KB
- MD5
  
  ccc5d0b6e91cc62f7857e5c28141a358
- SHA1
  
  aed5988a711766179005ec879994125106299906
- SHA256
  
  3a56c27d13c0ed55fa43b78911d990bdbd156eea80793a72590ea5a8a05c9a21
- SHA512
  
  0e7eb2604e412e606518f2461d0c6ff3ad282299fa1406defc10d587a58ba45e11ff13028c744e485afa12b644dc75a43885d3c44cd2f77abaab6865c06e012e
- SSDEEP
  
  12288:iujjhvb42ef54T3qPoI5S97jBXnRRx1fw46PdM0yT:igNbIu3ww7lXnRRff2BO
Score

3^/10
behavioral3 behavioral4
- Target
  
  $TEMP/DSCertEx.dll
- Size
  
  259KB
- MD5
  
  852574cda2b18627836bc6e599eaf596
- SHA1
  
  407ae83340bf33855bcb49970b2e4ff371749875
- SHA256
  
  2b5b3d7e6101bdf1ed434574fe48911ce0d48a3805f832c89601d0d2ad51dea8
- SHA512
  
  c1fd37f334ead24dcaa46b78470581e6185f14d479d12b4c6e829fcf55fcedbf6827f778d7160b314838ae865e184201c4d0b444b7efba2abcdb438ada98ab1a
- SSDEEP
  
  6144:b1l2mziGWXN4j9t7Fc9+7guYsF7N+P3nlqp:bOmziHN4hPOEf6lA
Score

1^/10
behavioral5 behavioral6
- Target
  
  $TEMP/MobileCertWin32.dll
- Size
  
  525KB
- MD5
  
  d30b8502aacf89aa5ab0cf1b24d55f11
- SHA1
  
  a7937ae4489aea3f3d19c1c04ad530c91db015f2
- SHA256
  
  7a617bc84155a4530bdd5d0a4e66f24d1b72e80b25080ae588ab7eeb56c64266
- SHA512
  
  b232cfe89f9e5f78c42dc7f5ea65b2a5767f50cb7f4450de739a110f97fec5e85dfffd33020355f6f2e99776c06f8fad41a700b2969e7d43a1921229ba693e8a
- SSDEEP
  
  3072:WlRrEUczk3fsF9Nn3ZknBNAjhKmsy8zP0Kss2GufKNQxJgKWJw+Znoi+pes92pkO:WlRreF/gag6IhQ8lP+pes92qG+wK7IB
Score

3^/10
behavioral7 behavioral8
- Target
  
  $TEMP/NFilterOpenWeb.dll
- Size
  
  339KB
- MD5
  
  ec09aea6003f13cea6fd25ec33c7a229
- SHA1
  
  6f7ec5bb4685f336d30e5ab4d430ca65e6479421
- SHA256
  
  3c78120038010d538fcd9217c6c00a79ec3ac56ea38a63ee24339d5a63177f4c
- SHA512
  
  14f06b72c4b8f730038673477bcb2b2401cd4e8e33bd89075505f02552f9dcf9c29384df846efb98c142aa203dbebd56065cede4a1cd718f04837c0c5b486f7f
- SSDEEP
  
  6144:W/ejWyJivucGqXmTNHlhhtUbeDhcDSBQTPN5zZ:tjWy0vXG6mTNHlaGdBQBRZ
Score

3^/10
behavioral10 behavioral9
- Target
  
  $TEMP/NpkiCard.dll
- Size
  
  63KB
- MD5
  
  2945d489d11e42494c01cb6e7be49ba0
- SHA1
  
  fc9139977c5c4162d064ebdb9566b568ffa0396c
- SHA256
  
  87f93f87b3686b88110ac6dc5f256b2eb5a56779b54c5ccd7919563dbb9e918c
- SHA512
  
  68d6784acfef4f176b6d82cb3853037b28897fe1ead3deb5cedd06bfe3bd8d8984ec5a97c75473337c53b267d0561f62d3f0d076e188afe1cdcf196d46013291
- SSDEEP
  
  1536:B/m73c0QT/yENwNnjSzAllspgDGlVnnHd0:B/mTc0JENwheAlls5Fn90
Score

3^/10
behavioral11 behavioral12
- Target
  
  $TEMP/SCSKAPPLink.dll
- Size
  
  927KB
- MD5
  
  c4bdc6443f4f8e3d1bf5f553df48c9fc
- SHA1
  
  165abc3428c9ee33939eab2329a216b29c7650c5
- SHA256
  
  b9d845d37306f812538599597c969135f0b57c3c4eea7d395ef8c6dbf491c32a
- SHA512
  
  b9de94b2fb630800ad1f5aca1e8ead5d982afcb29054e3f33f602bdf7b6e2d88cfce248278f67a865a73c402073da579d51627aa46d529e90f2990f08f623bf8
- SSDEEP
  
  12288:KRlwaunIW7pi0KeUzSkuu4CuXs3Ox8dg5qP0Pqdg5qPgPqdg5qPAPqdgPbdw56PT:DnIMi0K/zws3C7XtNJKQO4XDd
Score

1^/10
behavioral13 behavioral14
- Target
  
  $TEMP/UBIKeyPlugIn.exe
- Size
  
  65KB
- MD5
  
  a4aceddcc388b5f27099e45eee5491be
- SHA1
  
  e417a140ba3b047a8ca81c10117ade245d0f1571
- SHA256
  
  9b798ac9ebf4d526082b55a83764217345dee83cc95c43ce0ac363b24e186646
- SHA512
  
  67649a58009979075c3a5fe19c4b5b60083d432b3849602fd35a868c8aac603c988e96095f01cceac1a140524b5ddd84327f62e32581afce627e6601d58daee3
- SSDEEP
  
  1536:fLv+zvAOsOn/7UJKarrMnnP3o94eh3hYE:QHnnwJKa0nP3o9HAE
Score

7^/10

discovery evasion persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral15 behavioral16
- Target
  
  $TEMP/UBIKeyService.exe
- Size
  
  925KB
- MD5
  
  4e459af1454c80755092c7456cb04259
- SHA1
  
  456f8a13dc1744c64d2b93da86b6141087c066bc
- SHA256
  
  53f89189bee930b2512978be079978bcea3bb6004c45d8ccb52d96b51eb22002
- SHA512
  
  9af836489bf21e3ef8b87e7a33cf7a54d0ccbf15d9bb385c04b1848522ec91bcc5358d85fb8284d922986d4101ee5503c74bc24a5adb5b3355ef1f9f74a5fa1a
- SSDEEP
  
  24576:Ap7iK+JjtEHPQe4XebaaTiU3VitVzWse4yQ:ANkEHoeHbaaTiY0VkI
Score

1^/10
behavioral17 behavioral18
- Target
  
  $TEMP/UbiKey.dll
- Size
  
  53KB
- MD5
  
  b89218255384b587056cb1e948c295d5
- SHA1
  
  0b13185c5152a221bc69cf27bccdc8cc9aeb1c7a
- SHA256
  
  03810ba96b08824141ef982dcdb76c42ef8bd7f91c852ff26120a0b82fba99cb
- SHA512
  
  48b181547448507c39465942ded6d18da9ff318fbc3abff042d18f70043a471050546b3e0b387b5d689e69baec5a027fb234c935d3068eeee867dc7d4a8b857f
- SSDEEP
  
  768:ILcTKhfunFddZJP+OrMnnPFi06LI5NgW3hqFW:LTKoF1JPlrMnnPw0wW3hq8
Score

3^/10
behavioral19 behavioral20
- Target
  
  $TEMP/UbiKeyUninstall.exe
- Size
  
  61KB
- MD5
  
  596a181659a0fd78bcab66aed7a74e0b
- SHA1
  
  5b0c2deb56375d2bbc10fb7bf4752709848b6099
- SHA256
  
  22ce189f4cb33647b04bc2eda9c3341eec01d77291fa42a9670b84228d0b12dd
- SHA512
  
  8253605b46a0b5e3a9e41924a7e150bd5aeb77a3e6e681e40770aa0bb1eebcfa114aeb0428372f68956a52cf95aa3225a984240260723a0188ddca97cda4640a
- SSDEEP
  
  1536:tU7JyXlRkZ9MCAAZrMnnPZ4PdcDnh3h1g:qQDkZmbAenPuPdcDdg
Score

1^/10
behavioral21 behavioral22
- Target
  
  $TEMP/UbiKeyWin32.dll
- Size
  
  57KB
- MD5
  
  27ac04ae932f911c29ec56c7e75b7b82
- SHA1
  
  342459632c0af7d7142475abb3f82b9269f11a1c
- SHA256
  
  743097d53417609448988f4498d05c780feee5d946b20d6ada023d1597864eb8
- SHA512
  
  1b233145129b05d2a3650409034825de951e7cfbf3d1f39fcd2debb1e49e916a3f6abbad7d01b424fbc54074e09c3276c48ca648aaac68244ba71ccc6e2dad57
- SSDEEP
  
  768:qT7Tpep8j6fWVJ/6L4rMnnPoEgMutIJnNgb3hAj:S7TgpvmJ/60rMnnPLgps+b3hAj
Score

1^/10
behavioral23 behavioral24
- Target
  
  $TEMP/UbikeyCrypto.dll
- Size
  
  179KB
- MD5
  
  08a32163969c7064660bcba94ead2b8b
- SHA1
  
  0c6c9d81b0612722d82e76adc3044bc905ef7db6
- SHA256
  
  dffaba416506c6691fb12a70423ef5f8b4395fdce3b522a143c9d801ecb6d327
- SHA512
  
  63d2b214078ca25c28dcf8004bf121a02d931e7c523243bf7b827f4b5d15ef0e9425abcbfe6ed78c8ca88e240f623521c4e0fc744099ecdb4cb05ba21dadcfb3
- SSDEEP
  
  3072:BcYJcuTLE6TROpLh4zZpYOKGesIbcA4pOkPUL5jZHnGkiBoPkm5nlGwpaCwpdz8Z:OYJcuTLE6YkzZ2bJZmkuoXl5pfS1PNU
Score

1^/10
behavioral25 behavioral26
- Target
  
  $TEMP/certadm.dll
- Size
  
  83KB
- MD5
  
  aed39116fe12c5550975043da1d1b244
- SHA1
  
  ed8aa12a00e93c1a477f4ef69864948b4014a7fb
- SHA256
  
  bbba87bf62e8bdc11602f2a95712e5fe3fb1edbbcdeb28cbdcf191aeab286b04
- SHA512
  
  0ab9ef25bba0e231a140a5153c9f9149ab194a324f374e655e43ef90715e0417987d7f31f2493e229ec8b704bead31f0fbff6ee811d42cb7af8c58361979d132
- SSDEEP
  
  1536:MeZq3MXXTjmZ5IplbHKp/reRgMxcRircjVgrS9Ll2shT:MeZNvmnswKGMCZSrggsh
Score

1^/10
behavioral27 behavioral28
- Target
  
  $TEMP/certcli.dll
- Size
  
  185KB
- MD5
  
  f509af061bbf4eb9c39f3cca88c00505
- SHA1
  
  a83487b2f41631576606e318ee792de695de72be
- SHA256
  
  87ca129af67985dd5ed22913fd02402a9f2a965c13fa83be60fbeb94cbc595cd
- SHA512
  
  9b6dee15751d40eb27b8e82bcf88ecee8658be9316a194c8b9492ccf6697f93ae1558adcaa25fe6d317963850bde805f2de6b67cb369adcb228a043741c85365
- SSDEEP
  
  3072:2R+zHLqyTs5P/3AqYiHsq4zF4TPhS9JgUjY/Kv0V25N8HJjZ6nssxs3+HNJ8:Z1s5X3ACHsLzFoPhSAUjR0UcH6p
Score

1^/10
behavioral29 behavioral30
- Target
  
  $TEMP/certutil.exe
- Size
  
  124KB
- MD5
  
  5d44040504c77ca0778c1bf66e1009fb
- SHA1
  
  fe4de0245c6ca96aade2f3d53fd274df2df2cb92
- SHA256
  
  8bd1dab14e133519eabafd6c1bc449b57d749071b4c45f040a734c82bdb0d503
- SHA512
  
  9a25cd8480502986d54ea44dee2bc1254de15a40cc5b6e367ea5baaa40e7df9df8d73a5186166c5a6fecd69115ea4a6d76e508651f9c220ed51b68d71d389c18
- SSDEEP
  
  3072:wLHYLWUjUOh73h/NvurB+mLBdQPUjRqv0hpSM:BWUjUO+XBdQPwAv0Xh
Score

1^/10
behavioral31 behavioral32