bef04e3b2b81f2dee39c42ab9be781f3db0059ec722aeee3b5434c2e63512a68

Target

npp.8.6.portable.x64.zip
Size

8.2MB
Sample

240128-sg3jhsdhgm
MD5

1430e019ef31cb88eb3347a88e97b39a
SHA1

0d63b6f69f2c0a866015c48ebb38cd7ce0f00730
SHA256

bef04e3b2b81f2dee39c42ab9be781f3db0059ec722aeee3b5434c2e63512a68
SHA512

8b5bbf714d441fa336fe0fb5f8f7b3a5836e20f0160c7dfddc3f0eac6da3ad9695ae8b9354853bfed70050a0288494a3dc3590d08ecec76280b84f013e092be2
SSDEEP

196608:6TaWKqkGTSOwUDhLDqIwOnburMbf/PHU7rxefMsax9WR0:6Tab9Ow2qlOpf3UZef2x9WR0

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  npp.8.6.portable.x64/configMenu.html
- Size
  
  2.6MB
- MD5
  
  8f28087d8d0e716368314c2f1a159280
- SHA1
  
  7e383ae0f632c02ef98168b6c1a33fd449d6c393
- SHA256
  
  0b3731c524e6ba716f15087d85eae7e6225b6b51d4ae2fa6c142ff1523f57046
- SHA512
  
  aa21ab18a12a69ff25b24b1c255b0bdc7961985150b07a7f3f4b0909e212295bd781548cd8ea817f3144dfad845aff93df40a513bdb637db7b89bb08fff01eab
- SSDEEP
  
  49152:C+sGc1TASKVbmYIBotpg0TunuNeeigv0XIMw4h2pk4PxKS5VinRfepLm7j5:WTAfVbwotpgruNeW0VHhL3S5VicLaj5
Score

3^/10
behavioral1 behavioral2 behavioral3 behavioral4
- Target
  
  npp.8.6.portable.x64/notepad.exe
- Size
  
  6.8MB
- MD5
  
  ae07a5be89978600f3094c66ac719eb2
- SHA1
  
  a281e662b6d1cca0d54cab01a0064b62e7f1f103
- SHA256
  
  746bbdd8c754b0ac18a226d2a1cc68792c948033932f5723981a2b5f5684d310
- SHA512
  
  d90f42fb42cf2f5f3ca8d25603666a5b73f11fcc3404597b1c023768cf21083abe0d2b19f3ae2499fba469474e818200ca9937b48ee5406f15bd6f9ea3996151
- SSDEEP
  
  49152:MuX8nT7KkzbaJ/I1ER5S/qlC1VQHqpyhdRoMSoAMMho/WVEK7yToMoK2w74CS5hg:5/ICR5wPy+elgIXoGJUR6eP4mTr/moG
Score

1^/10
behavioral5 behavioral6 behavioral7 behavioral8
- Target
  
  npp.8.6.portable.x64/plugins/Config/nppPluginList.dll
- Size
  
  202KB
- MD5
  
  e95608fe5d8a93ff8eb9a5df985dab14
- SHA1
  
  b640e7276bc071521b5975b4aeb82f7f962dfd3a
- SHA256
  
  c166b13fd40ac3168a0e4cd15fb5bec6ff0cc78956b86135d4ed9079de58cc2d
- SHA512
  
  fccb8d687c355b63d7073699705f4f7e9481defcd31269834b5c62717dfe9fd1ca148ecad756724c66eee78180612509214049d29f233f48d983042a70d2fdcf
- SSDEEP
  
  3072:guQtUEW4pggQikeV29r97Fo/rg4aSuhJFAKT13faj7pFKaXQH5FV0s5cB:ItUr4/Dkq2FHj1vkKFbi
Score

1^/10
behavioral10 behavioral11 behavioral12 behavioral9
- Target
  
  npp.8.6.portable.x64/plugins/NppConverter/NppConverter.dll
- Size
  
  199KB
- MD5
  
  eb17b9ad0edd5d2e3dd8ed768b7e715a
- SHA1
  
  e80afe0e9f7bbbaf280c76f620a9992b92fa4970
- SHA256
  
  ea870b9714c6f03c3da4ca179a7c8c25854080ac65e00363514b0ca0f66c26b0
- SHA512
  
  781fad8cd4d2191c50fd1058de7b291ed7a26986388ff7df4e5580f887b549e5e55a66f2d9bc9b515089f4a73174147d4d3e322edd96e9d0d23b37d9e3fcee43
- SSDEEP
  
  3072:fVub4QxSy09L3pCQRUKobM56CjX6cr1+5tq4GtBXdj6oSOE6qgv:9XE09MQRMbkNKZ4799E6L
Score

1^/10
behavioral13 behavioral14 behavioral15 behavioral16
- Target
  
  npp.8.6.portable.x64/plugins/NppExport/NppExport.dll
- Size
  
  153KB
- MD5
  
  f9b9e4b059a7cf3aeddaa4038539e9a1
- SHA1
  
  06dbc4dc4d2d0687f47fcebddbdddc0c47a19587
- SHA256
  
  f43204a9dd233db4d9042cb9fd36a6fe1f26f50cac88389a12af255886660a7c
- SHA512
  
  b279cb8b57220e325ed7a892ebee5715712801aed8422377e81e658cc20dfe69f06575eb6b350934997adf938f234d09c15023c340a1c97115c9e0d64bf9a88f
- SSDEEP
  
  3072:OHWvf4whXRxCtyAKfbn52zwjMdsI54tWfdHak6yS:IWYwtRxCYAKfb5uwodsIjd6k6
Score

1^/10
behavioral17 behavioral18 behavioral19 behavioral20
- Target
  
  npp.8.6.portable.x64/plugins/mimeTools/mimeTools.dll
- Size
  
  142KB
- MD5
  
  1fb0553f5dc7c7506660cb7d6f4d583b
- SHA1
  
  21d8b5d5609ec1a51e029a03fc3d658ea73cf3fb
- SHA256
  
  67283e154b86612e325030e5a5f7995a6fe552d20655283ea5de8b53ff405f69
- SHA512
  
  819d3364464b045802e609cb627316fb3eb8733ca3acf7872df93e0d6fd4539a0c55920a1a82d9d1f31372da5822526379a0251c5d44b9e86d312abfa6294a57
- SSDEEP
  
  3072:XoYQbio9mTgA0fmTSeHmF6ffBaJ0r65GaENNC71:XIup0fmTSyBffBKo
Score

1^/10
behavioral21 behavioral22 behavioral23 behavioral24
- Target
  
  npp.8.6.portable.x64/updater/GUP.exe
- Size
  
  818KB
- MD5
  
  e9be0bc06725c372140838245805dc66
- SHA1
  
  6eafbbefe6d2b5b6c8fc39dac54881b5f2e61735
- SHA256
  
  8038960c66ec29e9ee0f027491c8349a158025faee39d069219b5a3297134197
- SHA512
  
  14831f538f5afd80689db24f7536ef725b75ce235a1ccb7f6795440819461d038cede5beeebd28ffbf9618ae984a0f347a9ffe4c0c10da7b914022174a1688e2
- SSDEEP
  
  12288:KySK0M5qRxaBr5wFNbgpA0WUVzOR63AczZXBS3CNmBDIOh68ADKbp34zZZ6dNNoq:7qMo2aWqT2KbpIFZ6PNeTw
Score

6^/10

discovery persistence
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral25 behavioral26 behavioral27 behavioral28
- Target
  
  npp.8.6.portable.x64/updater/libcurl.dll
- Size
  
  728KB
- MD5
  
  9f879b6c494bfba4b865ef1dea1bb1f6
- SHA1
  
  40b1d446e0eb4c5e9f0d0265eea00f0550c402eb
- SHA256
  
  c355961db2470b60629919ccffa0d1b57eea19cfd9fd3209b1165a4eedaa9bf9
- SHA512
  
  d2bfe23b5ac56096488f9c5d7978a5908c3f0868fe965083e455f5c639acad47582b8ebdab9caa9f4abb75415558bf4121d32122c443ebf0ebe20940feb7e6a6
- SSDEEP
  
  12288:dvnFnd1uk7byyzwn5l2rsc2QwEBhdoqyTvl0cWmlqhKyMv:dVekCoa5l2P2B6hdQvl03msMy
Score

1^/10
behavioral29 behavioral30 behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32