3bd13a521b1e9d100e800b666705da132e584cccbd4f30c88e9cf0d93289b2fa

Sharing

Copy URL

Twitter E-mail

General

Target

Wireshark-4.2.2-x64.exe
Size

82.4MB
Sample

240201-sghjcaabek
MD5

8065ba4793da47e2263bb4ce27a0d363
SHA1

2b8f90a64b1dad7791de0b430f661788f8d082ce
SHA256

3bd13a521b1e9d100e800b666705da132e584cccbd4f30c88e9cf0d93289b2fa
SHA512

17ecef2c94e4f30b58068b398cc5401a18f1e5919eeeefae541fc6e4810752da568bb54a2fa583115d4cecea712d817f37d34e8d42a95f354965bdb322a74cf4
SSDEEP

1572864:h/Pn6aSZnQObir9UDSnpyzYpx9nHTrULfehHNrDYE2DqB9KZAmd6PTAceSbu2AFH:h/P6hn29UsbnHHULkHF2+BMd67QYfAaM

Score

9^/10

Malware Config

Targets

- Target
  
  Wireshark-4.2.2-x64.exe
- Size
  
  82.4MB
- MD5
  
  8065ba4793da47e2263bb4ce27a0d363
- SHA1
  
  2b8f90a64b1dad7791de0b430f661788f8d082ce
- SHA256
  
  3bd13a521b1e9d100e800b666705da132e584cccbd4f30c88e9cf0d93289b2fa
- SHA512
  
  17ecef2c94e4f30b58068b398cc5401a18f1e5919eeeefae541fc6e4810752da568bb54a2fa583115d4cecea712d817f37d34e8d42a95f354965bdb322a74cf4
- SSDEEP
  
  1572864:h/Pn6aSZnQObir9UDSnpyzYpx9nHTrULfehHNrDYE2DqB9KZAmd6PTAceSbu2AFH:h/P6hn29UsbnHHULkHF2+BMd67QYfAaM
Score

9^/10

discovery evasion persistence
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  1d8f01a83ddd259bc339902c1d33c8f1
- SHA1
  
  9f7806af462c94c39e2ec6cc9c7ad05c44eba04e
- SHA256
  
  4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed
- SHA512
  
  28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567
- SSDEEP
  
  96:o4Ev02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YsNqkzfFc:o4EvCu5e81785qHFcU0PuAw0uyGIFc
Score

3^/10
behavioral2
- Target
  
  dumpcap.exe
- Size
  
  512KB
- MD5
  
  3e12562d2cb867eb8b520715f4fa1b9b
- SHA1
  
  bc29c42218dd69c6ae9378e81d85a0ace33f37b4
- SHA256
  
  19baa53b774636745a99e324e759a62d69a3a1a9f6a7f99c58454bd28ac87979
- SHA512
  
  48d38917a99ca426acc0016ae16fc496f398971c1a2e383802c3d4a86423b793a3cd3a505faef62069632012b7da789b0ebb17ef7c8862083df181efdebae5e1
- SSDEEP
  
  6144:KUpm2Gu0t+DHmq4mu1Oac3U4rce7I+H2duSFP9/jgCwM:Jpm2FoKHPju1MU4Ye7I+yjFP9/UCX
Score

1^/10
behavioral3
- Target
  
  dumpcap.html
- Size
  
  28KB
- MD5
  
  2fcbf6617ae2edddb1dd75050032ca18
- SHA1
  
  106f709a531bfbb8d5698d7f88f13e56be2f3eaf
- SHA256
  
  a21d95616d7aa3e0e8e67b9e53f89423fa421dc89c46030f9d261404d4e9a328
- SHA512
  
  8896ad74dae5108d05438c0c7a92e332930beb0a62e4c620a461106d9a56ec5c5e47156bdc6f80fc090b1139b3a688b8bda333c89e78255a21a229af210cd371
- SSDEEP
  
  384:zcLyTOwDtmYQjDQB0pH/8jeiGrheI2ZMyQIjM+/tIejjSqUT+IN8NbnTB8YU:cySwlQjUQH/8jei4heIemvoesfGYU
Score

1^/10
behavioral4
- Target
  
  extcap.html
- Size
  
  8KB
- MD5
  
  f738cde79e96769d2b88f294550235e6
- SHA1
  
  bf45e4f7efdb779d874ce93c7f22044109186f0a
- SHA256
  
  6b01f9040e156292ccc5f1466618b24678f076473e0b7be65450711a266d637b
- SHA512
  
  b27fbe3f6659590ba05a43fadbdcf3a5022d1f47de36d5b628b219682487b0c03c43a681df00319f442a28e9ab861405886b4d662433005142ac7c5b9e04c7ef
- SSDEEP
  
  192:ZK1pwWZzPlmkFsOndHLk3AHDA2OkghZAp:Zqp5Zjlmmr5kc3p
Score

1^/10
behavioral5
- Target
  
  generic/qtuiotouchplugin.dll
- Size
  
  92KB
- MD5
  
  338e25889dbed08a8619f982d546f908
- SHA1
  
  f958f9867d4935e24ab93629fdbef7fb4e104423
- SHA256
  
  8b3416cf24ecced6101070d179bc9d648369ab74fa2c28257bc0494d42781db0
- SHA512
  
  a5417d4b60b05fb2f2b5161cb3ed3aa4ca885088ba8e28706337eefdf1620536da5632e3ac82da8d714e61d262506afb022333c8030167812f9f8f8c2fdb7763
- SSDEEP
  
  1536:XuIdQo4xs14ruc74oi0KhxwmSIvRkpVHxbAxDUgbktgUxO:6oQpru4Ohx3SIvRiHxKD9bktgJ
Score

1^/10
behavioral6
- Target
  
  glib-2.0-0.dll
- Size
  
  1.2MB
- MD5
  
  333ad8ab80ad821176fa4c700acdcf24
- SHA1
  
  b1c3e83140b152f3ec234f0b1640a3e543bdbdf8
- SHA256
  
  5e46a0cc5f0b1c5a381308d993ff759f76bd4aeb4020c07a4ace168d54e91f6b
- SHA512
  
  2e43797a942a887af4abf995122c89677667e2943db8b3021a8a8f8b251b6e826e90a9460c076184ad22225485df95e96e3bb34fecd26e79e3d695150b20052c
- SSDEEP
  
  24576:ZkBrw3/19gl2oWb0LmdJrASjICaxqLi8krsBViBdJIvA2+fp56MWtvCMHt7t:Zkrw3/19aXWbNdJrjICaxqLi8krsBViq
Score

1^/10
behavioral7
- Target
  
  gmodule-2.0-0.dll
- Size
  
  30KB
- MD5
  
  6dc6e973647a2758451ee1064c72f69f
- SHA1
  
  7204b722c822d28cf2cfc8c5a9f17f00bb153364
- SHA256
  
  0c55071f2e2d2090e95a3a5765822d4b8393aa94fe4f1131e9509005e0e9da34
- SHA512
  
  3b01d737cf1fc74b62b23a29e61c9fdf176cf62faf037a0d13b80f118182912788064835cf93bb0eb08b837e8e20804a29d97f7c84d5abaf7255b1d7ae72137e
- SSDEEP
  
  384:oyejOSqHahJOnbwZi4BYV1U4BZ7bpwKNsgxGwVAM+o/8E9VF0NyWRndSCl:otjFqHa7OR4iNL7IgxpAMxkEcdzl
Score

1^/10
behavioral8
- Target
  
  gthread-2.0-0.dll
- Size
  
  21KB
- MD5
  
  1988dc4037f423dc7bda58f9b64b0433
- SHA1
  
  9c6e4ad284bcf5c72781d89ee060f582c71da799
- SHA256
  
  43f252e8c3165b285e0a7d896d8f03ca06f61e131db1f512340a11a91a2798f8
- SHA512
  
  ff91d77ec657d3ac0878ae56d72bbddb61dfeb4599ce749c0077aa861867df77c6bf88c823c2bb83e842049c7ce56a713f7cba706cc950bf8df42269988531cf
- SSDEEP
  
  384:4uJb5G1ojrurpwKNsgxbiV5MBAM+o/8E9VF0NyEr:4upQKq4gxMaAMxkEe
Score

1^/10
behavioral9
- Target
  
  iconengines/qsvgicon.dll
- Size
  
  61KB
- MD5
  
  4e4d2f16f4d9a932a8268844d564fe88
- SHA1
  
  9b0ded11e4dde00fedd0650ffbd7c71ff30e8eeb
- SHA256
  
  6af40b8658696eebabdf07a284a5f6c167af0dafc429eb3507400427fa5b8a8a
- SHA512
  
  fd334cabe5cab8de31abe5835bab7f1a78879fe1004ce208046c4abb3b7712f5ae60548dafc519fe4584a02f9cb6e232243474ae0d29d9345f0aa25ceb1dc7a8
- SSDEEP
  
  1536:PcjQ9xCOoer+KpD3ajbyj6S+IqriFBWKMjP1tjoIbCXMhR5P9gKx3:/q4ajbe+Iq245jP1tjoRMhR5P9gw
Score

1^/10
behavioral10
- Target
  
  iconv-2.dll
- Size
  
  1.0MB
- MD5
  
  34819dc39be0f53228229982a8780dd8
- SHA1
  
  c4c0663760c95b63a0174df675ff768c08e1048a
- SHA256
  
  e26c88ebf5bf474f846a7e9f69f6d28d7ee2f0dfb55ad832a97f6958c585ff38
- SHA512
  
  b026c62e1bf6db4dbce53a53bc0451eedd5ac41adcafe06b53c27b853b8a6dccda677ee2d412eff236ed33baecf3213970c939aea0d8c4f207a5710e1b316a9c
- SSDEEP
  
  24576:IgHftbBAUZLYTfYlaQuwGavkg3NyXHbbTgscK6wVS:jtBAUZLYT2aQuwGaXwEsJns
Score

1^/10
behavioral11
- Target
  
  imageformats/qgif.dll
- Size
  
  46KB
- MD5
  
  0cd633fecd7ee258eb5e1366da30638d
- SHA1
  
  2687385dd91f6a694c624d6874a8362aac85d20e
- SHA256
  
  3022b6168a20cc1d85f73517ac8d5377cc5bee09711037a4d833e20ae954e278
- SHA512
  
  65cf15c93fe11a97507a35f075a94031a8aeea6121232b9cece59592bb2c384fde9583b094497d8c9794f9ab0a289e03211fb6d905428539259cc733a60f7628
- SSDEEP
  
  768:+b1BgMAbGKdSySwa0r3EDVQPi4bNqZiQzad2pWxCozDF9gxhAMxkE4H:61tAbSXInPh4zadkWx7vTg/xsH
Score

1^/10
behavioral12
- Target
  
  imageformats/qico.dll
- Size
  
  45KB
- MD5
  
  3d1bf2d3066ec80fcbfe04e1c624924f
- SHA1
  
  b4ee9cb5ba578bef9b727abe95cdcb3decd0d152
- SHA256
  
  05a5dc7efefcd1d058150c6eb1329f0cf5906f653d553c69066d4113d3738dab
- SHA512
  
  d714213bb0185a7ff779e8f9004b15621a82061ced343f2854004617ee2c57df6a1fa4cb5c0c76a5d58721b65372c3f75624ce6f30ed6628a03a3317759bea2d
- SSDEEP
  
  768:/Nh/rHNzM5yECWkF0EuXc19QAo3E3xv2gxOiAMxkES:FpS5fCVFBuXc19QAoU3xv2g0gxW
Score

1^/10
behavioral13
- Target
  
  imageformats/qjpeg.dll
- Size
  
  604KB
- MD5
  
  664a3598544c8e962d4b4851acbae1e1
- SHA1
  
  03a8062ade959f0dec13f95f5f39c4a6f82f9f27
- SHA256
  
  b551f73b75ec1084c2f476051d1b232e144d9e3d012364f2d00c8dbc52d6629c
- SHA512
  
  aacfb6d95f1f761d11f415e403baa51eff8286b3999d23846bdc9daa26525f8fc2184009aba008686523b803bd8cb62889f209e5db548c1d4153e56ae9b3729e
- SSDEEP
  
  6144:SkY20xwNvMjZM09UGzjdr9N2F6iXSh6eKUm5QSNu3a99XHBHR+29zHn8cCl4RVDG:SINvMtgXMKUvSC2eM8HvKe
Score

1^/10
behavioral14
- Target
  
  imageformats/qsvg.dll
- Size
  
  38KB
- MD5
  
  3ab6c37b99144a10f9dfa5c2d0e25a56
- SHA1
  
  9fcd46c6d65d141a40b758953f800d4b99068fef
- SHA256
  
  1963406d7bc98b8e42fc3c7a7b55fe0c7c3799aa4f1f1ae8e766f910edbe971f
- SHA512
  
  a7e0d49381da43c40dd85d343f9ef3d2031c1e656e1939bb5e41464954dcd373537158637e4ebc234ce36fa5d9862abdfa9a31cd90645c40846340afd9040b6b
- SSDEEP
  
  768:1Ez05YLHnGW21B3zSgTkyYwE7RjgxZJrAMxkE7g:HYLHnGW2tSgtYwEdjgxLxY
Score

1^/10
behavioral15
- Target
  
  intl-8.dll
- Size
  
  95KB
- MD5
  
  b9bf475f89d785d4ae345bc02c8f35be
- SHA1
  
  f1fdce38c250179d03a089664cb1778bb39f4d54
- SHA256
  
  28c541702b913dd684f45bb14913250fe887de870723f92589979e8c6df52b2c
- SHA512
  
  9cb79d0cb69ea38be0abeb2ce482ef3dbdaeee038dc81c9e39ffa3fe82795d539c5f8f7910eac5ea12a813e711764bcdeca06e290d6f190cee1ccdeab4e9ba60
- SSDEEP
  
  1536:4PMqq7gvpDhtteBo1we7kCcLYVM1KIwSqNUMhEMb4004k+f/QZcFQiPESvhxNy+1:6MeDsh8VMcIwSUEMb4004NfYZ6ESvhxb
Score

1^/10
behavioral16
- Target
  
  ipmap.html
- Size
  
  13KB
- MD5
  
  0b42ca55f66492db4643cb115e7621d6
- SHA1
  
  5c05d5d3917316f8fb8b2f469675b7c53725dc87
- SHA256
  
  dc731f8df1b2f9df4a49fade0ec096e575c709aca79a87df3ce10572dc5db784
- SHA512
  
  8b6604a407957cedbd9b83d780b3495433d16d2a0c51e17bd1b3d1c91f73d2e4d4c3749889d245a6b507ba51c97ecc4bc6650413fa1da0e1197a2cb03c695b12
- SSDEEP
  
  384:Dv3AEPgci3CPKZhkKgF6HSdqqwc01Uw2EpxvDgw:DmPZhjgF6nF0w
Score

1^/10
behavioral17
- Target
  
  k5sprt64.dll
- Size
  
  73KB
- MD5
  
  87f5208346815940048767267c3ff654
- SHA1
  
  5984f2eb53bd6a704b28c26100b467a5028848a2
- SHA256
  
  b61e011e957b28a7e5fad042c6c14af97ea9c1a0102cd92357a463c4416ba7c6
- SHA512
  
  2dabeb417d17ce0f288cffe4359f2c835aed30c51bda4bf27f72ec5e149a2a35dac33e1d5dbdf5e9bb222e23a2a70ab5063da1d4c5939916fb06c1897861f735
- SSDEEP
  
  1536:AZpvaQbYrTYDsKiKFn/CNBHBFb4B+J6zcgrrxw:qpGrTYQBBbjJ6zcgrK
Score

1^/10
behavioral18
- Target
  
  krb5_64.dll
- Size
  
  1.2MB
- MD5
  
  665469bab9f1a2ab4efe1820da9b1f25
- SHA1
  
  8a523095b7201e4742aea7b9306451f8a6499b1b
- SHA256
  
  8ee1a6c7245031922cc654d270e1caa538eba0660164e219ac626e96dacf0fa5
- SHA512
  
  477148ea28d633d2eaf603084b7943c18db9dee62e59cb608670c3894ea3b15a6671213e4cde8f13edbc6e98f7f869897ba09abfe6e2d47d11fc85d5c1a2f741
- SSDEEP
  
  12288:OqUC2f+2Z99Dc5MBj4nCJaQhlRxW1rhNESUqSoak3TtoPArLE31:lUtf+2D9vBcnCJaQhlorhN9UBo0YLy1
Score

1^/10
behavioral19
- Target
  
  libbcg729.dll
- Size
  
  100KB
- MD5
  
  e980b531c12495d86faa4b8c673555c0
- SHA1
  
  21159c76fbe268e6339977bf341d7a87f4b1b746
- SHA256
  
  3698fe53c76b480188ca338cfe9246b6cf7993e879ddafe5bf1396ca450b48a8
- SHA512
  
  4335f13556de50826c5a645b057f2c759cf593b3f3398d5c86b4cddbd0f8af1f960d166c5cfb55ab009408e91b1495b8085fb776a7a563224d67aa1dc9e77dad
- SSDEEP
  
  3072:jrhCjTYJWlSNE+WHNYfnnkpETJXkGbWVe5Ehnvvvvvvvvvvvvvvvvvvvvvvvvvvs:jdC/YsKEAXkGbcLZgT
Score

1^/10
behavioral20
- Target
  
  libffi-8.dll
- Size
  
  49KB
- MD5
  
  b755141d3143f56a33c7ec76fc6ce6fb
- SHA1
  
  bfb632e67515128758e13f2f357d22ab33c67c2d
- SHA256
  
  01a70181e31f0cf4e20a7a22a9d39ff8558d92d9771c2d48a3d02748d1812216
- SHA512
  
  e9a2435ae00f52878f9b71aab22e27b79da2e372083eace01fff1d439efed12b05b2472f5309d9e1cffadd32256c529d14b0e5cbdb1901a5627d3da4110cf9b2
- SSDEEP
  
  768:QvSDZP8bQ2iGxT13sljr8mMWgqtxniVlFn0EgxfAMxkE1:ISDF8bQDq1CxnCAEgVxB
Score

1^/10
behavioral21
- Target
  
  libgcrypt-20.dll
- Size
  
  1.3MB
- MD5
  
  580e4ab3fab120cf93f97337eab82f13
- SHA1
  
  4dc2603151da0a303f7dba9db86164a40ef84800
- SHA256
  
  39888aad7d5acc8502886f1858c51a66d7ad4665bf9b0edd7341098ee2323f59
- SHA512
  
  fee99c0021907cb91a3a38f07a5c3777b42ed5deede77c01f5260298ea21322bd59fa9188856ba80b13228f95ff262b164369d059dd27dea1a901997ece6f874
- SSDEEP
  
  24576:0Sr7GiADcjimMy1N0LgQS41PkXoD2ZKtPSdN85/Qnjz:0m7GAumMeN0LgkPkXoDpP5/Qnf
Score

1^/10
behavioral22
- Target
  
  libgmp-10.dll
- Size
  
  718KB
- MD5
  
  52958e449c0d7ceca72ee5fcb4407abd
- SHA1
  
  538bde902274512a08e92f339dcada162434a1ab
- SHA256
  
  85ef852d980c46f35b1067657d7e7ffc04082b5054aa7ca2a9a8657d723808f2
- SHA512
  
  2d3e24ab9c9e8605483c631b55f48d44a2c21fb461f2da0a53870306d50919159c5f61d74ea3fa03ef432962a9c751d8f117c4986be3add16fa0c0fcdcb954db
- SSDEEP
  
  12288:NYgTb0BRt+WDLEQzKEoTRH22VvC83tE7Oj5wJ++8hrZHG7Oph:qAwBfEQNoc2Bl3tE7OtwJ++8hrZHG7O3
Score

1^/10
behavioral23
- Target
  
  libgnutls-30.dll
- Size
  
  3.3MB
- MD5
  
  e1a85658aac982c8ee04a1943047930d
- SHA1
  
  8a4f06f8a48fa6d1bfd432f9d0d99fa55a13bb4b
- SHA256
  
  a3ac7c35d0c7ba4d43c27a158bdbbbe107a91623df5fb0594b7f6a755263ebc3
- SHA512
  
  952b05d566e7d3b8c4092474c6374d7049d8d5cb48573278422b8ba65cf08b6cd27b4e54eaa37e71cb5ff132bc569b0346238efc5b4736a8a0bc464a0e685dc2
- SSDEEP
  
  49152:a+4xjLQL5huzcgolWf4fA/qpPHGtlqFFPKfk4upAm2XAxONXSRo7sjZJatKmH:TumN1Ks4SOqogjZJatKmH
Score

1^/10
behavioral24
- Target
  
  libgnutls-openssl-27.dll
- Size
  
  323KB
- MD5
  
  a4774be15131610ce36a0dcd4b1dd668
- SHA1
  
  3592652e481f60e8507b4bdb80e247934a4cabf9
- SHA256
  
  cacc8394aee4504c4e79d49ec14efba48679756f189ee349e71fdaf9d57f3aac
- SHA512
  
  70170e9189a7f25546a2ea3c46ef0367f02fe0aeaa6609c85af5f430e7a02e408e233198b47969fb1085f2e7218ee88090862a08f1eaf451fb65b93db9aee792
- SSDEEP
  
  6144:ZbNgyF8etZc0TGxv+EV3o4Vux/Ptcd1DmMzWVgW:pNnueJmGs3olx/WdRmMzvW
Score

1^/10
behavioral25
- Target
  
  snmp/mibs/DISMAN-EVENT-MIB
- Size
  
  66KB
- MD5
  
  6c7bf2eb8aef70b616ed89424e908e6f
- SHA1
  
  a50ed173ee70103641a804b160a3f8da2d50e0e4
- SHA256
  
  095bf95ad1000b3e97f2eb605f980c58ef1c9881e8be01047ade616b09073365
- SHA512
  
  efc75599aca2a12473c2a948627cc51b48eb8e55c5595528b1fd4b19e02042f6c6a82ae5c3b8adfc881d268291b9991890d8cf1007e15ed935a019612573e6d4
- SSDEEP
  
  768:U+nF3As7M/xAoiZovDouCwcmTtojoBUuo4TUy:UEVA/nD3o4TUy
Score

1^/10
behavioral26
- Target
  
  snmp/mibs/DISMAN-EXPRESSION-MIB
- Size
  
  41KB
- MD5
  
  362689166c52ae7fcea208ab537dc442
- SHA1
  
  84f0489a6ce458e87c7477ce1ed56b74405a0d76
- SHA256
  
  4c379e2b6acec5f523aa70c1c7b5a8d6cc5688daff06d7385f34357bcc96d751
- SHA512
  
  1ff08451b45e0cd5943bae4fae5b6601fbc0cb346c0c6f11411096a5d511b5af317605cdd0baee9816af23f1ed7b5c4fbdc06c98c096ade4ba4b8405ab2297e2
- SSDEEP
  
  768:IUji4lYvGXAprQOgBZD9hH4GuPqeKReUZFWHpRK+FMba12j6Pr:IL4wGXAiOgBZDz5heKhZopRK+eba12j4
Score

1^/10
behavioral27
- Target
  
  snmp/mibs/FRAME-RELAY-DTE-MIB
- Size
  
  32KB
- MD5
  
  7aa196b72b4161c6ff37dfa752e089aa
- SHA1
  
  b0a1125d499c5070a4980e527adfce76da6dc169
- SHA256
  
  7df9f822131b2bce72072e62b47d99a69fd7f844be295e49882e7247012fb9e4
- SHA512
  
  c91799625e42eec9cf86814ce5901ce33b6ffc7e5c2f6671c81b4446484d4170f076706901fe9bef23d0dcd70c4261312f19a52d2c1f314b94ff7cb4d815b902
- SSDEEP
  
  384:T8zrqLq3HFK+JCgvZw1xttp/ZwfF9fiU9qjlluf:TEkIKOCAw1xbKvlcjKf
Score

1^/10
behavioral28
- Target
  
  styles/qwindowsvistastyle.dll
- Size
  
  138KB
- MD5
  
  b8e0e6bab4f1d3658cfa5e734c947190
- SHA1
  
  a00afe96a2b37f39fda1d555aeeb0fd2d0b67144
- SHA256
  
  54c99d1368d88286cf2b55e967626f62b8db1be6ed27c5d815f1262331734e7d
- SHA512
  
  bd09a0df9e0666d4f83b8404fad2aaedeaa546652a0b65e0419de5d5bae9404b5b70ea2a3e55ee7e0e46058be5b6547924ed608c8216fcce41eff38cfac81a52
- SSDEEP
  
  3072:VcKd1HYMSZAcTrvt4www2OmPBxshbge20NMyKsbyrUmVst7sVygQ6:VcKdGCcTJpXhf20NVKsOrUmVstBgF
Score

1^/10
behavioral29
- Target
  
  tls/qcertonlybackend.dll
- Size
  
  95KB
- MD5
  
  ec2d04eaf717e11109493c1835e5689a
- SHA1
  
  1718a59ab4224d9a20eebf84fe90227e61743694
- SHA256
  
  538e9a4d217b1dc41c668f50311d44162c8f905f204914f66ec18db1e09008ec
- SHA512
  
  a49d60b7b05093de100573d2b2ad07f57901208da714e230d456ad32e6c9604b00d31b4349fddd68b369b61d1514a2fcd8d0f0fd81f74796e0b1d9ba50233447
- SSDEEP
  
  1536:HlXjWRvE58Cy2DoYLaCu1V266s+MwWXFnvXx08rT9hI/TUjgMQTxQ:HtC25v6bKM5FnvSIhI/TUjgza
Score

1^/10
behavioral30
- Target
  
  tls/qopensslbackend.dll
- Size
  
  297KB
- MD5
  
  7e0bb62bf7f5cd1c907fba512a4a22cd
- SHA1
  
  bdc3f74fc7157a6292d314387e928c935161fe50
- SHA256
  
  e904c9dd788434accb7e196f79778bd16b3f2a9eafe1b4d40364502ba75a2390
- SHA512
  
  1b24727f86a71de822fa8ce67dd5e6ea6145e58b329fbf5ab38a2401bd14b08f3a32b608e622901acc9c65ebf4e3c0683105163bad765a180e51cfe39deef9b6
- SSDEEP
  
  3072:PuhWIJop9PbsCpoBfdWvtYt/DbxqMRMLqDZMVT8PX5bu5hJrze6N8UU28Ik+cDEm:QObsdcvk/fxqSgqOo5KZr66xT8Iu43gt
Score

1^/10
behavioral31
- Target
  
  tls/qschannelbackend.dll
- Size
  
  212KB
- MD5
  
  ab97d81a2dbbc573d83855141255aade
- SHA1
  
  4f10440b2ab783b1c9cf0e21b87412e8dadf840c
- SHA256
  
  ba076b00e7ad98ba82792bbe3f563f1138193db34df22e5d5f01c96f17780486
- SHA512
  
  51d3d5512de202664eb7e8762e6f4e7a6e374ead259f22a1ea9cc032f209e899b2256babe6fdfaedeac359f386b00c3200534b37a3a25bfd4cd8257bc12a5249
- SSDEEP
  
  3072:jzULkZWS3lsIY4TuAYS8npM3TnHSdSmtebGPc39rpri0hZ1NL8sZDJxfKTg0/:jYapIZM3TnHAmHrdNZDJxmg2
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks for common network interception software

Adds Run key to start application

Enumerates connected drives

Checks computer location settings

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32